I have a playbook that installs the appropriate packages for Active Directory Authentication. When it gets to the "join" portion, Ansible just sits there because the join process is asking the user for the password of the account that has access to join the system to Active Directory. How can I pass my password from vars_prompt? I have highlighted where I call the variable but I know that is the wrong place since it's going to try to pass it to my "realm join" command, which isn't supported. I only added it there to show I want to call it after the "realm join" portion is called.
Here is my playbook: --- ## This playbook installs and configures AD authentication - name: Install and configure AD authentication hosts: linux remote_user: root vars_prompt: - name: "ad_password" prompt: "Enter AD Domain User Password" private: yes tasks: - name: install ad_auth required tools yum: pkg={{ item }} state=installed with_items: - realmd - sssd - oddjob-mkhomedir - adcli - samba-common-tools - name: discover and join domain shell: realm discover AD.DOMAIN.TLD && realm join AD.DOMAIN.TLD --computer-ou=OU=LINUX,DC=DOMAIN,DC=TLD --user=user_name {{ ad_password }} - name: modify /etc/sssd/sssd.conf template: src=/home/user_name/git/system_configs/ansible/templates/sssd.j2 dest=/etc/sssd/sssd.conf notify: - restart sssd handlers: - name: restart sssd service: name=sssd state=restarted This is the error I get after running it: [user_name@server_name playbooks]$ ansible-playbook adAuth_asRoot.yaml --user=root --ask-pass SSH password: Enter AD Domain User Password: PLAY [Install and configure AD authentication] ******************************** GATHERING FACTS *************************************************************** ok: [ansible] TASK: [install ad_auth required tools] **************************************** ok: [ansible] => (item=realmd,sssd,oddjob-mkhomedir,adcli,samba-common-tools) TASK: [discover and join domain] ********************************************** failed: [ansible] => {"changed": true, "cmd": "realm discover AD.DOMAIN.TLD && realm join AD.DOMAIN.TLD --computer-ou=OU=LINUX,DC=DOMAIN,DC=TLD --user=user_name ad_password", "delta": "0:00:00.053695", "end": "2016-02-29 20:39:40.764101", "rc": 2, "start": "2016-02-29 20:39:40.710406", "warnings": []} stderr: realm: Specify one realm to join stdout: domain.tld type: kerberos realm-name: DOMAIN.TLD domain-name: domain.tld configured: no server-software: active-directory client-software: sssd required-package: oddjob required-package: oddjob-mkhomedir required-package: sssd required-package: adcli required-package: samba-common FATAL: all hosts have already failed -- aborting PLAY RECAP ******************************************************************** to retry, use: --limit @/home/user_name/adAuth_asRoot.yaml.retry ansible : ok=2 changed=0 unreachable=0 failed=1 Is there a better way to provide passwords when certain tasks call for it? -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/974724af-6cc1-4115-8d67-1b4fb0a891c9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.