Ansible version is 2.3.1.0 / Python version is 2.7.5
I have created the following in one of my playbooks -
- name: Join IPA domain
command: ipa-client-install --server=servername.domain --domain=private.domain --principal=admin --password=“{{ipa_password}}” --mkhomedir --force-ntpd -U
when this play is ran, it fails with the following error “kinit: Preauthentication failed while getting initial credentials” I can see where my password is getting unwrapped from the vault. It shows up in the trace as “–password={u’ipa_password’ : u’mypassword’}”
If I use plaintext in the --password= field, the play runs successfully and I join my domain. I really would like to use ansible-vault so I can automate this task without exposing my ipa password.