internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-06 13:23:14 +00:00
Code Issues Projects Releases Wiki Activity

Fix logic trying to obtain a keytab

Browse Source 
When ipahost is run to generate an OTP and the host is already existing,
the OTP is properly generated but ipa-join will fail if the host is
already enrolled (ie when it has a keytab).
Add a step calling ipa host-disable to erase OTP and keytab before
requesting an OTP.
This commit is contained in:
Florence Blanc-Renaud
2017-09-15 13:49:09 +02:00
parent 38d7223376
commit c824cf6745
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
library/ipahost.py
View File

@@ -197,6 +197,12 @@ def ensure_host_present(module, api, ipahost):
if module.check_mode:
module.exit_json(changed=True)
# If we want to create a random password, and the host
# already has Keytab: true, then we need first to run
# ipa host-disable in order to remove OTP and keytab
if module.params.get('random') and ipahost['has_keytab'] == True:
api.Command.host_disable(fqdn)
result = api.Command.host_mod(fqdn, **diffs)
# Save random password as it is not displayed by host-show
if module.params.get('random'):