英文:
debian 11 domain joining via Ansible "Conditional result was False"
问题
以下是代码部分的翻译:
- name: Join system to AD
expect:
command: /usr/sbin/realm join --membership-software=adcli {{ realm_domain }} --computer-ou='{{ realm_ad_ou }}' --user={{ kerberos_user }}
responses:
(?i)Password: "{{ kerberos_user_password }}"
ignore_errors: yes
when: realm_list_results.stdout == ""
become: true
tags: adjoin
---
# tasks that run after a new deployment
- name: Load Secrets
include_vars: "secrets.yml"
- name: Load Variables
include_vars: "vars.yml"
- name: Install pip
apt:
name: python3-pip
state: present
update_cache: yes
- name: Install pexpect
pip:
name: pexpect
state: present
- name: Install AD Domain packages
apt:
name: "{{ item }}"
state: present
update_cache: yes
with_items:
- realmd
- sssd
- adcli
- krb5-user
- sssd-tools
- samba-common
- packagekit
- samba-common-bin
- samba-libs
tags: ad
- name: Copy realmd.conf
template:
src: realmd.conf.j2
dest: /etc/realmd.conf
owner: root
group: root
mode: 0644
tags: ad
- name: Copy krb5.conf
template:
src: krb5.conf.j2
dest: /etc/krb5.conf
backup: yes
owner: root
group: root
mode: 0644
tags: ad
- name: Discover realm
command: /bin/bash -c "/usr/sbin/realm discover {{ realm_domain }}"
register: realm_discover_results
tags: ad
- name: Discover realm debug
debug:
msg: "{{ realm_discover_results.stdout }}"
- name: Create kerberos ticket
expect:
command: /bin/bash -c "/usr/bin/kinit -V {{ kerberos_user }}"
responses:
(?i)Password: "{{ kerberos_user_password }}"
tags: ad
- name: Checking to see if the system is already joined to AD
command: /bin/bash -c "/usr/sbin/realm list"
register: realm_list_results
tags: adlist
- name: Debug realm_list_results
debug:
msg: "{{ realm_list_results.stdout }}"
- name: Join the system to AD
expect:
command: /usr/sbin/realm join --membership-software=adcli {{ realm_domain }} --computer-ou='{{ realm_ad_ou }}' --user={{ kerberos_user }}
responses:
(?i)Password: "{{ kerberos_user_password }}"
ignore_errors: yes
when: realm_list_results.stdout == ""
become: true
tags: adjoin
- name: Copy sudoers file for safety
command: cp -f /etc/sudoers /etc/sudoers.tmp
- name: Create sudoers file backup
command: cp -f /etc/sudoers /etc/sudoers.bak
- name: Add domain admins group to sudoers
lineinfile: dest=/etc/sudoers.tmp state=present line='%domain\ admins ALL=(ALL:ALL) ALL' regexp='^%domain'
- name: Final sudoers file check
shell: visudo -q -c -f /etc/sudoers.tmp && cp -f /etc/sudoers.tmp /etc/sudoers
- name: Copy sssd.conf
template:
src: sssd.conf.j2
dest: /etc/sssd/sssd.conf
owner: root
group: root
mode: 0644
tags: ad
- name: Copy pam common-session
template:
src: common-session.j2
dest: /etc/pam.d/common-session
owner: root
group: root
mode: 0644
tags: ad
如果需要进一步的翻译或帮助,请告诉我。
英文:
I've been trying to troubleshoot this task but to no avail 
Hoping someone can help me out. This particular playbook is from wolffhaven
The error I'm receiving is here. I've tried to add various debug options to the task but nothing gets outputted.
> TASK [domain_join : Join system to AD]
> ******************************************************************************************************************************************************************************************************************************************************** task path:
> /etc/ansible/playbooks/ansible-realmd/roles/domain_join/tasks/main.yml:82
> skipping: [10.112.2.183] => {
> "changed": false,
> "skip_reason": "Conditional result was False"
The task is as follows:
- name: Join system to AD
expect:
command: /usr/sbin/realm join --membership-software=adcli {{ realm_domain }} --computer-ou='{{ realm_ad_ou }}' --user={{ kerberos_user }}
responses:
(?i)Password: "{{ kerberos_user_password }}"
ignore_errors: yes
when: realm_list_results.stdout == ""
become: true
tags: adjoin
and here's the full role..
---
# tasks that run after a new deployment
- name: Load Secrets
include_vars: "secrets.yml"
- name: Load Variables
include_vars: "vars.yml"
- name: Install pip
apt:
name: python3-pip
state: present
update_cache: yes
- name: Install pexpect
pip:
name: pexpect
state: present
- name: Install AD Domain packages
apt:
name: "{{ item }}"
state: present
update_cache: yes
with_items:
- realmd
- sssd
- adcli
- krb5-user
- sssd-tools
- samba-common
- packagekit
- samba-common-bin
- samba-libs
tags: ad
- name: Copy realmd.conf
template:
src: realmd.conf.j2
dest: /etc/realmd.conf
owner: root
group: root
mode: 0644
tags: ad
- name: Copy krb5.conf
template:
src: krb5.conf.j2
dest: /etc/krb5.conf
backup: yes
owner: root
group: root
mode: 0644
tags: ad
- name: Discover realm
command: /bin/bash -c "/usr/sbin/realm discover {{ realm_domain }}"
register: realm_discover_results
tags: ad
- name: Discover realm debug
debug:
msg: "{{ realm_discover_results.stdout }}"
- name: Create kerberos ticket
expect:
command: /bin/bash -c "/usr/bin/kinit -V {{ kerberos_user }}"
responses:
(?i)Password: "{{ kerberos_user_password }}"
tags: ad
- name: Checking to see if system is already joined to AD
command: /bin/bash -c "/usr/sbin/realm list"
register: realm_list_results
tags: adlist
- name: Debug realm_list_results
debug:
msg: "{{ realm_list_results.stdout }}"
- name: Join system to AD
expect:
command: /usr/sbin/realm join --membership-software=adcli {{ realm_domain }} --computer-ou='{{ realm_ad_ou }}' --user={{ kerberos_user }}
responses:
(?i)Password: "{{ kerberos_user_password }}"
ignore_errors: yes
when: realm_list_results.stdout == ""
become: true
tags: adjoin
- name: Copy suders file for safety
command: cp -f /etc/sudoers /etc/sudoers.tmp
- name: Create sudoers file backup
command: cp -f /etc/sudoers /etc/sudoers.bak
- name: Add domain admins group to sudoers
lineinfile: dest=/etc/sudoers.tmp state=present line='%domain\ admins ALL=(ALL:ALL) ALL' regexp='^%domain'
- name: Final sudoers file check
shell: visudo -q -c -f /etc/sudoers.tmp && cp -f /etc/sudoers.tmp /etc/sudoers
- name: Copy sssd.conf
template:
src: sssd.conf.j2
dest: /etc/sssd/sssd.conf
owner: root
group: root
mode: 0644
tags: ad
- name: Copy pam common-session
template:
src: common-session.j2
dest: /etc/pam.d/common-session
owner: root
group: root
mode: 0644
tags: ad
答案1
得分: 1
The "skip_reason": "Conditional result was False" simply means that the condition when: realm_list_results.stdout == "" has not been met.
Try to debug the command /bin/bash -c "/usr/sbin/realm discover {{ realm_domain }}" on the target/remote system.
The stdout of the command has to be an empty string "" to meet the when condition.
英文:
The "skip_reason": "Conditional result was False" simply means that the condition when: realm_list_results.stdout == "" has not been met.
Try to debug the command /bin/bash -c "/usr/sbin/realm discover {{ realm_domain }}" on the target/remote system.
The stdout of the command has to be an empty string "" to meet the when condition.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论