From 006b2246b1dc0fe98a95c6e4c3476751a0294632 Mon Sep 17 00:00:00 2001
From: Nils Philippsen <nils@redhat.com>
Date: Fri, 19 Mar 2021 17:25:38 +0100
Subject: [PATCH] ipa/client: enable for ipa in prod

Signed-off-by: Nils Philippsen <nils@redhat.com>
---
 inventory/group_vars/ipa | 3 +--
 playbooks/groups/ipa.yml | 5 +----
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/inventory/group_vars/ipa b/inventory/group_vars/ipa
index 25cc4fb87d..20066f0cb2 100644
--- a/inventory/group_vars/ipa
+++ b/inventory/group_vars/ipa
@@ -10,8 +10,7 @@ custom_rules: [
     '-A INPUT -p udp -m udp -s 10.5.0.0/16 --dport 53 -j ACCEPT'
 ]
 
-fas_client_groups: sysadmin-main,sysadmin-accounts
-
+primary_auth_source: ipa
 ipa_host_group: ipa
 ipa_host_group_desc: IPA service
 ipa_client_shell_groups:
diff --git a/playbooks/groups/ipa.yml b/playbooks/groups/ipa.yml
index 1ec86ff95e..47138fd86b 100644
--- a/playbooks/groups/ipa.yml
+++ b/playbooks/groups/ipa.yml
@@ -16,8 +16,7 @@
   - nagios_client
   - collectd/base
   - hosts
-  - { role: fas_client, when: env != "staging" }
-  - { role: ipa/client, when: env == "staging" }
+  - ipa/client
   - rsyncd
   - sudo
   - { role: openvpn/client,
@@ -27,8 +26,6 @@
   - import_tasks: "{{ tasks_path }}/yumrepos.yml"
 
   tasks:
-  - import_tasks: "{{ tasks_path }}/2fa_client.yml"
-    when: env != 'staging'
   - import_tasks: "{{ tasks_path }}/motd.yml"
 
   handlers: