I've been trying to troubleshoot this task but to no avail :( Hoping someone can help me out. This particular playbook is from wolffhaven
The error I'm receiving is here. I've tried to add various debug options to the task but nothing gets outputted.
TASK [domain_join : Join system to AD] ******************************************************************************************************************************************************************************************************************************************************** task path: /etc/ansible/playbooks/ansible-realmd/roles/domain_join/tasks/main.yml:82 skipping: [10.112.2.183] => { "changed": false, "skip_reason": "Conditional result was False"
The task is as follows:
- name: Join system to AD
expect:
command: /usr/sbin/realm join --membership-software=adcli {{ realm_domain }} --computer-ou='{{ realm_ad_ou }}' --user={{ kerberos_user }}
responses:
(?i)Password: "{{ kerberos_user_password }}"
ignore_errors: yes
when: realm_list_results.stdout == ""
become: true
tags: adjoin
and here's the full role..
---
# tasks that run after a new deployment
- name: Load Secrets
include_vars: "secrets.yml"
- name: Load Variables
include_vars: "vars.yml"
- name: Install pip
apt:
name: python3-pip
state: present
update_cache: yes
- name: Install pexpect
pip:
name: pexpect
state: present
- name: Install AD Domain packages
apt:
name: "{{ item }}"
state: present
update_cache: yes
with_items:
- realmd
- sssd
- adcli
- krb5-user
- sssd-tools
- samba-common
- packagekit
- samba-common-bin
- samba-libs
tags: ad
- name: Copy realmd.conf
template:
src: realmd.conf.j2
dest: /etc/realmd.conf
owner: root
group: root
mode: 0644
tags: ad
- name: Copy krb5.conf
template:
src: krb5.conf.j2
dest: /etc/krb5.conf
backup: yes
owner: root
group: root
mode: 0644
tags: ad
- name: Discover realm
command: /bin/bash -c "/usr/sbin/realm discover {{ realm_domain }}"
register: realm_discover_results
tags: ad
- name: Discover realm debug
debug:
msg: "{{ realm_discover_results.stdout }}"
- name: Create kerberos ticket
expect:
command: /bin/bash -c "/usr/bin/kinit -V {{ kerberos_user }}"
responses:
(?i)Password: "{{ kerberos_user_password }}"
tags: ad
- name: Checking to see if system is already joined to AD
command: /bin/bash -c "/usr/sbin/realm list"
register: realm_list_results
tags: adlist
- name: Debug realm_list_results
debug:
msg: "{{ realm_list_results.stdout }}"
- name: Join system to AD
expect:
command: /usr/sbin/realm join --membership-software=adcli {{ realm_domain }} --computer-ou='{{ realm_ad_ou }}' --user={{ kerberos_user }}
responses:
(?i)Password: "{{ kerberos_user_password }}"
ignore_errors: yes
when: realm_list_results.stdout == ""
become: true
tags: adjoin
- name: Copy suders file for safety
command: cp -f /etc/sudoers /etc/sudoers.tmp
- name: Create sudoers file backup
command: cp -f /etc/sudoers /etc/sudoers.bak
- name: Add domain admins group to sudoers
lineinfile: dest=/etc/sudoers.tmp state=present line='%domain\ admins ALL=(ALL:ALL) ALL' regexp='^%domain'
- name: Final sudoers file check
shell: visudo -q -c -f /etc/sudoers.tmp && cp -f /etc/sudoers.tmp /etc/sudoers
- name: Copy sssd.conf
template:
src: sssd.conf.j2
dest: /etc/sssd/sssd.conf
owner: root
group: root
mode: 0644
tags: ad
- name: Copy pam common-session
template:
src: common-session.j2
dest: /etc/pam.d/common-session
owner: root
group: root
mode: 0644
tags: ad
The "skip_reason": "Conditional result was False" simply means that the condition when: realm_list_results.stdout == "" has not been met.
Try to debug the command /bin/bash -c "/usr/sbin/realm discover {{ realm_domain }}" on the target/remote system.
The stdout of the command has to be an empty string "" to meet the when condition.