I have a playbook that installs the appropriate packages for Active
Directory Authentication. When it gets to the "join" portion, Ansible just
sits there because the join process is asking the user for the password of
the account that has access to join the system to Active Directory. How can
I pass my password from vars_prompt? I have highlighted where I call the
variable but I know that is the wrong place since it's going to try to pass
it to my "realm join" command, which isn't supported. I only added it there
to show I want to call it after the "realm join" portion is called.
Here is my playbook:
---
## This playbook installs and configures AD authentication
- name: Install and configure AD authentication
hosts: linux
remote_user: root
vars_prompt:
- name: "ad_password"
prompt: "Enter AD Domain User Password"
private: yes
tasks:
- name: install ad_auth required tools
yum: pkg={{ item }} state=installed
with_items:
- realmd
- sssd
- oddjob-mkhomedir
- adcli
- samba-common-tools
- name: discover and join domain
shell: realm discover AD.DOMAIN.TLD && realm join AD.DOMAIN.TLD
--computer-ou=OU=LINUX,DC=DOMAIN,DC=TLD --user=user_name {{
ad_password }}
- name: modify /etc/sssd/sssd.conf
template:
src=/home/user_name/git/system_configs/ansible/templates/sssd.j2
dest=/etc/sssd/sssd.conf
notify:
- restart sssd
handlers:
- name: restart sssd
service: name=sssd state=restarted
This is the error I get after running it:
[user_name@server_name playbooks]$ ansible-playbook adAuth_asRoot.yaml
--user=root --ask-pass
SSH password:
Enter AD Domain User Password:
PLAY [Install and configure AD authentication]
********************************
GATHERING FACTS
***************************************************************
ok: [ansible]
TASK: [install ad_auth required tools]
****************************************
ok: [ansible] =>
(item=realmd,sssd,oddjob-mkhomedir,adcli,samba-common-tools)
TASK: [discover and join domain]
**********************************************
failed: [ansible] => {"changed": true, "cmd": "realm discover AD.DOMAIN.TLD
&& realm join AD.DOMAIN.TLD --computer-ou=OU=LINUX,DC=DOMAIN,DC=TLD
--user=user_name ad_password", "delta": "0:00:00.053695", "end":
"2016-02-29 20:39:40.764101", "rc": 2, "start": "2016-02-29
20:39:40.710406", "warnings": []}
stderr: realm: Specify one realm to join
stdout: domain.tld
type: kerberos
realm-name: DOMAIN.TLD
domain-name: domain.tld
configured: no
server-software: active-directory
client-software: sssd
required-package: oddjob
required-package: oddjob-mkhomedir
required-package: sssd
required-package: adcli
required-package: samba-common
FATAL: all hosts have already failed -- aborting
PLAY RECAP
********************************************************************
to retry, use: --limit @/home/user_name/adAuth_asRoot.yaml.retry
ansible : ok=2 changed=0 unreachable=0 failed=1
Is there a better way to provide passwords when certain tasks call for it?
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/974724af-6cc1-4115-8d67-1b4fb0a891c9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
