RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Description of problem:
There is no easy and clear way to determine whether the ipa-client is installed and configured on a system. From an ansible perspective, you are forced to do some creative work to determine if the client is installed and then you have to use ignore_errors and the like.

Version-Release number of selected component (if applicable):
7.4

How reproducible:
Always

Steps to Reproduce:
1. Try to use ansible to install and configure ipa-client when it is already installed.
2. Bang head.
3.

Actual results:
Frustration :-(

Expected results:
Lack of frustration :-)
Be able to determine whether the client was installed, configured and working correctly so that we can skip the associated tasks if all was good.

Additional info:
Current work around is to force uninstall with ignore_errors, perform some manual cleanup and the reinstall. This tends to mess with the configuration of the system on the IdM server, depending on how much you have configured.

This RFE is also related to
https://pagure.io/freeipa/issue/6408  [RFE] Facts for Ansible integration
https://pagure.io/freeipa/issue/6942  Provide indication that install is completed

Hi,

are you trying to write your own Ansible playbook to deploy FreeIPA clients? In this case, you may be interested by the work being done to deploy a FreeIPA client using Ansible in https://github.com/freeipa/ansible-freeipa.

This FreeIPA client role is also able to repair broken installations.

Yes, this is what I am working on. There are several items that need to be addressed. I have been looking here previously and will monitor. I wanted to ensure that these aspects are being looked at.

Also, all freeipa ansible modules should support authentication using a keytab or other suitable mechanism to keep credentials out of scripts and command history (i.e. passing by environment).

Cheers,

PA

Upstream ticket:
https://pagure.io/freeipa/issue/6408

Upstream ticket:
https://pagure.io/freeipa/issue/6942

I closed https://pagure.io/freeipa/issue/6408 in favor of duplicate https://pagure.io/freeipa/issue/6645