-
Notifications
You must be signed in to change notification settings - Fork 230
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unsupported parameters for (freeipa.ansible_freeipa.ipaclient_get_otp) module: password #608
Comments
OK, I am finally confused: I installed From my local file
The
No But at the same time, this is what the file
Please notice the usage of The same is true for current master state; see: ipaclient/tasks/install.yml and |
Have you removed the |
No, I did not touch the structure under The only things I did (steps to reproduce):
PS: What do you mean by:
|
Did anyone have the time to look into this? Is any additional info required? |
Please add your inventory file and if you are using your own playbook for client deployment also the playbook. |
I think I shared most of it already: My playbook as from comment 888346397: ---
- name: Playbook to configure IPA clients with username/password
hosts: ipaclients
become: true
vars:
# See https://github.com/freeipa/ansible-freeipa/issues/607
- ansible_python_interpreter: /usr/bin/python2
roles:
- role: freeipa.ansible_freeipa.ipaclient
state: present
when:
- "'ipaclients' in group_names" My inventory"file" is a folder:
My ---
all:
children:
vm_dev:
hosts:
idtestvm:
lxc_dev:
hosts:
idtestlxc:
# https://github.com/freeipa/ansible-freeipa/blob/master/README.md#ansible-inventory-file
#
ipaserver:
hosts:
id1:
ipareplicas:
hosts:
id2:
ipaclients:
hosts:
idtestlxc:
idtestvm:
ipacluster:
children:
ipaserver:
ipareplicas:
ipaclients: The parameters are as shared in comment 953900070: ansible $ ansible-inventory --host idtestlxc
{
"ansible_host": "idtestlxc.my-dom.cloud",
"ipaadmin_password": "{{ vault_ipaadmin_password }}",
"ipaadmin_principal": "{{ vault_ipaadmin_principal }}",
"ipaclient_install_packages": true,
"ipaclient_no_ntp": true,
"ipaclient_servers": "id1.my-dom.cloud,id2.my-dom.cloud",
"ipaclient_use_otp": true,
"ipadm_password": "{{ vault_ipadm_password }}",
"ipaserver_auto_forwarders": false,
"ipaserver_domain": "id.my-dom.cloud",
"ipaserver_realm": "ID.MY-DOM.CLOUD",
"ipaserver_setup_dns": true,
"vault_ipaadmin_password": "**REMOVED**",
"vault_ipaadmin_principal": "admin",
"vault_ipadm_password": "**REMOVED**"
}
ansible $ ansible-inventory --host id1
{
"ansible_host": "id1.my-dom.cloud",
"ipaadmin_password": "{{ vault_ipaadmin_password }}",
"ipaadmin_principal": "{{ vault_ipaadmin_principal }}",
"ipadm_password": "{{ vault_ipadm_password }}",
"ipaserver_auto_forwarders": false,
"ipaserver_domain": "id.my-dom.cloud",
"ipaserver_install_packages": false,
"ipaserver_realm": "ID.MY-DOM.CLOUD",
"ipaserver_setup_adtrust": true,
"ipaserver_setup_dns": true,
"ipaserver_setup_firewalld": false,
"vault_ipaadmin_password": "**REMOVED**",
"vault_ipaadmin_principal": "admin",
"vault_ipadm_password": "**REMOVED**"
} This is all there is. Please let me know if there is still anything missing. |
What are you using for |
No, there are two Ansible parts that are involved here. There is the action plugin https://github.com/freeipa/ansible-freeipa/blob/master/roles/ipaclient/action_plugins/ipaclient_get_otp.py . Only this action module is supporting the The question is why this action plugin is not used in your environment. |
There is a new ansible-freeipa 0.4.2 release that is fixing this issue finally. The issue was that the collection was using the wrong path for the action plugin. Therefore it was not used and the normal plugin was used instead. |
PR #987 is changing the code for OTP. The action plugin is removed and the OTP is generated on the first entry in the server list returned by ipaclient_test. |
Hi,
I am trying to apply the
ipaclient
role to a Debian buster node. In taskInstall - Get One-Time Password for client enrollment
it fails:The value used for
password
is the value that is defined foripaadmin_password
. From the docs, it seems to be used correctly here; see 4th example in Usage section.These are the parameters defined for
idtestlxc
andid1
:So - can someone tell what's the issue here?
The text was updated successfully, but these errors were encountered: