[Freeipa-users] ansbile-freeipa client install

Andrew Meyer via FreeIPA-users Wed, 23 Oct 2019 11:41:11 -0700

Hello I have setup ansible to use install freeipa client on my CentOS 7/8 
machines. I am
able to get the packages installed however when it goes through the 
configuration I am
getting the following:



TASK [ipaclient : Install - Ensure that IPA client packages are installed]
******************************************************************************************************************************************************************
ok: [10.150.10.15]

TASK [ipaclient : Install - Set ipaclient_servers]
******************************************************************************************************************************************************************************************
skipping: [10.150.10.15]

TASK [ipaclient : Install - Set ipaclient_servers from cluster inventory]
*******************************************************************************************************************************************************************
skipping: [10.150.10.15]

TASK [ipaclient : Install - Check that either principal or keytab is set]
*******************************************************************************************************************************************************************
skipping: [10.150.10.15]

TASK [ipaclient : Install - Set default principal if no keytab is given]
********************************************************************************************************************************************************************
ok: [10.150.10.15]

TASK [ipaclient : Install - IPA client test]
************************************************************************************************************************************************************************************************
ok: [10.150.10.15]

TASK [ipaclient : Install - Cleanup leftover ccache]
****************************************************************************************************************************************************************************************
ok: [10.150.10.15]

TASK [ipaclient : Install - Configure NTP]
**************************************************************************************************************************************************************************************************
changed: [10.150.10.15]

TASK [ipaclient : Install - Disable One-Time Password for on_master]
************************************************************************************************************************************************************************
skipping: [10.150.10.15]

TASK [ipaclient : Install - Test if IPA client has working krb5.keytab]
*********************************************************************************************************************************************************************
ok: [10.150.10.15]

TASK [ipaclient : Install - Disable One-Time Password for client with working 
krb5.keytab]
**************************************************************************************************************************************************
skipping: [10.150.10.15]

TASK [ipaclient : Install - Keytab or password is required for otp]
*************************************************************************************************************************************************************************
skipping: [10.150.10.15]

TASK [ipaclient : Install - Get One-Time Password for client enrollment]
********************************************************************************************************************************************************************
skipping: [10.150.10.15]

TASK [ipaclient : Install - Report error for OTP generation]
********************************************************************************************************************************************************************************
skipping: [10.150.10.15]

TASK [ipaclient : Install - Store the previously obtained OTP]
******************************************************************************************************************************************************************************
skipping: [10.150.10.15]

TASK [ipaclient : Install - Check if principal and keytab are set]
**************************************************************************************************************************************************************************
skipping: [10.150.10.15]

TASK [ipaclient : Install - Check if one of password or keytabs are set]
********************************************************************************************************************************************************************
fatal: [10.150.10.15]: FAILED! => {"changed": false, "msg":
"At least one of password or keytabs must be specified"}

TASK [ipaclient : Install - Restore original admin password if overwritten by 
OTP]
**********************************************************************************************************************************************************
skipping: [10.150.10.15]

TASK [ipaclient : Cleanup leftover ccache]
**************************************************************************************************************************************************************************************************
ok: [10.150.10.15]

PLAY RECAP
**********************************************************************************************************************************************************************************************************************************
10.150.10.15 : ok=10 changed=1 unreachable=0 failed=1 skipped=11
rescued=0 ignored=0

I am not sure that I am using the correct variables in ansible-vault for the 
keytabs:

ipaadmin_password1: password1234
ipadm_password1: password1234
ipaserver_realm1: TEST.EXAMPLE
ipaserver_domain1: test.example
ipaclient_principal1: admin
ipaclient_password1: password1234

Should the variable be 'ipaadmin_principal1:' ? Also should this be the
password?

And I want to skip installing the ntp client would this be the correct way to 
do it?

ansible-playbook --ask-vault-pass --extra-vars 'ansible/passwd.yml'
ansible-freeipa/playbooks/install-client.yml --limit=10.150.10.15 
--user=user123 -e
"ipaclient_no_ntp=no"
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] ansbile-freeipa client install

Reply via email to