From f366fb5270c00d289721562d4b8582d48407bf89 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Fri, 15 Sep 2017 15:39:07 +0200
Subject: [PATCH] roles/ipaclient/tasks/install.yml: Purge realm from keytab
also needed for force_join
For force_join it is also needed to purge the realm information from the
keytab, otherwise new entries will be added with every join.
---
roles/ipaclient/tasks/install.yml | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml
index ddb82f9d..febc6398 100644
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -47,14 +47,6 @@
set_fact:
ipaclient_password: "{{ ipahost_output.host.randompassword if ipahost_output.host is defined }}"
- - name: Install - Purge {{ ipadiscovery.realm }} from existing host keytab
- command: /usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r "{{ ipadiscovery.realm }}"
- register: iparmkeytab
- # Do not fail on error codes 3 and 5:
- # 3 - Unable to open keytab
- # 5 - Principal name or realm not found in keytab
- failed_when: iparmkeytab.rc != 0 and iparmkeytab.rc != 3 and iparmkeytab.rc != 5
-
when: ipaclient_use_otp | bool
- name: Install - Check if principal and keytab are set
@@ -65,6 +57,15 @@
fail: msg="At least one of password or keytab must be specified"
when: (ipaclient_password is undefined or ipaclient_password == "") and (ipaclient_keytab is undefined or ipaclient_keytab == "")
+- name: Install - Purge {{ ipadiscovery.realm }} from host keytab
+ command: /usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r "{{ ipadiscovery.realm }}"
+ register: iparmkeytab
+ # Do not fail on error codes 3 and 5:
+ # 3 - Unable to open keytab
+ # 5 - Principal name or realm not found in keytab
+ failed_when: iparmkeytab.rc != 0 and iparmkeytab.rc != 3 and iparmkeytab.rc != 5
+ when: ipaclient_use_otp | bool or ipaclient_force_join | bool
+
- name: Install - Join IPA
ipajoin:
servers: "{{ ipadiscovery.servers }}"
--
GitLab