3052ff4935
Add a script to save a db dump to borg backups. Add the primary KDC to our backup list. Change-Id: I32f4ebc1bb4c1952034aba43c75e4d2f85a1b6d3
Configure a Kerberos KDC server
All KDC servers (primary and replicas) should be in a common
kerberos-kdc group that defines
kerberos_kdc_realm and
kerberos_kdc_master_key.
The kerberos-kdc-primary group should have a single
primary KDC host. It will be configured to replicate its database to
hosts in the kerberos-kdc-replica group.
Hosts in the kerberos-kdc-replica group will be
configured to receive updates from the kerberos-kdc-primary
host.
The role should be run twice; once limited to the primary group and then a second time limited to the secondary group.
Role Variables
The realm for all KDC servers.
The master key written into the stash file for each KDC, which allows them to auth.