Hi Teams,

I’m looking for to do a test before to execute a task. I need to checkup if my computer has already joined the domain
before to join it. otherwise, the adcli will failed.
When computer isn’t in domain, the klist will return a “not found” message and at this time the “join active directory” must be running…
Something goes wrong because this task will not be runned.
Here’re the portion of task:

`
[…]

• name: checking if domain already joined
  shell: /bin/bash -c “/usr/bin/klist -k|grep -i {{ ansible_hostname }}”
  register: ad_join_status
  ignore_errors: true

• name: join active directory
  shell: /bin/bash -c “/usr/sbin/realm join --one-time-password={{ ad_server_onetime }} {{ ad_server_domain }}”
  register: ad_active
  args:
  executable: /usr/bin/bash
  when: ad_join_status == “not found”
  […]
  `

Do you have any Idea?
Is my test ok or should be another one?
Thanks and best regards, J.

In the when clause use something like ad_join_status.stdout_lines[0]

to check what it needs to be add

• debug
  var: ad_join_status

and see what is there

Hi Teams,

I'm looking for to do a test before to execute a task. I need to checkup if my computer has already joined the domain
before to join it. otherwise, the adcli will failed.
When computer isn't in domain, the klist will return a "not found" message and at this time the "join active directory"
must be running...
Something goes wrong because this task will not be runned.
Here're the portion of task:

>
[...]
-name:checking ifdomain already joined
shell:/bin/bash -c "/usr/bin/klist -k|grep -i {{ ansible_hostname }}"
register:ad_join_status
ignore_errors:true

-name:join active directory
shell:/bin/bash -c "/usr/sbin/realm join --one-time-password={{ ad_server_onetime }} {{ ad_server_domain }}"
register:ad_active
args:
executable:/usr/bin/bash
when:ad_join_status =="not found"
[...]
>

Hello Jerome,

Ansible is not a glorified tool for running shell scripts on the target :-/

At any rate, ad_join_status is not a string. Checkout ad_join_status.stdout (string) or ad_join_status.stdout_lines (list).

Regards
        Racke

Thanks for your reply and tips.

So, has requested I’ve checked out the stdout message:

I’ve received only message when the domain already joined, like:

ok: [localhost] => { "ad_join_status.stdout_lines": [ " 3 server_name@domain", " 3 server_name@domain", " 3 server_name@domain", " 3 host/server_name@domain", " 3 host/server_name@domain", [...]

Otherwise, the klist cannot start because it doesn’t found the file : /etc/krb5.keytab :

`

/usr/bin/klist -k|grep -i server_name

klist: Key table file ‘/etc/krb5.keytab’ not found while starting keytab
`

And in this case nothing appears in stdout:

`
ok: [localhost] =>

ad_join_status.stdout: ‘’
`

That’s means, I should use an another test for checking domain joining…

Thanks for your reply and tips.
So, has requested I've checked out the stdout message:

I've received only message when the domain already joined, like:

>
ok:[localhost]=>{
"ad_join_status.stdout_lines":[
" 3 server_name@domain",
" 3 server_name@domain",
" 3 server_name@domain",
" 3 host/server_name@domain",
" 3 host/server_name@domain",
[...]
>

Otherwise, the klist cannot start because it doesn't found the file : /etc/krb5.keytab :
>
# /usr/bin/klist -k|grep -i server_name
klist:Keytable file '/etc/krb5.keytab'notfound whilestarting keytab
>

And in this case nothing appears in stdout:
>
ok:[localhost]=>

ad\_join\_status\.stdout:''

>

That's means, I should use an another test for checking domain joining...

Right, so far this isn't really Ansible related. Determine a command which reliably tells you
whether the domain is already joined *before* you are trying to automate it.

Regards
          Racke