From 35f2aeb15dc7f689fa2db08733c969b1dec11bea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= <aurelien@bompard.org>
Date: Thu, 15 Oct 2020 18:04:21 +0200
Subject: [PATCH] Actually those tasks must be run on the IPA server
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
---
 roles/ipsilon/tasks/main.yml | 36 ++++++++++++++++++++----------------
 1 file changed, 20 insertions(+), 16 deletions(-)

diff --git a/roles/ipsilon/tasks/main.yml b/roles/ipsilon/tasks/main.yml
index e2f10afe0b..6f7d1e32e2 100644
--- a/roles/ipsilon/tasks/main.yml
+++ b/roles/ipsilon/tasks/main.yml
@@ -124,6 +124,26 @@
 - include_role:
     name: ipa/client
 
+- name: Add the ipsilon HBAC service in IPA
+  ipahbacsvc:
+    name: ipsilon
+    description: Ipsilon authentication service
+    ipaadmin_password: "{{ ipa_admin_password }}"
+  delegate_to: "{{ ipa_server }}"
+  tags:
+  - ipsilon
+
+- name: Allow login through ipsilon
+  ipahbacrule:
+    name: ipsilon_login
+    description: Login through ipsilon
+    hbacsvc:
+    - ipsilon
+    ipaadmin_password: "{{ ipa_admin_password }}"
+  delegate_to: "{{ ipa_server }}"
+  tags:
+  - ipsilon
+
 - name: Get admin ticket
   shell: echo "{{ipa_admin_password}}" | kinit admin
   check_mode: no
@@ -145,22 +165,6 @@
   tags:
   - ipsilon
 
-- name: Add the ipsilon HBAC service in IPA
-  ipahbacsvc:
-    name: ipsilon
-    description: Ipsilon authentication service
-  tags:
-  - ipsilon
-
-- name: Allow login through ipsilon
-  ipahbacrule:
-    name: ipsilon_login
-    description: Login through ipsilon
-    hbacsvc:
-    - ipsilon
-  tags:
-  - ipsilon
-
 - name: Destroy admin ticket
   command: kdestroy -A
   tags: