Hi guys,
Do you do anything for "pre flight checks"? Or is this a one-off playbook
your run on newly provisioned servers?
Wouldn't mind something that goes "am I joined? notify: join ad"
Cheers
Jacob
On Saturday, 6 August 2016 03:11:29 UTC+10, Cyriel R wrote:
>
> Ohh thank you for this tips ;)
>
> Le lundi 29 février 2016 22:43:08 UTC-5, Gilberto Valentin a écrit :
>>
>> I have a playbook that installs the appropriate packages for Active
>> Directory Authentication. When it gets to the "join" portion, Ansible just
>> sits there because the join process is asking the user for the password of
>> the account that has access to join the system to Active Directory. How can
>> I pass my password from vars_prompt? I have highlighted where I call the
>> variable but I know that is the wrong place since it's going to try to pass
>> it to my "realm join" command, which isn't supported. I only added it there
>> to show I want to call it after the "realm join" portion is called.
>>
>> Here is my playbook:
>>
>> ---
>> ## This playbook installs and configures AD authentication
>>
>> - name: Install and configure AD authentication
>> hosts: linux
>> remote_user: root
>>
>> vars_prompt:
>> - name: "ad_password"
>> prompt: "Enter AD Domain User Password"
>> private: yes
>>
>> tasks:
>> - name: install ad_auth required tools
>> yum: pkg={{ item }} state=installed
>> with_items:
>> - realmd
>> - sssd
>> - oddjob-mkhomedir
>> - adcli
>> - samba-common-tools
>>
>> - name: discover and join domain
>> shell: realm discover AD.DOMAIN.TLD && realm join AD.DOMAIN.TLD
>> --computer-ou=OU=LINUX,DC=DOMAIN,DC=TLD --user=user_name {{
>> ad_password }}
>>
>> - name: modify /etc/sssd/sssd.conf
>> template:
>> src=/home/user_name/git/system_configs/ansible/templates/sssd.j2
>> dest=/etc/sssd/sssd.conf
>> notify:
>> - restart sssd
>>
>> handlers:
>> - name: restart sssd
>> service: name=sssd state=restarted
>>
>> This is the error I get after running it:
>>
>> [user_name@server_name playbooks]$ ansible-playbook adAuth_asRoot.yaml
>> --user=root --ask-pass
>> SSH password:
>> Enter AD Domain User Password:
>>
>> PLAY [Install and configure AD authentication]
>> ********************************
>>
>> GATHERING FACTS
>> ***************************************************************
>> ok: [ansible]
>>
>> TASK: [install ad_auth required tools]
>> ****************************************
>> ok: [ansible] =>
>> (item=realmd,sssd,oddjob-mkhomedir,adcli,samba-common-tools)
>>
>> TASK: [discover and join domain]
>> **********************************************
>> failed: [ansible] => {"changed": true, "cmd": "realm discover
>> AD.DOMAIN.TLD && realm join AD.DOMAIN.TLD
>> --computer-ou=OU=LINUX,DC=DOMAIN,DC=TLD --user=user_name ad_password",
>> "delta": "0:00:00.053695", "end": "2016-02-29 20:39:40.764101", "rc": 2,
>> "start": "2016-02-29 20:39:40.710406", "warnings": []}
>> stderr: realm: Specify one realm to join
>> stdout: domain.tld
>> type: kerberos
>> realm-name: DOMAIN.TLD
>> domain-name: domain.tld
>> configured: no
>> server-software: active-directory
>> client-software: sssd
>> required-package: oddjob
>> required-package: oddjob-mkhomedir
>> required-package: sssd
>> required-package: adcli
>> required-package: samba-common
>>
>> FATAL: all hosts have already failed -- aborting
>>
>> PLAY RECAP
>> ********************************************************************
>> to retry, use: --limit
>> @/home/user_name/adAuth_asRoot.yaml.retry
>>
>> ansible : ok=2 changed=0 unreachable=0
>> failed=1
>>
>> Is there a better way to provide passwords when certain tasks call for it?
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/53aaafc2-a2a7-4b67-a12b-e8b10d4a0305%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
