diff --git a/plugins/modules/ipahostgroup.py b/plugins/modules/ipahostgroup.py
index 285fe51d713b38c1acacc9eaf04ceb73a743c969..57dad3dc4852f951205fd04c9f13ff4139807e7d 100644
--- a/plugins/modules/ipahostgroup.py
+++ b/plugins/modules/ipahostgroup.py
@@ -139,7 +139,7 @@ RETURN = """
from ansible.module_utils.ansible_freeipa_module import \
IPAAnsibleModule, compare_args_ipa, gen_add_del_lists, gen_add_list, \
- gen_intersection_list
+ gen_intersection_list, ensure_fqdn
def find_hostgroup(module, name):
@@ -281,6 +281,15 @@ def main():
ansible_module.fail_json(
msg="Renaming hostgroups is not supported by your IPA version")
+ # If hosts are given, ensure that the hosts are FQDN and also
+ # lowercase to be able to do a proper comparison to exising hosts
+ # in the hostgroup.
+ # Fixes #666 (ipahostgroup not idempotent and with error)
+ if host is not None:
+ default_domain = ansible_module.ipa_get_domain()
+ host = [ensure_fqdn(_host, default_domain).lower()
+ for _host in host]
+
commands = []
for name in names:
diff --git a/tests/hostgroup/test_hostgroup.yml b/tests/hostgroup/test_hostgroup.yml
index 076f76d1bf1cb027e53b7a29134760792efb0b96..d8a7305d3af2275a1944511688f073bbfee66597 100644
--- a/tests/hostgroup/test_hostgroup.yml
+++ b/tests/hostgroup/test_hostgroup.yml
@@ -133,6 +133,19 @@
register: result
failed_when: result.changed or result.failed
+ - name: Ensure hosts db1 and db2 (no FQDN) are member of host-group databases again
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ name: databases
+ state: present
+ host:
+ - db1
+ - db2
+ action: member
+ register: result
+ failed_when: result.changed or result.failed
+
- name: Ensure host-group mysql-server is member of host-group databases
ipahostgroup:
ipaadmin_password: SomeADMINpassword