Description of problem:
There is no easy and clear way to determine whether the ipa-client is installed and configured on a system. From an ansible perspective, you are forced to do some creative work to determine if the client is installed and then you have to use ignore_errors and the like.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Try to use ansible to install and configure ipa-client when it is already installed.
2. Bang head.
Lack of frustration :-)
Be able to determine whether the client was installed, configured and working correctly so that we can skip the associated tasks if all was good.
Current work around is to force uninstall with ignore_errors, perform some manual cleanup and the reinstall. This tends to mess with the configuration of the system on the IdM server, depending on how much you have configured.
This RFE is also related to
https://pagure.io/freeipa/issue/6408 [RFE] Facts for Ansible integration
https://pagure.io/freeipa/issue/6942 Provide indication that install is completed
are you trying to write your own Ansible playbook to deploy FreeIPA clients? In this case, you may be interested by the work being done to deploy a FreeIPA client using Ansible in https://github.com/freeipa/ansible-freeipa.
This FreeIPA client role is also able to repair broken installations.
Yes, this is what I am working on. There are several items that need to be addressed. I have been looking here previously and will monitor. I wanted to ensure that these aspects are being looked at.
Also, all freeipa ansible modules should support authentication using a keytab or other suitable mechanism to keep credentials out of scripts and command history (i.e. passing by environment).
I closed https://pagure.io/freeipa/issue/6408 in favor of duplicate https://pagure.io/freeipa/issue/6645