Simplify and consolidate files

Change-Id: Ic9fab5168f85c467426a489150c061f0baa3a7d5
This commit is contained in:
Ade Lee 2022-01-06 23:19:10 +00:00
parent 3717245f03
commit 973d1884d0
2 changed files with 58 additions and 61 deletions

View File

@ -1,60 +0,0 @@
---
### verify that the keytab and principal are usable ###
- name: Set the novajoin keytab path
set_fact:
novajoin_keytab_path: '/etc/novajoin/krb5.keytab'
- name: Verify the novajoin keytab is usable (non-containerized)
become: true
block:
- name: Set fact for novajoin user principal
set_fact:
novajoin_principal: "nova/{{ host_entry }}"
- name: Check for novajoin kerberos host keytab
stat:
path: "{{ novajoin_keytab_path }}"
register: non_containerized_novajoin_krb5_keytab_stat
- name: Test if novajoin principal in novajoin keytab is usable
command: kinit -kt "{{ novajoin_keytab_path }}" -c /tmp/my_novajoin_krb5_ccache "{{ novajoin_principal }}"
become: true
register: non_containerized_novajoin_principal_usable_result
ignore_errors: true
when: non_containerized_novajoin_krb5_keytab_stat.stat.exists
- name: Set facts for novajoin principal is usable skipped
set_fact:
principal_usable_status: "{{ helper_status_skipped }}"
principal_usable_reason: "skipped checking if the novajoin principal is usable for host {{ ansible_host }} because there is no keytab file"
principal_usable_recommendations: null
when: not non_containerized_novajoin_krb5_keytab_stat.stat.exists
- name: Set facts for novajoin principal is usable success
set_fact:
principal_usable_status: "{{ helper_status_ok }}"
principal_usable_reason: "The principal {{ novajoin_principal }} is able to obtain a kerberos ticket"
principal_usable_recommendations: null
temp_krb_caches: "{{ novajoin_temp_krb_caches + [ '/tmp/my_novajoin_krb5_ccache' ] }}"
changed_when: true
when:
- non_containerized_novajoin_krb5_keytab_stat.stat.exists
- non_containerized_novajoin_principal_usable_result is succeeded
notify: # (hrybacki): novajoin server running on the undercloud -- it's okay to use this handler
- clean_up_temp_krb_caches
- name: Set facts for principal is usable failure
set_fact:
principal_usable_status: "{{ helper_status_error }}"
principal_usable_reason: "Tho principal {{ novajoin_principal }} is unable to obtain a kerberos ticket"
principal_usable_recommendations: null
when:
- non_containerized_novajoin_krb5_keytab_stat.stat.exists
- non_containerized_novajoin_principal_usable_result is failed
- name: Report on Kerberos principal in novajoin keytab is usable check
reportentry:
report_status: "{{ principal_usable_status }}"
report_reason: "{{ principal_usable_reason }}"
report_recommendations: "{{ principal_usable_recommendations }}"

View File

@ -3,4 +3,61 @@
set_fact:
novajoin_temp_krb_caches: []
- include: pre-deployment-containerized.yaml
### verify that the keytab and principal are usable ###
- name: Set the novajoin keytab path
set_fact:
novajoin_keytab_path: '/etc/novajoin/krb5.keytab'
- name: Verify the novajoin keytab is usable (non-containerized)
become: true
block:
- name: Set fact for novajoin user principal
set_fact:
novajoin_principal: "nova/{{ host_entry }}"
- name: Check for novajoin kerberos host keytab
stat:
path: "{{ novajoin_keytab_path }}"
register: non_containerized_novajoin_krb5_keytab_stat
- name: Test if novajoin principal in novajoin keytab is usable
command: kinit -kt "{{ novajoin_keytab_path }}" -c /tmp/my_novajoin_krb5_ccache "{{ novajoin_principal }}"
become: true
register: non_containerized_novajoin_principal_usable_result
ignore_errors: true
when: non_containerized_novajoin_krb5_keytab_stat.stat.exists
- name: Set facts for novajoin principal is usable skipped
set_fact:
principal_usable_status: "{{ helper_status_skipped }}"
principal_usable_reason: "skipped checking if the novajoin principal is usable for host {{ ansible_host }} because there is no keytab file"
principal_usable_recommendations: null
when: not non_containerized_novajoin_krb5_keytab_stat.stat.exists
- name: Set facts for novajoin principal is usable success
set_fact:
principal_usable_status: "{{ helper_status_ok }}"
principal_usable_reason: "The principal {{ novajoin_principal }} is able to obtain a kerberos ticket"
principal_usable_recommendations: null
temp_krb_caches: "{{ novajoin_temp_krb_caches + [ '/tmp/my_novajoin_krb5_ccache' ] }}"
changed_when: true
when:
- non_containerized_novajoin_krb5_keytab_stat.stat.exists
- non_containerized_novajoin_principal_usable_result is succeeded
notify: # (hrybacki): novajoin server running on the undercloud -- it's okay to use this handler
- clean_up_temp_krb_caches
- name: Set facts for principal is usable failure
set_fact:
principal_usable_status: "{{ helper_status_error }}"
principal_usable_reason: "Tho principal {{ novajoin_principal }} is unable to obtain a kerberos ticket"
principal_usable_recommendations: null
when:
- non_containerized_novajoin_krb5_keytab_stat.stat.exists
- non_containerized_novajoin_principal_usable_result is failed
- name: Report on Kerberos principal in novajoin keytab is usable check
reportentry:
report_status: "{{ principal_usable_status }}"
report_reason: "{{ principal_usable_reason }}"
report_recommendations: "{{ principal_usable_recommendations }}"