Hi,
I’m running a playbook that create a user on remote server and also, generate keytab file for that user based on domain properties.
I have a configuration file that holds the username , uid and some other information.
-
I wish that that keytab file will be par of the configuration and that the name of the file will be based on the provide username - username.keytab.
-
If I set a value of uid to start with - in my example is 2000 , can I run and index. First user 2000+1 (2001) , second user 2000+2 (2002) and etc
Configuration file
start_user_uid: 2000
users_keytab_location: /opt/keytab
domain: CLUSTER3.COM
user_details:
- {username: user3 , uid: 2001 , user_domain_password: 1234@WSX , keytab_name: {{ username }}.keytab }
- {username: user2 , uid: 2002 , user_domain_password: 1234 ,keytab_name: {{ username }}.keytab }
- {username: user3 , uid: 2003 , user_domain_password: 1234 ,keytab_name: {{ username }}.keytab }
Playbook
- name: create user
user:
name: "{{ item.username }}"
uid: "{{ item.uid }}"
with_items: "{{ user_details }}"
- name: Generate Kerberos ticket
expect:
command: ktutil
responses:
ktutil:
- "add_entry -password -p {{ item.username }}@{{ domain }} -k 1 -e rc4-hmac"
- "wkt /data/ansible/add-user/{{ item.keytab_name }}.keytab"
- "quit"
Password: "{{ item.user_domain_password }}"
delegate_to: localhost
with_items: "{{ user_details }}"