Ansible is now also supporting discovered_python_interpreter for
action_plugins. task_vars needs to be non Null and contain a setting for
discovered_python_interpreter. The ipaclient_get_otp action_plugin
therefore needed to be adapted.
If kinit_password call failed because of wrong password or even because
kinit was not found, there was a very unspecific error message. Now these
errors will be properly reported.
Fixes: RHBZ#1727277
With the deactivation of the Python2/3 test the handling of
ansible_python_interpreter needs to be removed as the setting might
not exist and is not changed in with the Python2/3 test any more.
gssapi is only needed for OTP if keytab is used. The common case with
password does not require gssapi.
This change also fixes the new ansible 2.8 failure if gssapi is not
installed on the controller. Ansible 2.8 seems to also transfer and load
action plugins to the node if they are not used.
The naming in the ipaclient role has not been following the naming scheme
and conventions used in the ipaserver and ipareplica roles. Also registered
results of modules and commands have not been unsing the result_ prefix as
in the other roles. All this has been fixed and the naming is consistent
now.
These are the renames:
ipahost -> ipaclient_get_otp
ipaapi -> ipaclient_api
ipaextras -> ipaclient_extras
ipafixca -> ipaclient_fix_ca
ipafstore -> ipaclient_fstore
ipa_facts -> ipaclient_get_facts
ipahost -> ipaclient_get_otp
ipajoin -> ipaclient_join
ipanss -> ipaclient_setup_nss
ipasssd -> ipaclient_setup_sssd
ipadiscovery -> ipaclient_test
ipatest -> ipaclient_test_keytab
As the action plugin is used with the default python interpreter and
the change to python3 for FreeIPA, the use of OTP was not working anymore.
The ansible_python_interpreter is not automatically used for the module
part of the action plugin. Therefore ansible_python_interpreter needed to
be added to the action plugin call as a new var to make sure that the
module part is used with the proper python version.
Also a new import for the Python2/3 import test has been added to discover
of the server is supporting python2 or python3. The old
ansible_python_interpreter setting is saved before doing this and restored
after the one-time password has been generated on the server.
The directories library and action_plugins do only contain ipaclient specific
modules and plugins. Therefore these directories should be located in the
ipaclient role directory.
