Glad this post helped you. Also, thank you very much for the Ansible Vault info!!
On Saturday, March 12, 2016 at 1:33:34 PM UTC-5, Chris Helming wrote: > > Thanks, I was just looking for this tonight. Awesome timing! > > For encrypting your password, use Ansible Vault. Here's a quick example: > https://gist.github.com/tristanfisher/e5a306144a637dc739e7 > > I have a vars file called bind_creds.yml with bind_user and bind_password > defined. > > On Wednesday, March 2, 2016 at 9:02:53 AM UTC-5, Gilberto Valentin wrote: >> >> Ok, I figured this out. This is how I did it: >> >> --- >> ## This playbook installs and configures AD authentication >> >> - name: Install and configure AD authentication >> hosts: linux >> remote_user: root >> >> tasks: >> - name: install ad_auth required tools >> yum: pkg={{ item }} state=installed >> with_items: >> - realmd >> - sssd >> - oddjob-mkhomedir >> - adcli >> - samba-common-tools >> - python-pip >> >> - name: install pexpect using pip >> shell: /bin/bash -c "pip install pexpect" >> >> - name: discover realm >> shell: /bin/bash -c "/usr/sbin/realm discover AD.DOMAIN.TLD" >> >> - name: join system to UNIX OU >> expect: >> command: /bin/bash -c "/usr/sbin/realm join AD.DOMAIN.TLD >> --computer-ou=OU=LINUX,DC=domain,DC=tld --user=admin_user" >> responses: >> Password for Administrator: "password123" >> >> - name: modify /etc/sssd/sssd.conf >> template: >> src=/home/user/git/system_configs/ansible/templates/sssd.j2 >> dest=/etc/sssd/sssd.conf >> notify: >> - restart sssd >> >> handlers: >> - name: restart sssd >> service: name=sssd state=restarted >> >> Now I just have to figure out how to encrypt the password. >> >> On Monday, February 29, 2016 at 10:43:08 PM UTC-5, Gilberto Valentin >> wrote: >>> >>> I have a playbook that installs the appropriate packages for Active >>> Directory Authentication. When it gets to the "join" portion, Ansible just >>> sits there because the join process is asking the user for the password of >>> the account that has access to join the system to Active Directory. How can >>> I pass my password from vars_prompt? I have highlighted where I call the >>> variable but I know that is the wrong place since it's going to try to pass >>> it to my "realm join" command, which isn't supported. I only added it there >>> to show I want to call it after the "realm join" portion is called. >>> >>> Here is my playbook: >>> >>> --- >>> ## This playbook installs and configures AD authentication >>> >>> - name: Install and configure AD authentication >>> hosts: linux >>> remote_user: root >>> >>> vars_prompt: >>> - name: "ad_password" >>> prompt: "Enter AD Domain User Password" >>> private: yes >>> >>> tasks: >>> - name: install ad_auth required tools >>> yum: pkg={{ item }} state=installed >>> with_items: >>> - realmd >>> - sssd >>> - oddjob-mkhomedir >>> - adcli >>> - samba-common-tools >>> >>> - name: discover and join domain >>> shell: realm discover AD.DOMAIN.TLD && realm join AD.DOMAIN.TLD >>> --computer-ou=OU=LINUX,DC=DOMAIN,DC=TLD --user=user_name {{ >>> ad_password }} >>> >>> - name: modify /etc/sssd/sssd.conf >>> template: >>> src=/home/user_name/git/system_configs/ansible/templates/sssd.j2 >>> dest=/etc/sssd/sssd.conf >>> notify: >>> - restart sssd >>> >>> handlers: >>> - name: restart sssd >>> service: name=sssd state=restarted >>> >>> This is the error I get after running it: >>> >>> [user_name@server_name playbooks]$ ansible-playbook adAuth_asRoot.yaml >>> --user=root --ask-pass >>> SSH password: >>> Enter AD Domain User Password: >>> >>> PLAY [Install and configure AD authentication] >>> ******************************** >>> >>> GATHERING FACTS >>> *************************************************************** >>> ok: [ansible] >>> >>> TASK: [install ad_auth required tools] >>> **************************************** >>> ok: [ansible] => >>> (item=realmd,sssd,oddjob-mkhomedir,adcli,samba-common-tools) >>> >>> TASK: [discover and join domain] >>> ********************************************** >>> failed: [ansible] => {"changed": true, "cmd": "realm discover >>> AD.DOMAIN.TLD && realm join AD.DOMAIN.TLD >>> --computer-ou=OU=LINUX,DC=DOMAIN,DC=TLD --user=user_name ad_password", >>> "delta": "0:00:00.053695", "end": "2016-02-29 20:39:40.764101", "rc": 2, >>> "start": "2016-02-29 20:39:40.710406", "warnings": []} >>> stderr: realm: Specify one realm to join >>> stdout: domain.tld >>> type: kerberos >>> realm-name: DOMAIN.TLD >>> domain-name: domain.tld >>> configured: no >>> server-software: active-directory >>> client-software: sssd >>> required-package: oddjob >>> required-package: oddjob-mkhomedir >>> required-package: sssd >>> required-package: adcli >>> required-package: samba-common >>> >>> FATAL: all hosts have already failed -- aborting >>> >>> PLAY RECAP >>> ******************************************************************** >>> to retry, use: --limit >>> @/home/user_name/adAuth_asRoot.yaml.retry >>> >>> ansible : ok=2 changed=0 unreachable=0 >>> failed=1 >>> >>> Is there a better way to provide passwords when certain tasks call for >>> it? >>> >>> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/f0e94da1-40be-4124-bad3-ea3dfb3da187%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
