ipaclient: Calm down ansible and yaml lint in ansible-galaxy

65fb75fe · Thomas Woerner · d08291be · 65fb75fe · 65fb75fe · 65fb75fe
Commit 65fb75fe authored May 3, 2019 by Thomas Woerner
--- a/roles/ipaclient/meta/main.yml
+++ b/roles/ipaclient/meta/main.yml
@@ -13,7 +13,7 @@ galaxy_info:
  - name: EL
    versions:
    - 7
-    - 8
+    # - 8
  galaxy_tags:
    - identity
    - ipa

--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -19,9 +19,11 @@
 - name: Install - Set ipaclient_servers from cluster inventory
  set_fact:
    ipaclient_servers: "{{ groups['ipaserver'] | list }}"
-  when: ipaclient_no_dns_lookup | bool and groups.ipaserver is defined and ipaclient_servers is not defined
+  when: ipaclient_no_dns_lookup | bool and groups.ipaserver is defined and
+        ipaclient_servers is not defined

- fail: msg="ipaadmin_principal and ipaadmin_keytab cannot be used together"
+- name: Install - Check that either principal or keytab is set
+  fail: msg="ipaadmin_principal and ipaadmin_keytab cannot be used together"
  when: ipaadmin_keytab is defined and ipaadmin_principal is defined

 - name: Install - Set default principal if no keytab is given
@@ -81,10 +83,13 @@
      kinit_attempts: "{{ ipaclient_kinit_attempts | default(omit) }}"
    register: result_ipaclient_test_keytab

-  - name: Install - Disable One-Time Password for client with working krb5.keytab
+  - name: Install - Disable One-Time Password for client with working
+          krb5.keytab
    set_fact:
      ipaclient_use_otp: "no"
-    when: ipaclient_use_otp | bool and result_ipaclient_test_keytab.krb5_keytab_ok and not ipaclient_force_join | bool
+    when: ipaclient_use_otp | bool and
+          result_ipaclient_test_keytab.krb5_keytab_ok and
+          not ipaclient_force_join | bool

  # The following block is executed when using OTP to enroll IPA client
  # ie when ipaclient_use_otp is set.
@@ -93,7 +98,8 @@
  # If a keytab is specified in the hostent, then the hostent will be disabled
  # if ipaclient_use_otp is set.
  - block:
-    - fail: msg="Keytab or password is required for otp"
+    - name: Install - Keytab or password is required for otp
+      fail: msg="Keytab or password is required for otp"
      when: ipaadmin_keytab is undefined and ipaadmin_password is undefined

    - name: Install - Save client ansible_python_interpreter setting
@@ -105,7 +111,7 @@
      delegate_to: "{{ result_ipaclient_test.servers[0] }}"

    - name: Install - Get One-Time Password for client enrollment
-      #no_log: yes
+      no_log: yes
      ipaclient_get_otp:
        state: present
        principal: "{{ ipaadmin_principal | default('admin') }}"
@@ -118,14 +124,17 @@
      register: result_ipaclient_get_otp
      # If the host is already enrolled, this command will exit on error
      # The error can be ignored
-      failed_when: result_ipaclient_get_otp is failed and "Password cannot be set on enrolled host" not in result_ipaclient_get_otp.msg
+      failed_when: result_ipaclient_get_otp is failed and
+                   "Password cannot be set on enrolled host" not
+                       in result_ipaclient_get_otp.msg
      delegate_to: "{{ result_ipaclient_test.servers[0] }}"
-      delegate_facts: True
+      delegate_facts: yes

    - name: Install - Store the previously obtained OTP
      no_log: yes
      set_fact:
-        ipaadmin_password: "{{ result_ipaclient_get_otp.host.randompassword if result_ipaclient_get_otp.host is defined }}"
+        ipaadmin_password: "{{ result_ipaclient_get_otp.host.randompassword
+                               if result_ipaclient_get_otp.host is defined }}"

    - name: Install - Restore client ansible_python_interpreter setting
      set_fact:
@@ -144,11 +153,14 @@

    - name: Install - Check if principal and keytab are set
      fail: msg="Principal and keytab cannot be used together"
-      when: ipaadmin_principal is defined and ipaadmin_principal != "" and ipaclient_keytab is defined and ipaclient_keytab != ""
+      when: ipaadmin_principal is defined and ipaadmin_principal|length > 0
+            and ipaclient_keytab is defined and ipaclient_keytab|length > 0

    - name: Install - Check if one of password and keytab are set
      fail: msg="At least one of password or keytab must be specified"
-      when: not result_ipaclient_test_keytab.krb5_keytab_ok and (ipaadmin_password is undefined or ipaadmin_password == "") and (ipaclient_keytab is undefined or ipaclient_keytab == "")
+      when: not result_ipaclient_test_keytab.krb5_keytab_ok and
+            (ipaadmin_password is undefined or ipaadmin_password == "") and
+            (ipaclient_keytab is undefined or ipaclient_keytab == "")
    when: not ipaclient_on_master | bool

  - name: Install - Purge {{ result_ipaclient_test.realm }} from host keytab
@@ -160,7 +172,8 @@
    # Do not fail on error codes 3 and 5:
    #   3 - Unable to open keytab
    #   5 - Principal name or realm not found in keytab
-    failed_when: result_ipa_rmkeytab.rc != 0 and result_ipa_rmkeytab.rc != 3 and result_ipa_rmkeytab.rc != 5
+    failed_when: result_ipa_rmkeytab.rc != 0 and
+                 result_ipa_rmkeytab.rc != 3 and result_ipa_rmkeytab.rc != 5
    when: ipaclient_use_otp | bool or ipaclient_force_join | bool

  - name: Install - Backup and set hostname
@@ -177,25 +190,36 @@
      basedn: "{{ result_ipaclient_test.basedn }}"
      hostname: "{{ result_ipaclient_test.hostname }}"
      force_join: "{{ ipaclient_force_join | default(omit) }}"
-      principal: "{{ ipaadmin_principal if not ipaclient_use_otp | bool and ipaclient_keytab is not defined else '' }}"
+      principal: "{{ ipaadmin_principal if not ipaclient_use_otp | bool and
+                     ipaclient_keytab is not defined else '' }}"
      password: "{{ ipaadmin_password | default(omit) }}"
      keytab: "{{ ipaclient_keytab | default(omit) }}"
      # ca_cert_file: "{{ ipaclient_ca_cert_file | default(omit) }}"
      kinit_attempts: "{{ ipaclient_kinit_attempts | default(omit) }}"
    register: result_ipaclient_join
-    when: not ipaclient_on_master | bool and (not result_ipaclient_test_keytab.krb5_keytab_ok or ipaclient_force_join)
+    when: not ipaclient_on_master | bool and
+          (not result_ipaclient_test_keytab.krb5_keytab_ok or
+              ipaclient_force_join)

  - block:
    - fail:
-        msg: "The krb5 configuration is not correct, please enable allow_repair to fix this."
+        msg: >
+          The krb5 configuration is not correct, please enable allow_repair
+          to fix this.
      when: not result_ipaclient_test_keytab.krb5_conf_ok
    - fail:
        msg: "The IPA test failed, please enable allow_repair to fix this."
      when: not result_ipaclient_test_keytab.ping_test_ok
    - fail:
-        msg: "The ca.crt file is missing, please enable allow_repair to fix this."
+        msg: >
+          The ca.crt file is missing, please enable allow_repair to fix this.
      when: not result_ipaclient_test_keytab.ca_crt_exists
-    when: not ipaclient_on_master | bool and not result_ipaclient_join.changed and not ipaclient_allow_repair | bool and (result_ipaclient_test_keytab.krb5_keytab_ok or (result_ipaclient_join.already_joined is defined and result_ipaclient_join.already_joined))
+    when: not ipaclient_on_master | bool and
+          not result_ipaclient_join.changed and
+          not ipaclient_allow_repair | bool and
+          (result_ipaclient_test_keytab.krb5_keytab_ok or
+              (result_ipaclient_join.already_joined is defined and
+                  result_ipaclient_join.already_joined))

  - block:
    - name: Install - Configure IPA default.conf
@@ -252,7 +276,9 @@
        realm: "{{ result_ipaclient_test.realm }}"
        basedn: "{{ result_ipaclient_test.basedn }}"
        allow_repair: "{{ ipaclient_allow_repair }}"
-      when: not ipaclient_on_master | bool and result_ipaclient_test_keytab.krb5_keytab_ok and not result_ipaclient_test_keytab.ca_crt_exists
+      when: not ipaclient_on_master | bool and
+            result_ipaclient_test_keytab.krb5_keytab_ok and
+            not result_ipaclient_test_keytab.ca_crt_exists

    - name: Install - Create IPA NSS database
      ipaclient_setup_nss:
@@ -304,9 +330,16 @@
        nisdomain: "{{ ipaclient_nisdomain | default(omit) }}"
      when: not ipaclient_no_nisdomain | bool

-    when: not (not ipaclient_on_master | bool and not result_ipaclient_join.changed and not ipaclient_allow_repair | bool and (result_ipaclient_test_keytab.krb5_keytab_ok or (result_ipaclient_join.already_joined is defined and result_ipaclient_join.already_joined)))
+    when: not (not ipaclient_on_master | bool and
+          not result_ipaclient_join.changed and
+          not ipaclient_allow_repair | bool
+              and (result_ipaclient_test_keytab.krb5_keytab_ok
+              or (result_ipaclient_join.already_joined is defined
+              and result_ipaclient_join.already_joined)))

-  when: not ansible_check_mode and not (result_ipaclient_test.client_already_configured and not ipaclient_allow_repair | bool and not ipaclient_force_join | bool)
+  when: not ansible_check_mode and
+  not (result_ipaclient_test.client_already_configured and
+      not ipaclient_allow_repair | bool and not ipaclient_force_join | bool)

  always:
  - name: Cleanup leftover ccache

--- a/roles/ipaclient/tasks/python_2_3_test.yml
+++ b/roles/ipaclient/tasks/python_2_3_test.yml
+---
 - block:
  - name: Verify Python3 import
    script: py3test.py

--- a/roles/ipaclient/tasks/uninstall.yml
+++ b/roles/ipaclient/tasks/uninstall.yml