Refactor the keytab/service role to prepare for more ipa roles

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>

roles/ipa/host/tasks/main.yml

@@ -0,0 +1,27 @@
+---
+- name: Get admin ticket
+  delegate_to: "{{ ipa_server }}"
+  shell: echo "{{ipa_admin_password}}" | kinit admin
+  check_mode: no
+  changed_when: "1 != 1"
+  tags:
+  - config
+  - krb5
+
+- name: Create host entry
+  delegate_to: "{{ ipa_server }}"
+  command: ipa host-add --force {{host}}
+  register: host_add_result
+  check_mode: no
+  changed_when: "'Added host' in host_add_result.stdout"
+  failed_when: "not ('Added host' in host_add_result.stdout or 'already exists' in host_add_result.stderr)"
+  tags:
+  - config
+  - krb5
+
+- name: Destroy admin ticket
+  delegate_to: "{{ ipa_server }}"
+  command: kdestroy -A
+  tags:
+  - config
+  - krb5

roles/ipa/service/tasks/main.yml

@@ -0,0 +1,38 @@
+---
+- name: Get admin ticket
+  delegate_to: "{{ ipa_server }}"
+  shell: echo "{{ipa_admin_password}}" | kinit admin
+  check_mode: no
+  changed_when: "1 != 1"
+  tags:
+  - config
+  - krb5
+
+- name: Create host entry
+  delegate_to: "{{ ipa_server }}"
+  command: ipa host-add --force {{host}}
+  register: host_add_result
+  check_mode: no
+  changed_when: "'Added host' in host_add_result.stdout"
+  failed_when: "not ('Added host' in host_add_result.stdout or 'already exists' in host_add_result.stderr)"
+  tags:
+  - config
+  - krb5
+
+- name: Create service entry
+  delegate_to: "{{ ipa_server }}"
+  command: ipa service-add --force {{service}}/{{host}}
+  register: service_add_result
+  check_mode: no
+  changed_when: "'Added service' in service_add_result.stdout"
+  failed_when: "not ('Added service' in service_add_result.stdout or 'already exists' in service_add_result.stderr)"
+  tags:
+  - config
+  - krb5
+
+- name: Destroy admin ticket
+  delegate_to: "{{ ipa_server }}"
+  command: kdestroy -A
+  tags:
+  - config
+  - krb5

roles/keytab/service/tasks/main.yml

@@ -9,6 +9,24 @@
   - config
   - krb5
 
+- name: Create host entry
+  include_role:
+    name: ipa/host
+  tags:
+  - keytab
+  - config
+  - krb5
+  when: not keytab_status.stat.exists and service == "host"
+
+- name: Create service entry
+  include_role:
+    name: ipa/service
+  tags:
+  - keytab
+  - config
+  - krb5
+  when: not keytab_status.stat.exists and service != "host"
+
 - name: Get admin ticket
   delegate_to: "{{ ipa_server }}"
   shell: echo "{{ipa_admin_password}}" | kinit admin
@@ -20,32 +38,6 @@
   - krb5
   when: not keytab_status.stat.exists
 
-- name: Create host entry
-  delegate_to: "{{ ipa_server }}"
-  command: ipa host-add --force {{host}}
-  register: host_add_result
-  check_mode: no
-  changed_when: "'Added host' in host_add_result.stdout"
-  failed_when: "not ('Added host' in host_add_result.stdout or 'already exists' in host_add_result.stderr)"
-  tags:
-  - keytab
-  - config
-  - krb5
-  when: not keytab_status.stat.exists
-
-- name: Create service entry
-  delegate_to: "{{ ipa_server }}"
-  command: ipa service-add --force {{service}}/{{host}}
-  register: service_add_result
-  check_mode: no
-  changed_when: "'Added service' in service_add_result.stdout"
-  failed_when: "not ('Added service' in service_add_result.stdout or 'already exists' in service_add_result.stderr)"
-  tags:
-  - keytab
-  - config
-  - krb5
-  when: not keytab_status.stat.exists and service != "host"
-
 - name: Grant host access to keytab
   delegate_to: "{{ ipa_server }}"
   command: ipa service-allow-retrieve-keytab {{service}}/{{host}} --hosts={{inventory_hostname}}