Develop Reference

Ansible: Importing GPG-keys from RPM Fusion not working

I'm trying to create a task to download and import the GPG-keys from the official RPM Fusion site but it fails.
- hosts: localhost
connection: local
name: DOWNLOADING AND IMPORTING SECURITY KEYS
tasks:
- name: Downloading the security key for RPM Fusion (free) repo
get_url:
url: https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-free-fedora-2020
dest: ~/Downloads/free_keys.txt
- name: Importing (free) key
ansible.builtin.rpm_key:
state: present
key: ~/Downloads/free_keys.txt
- name: Deleting security key file (free)
ansible.builtin.file:
path: ~/Downloads/free_keys.txt
state: absent
- name: Downloading the security key for RPM Fusion (non-free) repo
get_url:
url: https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020
dest: ~/Downloads/nonfree_keys.txt
- name: Importing (non-free) key
ansible.builtin.rpm_key:
state: present
key: ~/Downloads/nonfree_keys.txt
- name: Deleting security key file (non-free)
ansible.builtin.file:
path: ~/Downloads/nonfree_keys.txt
state: absent
This is the output:
TASK [Gathering Facts] *********************************************************
ok: [localhost]
TASK [Downloading the security key for RPM Fusion (free) repo] *****************
changed: [localhost] => {"changed": true, "checksum_dest": null, "checksum_src": "554f50b16f9cf421f7caf02ce83c9069fd399b0e", "dest": "/home/[REDACTED]/Downloads/free_keys.txt", "elapsed": 0, "gid": 1000, "group": "[REDACTED]", "md5sum": "7206830528e4e9fb61d52dafc4e32ed1", "mode": "0664", "msg": "OK (1704 bytes)", "owner": "[REDACTED]", "secontext": "unconfined_u:object_r:user_home_t:s0", "size": 1704, "src": "/home/[REDACTED]/.ansible/tmp/ansible-tmp-1623521488.9204922-9892-237385967611488/tmp38djamsm", "state": "file", "status_code": 200, "uid": 1000, "url": "https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-free-fedora-2020"}
TASK [Importing (free) key] ****************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Not a valid key ~/Downloads/free_keys.txt"}
PLAY RECAP *********************************************************************
localhost : ok=2 changed=1 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
So far I've tried to download the keys to .txt and .gpg format but none of these methods work. Any suggestion is greatly appreciated.
EDIT: To answer your questions:
1.
TASK [Importing (free) key] ****************************************************
task path: /home/[REDACTED]/Documents/ansible-playbooks/for_laptops/dell_e7270/import_keys.yml:11
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: [REDACTED]
<127.0.0.1> EXEC /bin/sh -c 'echo ~[REDACTED] && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/[REDACTED]/.ansible/tmp `"&& mkdir "` echo /home/[REDACTED]/.ansible/tmp/ansible-tmp-1623533463.7691412-3758-92960382692038 `" && echo ansible-tmp-1623533463.7691412-3758-92960382692038="` echo /home/[REDACTED]/.ansible/tmp/ansible-tmp-1623533463.7691412-3758-92960382692038 `" ) && sleep 0'
Using module file /usr/lib/python3.9/site-packages/ansible/modules/packaging/os/rpm_key.py
<127.0.0.1> PUT /home/[REDACTED]/.ansible/tmp/ansible-local-3682vs8hkmey/tmpjamn9upp TO /home/[REDACTED]/.ansible/tmp/ansible-tmp-1623533463.7691412-3758-92960382692038/AnsiballZ_rpm_key.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/[REDACTED]/.ansible/tmp/ansible-tmp-1623533463.7691412-3758-92960382692038/ /home/[REDACTED]/.ansible/tmp/ansible-tmp-1623533463.7691412-3758-92960382692038/AnsiballZ_rpm_key.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python3 /home/[REDACTED]/.ansible/tmp/ansible-tmp-1623533463.7691412-3758-92960382692038/AnsiballZ_rpm_key.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/[REDACTED]/.ansible/tmp/ansible-tmp-1623533463.7691412-3758-92960382692038/ > /dev/null 2>&1 && sleep 0'
fatal: [localhost]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"fingerprint": null,
"key": "~/Downloads/free_keys",
"state": "present",
"validate_certs": true
}
},
"msg": "Not a valid key ~/Downloads/free_keys"
}
The keys are the ones under 'Fedora 34' in this link.
Yes, the keys downloaded look like that.
Unfortunately, changing the permissions did not work.
Looks like a solution could be to download the distribution-gpg-keys from the official repos before installing the RPM Fusion.

Try to start ansible with very verbose logging
/bin/ansible-playbook import_gpg.yml -vvvv
As far as i know, its 2021 year now, and judging by URL (https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020), key seems to be issued for 2020 year.
I think you have downloaded and tried to import expired key.
Can you verify you downloaded file that looks like GPG key?
Something, that looks like this:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBF2tvGQBEAC5Q2ePLZZafOkFhYHpGZdRRBCcCd+aiLATofFV8+FjPuPLL/3R
......
kgQgWZ6F2RZm5/R28DHdAetji50XbnmXgAk/u9u2Hw2bVVJfJ0WpEVcPvA1L86SE
8i8p1fmzljwRazZAksk5Zh2QfaM0jlMYHWbKpbXQcX19Uerm7D9IkciZvDAmgBYV
S6Y=
=rOqq
-----END PGP PUBLIC KEY BLOCK-----
Probably, they use cloudflare, that blocks default ansible user agent - https://docs.ansible.com/ansible/latest/collections/ansible/builtin/get_url_module.html#parameter-http_agent). You can set user agent to browser one.
Or, you can set proper permissions for file being saved to disk
- name: Downloading the security key for RPM Fusion (non-free) repo
get_url:
url: https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020
dest: ~/Downloads/nonfree_keys.txt
mode: 0600
Because RPM cannot import keys from world writeable files.

After some digging I found the solution and it's simpler than I thought:
---
- hosts: localhost
connection: local
name: IMPORTING SECURITY KEYS
tasks:
- name: Importing (free) key
ansible.builtin.rpm_key:
state: present
key: https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-free-fedora-2020
- name: Importing (non-free) key
ansible.builtin.rpm_key:
state: present
key: https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020
Following the official documentation, I thought you had to download the keys to your PC and then install them. Instead, you can directly enter the URL into the key section.

Ansible extract values from stdout_lines to use in subsequent loop

I am trying to write a role to remove all helper addresses for a Cisco Router interface. There can be one or more helper addresses returned in stdout_lines. I use filters to remove labels and extra scapes from the lines and put the results into an array to use in the subsequent command loop. I seem to get the correct info but using the value fails.
Here is my role:
---
- name: read helpers
register: helper_facts
ios_command:
commands:
- show ip interface {{ interface }} | section Helper
- set_fact:
helper_addr: []
- set_fact:
helper_addr: "{{ helper_addr }} + [ '{{ item | regex_replace ('Helper address.* ','') | trim }}' ]"
with_items: "{{ helper_facts.stdout_lines }}"
- name: remove helpers
ios_command:
commands:
- no ip helper-address {{ item }}
with_items: "{{ helper_addr }}"
Here is a snip of the output with the error I get:
ok: [ONTMDFRTR01] => (item= 172.16.0.22) => {
"ansible_facts": {
"helper_addr": [
"192.1.0.1",
"172.16.0.22"
]
},
"ansible_loop_var": "item",
"changed": false,
"item": " 172.16.0.22"
}
TASK [remove_helpers : remove helpers] **********************************************************************************
task path: /home/msimon/USPS/roles/remove_helpers/tasks/main.yml:15
Monday 03 May 2021 16:44:23 -0400 (0:00:00.704) 0:00:05.874 ************
<10.32.178.252> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.32.178.252> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-23291P_KVGE `"&& mkdir "1-258083848203070 `" && echo ansible-tmp-1620074664.59-23371-258083848203070="` echo /root/.ansible/tmp/ansible-local-232
Using module file /usr/lib/python2.7/site-packages/ansible/modules/network/ios/ios_command.py
<10.32.178.252> PUT /root/.ansible/tmp/ansible-local-23291P_KVGE/tmpuSDML5 TO /root/.ansible/tmp/ansible-local-23291P_KVG
<10.32.178.252> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-23291P_KVGE/ansible-tmp-1620074664.59-23371-24.59-23371-258083848203070/AnsiballZ_ios_command.py && sleep 0'
<10.32.178.252> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-local-23291P_KVGE/ansible-tmp-1620074664.59-2
<10.32.178.252> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-23291P_KVGE/ansible-tmp-1620074664.59-23371-25
The full traceback is:
WARNING: The below traceback may *not* be related to the actual failure.
File "/tmp/ansible_ios_command_payload_IFZQ7s/ansible_ios_command_payload.zip/ansible/module_utils/network/ios/ios.py",
return connection.run_commands(commands=commands, check_rc=check_rc)
File "/tmp/ansible_ios_command_payload_IFZQ7s/ansible_ios_command_payload.zip/ansible/module_utils/connection.py", line
raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)
failed: [ONTMDFRTR01] (item=192.1.0.1) => {
"ansible_loop_var": "item",
"changed": false,
"invocation": {
"module_args": {
"auth_pass": null,
"authorize": null,
"commands": [
"no ip helper-address 192.1.0.1"
],
"host": null,
"interval": 1,
"match": "all",
"password": null,
"port": null,
"provider": null,
"retries": 10,
"ssh_keyfile": null,
"timeout": null,
"username": null,
"wait_for": null
}
},
"item": "192.1.0.1",
"msg": "no ip helper-address 192.1.0.1\r\nno ip helper-address 192.1.0.1\r\n ^\r\n% Invalid input detected at '^' m
}```

Thanks to mdaniel's comment I found the answer. I cut this from a larger playbook and left out the commands to setup the interface ("config t" , "int GigabitEthernet0/0/0") needed before the no helper_addres command. My role is now working as expected. Thanks, I hope this helps someone else.

Ansible command using variable input fails to execute

Below I'm trying to get a command running involving input from previous output, in this case copy flash:file01 flash:file02 with 2 derived from the REGEX_FILTERING task.
- name: REGEX_FILTERING
command: "cat /home/ubuntu/show_switch.txt"
register: line1
- debug: var="{{ line1.stdout_lines | regex_replace('(?<!\*).?') }}"
register: number
- name: COMMAND_INPUT
cli_command:
command: 'copy flash:file01 flash:file0 {{ number }}'
prompt: '[confirm]'
answer: ''
Here's the error message:
<ommited>
"stdout_lines": [
"Switch/Stack Mac Address : d4a0.2ae9.ec00",
" H/W Current",
"----------------------------------------------------------",
" 1 Member 001f.9df6.2d80 5 0 Ready ",
"*2 Master d4a0.2ae9.ec00 15 0 Ready ",
" 3 Member 0016.c733.cd00 5 0 Ready"
]
}
TASK [debug] *****************************************************************************************************************************************************************************
task path: /home/ubuntu/test1.yml:109
ok: [CSR1] => {
"2": "2"
}
TASK [COMMAND_INPUT] *********************************************************************************************************************************************************************
task path: /home/ubuntu/test1.yml:112
<192.168.255.133> ESTABLISH LOCAL CONNECTION FOR USER: ubuntu
<192.168.255.133> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/ubuntu/.ansible/tmp/ansible-local-7528uUJSLh/ansible-tmp-1542986468.48-164922344690120 `" && echo ansible-tmp-1542986468.48-164922344690120="` echo /home/ubuntu/.ansible/tmp/ansible-local-7528uUJSLh/ansible-tmp-1542986468.48-164922344690120 `" ) && sleep 0'
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/network/cli/cli_command.py
<192.168.255.133> PUT /home/ubuntu/.ansible/tmp/ansible-local-7528uUJSLh/tmpkozHVx TO /home/ubuntu/.ansible/tmp/ansible-local-7528uUJSLh/ansible-tmp-1542986468.48-164922344690120/AnsiballZ_cli_command.py
<192.168.255.133> EXEC /bin/sh -c 'chmod u+x /home/ubuntu/.ansible/tmp/ansible-local-7528uUJSLh/ansible-tmp-1542986468.48-164922344690120/ /home/ubuntu/.ansible/tmp/ansible-local-7528uUJSLh/ansible-tmp-1542986468.48-164922344690120/AnsiballZ_cli_command.py && sleep 0'
<192.168.255.133> EXEC /bin/sh -c '/usr/bin/python /home/ubuntu/.ansible/tmp/ansible-local-7528uUJSLh/ansible-tmp-1542986468.48-164922344690120/AnsiballZ_cli_command.py && sleep 0'
<192.168.255.133> EXEC /bin/sh -c 'rm -f -r /home/ubuntu/.ansible/tmp/ansible-local-7528uUJSLh/ansible-tmp-1542986468.48-164922344690120/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
WARNING: The below traceback may *not* be related to the actual failure.
File "/tmp/ansible_cli_command_payload_U1p385/__main__.py", line 150, in main
response = connection.get(**module.params)
File "/tmp/ansible_cli_command_payload_U1p385/ansible_cli_command_payload.zip/ansible/module_utils/connection.py", line 173, in __rpc__
raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)
fatal: [CSR1]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"answer": [
""
],
"check_all": false,
"command": "copy flash:file01 flash:file0 {'failed': False, u'2': u'2', 'changed': False}",
"prompt": [
"[confirm]"
],
"sendonly": false
}
},
"msg": "copy flash:file01 flash:file0 {'failed': False, u'2': u'2', 'changed': False}\r\n ^\r\n% Invalid input detected at '^' marker.\r\n\r\nCSR1#\r\nCSR1#"

"command": "copy flash:file01 flash:file0 {'failed': False, u'2': u'2', 'changed': False}",
Is happening because the register: number is not in fact the number, rather it's the ansible result of the debug: output. Since number is a python dict, when it is injected into your command, it is just serialized as if str() were called upon the dict
It is far more likely that what you want is to capture that variable locally in the task, to make it just be the result of the jinja2 expression, and not the result of an ansible task:
- cli_command:
command: 'copy flash:file01 flash:file0 {{ number }}'
vars:
number: "{{ line1.stdout_lines | regex_replace('(?<!\*).?') }}"
I also suspect you will be happier with line1.stdout, which is a str of the entire output, versus line1.stdout_lines which is a list of str, making the regex_replace on a list kind of weird -- I'm surprised it actually even let you do that, to be honest

Ansible EC2 add multiple hosts

trying to find and add hosts dynamically like so
---
- hosts: localhost
gather_facts: no
tasks:
- name: Gather EC2 remote facts.
ec2_remote_facts:
region: 'us-east-1'
register: ec2_remote_facts
- name: Debug.
debug:
msg: "{{ ec2_remote_facts }}"
- name: get instances for tags
add_host:
name: "{{ item }}"
group: dynamically_created_hosts
with_items: |
"{{ ec2_remote_facts.instances |
selectattr('tags.AppName', 'defined') | selectattr('tags.AppName', 'equalto', 'sql') |
selectattr('tags.AppType', 'defined') | selectattr('tags.AppType', 'equalto', 'infra') |
map(attribute='private_ip_address') | list }}"
- hosts:
- dynamically_created_hosts
become: yes
become_user: root
serial: 1
vars_files:
- group_vars/all
tasks:
- name: run command
shell: "uname -a"
I get following when i run in verbose mode
TASK [get instances for tags] **************************************************
task path: /Users/me/gitfork2/fornax/dynhst.yml:39
creating host via 'add_host': hostname="[u'10.112.114.241']"
changed: [localhost] => (item="[u'10.112.114.241']") => {"add_host": {"groups": ["dynamically_created_hosts"], "host_name": "\"[u'10.112.114.241']\"", "host_vars": {"group": "dynamically_created_hosts"}}, "changed": true, "invocation": {"module_args": {"group": "dynamically_created_hosts", "hostname": "\"[u'10.112.114.241']\""}, "module_name": "add_host"}, "item": "\"[u'10.112.114.241']\""}
PLAY [dynamically_created_hosts] ***********************************************
TASK [setup] *******************************************************************
<"[u'10.112.114.241']"> ESTABLISH SSH CONNECTION FOR USER: None
<"[u'10.112.114.241']"> SSH: ansible.cfg set ssh_args: (-F)(/Users/me/.ssh/config)
<"[u'10.112.114.241']"> SSH: ANSIBLE_HOST_KEY_CHECKING/host_key_checking disabled: (-o)(StrictHostKeyChecking=no)
<"[u'10.112.114.241']"> SSH: ansible_password/ansible_ssh_pass not set: (-o)(KbdInteractiveAuthentication=no)(-o)(PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey)(-o)(PasswordAuthentication=no)
<"[u'10.112.114.241']"> SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=10)
<"[u'10.112.114.241']"> SSH: PlayContext set ssh_common_args: ()
<"[u'10.112.114.241']"> SSH: PlayContext set ssh_extra_args: ()
<"[u'10.112.114.241']"> SSH: EXEC ssh -C -vvv -F /Users/me/.ssh/config -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 '"[u'"'"'10.112.114.241'"'"']"' '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1509843772.58-176166317659656 `" && echo ansible-tmp-1509843772.58-176166317659656="` echo $HOME/.ansible/tmp/ansible-tmp-1509843772.58-176166317659656 `" ) && sleep 0'"'"''
fatal: ["[u'10.112.114.241']"]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh.", "unreachable": true}
to retry, use: --limit #./dynhst.retry
The odd thing here I see is
SSH: EXEC ssh -C -vvv -F /Users/me/.ssh/config -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 '"[u'"'"'10.112.114.241'"'"']"' '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1509843772.58-176166317659656 `" && echo ansible-tmp-1509843772.58-176166317659656="` echo $HOME/.ansible/tmp/ansible-tmp-1509843772.58-176166317659656 `" ) && sleep 0'"'"''
Seems like it is trying to ssh into '"[u'"'"'10.112.114.241'"'"']"' ... seems like the dynamically_created_hosts is being used as a string and not as a list
Any ideas why?

You pass a list (of IP addresses) to an argument name which requires a string:
hostname="[u'10.112.114.241']"
[ ] is a JSON representation of a list (single element in the example above).
If you want the first address from the list (and there seems to be no more for any of your hosts), then:
add_host:
name: "{{ item[0] }}"
group: dynamically_created_hosts
with_items: ...

Ansible expect with ktutil

I'd like to make a kerberos keytab with ansible + expect, but the keytab file doesn't get created. What is wrong with my play ? How could I troubleshoot?
---
- hosts: localhost
connection: local
gather_facts: false
vars_prompt:
- name: "kuser"
prompt: "enter your user"
- name: "kpw"
prompt: "enter your pw"
tasks:
- name: Generate Kerberos ticket
expect:
command: ktutil
responses:
ktutil: "addent -password -p {{ kuser }}#MYDOMAIN.LOCAL -k 1 -e rc4-hmac"
Password: "{{ kpw }}"
ktutil: "wkt /username.keytab"
ktutil: "quit"
The output with -vvv
Using /etc/ansible/ansible.cfg as config file
[WARNING]: provided hosts list is empty, only localhost is available
[WARNING]: While constructing a mapping from /repo/Playbooks/test.yml, line 15, column 9, found a duplicate dict key (ktutil). Using last
defined value only.
1 plays in /repo/Playbooks/test.yml
enter your user:
enter your pw:
PLAY ***************************************************************************
TASK [Generate Kerberos ticket] ************************************************
task path: /repo/Playbooks/test.yml:11
ESTABLISH LOCAL CONNECTION FOR USER: root
127.0.0.1 EXEC ( umask 22 && mkdir -p "$( echo $HOME/.ansible/tmp/ansible-tmp-1496244261.67-88427652465239 )" && echo "$( echo $HOME/.ansible/tmp/ansible-tmp-1496244261.67-88427652465239 )" )
127.0.0.1 PUT /tmp/tmpwLW3r2 TO /root/.ansible/tmp/ansible-tmp-1496244261.67-88427652465239/expect
127.0.0.1 EXEC LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 LC_MESSAGES=en_US.UTF-8 /usr/bin/python /root/.ansible/tmp/ansible-tmp-1496244261.67-88427652465239/expect; rm -rf "/root/.ansible/tmp/ansible-tmp-1496244261.67-88427652465239/" > /dev/null 2>&1
changed: [localhost] => {"changed": true, "cmd": "ktutil", "delta": "0:00:00.282785", "end": "2017-05-31 15:24:22.038164", "invocation": {"module_args": {"chdir": null, "command": "ktutil", "creates": null, "echo": false, "removes": null, "responses": {"Password": "mypw", "ktutil": "quit"}, "timeout": 30}, "module_name": "expect"}, "rc": 0, "start": "2017-05-31 15:24:21.755379", "stdout": "ktutil: ", "stdout_lines": ["ktutil: "]}
PLAY RECAP *********************************************************************
localhost : ok=1 changed=1 unreachable=0 failed=0
I don't have the keytab created following the above

The problem seems to be that you're repeating the same key for some of the responses. From the ansible expect module documentation:
"If the response is a list, successive matches return successive responses"
Replacing the kutil prompts with a list of responses should prevent the error (and deploy the keytab), eg:
responses:
ktutil:
- "addent -password -p {{ kuser }}#MYDOMAIN.LOCAL -k 1 -e rc4-hmac"
- "wkt /username.keytab"
- "quit"
Password: "{{ kpw }}"
More information: http://docs.ansible.com/ansible/expect_module.html

What actually worked for me was -
- name: addent of keytab
hosts: localhost
vars:
realm: "MYREALM.COM"
sec: "aes256-cts"
passw: "ansible"
usname: "friend"
tasks:
- name: keytab command
expect:
**command: ktutil
responses:
ktutil:
- "addent -password -p {{ usname }}#{{ realm }} -k 1 -e {{ sec }}"
- " wkt /etc/ansible/loopkey.keytab"
- "quit"
Password(.*): "{{ passw }}"**