I'm not sure there's a one-size fits all solution to this. Personally I use a callback plugin to call kinit and acquire the necessary kerberos ticket whenever I start running a playbook. This works for me as I want my ansible controller to be able to work with > 1 domain. Its not ideal as it will only work for ansible-playbook and not ansible commands. I've read that others use a local action to call kinit as their first task and I believe others are happy to have an ansible controller per domain and have kinit set up the kerberos ticket when you log in.
Jon On Monday, March 30, 2015 at 11:33:32 PM UTC+1, Peter Loron wrote: > > Well, apparently there's *some* kind of python glue installed. I did kinit > to acquire a ticket for the appropriate user, and I was able to get it to > work. > > There still needs to be a switch. I don't want to muck about with kinit > every time I want to run playbooks. > > On Monday, March 30, 2015 at 2:26:23 PM UTC-7, Peter Loron wrote: >> >> As far as I know, I do not have pykerberos installed. If I start the >> default python and do "import kerberos", it fails. >> >> Regardless, there should be an option to force the connection type. >> >> On Sunday, March 29, 2015 at 2:56:26 PM UTC-7, J Hawkesworth wrote: >>> >>> If I recall, if you have pykerberos installed, winrm will attempt >>> kerberos connection. >>> >>> I guess your options are to remove pykerberos or use knit to acquire a >>> kerberos ticket and connect as a domain user. >>> >>> Hope that helps. >>> >>> Jon >> >> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/cd6a5785-650d-46f5-a0cf-40706787025a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
