-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathpb_directory_services.yml
48 lines (41 loc) · 1.2 KB
/
pb_directory_services.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
---
### Shared steps to group hosts
- name: place directory service node into correct groups
hosts: directoryservices
tasks:
- name: group by the directory service
group_by: key={{ directory_service }}server
- name: group by the kerberos service
group_by: key={{ kerberos_service }}server
- name: place directory service clients into correct groups
hosts: all
tasks:
- name: group by the directory service
group_by: key={{ directory_service }}client
- name: group by the kerberos service
group_by: key={{ kerberos_service }}client
### MIT KRB + OPENLDAP
- name: create krb5 file
hosts: mitkdcclient:&{{ cluster_name }}
roles:
- etc_krb5
- name: install haveged (for AWS vms due to low entropy)
hosts: mitkdcserver:&{{ cluster_name }}
roles:
- haveged
- name: create the kdc
hosts: mitkdcserver:&{{ cluster_name }}
roles:
- kdcmaster
- name: create kerberos users
hosts: mitkdcserver:&{{ cluster_name }}
roles:
- create_kerberos_users
- name: create openldap server
hosts: openldapserver:&{{ cluster_name }}
roles:
- openldap_server
- name: configure sssd to read from ldap
hosts: openldapclient:&{{ cluster_name }}
roles:
- sssd