3 files changed, 37 insertions, 0 deletions

diff --git a/personal_infra/playbooks/patch_rpc_svcgssd_service.yaml b/personal_infra/playbooks/patch_rpc_svcgssd_service.yaml
new file mode 100644
index 00000000..957ecdd1
--- /dev/null
+++ b/personal_infra/playbooks/patch_rpc_svcgssd_service.yaml
@@ -0,0 +1,21 @@
+---
+- hosts: patch_rpc_svcgssd_service
+  collections: freeipa.ansible_freeipa
+  vars:
+    ansible_user: alex
+    ansible_become: True
+  tasks:
+  - name: del nfs service
+    command: ipa service-del nfs/h1.pdp7.net
+    ignore_errors: True
+  - name: create nfs service
+    command: ipa service-add nfs/{{ inventory_hostname }}
+  - name: clean keytab
+    command: ipa-rmkeytab -p nfs/{{ inventory_hostname }} -k /etc/krb5.keytab
+    ignore_errors: True
+  - name: get keytab
+    command: ipa-getkeytab -p nfs/{{ inventory_hostname }} -k /etc/krb5.keytab
+  - name: restart
+    service:
+      name: rpc-svcgssd.service
+      state: restarted
diff --git a/personal_infra/puppet/modules/proxmox/manifests/freeipa.pp b/personal_infra/puppet/modules/proxmox/manifests/freeipa.pp
index e91c56e3..f3464c78 100644
--- a/personal_infra/puppet/modules/proxmox/manifests/freeipa.pp
+++ b/personal_infra/puppet/modules/proxmox/manifests/freeipa.pp
@@ -4,4 +4,14 @@ class proxmox::freeipa {
   file {['/etc/subuid', '/etc/subgid']:
     content => epp('proxmox/freeipa_subxid', {'freeipa' => lookup('freeipa')}),
   }
+
+  # TODO
+  service {['sssd-ssh.socket', 'sssd-pam-priv.socket', 'sssd-nss.socket', 'sssd-sudo.socket', 'sssd-pam.socket']:
+    ensure => stopped,
+    enable => mask,
+  }
+  ~>
+  exec {'/usr/bin/systemctl reset-failed':
+    refreshonly => true,
+  }
 }
diff --git a/personal_infra/puppet/modules/proxmox/manifests/init.pp b/personal_infra/puppet/modules/proxmox/manifests/init.pp
index 53a6d24a..b3297eb4 100644
--- a/personal_infra/puppet/modules/proxmox/manifests/init.pp
+++ b/personal_infra/puppet/modules/proxmox/manifests/init.pp
@@ -21,6 +21,12 @@ class proxmox {
     enable => mask,
   }
 
+  file {'/etc/logrotate.d/pve':
+    ensure => absent,
+  }
+  ~>
+  service {'logrotate':}
+
   file {'/etc/apt/sources.list.d/pve-enterprise.list':
     ensure => absent,
   }