Commit a1fb07a1 authored by Lars Beckers's avatar Lars Beckers

ensure no passwords are logged

parent 1793f1d7
......@@ -30,6 +30,7 @@
- name: get a kerberos ticket
shell: echo "{{ lookup('passwordstore', 'samba-admin') }}" | kinit Administrator
when: debian_version == "jessie"
no_log: True
- name: ensure pexpect is installed
apt: name=python-pexpect state=installed
when: debian_version == "stretch"
......@@ -39,6 +40,7 @@
responses:
"Password for Administrator.*": "{{ lookup('passwordstore', 'samba-admin') }}"
when: debian_version == "stretch"
no_log: True
- name: leave any other realm
command: realm leave
register: result
......
......@@ -32,6 +32,7 @@
local_action: pass name="samba-admin" state=present generate=20 store=FSMPI_PASSWORD_STORE_DIR limit=yes
register: adminpass
when: domain_provisioned.stat.exists == False
no_log: True
tags:
- ad-server
- domain-provision
......@@ -44,6 +45,7 @@
- name: ensure domain is provisioned
shell: samba-tool domain provision --use-rfc2307 --domain={{ smb_domain }} --server-role=dc --host-name={{ ansible_hostname }} --realm={{ REALM }} --dns-backend=NONE --adminpass={{ adminpass.password }} 2> /root/smb-provision.log
when: domain_provisioned.stat.exists == False
no_log: True
tags:
- ad-server
- domain-provision
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment