cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Fiyyyu
Cadet
Cadet
‎06-14-2024 03:43 PM
  • 243 Views

Wrong option used in ch03s07

Hi,

I have consulted the inventory file in ch03s07 with the ansible-freeipa SMEs, and they spotted an incorrect option used there: instead of ipaclient_otp, the ipaclient_use_otp is used there.

The definition of ipaclient_otp is: The string value sets an already generated one-time password for the host. The role will use it and not try to generate a new one. Do not enable ipaclient_use_otp additionally.

 

This is the option you need. Not the ipaclient_use_otp option, which is defined as:

 

The bool value defines if a one-time password will be generated to join a new or existing host. ipaclient_use_otp defaults to no. The enforcement on an existing host is not done if there is a working krb5.keytab on the host. If the generation of an otp is enforced for an existing host entry, then the host gets disabled and the containing keytab gets removed.

 

So the inventory should be:

[user@host ~]$ cat hosts 
...output omitted... 
[ipaclients:vars] 
ipaclient_domain=lab.example.com 
ansible_become_password=RedHat123 
ipaclient_otp=2Dc89iRcMBwq1hNHQOpdcKf 
...output omitted...

The current, incorrect version of the inventory is:

...output omitted...
[ipaclients]
client1.lab.example.com

[ipaclients:vars]
ipaclient_domain=lab.example.com
ansible_become_password=RedHat123
ipaclient_use_otp=yes
ipaadmin_password=2Dc89iRcMBwq1hNHQOpdcKf 
...output omitted...

 

0 Kudos
Join the discussion
0 Replies
Join the discussion
You must log in to join this conversation.
Red Hat Learning Community

Red Hat

Learning Community

A collaborative learning environment, enabling open source skill development.

Red Hat Inc. Copyright ?2024 Red Hat, Inc. Privacy policy Terms of use