Thanks, I was just looking for this tonight. Awesome timing!
For encrypting your password, use Ansible Vault. Here's a quick example:
https://gist.github.com/tristanfisher/e5a306144a637dc739e7
I have a vars file called bind_creds.yml with bind_user and bind_password
defined.
On Wednesday, March 2, 2016 at 9:02:53 AM UTC-5, Gilberto Valentin wrote:
>
> Ok, I figured this out. This is how I did it:
>
> ---
> ## This playbook installs and configures AD authentication
>
> - name: Install and configure AD authentication
> hosts: linux
> remote_user: root
>
> tasks:
> - name: install ad_auth required tools
> yum: pkg={{ item }} state=installed
> with_items:
> - realmd
> - sssd
> - oddjob-mkhomedir
> - adcli
> - samba-common-tools
> - python-pip
>
> - name: install pexpect using pip
> shell: /bin/bash -c "pip install pexpect"
>
> - name: discover realm
> shell: /bin/bash -c "/usr/sbin/realm discover AD.DOMAIN.TLD"
>
> - name: join system to UNIX OU
> expect:
> command: /bin/bash -c "/usr/sbin/realm join AD.DOMAIN.TLD
> --computer-ou=OU=LINUX,DC=domain,DC=tld --user=admin_user"
> responses:
> Password for Administrator: "password123"
>
> - name: modify /etc/sssd/sssd.conf
> template:
> src=/home/user/git/system_configs/ansible/templates/sssd.j2
> dest=/etc/sssd/sssd.conf
> notify:
> - restart sssd
>
> handlers:
> - name: restart sssd
> service: name=sssd state=restarted
>
> Now I just have to figure out how to encrypt the password.
>
> On Monday, February 29, 2016 at 10:43:08 PM UTC-5, Gilberto Valentin wrote:
>>
>> I have a playbook that installs the appropriate packages for Active
>> Directory Authentication. When it gets to the "join" portion, Ansible just
>> sits there because the join process is asking the user for the password of
>> the account that has access to join the system to Active Directory. How can
>> I pass my password from vars_prompt? I have highlighted where I call the
>> variable but I know that is the wrong place since it's going to try to pass
>> it to my "realm join" command, which isn't supported. I only added it there
>> to show I want to call it after the "realm join" portion is called.
>>
>> Here is my playbook:
>>
>> ---
>> ## This playbook installs and configures AD authentication
>>
>> - name: Install and configure AD authentication
>> hosts: linux
>> remote_user: root
>>
>> vars_prompt:
>> - name: "ad_password"
>> prompt: "Enter AD Domain User Password"
>> private: yes
>>
>> tasks:
>> - name: install ad_auth required tools
>> yum: pkg={{ item }} state=installed
>> with_items:
>> - realmd
>> - sssd
>> - oddjob-mkhomedir
>> - adcli
>> - samba-common-tools
>>
>> - name: discover and join domain
>> shell: realm discover AD.DOMAIN.TLD && realm join AD.DOMAIN.TLD
>> --computer-ou=OU=LINUX,DC=DOMAIN,DC=TLD --user=user_name {{
>> ad_password }}
>>
>> - name: modify /etc/sssd/sssd.conf
>> template:
>> src=/home/user_name/git/system_configs/ansible/templates/sssd.j2
>> dest=/etc/sssd/sssd.conf
>> notify:
>> - restart sssd
>>
>> handlers:
>> - name: restart sssd
>> service: name=sssd state=restarted
>>
>> This is the error I get after running it:
>>
>> [user_name@server_name playbooks]$ ansible-playbook adAuth_asRoot.yaml
>> --user=root --ask-pass
>> SSH password:
>> Enter AD Domain User Password:
>>
>> PLAY [Install and configure AD authentication]
>> ********************************
>>
>> GATHERING FACTS
>> ***************************************************************
>> ok: [ansible]
>>
>> TASK: [install ad_auth required tools]
>> ****************************************
>> ok: [ansible] =>
>> (item=realmd,sssd,oddjob-mkhomedir,adcli,samba-common-tools)
>>
>> TASK: [discover and join domain]
>> **********************************************
>> failed: [ansible] => {"changed": true, "cmd": "realm discover
>> AD.DOMAIN.TLD && realm join AD.DOMAIN.TLD
>> --computer-ou=OU=LINUX,DC=DOMAIN,DC=TLD --user=user_name ad_password",
>> "delta": "0:00:00.053695", "end": "2016-02-29 20:39:40.764101", "rc": 2,
>> "start": "2016-02-29 20:39:40.710406", "warnings": []}
>> stderr: realm: Specify one realm to join
>> stdout: domain.tld
>> type: kerberos
>> realm-name: DOMAIN.TLD
>> domain-name: domain.tld
>> configured: no
>> server-software: active-directory
>> client-software: sssd
>> required-package: oddjob
>> required-package: oddjob-mkhomedir
>> required-package: sssd
>> required-package: adcli
>> required-package: samba-common
>>
>> FATAL: all hosts have already failed -- aborting
>>
>> PLAY RECAP
>> ********************************************************************
>> to retry, use: --limit
>> @/home/user_name/adAuth_asRoot.yaml.retry
>>
>> ansible : ok=2 changed=0 unreachable=0
>> failed=1
>>
>> Is there a better way to provide passwords when certain tasks call for it?
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/a50c2b84-65cc-4c55-967f-e48f5ca162c5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
