ansbile-freeipa client install

Andrew Meyer via users Wed, 23 Oct 2019 07:54:34 -0700

Hello I have setup ansible to use install freeipa client on my CentOS 7/8 
machines.  I am able to get the packages installed however when it goes through 
the configuration I am getting the following:



TASK [ipaclient : Install - Ensure that IPA client packages are installed] 
******************************************************************************************************************************************************************
ok: [10.150.10.15]

TASK [ipaclient : Install - Set ipaclient_servers] 
******************************************************************************************************************************************************************************************
skipping: [10.150.10.15]

TASK [ipaclient : Install - Set ipaclient_servers from cluster inventory] 
*******************************************************************************************************************************************************************
skipping: [10.150.10.15]

TASK [ipaclient : Install - Check that either principal or keytab is set] 
*******************************************************************************************************************************************************************
skipping: [10.150.10.15]

TASK [ipaclient : Install - Set default principal if no keytab is given] 
********************************************************************************************************************************************************************
ok: [10.150.10.15]

TASK [ipaclient : Install - IPA client test] 
************************************************************************************************************************************************************************************************
ok: [10.150.10.15]

TASK [ipaclient : Install - Cleanup leftover ccache] 
****************************************************************************************************************************************************************************************
ok: [10.150.10.15]

TASK [ipaclient : Install - Configure NTP] 
**************************************************************************************************************************************************************************************************
changed: [10.150.10.15]

TASK [ipaclient : Install - Disable One-Time Password for on_master] 
************************************************************************************************************************************************************************
skipping: [10.150.10.15]

TASK [ipaclient : Install - Test if IPA client has working krb5.keytab] 
*********************************************************************************************************************************************************************
ok: [10.150.10.15]

TASK [ipaclient : Install - Disable One-Time Password for client with working 
krb5.keytab] 
**************************************************************************************************************************************************
skipping: [10.150.10.15]

TASK [ipaclient : Install - Keytab or password is required for otp] 
*************************************************************************************************************************************************************************
skipping: [10.150.10.15]

TASK [ipaclient : Install - Get One-Time Password for client enrollment] 
********************************************************************************************************************************************************************
skipping: [10.150.10.15]

TASK [ipaclient : Install - Report error for OTP generation] 
********************************************************************************************************************************************************************************
skipping: [10.150.10.15]

TASK [ipaclient : Install - Store the previously obtained OTP] 
******************************************************************************************************************************************************************************
skipping: [10.150.10.15]

TASK [ipaclient : Install - Check if principal and keytab are set] 
**************************************************************************************************************************************************************************
skipping: [10.150.10.15]

TASK [ipaclient : Install - Check if one of password or keytabs are set] 
********************************************************************************************************************************************************************
fatal: [10.150.10.15]: FAILED! => {"changed": false, "msg": "At least one of 
password or keytabs must be specified"}

TASK [ipaclient : Install - Restore original admin password if overwritten by 
OTP] 
**********************************************************************************************************************************************************
skipping: [10.150.10.15]

TASK [ipaclient : Cleanup leftover ccache] 
**************************************************************************************************************************************************************************************************
ok: [10.150.10.15]

PLAY RECAP 
**********************************************************************************************************************************************************************************************************************************
10.150.10.15               : ok=10   changed=1    unreachable=0    failed=1    
skipped=11   rescued=0    ignored=0

I am not sure that I am using the correct variables in ansible-vault for the 
keytabs:

ipaadmin_password1: password1234
ipadm_password1: password1234
ipaserver_realm1: TEST.EXAMPLE
ipaserver_domain1: test.example
ipaclient_principal1: admin
ipaclient_password1: password1234

Should the variable be 'ipaadmin_principal1:' ?  Also should this be the 
password?

And I want to skip installing the ntp client would this be the correct way to 
do it?

ansible-playbook --ask-vault-pass --extra-vars 'ansible/passwd.yml' 
ansible-freeipa/playbooks/install-client.yml --limit=10.150.10.15 
--user=user123 -e "ipaclient_no_ntp=no"


_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

ansbile-freeipa client install

Reply via email to