krb5.conf für PROD und DEVEL eingefügt..

Schulung und QS sind darin umfasst..
2021-05-10 15:42:52 +02:00 · 2021-05-10 15:42:52 +02:00 · b0565e6dd1
commit b0565e6dd1
parent f6c8dc0511
5 changed files with 131 additions and 9 deletions
--- a/fetch_files/spolsa5069stu02.spolizei-bw.edu/etc/krb5.conf
+++ b/fetch_files/spolsa5069stu02.spolizei-bw.edu/etc/krb5.conf
@ -0,0 +1,30 @@
+# Configuration snippets may be placed in this directory as well
+includedir /etc/krb5.conf.d/
+
+[logging]
+ default = FILE:/var/log/krb5libs.log
+ kdc = FILE:/var/log/krb5kdc.log
+ admin_server = FILE:/var/log/kadmind.log
+
+[libdefaults]
+ dns_lookup_realm = false
+ dns_lookup_kdc = false
+ kdc_timeout = 5sec
+ ticket_lifetime = 24h
+ renew_lifetime = 7d
+ forwardable = true
+ rdns = false
+ pkinit_anchors = /etc/pki/tls/certs/ca-bundle.crt
+ default_realm = POLIZEI-BW.NET
+ default_ccache_name = KEYRING:persistent:%{uid}
+
+[realms]
+ POLIZEI-BW.NET = {
+  kdc = polizei-bw.net
+  default_domain = POLIZEI-BW.NET
+  admin_server = polizei-bw.net
+ }
+
+[domain_realm]
+.polizei-bw.net = POLIZEI-BW.NET
+polizei-bw.net = POLIZEI-BW.NET
--- a/playbook.yml
+++ b/playbook.yml
@ -24,8 +24,8 @@
    ##- ams_0015_8.0.9.0_hotfix
    ##- ams_0016_14.1.2.0
    ##- ams_0016_14.1.2.0_AdminServer
-    - ams_0017_14.1.4.0
-    - ams_0017_14.1.4.0_AdminServer
+    #- ams_0017_14.1.4.0
+    #- ams_0017_14.1.4.0_AdminServer
    

  #handlers: 
@ -155,11 +155,11 @@
    ##- base_installation
    ##- git
    ##- ams_0008_8.0.8.0
-    ##- ams_sso  
+    - ams_sso  
    ##- ams_0008_8.0.8.0_AdminServer
    ##- ams_0013_8.0.9.0 
-    - ams_0017_14.1.4.0
-    - ams_0017_14.1.4.0_AdminServer
+    #- ams_0017_14.1.4.0
+    #- ams_0017_14.1.4.0_AdminServer


 
--- a/roles/ams_sso/files/krb5.conf_devel
+++ b/roles/ams_sso/files/krb5.conf_devel
@ -0,0 +1,35 @@
+# Configuration snippets may be placed in this directory as well
+includedir /etc/krb5.conf.d/
+
+[logging]
+ default = FILE:/var/log/krb5libs.log
+ kdc = FILE:/var/log/krb5kdc.log
+ admin_server = FILE:/var/log/kadmind.log
+
+[libdefaults]
+ dns_lookup_realm = true
+ dns_lookup_kdc = false
+ kdc_timeout = 5sec
+ ticket_lifetime = 24h
+ renew_lifetime = 7d
+ forwardable = true
+ rdns = false
+ pkinit_anchors = /etc/pki/tls/certs/ca-bundle.crt
+ default_realm = TPOLIZEI-BW.DE
+ default_ccache_name = KEYRING:persistent:%{uid}
+
+[realms]
+ TPOLIZEI-BW.DE = {
+#kdc = tpolizei-bw.de
+  kdc = 80.158.1.51:88
+  kdc = 80.158.1.52:88
+  kdc = 80.158.1.53:88
+  
+  default_domain = TPOLIZEI-BW.DE
+#  admin_server = tpolizei-bw.de
+admin_server = 80.158.1.51:88
+ }
+
+[domain_realm]
+.tpolizei-bw.de = TPOLIZEI-BW.DE
+tpolizei-bw.de = TPOLIZEI-BW.DE
--- a/roles/ams_sso/files/krb5.conf_prod
+++ b/roles/ams_sso/files/krb5.conf_prod
@ -0,0 +1,38 @@
+# Configuration snippets may be placed in this directory as well
+includedir /etc/krb5.conf.d/
+
+[logging]
+ default = FILE:/var/log/krb5libs.log
+ kdc = FILE:/var/log/krb5kdc.log
+ admin_server = FILE:/var/log/kadmind.log
+
+[libdefaults]
+ dns_lookup_realm = false
+ dns_lookup_kdc = false
+ kdc_timeout = 5sec
+ ticket_lifetime = 24h
+ renew_lifetime = 7d
+ forwardable = true
+ #rdns = false
+ pkinit_anchors = /etc/pki/tls/certs/ca-bundle.crt
+ default_realm = POLIZEI-BW.NET
+ default_ccache_name = KEYRING:persistent:%{uid}
+
+[realms]
+ POLIZEI-BW.NET = {
+ #kdc = polizei-bw.net
+kdc = 80.155.1.87:88
+kdc = 80.155.1.187:88
+kdc = 80.155.1.89:88
+kdc = 80.155.1.189:88
+kdc = 80.155.1.91:88
+kdc = 80.155.1.191:88
+kdc = 80.155.1.92:88
+kdc = 80.155.1.192:88
+  default_domain = POLIZEI-BW.NET
+  admin_server = 80.155.1.87:88
+}
+
+[domain_realm]
+.polizei-bw.net = POLIZEI-BW.NET
+polizei-bw.net = POLIZEI-BW.NET
--- a/roles/ams_sso/tasks/main.yml
+++ b/roles/ams_sso/tasks/main.yml
@ -49,15 +49,34 @@
      owner: root 
      group: root
      mode: '0644'   
-  - name: Template file krb5.conf with owner and permissions 
+     
+      
+  - name: copy File krb5.conf_devel /etc
    become_user: root
    become: yes
-    template:
-      src: ./templates/krb5.conf.j2
+    copy:
+      src: krb5.conf_devel
      dest: /etc/krb5.conf
      owner: root 
      group: root
-      mode: '0644'    
+      mode: '0644' 
+    when: ansible_fqdn == 'epolsa5069bit03.tpolizei-bw.de' or ansible_fqdn == 'epolsa5073bit03.tpolizei-bw.de'
+    
+  
+  - name: copy File krb5.conf_prod /etc
+    become_user: root
+    become: yes
+    copy:
+      src: krb5.conf_prod
+      dest: /etc/krb5.conf
+      owner: root 
+      group: root
+      mode: '0644' 
+    when: ansible_fqdn == 'polsa5079bit03.polizei-bw.net' or ansible_fqdn == 'polsa5079stu02.polizei-bw.net' or ansible_fqdn == 'polsa5069stu02.spolizei-bw.edu'
+    
+      
+      
+      
  #- name: Template file rsWebserviceAppserver.xml.j2 with owner and permissions 
    #template:
      #src: ./templates/rsWebserviceAppserver.xml.j2