Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 1509603

Summary: [RFE] Provide IPA installation status - for use with ansible.
Product: Red Hat Enterprise Linux 7 Reporter: Paul Armstrong <parmstro>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: NEW --- QA Contact: ipa-qe <ipa-qe>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.4CC: cheimes, frenaud, parmstro, pasik, pvoborni, rcritten, rob.verduijn, tscherf
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Paul Armstrong 2017-11-05 03:34:38 UTC
Description of problem:
There is no easy and clear way to determine whether the ipa-client is installed and configured on a system. From an ansible perspective, you are forced to do some creative work to determine if the client is installed and then you have to use ignore_errors and the like.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Try to use ansible to install and configure ipa-client when it is already installed.
2. Bang head.

Actual results:
Frustration :-(

Expected results:
Lack of frustration :-)
Be able to determine whether the client was installed, configured and working correctly so that we can skip the associated tasks if all was good.

Additional info:
Current work around is to force uninstall with ignore_errors, perform some manual cleanup and the reinstall. This tends to mess with the configuration of the system on the IdM server, depending on how much you have configured.

Comment 3 Florence Blanc-Renaud 2017-11-06 07:56:39 UTC
This RFE is also related to  [RFE] Facts for Ansible integration  Provide indication that install is completed

Comment 4 Florence Blanc-Renaud 2017-11-15 10:08:23 UTC

are you trying to write your own Ansible playbook to deploy FreeIPA clients? In this case, you may be interested by the work being done to deploy a FreeIPA client using Ansible in

This FreeIPA client role is also able to repair broken installations.

Comment 5 Paul Armstrong 2017-11-17 22:51:44 UTC
Yes, this is what I am working on. There are several items that need to be addressed. I have been looking here previously and will monitor. I wanted to ensure that these aspects are being looked at.

Also, all freeipa ansible modules should support authentication using a keytab or other suitable mechanism to keep credentials out of scripts and command history (i.e. passing by environment).



Comment 6 Rob Crittenden 2018-01-15 17:01:23 UTC
Upstream ticket:

Comment 7 Rob Crittenden 2018-01-15 17:03:35 UTC
Upstream ticket:

Comment 8 Christian Heimes 2018-02-05 15:41:03 UTC
I closed in favor of duplicate