diff --git a/roles/create-afs-token/README.rst b/roles/create-afs-token/README.rst new file mode 100644 index 000000000..002bfcd2f --- /dev/null +++ b/roles/create-afs-token/README.rst @@ -0,0 +1,17 @@ +Create kerberos / afs tokens + +**Role Variables** + +.. zuul:rolevar:: afs + + Complex argument which contains the information about authentication + information. It is expected this argument comes from a `Secret`. + + .. zuul:rolevar:: keytab + + Base64 encoded contents of a keytab file. We'll base64 decode before writing + it to disk as a temporary file. + + .. zuul:rolevar:: service_name + + The service name to use for kinit command. diff --git a/roles/create-afs-token/tasks/main.yaml b/roles/create-afs-token/tasks/main.yaml new file mode 100644 index 000000000..3a66b94ff --- /dev/null +++ b/roles/create-afs-token/tasks/main.yaml @@ -0,0 +1,21 @@ +- name: Create AFS keytab tempfile + tempfile: + state: file + register: afs_keytab_tmp + +- name: Create (base64 decode) AFS keytab from secret + copy: + content: "{{ afs.keytab | b64decode }}" + dest: "{{ afs_keytab_tmp.path }}" + mode: 0400 + +- name: Obtain ticket for Kerberos + command: "kinit -k -t {{ afs_keytab_tmp.path}} {{ afs.service_name }}" + +- name: Delete AFS keytab tempfile + file: + path: "{{ afs_keytab_tmp.path }}" + state: absent + +- name: Obtain authentication token for AFS + command: aklog diff --git a/roles/destroy-afs-token/README.rst b/roles/destroy-afs-token/README.rst new file mode 100644 index 000000000..f48ac0d58 --- /dev/null +++ b/roles/destroy-afs-token/README.rst @@ -0,0 +1 @@ +Destroy any active AFS / Kerberos tokens diff --git a/roles/destroy-afs-token/tasks/main.yaml b/roles/destroy-afs-token/tasks/main.yaml new file mode 100644 index 000000000..11771b706 --- /dev/null +++ b/roles/destroy-afs-token/tasks/main.yaml @@ -0,0 +1,5 @@ +- name: Destroy AFS tokens + command: unlog + +- name: Destroy Kerberos tokens + command: kdestroy