Hello I have setup ansible to use install freeipa client on my CentOS 7/8 machines. I am
able to get the packages installed however when it goes through the configuration I am
getting the following:
TASK [ipaclient : Install - Ensure that IPA client packages are installed]
******************************************************************************************************************************************************************
ok: [10.150.10.15]
TASK [ipaclient : Install - Set ipaclient_servers]
******************************************************************************************************************************************************************************************
skipping: [10.150.10.15]
TASK [ipaclient : Install - Set ipaclient_servers from cluster inventory]
*******************************************************************************************************************************************************************
skipping: [10.150.10.15]
TASK [ipaclient : Install - Check that either principal or keytab is set]
*******************************************************************************************************************************************************************
skipping: [10.150.10.15]
TASK [ipaclient : Install - Set default principal if no keytab is given]
********************************************************************************************************************************************************************
ok: [10.150.10.15]
TASK [ipaclient : Install - IPA client test]
************************************************************************************************************************************************************************************************
ok: [10.150.10.15]
TASK [ipaclient : Install - Cleanup leftover ccache]
****************************************************************************************************************************************************************************************
ok: [10.150.10.15]
TASK [ipaclient : Install - Configure NTP]
**************************************************************************************************************************************************************************************************
changed: [10.150.10.15]
TASK [ipaclient : Install - Disable One-Time Password for on_master]
************************************************************************************************************************************************************************
skipping: [10.150.10.15]
TASK [ipaclient : Install - Test if IPA client has working krb5.keytab]
*********************************************************************************************************************************************************************
ok: [10.150.10.15]
TASK [ipaclient : Install - Disable One-Time Password for client with working krb5.keytab]
**************************************************************************************************************************************************
skipping: [10.150.10.15]
TASK [ipaclient : Install - Keytab or password is required for otp]
*************************************************************************************************************************************************************************
skipping: [10.150.10.15]
TASK [ipaclient : Install - Get One-Time Password for client enrollment]
********************************************************************************************************************************************************************
skipping: [10.150.10.15]
TASK [ipaclient : Install - Report error for OTP generation]
********************************************************************************************************************************************************************************
skipping: [10.150.10.15]
TASK [ipaclient : Install - Store the previously obtained OTP]
******************************************************************************************************************************************************************************
skipping: [10.150.10.15]
TASK [ipaclient : Install - Check if principal and keytab are set]
**************************************************************************************************************************************************************************
skipping: [10.150.10.15]
TASK [ipaclient : Install - Check if one of password or keytabs are set]
********************************************************************************************************************************************************************
fatal: [10.150.10.15]: FAILED! => {"changed": false, "msg":
"At least one of password or keytabs must be specified"}
TASK [ipaclient : Install - Restore original admin password if overwritten by OTP]
**********************************************************************************************************************************************************
skipping: [10.150.10.15]
TASK [ipaclient : Cleanup leftover ccache]
**************************************************************************************************************************************************************************************************
ok: [10.150.10.15]
PLAY RECAP
**********************************************************************************************************************************************************************************************************************************
10.150.10.15 : ok=10 changed=1 unreachable=0 failed=1 skipped=11
rescued=0 ignored=0
I am not sure that I am using the correct variables in ansible-vault for the keytabs:
ipaadmin_password1: password1234
ipadm_password1: password1234
ipaserver_realm1: TEST.EXAMPLE
ipaserver_domain1: test.example
ipaclient_principal1: admin
ipaclient_password1: password1234
Should the variable be 'ipaadmin_principal1:' ? Also should this be the
password?
And I want to skip installing the ntp client would this be the correct way to do it?
ansible-playbook --ask-vault-pass --extra-vars 'ansible/passwd.yml'
ansible-freeipa/playbooks/install-client.yml --limit=10.150.10.15 --user=user123 -e
"ipaclient_no_ntp=no"
Show replies by date