- name: Check if machine is bound
shell: /bin/bash -c "realm list | grep sssd"
register: realmd_bound
changed_when: false
ignore_errors: true
- name: Join using realmd
expect:
command: "/bin/bash -c '/usr/sbin/realm join -U {{ bind_user }} {{
bind_domain }}'"
responses:
Password for.*: "{{ bind_password }}"
when: realmd_bound|failed
I'm planning on getting away from realmd but that's one way to do it with
realm.
On Tuesday, August 30, 2016 at 4:28:22 PM UTC-4, Jacob brown wrote:
>
> Hi guys,
>
> Do you do anything for "pre flight checks"? Or is this a one-off playbook
> your run on newly provisioned servers?
>
> Wouldn't mind something that goes "am I joined? notify: join ad"
>
> Cheers
> Jacob
>
> On Saturday, 6 August 2016 03:11:29 UTC+10, Cyriel R wrote:
>>
>> Ohh thank you for this tips ;)
>>
>> Le lundi 29 février 2016 22:43:08 UTC-5, Gilberto Valentin a écrit :
>>>
>>> I have a playbook that installs the appropriate packages for Active
>>> Directory Authentication. When it gets to the "join" portion, Ansible just
>>> sits there because the join process is asking the user for the password of
>>> the account that has access to join the system to Active Directory. How can
>>> I pass my password from vars_prompt? I have highlighted where I call the
>>> variable but I know that is the wrong place since it's going to try to pass
>>> it to my "realm join" command, which isn't supported. I only added it there
>>> to show I want to call it after the "realm join" portion is called.
>>>
>>> Here is my playbook:
>>>
>>> ---
>>> ## This playbook installs and configures AD authentication
>>>
>>> - name: Install and configure AD authentication
>>> hosts: linux
>>> remote_user: root
>>>
>>> vars_prompt:
>>> - name: "ad_password"
>>> prompt: "Enter AD Domain User Password"
>>> private: yes
>>>
>>> tasks:
>>> - name: install ad_auth required tools
>>> yum: pkg={{ item }} state=installed
>>> with_items:
>>> - realmd
>>> - sssd
>>> - oddjob-mkhomedir
>>> - adcli
>>> - samba-common-tools
>>>
>>> - name: discover and join domain
>>> shell: realm discover AD.DOMAIN.TLD && realm join AD.DOMAIN.TLD
>>> --computer-ou=OU=LINUX,DC=DOMAIN,DC=TLD --user=user_name {{
>>> ad_password }}
>>>
>>> - name: modify /etc/sssd/sssd.conf
>>> template:
>>> src=/home/user_name/git/system_configs/ansible/templates/sssd.j2
>>> dest=/etc/sssd/sssd.conf
>>> notify:
>>> - restart sssd
>>>
>>> handlers:
>>> - name: restart sssd
>>> service: name=sssd state=restarted
>>>
>>> This is the error I get after running it:
>>>
>>> [user_name@server_name playbooks]$ ansible-playbook adAuth_asRoot.yaml
>>> --user=root --ask-pass
>>> SSH password:
>>> Enter AD Domain User Password:
>>>
>>> PLAY [Install and configure AD authentication]
>>> ********************************
>>>
>>> GATHERING FACTS
>>> ***************************************************************
>>> ok: [ansible]
>>>
>>> TASK: [install ad_auth required tools]
>>> ****************************************
>>> ok: [ansible] =>
>>> (item=realmd,sssd,oddjob-mkhomedir,adcli,samba-common-tools)
>>>
>>> TASK: [discover and join domain]
>>> **********************************************
>>> failed: [ansible] => {"changed": true, "cmd": "realm discover
>>> AD.DOMAIN.TLD && realm join AD.DOMAIN.TLD
>>> --computer-ou=OU=LINUX,DC=DOMAIN,DC=TLD --user=user_name ad_password",
>>> "delta": "0:00:00.053695", "end": "2016-02-29 20:39:40.764101", "rc": 2,
>>> "start": "2016-02-29 20:39:40.710406", "warnings": []}
>>> stderr: realm: Specify one realm to join
>>> stdout: domain.tld
>>> type: kerberos
>>> realm-name: DOMAIN.TLD
>>> domain-name: domain.tld
>>> configured: no
>>> server-software: active-directory
>>> client-software: sssd
>>> required-package: oddjob
>>> required-package: oddjob-mkhomedir
>>> required-package: sssd
>>> required-package: adcli
>>> required-package: samba-common
>>>
>>> FATAL: all hosts have already failed -- aborting
>>>
>>> PLAY RECAP
>>> ********************************************************************
>>> to retry, use: --limit
>>> @/home/user_name/adAuth_asRoot.yaml.retry
>>>
>>> ansible : ok=2 changed=0 unreachable=0
>>> failed=1
>>>
>>> Is there a better way to provide passwords when certain tasks call for
>>> it?
>>>
>>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/84fe76c3-78da-4817-9ef6-4711fa82cb9e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
