当前位置: 首页 > article >正文

ansible 批量按用户名创建kerberos主体,并分发到远程主机

可以批量生产票据并分发目标主机

- name: Configure Kerberos for Hadoop Users
  hosts: hadoop_servers
  become: no
  gather_facts: no
  vars:
    kerberos_server: hadoop01.xuexi.com
    keytab_dir: /home/hadoop/hxy
    keytab_local_dir: ./keytabs
    principals:
      - hxy
      - stars

  tasks:

    - name: Ensure key directory exists
      ansible.builtin.file:
        path: "{
  
  { keytab_dir }}"
        state: directory
        mode: '0755'

    - name: Create Kerberos principals and generate keytab files
      block:
        - name: Create a Kerberos principal
          ansible.builtin.command: >
            kadmin.local -q "addprinc -randkey {
  
  { item }}/{
  
  { inventory_hostname }}@XUEXI.COM"
          register: addprinc_results
          delegate_to: "{
  
  { kerberos_server }}"
          ignore_errors: yes
          loop: "{
  
  { principals }}"

        - name: Set facts for successfully created principals
          set_fact:
            created_principals: "{
  
  { created_principals | default([]) + [item.item] }}"
          when: item.rc == 0
          loop: "{
  
  { addprinc_results.results }}"

        - name: Report failed principal creation attempts
          ansible.builtin.debug:
            msg: "Failed to create principal for {
  
  { item.item }}/{
  
  { inventory_hostname }}@XUEXI.ICOM: {
  
  { item.stderr }}"
          when: "'Principal already exists' not in item.stderr and item.rc != 0"
          loop: "{
  
  { addprinc_results.results }}"

        - name: Generate keytab file for each principal
          ansible.builtin.command: >
            kadmin.local -q "xst -k {
  
  { keytab_dir }}/{
  
  { item }}-{
  
  { inventory_hostname }}.keytab -norandkey {
  
  { item }}/{
  
  { inventory_hostname }}@XUEXI.COM"
          register: xst_results
          delegate_to: "{
  
  { kerberos_server }}"
          loop: "{
  
  { created_principals }}"

        - name: Fetch the keytab files to the control machine
          ansible.builtin.fetch:
            src: "{
  
  { keytab_dir }}/{
  
  { item }}-{
  
  { inventory_hostname }}.keytab"
            dest: "{
  
  { keytab_local_dir }}/{
  
  { item }}-{
  
  { inventory_hostname }}.keytab"
            flat: yes
          delegate_to: "{
  
  { kerberos_server }}"
          when: item is defined and (lookup('file', keytab_dir + '/' + item + '-' + inventory_hostname + '.keytab') is not none)
          loop: "{
  
  { created_principals }}"

    - name: Distribute keytab files to each target host
      ansible.builtin.copy:
        src: "{
  
  { keytab_local_dir }}/{
  
  { item }}-{
  
  { inventory_hostname }}.keytab"
        dest: "/data1/tmp/{
  
  { item }}-{
  
  { inventory_hostname }}.keytab"
      when: item is defined and (lookup('file', keytab_local_dir + '/' + item + '-' + inventory_hostname + '.keytab') is not none)
      loop: "{
  
  { created_principals }}"
      delegate_to: "{
  
  { inventory_hostname }}"

    - name: Clean up keytab files on Kerberos server
      ansible.builtin.file:
        path: "{
  
  { keytab_dir }}/{
  
  { item }}-{
  
  { inventory_hostname }}.keytab"
        state: absent
      when: item is defined
      delegate_to: "{
  
  { kerberos_server }}"
      loop: "{
  
  { created_principals }}"

    - name: Clean up local keytab files on control machine
      ansible.builtin.file:
        path: "{
  
  { keytab_local_dir }}/{
  
  { item }}-{
  
  { inventory_hostname }}.keytab"
        state: absent
      when: item is defined
      loop: "{
  
  { created_principals }}"
      run_once: yes


 


http://www.kler.cn/a/517036.html

相关文章:

  • 豆瓣Top250电影的数据采集与可视化分析(scrapy+mysql+matplotlib)
  • C# 解析视频流播放全解析
  • 【算法】经典博弈论问题——巴什博弈 python
  • 状态模式——C++实现
  • SQL UNION 和 UNION ALL 区别
  • 数据缺失补全方法综述
  • docker 部署 java 项目详解
  • GL C++显示相机YUV视频数据使用帧缓冲FBO后期处理,实现滤镜功能。
  • Python网络爬虫中的编码乱码如何解决
  • SpringBoot使用Kafka如何保证消息不丢失
  • Qt中的connect函数
  • mysql学习笔记-数据库的设计规范
  • 在Qt中实现点击一个界面上的按钮弹窗到另一个界面
  • Xcode各个历史版本下载地址
  • 一文速通stack和queue的理解与使用
  • 根据条件更改el-tree的字体颜色
  • 【物联网】ARM核常用指令(详解):数据传送、计算、位运算、比较、跳转、内存访问、CPSR/SPSR、流水线及伪指令
  • Linux探秘坊-------4.进度条小程序
  • 基于微信小程序的汽车保养系统设计与实现(LW+源码+讲解)
  • 关于单通道串口服务器的详细讲解
  • uniapp APP端页面触发调用webview(页面为uniapp开发的H5)里的方法
  • 速通Docker === Docker Compose
  • WebAssembly视频检测在社区创作平台的落地与实践 | 得物技术
  • 设计模式的艺术-职责链模式
  • 解决npm install总是卡在sill idealTree buildDeps不动问题
  • 【java】签名验签防篡改研究测试