From a1287265677999106d0cb58d9eeb064dcf847c2e Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Thu, 22 Nov 2018 11:45:31 +0100
Subject: [PATCH] ipaserver: Delay enabling services until end of installer

Service entries in cn=FQDN,cn=masters,cn=ipa,cn=etc are no longer
created as enabled. Instead they are flagged as configuredService. At
the very end of the installer, the service entries are switched from
configured to enabled service.

This is related to freeipa upstream commit:

Delay enabling services until end of installer:
  https://github.com/freeipa/freeipa/commit/7284097
---
 roles/ipaserver/library/ipaserver_enable_ipa.py | 13 +++++++++++++
 roles/ipaserver/tasks/install.yml               |  1 +
 2 files changed, 14 insertions(+)

diff --git a/roles/ipaserver/library/ipaserver_enable_ipa.py b/roles/ipaserver/library/ipaserver_enable_ipa.py
index 77e4aade..0419c542 100644
--- a/roles/ipaserver/library/ipaserver_enable_ipa.py
+++ b/roles/ipaserver/library/ipaserver_enable_ipa.py
@@ -53,6 +53,7 @@ def main():
     ansible_module = AnsibleModule(
         argument_spec = dict(
             hostname=dict(required=False),
+            setup_dns=dict(required=True, type='bool'),
             setup_ca=dict(required=True, type='bool'),
         ),
     )
@@ -63,6 +64,7 @@ def main():
     # set values #############################################################
 
     options.host_name = ansible_module.params.get('hostname')
+    options.setup_dns = ansible_module.params.get('setup_dns')
     options.setup_ca = ansible_module.params.get('setup_ca')
 
     # Configuration for ipalib, we will bootstrap and finalize later, after
@@ -91,6 +93,17 @@ def main():
         # Make sure the files we crated in /var/run are recreated at startup
         tasks.configure_tmpfiles()
 
+    if hasattr(service, "enable_services"):
+        # Enable configured services and update DNS SRV records
+        service.enable_services(options.host_name)
+        api.Command.dns_update_system_records()
+
+        if not options.setup_dns:
+            # After DNS and AD trust are configured and services are
+            # enabled, create a dummy instance to dump DNS configuration.
+            bind = bindinstance.BindInstance(fstore)
+            bind.create_file_with_system_records()
+
     with redirect_stdout(ansible_log):
         services.knownservices.ipa.enable()
 
diff --git a/roles/ipaserver/tasks/install.yml b/roles/ipaserver/tasks/install.yml
index bc6999a0..c0a9f97b 100644
--- a/roles/ipaserver/tasks/install.yml
+++ b/roles/ipaserver/tasks/install.yml
@@ -358,6 +358,7 @@
   - name: Install - Enable IPA
     ipaserver_enable_ipa:
       hostname: "{{ result_ipaserver_test.hostname }}"
+      setup_dns: "{{ ipaserver_setup_dns }}"
       setup_ca: "{{ result_ipaserver_test.setup_ca }}"
     register: result_ipaserver_enable_ipa
 
-- 
GitLab