ipaclient/tasks/install.yml: Save and restore ipaadmin_password with OTP

The generated OTP password is stored into ipaadmin_password. The original password is now saved and restored later on again. This fixes the failure with incorrect password while installing the client part in a replica deployment.

ipaclient/tasks/install.yml: Save and restore ipaadmin_password with OTP
93977765 · Thomas Woerner · be04079f · 93977765
Commit 93977765 authored May 31, 2019 by Thomas Woerner
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -138,6 +138,7 @@
    - name: Install - Store the previously obtained OTP
      no_log: yes
      set_fact:
+        ipaadmin_orig_password: "{{ ipaadmin_password }}"
        ipaadmin_password: "{{ result_ipaclient_get_otp.host.randompassword
                               if result_ipaclient_get_otp.host is defined }}"

@@ -347,6 +348,12 @@
            not ipaclient_allow_repair | bool and not ipaclient_force_join | bool)

  always:
+  - name: Install - Restore original admin password if overwritten by OTP
+    no_log: yes
+    set_fact:
+        ipaadmin_password: "{{ ipaadmin_orig_password }}"
+    when: ipaclient_use_otp | bool and ipaadmin_orig_password is defined
+
  - name: Cleanup leftover ccache
    file:
      path: "/etc/ipa/.dns_ccache"