I am trying to install the the FreeIPA client on CentOS and RHEL 6,7,8
servers.
I am using the ansible-freeipa module
https://github.com/freeipa/ansible-freeipa
The only problem I have encountered is the one I pasted regarding the
keytabs or otp.
Here is the command I used:
ansible-playbook --ask-vault-pass -i /opt/syseng/automation/ansible/passwd.yml
--inventory-file /opt/syseng/automation/ansible/hosts/ansible_hosts /opt/
syseng/automation/ansible-freeipa/playbooks/install-client.yml -e
"target_servers=hostname001.loc.example.net" --user=user123 -vvvvvv
freeipa inventory file
[ipaclients:vars]
ipaadmin_principal=admin
ipaadmin_password="{{ ipaadmin_password }}"
ipaclient_domain=loc.example.net
ipaclient_realm=LOC.EXAMPLE.NET
#ipaclient_keytab=/tmp/krb5.keytab
#ipaclient_use_otp=yes
#ipaclient_force_join=yes
#ipaclient_kinit_attempts=3
ipaclient_mkhomedir=yes
ipaclient_allow_repair=yes
$ ansible --version
ansible 2.9.6
config file = /opt/syseng/automation/ansible/ansible.cfg
configured module search path = [
'/opt/syseng/automation/ansible-freeipa/playbooks/roles/ansible-freeipa/plugins/modules'
]
ansible python module location = /home/andrew.meyer/.local/lib/python3.6/
site-packages/ansible
executable location = /home/andrew.meyer/.local/bin/ansible
python version = 3.6.8 (default, Nov 21 2019, 19:31:34) [GCC 8.3.1
20190507 (Red Hat 8.3.1-4)]
Hope that helps.
On Saturday, March 14, 2020 at 12:09:32 PM UTC-5, Dick Visser wrote:
>
> Thanks for using ansible. To answer your question more information is
> needed. Could you please describe clearly all of the below:
>
>
> - What goal you are trying to achieve.
>
> - How you are doing this.
>
> - What problems you encounter.
>
> - Which commands did you run, and what actual output did you get (copied
> as plain text - not as screenshots, images, or other binary attachments).
>
> - What do the relevant inventory/tasks/playbooks/code/variables look like.
>
> - The output of ‘ansible --version’
>
>
>
>
> On Fri, 13 Mar 2020 at 15:32, Andrew Meyer <andre...@gmail.com
> <javascript:>> wrote:
>
>> I am trying to use the ansible-playbook to install the client on CentOS
>> 8. I am getting
>> the following error:
>>
>> TASK [ipaclient : Install - Check if one of password or keytabs are set]
>>
>> ********************************************************************************************************************************************************************
>> fatal: [host1.example.com]: FAILED! => {"changed": false, "msg":
>> "At least one of password or keytabs must be specified"}
>>
>> I'm not sure what is causing this.
>>
>> I have the following in my ansible-freeipa inventory hosts file:
>>
>> [ipaclients:vars]
>> ipaadmin_principal=admin
>> ipaadmin_password="{{ ipaadmin_password }}"
>> ipaclient_domain=domain.example.com
>> ipaclient_realm=DOMAIN.EXAMPLE.COM
>> #ipaclient_keytab=/tmp/krb5.keytab
>> #ipaclient_use_otp=yes
>> #ipaclient_force_join=yes
>> #ipaclient_kinit_attempts=3
>> ipaclient_mkhomedir=yes
>> ipaclient_allow_repair=yes
>>
>>
>> When I run the playbook I have it accessing a secrets file.
>>
>> Thanks in advance!
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible...@googlegroups.com <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/864cdaa5-570f-48eb-8fad-5cba41d51bf9%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/ansible-project/864cdaa5-570f-48eb-8fad-5cba41d51bf9%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
> --
> Sent from a mobile device - please excuse the brevity, spelling and
> punctuation.
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/c396a661-3e22-4806-a41e-29df49a2281e%40googlegroups.com.
