From 93977765015ecd4e03272ceb648c44a64ccd39d3 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Fri, 31 May 2019 17:22:56 +0200
Subject: [PATCH] ipaclient/tasks/install.yml: Save and restore
 ipaadmin_password with OTP

The generated OTP password is stored into ipaadmin_password. The original
password is now saved and restored later on again.

This fixes the failure with incorrect password while installing the client
part in a replica deployment.
---
 roles/ipaclient/tasks/install.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml
index 3b776008..b7417229 100644
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -138,6 +138,7 @@
     - name: Install - Store the previously obtained OTP
       no_log: yes
       set_fact:
+        ipaadmin_orig_password: "{{ ipaadmin_password }}"
         ipaadmin_password: "{{ result_ipaclient_get_otp.host.randompassword
                                if result_ipaclient_get_otp.host is defined }}"
 
@@ -347,6 +348,12 @@
             not ipaclient_allow_repair | bool and not ipaclient_force_join | bool)
 
   always:
+  - name: Install - Restore original admin password if overwritten by OTP
+    no_log: yes
+    set_fact:
+        ipaadmin_password: "{{ ipaadmin_orig_password }}"
+    when: ipaclient_use_otp | bool and ipaadmin_orig_password is defined
+
   - name: Cleanup leftover ccache
     file:
       path: "/etc/ipa/.dns_ccache"
-- 
GitLab