library/ipajoin.py: Fail for already joined hosts if krb5.keytab is missing

It is not possible to restore a missing krb5.keytab using the admin credential. Therefore the only way is to fail in this case.

library/ipajoin.py: Fail for already joined hosts if krb5.keytab is missing
86079423 · Thomas Woerner · 375500df · 86079423
Commit 86079423 authored 7 years ago by Thomas Woerner
--- a/library/ipajoin.py
+++ b/library/ipajoin.py
@@ -332,6 +332,10 @@ def main():
            changed = True
            module.log("Enrolled in IPA realm %s" % realm)

+        # Fix missing krb5.keytab file for already joined host
+        if already_joined and not os.path.exists(paths.KRB5_KEYTAB):
+            module.fail_json(msg="krb5.keytab missing! Retry with ipaclient_force_join=yes to generate a new one.")
+
        start = stderr.find('Certificate subject base is: ')
        if start >= 0:
            start = start + 29