From 2372e5b98d226d5cbede9a9503ac3d2a4b33369a Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Mon, 17 Jun 2019 11:14:02 +0200
Subject: [PATCH] ipaclient: Report error message if ipaclient_get_otp failed

Currently the error message of ipaclient_get_otp is not visble if it failed
due to the use of no_log. The no_log option is needed and useful if the
one-time password has successfully been generated, but is bad if there was
an error while generating the password, for example if a clock skew has been
detected.

There is now a new task to print the error message if ipaclient_get_otp. The
task for ipaclient_get_otp has been marked with "ignore_errors: yes" and
the new task "Install - Report error for OTP generation" will always fail
and only be used if result_ipaclient_get_otp is failed.
---
 roles/ipaclient/tasks/install.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml
index ca024a13..d9849cc5 100644
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -129,6 +129,13 @@
                        in result_ipaclient_get_otp.msg
       delegate_to: "{{ result_ipaclient_test.servers[0] }}"
       delegate_facts: yes
+      ignore_errors: yes
+
+    - name: Install - Report error for OTP generation
+      debug:
+        msg: "{{ result_ipaclient_get_otp.msg }}"
+      when: result_ipaclient_get_otp is failed
+      failed_when: yes
 
     - name: Install - Store the previously obtained OTP
       no_log: yes
-- 
GitLab