From 3e03d7f44d7f3cd2e17e8c59b3196a1c7aa288a5 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Fri, 9 Feb 2018 16:53:48 +0100
Subject: [PATCH] ipaclient/tasks/install: Fix client installation on master
within server role
The client role is used also while installing the server. There has been an
issue where the server installation has not been complete because of a
playbook termination in the client.
This has been fixed and the client and also the server are fully configured
in the server installation.
---
roles/ipaclient/tasks/install.yml | 17 +++++++++--------
roles/ipaserver/tasks/install.yml | 20 ++++++++++----------
2 files changed, 19 insertions(+), 18 deletions(-)
diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml
index 8007b844..3df5cff9 100644
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -43,7 +43,6 @@
kdc: "{{ ipadiscovery.kdc }}"
kinit_attempts: "{{ ipaclient_kinit_attempts | default(omit) }}"
register: ipatest
- when: not ipaclient_on_master | bool
- name: Install - Disable One-Time Password for client with working krb5.keytab
set_fact:
@@ -84,13 +83,15 @@
when: ipaclient_use_otp | bool
- - name: Install - Check if principal and keytab are set
- fail: msg="Principal and keytab cannot be used together"
- when: ipaadmin_principal is defined and ipaadmin_principal != "" and ipaclient_keytab is defined and ipaclient_keytab != ""
+ - block:
+ - name: Install - Check if principal and keytab are set
+ fail: msg="Principal and keytab cannot be used together"
+ when: ipaadmin_principal is defined and ipaadmin_principal != "" and ipaclient_keytab is defined and ipaclient_keytab != ""
- - name: Install - Check if one of password and keytab are set
- fail: msg="At least one of password or keytab must be specified"
- when: not ipatest.krb5_keytab_ok and (ipaadmin_password is undefined or ipaadmin_password == "") and (ipaclient_keytab is undefined or ipaclient_keytab == "")
+ - name: Install - Check if one of password and keytab are set
+ fail: msg="At least one of password or keytab must be specified"
+ when: not ipatest.krb5_keytab_ok and (ipaadmin_password is undefined or ipaadmin_password == "") and (ipaclient_keytab is undefined or ipaclient_keytab == "")
+ when: not ipaclient_on_master | bool
- name: Install - Purge {{ ipadiscovery.realm }} from host keytab
command: >
@@ -203,7 +204,7 @@
realm: "{{ ipadiscovery.realm }}"
basedn: "{{ ipadiscovery.basedn }}"
allow_repair: "{{ ipaclient_allow_repair }}"
- when: ipatest.krb5_keytab_ok and not ipatest.ca_crt_exists
+ when: not ipaclient_on_master | bool and ipatest.krb5_keytab_ok and not ipatest.ca_crt_exists
- name: Install - Create IPA NSS database
ipanss:
diff --git a/roles/ipaserver/tasks/install.yml b/roles/ipaserver/tasks/install.yml
index f621ecad..de914c8b 100644
--- a/roles/ipaserver/tasks/install.yml
+++ b/roles/ipaserver/tasks/install.yml
@@ -324,16 +324,16 @@
name: ipaclient
vars:
state: present
- on_master: yes
- domain: "{{ result_ipaserver_test.domain }}"
- realm: "{{ result_ipaserver_test.realm }}"
- server: "{{ result_ipaserver_test.hostname }}"
- hostname: "{{ result_ipaserver_test.hostname }}"
- #no_dns_sshfp: "{{ ipaclient_no_dns_sshfp }}"
- #ssh_trust_dns: "{{ ipaclient_ssh_trust_dns }}"
- #no_ssh: "{{ ipaclient_no_ssh }}"
- #no_sshd: "{{ ipaclient_no_sshd }}"
- mkhomedir: "{{ ipaclient_mkhomedir }}"
+ ipaclient_on_master: yes
+ ipaclient_domain: "{{ result_ipaserver_test.domain }}"
+ ipaclient_realm: "{{ result_ipaserver_test.realm }}"
+ ipaclient_server: "{{ result_ipaserver_test.hostname }}"
+ ipaclient_hostname: "{{ result_ipaserver_test.hostname }}"
+ #ipaclient_no_dns_sshfp: "{{ ipaclient_no_dns_sshfp }}"
+ #ipaclient_ssh_trust_dns: "{{ ipaclient_ssh_trust_dns }}"
+ #ipaclient_no_ssh: "{{ ipaclient_no_ssh }}"
+ #ipaclient_no_sshd: "{{ ipaclient_no_sshd }}"
+ #ipaclient_mkhomedir: "{{ ipaclient_mkhomedir }}"
#- name: Install - Setup client
# command: >
--
GitLab