mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-06-23 09:14:43 +00:00
ipa[server,replica,client]: Do not use meta end_play
Meta end_play has been used as a simple solution to end the playbook processing in special conditions, like for example when the deployment was already done before. meta end_play has been replaced with blocks and conditions for these blocks. Fixes: #70 (Avoid using meta end_play)
This commit is contained in:
Thomas Woerner
@@ -53,20 +53,12 @@
|
|||||||
enable_dns_updates: "{{ ipassd_enable_dns_updates }}"
|
enable_dns_updates: "{{ ipassd_enable_dns_updates }}"
|
||||||
register: result_ipaclient_test
|
register: result_ipaclient_test
|
||||||
|
|
||||||
- meta: end_play
|
|
||||||
when: result_ipaclient_test.client_already_configured and not ipaclient_allow_repair | bool and not ipaclient_force_join | bool
|
|
||||||
|
|
||||||
- name: Install - Set default principal if no keytab is given
|
|
||||||
set_fact:
|
|
||||||
ipaadmin_principal: admin
|
|
||||||
when: ipaadmin_principal is undefined and ipaclient_keytab is undefined
|
|
||||||
|
|
||||||
- name: Install - Cleanup leftover ccache
|
|
||||||
file:
|
|
||||||
path: "/etc/ipa/.dns_ccache"
|
|
||||||
state: absent
|
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
|
- name: Install - Cleanup leftover ccache
|
||||||
|
file:
|
||||||
|
path: "/etc/ipa/.dns_ccache"
|
||||||
|
state: absent
|
||||||
|
|
||||||
- name: Install - Configure NTP
|
- name: Install - Configure NTP
|
||||||
ipaclient_setup_ntp:
|
ipaclient_setup_ntp:
|
||||||
### basic ###
|
### basic ###
|
||||||
@@ -143,6 +135,14 @@
|
|||||||
when: ipaclient_use_otp | bool
|
when: ipaclient_use_otp | bool
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
|
# This block is executed only when
|
||||||
|
# not (not ipaclient_on_master | bool and
|
||||||
|
# not result_ipaclient_join.changed and
|
||||||
|
# not ipaclient_allow_repair | bool and
|
||||||
|
# (result_ipaclient_test_keytab.krb5_keytab_ok or
|
||||||
|
# (result_ipaclient_join.already_joined is defined and
|
||||||
|
# result_ipaclient_join.already_joined)))
|
||||||
|
|
||||||
- name: Install - Check if principal and keytab are set
|
- name: Install - Check if principal and keytab are set
|
||||||
fail: msg="Principal and keytab cannot be used together"
|
fail: msg="Principal and keytab cannot be used together"
|
||||||
when: ipaadmin_principal is defined and ipaadmin_principal != "" and ipaclient_keytab is defined and ipaclient_keytab != ""
|
when: ipaadmin_principal is defined and ipaadmin_principal != "" and ipaclient_keytab is defined and ipaclient_keytab != ""
|
||||||
@@ -187,10 +187,6 @@
|
|||||||
when: not ipaclient_on_master | bool and (not result_ipaclient_test_keytab.krb5_keytab_ok or ipaclient_force_join)
|
when: not ipaclient_on_master | bool and (not result_ipaclient_test_keytab.krb5_keytab_ok or ipaclient_force_join)
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- name: Install - End playbook processing
|
|
||||||
file:
|
|
||||||
path: "/etc/ipa/.dns_ccache"
|
|
||||||
state: absent
|
|
||||||
- fail:
|
- fail:
|
||||||
msg: "The krb5 configuration is not correct, please enable allow_repair to fix this."
|
msg: "The krb5 configuration is not correct, please enable allow_repair to fix this."
|
||||||
when: not result_ipaclient_test_keytab.krb5_conf_ok
|
when: not result_ipaclient_test_keytab.krb5_conf_ok
|
||||||
@@ -200,104 +196,106 @@
|
|||||||
- fail:
|
- fail:
|
||||||
msg: "The ca.crt file is missing, please enable allow_repair to fix this."
|
msg: "The ca.crt file is missing, please enable allow_repair to fix this."
|
||||||
when: not result_ipaclient_test_keytab.ca_crt_exists
|
when: not result_ipaclient_test_keytab.ca_crt_exists
|
||||||
- meta: end_play
|
|
||||||
when: not ipaclient_on_master | bool and not result_ipaclient_join.changed and not ipaclient_allow_repair | bool and (result_ipaclient_test_keytab.krb5_keytab_ok or (result_ipaclient_join.already_joined is defined and result_ipaclient_join.already_joined))
|
when: not ipaclient_on_master | bool and not result_ipaclient_join.changed and not ipaclient_allow_repair | bool and (result_ipaclient_test_keytab.krb5_keytab_ok or (result_ipaclient_join.already_joined is defined and result_ipaclient_join.already_joined))
|
||||||
|
|
||||||
- name: Install - Configure IPA default.conf
|
- block:
|
||||||
ipaclient_ipa_conf:
|
- name: Install - Configure IPA default.conf
|
||||||
servers: "{{ result_ipaclient_test.servers }}"
|
ipaclient_ipa_conf:
|
||||||
domain: "{{ result_ipaclient_test.domain }}"
|
servers: "{{ result_ipaclient_test.servers }}"
|
||||||
realm: "{{ result_ipaclient_test.realm }}"
|
domain: "{{ result_ipaclient_test.domain }}"
|
||||||
hostname: "{{ result_ipaclient_test.hostname }}"
|
realm: "{{ result_ipaclient_test.realm }}"
|
||||||
basedn: "{{ result_ipaclient_test.basedn }}"
|
hostname: "{{ result_ipaclient_test.hostname }}"
|
||||||
when: not ipaclient_on_master | bool
|
basedn: "{{ result_ipaclient_test.basedn }}"
|
||||||
|
when: not ipaclient_on_master | bool
|
||||||
|
|
||||||
- name: Install - Configure SSSD
|
- name: Install - Configure SSSD
|
||||||
ipaclient_setup_sssd:
|
ipaclient_setup_sssd:
|
||||||
servers: "{{ result_ipaclient_test.servers }}"
|
servers: "{{ result_ipaclient_test.servers }}"
|
||||||
domain: "{{ result_ipaclient_test.domain }}"
|
domain: "{{ result_ipaclient_test.domain }}"
|
||||||
realm: "{{ result_ipaclient_test.realm }}"
|
realm: "{{ result_ipaclient_test.realm }}"
|
||||||
hostname: "{{ result_ipaclient_test.hostname }}"
|
hostname: "{{ result_ipaclient_test.hostname }}"
|
||||||
on_master: "{{ ipaclient_on_master }}"
|
on_master: "{{ ipaclient_on_master }}"
|
||||||
no_ssh: "{{ ipaclient_no_ssh }}"
|
no_ssh: "{{ ipaclient_no_ssh }}"
|
||||||
no_sshd: "{{ ipaclient_no_sshd }}"
|
no_sshd: "{{ ipaclient_no_sshd }}"
|
||||||
no_sudo: "{{ ipaclient_no_sudo }}"
|
no_sudo: "{{ ipaclient_no_sudo }}"
|
||||||
all_ip_addresses: "{{ ipaclient_all_ip_addresses }}"
|
all_ip_addresses: "{{ ipaclient_all_ip_addresses }}"
|
||||||
fixed_primary: "{{ ipassd_fixed_primary }}"
|
fixed_primary: "{{ ipassd_fixed_primary }}"
|
||||||
permit: "{{ ipassd_permit }}"
|
permit: "{{ ipassd_permit }}"
|
||||||
enable_dns_updates: "{{ ipassd_enable_dns_updates }}"
|
enable_dns_updates: "{{ ipassd_enable_dns_updates }}"
|
||||||
preserve_sssd: "{{ ipassd_preserve_sssd }}"
|
preserve_sssd: "{{ ipassd_preserve_sssd }}"
|
||||||
no_krb5_offline_passwords: "{{ ipassd_no_krb5_offline_passwords }}"
|
no_krb5_offline_passwords: "{{ ipassd_no_krb5_offline_passwords }}"
|
||||||
|
|
||||||
- name: Install - Configure krb5 for IPA realm
|
- name: Install - Configure krb5 for IPA realm
|
||||||
ipaclient_setup_krb5:
|
ipaclient_setup_krb5:
|
||||||
realm: "{{ result_ipaclient_test.realm }}"
|
realm: "{{ result_ipaclient_test.realm }}"
|
||||||
domain: "{{ result_ipaclient_test.domain }}"
|
domain: "{{ result_ipaclient_test.domain }}"
|
||||||
servers: "{{ result_ipaclient_test.servers }}"
|
servers: "{{ result_ipaclient_test.servers }}"
|
||||||
kdc: "{{ result_ipaclient_test.kdc }}"
|
kdc: "{{ result_ipaclient_test.kdc }}"
|
||||||
dnsok: "{{ result_ipaclient_test.dnsok }}"
|
dnsok: "{{ result_ipaclient_test.dnsok }}"
|
||||||
client_domain: "{{ result_ipaclient_test.client_domain }}"
|
client_domain: "{{ result_ipaclient_test.client_domain }}"
|
||||||
hostname: "{{ result_ipaclient_test.hostname }}"
|
hostname: "{{ result_ipaclient_test.hostname }}"
|
||||||
sssd: "{{ result_ipaclient_test.sssd }}"
|
sssd: "{{ result_ipaclient_test.sssd }}"
|
||||||
force: "{{ ipaclient_force }}"
|
force: "{{ ipaclient_force }}"
|
||||||
#on_master: "{{ ipaclient_on_master }}"
|
#on_master: "{{ ipaclient_on_master }}"
|
||||||
when: not ipaclient_on_master | bool
|
when: not ipaclient_on_master | bool
|
||||||
|
|
||||||
- name: Install - IPA API calls for remaining enrollment parts
|
- name: Install - IPA API calls for remaining enrollment parts
|
||||||
ipaclient_api:
|
ipaclient_api:
|
||||||
servers: "{{ result_ipaclient_test.servers }}"
|
servers: "{{ result_ipaclient_test.servers }}"
|
||||||
realm: "{{ result_ipaclient_test.realm }}"
|
realm: "{{ result_ipaclient_test.realm }}"
|
||||||
hostname: "{{ result_ipaclient_test.hostname }}"
|
hostname: "{{ result_ipaclient_test.hostname }}"
|
||||||
#debug: yes
|
#debug: yes
|
||||||
register: result_ipaclient_api
|
register: result_ipaclient_api
|
||||||
|
|
||||||
- name: Install - Fix IPA ca
|
- name: Install - Fix IPA ca
|
||||||
ipaclient_fix_ca:
|
ipaclient_fix_ca:
|
||||||
servers: "{{ result_ipaclient_test.servers }}"
|
servers: "{{ result_ipaclient_test.servers }}"
|
||||||
realm: "{{ result_ipaclient_test.realm }}"
|
realm: "{{ result_ipaclient_test.realm }}"
|
||||||
basedn: "{{ result_ipaclient_test.basedn }}"
|
basedn: "{{ result_ipaclient_test.basedn }}"
|
||||||
allow_repair: "{{ ipaclient_allow_repair }}"
|
allow_repair: "{{ ipaclient_allow_repair }}"
|
||||||
when: not ipaclient_on_master | bool and result_ipaclient_test_keytab.krb5_keytab_ok and not result_ipaclient_test_keytab.ca_crt_exists
|
when: not ipaclient_on_master | bool and result_ipaclient_test_keytab.krb5_keytab_ok and not result_ipaclient_test_keytab.ca_crt_exists
|
||||||
|
|
||||||
- name: Install - Create IPA NSS database
|
- name: Install - Create IPA NSS database
|
||||||
ipaclient_setup_nss:
|
ipaclient_setup_nss:
|
||||||
servers: "{{ result_ipaclient_test.servers }}"
|
servers: "{{ result_ipaclient_test.servers }}"
|
||||||
domain: "{{ result_ipaclient_test.domain }}"
|
domain: "{{ result_ipaclient_test.domain }}"
|
||||||
realm: "{{ result_ipaclient_test.realm }}"
|
realm: "{{ result_ipaclient_test.realm }}"
|
||||||
basedn: "{{ result_ipaclient_test.basedn }}"
|
basedn: "{{ result_ipaclient_test.basedn }}"
|
||||||
hostname: "{{ result_ipaclient_test.hostname }}"
|
hostname: "{{ result_ipaclient_test.hostname }}"
|
||||||
subject_base: "{{ result_ipaclient_api.subject_base }}"
|
subject_base: "{{ result_ipaclient_api.subject_base }}"
|
||||||
principal: "{{ ipaadmin_principal | default(omit) }}"
|
principal: "{{ ipaadmin_principal | default(omit) }}"
|
||||||
mkhomedir: "{{ ipaclient_mkhomedir }}"
|
mkhomedir: "{{ ipaclient_mkhomedir }}"
|
||||||
ca_enabled: "{{ result_ipaclient_api.ca_enabled }}"
|
ca_enabled: "{{ result_ipaclient_api.ca_enabled }}"
|
||||||
on_master: "{{ ipaclient_on_master }}"
|
on_master: "{{ ipaclient_on_master }}"
|
||||||
|
|
||||||
- name: Install - Configure SSH and SSHD
|
- name: Install - Configure SSH and SSHD
|
||||||
ipaclient_setup_ssh:
|
ipaclient_setup_ssh:
|
||||||
servers: "{{ result_ipaclient_test.servers }}"
|
servers: "{{ result_ipaclient_test.servers }}"
|
||||||
sssd: "{{ result_ipaclient_test.sssd }}"
|
sssd: "{{ result_ipaclient_test.sssd }}"
|
||||||
no_ssh: "{{ ipaclient_no_ssh }}"
|
no_ssh: "{{ ipaclient_no_ssh }}"
|
||||||
ssh_trust_dns: "{{ ipaclient_ssh_trust_dns }}"
|
ssh_trust_dns: "{{ ipaclient_ssh_trust_dns }}"
|
||||||
no_sshd: "{{ ipaclient_no_sshd }}"
|
no_sshd: "{{ ipaclient_no_sshd }}"
|
||||||
|
|
||||||
- name: Install - Configure automount
|
- name: Install - Configure automount
|
||||||
ipaclient_setup_automount:
|
ipaclient_setup_automount:
|
||||||
servers: "{{ result_ipaclient_test.servers }}"
|
servers: "{{ result_ipaclient_test.servers }}"
|
||||||
sssd: "{{ result_ipaclient_test.sssd }}"
|
sssd: "{{ result_ipaclient_test.sssd }}"
|
||||||
automount_location: "{{ ipaautomount_location | default(omit) }}"
|
automount_location: "{{ ipaautomount_location | default(omit) }}"
|
||||||
|
|
||||||
- name: Install - Configure firefox
|
- name: Install - Configure firefox
|
||||||
ipaclient_setup_firefox:
|
ipaclient_setup_firefox:
|
||||||
firefox_dir: "{{ ipaclient_firefox_dir | default(omit) }}"
|
firefox_dir: "{{ ipaclient_firefox_dir | default(omit) }}"
|
||||||
when: ipaclient_configure_firefox | bool
|
when: ipaclient_configure_firefox | bool
|
||||||
|
|
||||||
- name: Install - Configure NIS
|
- name: Install - Configure NIS
|
||||||
ipaclient_setup_nis:
|
ipaclient_setup_nis:
|
||||||
domain: "{{ result_ipaclient_test.domain }}"
|
domain: "{{ result_ipaclient_test.domain }}"
|
||||||
nisdomain: "{{ ipaclient_nisdomain | default(omit)}}"
|
nisdomain: "{{ ipaclient_nisdomain | default(omit)}}"
|
||||||
when: not ipaclient_no_nisdomain | bool
|
when: not ipaclient_no_nisdomain | bool
|
||||||
|
|
||||||
when: not ansible_check_mode
|
when: not (not ipaclient_on_master | bool and not result_ipaclient_join.changed and not ipaclient_allow_repair | bool and (result_ipaclient_test_keytab.krb5_keytab_ok or (result_ipaclient_join.already_joined is defined and result_ipaclient_join.already_joined)))
|
||||||
|
|
||||||
|
when: not ansible_check_mode and not (result_ipaclient_test.client_already_configured and not ipaclient_allow_repair | bool and not ipaclient_force_join | bool)
|
||||||
|
|
||||||
always:
|
always:
|
||||||
- name: Cleanup leftover ccache
|
- name: Cleanup leftover ccache
|
||||||
|
|||||||
@@ -68,10 +68,11 @@
|
|||||||
no_dnssec_validation: "{{ ipareplica_no_dnssec_validation }}"
|
no_dnssec_validation: "{{ ipareplica_no_dnssec_validation }}"
|
||||||
register: result_ipareplica_test
|
register: result_ipareplica_test
|
||||||
|
|
||||||
- meta: end_play
|
|
||||||
when: result_ipareplica_test.client_already_configured is defined or result_ipareplica_test.server_already_configured is defined
|
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
|
# This block is executed only when
|
||||||
|
# not ansible_check_mode and
|
||||||
|
# not (result_ipareplica_test.client_already_configured is defined or
|
||||||
|
# result_ipareplica_test.server_already_configured is defined)
|
||||||
|
|
||||||
- name: Install - Setup client
|
- name: Install - Setup client
|
||||||
include_role:
|
include_role:
|
||||||
@@ -626,4 +627,4 @@
|
|||||||
state: absent
|
state: absent
|
||||||
when: result_ipareplica_enable_ipa.changed
|
when: result_ipareplica_enable_ipa.changed
|
||||||
|
|
||||||
when: not ansible_check_mode
|
when: not ansible_check_mode and not (result_ipareplica_test.client_already_configured is defined or result_ipareplica_test.server_already_configured is defined)
|
||||||
|
|||||||
@@ -93,10 +93,12 @@
|
|||||||
### additional ###
|
### additional ###
|
||||||
register: result_ipaserver_test
|
register: result_ipaserver_test
|
||||||
|
|
||||||
- meta: end_play
|
|
||||||
when: not result_ipaserver_test.changed and (result_ipaserver_test.client_already_configured is defined or result_ipaserver_test.server_already_configured is defined)
|
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
|
# This block is executed only when
|
||||||
|
# not ansible_check_mode and
|
||||||
|
# not (not result_ipaserver_test.changed and
|
||||||
|
# (result_ipaserver_test.client_already_configured is defined or
|
||||||
|
# result_ipaserver_test.server_already_configured is defined)
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- name: Install - Master password creation
|
- name: Install - Master password creation
|
||||||
@@ -390,4 +392,4 @@
|
|||||||
{{ "--add-service=ntp" if not ipaclient_no_ntp | bool else "" }}
|
{{ "--add-service=ntp" if not ipaclient_no_ntp | bool else "" }}
|
||||||
when: ipaserver_setup_firewalld | bool
|
when: ipaserver_setup_firewalld | bool
|
||||||
|
|
||||||
when: not ansible_check_mode
|
when: not ansible_check_mode and not (not result_ipaserver_test.changed and (result_ipaserver_test.client_already_configured is defined or result_ipaserver_test.server_already_configured is defined))
|
||||||
|
|||||||
Reference in New Issue
Block a user