Add create / destory roles for AFS tokens
In openstack-infra we use AFS for a lot of things, so create 2 roles to handle creating / destroying of the tokens. Change-Id: I3dee184d0b87023e7e0808372cfeda94f8337b4f Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This commit is contained in:
parent
b214e276ec
commit
1a36ffd08e
17
roles/create-afs-token/README.rst
Normal file
17
roles/create-afs-token/README.rst
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
Create kerberos / afs tokens
|
||||||
|
|
||||||
|
**Role Variables**
|
||||||
|
|
||||||
|
.. zuul:rolevar:: afs
|
||||||
|
|
||||||
|
Complex argument which contains the information about authentication
|
||||||
|
information. It is expected this argument comes from a `Secret`.
|
||||||
|
|
||||||
|
.. zuul:rolevar:: keytab
|
||||||
|
|
||||||
|
Base64 encoded contents of a keytab file. We'll base64 decode before writing
|
||||||
|
it to disk as a temporary file.
|
||||||
|
|
||||||
|
.. zuul:rolevar:: service_name
|
||||||
|
|
||||||
|
The service name to use for kinit command.
|
21
roles/create-afs-token/tasks/main.yaml
Normal file
21
roles/create-afs-token/tasks/main.yaml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
- name: Create AFS keytab tempfile
|
||||||
|
tempfile:
|
||||||
|
state: file
|
||||||
|
register: afs_keytab_tmp
|
||||||
|
|
||||||
|
- name: Create (base64 decode) AFS keytab from secret
|
||||||
|
copy:
|
||||||
|
content: "{{ afs.keytab | b64decode }}"
|
||||||
|
dest: "{{ afs_keytab_tmp.path }}"
|
||||||
|
mode: 0400
|
||||||
|
|
||||||
|
- name: Obtain ticket for Kerberos
|
||||||
|
command: "kinit -k -t {{ afs_keytab_tmp.path}} {{ afs.service_name }}"
|
||||||
|
|
||||||
|
- name: Delete AFS keytab tempfile
|
||||||
|
file:
|
||||||
|
path: "{{ afs_keytab_tmp.path }}"
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: Obtain authentication token for AFS
|
||||||
|
command: aklog
|
1
roles/destroy-afs-token/README.rst
Normal file
1
roles/destroy-afs-token/README.rst
Normal file
@ -0,0 +1 @@
|
|||||||
|
Destroy any active AFS / Kerberos tokens
|
5
roles/destroy-afs-token/tasks/main.yaml
Normal file
5
roles/destroy-afs-token/tasks/main.yaml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
- name: Destroy AFS tokens
|
||||||
|
command: unlog
|
||||||
|
|
||||||
|
- name: Destroy Kerberos tokens
|
||||||
|
command: kdestroy
|
Loading…
Reference in New Issue
Block a user