library/ipadiscovery.py: New module for ipa discovery

The module is doing the same discovery that ipa-client-install is doing internally. The results are saved into a structure named ipadiscovery for the ansible module. The discovery module is needed to be able to not depend on the definition of the ipaservers group for example to get otp passwords, to be able to join and to configure sssd and other services corretly.
2026-05-14 13:32:10 +00:00 · 2017-08-23 20:40:46 +02:00
parent 97be0612fb
commit 07a15c56e8
2 changed files with 294 additions and 1 deletions
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -1,6 +1,14 @@
 ---
 # tasks file for ipaclient

+- name: Install - IPA discovery
+  ipadiscovery:
+    domain: "{{ ipaclient_domain | default(omit) }}"
+    servers: "{{ groups.ipaservers | default(omit) }}"
+    realm: "{{ ipaclient_realm | default(omit) }}"
+    hostname: "{{ ansible_fqdn }}"
+  register: ipadiscovery
+
 # The following block is executed when using OTP to enroll IPA client
 # ie when neither ipaclient_password not ipaclient_keytab is set
 # It connects to ipaserver and add the host with --random option in order
@@ -19,7 +27,7 @@
    # If the host is already enrolled, this command will exit on error
    # The error can be ignored
    failed_when: ipahost_output|failed and "Password cannot be set on enrolled host" not in ipahost_output.msg
-    delegate_to: "{{ groups.ipaservers[0] }}"
+    delegate_to: "{{ ipadiscovery.servers[0] }}"

  - name: Install - Store the previously obtained OTP
    set_fact: