Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1509603 - [RFE] Provide IPA installation status - for use with ansible.
Summary: [RFE] Provide IPA installation status - for use with ansible.
Keywords:
Status: NEW
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: ipa-qe
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-05 03:34 UTC by Paul Armstrong
Modified: 2019-04-10 09:02 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Paul Armstrong 2017-11-05 03:34:38 UTC
Description of problem:
There is no easy and clear way to determine whether the ipa-client is installed and configured on a system. From an ansible perspective, you are forced to do some creative work to determine if the client is installed and then you have to use ignore_errors and the like.

Version-Release number of selected component (if applicable):
7.4

How reproducible:
Always

Steps to Reproduce:
1. Try to use ansible to install and configure ipa-client when it is already installed.
2. Bang head.
3.

Actual results:
Frustration :-(

Expected results:
Lack of frustration :-)
Be able to determine whether the client was installed, configured and working correctly so that we can skip the associated tasks if all was good.

Additional info:
Current work around is to force uninstall with ignore_errors, perform some manual cleanup and the reinstall. This tends to mess with the configuration of the system on the IdM server, depending on how much you have configured.

Comment 3 Florence Blanc-Renaud 2017-11-06 07:56:39 UTC
This RFE is also related to
https://pagure.io/freeipa/issue/6408  [RFE] Facts for Ansible integration
https://pagure.io/freeipa/issue/6942  Provide indication that install is completed

Comment 4 Florence Blanc-Renaud 2017-11-15 10:08:23 UTC
Hi,

are you trying to write your own Ansible playbook to deploy FreeIPA clients? In this case, you may be interested by the work being done to deploy a FreeIPA client using Ansible in https://github.com/freeipa/ansible-freeipa.

This FreeIPA client role is also able to repair broken installations.

Comment 5 Paul Armstrong 2017-11-17 22:51:44 UTC
Yes, this is what I am working on. There are several items that need to be addressed. I have been looking here previously and will monitor. I wanted to ensure that these aspects are being looked at.

Also, all freeipa ansible modules should support authentication using a keytab or other suitable mechanism to keep credentials out of scripts and command history (i.e. passing by environment).

Cheers,

PA

Comment 6 Rob Crittenden 2018-01-15 17:01:23 UTC
Upstream ticket:
https://pagure.io/freeipa/issue/6408

Comment 7 Rob Crittenden 2018-01-15 17:03:35 UTC
Upstream ticket:
https://pagure.io/freeipa/issue/6942

Comment 8 Christian Heimes 2018-02-05 15:41:03 UTC
I closed https://pagure.io/freeipa/issue/6408 in favor of duplicate https://pagure.io/freeipa/issue/6645


Note You need to log in before you can comment on or make changes to this bug.