Commit 83e0b4a4 authored by Hinrikus Wolf's avatar Hinrikus Wolf

refactor nfs-server

now we are using automatically the machine user for creating the
principles. It is untestet, because there is no host where we need a new
encrypted nfs :(
parent 097945f8
......@@ -65,25 +65,8 @@
- service-principal
- block:
- name: test if there is a nfs-user account
shell: samba-tool user list | grep nfs-user
register: nfsuser
failed_when: False
delegate_to: "{{ hostvars[groups['ad-server'][0]]['ansible_host'] }}"
tags:
- nfs-server
- service-principal
- name: ensure there is a nfs-user account
command: samba-tool user create nfs-user --random-password
when: nfsuser.rc == 1
delegate_to: "{{ hostvars[groups['ad-server'][0]]['ansible_host'] }}"
tags:
- nfs-server
- service-principal
- name: create service principal
command: samba-tool spn add "nfs/{{ ansible_fqdn }}" nfs-user
command: samba-tool spn add "nfs/{{ ansible_fqdn }}" "{{ ansible_hostname | upper }}$"
delegate_to: "{{ hostvars[groups['ad-server'][0]]['ansible_host'] }}"
tags:
- nfs-server
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment