I am trying to install the the FreeIPA client on CentOS and RHEL 6,7,8
servers.
I am using the ansible-freeipa module
https://github.com/freeipa/ansible-freeipa
The only problem I have encountered is the one I pasted regarding the
keytabs or otp.
Here is the command I used:
ansible-playbook --ask-vault-pass -i /opt/syseng/automation/ansible/passwd.yml
--inventory-file /opt/syseng/automation/ansible/hosts/ansible_hosts /opt/
syseng/automation/ansible-freeipa/playbooks/install-client.yml -e
"target_servers=hostname001.loc.example.net" --user=user123 -vvvvvv
freeipa inventory file
[ipaclients:vars]
ipaadmin_principal=admin
ipaadmin_password="{{ ipaadmin_password }}"
ipaclient_domain=loc.example.net
ipaclient_realm=LOC.EXAMPLE.NET
#ipaclient_keytab=/tmp/krb5.keytab
#ipaclient_use_otp=yes
#ipaclient_force_join=yes
#ipaclient_kinit_attempts=3
ipaclient_mkhomedir=yes
ipaclient_allow_repair=yes
$ ansible --version
ansible 2.9.6
config file = /opt/syseng/automation/ansible/ansible.cfg
configured module search path = [
'/opt/syseng/automation/ansible-freeipa/playbooks/roles/ansible-freeipa/plugins/modules'
]
ansible python module location = /home/andrew.meyer/.local/lib/python3.6/
site-packages/ansible
executable location = /home/andrew.meyer/.local/bin/ansible
python version = 3.6.8 (default, Nov 21 2019, 19:31:34) [GCC 8.3.1
20190507 (Red Hat 8.3.1-4)]
Hope that helps.
On Saturday, March 14, 2020 at 12:09:32 PM UTC-5, Dick Visser wrote:
>
> Thanks for using ansible. To answer your question more information is
> needed. Could you please describe clearly all of the below:
>
>
> - What goal you are trying to achieve.
>
> - How you are doing this.
>
> - What problems you encounter.
>
> - Which commands did you run, and what actual output did you get (copied
> as plain text - not as screenshots, images, or other binary attachments).
>
> - What do the relevant inventory/tasks/playbooks/code/variables look like.
>
> - The output of ‘ansible --version’
>
>
>
>
> On Fri, 13 Mar 2020 at 15:32, Andrew Meyer <[email protected]
> <javascript:>> wrote:
>
>> I am trying to use the ansible-playbook to install the client on CentOS
>> 8. I am getting
>> the following error:
>>
>> TASK [ipaclient : Install - Check if one of password or keytabs are set]
>>
>> ********************************************************************************************************************************************************************
>> fatal: [host1.example.com]: FAILED! => {"changed": false, "msg":
>> "At least one of password or keytabs must be specified"}
>>
>> I'm not sure what is causing this.
>>
>> I have the following in my ansible-freeipa inventory hosts file:
>>
>> [ipaclients:vars]
>> ipaadmin_principal=admin
>> ipaadmin_password="{{ ipaadmin_password }}"
>> ipaclient_domain=domain.example.com
>> ipaclient_realm=DOMAIN.EXAMPLE.COM
>> #ipaclient_keytab=/tmp/krb5.keytab
>> #ipaclient_use_otp=yes
>> #ipaclient_force_join=yes
>> #ipaclient_kinit_attempts=3
>> ipaclient_mkhomedir=yes
>> ipaclient_allow_repair=yes
>>
>>
>> When I run the playbook I have it accessing a secrets file.
>>
>> Thanks in advance!
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/864cdaa5-570f-48eb-8fad-5cba41d51bf9%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/ansible-project/864cdaa5-570f-48eb-8fad-5cba41d51bf9%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
> --
> Sent from a mobile device - please excuse the brevity, spelling and
> punctuation.
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/c396a661-3e22-4806-a41e-29df49a2281e%40googlegroups.com.
