I changed this a bit by removing the *vars_prompt *and using expect. Here
is what I did:
---
## This playbook installs and configures AD authentication
- name: Install and configure AD authentication
hosts: linux
remote_user: root
vars_prompt:
- name: "ad_password"
prompt: "Enter AD Domain User Password"
private: yes
tasks:
- name: install ad_auth required tools
yum: pkg={{ item }} state=installed
with_items:
- realmd
- sssd
- oddjob-mkhomedir
- adcli
- samba-common-tools
- pexpect
- expect:
command: /bin/bash -c "/usr/bin/realm realm discover ADS.DOMAIN.TLD
&& realm join ADS.DOMAIN.TLD --computer-ou=OU=LINUX,DC=domain,DC=tld
--user=admin_user"
responses:
Password for admin_user: "password123"
- name: modify /etc/sssd/sssd.conf
template: src=/home/user_name/git/system_configs/ansible/templates/sssd
.j2 dest=/etc/sssd/sssd.conf
notify:
- restart sssd
handlers:
- name: restart sssd
service: name=sssd state=restarted
However, I now get the following error:
[user_name@server_name playbooks]$ ansible-playbook adAuth_asRoot.yaml --
user=root --ask-pass
SSH password:
PLAY [Install and configure AD authentication]
*********************************
TASK [setup]
*******************************************************************
ok: [ansible]
TASK [install ad_auth required tools]
******************************************
changed: [ansible] => (item=[u'realmd', u'sssd', u'oddjob-mkhomedir', u
'adcli', u'samba-common-tools', u'pexpect'])
TASK [expect]
******************************************************************
fatal: [ansible]: FAILED! => {"changed": false, "failed": true,
"module_stderr": "", "module_stdout": "Traceback (most recent call
last):\r\n File
\"/root/.ansible/tmp/ansible-tmp-1456847930.05-180606353311954/expect\",
line 2136, in <module>\r\n main()\r\n File
\"/root/.ansible/tmp/ansible-tmp-1456847930.05-180606353311954/expect\",
line 154, in main\r\n out, rc = pexpect.runu(args, timeout=timeout,
withexitstatus=True,\r\nAttributeError: 'module' object has no attribute
'runu'\r\n", "msg": "MODULE FAILURE", "parsed": false}
NO MORE HOSTS LEFT
*************************************************************
to retry, use: --limit @adAuth_asRoot.retry
PLAY RECAP
*********************************************************************
ansible : ok=2 changed=1 unreachable=0 failed=1
On Monday, February 29, 2016 at 10:43:08 PM UTC-5, Gilberto Valentin wrote:
>
> I have a playbook that installs the appropriate packages for Active
> Directory Authentication. When it gets to the "join" portion, Ansible just
> sits there because the join process is asking the user for the password of
> the account that has access to join the system to Active Directory. How can
> I pass my password from vars_prompt? I have highlighted where I call the
> variable but I know that is the wrong place since it's going to try to pass
> it to my "realm join" command, which isn't supported. I only added it there
> to show I want to call it after the "realm join" portion is called.
>
> Here is my playbook:
>
> ---
> ## This playbook installs and configures AD authentication
>
> - name: Install and configure AD authentication
> hosts: linux
> remote_user: root
>
> vars_prompt:
> - name: "ad_password"
> prompt: "Enter AD Domain User Password"
> private: yes
>
> tasks:
> - name: install ad_auth required tools
> yum: pkg={{ item }} state=installed
> with_items:
> - realmd
> - sssd
> - oddjob-mkhomedir
> - adcli
> - samba-common-tools
>
> - name: discover and join domain
> shell: realm discover AD.DOMAIN.TLD && realm join AD.DOMAIN.TLD
> --computer-ou=OU=LINUX,DC=DOMAIN,DC=TLD --user=user_name {{
> ad_password }}
>
> - name: modify /etc/sssd/sssd.conf
> template:
> src=/home/user_name/git/system_configs/ansible/templates/sssd.j2
> dest=/etc/sssd/sssd.conf
> notify:
> - restart sssd
>
> handlers:
> - name: restart sssd
> service: name=sssd state=restarted
>
> This is the error I get after running it:
>
> [user_name@server_name playbooks]$ ansible-playbook adAuth_asRoot.yaml
> --user=root --ask-pass
> SSH password:
> Enter AD Domain User Password:
>
> PLAY [Install and configure AD authentication]
> ********************************
>
> GATHERING FACTS
> ***************************************************************
> ok: [ansible]
>
> TASK: [install ad_auth required tools]
> ****************************************
> ok: [ansible] =>
> (item=realmd,sssd,oddjob-mkhomedir,adcli,samba-common-tools)
>
> TASK: [discover and join domain]
> **********************************************
> failed: [ansible] => {"changed": true, "cmd": "realm discover
> AD.DOMAIN.TLD && realm join AD.DOMAIN.TLD
> --computer-ou=OU=LINUX,DC=DOMAIN,DC=TLD --user=user_name ad_password",
> "delta": "0:00:00.053695", "end": "2016-02-29 20:39:40.764101", "rc": 2,
> "start": "2016-02-29 20:39:40.710406", "warnings": []}
> stderr: realm: Specify one realm to join
> stdout: domain.tld
> type: kerberos
> realm-name: DOMAIN.TLD
> domain-name: domain.tld
> configured: no
> server-software: active-directory
> client-software: sssd
> required-package: oddjob
> required-package: oddjob-mkhomedir
> required-package: sssd
> required-package: adcli
> required-package: samba-common
>
> FATAL: all hosts have already failed -- aborting
>
> PLAY RECAP
> ********************************************************************
> to retry, use: --limit @/home/user_name/adAuth_asRoot.yaml.retry
>
> ansible : ok=2 changed=0 unreachable=0 failed=1
>
> Is there a better way to provide passwords when certain tasks call for it?
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/dde24bc6-58c0-4f9c-bd6a-0766d48a1a2a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
