Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## How to use the `enable_sssd.yml` playbook
- #### Setup
- * Make sure you have the latest copy of the "ansible" git repository/project pulled down locally to your ~/ansible directory on dk1 (or mndk1 if that is where you are executing from.)
- * Create a temporary inventory file in your ~/ansible directory, named "temp_inv", which will contain content that looks similar to this:
- ```
- [g_temp]
- slcmysqlclust1 ansible_ssh_host=10.14.16.253
- [g_temp:vars]
- ansible_ssh_user=l_admin
- ```
- * The important bits here are that the hostname matches the actual host and that "ansible_ssh_host" be the IP address.
- * The "ansible_ssh_user" value should be your "l_" account, which should have your proper pubkey already in place on the host as a result of the kickstart process.
- #### Execution
- ```
- cd ~/ansible ; ansible-playbook playbooks/enable_sssd.yml -i temp_inv -e hosts=g_temp -e aduser=<<YOURADLOGINNAME>> -e adpass=<<YOURADPASSWORD>>
- ```
- #### Notes
- * It's important to be aware that this information will be outputted into the console of the system running the ansible command, so be careful about where you execute.
- * It may also be a good idea to overwrite your history on the dk1 server.
- * If you don't want your password in the shell-history, just edit the enable_sssd.yml file and replace `"{{ adpass }}"` with your actual password.
- * If your "l_" account is not present/working, you can use "root" by adding the arguments, `u root -k` at the end of the command and then filling in the current root password at the prompt.
- * There are limits to how many systems a regular user can create. It may be a good idea to ensure with the AD administrators that you have the rights to create/delete computer objects in AD delegated to you.
- * The playbook edits the /etc/hosts file to append the necessary information to make the AD DNS update functionality work properly.
- * If you are changing the host's IP address, it's important to make sure you edit /etc/hosts appropriately.
- * Right now each run of "enable_sssd.yml" will append the /etc/hosts line again. This requires cleanup.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement