You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have installed the ansible collection 0.3.5 and set the following ansible variable to 'yes': ipaclient_use_otp. I am trying to run the iparelipca role on the replica. Installation of the master (on the master, of course) went great.
In roles/ipaclient/tasks/install.yml:
- name: Install - Get One-Time Password for client enrollment
no_log: yes
freeipa.ansible_freeipa.ipaclient_get_otp:
state: present
principal: "{{ ipaadmin_principal | default(omit) }}"
password: "{{ ipaadmin_password | default(omit) }}"
keytab: "{{ ipaadmin_keytab | default(omit) }}"
fqdn: "{{ result_ipaclient_test.hostname }}"
lifetime: "{{ ipaclient_lifetime | default(omit) }}"
random: True
register: result_ipaclient_get_otp
# If the host is already enrolled, this command will exit on error
# The error can be ignored
failed_when: result_ipaclient_get_otp is failed and
"Password cannot be set on enrolled host" not
in result_ipaclient_get_otp.msg
delegate_to: "{{ result_ipaclient_test.servers[0] }}"
ignore_errors: yes
However, plugins/modules/ipaclient_get_otp.py has the following signature for the module:
Unless I am missing something, there is no way this can succeed since we are passing in password, keytab, and lifetime which aren't supported by the module. The exact error I get is: (I have substituted my hostname for my-host.local, but I am using a 'real' FQDN)
TASK [freeipa.ansible_freeipa.ipaclient : Install IPA client] *********************************************************
included: /home/justchris1/.ansible/collections/ansible_collections/freeipa/ansible_freeipa/roles/ipaclient/tasks/install.yml for my-host.local
TASK [freeipa.ansible_freeipa.ipaclient : Install - Ensure that IPA client packages are installed] ********************
ok: [my-host.local]
TASK [freeipa.ansible_freeipa.ipaclient : Install - Set ipaclient_servers] ********************************************
skipping: [my-host.local]
TASK [freeipa.ansible_freeipa.ipaclient : Install - Set ipaclient_servers from cluster inventory] *********************
skipping: [my-host.local]
TASK [freeipa.ansible_freeipa.ipaclient : Install - Check that either principal or keytab is set] *********************
skipping: [my-host.local]
TASK [freeipa.ansible_freeipa.ipaclient : Install - Set default principal if no keytab is given] **********************
skipping: [my-host.local]
TASK [freeipa.ansible_freeipa.ipaclient : Install - IPA client test] **************************************************
ok: [my-host.local]
TASK [freeipa.ansible_freeipa.ipaclient : Install - Cleanup leftover ccache] ******************************************
ok: [my-host.local]
TASK [freeipa.ansible_freeipa.ipaclient : Install - Configure NTP] ****************************************************
changed: [my-host.local]
TASK [freeipa.ansible_freeipa.ipaclient : Install - Make sure One-Time Password is enabled if it's already defined] ***
skipping: [my-host.local]
TASK [freeipa.ansible_freeipa.ipaclient : Install - Disable One-Time Password for on_master] **************************
skipping: [my-host.local]
TASK [freeipa.ansible_freeipa.ipaclient : Install - Test if IPA client has working krb5.keytab] ***********************
ok: [my-host.local]
TASK [freeipa.ansible_freeipa.ipaclient : Install - Disable One-Time Password for client with working krb5.keytab] ****
skipping: [my-host.local]
TASK [freeipa.ansible_freeipa.ipaclient : Install - Keytab or password is required for getting otp] *******************
skipping: [my-host.local]
TASK [freeipa.ansible_freeipa.ipaclient : Install - Get One-Time Password for client enrollment] **********************
fatal: [my-host.local -> apple.0a.org]: FAILED! => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}
...ignoring
TASK [freeipa.ansible_freeipa.ipaclient : Install - Report error for OTP generation] **********************************
fatal: [my-host.local]: FAILED! => {
"msg": "Unsupported parameters for (freeipa.ansible_freeipa.ipaclient_get_otp) module: password Supported parameters include: ccache, certificates, fqdn, ipaddress, principal, random, sshpubkey, state"
}
The text was updated successfully, but these errors were encountered:
PR #987 is changing the code for OTP. The action plugin is removed and the OTP is generated on the first entry in the server list returned by ipaclient_test.
I have installed the ansible collection 0.3.5 and set the following ansible variable to 'yes':
ipaclient_use_otp
. I am trying to run the iparelipca role on the replica. Installation of the master (on the master, of course) went great.In roles/ipaclient/tasks/install.yml:
However, plugins/modules/ipaclient_get_otp.py has the following signature for the module:
Unless I am missing something, there is no way this can succeed since we are passing in password, keytab, and lifetime which aren't supported by the module. The exact error I get is: (I have substituted my hostname for my-host.local, but I am using a 'real' FQDN)
The text was updated successfully, but these errors were encountered: