Bug 1509603 - [RFE] Provide IPA installation status - for use with ansible.
Summary: [RFE] Provide IPA installation status - for use with ansible.
Status: NEW
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.4
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: ipa-qe
Depends On:
TreeView+ depends on / blocked
Reported: 2017-11-05 03:34 UTC by Paul Armstrong
Modified: 2019-11-04 17:41 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed:
Target Upstream Version:

Attachments (Terms of Use)

Description Paul Armstrong 2017-11-05 03:34:38 UTC
Description of problem:
There is no easy and clear way to determine whether the ipa-client is installed and configured on a system. From an ansible perspective, you are forced to do some creative work to determine if the client is installed and then you have to use ignore_errors and the like.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Try to use ansible to install and configure ipa-client when it is already installed.
2. Bang head.

Actual results:
Frustration :-(

Expected results:
Lack of frustration :-)
Be able to determine whether the client was installed, configured and working correctly so that we can skip the associated tasks if all was good.

Additional info:
Current work around is to force uninstall with ignore_errors, perform some manual cleanup and the reinstall. This tends to mess with the configuration of the system on the IdM server, depending on how much you have configured.

Comment 3 Florence Blanc-Renaud 2017-11-06 07:56:39 UTC
This RFE is also related to
https://pagure.io/freeipa/issue/6408  [RFE] Facts for Ansible integration
https://pagure.io/freeipa/issue/6942  Provide indication that install is completed

Comment 4 Florence Blanc-Renaud 2017-11-15 10:08:23 UTC

are you trying to write your own Ansible playbook to deploy FreeIPA clients? In this case, you may be interested by the work being done to deploy a FreeIPA client using Ansible in https://github.com/freeipa/ansible-freeipa.

This FreeIPA client role is also able to repair broken installations.

Comment 5 Paul Armstrong 2017-11-17 22:51:44 UTC
Yes, this is what I am working on. There are several items that need to be addressed. I have been looking here previously and will monitor. I wanted to ensure that these aspects are being looked at.

Also, all freeipa ansible modules should support authentication using a keytab or other suitable mechanism to keep credentials out of scripts and command history (i.e. passing by environment).



Comment 6 Rob Crittenden 2018-01-15 17:01:23 UTC
Upstream ticket:

Comment 7 Rob Crittenden 2018-01-15 17:03:35 UTC
Upstream ticket:

Comment 8 Christian Heimes 2018-02-05 15:41:03 UTC
I closed https://pagure.io/freeipa/issue/6408 in favor of duplicate https://pagure.io/freeipa/issue/6645

Note You need to log in before you can comment on or make changes to this bug.