48 lines
1.2 KiB
YAML
48 lines
1.2 KiB
YAML
# Setting up a fresh realm, as done in CI, is a five step process of:
|
|
#
|
|
# 1. setup common packages/config
|
|
# 2. setup primary; create db, setup kprop pushes, start services.
|
|
# 3. configure replica to accept db updates via kpropd
|
|
# 4. do a db replication
|
|
# 5. start replica daemons now they have a db copy
|
|
#
|
|
# In production this is largely a no-op just ensuring things are
|
|
# running.
|
|
|
|
- hosts: "kerberos-kdc:!disabled"
|
|
name: "Configure common KDC components"
|
|
roles:
|
|
- kerberos-client
|
|
- kerberos-kdc
|
|
|
|
- hosts: "kerberos-kdc-primary:!disabled"
|
|
name: "Configure Kerberos Primary"
|
|
tasks:
|
|
- name: Configure primary KDC
|
|
include_role:
|
|
name: kerberos-kdc
|
|
tasks_from: primary
|
|
|
|
- hosts: "kerberos-kdc-replica:!disabled"
|
|
name: "Configure Kerberos Replicas"
|
|
tasks:
|
|
- name: Configure replica KDC
|
|
include_role:
|
|
name: kerberos-kdc
|
|
tasks_from: replica
|
|
|
|
- hosts: "kerberos-kdc-primary:!disabled"
|
|
name: "Run replication"
|
|
tasks:
|
|
- name: Run a DB replication
|
|
shell: |
|
|
/usr/local/bin/run-kprop.sh
|
|
|
|
- hosts: "kerberos-kdc-replica:!disabled"
|
|
name: "Ensure krb5-kdc running"
|
|
tasks:
|
|
- name: Start krb5-kdc
|
|
systemd:
|
|
name: krb5-kdc
|
|
state: started
|