add extra check for missing keytab file (to avoid failing klist | grep)

lhoss · lhoss · commit 3757e0954558 · 2019-06-25T12:23:49.000+02:00
diff --git a/tasks/add_princ_and_kt.yml b/tasks/add_princ_and_kt.yml
@@ -2,10 +2,11 @@
 ## Include tasks to idempotently create a host principal and its keytab
 ## Include parameters:
 ## - "_principal": the principal without the realm
+## - "_keytab": the keytab file
 
 - name: Create kdc principal {{ _principal }}
   command: |
-    {{ kerberos_server_kadmin_cmd }}  -q "addprinc -randkey  host/{{ _principal }}@{{ kerberos_server_realm_name|upper() }}"
+    {{ kerberos_server_kadmin_cmd }} -q "addprinc -randkey {{ _principal }}@{{ kerberos_server_realm_name|upper() }}"
   register: addprinc_result
   changed_when: addprinc_result.stderr and not (addprinc_result.stderr is search("Principal or policy already exists while creating") )
 
@@ -17,14 +18,25 @@
     or not (addprinc_result.stdout is search("Principal .* created")
     or addprinc_result.stderr is search("Principal or policy already exists while creating"))
 
-- name: Check if keytab exists
+- name: Check if keytab file exists
+  stat:
+    path: "{{ _keytab }}"
+  register: keytab
+
+- name: Check if principal exists in the keytab
   shell: |
-    set -o pipefail
-    klist -kte | grep -E "{{ _principal }}"
+    set -o pipefail;
+    klist -kte {{ _keytab }} | grep -E "{{ _principal }}"
+  args:
+    executable: /bin/bash
   register: klist_kte_result
   changed_when: false
+  failed_when: klist_kte_result.rc not in [0,1]
+  when: keytab.stat.exists
 
 - name: Create keytab with the kdcs
   command: |
-    {{ kerberos_server_kadmin_cmd }} -q "ktadd -k /etc/krb5.keytab {{ _principal }}@{{ kerberos_server_realm_name|upper() }}"
-  when: klist_kte_result.rc != 0
+    {{ kerberos_server_kadmin_cmd }} -q "ktadd -k {{ _keytab }} {{ _principal }}@{{ kerberos_server_realm_name|upper() }}"
+  when: >
+    not keytab.stat.exists
+    or klist_kte_result.rc != 0
diff --git a/tasks/kprop_replication.yml b/tasks/kprop_replication.yml
@@ -3,6 +3,7 @@
   include_tasks: add_princ_and_kt.yml
   vars:
     _principal: "host/{{ item }}"
+    _keytab: "/etc/krb5.keytab"
   loop: "{{ kerberos_server_kdcs }}"
   when: is_master_host
 
