Add create / destory roles for AFS tokens

In openstack-infra we use AFS for a lot of things, so create 2 roles
to handle creating / destroying of the tokens.

Change-Id: I3dee184d0b87023e7e0808372cfeda94f8337b4f
Signed-off-by: Paul Belanger <pabelanger@redhat.com>

roles/create-afs-token/README.rst

@@ -0,0 +1,17 @@
+Create kerberos / afs tokens
+
+**Role Variables**
+
+.. zuul:rolevar:: afs
+
+  Complex argument which contains the information about authentication
+  information. It is expected this argument comes from a `Secret`.
+
+  .. zuul:rolevar:: keytab
+
+    Base64 encoded contents of a keytab file. We'll base64 decode before writing
+    it to disk as a temporary file.
+
+  .. zuul:rolevar:: service_name
+
+    The service name to use for kinit command.

roles/create-afs-token/tasks/main.yaml

@@ -0,0 +1,21 @@
+- name: Create AFS keytab tempfile
+  tempfile:
+    state: file
+  register: afs_keytab_tmp
+
+- name: Create (base64 decode) AFS keytab from secret
+  copy:
+    content: "{{ afs.keytab | b64decode }}"
+    dest: "{{ afs_keytab_tmp.path }}"
+    mode: 0400
+
+- name: Obtain ticket for Kerberos
+  command: "kinit -k -t {{ afs_keytab_tmp.path}} {{ afs.service_name }}"
+
+- name: Delete AFS keytab tempfile
+  file:
+    path: "{{ afs_keytab_tmp.path }}"
+    state: absent
+
+- name: Obtain authentication token for AFS
+  command: aklog

roles/destroy-afs-token/README.rst

@@ -0,0 +1 @@
+Destroy any active AFS / Kerberos tokens

roles/destroy-afs-token/tasks/main.yaml

@@ -0,0 +1,5 @@
+- name: Destroy AFS tokens
+  command: unlog
+
+- name: Destroy Kerberos tokens
+  command: kdestroy