Description:

I’m trying to set up an Ansible playbook that connects to a MSSQL database server hosted on Windows using integrated Windows authentication. The host running Ansible is a Linux machine. Here are the details and issues I’m encountering:

Environment Details:

Ansible is running on a Linux machine (specifically, RHEL).
MSSQL database server is hosted on a Windows machine.
I have credentials for an Active Directory (AD) account that has access to the MSSQL database.
Connection Requirements:

I need to establish a connection to the MSSQL database using integrated Windows authentication, meaning I want to avoid storing plain-text credentials in my playbook.
Challenges:

Kerberos and Physical Connection: I’m considering using Kerberos for authentication, but I’m unsure if Kerberos requires a physical connection from the Linux host to the SQL database server. Due to security policies, the Linux host cannot establish direct physical connections to the database server.
Playbook Example:
Here’s a simplified version of my Ansible playbook (odbc.yaml):

yaml
Copy code

• name: Connect to MSSQL DB using integrated Windows auth
  hosts: localhost
  vars:
  ansible_python_interpreter: /usr/bin/python3
  tasks:
  • name: Execute SQL query
    community.general.mssql_query:
    server: sql_server_name
    database: my_database
    query: “SELECT * FROM my_table”
    auth: integrated
    In this example, sql_server_name and my_database would be replaced with actual server and database names.

Questions:

How can I configure Ansible to use integrated Windows authentication (auth: integrated) without requiring a physical connection from the Linux host to the MSSQL database server?
Is Kerberos a viable option for achieving integrated Windows authentication in this scenario, considering the restriction on physical connections?
Any guidance or suggestions on configuring Ansible to meet these requirements would be greatly appreciated. Thank you!