From 40a5fed45e58c9b8c7de93d3b395b9de6aaf8587 Mon Sep 17 00:00:00 2001
From: Nils Philippsen <nils@redhat.com>
Date: Fri, 19 Mar 2021 17:25:38 +0100
Subject: [PATCH] ipa/client: enable for oci_registry in prod

Signed-off-by: Nils Philippsen <nils@redhat.com>
---
 inventory/group_vars/oci_registry | 8 +++++++-
 playbooks/groups/oci-registry.yml | 5 +----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/inventory/group_vars/oci_registry b/inventory/group_vars/oci_registry
index cece6f43cf..4085d04ee9 100644
--- a/inventory/group_vars/oci_registry
+++ b/inventory/group_vars/oci_registry
@@ -1,6 +1,12 @@
 ---
 
-fas_client_groups: sysadmin-releng
+primary_auth_source: ipa
+ipa_host_group: oci-registry
+ipa_host_group_desc: OCI Registry service
+ipa_client_shell_groups:
+- sysadmin-releng
+ipa_client_sudo_groups:
+- sysadmin-releng
 
 sudoers: "{{ private }}/files/sudo/00releng-sudoers"
 
diff --git a/playbooks/groups/oci-registry.yml b/playbooks/groups/oci-registry.yml
index 32b672d104..1a4f4112eb 100644
--- a/playbooks/groups/oci-registry.yml
+++ b/playbooks/groups/oci-registry.yml
@@ -16,8 +16,7 @@
   - rkhunter
   - nagios_client
   - hosts
-  - { role: fas_client, when: env != "staging" }
-  - { role: ipa/client, when: env == "staging" }
+  - ipa/client
   - collectd/base
   - rsyncd
   - sudo
@@ -40,8 +39,6 @@
   - import_tasks: "{{ tasks_path }}/yumrepos.yml"
 
   tasks:
-  - import_tasks: "{{ tasks_path }}/2fa_client.yml"
-    when: env != "staging"
   - import_tasks: "{{ tasks_path }}/motd.yml"
 
   handlers: