From 2e7ede1b71d19c691630918a2f55fef697c527de Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= <aurelien@bompard.org>
Date: Thu, 20 Aug 2020 15:11:11 +0200
Subject: [PATCH] Refactor the keytab/service role to prepare for more ipa
 roles
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
---
 roles/ipa/host/tasks/main.yml       | 27 ++++++++++++++++++
 roles/ipa/service/tasks/main.yml    | 38 +++++++++++++++++++++++++
 roles/keytab/service/tasks/main.yml | 44 ++++++++++++-----------------
 3 files changed, 83 insertions(+), 26 deletions(-)
 create mode 100644 roles/ipa/host/tasks/main.yml
 create mode 100644 roles/ipa/service/tasks/main.yml

diff --git a/roles/ipa/host/tasks/main.yml b/roles/ipa/host/tasks/main.yml
new file mode 100644
index 0000000000..0fe54b27c9
--- /dev/null
+++ b/roles/ipa/host/tasks/main.yml
@@ -0,0 +1,27 @@
+---
+- name: Get admin ticket
+  delegate_to: "{{ ipa_server }}"
+  shell: echo "{{ipa_admin_password}}" | kinit admin
+  check_mode: no
+  changed_when: "1 != 1"
+  tags:
+  - config
+  - krb5
+
+- name: Create host entry
+  delegate_to: "{{ ipa_server }}"
+  command: ipa host-add --force {{host}}
+  register: host_add_result
+  check_mode: no
+  changed_when: "'Added host' in host_add_result.stdout"
+  failed_when: "not ('Added host' in host_add_result.stdout or 'already exists' in host_add_result.stderr)"
+  tags:
+  - config
+  - krb5
+
+- name: Destroy admin ticket
+  delegate_to: "{{ ipa_server }}"
+  command: kdestroy -A
+  tags:
+  - config
+  - krb5
diff --git a/roles/ipa/service/tasks/main.yml b/roles/ipa/service/tasks/main.yml
new file mode 100644
index 0000000000..b2899df93f
--- /dev/null
+++ b/roles/ipa/service/tasks/main.yml
@@ -0,0 +1,38 @@
+---
+- name: Get admin ticket
+  delegate_to: "{{ ipa_server }}"
+  shell: echo "{{ipa_admin_password}}" | kinit admin
+  check_mode: no
+  changed_when: "1 != 1"
+  tags:
+  - config
+  - krb5
+
+- name: Create host entry
+  delegate_to: "{{ ipa_server }}"
+  command: ipa host-add --force {{host}}
+  register: host_add_result
+  check_mode: no
+  changed_when: "'Added host' in host_add_result.stdout"
+  failed_when: "not ('Added host' in host_add_result.stdout or 'already exists' in host_add_result.stderr)"
+  tags:
+  - config
+  - krb5
+
+- name: Create service entry
+  delegate_to: "{{ ipa_server }}"
+  command: ipa service-add --force {{service}}/{{host}}
+  register: service_add_result
+  check_mode: no
+  changed_when: "'Added service' in service_add_result.stdout"
+  failed_when: "not ('Added service' in service_add_result.stdout or 'already exists' in service_add_result.stderr)"
+  tags:
+  - config
+  - krb5
+
+- name: Destroy admin ticket
+  delegate_to: "{{ ipa_server }}"
+  command: kdestroy -A
+  tags:
+  - config
+  - krb5
diff --git a/roles/keytab/service/tasks/main.yml b/roles/keytab/service/tasks/main.yml
index ede4f0e12b..8e04b6efda 100644
--- a/roles/keytab/service/tasks/main.yml
+++ b/roles/keytab/service/tasks/main.yml
@@ -9,6 +9,24 @@
   - config
   - krb5
 
+- name: Create host entry
+  include_role:
+    name: ipa/host
+  tags:
+  - keytab
+  - config
+  - krb5
+  when: not keytab_status.stat.exists and service == "host"
+
+- name: Create service entry
+  include_role:
+    name: ipa/service
+  tags:
+  - keytab
+  - config
+  - krb5
+  when: not keytab_status.stat.exists and service != "host"
+
 - name: Get admin ticket
   delegate_to: "{{ ipa_server }}"
   shell: echo "{{ipa_admin_password}}" | kinit admin
@@ -20,32 +38,6 @@
   - krb5
   when: not keytab_status.stat.exists
 
-- name: Create host entry
-  delegate_to: "{{ ipa_server }}"
-  command: ipa host-add --force {{host}}
-  register: host_add_result
-  check_mode: no
-  changed_when: "'Added host' in host_add_result.stdout"
-  failed_when: "not ('Added host' in host_add_result.stdout or 'already exists' in host_add_result.stderr)"
-  tags:
-  - keytab
-  - config
-  - krb5
-  when: not keytab_status.stat.exists
-
-- name: Create service entry
-  delegate_to: "{{ ipa_server }}"
-  command: ipa service-add --force {{service}}/{{host}}
-  register: service_add_result
-  check_mode: no
-  changed_when: "'Added service' in service_add_result.stdout"
-  failed_when: "not ('Added service' in service_add_result.stdout or 'already exists' in service_add_result.stderr)"
-  tags:
-  - keytab
-  - config
-  - krb5
-  when: not keytab_status.stat.exists and service != "host"
-
 - name: Grant host access to keytab
   delegate_to: "{{ ipa_server }}"
   command: ipa service-allow-retrieve-keytab {{service}}/{{host}} --hosts={{inventory_hostname}}