我想用ansible + expect创建一个kerberos keytab,但keytab文件没有创建。我的比赛有什么问题?我怎么能排除故障?
---
- hosts: localhost
connection: local
gather_facts: false
vars_prompt:
- name: "kuser"
prompt: "enter your user"
- name: "kpw"
prompt: "enter your pw"
tasks:
- name: Generate Kerberos ticket
expect:
command: ktutil
responses:
ktutil: "addent -password -p {{ kuser }}@MYDOMAIN.LOCAL -k 1 -e rc4-hmac"
Password: "{{ kpw }}"
ktutil: "wkt /username.keytab"
ktutil: "quit"
带-vvv的输出
Using /etc/ansible/ansible.cfg as config file
[WARNING]: provided hosts list is empty, only localhost is available
[WARNING]: While constructing a mapping from /repo/Playbooks/test.yml, line 15, column 9, found a duplicate dict key (ktutil). Using last
defined value only.
1 plays in /repo/Playbooks/test.yml
enter your user:
enter your pw:
PLAY ***************************************************************************
TASK [Generate Kerberos ticket] ************************************************
task path: /repo/Playbooks/test.yml:11
ESTABLISH LOCAL CONNECTION FOR USER: root
127.0.0.1 EXEC ( umask 22 && mkdir -p "$( echo $HOME/.ansible/tmp/ansible-tmp-1496244261.67-88427652465239 )" && echo "$( echo $HOME/.ansible/tmp/ansible-tmp-1496244261.67-88427652465239 )" )
127.0.0.1 PUT /tmp/tmpwLW3r2 TO /root/.ansible/tmp/ansible-tmp-1496244261.67-88427652465239/expect
127.0.0.1 EXEC LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 LC_MESSAGES=en_US.UTF-8 /usr/bin/python /root/.ansible/tmp/ansible-tmp-1496244261.67-88427652465239/expect; rm -rf "/root/.ansible/tmp/ansible-tmp-1496244261.67-88427652465239/" > /dev/null 2>&1
changed: [localhost] => {"changed": true, "cmd": "ktutil", "delta": "0:00:00.282785", "end": "2017-05-31 15:24:22.038164", "invocation": {"module_args": {"chdir": null, "command": "ktutil", "creates": null, "echo": false, "removes": null, "responses": {"Password": "mypw", "ktutil": "quit"}, "timeout": 30}, "module_name": "expect"}, "rc": 0, "start": "2017-05-31 15:24:21.755379", "stdout": "ktutil: ", "stdout_lines": ["ktutil: "]}
PLAY RECAP *********************************************************************
localhost : ok=1 changed=1 unreachable=0 failed=0
我没有按照上面的
创建keytab答案 0 :(得分:1)
问题似乎是您为某些响应重复了相同的密钥。来自ansible expect模块文档:
" 如果回复是一个列表,则连续匹配会返回连续回复"
使用响应列表替换kutil提示应该可以防止错误(并部署keytab),例如:
responses:
ktutil:
- "addent -password -p {{ kuser }}@MYDOMAIN.LOCAL -k 1 -e rc4-hmac"
- "wkt /username.keytab"
- "quit"
Password: "{{ kpw }}"
答案 1 :(得分:0)
实际上对我有用的是-
- name: addent of keytab
hosts: localhost
vars:
realm: "MYREALM.COM"
sec: "aes256-cts"
passw: "ansible"
usname: "friend"
tasks:
- name: keytab command
expect:
**command: ktutil
responses:
ktutil:
- "addent -password -p {{ usname }}@{{ realm }} -k 1 -e {{ sec }}"
- " wkt /etc/ansible/loopkey.keytab"
- "quit"
Password(.*): "{{ passw }}"**