From ed91cc1d28906d12ad95d2e567574af30711d8cd Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Mon, 18 Sep 2017 18:00:41 +0200
Subject: [PATCH] New ipaclient_allow_repair switch

When allow_repair is enabled, then the playbook will continue for an
already joined host. The remaining steps ipaconf, ipasssd, krb5, ipaapi,
ipanss and ipaextras will be redone.

If allow_repair is disabled, then the meta module will be
used with the end_play option to stop the processing of the playbook
without an error.
---
 roles/ipaclient/defaults/main.yml | 1 +
 roles/ipaclient/tasks/install.yml | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/roles/ipaclient/defaults/main.yml b/roles/ipaclient/defaults/main.yml
index 5a6eea64..2e2e59ac 100644
--- a/roles/ipaclient/defaults/main.yml
+++ b/roles/ipaclient/defaults/main.yml
@@ -6,3 +6,4 @@ ipaclient_ntp: no
 ipaclient_mkhomedir: no
 ipaclient_kinit_attempts: 5
 ipaclient_use_otp: "false"
+ipaclient_allow_repair: "false"
diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml
index 32fea856..4280879b 100644
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -100,6 +100,13 @@
   register: ipajoin
   when: not ipatest.krb5_keytab_ok
 
+- block:
+  - file:
+      path: "/etc/ipa/.dns_ccache"
+      state: absent
+  - meta: end_play
+  when: not ipaclient_allow_repair | bool and (ipatest.krb5_keytab_ok or ipajoin.already_joined)
+
 - name: Install - Configure IPA default.conf
   include_role:
     name: ipaconf
-- 
GitLab