From 10dc944bbf8c9a8a72a871885e0f8aa23da12905 Mon Sep 17 00:00:00 2001
From: Michal Konecny <mkonecny@redhat.com>
Date: Fri, 11 Oct 2024 14:12:20 +0200
Subject: [PATCH] [ipa/server] Retrieve admin ticket before removing agreement

Removing the replication agreement needs admin kerberos ticket. Let's obtain one
before removing the replication agreement.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
---
 roles/ipa/server/tasks/main.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/roles/ipa/server/tasks/main.yml b/roles/ipa/server/tasks/main.yml
index b191e8ccae..ffe6796df4 100644
--- a/roles/ipa/server/tasks/main.yml
+++ b/roles/ipa/server/tasks/main.yml
@@ -134,6 +134,10 @@
              --unattended
     when: ansible_distribution_major_version|int >= 9
 
+  - name: Get admin ticket on ipa master
+    shell: echo "{{ipa_admin_password}}" | kinit admin
+    delegate_to: "{{ ipa_server }}"
+
     # Replication agreement needs to be removed from ipa cluster
     # before installing the replica
   - name: Remove the replication agreement for the replica