From 973d1884d030b1c832a6b5b612fa8552d8765e98 Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Thu, 6 Jan 2022 23:19:10 +0000 Subject: [PATCH] Simplify and consolidate files Change-Id: Ic9fab5168f85c467426a489150c061f0baa3a7d5 --- .../tasks/pre-deployment-containerized.yaml | 60 ------------------- .../tls_everywhere/tasks/pre-deployment.yaml | 59 +++++++++++++++++- 2 files changed, 58 insertions(+), 61 deletions(-) delete mode 100644 roles/tls_everywhere/tasks/pre-deployment-containerized.yaml diff --git a/roles/tls_everywhere/tasks/pre-deployment-containerized.yaml b/roles/tls_everywhere/tasks/pre-deployment-containerized.yaml deleted file mode 100644 index 962f08f0b..000000000 --- a/roles/tls_everywhere/tasks/pre-deployment-containerized.yaml +++ /dev/null @@ -1,60 +0,0 @@ ---- -### verify that the keytab and principal are usable ### - -- name: Set the novajoin keytab path - set_fact: - novajoin_keytab_path: '/etc/novajoin/krb5.keytab' - -- name: Verify the novajoin keytab is usable (non-containerized) - become: true - block: - - name: Set fact for novajoin user principal - set_fact: - novajoin_principal: "nova/{{ host_entry }}" - - - name: Check for novajoin kerberos host keytab - stat: - path: "{{ novajoin_keytab_path }}" - register: non_containerized_novajoin_krb5_keytab_stat - - - name: Test if novajoin principal in novajoin keytab is usable - command: kinit -kt "{{ novajoin_keytab_path }}" -c /tmp/my_novajoin_krb5_ccache "{{ novajoin_principal }}" - become: true - register: non_containerized_novajoin_principal_usable_result - ignore_errors: true - when: non_containerized_novajoin_krb5_keytab_stat.stat.exists - - - name: Set facts for novajoin principal is usable skipped - set_fact: - principal_usable_status: "{{ helper_status_skipped }}" - principal_usable_reason: "skipped checking if the novajoin principal is usable for host {{ ansible_host }} because there is no keytab file" - principal_usable_recommendations: null - when: not non_containerized_novajoin_krb5_keytab_stat.stat.exists - - - name: Set facts for novajoin principal is usable success - set_fact: - principal_usable_status: "{{ helper_status_ok }}" - principal_usable_reason: "The principal {{ novajoin_principal }} is able to obtain a kerberos ticket" - principal_usable_recommendations: null - temp_krb_caches: "{{ novajoin_temp_krb_caches + [ '/tmp/my_novajoin_krb5_ccache' ] }}" - changed_when: true - when: - - non_containerized_novajoin_krb5_keytab_stat.stat.exists - - non_containerized_novajoin_principal_usable_result is succeeded - notify: # (hrybacki): novajoin server running on the undercloud -- it's okay to use this handler - - clean_up_temp_krb_caches - - - name: Set facts for principal is usable failure - set_fact: - principal_usable_status: "{{ helper_status_error }}" - principal_usable_reason: "Tho principal {{ novajoin_principal }} is unable to obtain a kerberos ticket" - principal_usable_recommendations: null - when: - - non_containerized_novajoin_krb5_keytab_stat.stat.exists - - non_containerized_novajoin_principal_usable_result is failed - - - name: Report on Kerberos principal in novajoin keytab is usable check - reportentry: - report_status: "{{ principal_usable_status }}" - report_reason: "{{ principal_usable_reason }}" - report_recommendations: "{{ principal_usable_recommendations }}" diff --git a/roles/tls_everywhere/tasks/pre-deployment.yaml b/roles/tls_everywhere/tasks/pre-deployment.yaml index 5c8f34da5..e8357492c 100644 --- a/roles/tls_everywhere/tasks/pre-deployment.yaml +++ b/roles/tls_everywhere/tasks/pre-deployment.yaml @@ -3,4 +3,61 @@ set_fact: novajoin_temp_krb_caches: [] -- include: pre-deployment-containerized.yaml +### verify that the keytab and principal are usable ### +- name: Set the novajoin keytab path + set_fact: + novajoin_keytab_path: '/etc/novajoin/krb5.keytab' + +- name: Verify the novajoin keytab is usable (non-containerized) + become: true + block: + - name: Set fact for novajoin user principal + set_fact: + novajoin_principal: "nova/{{ host_entry }}" + + - name: Check for novajoin kerberos host keytab + stat: + path: "{{ novajoin_keytab_path }}" + register: non_containerized_novajoin_krb5_keytab_stat + + - name: Test if novajoin principal in novajoin keytab is usable + command: kinit -kt "{{ novajoin_keytab_path }}" -c /tmp/my_novajoin_krb5_ccache "{{ novajoin_principal }}" + become: true + register: non_containerized_novajoin_principal_usable_result + ignore_errors: true + when: non_containerized_novajoin_krb5_keytab_stat.stat.exists + + - name: Set facts for novajoin principal is usable skipped + set_fact: + principal_usable_status: "{{ helper_status_skipped }}" + principal_usable_reason: "skipped checking if the novajoin principal is usable for host {{ ansible_host }} because there is no keytab file" + principal_usable_recommendations: null + when: not non_containerized_novajoin_krb5_keytab_stat.stat.exists + + - name: Set facts for novajoin principal is usable success + set_fact: + principal_usable_status: "{{ helper_status_ok }}" + principal_usable_reason: "The principal {{ novajoin_principal }} is able to obtain a kerberos ticket" + principal_usable_recommendations: null + temp_krb_caches: "{{ novajoin_temp_krb_caches + [ '/tmp/my_novajoin_krb5_ccache' ] }}" + changed_when: true + when: + - non_containerized_novajoin_krb5_keytab_stat.stat.exists + - non_containerized_novajoin_principal_usable_result is succeeded + notify: # (hrybacki): novajoin server running on the undercloud -- it's okay to use this handler + - clean_up_temp_krb_caches + + - name: Set facts for principal is usable failure + set_fact: + principal_usable_status: "{{ helper_status_error }}" + principal_usable_reason: "Tho principal {{ novajoin_principal }} is unable to obtain a kerberos ticket" + principal_usable_recommendations: null + when: + - non_containerized_novajoin_krb5_keytab_stat.stat.exists + - non_containerized_novajoin_principal_usable_result is failed + + - name: Report on Kerberos principal in novajoin keytab is usable check + reportentry: + report_status: "{{ principal_usable_status }}" + report_reason: "{{ principal_usable_reason }}" + report_recommendations: "{{ principal_usable_recommendations }}"