Ok, I figured this out. This is how I did it:
---
## This playbook installs and configures AD authentication
- name: Install and configure AD authentication
hosts: linux
remote_user: root
tasks:
- name: install ad_auth required tools
yum: pkg={{ item }} state=installed
with_items:
- realmd
- sssd
- oddjob-mkhomedir
- adcli
- samba-common-tools
- python-pip
- name: install pexpect using pip
shell: /bin/bash -c "pip install pexpect"
- name: discover realm
shell: /bin/bash -c "/usr/sbin/realm discover AD.DOMAIN.TLD"
- name: join system to UNIX OU
expect:
command: /bin/bash -c "/usr/sbin/realm join AD.DOMAIN.TLD
--computer-ou=OU=LINUX,DC=domain,DC=tld --user=admin_user"
responses:
Password for Administrator: "password123"
- name: modify /etc/sssd/sssd.conf
template: src=/home/user/git/system_configs/ansible/templates/sssd.j2
dest=/etc/sssd/sssd.conf
notify:
- restart sssd
handlers:
- name: restart sssd
service: name=sssd state=restarted
Now I just have to figure out how to encrypt the password.
On Monday, February 29, 2016 at 10:43:08 PM UTC-5, Gilberto Valentin wrote:
>
> I have a playbook that installs the appropriate packages for Active
> Directory Authentication. When it gets to the "join" portion, Ansible just
> sits there because the join process is asking the user for the password of
> the account that has access to join the system to Active Directory. How can
> I pass my password from vars_prompt? I have highlighted where I call the
> variable but I know that is the wrong place since it's going to try to pass
> it to my "realm join" command, which isn't supported. I only added it there
> to show I want to call it after the "realm join" portion is called.
>
> Here is my playbook:
>
> ---
> ## This playbook installs and configures AD authentication
>
> - name: Install and configure AD authentication
> hosts: linux
> remote_user: root
>
> vars_prompt:
> - name: "ad_password"
> prompt: "Enter AD Domain User Password"
> private: yes
>
> tasks:
> - name: install ad_auth required tools
> yum: pkg={{ item }} state=installed
> with_items:
> - realmd
> - sssd
> - oddjob-mkhomedir
> - adcli
> - samba-common-tools
>
> - name: discover and join domain
> shell: realm discover AD.DOMAIN.TLD && realm join AD.DOMAIN.TLD
> --computer-ou=OU=LINUX,DC=DOMAIN,DC=TLD --user=user_name {{
> ad_password }}
>
> - name: modify /etc/sssd/sssd.conf
> template:
> src=/home/user_name/git/system_configs/ansible/templates/sssd.j2
> dest=/etc/sssd/sssd.conf
> notify:
> - restart sssd
>
> handlers:
> - name: restart sssd
> service: name=sssd state=restarted
>
> This is the error I get after running it:
>
> [user_name@server_name playbooks]$ ansible-playbook adAuth_asRoot.yaml
> --user=root --ask-pass
> SSH password:
> Enter AD Domain User Password:
>
> PLAY [Install and configure AD authentication]
> ********************************
>
> GATHERING FACTS
> ***************************************************************
> ok: [ansible]
>
> TASK: [install ad_auth required tools]
> ****************************************
> ok: [ansible] =>
> (item=realmd,sssd,oddjob-mkhomedir,adcli,samba-common-tools)
>
> TASK: [discover and join domain]
> **********************************************
> failed: [ansible] => {"changed": true, "cmd": "realm discover
> AD.DOMAIN.TLD && realm join AD.DOMAIN.TLD
> --computer-ou=OU=LINUX,DC=DOMAIN,DC=TLD --user=user_name ad_password",
> "delta": "0:00:00.053695", "end": "2016-02-29 20:39:40.764101", "rc": 2,
> "start": "2016-02-29 20:39:40.710406", "warnings": []}
> stderr: realm: Specify one realm to join
> stdout: domain.tld
> type: kerberos
> realm-name: DOMAIN.TLD
> domain-name: domain.tld
> configured: no
> server-software: active-directory
> client-software: sssd
> required-package: oddjob
> required-package: oddjob-mkhomedir
> required-package: sssd
> required-package: adcli
> required-package: samba-common
>
> FATAL: all hosts have already failed -- aborting
>
> PLAY RECAP
> ********************************************************************
> to retry, use: --limit @/home/user_name/adAuth_asRoot.yaml.retry
>
> ansible : ok=2 changed=0 unreachable=0 failed=1
>
> Is there a better way to provide passwords when certain tasks call for it?
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/7d2a2825-1cfe-44a5-be73-97db68d63a2b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
