Re: [ansible-project] Joining Linux server to the Active directory Domain.
On 29.10.2018 21:56, fahad.riaz1...@gmail.com wrote:
I've tried every possible way to join the server to the AD but can't
resolve it.
This is the playbook I try to run
---
- hosts: RHELTEST
become: yes
vars_files:
- /home/ansiblecore/ansiblecore.yml
tasks:
- name: join system to ad
command: realm join -U ansibleuser addomain.com
responses:
Password for ansibleuser: "{{ domain_password }}"
when I run the command on the command line "realm join -U ansibleuser
addomain.com"
it responds back with "Password for ansibleuser:" and after i enter the
password it joins it to the domain however I am trying to do the same
with
ansible-playbook.
When i execute the playbook this is the error i get:
[WARNING]: Ignoring invalid attribute: responses
It looks like you are trying to use the expect module, but missing the
module name.
It should be written like this:
- name: join system to ad
expect:
command: realm join -U ansibleuser addomain.com
responses:
Password for ansibleuser: "{{ domain_password }}"
--
Kai Stian Olstad
--
You received this message because you are subscribed to the Google Groups "Ansible
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/234e76e62786af934ff4189a8a65eb38%40olstad.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Joining Linux server to the Active directory Domain.
Hi Fahad,
You could probably get away with changing your task to do something like:
- name: join system to ad
shell: echo "{{ domain_password }}" | realm join -U ansibleuser
addomain.com
But it's generally bad practice to put passwords on the command line, since
anyone logged onto the target machine could just do "ps" and see the
password exposed.
Another option would be to create a keytab for "ansibleuser" then have the
playbook kinit the service account using the keytab and do an unattended
join. But you'd have to make sure that everything is cleaned up (keytab
and the associated ticket cache) after the join is complete.
Neither of these are idempotent, however. So every time you run the
playbook it will just be trying to do the join again no matter the status
of the machine.
-- Steve
On Mon, Oct 29, 2018 at 3:56 PM wrote:
>
> Fahad Riaz
> 3:50 PM (4 minutes ago)
> to ansible-project
> I am working on a project and part of it includes joining the Linux server
> to the Active Directory domain.
>
> I've tried every possible way to join the server to the AD but can't
> resolve it.
> This is the playbook I try to run
>
> ---
> - hosts: RHELTEST
> become: yes
>
> vars_files:
> - /home/ansiblecore/ansiblecore.yml
>
> tasks:
> - name: join system to ad
> command: realm join -U ansibleuser addomain.com
> responses:
> Password for ansibleuser: "{{ domain_password }}"
>
> when I run the command on the command line "realm join -U ansibleuser
> addomain.com"
> it responds back with "Password for ansibleuser:" and after i enter the
> password it joins it to the domain however I am trying to do the same with
> ansible-playbook.
>
> When i execute the playbook this is the error i get:
> [WARNING]: Ignoring invalid attribute: responses
>
> fatal: [dc-rheltest2.addomain.com]: FAILED! => {"changed": true, "cmd":
> "realm join -U ansibleuser addomain.com", "delta": "0:00:00.192301",
> "end": "2018-10-29 15:47:16.704292", "msg": "non-zero return code", "rc":
> 1, "start": "2018-10-29 15:47:16.511991", "stderr": "See: journalctl
> REALMD_OPERATION=r106172.19338\nrealm: Couldn't join realm: Joining the
> domain addomain.com failed", "stderr_lines": ["See: journalctl
> REALMD_OPERATION=r106172.19338", "realm: Couldn't join realm: Joining the
> domain addomain.com failed"], "stdout": "Password for ansibleuser: ",
> "stdout_lines": ["Password for ansibleuser: "]}
>
> If anyone of you are able to help me out on this matter, i'd highly
> appreciate it.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/6b670906-3f55-4577-aa6e-11f5e32d499b%40googlegroups.com
>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAFbiokfZWoWrSG0oeCBtxUs4RJRaske4AOYxCkbn-3w4koMJyA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Joining Linux server to the Active directory Domain.
Fahad Riaz
3:50 PM (4 minutes ago)
to ansible-project
I am working on a project and part of it includes joining the Linux server
to the Active Directory domain.
I've tried every possible way to join the server to the AD but can't
resolve it.
This is the playbook I try to run
---
- hosts: RHELTEST
become: yes
vars_files:
- /home/ansiblecore/ansiblecore.yml
tasks:
- name: join system to ad
command: realm join -U ansibleuser addomain.com
responses:
Password for ansibleuser: "{{ domain_password }}"
when I run the command on the command line "realm join -U ansibleuser
addomain.com"
it responds back with "Password for ansibleuser:" and after i enter the
password it joins it to the domain however I am trying to do the same with
ansible-playbook.
When i execute the playbook this is the error i get:
[WARNING]: Ignoring invalid attribute: responses
fatal: [dc-rheltest2.addomain.com]: FAILED! => {"changed": true, "cmd":
"realm join -U ansibleuser addomain.com", "delta": "0:00:00.192301", "end":
"2018-10-29 15:47:16.704292", "msg": "non-zero return code", "rc": 1,
"start": "2018-10-29 15:47:16.511991", "stderr": "See: journalctl
REALMD_OPERATION=r106172.19338\nrealm: Couldn't join realm: Joining the
domain addomain.com failed", "stderr_lines": ["See: journalctl
REALMD_OPERATION=r106172.19338", "realm: Couldn't join realm: Joining the
domain addomain.com failed"], "stdout": "Password for ansibleuser: ",
"stdout_lines": ["Password for ansibleuser: "]}
If anyone of you are able to help me out on this matter, i'd highly
appreciate it.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/6b670906-3f55-4577-aa6e-11f5e32d499b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
