From 504d26b4e33907e8fe12c9c734842258801817cc Mon Sep 17 00:00:00 2001 From: Nicole Rappe Date: Wed, 7 Aug 2024 01:20:38 -0600 Subject: [PATCH] Update Docker & Kubernetes/Servers/AWX/AWX Operator/Ansible AWX Operator.md --- .../Servers/AWX/AWX Operator/Ansible AWX Operator.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Docker & Kubernetes/Servers/AWX/AWX Operator/Ansible AWX Operator.md b/Docker & Kubernetes/Servers/AWX/AWX Operator/Ansible AWX Operator.md index 1fd087b..4ce7177 100644 --- a/Docker & Kubernetes/Servers/AWX/AWX Operator/Ansible AWX Operator.md +++ b/Docker & Kubernetes/Servers/AWX/AWX Operator/Ansible AWX Operator.md @@ -363,7 +363,9 @@ ansible_winrm_server_cert_validation=ignore #kerberos_user=nicole.rappe@BUNNY-LAB.IO #Optional, if you define this in the Job Template, it is not necessary. ``` !!! failure "Usage of Fully-Quality Domain Names" - It is critical that you define Kerberos-authenticated devices with fully qualified domain names. This is just something I found out from 4+ hours of troubleshooting. If the device is Linux or you are using NTLM authentication instead of Kerberos authentication, you can skip this warning. If you do not define the inventory using FQDNs, it will fail to run the commands against the targeted device(s). + It is **critical** that you define Kerberos-authenticated devices with fully qualified domain names. This is just something I found out from 4+ hours of troubleshooting. If the device is Linux or you are using NTLM authentication instead of Kerberos authentication, you can skip this warning. If you do not define the inventory using FQDNs, it will fail to run the commands against the targeted device(s). + + In this example, the host is defined via FQDN: `virt-node-01 ansible_host=virt-node-01.bunny-lab.io` Lastly, we want to ensure we have Keytab generation happening when the playbook is executed, so add these tasks to the beginning of your playbook(s) that interact with Kerberos devices: ``` yaml