I’m getting started with Ansible, having worked with other systems previously. I think I have a reasonable grasp on the technical aspects of the tool, but I have a question about what the community regards as best practices or Ansible style…
I’m automating the configuration of systems that integrate with a kerberos system (FreeIPA). That requires that the Ansible process has a kerberos ticket available, with rights to manage the IPA server.
What should I instruct ansible to do when no ticket is available? One option would be to simply fail immediately, and print an error indicating that a ticket is required. The other would be to skip the items that require the ticket and print a warning, leaving the play “successful” but incomplete.
A third, I suppose, would be to segregate the parts that require a ticket into a separate playbook, and that one could prompt for a password, then acquire a ticket, and then run the tasks that require the ticket.
What do the rest of you do?