Support getting a host keytab from IPA

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>

roles/keytab/service/tasks/main.yml

@@ -40,11 +40,16 @@
 
 - name: Grant host access to keytab
   delegate_to: "{{ ipa_server }}"
-  command: ipa service-allow-retrieve-keytab {{service}}/{{host}} --hosts={{inventory_hostname}}
+  command:
-  register: service_perm_add_result
+    argv:
+    - ipa
+    - "{{ (service == 'host')|ternary('host', 'service') }}-allow-retrieve-keytab"
+    - "{{service}}/{{host}}"
+    - --hosts={{inventory_hostname}}
+  register: perm_add_result
   check_mode: no
-  changed_when: "'members added 1' in service_perm_add_result.stdout"
+  changed_when: "'members added 1' in perm_add_result.stdout"
-  failed_when: "not ('members added' in service_perm_add_result.stdout)"
+  failed_when: "not ('members added' in perm_add_result.stdout)"
   tags:
   - keytab
   - config
@@ -53,11 +58,16 @@
 
 - name: Grant admin access to keytab
   delegate_to: "{{ ipa_server }}"
-  command: ipa service-allow-retrieve-keytab {{service}}/{{host}} --users=admin
+  command:
-  register: service_perm_add_result
+    argv:
+    - ipa
+    - "{{ (service == 'host')|ternary('host', 'service') }}-allow-retrieve-keytab"
+    - "{{service}}/{{host}}"
+    - --users=admin
+  register: perm_add_result
   check_mode: no
-  changed_when: "'members added 1' in service_perm_add_result.stdout"
+  changed_when: "'members added 1' in perm_add_result.stdout"
-  failed_when: "not ('members added' in service_perm_add_result.stdout)"
+  failed_when: "not ('members added' in perm_add_result.stdout)"
   tags:
   - keytab
   - config