ansible-freeipa client install error
451 views
Skip to first unread message
Andrew Meyer
Mar 13, 2020, 10:32:09 AM3/13/20
to Ansible Project
I am trying to use the ansible-playbook to install the client on CentOS 8. I am getting
the following error:
TASK [ipaclient : Install - Check if one of password or keytabs are set]
********************************************************************************************************************************************************************
fatal: [host1.example.com]: FAILED! => {"changed": false, "msg":
"At least one of password or keytabs must be specified"}
I'm not sure what is causing this.
I have the following in my ansible-freeipa inventory hosts file:
[ipaclients:vars]
ipaadmin_principal=admin
ipaadmin_password="{{ ipaadmin_password }}"
ipaclient_domain=domain.example.com
ipaclient_realm=DOMAIN.EXAMPLE.COM
#ipaclient_keytab=/tmp/krb5.keytab
#ipaclient_use_otp=yes
#ipaclient_force_join=yes
#ipaclient_kinit_attempts=3
ipaclient_mkhomedir=yes
ipaclient_allow_repair=yes
When I run the playbook I have it accessing a secrets file.
Thanks in advance!
the following error:
TASK [ipaclient : Install - Check if one of password or keytabs are set]
********************************************************************************************************************************************************************
fatal: [host1.example.com]: FAILED! => {"changed": false, "msg":
"At least one of password or keytabs must be specified"}
I'm not sure what is causing this.
I have the following in my ansible-freeipa inventory hosts file:
[ipaclients:vars]
ipaadmin_principal=admin
ipaadmin_password="{{ ipaadmin_password }}"
ipaclient_domain=domain.example.com
ipaclient_realm=DOMAIN.EXAMPLE.COM
#ipaclient_keytab=/tmp/krb5.keytab
#ipaclient_use_otp=yes
#ipaclient_force_join=yes
#ipaclient_kinit_attempts=3
ipaclient_mkhomedir=yes
ipaclient_allow_repair=yes
When I run the playbook I have it accessing a secrets file.
Thanks in advance!
Dick Visser
Mar 14, 2020, 1:09:32 PM3/14/20
to ansible...@googlegroups.com
Thanks for using ansible. To answer your question more information is needed. Could you please describe clearly all of the below:
- What goal you are trying to achieve.
- How you are doing this.
- What problems you encounter.
- Which commands did you run, and what actual output did you get (copied as plain text - not as screenshots, images, or other binary attachments).
- What do the relevant inventory/tasks/playbooks/code/variables look like.
- The output of ‘ansible --version’
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/864cdaa5-570f-48eb-8fad-5cba41d51bf9%40googlegroups.com.
Sent from a mobile device - please excuse the brevity, spelling and punctuation.
Andrew Meyer
Mar 16, 2020, 11:13:52 AM3/16/20
to Ansible Project
I am trying to install the the FreeIPA client on CentOS and RHEL 6,7,8 servers.
I am using the ansible-freeipa module https://github.com/freeipa/ansible-freeipa
The only problem I have encountered is the one I pasted regarding the keytabs or otp.
Here is the command I used:
freeipa inventory file
I am using the ansible-freeipa module https://github.com/freeipa/ansible-freeipa
The only problem I have encountered is the one I pasted regarding the keytabs or otp.
Here is the command I used:
ansible-playbook --ask-vault-pass -i /opt/syseng/automation/ansible/passwd.yml --inventory-file /opt/syseng/automation/ansible/hosts/ansible_hosts /opt/syseng/automation/ansible-freeipa/playbooks/install-client.yml -e "target_servers=hostname001.loc.example.net" --user=user123 -vvvvvvfreeipa inventory file
[ipaclients:vars]
ipaadmin_principal=admin
ipaadmin_password="{{ ipaadmin_password }}"
ipaclient_domain=loc.example.net
ipaclient_realm=LOC.EXAMPLE.NET
#ipaclient_keytab=/tmp/krb5.keytab
#ipaclient_use_otp=yes
#ipaclient_force_join=yes
#ipaclient_kinit_attempts=3
ipaclient_mkhomedir=yes
ipaclient_allow_repair=yes
$ ansible --version
ansible 2.9.6
config file = /opt/syseng/automation/ansible/ansible.cfg
configured module search path = ['/opt/syseng/automation/ansible-freeipa/playbooks/roles/ansible-freeipa/plugins/modules']
ansible python module location = /home/andrew.meyer/.local/lib/python3.6/site-packages/ansible
executable location = /home/andrew.meyer/.local/bin/ansible
python version = 3.6.8 (default, Nov 21 2019, 19:31:34) [GCC 8.3.1 20190507 (Red Hat 8.3.1-4)]Hope that helps.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/864cdaa5-570f-48eb-8fad-5cba41d51bf9%40googlegroups.com.
Dick Visser
Mar 16, 2020, 11:21:42 AM3/16/20
to ansible...@googlegroups.com
Ah OK I see.
In this case it's best to seek help from the author(s) of those roles.
As a start, you could submit an issue at
https://github.com/freeipa/ansible-freeipa/issues
Regards
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/c396a661-3e22-4806-a41e-29df49a2281e%40googlegroups.com.
--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT
In this case it's best to seek help from the author(s) of those roles.
As a start, you could submit an issue at
https://github.com/freeipa/ansible-freeipa/issues
Regards
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/c396a661-3e22-4806-a41e-29df49a2281e%40googlegroups.com.
--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT
Reply all
Reply to author
Forward
0 new messages