ipaclient role: Fix naming of modules, action_plugins and registered vars

The naming in the ipaclient role has not been following the naming scheme and conventions used in the ipaserver and ipareplica roles. Also registered results of modules and commands have not been unsing the result_ prefix as in the other roles. All this has been fixed and the naming is consistent now. These are the renames: ipahost -> ipaclient_get_otp ipaapi -> ipaclient_api ipaextras -> ipaclient_extras ipafixca -> ipaclient_fix_ca ipafstore -> ipaclient_fstore ipa_facts -> ipaclient_get_facts ipahost -> ipaclient_get_otp ipajoin -> ipaclient_join ipanss -> ipaclient_setup_nss ipasssd -> ipaclient_setup_sssd ipadiscovery -> ipaclient_test ipatest -> ipaclient_test_keytab
2026-06-23 17:24:52 +00:00 · 2019-03-21 13:11:40 +01:00
parent 0a67c03116
commit 7c378d9c4d
15 changed files with 146 additions and 146 deletions
--- a/roles/ipa-krb5/tasks/main.yml
+++ b/roles/ipa-krb5/tasks/main.yml
@@ -8,7 +8,7 @@
  failed_when: false
 - name: Install - Backup krb5.conf
-  ipafstore:
+  ipaclient_fstore:
    backup: "{{ krb5_conf }}"
 - name: Template krb5.conf
--- a/roles/ipaclient/action_plugins/ipaclient_get_otp.py
+++ b/roles/ipaclient/action_plugins/ipaclient_get_otp.py
@@ -162,7 +162,7 @@ class ActionModule(ActionBase):
            result['msg'] = "principal is required"
            return result
-        data = self._execute_module(module_name='ipa_facts', module_args=dict(),
+        data = self._execute_module(module_name='ipaclient_get_facts', module_args=dict(),
                                    task_vars={ "ansible_python_interpreter": ansible_python_interpreter })
        try:
            domain = data['ansible_facts']['ipa']['domain']
--- a/roles/ipaclient/library/ipaclient_api.py
+++ b/roles/ipaclient/library/ipaclient_api.py
@@ -28,7 +28,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.0',
 DOCUMENTATION = '''
 ---
-module: ipaapi
+module: ipaclient_api
 short description: Create temporary NSS database, call IPA API for remaining enrollment parts
 description:
 Create temporary NSS database, call IPA API for remaining enrollment parts
@@ -50,11 +50,11 @@ author:
 EXAMPLES = '''
 - name: IPA API calls for remaining enrollment parts
-  ipaapi:
+  ipaclient_api:
    servers: ["server1.example.com","server2.example.com"]
    domain: example.com
    hostname: client1.example.com
-  register: ipaapi
+  register: result_ipaclient_api
 '''
 RETURN = '''
--- a/roles/ipaclient/library/ipaclient_extras.py
+++ b/roles/ipaclient/library/ipaclient_extras.py
@@ -30,7 +30,7 @@ ANSIBLE_METADATA = {
 DOCUMENTATION = '''
 ---
-module: ipaextras
+module: ipaclient_extras
 short description: Configure IPA extras
 description:
 Configure IPA extras
@@ -106,7 +106,7 @@ author:
 EXAMPLES = '''
 - name: IPA extras configurations
-  ipaextras:
+  ipaclient_extras:
    servers: ["server1.example.com","server2.example.com"]
    domain: example.com
 '''
--- a/roles/ipaclient/library/ipaclient_fix_ca.py
+++ b/roles/ipaclient/library/ipaclient_fix_ca.py
@@ -28,7 +28,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.0',
 DOCUMENTATION = '''
 ---
-module: ipafixca
+module: ipaclient_fix_ca
 short description: Fix IPA ca certificate
 description:
 Repair Fix IPA ca certificate
@@ -54,7 +54,7 @@ author:
 EXAMPLES = '''
 - name: Fix IPA ca certificate
-  ipafixca:
+  ipaclient_fix_ca:
    servers: ["server1.example.com","server2.example.com"]
    realm: EXAMPLE.COM
    basedn: dc=example,dc=com
--- a/roles/ipaclient/library/ipaclient_fstore.py
+++ b/roles/ipaclient/library/ipaclient_fstore.py
@@ -30,7 +30,7 @@ ANSIBLE_METADATA = {
 DOCUMENTATION = '''
 ---
-module: fstore
+module: ipaclient_fstore
 short description: Backup files using IPA client sysrestore
 description:
 Backup files using IPA client sysrestore
@@ -44,7 +44,7 @@ author:
 EXAMPLES = '''
 - name: Backup /etc/krb5.conf
-  ipafstore:
+  ipaclient_fstore:
    backup: "/etc/krb5.conf"
 '''
--- a/roles/ipaclient/library/ipaclient_get_facts.py
+++ b/roles/ipaclient/library/ipaclient_get_facts.py
@@ -136,7 +136,7 @@ def main():
    # The module does not change anything, meaning that
    # check mode is supported
-    ipa_facts = dict(
+    facts = dict(
        packages= dict(
            ipalib=HAS_IPALIB,
            ipaserver=HAS_IPASERVER,
@@ -153,23 +153,23 @@ def main():
    if HAS_IPALIB:
        if is_client_configured():
-            ipa_facts['configured']['client'] = True
+            facts['configured']['client'] = True
-            ipa_facts['version'] = get_ipa_version()
+            facts['version'] = get_ipa_version()
            for key,value in six.iteritems(get_ipa_conf()):
-                ipa_facts[key] = value
+                facts[key] = value
    if HAS_IPASERVER:
        if is_server_configured():
-            ipa_facts['configured']['server'] = True
+            facts['configured']['server'] = True
-            ipa_facts['configured']['dns'] = is_dns_configured()
+            facts['configured']['dns'] = is_dns_configured()
-            ipa_facts['configured']['ca'] = is_ca_configured()
+            facts['configured']['ca'] = is_ca_configured()
-            ipa_facts['configured']['kra'] = is_kra_configured()
+            facts['configured']['kra'] = is_kra_configured()
-            ipa_facts['configured']['ntpd'] = is_ntpd_configured()
+            facts['configured']['ntpd'] = is_ntpd_configured()
    module.exit_json(
        changed=False,
-        ansible_facts=dict(ipa=ipa_facts)
+        ansible_facts=dict(ipa=facts)
        )
 if __name__ == '__main__':
--- a/roles/ipaclient/library/ipaclient_get_otp.py
+++ b/roles/ipaclient/library/ipaclient_get_otp.py
@@ -26,7 +26,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.0',
 DOCUMENTATION = '''
 ---
-module: ipahost
+module: ipaclient_get_otp
 short description: Manage IPA hosts
 description:
  Manage hosts in a IPA domain.
@@ -84,28 +84,28 @@ author:
 EXAMPLES = '''
 # Example from Ansible Playbooks
 # Add a new host with a random OTP, authenticate using principal/password
- ipahost:
+- ipaclient_get_otp:
    principal: admin
    password: MySecretPassword
    fqdn: ipaclient.ipa.domain.com
    ipaddress: 192.168.100.23
    random: True
-  register: ipahost
+  register: result_ipaclient_get_otp
 # Add a new host, authenticate with a keytab stored on the controller node
- ipahost:
+- ipaclient_get_otp:
    keytab: admin.keytab
    fqdn: ipaclient.ipa.domain.com
 # Remove a host, authenticate using principal/password
- ipahost:
+- ipaclient_get_otp:
    principal: admin
    password: MySecretPassword
    fqdn: ipaclient.ipa.domain.com
    state: absent
 # Modify a host, add ssh public key:
- ipahost:
+- ipaclient_get_otp:
    principal: admin
    password: MySecretPassword
    fqdn: ipaclient.ipa.domain.com
@@ -355,7 +355,7 @@ def main():
            changed = ensure_host_absent(module, api, host)
    except Exception as e:
-        module.fail_json(msg="ipahost module failed : %s" % str(e))
+        module.fail_json(msg="ipaclient_get_otp module failed : %s" % str(e))
    finally:
        run([paths.KDESTROY], raiseonerr=False, env=os.environ)
--- a/roles/ipaclient/library/ipaclient_join.py
+++ b/roles/ipaclient/library/ipaclient_join.py
@@ -30,7 +30,7 @@ ANSIBLE_METADATA = {
 DOCUMENTATION = '''
 ---
-module: ipajoin
+module: ipaclient_join
 short description: Join a machine to an IPA realm and get a keytab for the host service principal
 description:
  Join a machine to an IPA realm and get a keytab for the host service principal
@@ -88,7 +88,7 @@ author:
 EXAMPLES = '''
 # Join IPA to get the keytab
 - name: Join IPA in force mode with maximum 5 kinit attempts
-  ipajoin:
+  ipaclient_join:
    servers: ["server1.example.com","server2.example.com"]
    domain: example.com
    realm: EXAMPLE.COM
@@ -102,7 +102,7 @@ EXAMPLES = '''
 # Join IPA to get the keytab using ipadiscovery return values
 - name: Join IPA
-  ipajoin:
+  ipaclient_join:
    servers: "{{ ipadiscovery.servers }}"
    domain: "{{ ipadiscovery.domain }}"
    realm: "{{ ipadiscovery.realm }}"
--- a/roles/ipaclient/library/ipaclient_setup_nss.py
+++ b/roles/ipaclient/library/ipaclient_setup_nss.py
@@ -30,8 +30,8 @@ ANSIBLE_METADATA = {
 DOCUMENTATION = '''
 ---
-module: ipanss
+module: ipaclient_setup_nss
-short description: Create IPA NSS database
+short description: Create IPA client NSS database
 description:
 Create IPA NSS database
 options:
@@ -77,8 +77,8 @@ author:
 '''
 EXAMPLES = '''
- name: Create IPA NSS database
+- name: Create IPA client NSS database
-  ipanss:
+  ipaclient_setup_nss:
    servers: ["server1.example.com","server2.example.com"]
    domain: example.com
    realm: EXAMPLE.COM
--- a/roles/ipaclient/library/ipaclient_setup_sssd.py
+++ b/roles/ipaclient/library/ipaclient_setup_sssd.py
@@ -30,10 +30,10 @@ ANSIBLE_METADATA = {
 DOCUMENTATION = '''
 ---
-module: sssd_conf
+module: ipaclient_setup_sssd
-short description: Configure sssd
+short description: Configure sssd for IPA client
 description:
-Configure sssd
+  Configure sssd for IPA client
 options:
  servers:
    description: The FQDN of the IPA servers to connect to.
@@ -93,7 +93,7 @@ author:
 EXAMPLES = '''
 - name: Configure SSSD
-  sssd:
+  ipaclient_setup_sssd:
    servers: ["server1.example.com","server2.example.com"]
    domain: example.com
    realm: EXAMPLE.COM
--- a/roles/ipaclient/library/ipaclient_test.py
+++ b/roles/ipaclient/library/ipaclient_test.py
@@ -30,7 +30,7 @@ ANSIBLE_METADATA = {
 DOCUMENTATION = '''
 ---
-module: ipadiscovery
+module: ipaclient_test
 short description: Tries to discover IPA server
 description:
  Tries to discover IPA server using DNS or host name
@@ -85,34 +85,34 @@ author:
 '''
 EXAMPLES = '''
-# Complete autodiscovery, register return values as ipadiscovery
+# Complete autodiscovery, register return values as ipaclient_test
 - name: IPA discovery
-  ipadiscovery:
+  ipaclient_test:
-  register: ipadiscovery
+  register: register_ipaclient_test
-# Discovery using servers, register return values as ipadiscovery
+# Discovery using servers, register return values as ipaclient_test
 - name: IPA discovery
-  ipadiscovery:
+  ipaclient_test:
    servers: server1.domain.com,server2.domain.com
-  register: ipadiscovery
+  register: register_ipaclient_test
-# Discovery using domain name, register return values as ipadiscovery
+# Discovery using domain name, register return values as ipaclient_test
 - name: IPA discovery
-  ipadiscovery:
+  ipaclient_test:
    domain: domain.com
-  register: ipadiscovery
+  register: register_ipaclient_test
-# Discovery using realm, register return values as ipadiscovery
+# Discovery using realm, register return values as ipaclient_test
 - name: IPA discovery
-  ipadiscovery:
+  ipaclient_test:
    realm: DOMAIN.COM
-  register: ipadiscovery
+  register: register_ipaclient_test
-# Discovery using hostname, register return values as ipadiscovery
+# Discovery using hostname, register return values as ipaclient_test
 - name: IPA discovery
-  ipadiscovery:
+  ipaclient_test:
    hostname: host.domain.com
-  register: ipadiscovery
+  register: register_ipaclient_test
 '''
 RETURN = '''
--- a/roles/ipaclient/library/ipaclient_test_keytab.py
+++ b/roles/ipaclient/library/ipaclient_test_keytab.py
@@ -30,7 +30,7 @@ ANSIBLE_METADATA = {
 DOCUMENTATION = '''
 ---
-module: ipatest
+module: ipaclient_test_keytab
 short description: Test if the krb5.keytab on the machine is valid and can be used.
 description:
  Test if the krb5.keytab on the machine is valid and can be used.
@@ -64,7 +64,7 @@ author:
 EXAMPLES = '''
 # Test IPA with local keytab
 - name: Test IPA in force mode with maximum 5 kinit attempts
-  ipatest:
+  ipaclient_test_keytab:
    servers: ["server1.example.com","server2.example.com"]
    domain: example.com
    realm: EXAMPLE.COM
@@ -74,7 +74,7 @@ EXAMPLES = '''
 # Test IPA with ipadiscovery return values
 - name: Join IPA
-  ipajoin:
+  ipaclient_test_keytab:
    servers: "{{ ipadiscovery.servers }}"
    domain: "{{ ipadiscovery.domain }}"
    realm: "{{ ipadiscovery.realm }}"
@@ -94,7 +94,7 @@ krb5_conf_ok:
  description: The flag describes if krb5.conf on the host is usable.
  returned: always
  type: bool
-ipa_test_ok:
+ping_test_ok:
  description: The flag describes if ipa ping test succeded.
  returned: always
  type: bool
@@ -143,7 +143,7 @@ def main():
    krb5_keytab_ok = False
    krb5_conf_ok = False
-    ipa_test_ok = False
+    ping_test_ok = False
    ca_crt_exists = os.path.exists(paths.IPA_CA_CRT)
    env = {'PATH': SECURE_PATH, 'KRB5CCNAME': paths.IPA_DNS_CCACHE}
@@ -160,7 +160,7 @@ def main():
        try:
            result = run(["/usr/bin/ipa", "ping"], raiseonerr=False, env=env)
            if result.returncode == 0:
-                ipa_test_ok = True
+                ping_test_ok = True
        except OSError:
            pass
    except GSSError as e:
@@ -197,7 +197,7 @@ def main():
                  result = run(["/usr/bin/ipa", "ping"], raiseonerr=False,
                               env=env)
                  if result.returncode == 0:
-                      ipa_test_ok = True
+                      ping_test_ok = True
              except OSError:
                  pass
@@ -214,7 +214,7 @@ def main():
                     krb5_keytab_ok=krb5_keytab_ok,
                     krb5_conf_ok=krb5_conf_ok,
                     ca_crt_exists=ca_crt_exists,
-                     ipa_test_ok=ipa_test_ok)
+                     ping_test_ok=ping_test_ok)
 if __name__ == '__main__':
    main()
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -22,7 +22,7 @@
  when: ipaclient_no_dns_lookup | bool and groups.ipaserver is defined and ipaclient_servers is not defined
 - name: Install - IPA discovery
-  ipadiscovery:
+  ipaclient_test:
    domain: "{{ ipaserver_domain | default(ipaclient_domain) | default(omit) }}"
    servers: "{{ ipaclient_servers | default(omit) }}"
    realm: "{{ ipaserver_realm | default(ipaclient_realm) | default(omit) }}"
@@ -32,7 +32,7 @@
    ntp_servers: "{{ ipaclient_ntp_servers | default([]) }}"
    ntp_pool: "{{ ipaclient_ntp_pool | default(omit) }}"
    no_ntp: "{{ ipaclient_no_ntp }}"
-  register: ipadiscovery
+  register: result_ipaclient_test
 - name: Install - Set default principal if no keytab is given
  set_fact:
@@ -46,19 +46,19 @@
 - block:
  - name: Install - Test if IPA client has working krb5.keytab
-    ipatest:
+    ipaclient_test_keytab:
-      servers: "{{ ipadiscovery.servers }}"
+      servers: "{{ result_ipaclient_test.servers }}"
-      domain: "{{ ipadiscovery.domain }}"
+      domain: "{{ result_ipaclient_test.domain }}"
-      realm: "{{ ipadiscovery.realm }}"
+      realm: "{{ result_ipaclient_test.realm }}"
-      hostname: "{{ ipadiscovery.hostname }}"
+      hostname: "{{ result_ipaclient_test.hostname }}"
-      kdc: "{{ ipadiscovery.kdc }}"
+      kdc: "{{ result_ipaclient_test.kdc }}"
      kinit_attempts: "{{ ipaclient_kinit_attempts | default(omit) }}"
-    register: ipatest
+    register: result_ipaclient_test_keytab
  - name: Install - Disable One-Time Password for client with working krb5.keytab
    set_fact:
      ipaclient_use_otp: "no"
-    when: ipaclient_use_otp | bool and ipatest.krb5_keytab_ok and not ipaclient_force_join | bool
+    when: ipaclient_use_otp | bool and result_ipaclient_test_keytab.krb5_keytab_ok and not ipaclient_force_join | bool
  # The following block is executed when using OTP to enroll IPA client
@@ -77,30 +77,30 @@
    - name: Install - Include Python2/3 import test
      import_tasks: "{{role_path}}/tasks/python_2_3_test.yml"
-      delegate_to: "{{ ipadiscovery.servers[0] }}"
+      delegate_to: "{{ result_ipaclient_test.servers[0] }}"
    - name: Install - Get One-Time Password for client enrollment
      #no_log: yes
-      ipahost:
+      ipaclient_get_otp:
        state: present
        principal: "{{ ipaadmin_principal | default('admin') }}"
        password: "{{ ipaadmin_password | default(omit) }}"
        keytab: "{{ ipaadmin_keytab | default(omit) }}"
-        fqdn: "{{ ipadiscovery.hostname }}"
+        fqdn: "{{ result_ipaclient_test.hostname }}"
        lifetime: "{{ ipaclient_lifetime | default(omit) }}"
        random: True
        ansible_python_interpreter: "{{ ansible_python_interpreter }}"
-      register: ipahost_output
+      register: result_ipaclient_get_otp
      # If the host is already enrolled, this command will exit on error
      # The error can be ignored
-      failed_when: ipahost_output is failed and "Password cannot be set on enrolled host" not in ipahost_output.msg
+      failed_when: result_ipaclient_get_otp is failed and "Password cannot be set on enrolled host" not in result_ipaclient_get_otp.msg
-      delegate_to: "{{ ipadiscovery.servers[0] }}"
+      delegate_to: "{{ result_ipaclient_test.servers[0] }}"
      delegate_facts: True
    - name: Install - Store the previously obtained OTP
      no_log: yes
      set_fact:
-        ipaadmin_password: "{{ ipahost_output.host.randompassword if ipahost_output.host is defined }}"
+        ipaadmin_password: "{{ result_ipaclient_get_otp.host.randompassword if result_ipaclient_get_otp.host is defined }}"
    - name: Install - Restore client ansible_python_interpreter setting
      set_fact:
@@ -115,42 +115,42 @@
    - name: Install - Check if one of password and keytab are set
      fail: msg="At least one of password or keytab must be specified"
-      when: not ipatest.krb5_keytab_ok and (ipaadmin_password is undefined or ipaadmin_password == "") and (ipaclient_keytab is undefined or ipaclient_keytab == "")
+      when: not result_ipaclient_test_keytab.krb5_keytab_ok and (ipaadmin_password is undefined or ipaadmin_password == "") and (ipaclient_keytab is undefined or ipaclient_keytab == "")
    when: not ipaclient_on_master | bool
-  - name: Install - Purge {{ ipadiscovery.realm }} from host keytab
+  - name: Install - Purge {{ result_ipaclient_test.realm }} from host keytab
    command: >
      /usr/sbin/ipa-rmkeytab
      -k /etc/krb5.keytab
-      -r "{{ ipadiscovery.realm }}"
+      -r "{{ result_ipaclient_test.realm }}"
-    register: iparmkeytab
+    register: result_ipa_rmkeytab
    # Do not fail on error codes 3 and 5:
    #   3 - Unable to open keytab
    #   5 - Principal name or realm not found in keytab
-    failed_when: iparmkeytab.rc != 0 and iparmkeytab.rc != 3 and iparmkeytab.rc != 5
+    failed_when: result_ipa_rmkeytab.rc != 0 and result_ipa_rmkeytab.rc != 3 and result_ipa_rmkeytab.rc != 5
    when: ipaclient_use_otp | bool or ipaclient_force_join | bool
  - name: Install - Backup and set hostname
    ipaclient_set_hostname:
-      hostname: "{{ ipadiscovery.hostname }}"
+      hostname: "{{ result_ipaclient_test.hostname }}"
    when: not ipaclient_on_master | bool
  - name: Install - Join IPA
-    ipajoin:
+    ipaclient_join:
-      servers: "{{ ipadiscovery.servers }}"
+      servers: "{{ result_ipaclient_test.servers }}"
-      domain: "{{ ipadiscovery.domain }}"
+      domain: "{{ result_ipaclient_test.domain }}"
-      realm: "{{ ipadiscovery.realm }}"
+      realm: "{{ result_ipaclient_test.realm }}"
-      kdc: "{{ ipadiscovery.kdc }}"
+      kdc: "{{ result_ipaclient_test.kdc }}"
-      basedn: "{{ ipadiscovery.basedn }}"
+      basedn: "{{ result_ipaclient_test.basedn }}"
-      hostname: "{{ ipadiscovery.hostname }}"
+      hostname: "{{ result_ipaclient_test.hostname }}"
      force_join: "{{ ipaclient_force_join | default(omit) }}"
      principal: "{{ ipaadmin_principal if not ipaclient_use_otp | bool and ipaclient_keytab is not defined else '' }}"
      password: "{{ ipaadmin_password | default(omit) }}"
      keytab: "{{ ipaclient_keytab | default(omit) }}"
      #ca_cert_file: "{{ ipaclient_ca_cert_file | default(omit) }}"
      kinit_attempts: "{{ ipaclient_kinit_attempts | default(omit) }}"
-    register: ipajoin
+    register: result_ipaclient_join
-    when: not ipaclient_on_master | bool and (not ipatest.krb5_keytab_ok or ipaclient_force_join)
+    when: not ipaclient_on_master | bool and (not result_ipaclient_test_keytab.krb5_keytab_ok or ipaclient_force_join)
  - block:
    - name: Install - End playbook processing
@@ -159,33 +159,33 @@
        state: absent
    - fail:
        msg: "The krb5 configuration is not correct, please enable allow_repair to fix this."
-      when: not ipatest.krb5_conf_ok
+      when: not result_ipaclient_test_keytab.krb5_conf_ok
    - fail:
        msg: "The IPA test failed, please enable allow_repair to fix this."
-      when: not ipatest.ipa_test_ok
+      when: not result_ipaclient_test_keytab.ping_test_ok
    - fail:
        msg: "The ca.crt file is missing, please enable allow_repair to fix this."
-      when: not ipatest.ca_crt_exists
+      when: not result_ipaclient_test_keytab.ca_crt_exists
    - meta: end_play
-    when: not ipaclient_on_master | bool and not ipajoin.changed and not ipaclient_allow_repair | bool and (ipatest.krb5_keytab_ok or (ipajoin.already_joined is defined and ipajoin.already_joined))
+    when: not ipaclient_on_master | bool and not result_ipaclient_join.changed and not ipaclient_allow_repair | bool and (result_ipaclient_test_keytab.krb5_keytab_ok or (result_ipaclient_join.already_joined is defined and result_ipaclient_join.already_joined))
  - name: Install - Configure IPA default.conf
    include_role:
      name: ipaconf
    vars:
-      ipaconf_server: "{{ ipadiscovery.servers[0] }}"
+      ipaconf_server: "{{ result_ipaclient_test.servers[0] }}"
-      ipaconf_domain: "{{ ipadiscovery.domain }}"
+      ipaconf_domain: "{{ result_ipaclient_test.domain }}"
-      ipaconf_realm: "{{ ipadiscovery.realm }}"
+      ipaconf_realm: "{{ result_ipaclient_test.realm }}"
-      ipaconf_hostname: "{{ ipadiscovery.hostname }}"
+      ipaconf_hostname: "{{ result_ipaclient_test.hostname }}"
-      ipaconf_basedn: "{{ ipadiscovery.basedn }}"
+      ipaconf_basedn: "{{ result_ipaclient_test.basedn }}"
    when: not ipaclient_on_master | bool
  - name: Install - Configure SSSD
-    ipasssd:
+    ipaclient_setup_sssd:
-      servers: "{{ ipadiscovery.servers }}"
+      servers: "{{ result_ipaclient_test.servers }}"
-      domain: "{{ ipadiscovery.domain }}"
+      domain: "{{ result_ipaclient_test.domain }}"
-      realm: "{{ ipadiscovery.realm }}"
+      realm: "{{ result_ipaclient_test.realm }}"
-      hostname: "{{ ipadiscovery.hostname }}"
+      hostname: "{{ result_ipaclient_test.hostname }}"
      services: ["ssh", "sudo"]
      krb5_offline_passwords: yes
      on_master: "{{ ipaclient_on_master }}"
@@ -194,66 +194,66 @@
      #dns_updates: no
      #all_ip_addresses: no
-  - name: Install - Configure krb5 for IPA realm "{{ ipadiscovery.realm }} <= 4.4"
+  - name: Install - Configure krb5 for IPA realm "{{ result_ipaclient_test.realm }} <= 4.4"
    include_role:
      name: ipa-krb5
    vars:
-      krb5_servers: "{{ ipadiscovery.servers if not ipadiscovery.dnsok or not ipadiscovery.kdc else [ ] }}"
+      krb5_servers: "{{ result_ipaclient_test.servers if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else [ ] }}"
-      krb5_realm: "{{ ipadiscovery.realm }}"
+      krb5_realm: "{{ result_ipaclient_test.realm }}"
-      krb5_dns_lookup_realm: "{{ 'false' if not ipadiscovery.dnsok or not ipadiscovery.kdc else 'true' }}"
+      krb5_dns_lookup_realm: "{{ 'false' if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else 'true' }}"
-      krb5_dns_lookup_kdc: "{{ 'false' if not ipadiscovery.dnsok or not ipadiscovery.kdc else 'true' }}"
+      krb5_dns_lookup_kdc: "{{ 'false' if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else 'true' }}"
-      krb5_default_domain: "{{ 'true' if not ipadiscovery.dnsok or not ipadiscovery.kdc else 'false' }}"
+      krb5_default_domain: "{{ 'true' if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else 'false' }}"
      krb5_pkinit_anchors: "FILE:/etc/ipa/ca.crt"
-    when: not ipaclient_on_master | bool and ipadiscovery.ipa_python_version <= 40400
+    when: not ipaclient_on_master | bool and result_ipaclient_test.ipa_python_version <= 40400
-  - name: Install - Configure krb5 for IPA realm "{{ ipadiscovery.realm }} > 4.4"
+  - name: Install - Configure krb5 for IPA realm "{{ result_ipaclient_test.realm }} > 4.4"
    include_role:
      name: ipa-krb5
    vars:
-      krb5_servers: "{{ ipadiscovery.servers if not ipadiscovery.dnsok or not ipadiscovery.kdc else [ ] }}"
+      krb5_servers: "{{ result_ipaclient_test.servers if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else [ ] }}"
-      krb5_realm: "{{ ipadiscovery.realm }}"
+      krb5_realm: "{{ result_ipaclient_test.realm }}"
-      krb5_dns_lookup_realm: "{{ 'false' if not ipadiscovery.dnsok or not ipadiscovery.kdc else 'true' }}"
+      krb5_dns_lookup_realm: "{{ 'false' if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else 'true' }}"
-      krb5_dns_lookup_kdc: "{{ 'false' if not ipadiscovery.dnsok or not ipadiscovery.kdc else 'true' }}"
+      krb5_dns_lookup_kdc: "{{ 'false' if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else 'true' }}"
-      krb5_default_domain: "{{ 'true' if not ipadiscovery.dnsok or not ipadiscovery.kdc else 'false' }}"
+      krb5_default_domain: "{{ 'true' if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else 'false' }}"
      krb5_dns_canonicalize_hostname: "false"
      krb5_pkinit_pool: "FILE:/var/lib/ipa-client/pki/ca-bundle.pem"
      krb5_pkinit_anchors: "FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem"
-    when: not ipaclient_on_master | bool and ipadiscovery.ipa_python_version > 40400
+    when: not ipaclient_on_master | bool and result_ipaclient_test.ipa_python_version > 40400
  - name: Install - IPA API calls for remaining enrollment parts
-    ipaapi:
+    ipaclient_api:
-      servers: "{{ ipadiscovery.servers }}"
+      servers: "{{ result_ipaclient_test.servers }}"
-      realm: "{{ ipadiscovery.realm }}"
+      realm: "{{ result_ipaclient_test.realm }}"
-      hostname: "{{ ipadiscovery.hostname }}"
+      hostname: "{{ result_ipaclient_test.hostname }}"
      #debug: yes
-    register: ipaapi
+    register: result_ipaclient_api
  - name: Install - Fix IPA ca
-    ipafixca:
+    ipaclient_fix_ca:
-      servers: "{{ ipadiscovery.servers }}"
+      servers: "{{ result_ipaclient_test.servers }}"
-      realm: "{{ ipadiscovery.realm }}"
+      realm: "{{ result_ipaclient_test.realm }}"
-      basedn: "{{ ipadiscovery.basedn }}"
+      basedn: "{{ result_ipaclient_test.basedn }}"
      allow_repair: "{{ ipaclient_allow_repair }}"
-    when: not ipaclient_on_master | bool and ipatest.krb5_keytab_ok and not ipatest.ca_crt_exists
+    when: not ipaclient_on_master | bool and result_ipaclient_test_keytab.krb5_keytab_ok and not result_ipaclient_test_keytab.ca_crt_exists
  - name: Install - Create IPA NSS database
-    ipanss:
+    ipaclient_setup_nss:
-      servers: "{{ ipadiscovery.servers }}"
+      servers: "{{ result_ipaclient_test.servers }}"
-      domain: "{{ ipadiscovery.domain }}"
+      domain: "{{ result_ipaclient_test.domain }}"
-      realm: "{{ ipadiscovery.realm }}"
+      realm: "{{ result_ipaclient_test.realm }}"
-      basedn: "{{ ipadiscovery.basedn }}"
+      basedn: "{{ result_ipaclient_test.basedn }}"
-      hostname: "{{ ipadiscovery.hostname }}"
+      hostname: "{{ result_ipaclient_test.hostname }}"
-      subject_base: "{{ ipaapi.subject_base }}"
+      subject_base: "{{ result_ipaclient_api.subject_base }}"
      principal: "{{ ipaadmin_principal | default(omit) }}"
      mkhomedir: "{{ ipaclient_mkhomedir | default(omit) }}"
-      ca_enabled: "{{ ipaapi.ca_enabled | default(omit) }}"
+      ca_enabled: "{{ result_ipaclient_api.ca_enabled | default(omit) }}"
      on_master: "{{ ipaclient_on_master }}"
  - name: Install - IPA extras configuration
-    ipaextras:
+    ipaclient_extras:
-      servers: "{{ ipadiscovery.servers }}"
+      servers: "{{ result_ipaclient_test.servers }}"
-      domain: "{{ ipadiscovery.domain }}"
+      domain: "{{ result_ipaclient_test.domain }}"
-      ntp_servers: "{{ ipadiscovery.ntp_servers }}"
+      ntp_servers: "{{ result_ipaclient_test.ntp_servers }}"
      ntp: "{{ ipaclient_ntp | default(omit) }}"
      on_master: "{{ ipaclient_on_master }}"
      #force_ntpd: no
--- a/roles/ipaconf/tasks/main.yml
+++ b/roles/ipaconf/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: Backup IPA default.conf
-  ipafstore:
+  ipaclient_fstore:
    backup: "{{ ipaconf_default_conf }}"
 - name: Template IPA default.conf