From 8383e542eaaa6fa07c36532b696cbdadc2a040e8 Mon Sep 17 00:00:00 2001
From: Nicole Rappe <nicole.rappe@bunny-lab.io>
Date: Wed, 31 Jul 2024 22:58:41 -0600
Subject: [PATCH] Update Docker & Kubernetes/Servers/AWX/AWX Operator/Ansible
 AWX Operator.md

---
 .../AWX/AWX Operator/Ansible AWX Operator.md  | 23 ++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/Docker & Kubernetes/Servers/AWX/AWX Operator/Ansible AWX Operator.md b/Docker & Kubernetes/Servers/AWX/AWX Operator/Ansible AWX Operator.md
index 2a0c477..2dde438 100644
--- a/Docker & Kubernetes/Servers/AWX/AWX Operator/Ansible AWX Operator.md	
+++ b/Docker & Kubernetes/Servers/AWX/AWX Operator/Ansible AWX Operator.md	
@@ -235,7 +235,13 @@ spec:
 ```
 
 ### Job Template & Inventory Examples
-At this point, you need to adjust your exist Job Template(s) that need to communicate via Kerberos to domain-joined Windows devices to use the "Instance Group" of "**Kerberos EE**" while keeping the same Execution Environment you have been using up until this point.  This will change the Execution Environment to include the Kerberos Keytab file in the EE at playbook runtime.
+At this point, you need to adjust your exist Job Template(s) that need to communicate via Kerberos to domain-joined Windows devices to use the "Instance Group" of "**Kerberos**" while keeping the same Execution Environment you have been using up until this point.  This will change the Execution Environment to include the Kerberos Keytab file in the EE at playbook runtime.
+
+Also add the following variable to the job template:
+``` yaml
+---
+kerberos_user: "nicole.rappe@BUNNY-LAB.IO"
+```
 
 You will want to ensure your inventory file is configured to use Kerberos Authentication as well, so the following example is a starting point:
 ``` ini
@@ -251,4 +257,19 @@ ansible_winrm_transport=kerberos
 ansible_winrm_scheme=https
 ansible_winrm_server_cert_validation=ignore
 ansible_winrm_kerberos_realm=BUNNY-LAB.IO
+```
+
+Lastly, we want to ensure we have Keytab generation happening when the playbook is executed, so add these tasks to the beginning of your playbook(s) that interact with Kerberos devices:
+``` yaml
+    - name: Acquire Kerberos Ticket using Keytab
+      ansible.builtin.shell: |
+        kinit -kt /etc/krb5.keytab {{ kerberos_user }}        
+      environment:
+        KRB5_CONFIG: /etc/krb5.conf
+      register: kinit_result
+
+    - name: Ensure Kerberos Ticket was Acquired Successfully
+      fail:
+        msg: "Failed to acquire Kerberos ticket"
+      when: kinit_result.rc != 0
 ```
\ No newline at end of file