From 3e349c80eccd8649ba1ebd69e0ae8624247d3322 Mon Sep 17 00:00:00 2001
From: Michal Konecny <mkonecny@redhat.com>
Date: Thu, 16 Nov 2023 12:06:22 +0100
Subject: [PATCH] [IPA] Use ipactl status output for replication check

As the /etc/ipa/default.conf is already created by ipa/client role, we need to
find another way to check if replication is needed. Calling `ipactl status`
should be more reliable.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
---
 roles/ipa/server/tasks/main.yml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/roles/ipa/server/tasks/main.yml b/roles/ipa/server/tasks/main.yml
index bd8385a3ed..6d276dc3a0 100644
--- a/roles/ipa/server/tasks/main.yml
+++ b/roles/ipa/server/tasks/main.yml
@@ -110,8 +110,13 @@
   - ipa/server
   - config
 
+  # ipactl status has return code > 0 when the IPA is not set up yet
+  # even if the client is already installed
+  # Previously we checked in /etc/ipa/default.conf exists, but this
+  # is already created in ipa/client role so the replica never
+  # started
 - name: determine whether we need to set up replication
-  stat: path=/etc/ipa/default.conf
+  shell: ipactl status
   register: replication_status
   tags:
   - ipa/server
@@ -186,7 +191,7 @@
              --dirsrv-config-file=/root/ldif/replica-install.ldif
              creates=/etc/ipa/default.conf
     when: ansible_distribution_major_version|int >= 8
-  when: not ipa_initial and not replication_status.stat.exists
+  when: not ipa_initial and replication_status.rc > 0
   tags:
   - ipa/server
   - config