ipaclient/tasks/install: Fix client installation on master within server role

The client role is used also while installing the server. There has been an issue where the server installation has not been complete because of a playbook termination in the client. This has been fixed and the client and also the server are fully configured in the server installation.
2026-05-07 05:43:26 +00:00 · 2018-02-09 16:53:48 +01:00
parent 78a7a3bd2b
commit 3e03d7f44d
2 changed files with 19 additions and 18 deletions
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -43,7 +43,6 @@
      kdc: "{{ ipadiscovery.kdc }}"
      kinit_attempts: "{{ ipaclient_kinit_attempts | default(omit) }}"
    register: ipatest
-    when: not ipaclient_on_master | bool

  - name: Install - Disable One-Time Password for client with working krb5.keytab
    set_fact:
@@ -84,13 +83,15 @@

    when: ipaclient_use_otp | bool

-  - name: Install - Check if principal and keytab are set
-    fail: msg="Principal and keytab cannot be used together"
-    when: ipaadmin_principal is defined and ipaadmin_principal != "" and ipaclient_keytab is defined and ipaclient_keytab != ""
+  - block:
+    - name: Install - Check if principal and keytab are set
+      fail: msg="Principal and keytab cannot be used together"
+      when: ipaadmin_principal is defined and ipaadmin_principal != "" and ipaclient_keytab is defined and ipaclient_keytab != ""

-  - name: Install - Check if one of password and keytab are set
-    fail: msg="At least one of password or keytab must be specified"
-    when: not ipatest.krb5_keytab_ok and (ipaadmin_password is undefined or ipaadmin_password == "") and (ipaclient_keytab is undefined or ipaclient_keytab == "")
+    - name: Install - Check if one of password and keytab are set
+      fail: msg="At least one of password or keytab must be specified"
+      when: not ipatest.krb5_keytab_ok and (ipaadmin_password is undefined or ipaadmin_password == "") and (ipaclient_keytab is undefined or ipaclient_keytab == "")
+    when: not ipaclient_on_master | bool

  - name: Install - Purge {{ ipadiscovery.realm }} from host keytab
    command: >
@@ -203,7 +204,7 @@
      realm: "{{ ipadiscovery.realm }}"
      basedn: "{{ ipadiscovery.basedn }}"
      allow_repair: "{{ ipaclient_allow_repair }}"
-    when: ipatest.krb5_keytab_ok and not ipatest.ca_crt_exists
+    when: not ipaclient_on_master | bool and ipatest.krb5_keytab_ok and not ipatest.ca_crt_exists

  - name: Install - Create IPA NSS database
    ipanss:
--- a/roles/ipaserver/tasks/install.yml
+++ b/roles/ipaserver/tasks/install.yml
@@ -324,16 +324,16 @@
      name: ipaclient
    vars:
      state: present
-      on_master: yes
-      domain: "{{ result_ipaserver_test.domain }}"
-      realm: "{{ result_ipaserver_test.realm }}"
-      server: "{{ result_ipaserver_test.hostname }}"
-      hostname: "{{ result_ipaserver_test.hostname }}"
-      #no_dns_sshfp: "{{ ipaclient_no_dns_sshfp }}"
-      #ssh_trust_dns: "{{ ipaclient_ssh_trust_dns }}"
-      #no_ssh: "{{ ipaclient_no_ssh }}"
-      #no_sshd: "{{ ipaclient_no_sshd }}"
-      mkhomedir: "{{ ipaclient_mkhomedir }}"
+      ipaclient_on_master: yes
+      ipaclient_domain: "{{ result_ipaserver_test.domain }}"
+      ipaclient_realm: "{{ result_ipaserver_test.realm }}"
+      ipaclient_server: "{{ result_ipaserver_test.hostname }}"
+      ipaclient_hostname: "{{ result_ipaserver_test.hostname }}"
+      #ipaclient_no_dns_sshfp: "{{ ipaclient_no_dns_sshfp }}"
+      #ipaclient_ssh_trust_dns: "{{ ipaclient_ssh_trust_dns }}"
+      #ipaclient_no_ssh: "{{ ipaclient_no_ssh }}"
+      #ipaclient_no_sshd: "{{ ipaclient_no_sshd }}"
+      #ipaclient_mkhomedir: "{{ ipaclient_mkhomedir }}"

  #- name: Install - Setup client
  #  command: >