Skip to content
Normal view Permalink
install.yml 30.5 KiB
Newer Older
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
1 2 3 
---
# tasks file for ipareplica
Thomas Woerner's avatar
ipa[server,replica,client]: New setting X_install_packages  
Thomas Woerner committed
4 
- block:
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
5
Thomas Woerner's avatar
ipa[server,replica,client]: New setting X_install_packages  
Thomas Woerner committed
6 7 8 9 10 
  - name: Install - Ensure IPA replica packages are installed
    package:
      name: "{{ item }}"
      state: present
    with_items: "{{ ipareplica_packages }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
11
Thomas Woerner's avatar
ipa[server,replica,client]: New setting X_install_packages  
Thomas Woerner committed
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 
  - name: Install - Ensure IPA replica packages for dns are installed
    package:
      name: "{{ item }}"
      state: present
    with_items: "{{ ipareplica_packages_dns }}"
    when: ipareplica_setup_dns | bool

  - name: Install - Ensure IPA replica packages for adtrust are installed
    package:
      name: "{{ item }}"
      state: present
    with_items: "{{ ipareplica_packages_adtrust }}"
    when: ipareplica_setup_adtrust | bool

  when: ipareplica_install_packages | bool
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
27 28 

- name: Install - Include Python2/3 import test
Thomas Woerner's avatar
Fix white space issues in yaml files and ansible vars  
Thomas Woerner committed
29 
  import_tasks: "{{ role_path }}/tasks/python_2_3_test.yml"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
30 31 32 33 34 35 36 37 38 

- name: Install - Set default principal if no keytab is given
  set_fact:
    ipaadmin_principal: admin
  when: ipaadmin_principal is undefined and ipaclient_keytab is undefined

- name: Install - Replica installation test
  ipareplica_test:
    ### basic ###
Thomas Woerner's avatar
ipa[server,replica]: Calm down ansible and yaml lint in ansible-galaxy  
Thomas Woerner committed
39 40 
    # dm_password: "{{ ipadm_password | default(omit) }}"
    # password: "{{ ipaadmin_password | default(omit) }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
41 
    ip_addresses: "{{ ipareplica_ip_addresses | default([]) }}"
Thomas Woerner's avatar
ipa[server,replica]: Calm down ansible and yaml lint in ansible-galaxy  
Thomas Woerner committed
42 43 44 45 
    domain: "{{ ipareplica_domain | default(ipaserver_domain) |
            default(omit) }}"
    servers: "{{ groups.ipaservers | default(groups.ipaserver) |
              default(omit) }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
46 
    realm: "{{ ipareplica_realm | default(omit) }}"
Thomas Woerner's avatar
Revert "ipa[server,replica,client]: Do not enforce ansible_fqdn as hostname"  
Thomas Woerner committed
47 
    hostname: "{{ ipareplica_hostname | default(ansible_fqdn) }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
48 
    ca_cert_files: "{{ ipareplica_ca_cert_files | default([]) }}"
Thomas Woerner's avatar
ipareplica: Add support for hidden replica  
Thomas Woerner committed
49 
    hidden_replica: "{{ ipareplica_hidden_replica }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
50 51 52 53 54 55 56 57 58 59 60 61 
    ### server ###
    setup_adtrust: "{{ ipareplica_setup_adtrust }}"
    setup_kra: "{{ ipareplica_setup_kra }}"
    setup_dns: "{{ ipareplica_setup_dns }}"
    no_pkinit: "{{ ipareplica_no_pkinit }}"
    dirsrv_config_file: "{{ ipareplica_dirsrv_config_file | default(omit) }}"
    ### ssl certificate ###
    dirsrv_cert_files: "{{ ipareplica_dirsrv_cert_files | default([]) }}"
    http_cert_files: "{{ ipareplica_http_cert_files | default([]) }}"
    pkinit_cert_files: "{{ ipareplica_pkinit_cert_files | default([]) }}"
    ### client ###
    no_ntp: "{{ ipaclient_no_ntp }}"
Thomas Woerner's avatar
ipareplica_test: Added ntp_server, ntp_pool and some ntp related tests  
Thomas Woerner committed
62 63 
    ntp_servers: "{{ ipaclient_ntp_servers | default([]) }}"
    ntp_pool: "{{ ipaclient_ntp_pool | default(omit) }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
64 65 66 67 68 69 70 71 72 73 74 
    ### dns ###
    no_reverse: "{{ ipareplica_no_reverse }}"
    auto_reverse: "{{ ipareplica_auto_reverse }}"
    forwarders: "{{ ipareplica_forwarders | default([]) }}"
    no_forwarders: "{{ ipareplica_no_forwarders }}"
    auto_forwarders: "{{ ipareplica_auto_forwarders }}"
    forward_policy: "{{ ipareplica_forward_policy | default(omit) }}"
    no_dnssec_validation: "{{ ipareplica_no_dnssec_validation }}"
  register: result_ipareplica_test

- block:
Thomas Woerner's avatar
ipa[server,replica,client]: Do not use meta end_play  
Thomas Woerner committed
75 76 77 78 
  # This block is executed only when
  # not ansible_check_mode and
  # not (result_ipareplica_test.client_already_configured is defined or
  #      result_ipareplica_test.server_already_configured is defined)
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
79
Thomas Woerner's avatar
ipareplica: Use ipaclient role to deploy client  
Thomas Woerner committed
80 81 82 83 84 85 86 87 88 
  - name: Install - Setup client
    include_role:
      name: ipaclient
    vars:
      state: present
      ipaclient_domain: "{{ result_ipareplica_test.domain }}"
      ipaclient_realm: "{{ result_ipareplica_test.realm }}"
      ipaclient_servers: ["{{ result_ipareplica_test.server }}"]
      ipaclient_hostname: "{{ result_ipareplica_test.hostname }}"
Thomas Woerner's avatar
ipa[server,replica]: Calm down ansible and yaml lint in ansible-galaxy  
Thomas Woerner committed
89 90 
      ipaclient_no_ntp: "{{ result_ipareplica_test.ipa_python_version
                            < 40690 }}"
Thomas Woerner's avatar
ipareplica: Use ipareplica_install_packages for ipaclient deployment part  
Thomas Woerner committed
91 
      ipaclient_install_packages: "{{ ipareplica_install_packages }}"
Thomas Woerner's avatar
ipareplica: Use ipaclient role to deploy client  
Thomas Woerner committed
92 
    when: not result_ipareplica_test.client_enrolled
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
93 94 95 96 97 98 99 

  - name: Install - Configure firewalld
    command: >
      firewall-cmd
      --permanent
      --add-service=freeipa-ldap
      --add-service=freeipa-ldaps
Thomas Woerner's avatar
ipareplica: Use result from ipareplica_test for freeipa-trust enablement  
Thomas Woerner committed
100 
      {{ "--add-service=freeipa-trust" if result_ipareplica_test.setup_adtrust
Thomas Woerner's avatar
ipa[server,replica]: Enable freeipa-trust service if adtrust is enabled  
Thomas Woerner committed
101 
         else "" }}
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
102 103 
      {{ "--add-service=dns" if ipareplica_setup_dns | bool else "" }}
      {{ "--add-service=ntp" if not ipaclient_no_ntp | bool else "" }}
Thomas Woerner's avatar
ipa[server,replica]: Renamed X_no_firewalld to X_setup_firewalld  
Thomas Woerner committed
104 
    when: ipareplica_setup_firewalld | bool
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
105 106 107 108 109 110 

  - name: Install - Configure firewalld runtime
    command: >
      firewall-cmd
      --add-service=freeipa-ldap
      --add-service=freeipa-ldaps
Thomas Woerner's avatar
ipareplica: Use result from ipareplica_test for freeipa-trust enablement  
Thomas Woerner committed
111 
      {{ "--add-service=freeipa-trust" if result_ipareplica_test.setup_adtrust
Thomas Woerner's avatar
ipa[server,replica]: Enable freeipa-trust service if adtrust is enabled  
Thomas Woerner committed
112 
         else "" }}
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
113 114 
      {{ "--add-service=dns" if ipareplica_setup_dns | bool else "" }}
      {{ "--add-service=ntp" if not ipaclient_no_ntp | bool else "" }}
Thomas Woerner's avatar
ipa[server,replica]: Renamed X_no_firewalld to X_setup_firewalld  
Thomas Woerner committed
115 
    when: ipareplica_setup_firewalld | bool
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 

  - name: Install - Replica preparation
    ipareplica_prepare:
      ### basic ###
      password: "{{ ipaadmin_password | default(omit) }}"
      ip_addresses: "{{ ipareplica_ip_addresses | default([]) }}"
      domain: "{{ result_ipareplica_test.domain }}"
      realm: "{{ result_ipareplica_test.realm }}"
      hostname: "{{ result_ipareplica_test.hostname }}"
      principal: "{{ ipaadmin_principal | default(omit) }}"
      ca_cert_files: "{{ ipareplica_ca_cert_files | default([]) }}"
      no_host_dns: "{{ ipareplica_no_host_dns }}"
      ### replica ###
      setup_adtrust: "{{ result_ipareplica_test.setup_adtrust }}"
      setup_ca: "{{ ipareplica_setup_ca }}"
      setup_kra: "{{ result_ipareplica_test.setup_kra }}"
      setup_dns: "{{ ipareplica_setup_dns }}"
      ### ssl certificate ###
      dirsrv_cert_files: "{{ ipareplica_dirsrv_cert_files | default([]) }}"
      dirsrv_pin: "{{ ipareplica_dirsrv_pin | default(omit) }}"
      http_cert_files: "{{ ipareplica_http_cert_files | default([]) }}"
      http_pin: "{{ ipareplica_http_pin | default(omit) }}"
      pkinit_cert_files: "{{ ipareplica_pkinit_cert_files | default([]) }}"
      pkinit_pin: "{{ ipareplica_pkinit_pin | default(omit) }}"
      ### client ###
      keytab: "{{ ipaclient_keytab | default(omit) }}"
      mkhomedir: "{{ ipaclient_mkhomedir | default(omit) }}"
      force_join: "{{ ipaclient_force_join | default(omit) }}"
      no_ntp: "{{ ipaclient_no_ntp | default(omit) }}"
      ssh_trust_dns: "{{ ipaclient_ssh_trust_dns | default(omit) }}"
      no_ssh: no
      no_sshd: no
      no_dns_sshfp: no
      ### dns ###
Thomas Woerner's avatar
ipareplica: Fix DNS setup issues  
Thomas Woerner committed
150 151 152 153 154 155 156 
      allow_zone_overlap: "{{ ipareplica_allow_zone_overlap }}"
      reverse_zones: "{{ ipareplica_reverse_zones | default([]) }}"
      no_reverse: "{{ ipareplica_no_reverse }}"
      auto_reverse: "{{ ipareplica_auto_reverse }}"
      forwarders: "{{ ipareplica_forwarders | default([]) }}"
      no_forwarders: "{{ ipareplica_no_forwarders }}"
      auto_forwarders: "{{ ipareplica_auto_forwarders }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
157 
      forward_policy: "{{ ipareplica_forward_policy | default(omit) }}"
Thomas Woerner's avatar
ipareplica: Fix DNS setup issues  
Thomas Woerner committed
158 
      no_dnssec_validation: "{{ ipareplica_no_dnssec_validation }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
159 
      ### ad trust ###
Thomas Woerner's avatar
ipareplica_setup_adtrust: Add missing settings for adtrust and module  
Thomas Woerner committed
160 
      enable_compat: "{{ ipareplica_enable_compat }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
161 162 163 164 165 166 167 168 169 170 171 172 173 
      netbios_name: "{{ ipareplica_netbios_name | default(omit) }}"
      rid_base: "{{ ipareplica_rid_base | default(omit) }}"
      secondary_rid_base: "{{ ipareplica_secondary_rid_base | default(omit) }}"
      ### additional ###
      server: "{{ result_ipareplica_test.server }}"
      skip_conncheck: "{{ ipareplica_skip_conncheck }}"
    register: result_ipareplica_prepare

  - name: Install - Add to ipaservers
    ipareplica_add_to_ipaservers:
      ### server ###
      setup_kra: "{{ result_ipareplica_test.setup_kra }}"
      ### additional ###
Thomas Woerner's avatar
ipa[server,replica]: Calm down ansible and yaml lint in ansible-galaxy  
Thomas Woerner committed
174 175 
      config_master_host_name:
        "{{ result_ipareplica_prepare.config_master_host_name }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
176 177 178 179 180 181 182 
      ccache: "{{ result_ipareplica_prepare.ccache }}"
      installer_ccache: "{{ result_ipareplica_prepare.installer_ccache }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
    when: result_ipareplica_prepare._add_to_ipaservers

  - name: Install - Create dirman password
    no_log: yes
Thomas Woerner's avatar
ipareplica: Replace ipaserver_master_password, remove ipaserver_setup_ntp  
Thomas Woerner committed
183 
    ipareplica_master_password:
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
184 
      dm_password: "{{ ipadm_password }}"
Thomas Woerner's avatar
ipareplica: Replace ipaserver_master_password, remove ipaserver_setup_ntp  
Thomas Woerner committed
185 186 
      master_password: "{{ ipareplica_master_password | default(omit) }}"
    register: result_ipareplica_master_password
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
187 188 189 190 

  - name: Install - Set dirman password
    no_log: yes
    set_fact:
Thomas Woerner's avatar
ipa[server,replica]: Calm down ansible and yaml lint in ansible-galaxy  
Thomas Woerner committed
191 192 
      ipareplica_dirman_password:
        "{{ result_ipareplica_master_password.password }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 

  - name: Install - Setup certmonger
    ipareplica_setup_certmonger:
    when: result_ipareplica_prepare._ca_enabled

  - name: Install - Install CA certs
    ipareplica_install_ca_certs:
      ### basic ###
      dm_password: "{{ ipadm_password | default(omit) }}"
      password: "{{ ipaadmin_password | default(omit) }}"
      ip_addresses: "{{ ipareplica_ip_addresses | default([]) }}"
      domain: "{{ result_ipareplica_test.domain }}"
      realm: "{{ result_ipareplica_test.realm }}"
      hostname: "{{ result_ipareplica_test.hostname }}"
      ca_cert_files: "{{ ipareplica_ca_cert_files | default([]) }}"
      no_host_dns: "{{ ipareplica_no_host_dns }}"
      ### replica ###
      setup_adtrust: "{{ result_ipareplica_test.setup_adtrust }}"
      setup_kra: "{{ result_ipareplica_test.setup_kra }}"
      setup_dns: "{{ ipareplica_setup_dns }}"
      ### ssl certificate ###
      dirsrv_cert_files: "{{ ipareplica_dirsrv_cert_files | default([]) }}"
      ### client ###
      force_join: "{{ ipaclient_force_join }}"
      ### ad trust ###
      netbios_name: "{{ ipareplica_netbios_name | default(omit) }}"
      rid_base: "{{ ipareplica_rid_base | default(omit) }}"
      secondary_rid_base: "{{ ipareplica_secondary_rid_base | default(omit) }}"
      ### additional ###
      server: "{{ result_ipareplica_test.server }}"
      ccache: "{{ result_ipareplica_prepare.ccache }}"
      installer_ccache: "{{ result_ipareplica_prepare.installer_ccache }}"
      _ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
      _kra_enabled: "{{ result_ipareplica_prepare._kra_enabled }}"
      _dirsrv_pkcs12_info: "{{ result_ipareplica_prepare._dirsrv_pkcs12_info }}"
      _http_pkcs12_info: "{{ result_ipareplica_prepare._http_pkcs12_info }}"
      _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info }}"
      subject_base: "{{ result_ipareplica_prepare.subject_base }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
      _add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
      _ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
      _subject_base: "{{ result_ipareplica_prepare._subject_base }}"
      dirman_password: "{{ ipareplica_dirman_password }}"
      config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
Thomas Woerner's avatar
ipa[server,replica]: Calm down ansible and yaml lint in ansible-galaxy  
Thomas Woerner committed
237 238 
      config_master_host_name:
        "{{ result_ipareplica_prepare.config_master_host_name }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 
      config_ca_host_name: "{{ result_ipareplica_prepare.config_ca_host_name }}"
      config_ips: "{{ result_ipareplica_prepare.config_ips }}"
    register: result_ipareplica_install_ca_certs

  - name: Install - Setup DS
    ipareplica_setup_ds:
      ### basic ###
      dm_password: "{{ ipadm_password | default(omit) }}"
      password: "{{ ipaadmin_password | default(omit) }}"
      ip_addresses: "{{ ipareplica_ip_addresses | default([]) }}"
      domain: "{{ result_ipareplica_test.domain }}"
      realm: "{{ result_ipareplica_test.realm }}"
      hostname: "{{ result_ipareplica_test.hostname }}"
      ca_cert_files: "{{ ipareplica_ca_cert_files | default([]) }}"
      no_host_dns: "{{ ipareplica_no_host_dns }}"
      ### replica ###
      setup_adtrust: "{{ result_ipareplica_test.setup_adtrust }}"
      setup_kra: "{{ result_ipareplica_test.setup_kra }}"
      setup_dns: "{{ ipareplica_setup_dns }}"
      no_pkinit: "{{ ipareplica_no_pkinit }}"
      dirsrv_config_file: "{{ ipareplica_dirsrv_config_file | default(omit) }}"
      ### ssl certificate ###
      dirsrv_cert_files: "{{ ipareplica_dirsrv_cert_files | default([]) }}"
      ### client ###
      force_join: "{{ ipaclient_force_join }}"
      ### ad trust ###
      netbios_name: "{{ ipareplica_netbios_name | default(omit) }}"
      rid_base: "{{ ipareplica_rid_base | default(omit) }}"
      secondary_rid_base: "{{ ipareplica_secondary_rid_base | default(omit) }}"
      ### additional ###
      server: "{{ result_ipareplica_test.server }}"
      ccache: "{{ result_ipareplica_prepare.ccache }}"
      installer_ccache: "{{ result_ipareplica_prepare.installer_ccache }}"
      _ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
      _kra_enabled: "{{ result_ipareplica_prepare._kra_enabled }}"
      _dirsrv_pkcs12_info: "{{ result_ipareplica_prepare._dirsrv_pkcs12_info }}"
      _http_pkcs12_info: "{{ result_ipareplica_prepare._http_pkcs12_info }}"
      _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info }}"
      subject_base: "{{ result_ipareplica_prepare.subject_base }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
      _add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
      _ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
      _subject_base: "{{ result_ipareplica_prepare._subject_base }}"
      dirman_password: "{{ ipareplica_dirman_password }}"
      config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
Thomas Woerner's avatar
ipa[server,replica]: Calm down ansible and yaml lint in ansible-galaxy  
Thomas Woerner committed
284 285 
      config_master_host_name:
        "{{ result_ipareplica_install_ca_certs.config_master_host_name }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 
      config_ca_host_name: "{{ result_ipareplica_prepare.config_ca_host_name }}"
      config_ips: "{{ result_ipareplica_prepare.config_ips }}"
    register: result_ipareplica_setup_ds

  - name: Install - Create IPA conf
    ipareplica_create_ipa_conf:
      ### basic ###
      dm_password: "{{ ipadm_password | default(omit) }}"
      password: "{{ ipaadmin_password | default(omit) }}"
      ip_addresses: "{{ ipareplica_ip_addresses | default([]) }}"
      domain: "{{ result_ipareplica_test.domain }}"
      realm: "{{ result_ipareplica_test.realm }}"
      hostname: "{{ result_ipareplica_test.hostname }}"
      ca_cert_files: "{{ ipareplica_ca_cert_files | default([]) }}"
      no_host_dns: "{{ ipareplica_no_host_dns }}"
      ### replica ###
      setup_adtrust: "{{ result_ipareplica_test.setup_adtrust }}"
      setup_kra: "{{ result_ipareplica_test.setup_kra }}"
      setup_dns: "{{ ipareplica_setup_dns }}"
      ### ssl certificate ###
      dirsrv_cert_files: "{{ ipareplica_dirsrv_cert_files | default([]) }}"
      ### client ###
      force_join: "{{ ipaclient_force_join }}"
      ### ad trust ###
      netbios_name: "{{ ipareplica_netbios_name | default(omit) }}"
      rid_base: "{{ ipareplica_rid_base | default(omit) }}"
      secondary_rid_base: "{{ ipareplica_secondary_rid_base | default(omit) }}"
      ### additional ###
      server: "{{ result_ipareplica_test.server }}"
Thomas Woerner's avatar
ipa[server,replica]: Calm down ansible and yaml lint in ansible-galaxy  
Thomas Woerner committed
315 316 
      config_master_host_name:
        "{{ result_ipareplica_install_ca_certs.config_master_host_name }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 
      ccache: "{{ result_ipareplica_prepare.ccache }}"
      installer_ccache: "{{ result_ipareplica_prepare.installer_ccache }}"
      _ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
      _kra_enabled: "{{ result_ipareplica_prepare._kra_enabled }}"
      _dirsrv_pkcs12_info: "{{ result_ipareplica_prepare._dirsrv_pkcs12_info }}"
      _http_pkcs12_info: "{{ result_ipareplica_prepare._http_pkcs12_info }}"
      _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info }}"
      subject_base: "{{ result_ipareplica_prepare.subject_base }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
      _add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
      _ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
      _subject_base: "{{ result_ipareplica_prepare._subject_base }}"
      dirman_password: "{{ ipareplica_dirman_password }}"

  - name: Install - Setup KRB
    ipareplica_setup_krb:
      ### server ###
      setup_ca: "{{ ipareplica_setup_ca }}"
      setup_kra: "{{ result_ipareplica_test.setup_kra }}"
      no_pkinit: "{{ ipareplica_no_pkinit }}"
      ### certificate system ###
      subject_base: "{{ result_ipareplica_prepare.subject_base }}"
      ### additional ###
Thomas Woerner's avatar
ipa[server,replica]: Calm down ansible and yaml lint in ansible-galaxy  
Thomas Woerner committed
340 341 
      config_master_host_name:
        "{{ result_ipareplica_install_ca_certs.config_master_host_name }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
342 343 344 345 346 347 348 349 350 351 352 353 354 355 
      ccache: "{{ result_ipareplica_prepare.ccache }}"
      _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"

  - name: Install - DS enable SSL
    ipareplica_ds_enable_ssl:
      ### server ###
      setup_ca: "{{ ipareplica_setup_ca }}"
      setup_kra: "{{ result_ipareplica_test.setup_kra }}"
      no_pkinit: "{{ ipareplica_no_pkinit }}"
      dirsrv_config_file: "{{ ipareplica_dirsrv_config_file | default(omit) }}"
      ### certificate system ###
      subject_base: "{{ result_ipareplica_prepare.subject_base }}"
      ### additional ###
Thomas Woerner's avatar
ipa[server,replica]: Calm down ansible and yaml lint in ansible-galaxy  
Thomas Woerner committed
356 357 
      config_master_host_name:
        "{{ result_ipareplica_install_ca_certs.config_master_host_name }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 
      ccache: "{{ result_ipareplica_prepare.ccache }}"
      _ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
      _ca_file: "{{ result_ipareplica_prepare._ca_file }}"
      _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
      dirman_password: "{{ ipareplica_dirman_password }}"
      ds_ca_subject: "{{ result_ipareplica_setup_ds.ds_ca_subject }}"

  - name: Install - Setup http
    ipareplica_setup_http:
      ### server ###
      setup_ca: "{{ ipareplica_setup_ca }}"
      setup_kra: "{{ result_ipareplica_test.setup_kra }}"
      no_pkinit: "{{ ipareplica_no_pkinit }}"
      no_ui_redirect: "{{ ipareplica_no_ui_redirect }}"
      ### certificate system ###
      subject_base: "{{ result_ipareplica_prepare.subject_base }}"
      ### additional ###
Thomas Woerner's avatar
ipa[server,replica]: Calm down ansible and yaml lint in ansible-galaxy  
Thomas Woerner committed
376 377 
      config_master_host_name:
        "{{ result_ipareplica_install_ca_certs.config_master_host_name }}"
Thomas Woerner's avatar
ipareplica: Add support for 4.7 (4.6.90-pre2)  
Thomas Woerner committed
378 
      config_ca_host_name: "{{ result_ipareplica_prepare.config_ca_host_name }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 
      ccache: "{{ result_ipareplica_prepare.ccache }}"
      _ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
      _ca_file: "{{ result_ipareplica_prepare._ca_file }}"
      _http_pkcs12_info: "{{ result_ipareplica_prepare._http_pkcs12_info }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
      dirman_password: "{{ ipareplica_dirman_password }}"

  - name: Install - Setup otpd
    ipareplica_setup_otpd:
      ### server ###
      setup_ca: "{{ ipareplica_setup_ca }}"
      setup_kra: "{{ result_ipareplica_test.setup_kra }}"
      no_pkinit: "{{ ipareplica_no_pkinit }}"
      no_ui_redirect: "{{ ipareplica_no_ui_redirect }}"
      ### certificate system ###
      subject_base: "{{ result_ipareplica_prepare.subject_base }}"
      ### additional ###
Thomas Woerner's avatar
ipa[server,replica]: Calm down ansible and yaml lint in ansible-galaxy  
Thomas Woerner committed
396 397 
      config_master_host_name:
        "{{ result_ipareplica_install_ca_certs.config_master_host_name }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 
      ccache: "{{ result_ipareplica_prepare.ccache }}"
      _ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
      _ca_file: "{{ result_ipareplica_prepare._ca_file }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
      dirman_password: "{{ ipareplica_dirman_password }}"

  - name: Install - Setup custodia
    ipareplica_setup_custodia:
      ### server ###
      setup_ca: "{{ ipareplica_setup_ca }}"
      setup_kra: "{{ result_ipareplica_test.setup_kra }}"
      no_pkinit: "{{ ipareplica_no_pkinit }}"
      no_ui_redirect: "{{ ipareplica_no_ui_redirect }}"
      ### certificate system ###
      subject_base: "{{ result_ipareplica_prepare.subject_base }}"
      ### additional ###
Thomas Woerner's avatar
ipa[server,replica]: Calm down ansible and yaml lint in ansible-galaxy  
Thomas Woerner committed
414 415 
      config_master_host_name:
        "{{ result_ipareplica_prepare.config_master_host_name }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 
      ccache: "{{ result_ipareplica_prepare.ccache }}"
      _ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
      _ca_file: "{{ result_ipareplica_prepare._ca_file }}"
      _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
      dirman_password: "{{ ipareplica_dirman_password }}"

  - name: Install - Setup CA
    ipareplica_setup_ca:
      ### server ###
      setup_ca: "{{ ipareplica_setup_ca }}"
      setup_kra: "{{ result_ipareplica_test.setup_kra }}"
      no_pkinit: "{{ ipareplica_no_pkinit }}"
      no_ui_redirect: "{{ ipareplica_no_ui_redirect }}"
      ### certificate system ###
      subject_base: "{{ result_ipareplica_prepare.subject_base }}"
      ### additional ###
      ccache: "{{ result_ipareplica_prepare.ccache }}"
      _ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
      _ca_file: "{{ result_ipareplica_prepare._ca_file }}"
      _ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
      _subject_base: "{{ result_ipareplica_prepare._subject_base }}"
      _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
      dirman_password: "{{ ipareplica_dirman_password }}"
      config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
Thomas Woerner's avatar
ipa[server,replica]: Calm down ansible and yaml lint in ansible-galaxy  
Thomas Woerner committed
442 443 444 445 
      config_master_host_name:
        "{{ result_ipareplica_install_ca_certs.config_master_host_name }}"
      config_ca_host_name:
        "{{ result_ipareplica_install_ca_certs.config_ca_host_name }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
446 447 448 449 450 451 452 453 454 
      config_ips: "{{ result_ipareplica_prepare.config_ips }}"
    when: result_ipareplica_prepare._ca_enabled

  - name: Install - KRB enable SSL
    ipareplica_krb_enable_ssl:
      ### server ###
      setup_ca: "{{ ipareplica_setup_ca }}"
      setup_kra: "{{ result_ipareplica_test.setup_kra }}"
      no_pkinit: "{{ ipareplica_no_pkinit }}"
Thomas Woerner's avatar
ipa[server,replica]: Calm down ansible and yaml lint in ansible-galaxy  
Thomas Woerner committed
455 
      # no_ui_redirect: "{{ ipareplica_no_ui_redirect }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
456 457 458 
      ### certificate system ###
      subject_base: "{{ result_ipareplica_prepare.subject_base }}"
      ### additional ###
Thomas Woerner's avatar
ipa[server,replica]: Calm down ansible and yaml lint in ansible-galaxy  
Thomas Woerner committed
459 460 
      config_master_host_name:
        "{{ result_ipareplica_install_ca_certs.config_master_host_name }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 
      ccache: "{{ result_ipareplica_prepare.ccache }}"
      _ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
      _ca_file: "{{ result_ipareplica_prepare._ca_file }}"
      _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
      dirman_password: "{{ ipareplica_dirman_password }}"

  - name: Install - DS apply updates
    ipareplica_ds_apply_updates:
      ### server ###
      setup_ca: "{{ ipareplica_setup_ca }}"
      setup_kra: "{{ result_ipareplica_test.setup_kra }}"
      no_pkinit: "{{ ipareplica_no_pkinit }}"
      no_ui_redirect: "{{ ipareplica_no_ui_redirect }}"
      dirsrv_config_file: "{{ ipareplica_dirsrv_config_file | default(omit) }}"
      ### certificate system ###
      subject_base: "{{ result_ipareplica_prepare.subject_base }}"
      ### additional ###
Thomas Woerner's avatar
ipa[server,replica]: Calm down ansible and yaml lint in ansible-galaxy  
Thomas Woerner committed
479 480 
      config_master_host_name:
        "{{ result_ipareplica_install_ca_certs.config_master_host_name }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 
      ccache: "{{ result_ipareplica_prepare.ccache }}"
      _ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
      _ca_file: "{{ result_ipareplica_prepare._ca_file }}"
      _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
      dirman_password: "{{ ipareplica_dirman_password }}"
      ds_ca_subject: "{{ result_ipareplica_setup_ds.ds_ca_subject }}"

  - name: Install - Setup kra
    ipareplica_setup_kra:
      ### basic ###
      dm_password: "{{ ipadm_password | default(omit) }}"
      password: "{{ ipaadmin_password | default(omit) }}"
      ip_addresses: "{{ ipareplica_ip_addresses | default([]) }}"
      domain: "{{ result_ipareplica_test.domain }}"
      realm: "{{ result_ipareplica_test.realm }}"
      hostname: "{{ result_ipareplica_test.hostname }}"
      ca_cert_files: "{{ ipareplica_ca_cert_files | default([]) }}"
      no_host_dns: "{{ ipareplica_no_host_dns }}"
      ### replica ###
      setup_adtrust: "{{ result_ipareplica_test.setup_adtrust }}"
      setup_ca: "{{ ipareplica_setup_ca }}"
      setup_kra: "{{ result_ipareplica_test.setup_kra }}"
      setup_dns: "{{ ipareplica_setup_dns }}"
      ### ssl certificate ###
      dirsrv_cert_files: "{{ ipareplica_dirsrv_cert_files | default([]) }}"
      ### client ###
      force_join: "{{ ipaclient_force_join }}"
      ### certificate system ###
      subject_base: "{{ result_ipareplica_prepare.subject_base }}"
      ### additional ###
      server: "{{ result_ipareplica_test.server }}"
Thomas Woerner's avatar
ipa[server,replica]: Calm down ansible and yaml lint in ansible-galaxy  
Thomas Woerner committed
513 514 
      config_master_host_name:
        "{{ result_ipareplica_prepare.config_master_host_name }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 
      ccache: "{{ result_ipareplica_prepare.ccache }}"
      installer_ccache: "{{ result_ipareplica_prepare.installer_ccache }}"
      _ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
      _kra_enabled: "{{ result_ipareplica_prepare._kra_enabled }}"
      _dirsrv_pkcs12_info: "{{ result_ipareplica_prepare._dirsrv_pkcs12_info }}"
      _http_pkcs12_info: "{{ result_ipareplica_prepare._http_pkcs12_info }}"
      _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
      _add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
      _ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
      _subject_base: "{{ result_ipareplica_prepare._subject_base }}"
    when: result_ipareplica_test.setup_kra

  - name: Install - Restart KDC
    ipareplica_restart_kdc:
      ### server ###
      setup_ca: "{{ ipareplica_setup_ca }}"
      setup_kra: "{{ result_ipareplica_test.setup_kra }}"
      no_pkinit: "{{ ipareplica_no_pkinit }}"
      no_ui_redirect: "{{ ipareplica_no_ui_redirect }}"
      ### certificate system ###
      subject_base: "{{ result_ipareplica_prepare.subject_base }}"
      ### additional ###
Thomas Woerner's avatar
ipa[server,replica]: Calm down ansible and yaml lint in ansible-galaxy  
Thomas Woerner committed
538 539 
      config_master_host_name:
        "{{ result_ipareplica_install_ca_certs.config_master_host_name }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
540 541 542 
      ccache: "{{ result_ipareplica_prepare.ccache }}"
      _ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
      _ca_file: "{{ result_ipareplica_prepare._ca_file }}"
Thomas Woerner's avatar
ipa[server,replica]: Calm down ansible and yaml lint in ansible-galaxy  
Thomas Woerner committed
543 
      # _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
544 545 546 547 548 549 550 551 552 553 554 555 556 
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
      dirman_password: "{{ ipareplica_dirman_password }}"

  - name: Install - Custodia import dm password
    ipareplica_custodia_import_dm_password:
      ### server ###
      setup_ca: "{{ ipareplica_setup_ca }}"
      setup_kra: "{{ result_ipareplica_test.setup_kra }}"
      no_pkinit: "{{ ipareplica_no_pkinit }}"
      no_ui_redirect: "{{ ipareplica_no_ui_redirect }}"
      ### certificate system ###
      subject_base: "{{ result_ipareplica_prepare.subject_base }}"
      ### additional ###
Thomas Woerner's avatar
ipa[server,replica]: Calm down ansible and yaml lint in ansible-galaxy  
Thomas Woerner committed
557 558 
      config_master_host_name:
        "{{ result_ipareplica_prepare.config_master_host_name }}"
Thomas Woerner's avatar
ipareplica/library/ipareplica_custodia_import_dm_password: Also use custodia here  
Thomas Woerner committed
559 
      config_ca_host_name: "{{ result_ipareplica_prepare.config_ca_host_name }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
560 561 562 563 564 565 
      ccache: "{{ result_ipareplica_prepare.ccache }}"
      _ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
      _ca_file: "{{ result_ipareplica_prepare._ca_file }}"
      _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
      dirman_password: "{{ ipareplica_dirman_password }}"
Thomas Woerner's avatar
ipareplica/library/ipareplica_custodia_import_dm_password: Also use custodia here  
Thomas Woerner committed
566 
      config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
567 568 569 570 571 572 573 574 575 576 577 

  - name: Install - Promote SSSD
    ipareplica_promote_sssd:
      ### replica ###
      setup_kra: "{{ result_ipareplica_test.setup_kra }}"
      ### certificate system ###
      subject_base: "{{ result_ipareplica_prepare.subject_base }}"
      ### additional ###
      ccache: "{{ result_ipareplica_prepare.ccache }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
      config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
Thomas Woerner's avatar
ipa[server,replica]: Calm down ansible and yaml lint in ansible-galaxy  
Thomas Woerner committed
578 579 
      config_master_host_name:
        "{{ result_ipareplica_prepare.config_master_host_name }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
580 581 582 583 584 585 586 587 588 589 590 

  - name: Install - Promote openldap.conf
    ipareplica_promote_openldap_conf:
      ### replica ###
      setup_kra: "{{ result_ipareplica_test.setup_kra }}"
      ### certificate system ###
      subject_base: "{{ result_ipareplica_prepare.subject_base }}"
      ### additional ###
      ccache: "{{ result_ipareplica_prepare.ccache }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
      config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
Thomas Woerner's avatar
ipa[server,replica]: Calm down ansible and yaml lint in ansible-galaxy  
Thomas Woerner committed
591 592 
      config_master_host_name:
        "{{ result_ipareplica_prepare.config_master_host_name }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
593 594 595 596 597 598 599 600 601 

  - name: Install - Setup DNS
    ipareplica_setup_dns:
      ### server ###
      setup_dns: "{{ ipareplica_setup_dns }}"
      ### replica ###
      setup_kra: "{{ result_ipareplica_test.setup_kra }}"
      ### certificate system ###
      subject_base: "{{ result_ipareplica_prepare.subject_base }}"
Thomas Woerner's avatar
ipareplica: Fix DNS setup issues  
Thomas Woerner committed
602 603 604 
      ### dns ###
      zonemgr: "{{ ipareplica_zonemgr | default(omit) }}"
      forwarders: "{{ ipareplica_forwarders | default([]) }}"
Thomas Woerner's avatar
ipa[server,replica]: Calm down ansible and yaml lint in ansible-galaxy  
Thomas Woerner committed
605 606 607 
      forward_policy: "{{ result_ipareplica_prepare.forward_policy if
                          result_ipareplica_prepare.forward_policy is
                          not none else omit }}"
Thomas Woerner's avatar
ipareplica: Fix DNS setup issues  
Thomas Woerner committed
608 
      no_dnssec_validation: "{{ ipareplica_no_dnssec_validation }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
609 610 611 
      ### additional ###
      ccache: "{{ result_ipareplica_prepare.ccache }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
Thomas Woerner's avatar
ipareplica: Add support for 4.7 (4.6.90-pre2)  
Thomas Woerner committed
612 
      setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
Thomas Woerner's avatar
ipa[server,replica]: Calm down ansible and yaml lint in ansible-galaxy  
Thomas Woerner committed
613 614 
      config_master_host_name:
        "{{ result_ipareplica_prepare.config_master_host_name }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
615 616 617 618 619 620 621 

  - name: Install - Setup adtrust
    ipareplica_setup_adtrust:
      ### replica ###
      setup_kra: "{{ result_ipareplica_test.setup_kra }}"
      ### certificate system ###
      subject_base: "{{ result_ipareplica_prepare.subject_base }}"
Thomas Woerner's avatar
ipareplica_setup_adtrust: Add missing settings for adtrust and module  
Thomas Woerner committed
622 623 624 625 
      ### ad trust ###
      enable_compat: "{{ ipareplica_enable_compat }}"
      rid_base: "{{ result_ipareplica_prepare.rid_base }}"
      secondary_rid_base: "{{ result_ipareplica_prepare.secondary_rid_base }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
626 627 628 
      ### additional ###
      ccache: "{{ result_ipareplica_prepare.ccache }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
Thomas Woerner's avatar
ipareplica_setup_adtrust: Fix setup_ca, master_host_name and ldap2 backend connection  
Thomas Woerner committed
629 
      setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
Thomas Woerner's avatar
ipa[server,replica]: Calm down ansible and yaml lint in ansible-galaxy  
Thomas Woerner committed
630 631 632 633 634 635 
      config_master_host_name:
        "{{ result_ipareplica_prepare.config_master_host_name }}"
      adtrust_netbios_name:
        "{{ result_ipareplica_prepare.adtrust_netbios_name }}"
      adtrust_reset_netbios_name:
        "{{ result_ipareplica_prepare.adtrust_reset_netbios_name }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
636 637 638 
    when: result_ipareplica_test.setup_adtrust

  - name: Install - Enable IPA
Thomas Woerner's avatar
New ipareplica_enable_ipa: Use of ipaserver_enable_ipa is not possible anymore  
Thomas Woerner committed
639 
    ipareplica_enable_ipa:
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
640 
      hostname: "{{ result_ipareplica_test.hostname }}"
Thomas Woerner's avatar
ipareplica: Add support for hidden replica  
Thomas Woerner committed
641 642 
      hidden_replica: "{{ ipareplica_hidden_replica }}"
      ### server ###
Thomas Woerner's avatar
New ipareplica_enable_ipa: Use of ipaserver_enable_ipa is not possible anymore  
Thomas Woerner committed
643 644 645 646 647 
      ### certificate system ###
      subject_base: "{{ result_ipareplica_prepare.subject_base }}"
      ### additional ###
      ccache: "{{ result_ipareplica_prepare.ccache }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
648 
      setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
Thomas Woerner's avatar
ipa[server,replica]: Calm down ansible and yaml lint in ansible-galaxy  
Thomas Woerner committed
649 650 
      config_master_host_name:
        "{{ result_ipareplica_prepare.config_master_host_name }}"
Thomas Woerner's avatar
New role for ipareplica installation
Thomas Woerner committed
651 652 653 654 655 656 657 
    register: result_ipareplica_enable_ipa

  - name: Install - Cleanup root IPA cache
    file:
      path: "/root/.ipa_cache"
      state: absent
    when: result_ipareplica_enable_ipa.changed
Thomas Woerner's avatar
ipa[server,replica,client]: Do not try to execute tasks after the role test  
Thomas Woerner committed
658
Thomas Woerner's avatar
ipa[server,replica]: Calm down ansible and yaml lint in ansible-galaxy  
Thomas Woerner committed
659 660 661 
  when: not ansible_check_mode and
        not (result_ipareplica_test.client_already_configured is defined or
             result_ipareplica_test.server_already_configured is defined)