Hello I have setup ansible to use install freeipa client on my CentOS 7/8 machines. I am able to get the packages installed however when it goes through the configuration I am getting the following:
TASK [ipaclient : Install - Ensure that IPA client packages are installed] ****************************************************************************************************************************************************************** ok: [10.150.10.15]
TASK [ipaclient : Install - Set ipaclient_servers] ****************************************************************************************************************************************************************************************** skipping: [10.150.10.15]
TASK [ipaclient : Install - Set ipaclient_servers from cluster inventory] ******************************************************************************************************************************************************************* skipping: [10.150.10.15]
TASK [ipaclient : Install - Check that either principal or keytab is set] ******************************************************************************************************************************************************************* skipping: [10.150.10.15]
TASK [ipaclient : Install - Set default principal if no keytab is given] ******************************************************************************************************************************************************************** ok: [10.150.10.15]
TASK [ipaclient : Install - IPA client test] ************************************************************************************************************************************************************************************************ ok: [10.150.10.15]
TASK [ipaclient : Install - Cleanup leftover ccache] **************************************************************************************************************************************************************************************** ok: [10.150.10.15]
TASK [ipaclient : Install - Configure NTP] ************************************************************************************************************************************************************************************************** changed: [10.150.10.15]
TASK [ipaclient : Install - Disable One-Time Password for on_master] ************************************************************************************************************************************************************************ skipping: [10.150.10.15]
TASK [ipaclient : Install - Test if IPA client has working krb5.keytab] ********************************************************************************************************************************************************************* ok: [10.150.10.15]
TASK [ipaclient : Install - Disable One-Time Password for client with working krb5.keytab] ************************************************************************************************************************************************** skipping: [10.150.10.15]
TASK [ipaclient : Install - Keytab or password is required for otp] ************************************************************************************************************************************************************************* skipping: [10.150.10.15]
TASK [ipaclient : Install - Get One-Time Password for client enrollment] ******************************************************************************************************************************************************************** skipping: [10.150.10.15]
TASK [ipaclient : Install - Report error for OTP generation] ******************************************************************************************************************************************************************************** skipping: [10.150.10.15]
TASK [ipaclient : Install - Store the previously obtained OTP] ****************************************************************************************************************************************************************************** skipping: [10.150.10.15]
TASK [ipaclient : Install - Check if principal and keytab are set] ************************************************************************************************************************************************************************** skipping: [10.150.10.15]
TASK [ipaclient : Install - Check if one of password or keytabs are set] ******************************************************************************************************************************************************************** fatal: [10.150.10.15]: FAILED! => {"changed": false, "msg": "At least one of password or keytabs must be specified"}
TASK [ipaclient : Install - Restore original admin password if overwritten by OTP] ********************************************************************************************************************************************************** skipping: [10.150.10.15]
TASK [ipaclient : Cleanup leftover ccache] ************************************************************************************************************************************************************************************************** ok: [10.150.10.15]
PLAY RECAP ********************************************************************************************************************************************************************************************************************************** 10.150.10.15 : ok=10 changed=1 unreachable=0 failed=1 skipped=11 rescued=0 ignored=0
I am not sure that I am using the correct variables in ansible-vault for the keytabs:
ipaadmin_password1: password1234 ipadm_password1: password1234 ipaserver_realm1: TEST.EXAMPLE ipaserver_domain1: test.example ipaclient_principal1: admin ipaclient_password1: password1234
Should the variable be 'ipaadmin_principal1:' ? Also should this be the password?
And I want to skip installing the ntp client would this be the correct way to do it?
ansible-playbook --ask-vault-pass --extra-vars 'ansible/passwd.yml' ansible-freeipa/playbooks/install-client.yml --limit=10.150.10.15 --user=user123 -e "ipaclient_no_ntp=no"
freeipa-users@lists.fedorahosted.org