That's awesome Chris, thank you very much! I'm still learning Ansible so that's a huge help. Thanks again!
On Wed, Aug 31, 2016 at 10:31 PM, Chris Helming <[email protected]> wrote: > - name: Check if machine is bound > shell: /bin/bash -c "realm list | grep sssd" > register: realmd_bound > changed_when: false > ignore_errors: true > > - name: Join using realmd > expect: > command: "/bin/bash -c '/usr/sbin/realm join -U {{ bind_user }} {{ > bind_domain }}'" > responses: > Password for.*: "{{ bind_password }}" > when: realmd_bound|failed > > > I'm planning on getting away from realmd but that's one way to do it with > realm. > > > On Tuesday, August 30, 2016 at 4:28:22 PM UTC-4, Jacob brown wrote: >> >> Hi guys, >> >> Do you do anything for "pre flight checks"? Or is this a one-off playbook >> your run on newly provisioned servers? >> >> Wouldn't mind something that goes "am I joined? notify: join ad" >> >> Cheers >> Jacob >> >> On Saturday, 6 August 2016 03:11:29 UTC+10, Cyriel R wrote: >>> >>> Ohh thank you for this tips ;) >>> >>> Le lundi 29 février 2016 22:43:08 UTC-5, Gilberto Valentin a écrit : >>>> >>>> I have a playbook that installs the appropriate packages for Active >>>> Directory Authentication. When it gets to the "join" portion, Ansible just >>>> sits there because the join process is asking the user for the password of >>>> the account that has access to join the system to Active Directory. How can >>>> I pass my password from vars_prompt? I have highlighted where I call the >>>> variable but I know that is the wrong place since it's going to try to pass >>>> it to my "realm join" command, which isn't supported. I only added it there >>>> to show I want to call it after the "realm join" portion is called. >>>> >>>> Here is my playbook: >>>> >>>> --- >>>> ## This playbook installs and configures AD authentication >>>> >>>> - name: Install and configure AD authentication >>>> hosts: linux >>>> remote_user: root >>>> >>>> vars_prompt: >>>> - name: "ad_password" >>>> prompt: "Enter AD Domain User Password" >>>> private: yes >>>> >>>> tasks: >>>> - name: install ad_auth required tools >>>> yum: pkg={{ item }} state=installed >>>> with_items: >>>> - realmd >>>> - sssd >>>> - oddjob-mkhomedir >>>> - adcli >>>> - samba-common-tools >>>> >>>> - name: discover and join domain >>>> shell: realm discover AD.DOMAIN.TLD && realm join AD.DOMAIN.TLD >>>> --computer-ou=OU=LINUX,DC=DOMAIN,DC=TLD >>>> --user=user_name {{ ad_password }} >>>> >>>> - name: modify /etc/sssd/sssd.conf >>>> template: src=/home/user_name/git/system >>>> _configs/ansible/templates/sssd.j2 dest=/etc/sssd/sssd.conf >>>> notify: >>>> - restart sssd >>>> >>>> handlers: >>>> - name: restart sssd >>>> service: name=sssd state=restarted >>>> >>>> This is the error I get after running it: >>>> >>>> [user_name@server_name playbooks]$ ansible-playbook adAuth_asRoot.yaml >>>> --user=root --ask-pass >>>> SSH password: >>>> Enter AD Domain User Password: >>>> >>>> PLAY [Install and configure AD authentication] >>>> ******************************** >>>> >>>> GATHERING FACTS ****************************** >>>> ********************************* >>>> ok: [ansible] >>>> >>>> TASK: [install ad_auth required tools] ****************************** >>>> ********** >>>> ok: [ansible] => (item=realmd,sssd,oddjob-mkhom >>>> edir,adcli,samba-common-tools) >>>> >>>> TASK: [discover and join domain] ****************************** >>>> **************** >>>> failed: [ansible] => {"changed": true, "cmd": "realm discover >>>> AD.DOMAIN.TLD && realm join AD.DOMAIN.TLD >>>> --computer-ou=OU=LINUX,DC=DOMAIN,DC=TLD >>>> --user=user_name ad_password", "delta": "0:00:00.053695", "end": >>>> "2016-02-29 20:39:40.764101", "rc": 2, "start": "2016-02-29 >>>> 20:39:40.710406", "warnings": []} >>>> stderr: realm: Specify one realm to join >>>> stdout: domain.tld >>>> type: kerberos >>>> realm-name: DOMAIN.TLD >>>> domain-name: domain.tld >>>> configured: no >>>> server-software: active-directory >>>> client-software: sssd >>>> required-package: oddjob >>>> required-package: oddjob-mkhomedir >>>> required-package: sssd >>>> required-package: adcli >>>> required-package: samba-common >>>> >>>> FATAL: all hosts have already failed -- aborting >>>> >>>> PLAY RECAP ************************************************************ >>>> ******** >>>> to retry, use: --limit @/home/user_name/adAuth_asRoot >>>> .yaml.retry >>>> >>>> ansible : ok=2 changed=0 unreachable=0 >>>> failed=1 >>>> >>>> Is there a better way to provide passwords when certain tasks call for >>>> it? >>>> >>>> -- > You received this message because you are subscribed to a topic in the > Google Groups "Ansible Project" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/ansible-project/L0Es3aGAKV8/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/ansible-project/84fe76c3-78da-4817-9ef6-4711fa82cb9e%40googlegroups. > com > <https://groups.google.com/d/msgid/ansible-project/84fe76c3-78da-4817-9ef6-4711fa82cb9e%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAECt-tgGDpGmN0nwaRLhr61bXj8WnHXW6Ls3069%3DMGfmz71Y8w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
