API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 23rd, 2016
91
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.10 KB | None | 0 0
raw download clone embed print report
  1. ## How to use the `enable_sssd.yml` playbook
  2.  
  3. #### Setup
  4.  
  5. * Make sure you have the latest copy of the "ansible" git repository/project pulled down locally to your ~/ansible directory on dk1 (or mndk1 if that is where you are executing from.)
  6.  
  7. * Create a temporary inventory file in your ~/ansible directory, named "temp_inv", which will contain content that looks similar to this:
  8.  
  9. ```
  10. [g_temp]
  11. slcmysqlclust1 ansible_ssh_host=10.14.16.253
  12.  
  13. [g_temp:vars]
  14. ansible_ssh_user=l_admin
  15. ```
  16.  
  17. * The important bits here are that the hostname matches the actual host and that "ansible_ssh_host" be the IP address.
  18. * The "ansible_ssh_user" value should be your "l_" account, which should have your proper pubkey already in place on the host as a result of the kickstart process.
  19.  
  20. #### Execution
  21.  
  22. ```
  23. cd ~/ansible ; ansible-playbook playbooks/enable_sssd.yml -i temp_inv -e hosts=g_temp -e aduser=<<YOURADLOGINNAME>> -e adpass=<<YOURADPASSWORD>>
  24. ```
  25.  
  26. #### Notes
  27.  
  28. * It's important to be aware that this information will be outputted into the console of the system running the ansible command, so be careful about where you execute.
  29. * It may also be a good idea to overwrite your history on the dk1 server.
  30. * If you don't want your password in the shell-history, just edit the enable_sssd.yml file and replace `"{{ adpass }}"` with your actual password.
  31. * If your "l_" account is not present/working, you can use "root" by adding the arguments, `u root -k` at the end of the command and then filling in the current root password at the prompt.
  32. * There are limits to how many systems a regular user can create. It may be a good idea to ensure with the AD administrators that you have the rights to create/delete computer objects in AD delegated to you.
  33. * The playbook edits the /etc/hosts file to append the necessary information to make the AD DNS update functionality work properly.
  34. * If you are changing the host's IP address, it's important to make sure you edit /etc/hosts appropriately.
  35. * Right now each run of "enable_sssd.yml" will append the /etc/hosts line again. This requires cleanup.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!