Ok, I figured this out. This is how I did it:
---
## This playbook installs and configures AD authentication
- name: Install and configure AD authentication
hosts: linux
remote_user: root
tasks:
- name: install ad_auth required tools
yum: pkg={{ item }} state=installed
with_items:
- realmd
- sssd
- oddjob-mkhomedir
- adcli
- samba-common-tools
- python-pip
- name: install pexpect using pip
shell: /bin/bash -c "pip install pexpect"
- name: discover realm
shell: /bin/bash -c "/usr/sbin/realm discover AD.DOMAIN.TLD"
- name: join system to UNIX OU
expect:
command: /bin/bash -c "/usr/sbin/realm join AD.DOMAIN.TLD
--computer-ou=OU=LINUX,DC=domain,DC=tld --user=admin_user"
responses:
Password for Administrator: "password123"
- name: modify /etc/sssd/sssd.conf
template: src=/home/user/git/system_configs/ansible/templates/sssd.j2
dest=/etc/sssd/sssd.conf
notify:
- restart sssd
handlers:
- name: restart sssd
service: name=sssd state=restarted
Now I just have to figure out how to encrypt the password.
On Monday, February 29, 2016 at 10:43:08 PM UTC-5, Gilberto Valentin wrote:
>
> I have a playbook that installs the appropriate packages for Active
> Directory Authentication. When it gets to the "join" portion, Ansible just
> sits there because the join process is asking the user for the password of
> the account that has access to join the system to Active Directory. How can
> I pass my password from vars_prompt? I have highlighted where I call the
> variable but I know that is the wrong place since it's going to try to pass
> it to my "realm join" command, which isn't supported. I only added it there
> to show I want to call it after the "realm join" portion is called.
>
> Here is my playbook:
>
> ---
> ## This playbook installs and configures AD authentication
>
> - name: Install and configure AD authentication
> hosts: linux
> remote_user: root
>
> vars_prompt:
> - name: "ad_password"
> prompt: "Enter AD Domain User Password"
> private: yes
>
> tasks:
> - name: install ad_auth required tools
> yum: pkg={{ item }} state=installed
> with_items:
> - realmd
> - sssd
> - oddjob-mkhomedir
> - adcli
> - samba-common-tools
>
> - name: discover and join domain
> shell: realm discover AD.DOMAIN.TLD && realm join AD.DOMAIN.TLD
> --computer-ou=OU=LINUX,DC=DOMAIN,DC=TLD --user=user_name {{
> ad_password }}
>
> - name: modify /etc/sssd/sssd.conf
> template:
> src=/home/user_name/git/system_configs/ansible/templates/sssd.j2
> dest=/etc/sssd/sssd.conf
> notify:
> - restart sssd
>
> handlers:
> - name: restart sssd
> service: name=sssd state=restarted
>
> This is the error I get after running it:
>
> [user_name@server_name playbooks]$ ansible-playbook adAuth_asRoot.yaml
> --user=root --ask-pass
> SSH password:
> Enter AD Domain User Password:
>
> PLAY [Install and configure AD authentication]
> ********************************
>
> GATHERING FACTS
> ***************************************************************
> ok: [ansible]
>
> TASK: [install ad_auth required tools]
> ****************************************
> ok: [ansible] =>
> (item=realmd,sssd,oddjob-mkhomedir,adcli,samba-common-tools)
>
> TASK: [discover and join domain]
> **********************************************
> failed: [ansible] => {"changed": true, "cmd": "realm discover
> AD.DOMAIN.TLD && realm join AD.DOMAIN.TLD
> --computer-ou=OU=LINUX,DC=DOMAIN,DC=TLD --user=user_name ad_password",
> "delta": "0:00:00.053695", "end": "2016-02-29 20:39:40.764101", "rc": 2,
> "start": "2016-02-29 20:39:40.710406", "warnings": []}
> stderr: realm: Specify one realm to join
> stdout: domain.tld
> type: kerberos
> realm-name: DOMAIN.TLD
> domain-name: domain.tld
> configured: no
> server-software: active-directory
> client-software: sssd
> required-package: oddjob
> required-package: oddjob-mkhomedir
> required-package: sssd
> required-package: adcli
> required-package: samba-common
>
> FATAL: all hosts have already failed -- aborting
>
> PLAY RECAP
> ********************************************************************
> to retry, use: --limit @/home/user_name/adAuth_asRoot.yaml.retry
>
> ansible : ok=2 changed=0 unreachable=0 failed=1
>
> Is there a better way to provide passwords when certain tasks call for it?
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/7d2a2825-1cfe-44a5-be73-97db68d63a2b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
