caba47dd3f
* Add support for GSSAPI/Kerberos to urls.py * Test out changes with the latest test container * Get remote hosts working * Fix up httptester_krb5_password reader * Fix tests for opensuse and macOS * Hopefully last lot of testing changes * Dont do CBT on macOS * Fixes from review
61 lines
1.9 KiB
YAML
61 lines
1.9 KiB
YAML
- set_fact:
|
|
krb5_config: '{{ remote_tmp_dir }}/krb5.conf'
|
|
krb5_realm: '{{ httpbin_host.split(".")[1:] | join(".") | upper }}'
|
|
krb5_provider: '{{ (ansible_facts.os_family == "FreeBSD" or ansible_facts.distribution == "MacOSX") | ternary("Heimdal", "MIT") }}'
|
|
|
|
- set_fact:
|
|
krb5_username: admin@{{ krb5_realm }}
|
|
|
|
- name: Create krb5.conf file
|
|
template:
|
|
src: krb5.conf.j2
|
|
dest: '{{ krb5_config }}'
|
|
|
|
- name: Include distribution specific variables
|
|
include_vars: '{{ lookup("first_found", params) }}'
|
|
vars:
|
|
params:
|
|
files:
|
|
- '{{ ansible_facts.distribution }}-{{ ansible_facts.distribution_major_version }}.yml'
|
|
- '{{ ansible_facts.os_family }}-{{ ansible_facts.distribution_major_version }}.yml'
|
|
- '{{ ansible_facts.distribution }}.yml'
|
|
- '{{ ansible_facts.os_family }}.yml'
|
|
- default.yml
|
|
paths:
|
|
- '{{ role_path }}/vars'
|
|
|
|
- name: Install Kerberos sytem packages
|
|
package:
|
|
name: '{{ krb5_packages }}'
|
|
state: present
|
|
when: ansible_facts.distribution not in ['Alpine', 'MacOSX']
|
|
|
|
# apk isn't available on ansible-base so just call command
|
|
- name: Alpine - Install Kerberos system packages
|
|
command: apk add {{ krb5_packages | join(' ') }}
|
|
when: ansible_facts.distribution == 'Alpine'
|
|
|
|
- name: Install python gssapi
|
|
pip:
|
|
name:
|
|
- gssapi
|
|
- importlib ; python_version < '2.7'
|
|
state: present
|
|
extra_args: '-c {{ remote_constraints }}'
|
|
environment:
|
|
# Need this custom path for OpenSUSE as krb5-config is placed there
|
|
PATH: '{{ ansible_facts.env.PATH }}:/usr/lib/mit/bin'
|
|
notify: Remove python gssapi
|
|
|
|
- name: test the environment to make sure Kerberos is working properly
|
|
httptester_kinit:
|
|
username: '{{ krb5_username }}'
|
|
password: '{{ krb5_password }}'
|
|
environment:
|
|
KRB5_CONFIG: '{{ krb5_config }}'
|
|
KRB5CCNAME: FILE:{{ remote_tmp_dir }}/krb5.cc
|
|
|
|
- name: remove test credential cache
|
|
file:
|
|
path: '{{ remote_tmp_dir }}/krb5.cc'
|
|
state: absent
|