Ansible 期望与 ktutil

标签 ansible kerberos

我想使用 ansible + Expect 制作一个 kerberos keytab,但未创建 keytab 文件。我的玩法有什么问题吗?我该如何排除故障?

---
- hosts: localhost
  connection: local
  gather_facts: false
  vars_prompt:
    - name: "kuser"
      prompt: "enter your user"
    - name: "kpw"
      prompt: "enter your pw"
  tasks:
  - name: Generate Kerberos ticket
    expect:
      command: ktutil
      responses:
        ktutil: "addent -password -p {{ kuser }}@MYDOMAIN.LOCAL -k 1 -e rc4-hmac"
        Password: "{{ kpw }}"
        ktutil: "wkt /username.keytab"
        ktutil: "quit"

使用 -vvv 的输出

Using /etc/ansible/ansible.cfg as config file
 [WARNING]: provided hosts list is empty, only localhost is available

 [WARNING]: While constructing a mapping from /repo/Playbooks/test.yml, line 15, column 9, found a duplicate dict key (ktutil).  Using last
defined value only.

1 plays in /repo/Playbooks/test.yml
enter your user: 
enter your pw: 

PLAY ***************************************************************************

TASK [Generate Kerberos ticket] ************************************************
task path: /repo/Playbooks/test.yml:11
ESTABLISH LOCAL CONNECTION FOR USER: root
127.0.0.1 EXEC ( umask 22 && mkdir -p "$( echo $HOME/.ansible/tmp/ansible-tmp-1496244261.67-88427652465239 )" && echo "$( echo $HOME/.ansible/tmp/ansible-tmp-1496244261.67-88427652465239 )" )
127.0.0.1 PUT /tmp/tmpwLW3r2 TO /root/.ansible/tmp/ansible-tmp-1496244261.67-88427652465239/expect
127.0.0.1 EXEC LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 LC_MESSAGES=en_US.UTF-8 /usr/bin/python /root/.ansible/tmp/ansible-tmp-1496244261.67-88427652465239/expect; rm -rf "/root/.ansible/tmp/ansible-tmp-1496244261.67-88427652465239/" > /dev/null 2>&1
changed: [localhost] => {"changed": true, "cmd": "ktutil", "delta": "0:00:00.282785", "end": "2017-05-31 15:24:22.038164", "invocation": {"module_args": {"chdir": null, "command": "ktutil", "creates": null, "echo": false, "removes": null, "responses": {"Password": "mypw", "ktutil": "quit"}, "timeout": 30}, "module_name": "expect"}, "rc": 0, "start": "2017-05-31 15:24:21.755379", "stdout": "ktutil:  ", "stdout_lines": ["ktutil:  "]}

PLAY RECAP *********************************************************************
localhost                  : ok=1    changed=1    unreachable=0    failed=0

我没有按照上述创建 key 表

最佳答案

问题似乎是您对某些响应重复使用相同的键。来自 ansible Expect 模块文档:

如果响应是列表,则连续匹配将返回连续响应

用响应列表替换 kutil 提示应该可以防止错误(并部署 key 表),例如:

  responses:
    ktutil:
      - "addent -password -p {{ kuser }}@MYDOMAIN.LOCAL -k 1 -e rc4-hmac"
      - "wkt /username.keytab"
      - "quit"
    Password: "{{ kpw }}"

更多信息:http://docs.ansible.com/ansible/expect_module.html

关于Ansible 期望与 ktutil,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44285960/

上一篇:angular - Gitlab CI 构建不工作

下一篇:angular - 如何清除对话框 Material Angular 2内的表格

相关文章:

Python Ansible API 仅在控制节点中执行命令,不在远程节点中执行命令

Ansible vars_prompt 在单独的文件中

hadoop - QlikView 和 Hadoop 与 Kerberos 在同一台服务器上

linux - kerberos Keytab 用于在 linux 环境中自动化脚本作业

c++ - GSSAPI 获取用户名密码和构建凭证不适用于非登录用户

json - Ansible 中的自定义动态库存脚本/插件

Ansible with_fileglob 正在跳过

ansible - 在 ansible 中创建动态角色

java - SPNEGO:成功协商和身份验证后的后续调用

从 Windows 到 Linux 的 HTTP 协商失败

©2024 IT工具网  联系我们