mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-06-23 09:14:43 +00:00
ipa[server,replica,client]: Do not use meta end_play
Meta end_play has been used as a simple solution to end the playbook processing in special conditions, like for example when the deployment was already done before. meta end_play has been replaced with blocks and conditions for these blocks. Fixes: #70 (Avoid using meta end_play)
This commit is contained in:
Thomas Woerner
@@ -53,20 +53,12 @@
|
|||||||
enable_dns_updates: "{{ ipassd_enable_dns_updates }}"
|
enable_dns_updates: "{{ ipassd_enable_dns_updates }}"
|
||||||
register: result_ipaclient_test
|
register: result_ipaclient_test
|
||||||
|
|
||||||
- meta: end_play
|
- block:
|
||||||
when: result_ipaclient_test.client_already_configured and not ipaclient_allow_repair | bool and not ipaclient_force_join | bool
|
- name: Install - Cleanup leftover ccache
|
||||||
|
|
||||||
- name: Install - Set default principal if no keytab is given
|
|
||||||
set_fact:
|
|
||||||
ipaadmin_principal: admin
|
|
||||||
when: ipaadmin_principal is undefined and ipaclient_keytab is undefined
|
|
||||||
|
|
||||||
- name: Install - Cleanup leftover ccache
|
|
||||||
file:
|
file:
|
||||||
path: "/etc/ipa/.dns_ccache"
|
path: "/etc/ipa/.dns_ccache"
|
||||||
state: absent
|
state: absent
|
||||||
|
|
||||||
- block:
|
|
||||||
- name: Install - Configure NTP
|
- name: Install - Configure NTP
|
||||||
ipaclient_setup_ntp:
|
ipaclient_setup_ntp:
|
||||||
### basic ###
|
### basic ###
|
||||||
@@ -143,6 +135,14 @@
|
|||||||
when: ipaclient_use_otp | bool
|
when: ipaclient_use_otp | bool
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
|
# This block is executed only when
|
||||||
|
# not (not ipaclient_on_master | bool and
|
||||||
|
# not result_ipaclient_join.changed and
|
||||||
|
# not ipaclient_allow_repair | bool and
|
||||||
|
# (result_ipaclient_test_keytab.krb5_keytab_ok or
|
||||||
|
# (result_ipaclient_join.already_joined is defined and
|
||||||
|
# result_ipaclient_join.already_joined)))
|
||||||
|
|
||||||
- name: Install - Check if principal and keytab are set
|
- name: Install - Check if principal and keytab are set
|
||||||
fail: msg="Principal and keytab cannot be used together"
|
fail: msg="Principal and keytab cannot be used together"
|
||||||
when: ipaadmin_principal is defined and ipaadmin_principal != "" and ipaclient_keytab is defined and ipaclient_keytab != ""
|
when: ipaadmin_principal is defined and ipaadmin_principal != "" and ipaclient_keytab is defined and ipaclient_keytab != ""
|
||||||
@@ -187,10 +187,6 @@
|
|||||||
when: not ipaclient_on_master | bool and (not result_ipaclient_test_keytab.krb5_keytab_ok or ipaclient_force_join)
|
when: not ipaclient_on_master | bool and (not result_ipaclient_test_keytab.krb5_keytab_ok or ipaclient_force_join)
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- name: Install - End playbook processing
|
|
||||||
file:
|
|
||||||
path: "/etc/ipa/.dns_ccache"
|
|
||||||
state: absent
|
|
||||||
- fail:
|
- fail:
|
||||||
msg: "The krb5 configuration is not correct, please enable allow_repair to fix this."
|
msg: "The krb5 configuration is not correct, please enable allow_repair to fix this."
|
||||||
when: not result_ipaclient_test_keytab.krb5_conf_ok
|
when: not result_ipaclient_test_keytab.krb5_conf_ok
|
||||||
@@ -200,9 +196,9 @@
|
|||||||
- fail:
|
- fail:
|
||||||
msg: "The ca.crt file is missing, please enable allow_repair to fix this."
|
msg: "The ca.crt file is missing, please enable allow_repair to fix this."
|
||||||
when: not result_ipaclient_test_keytab.ca_crt_exists
|
when: not result_ipaclient_test_keytab.ca_crt_exists
|
||||||
- meta: end_play
|
|
||||||
when: not ipaclient_on_master | bool and not result_ipaclient_join.changed and not ipaclient_allow_repair | bool and (result_ipaclient_test_keytab.krb5_keytab_ok or (result_ipaclient_join.already_joined is defined and result_ipaclient_join.already_joined))
|
when: not ipaclient_on_master | bool and not result_ipaclient_join.changed and not ipaclient_allow_repair | bool and (result_ipaclient_test_keytab.krb5_keytab_ok or (result_ipaclient_join.already_joined is defined and result_ipaclient_join.already_joined))
|
||||||
|
|
||||||
|
- block:
|
||||||
- name: Install - Configure IPA default.conf
|
- name: Install - Configure IPA default.conf
|
||||||
ipaclient_ipa_conf:
|
ipaclient_ipa_conf:
|
||||||
servers: "{{ result_ipaclient_test.servers }}"
|
servers: "{{ result_ipaclient_test.servers }}"
|
||||||
@@ -297,7 +293,9 @@
|
|||||||
nisdomain: "{{ ipaclient_nisdomain | default(omit)}}"
|
nisdomain: "{{ ipaclient_nisdomain | default(omit)}}"
|
||||||
when: not ipaclient_no_nisdomain | bool
|
when: not ipaclient_no_nisdomain | bool
|
||||||
|
|
||||||
when: not ansible_check_mode
|
when: not (not ipaclient_on_master | bool and not result_ipaclient_join.changed and not ipaclient_allow_repair | bool and (result_ipaclient_test_keytab.krb5_keytab_ok or (result_ipaclient_join.already_joined is defined and result_ipaclient_join.already_joined)))
|
||||||
|
|
||||||
|
when: not ansible_check_mode and not (result_ipaclient_test.client_already_configured and not ipaclient_allow_repair | bool and not ipaclient_force_join | bool)
|
||||||
|
|
||||||
always:
|
always:
|
||||||
- name: Cleanup leftover ccache
|
- name: Cleanup leftover ccache
|
||||||
|
|||||||
@@ -68,10 +68,11 @@
|
|||||||
no_dnssec_validation: "{{ ipareplica_no_dnssec_validation }}"
|
no_dnssec_validation: "{{ ipareplica_no_dnssec_validation }}"
|
||||||
register: result_ipareplica_test
|
register: result_ipareplica_test
|
||||||
|
|
||||||
- meta: end_play
|
|
||||||
when: result_ipareplica_test.client_already_configured is defined or result_ipareplica_test.server_already_configured is defined
|
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
|
# This block is executed only when
|
||||||
|
# not ansible_check_mode and
|
||||||
|
# not (result_ipareplica_test.client_already_configured is defined or
|
||||||
|
# result_ipareplica_test.server_already_configured is defined)
|
||||||
|
|
||||||
- name: Install - Setup client
|
- name: Install - Setup client
|
||||||
include_role:
|
include_role:
|
||||||
@@ -626,4 +627,4 @@
|
|||||||
state: absent
|
state: absent
|
||||||
when: result_ipareplica_enable_ipa.changed
|
when: result_ipareplica_enable_ipa.changed
|
||||||
|
|
||||||
when: not ansible_check_mode
|
when: not ansible_check_mode and not (result_ipareplica_test.client_already_configured is defined or result_ipareplica_test.server_already_configured is defined)
|
||||||
|
|||||||
@@ -93,10 +93,12 @@
|
|||||||
### additional ###
|
### additional ###
|
||||||
register: result_ipaserver_test
|
register: result_ipaserver_test
|
||||||
|
|
||||||
- meta: end_play
|
|
||||||
when: not result_ipaserver_test.changed and (result_ipaserver_test.client_already_configured is defined or result_ipaserver_test.server_already_configured is defined)
|
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
|
# This block is executed only when
|
||||||
|
# not ansible_check_mode and
|
||||||
|
# not (not result_ipaserver_test.changed and
|
||||||
|
# (result_ipaserver_test.client_already_configured is defined or
|
||||||
|
# result_ipaserver_test.server_already_configured is defined)
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- name: Install - Master password creation
|
- name: Install - Master password creation
|
||||||
@@ -390,4 +392,4 @@
|
|||||||
{{ "--add-service=ntp" if not ipaclient_no_ntp | bool else "" }}
|
{{ "--add-service=ntp" if not ipaclient_no_ntp | bool else "" }}
|
||||||
when: ipaserver_setup_firewalld | bool
|
when: ipaserver_setup_firewalld | bool
|
||||||
|
|
||||||
when: not ansible_check_mode
|
when: not ansible_check_mode and not (not result_ipaserver_test.changed and (result_ipaserver_test.client_already_configured is defined or result_ipaserver_test.server_already_configured is defined))
|
||||||
|
|||||||
Reference in New Issue
Block a user