Domain / LDAP User running Ansible from a CI Server

Hi,

is anybody running Ansible from a CI Server (Teamcity, Jenkins, GoCD) using a Domain User / LDAP user to connect to a Windows machine?

We are currently facing the issue of “How to automatically create / renew the kerberos ticket”.

How do other people tackle this?

The problem is that kinit, if run from a playbook, will log the whole call in cleartext, including the password. Obviously not acceptable.

Guidance appreciated.

Cheers
David

Just wondering if setting no_log: True on your task would do the trick:

http://docs.ansible.com/ansible/faq.html#how-do-i-keep-secret-data-in-my-playbook

The system however would still have it in its shell history, right?

local history will have the ansible invocation, the remote history
should have at most the ansible modules run (but no args). Most of the
time ansible uses not interactive sessions which should not write to
history file.

I will give it a go.

Would still wish that we could just go, tell Ansible to use a domain user and it would get a ticket by itself. :frowning: