Update Docker & Kubernetes/Servers/AWX/AWX Operator/Ansible AWX Operator.md

Docker & Kubernetes/Servers/AWX/AWX Operator/Ansible AWX Operator.md

@@ -235,7 +235,13 @@ spec:
 ```
 
 ### Job Template & Inventory Examples
-At this point, you need to adjust your exist Job Template(s) that need to communicate via Kerberos to domain-joined Windows devices to use the "Instance Group" of "**Kerberos EE**" while keeping the same Execution Environment you have been using up until this point.  This will change the Execution Environment to include the Kerberos Keytab file in the EE at playbook runtime.
+At this point, you need to adjust your exist Job Template(s) that need to communicate via Kerberos to domain-joined Windows devices to use the "Instance Group" of "**Kerberos**" while keeping the same Execution Environment you have been using up until this point.  This will change the Execution Environment to include the Kerberos Keytab file in the EE at playbook runtime.
+
+Also add the following variable to the job template:
+``` yaml
+---
+kerberos_user: "nicole.rappe@BUNNY-LAB.IO"
+```
 
 You will want to ensure your inventory file is configured to use Kerberos Authentication as well, so the following example is a starting point:
 ``` ini
@@ -252,3 +258,18 @@ ansible_winrm_scheme=https
 ansible_winrm_server_cert_validation=ignore
 ansible_winrm_kerberos_realm=BUNNY-LAB.IO
 ```
+
+Lastly, we want to ensure we have Keytab generation happening when the playbook is executed, so add these tasks to the beginning of your playbook(s) that interact with Kerberos devices:
+``` yaml
+    - name: Acquire Kerberos Ticket using Keytab
+      ansible.builtin.shell: |
+        kinit -kt /etc/krb5.keytab {{ kerberos_user }}        
+      environment:
+        KRB5_CONFIG: /etc/krb5.conf
+      register: kinit_result
+
+    - name: Ensure Kerberos Ticket was Acquired Successfully
+      fail:
+        msg: "Failed to acquire Kerberos ticket"
+      when: kinit_result.rc != 0
+```