So I'm having trouble making use of something I'm setting using set_fact. I'm making use of the community.windows LAPS module to retrieve the password for a given server which is working, but I'm having issues when attempting to then use that password in a quick test.
My playbook is currently,
---
- name: LAPS Test Playbook
hosts: localhost
vars:
host: myserver
kdc: dc01.domain.com
tasks:
- name: Clear existing Kerberos tokens
command: kdestroy
ignore_errors: True
- name: Get password using simple auth over LDAPS
set_fact:
lapsPass: "{{ lookup('laps_password', host, domain=kdc, scheme='ldaps', auth='simple', username='user@DOMAIN.COM', password='mypassword') }}"
- name: Test output
debug:
var: lapsPass
- name: Get disk facts
community.windows.win_disk_facts:
delegate_to: myserver
vars:
ansible_user: localadmin
ansible_password: lapsPass
ansible_port: 5985
ansible_connection: winrm
ansible_connection_transport: basic
ansible_winrm_server_cert_validation: ignore
ansible_winrm_operation_timeout_sec: 600
ansible_winrm_read_timeout_sec: 660
- name: Output disk facts
debug:
var: ansible_facts.disks[0]
The actual password retrieval works, and my Test Output does show me the correct password.
However when I try to use it in the 'Get disk facts' task I get an error,
the specified credentials were rejected by the server
If I manually put in the password that was displayed by Test output though as a string it works, so I know the actual credentials are correct. I've also tried using
ansible_password: '{{ lapsPass }}'
But that returns an error that it's not defined.
So I'm kind of stumped on how I'm supposed to actually use the password to connect to a system once I've successfully retrieved it.
