From a6ee0d07562c2a7249e35062e32f6c99d5b39eca Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Mon, 25 Mar 2019 19:46:07 +0100
Subject: [PATCH] ipaclient: End install if already installed and no
 allow_repair and force_join

If the client is already installed and the allow_repair and force_join
options are not set end the playbook processing. This is useful if an
inventory file contains existing and new machines.
---
 roles/ipaclient/library/ipaclient_test.py | 13 +++++++++----
 roles/ipaclient/tasks/install.yml         |  3 +++
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/roles/ipaclient/library/ipaclient_test.py b/roles/ipaclient/library/ipaclient_test.py
index a3dead2a..44479297 100644
--- a/roles/ipaclient/library/ipaclient_test.py
+++ b/roles/ipaclient/library/ipaclient_test.py
@@ -848,14 +848,18 @@ def main():
 
     # Check if ipa client is already configured
     if is_client_configured():
+        client_already_configured = True
+
         # Check that realm and domain match
         current_config = get_ipa_conf()
         if cli_domain != current_config.get('domain'):
-            return module.fail_json(msg="IPA client already installed "
-                                        "with a conflicting domain")
+            module.fail_json(msg="IPA client already installed "
+                             "with a conflicting domain")
         if cli_realm != current_config.get('realm'):
-            return module.fail_json(msg="IPA client already installed "
-                                        "with a conflicting realm")
+            module.fail_json(msg="IPA client already installed "
+                             "with a conflicting realm")
+    else:
+        client_already_configured = False
 
     # Done
     module.exit_json(changed=False,
@@ -868,6 +872,7 @@ def main():
                      client_domain=client_domain,
                      dnsok=dnsok,
                      sssd=options.sssd,
+                     client_already_configured=client_already_configured,
                      ipa_python_version=IPA_PYTHON_VERSION)
 
 if __name__ == '__main__':
diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml
index 03c39107..0b70d02a 100644
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -53,6 +53,9 @@
     enable_dns_updates: "{{ ipassd_enable_dns_updates }}"
   register: result_ipaclient_test
 
+- meta: end_play
+  when: result_ipaclient_test.client_already_configured and not ipaclient_allow_repair | bool and not ipaclient_force_join | bool
+
 - name: Install - Set default principal if no keytab is given
   set_fact:
     ipaadmin_principal: admin
-- 
GitLab