Fix logic trying to obtain a keytab

When ipahost is run to generate an OTP and the host is already existing, the OTP is properly generated but ipa-join will fail if the host is already enrolled (ie when it has a keytab). Add a step calling ipa host-disable to erase OTP and keytab before requesting an OTP.

Fix logic trying to obtain a keytab
c824cf67 · Florence Blanc-Renaud · 38d72233 · c824cf67
Commit c824cf67 authored 7 years ago by Florence Blanc-Renaud
--- a/library/ipahost.py
+++ b/library/ipahost.py
@@ -197,6 +197,12 @@ def ensure_host_present(module, api, ipahost):
        if module.check_mode:
            module.exit_json(changed=True)

+        # If we want to create a random password, and the host
+        # already has Keytab: true, then we need first to run
+        # ipa host-disable in order to remove OTP and keytab
+        if module.params.get('random') and ipahost['has_keytab'] == True:
+            api.Command.host_disable(fqdn)
+
        result = api.Command.host_mod(fqdn, **diffs)
        # Save random password as it is not displayed by host-show
        if module.params.get('random'):