ipa/client: Deal with hosts without IPA settings

Don't attempt to loop over undefined variables. This can happen if the relevant `ipa_*` variables aren't defined for any host in the play. Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-02-16 13:48:17 +01:00 · 2021-02-16 13:48:17 +01:00 · 5521d83040
commit 5521d83040
parent 4fbe37e9e2
4 changed files with 15 additions and 0 deletions
--- a/roles/ipa/client/tasks/common.yml
+++ b/roles/ipa/client/tasks/common.yml
@ -26,6 +26,7 @@
    ipaadmin_password: "{{ ipa_server_admin_passwords[item[0]] }}"
    state: present
  loop: "{{ ipa_server_host_groups }}"
+  when: ipa_server_host_groups is defined

 - name: Ensure hosts are in IPA host groups
  delegate_to: "{{ item[0] }}"
@ -36,3 +37,4 @@
    state: present
    host: "{{ item[4] | list }}"
  loop: "{{ ipa_server_host_user_groups_hosts }}"
+  when: ipa_server_host_user_groups_hosts is defined
--- a/roles/ipa/client/tasks/hbac.yml
+++ b/roles/ipa/client/tasks/hbac.yml
@ -16,6 +16,7 @@
      - sysadmin-main
  no_log: true
  loop: "{{ ipa_server_admin_passwords | dict2items }}"
+  when: ipa_server_admin_passwords is defined

 - name: "Enable usergroup/sysadmin-main HBAC rule"
  delegate_to: "{{ item.key }}"
@ -25,6 +26,7 @@
    state: enabled
  no_log: true
  loop: "{{ ipa_server_admin_passwords | dict2items }}"
+  when: ipa_server_admin_passwords is defined

 - name: "Disable allow_all HBAC rule"
  delegate_to: "{{ item.key }}"
@ -34,6 +36,7 @@
    state: disabled
  no_log: true
  loop: "{{ ipa_server_admin_passwords | dict2items }}"
+  when: ipa_server_admin_passwords is defined

 - name: "Let everybody run sudo"
  delegate_to: "{{ item.key }}"
@ -48,6 +51,7 @@
      - Sudo
  no_log: true
  loop: "{{ ipa_server_admin_passwords | dict2items }}"
+  when: ipa_server_admin_passwords is defined

 - name: Add the sshd HBAC service in IPA
  delegate_to: "{{ item.key }}"
@ -57,6 +61,7 @@
    ipaadmin_password: "{{ item.value }}"
  no_log: true
  loop: "{{ ipa_server_admin_passwords | dict2items }}"
+  when: ipa_server_admin_passwords is defined

 - name: Add the shell-access service group in IPA
  delegate_to: "{{ item.key }}"
@ -68,6 +73,7 @@
      - sshd
  no_log: true
  loop: "{{ ipa_server_admin_passwords | dict2items }}"
+  when: ipa_server_admin_passwords is defined

 ## Host group- & host-specific rules

@ -103,6 +109,7 @@
    state: present
    hostgroup: "{{ item[1] }}"
  loop: "{{ ipa_server_host_groups }}"
+  when: ipa_server_host_groups is defined

 - name: Give certain groups shell access per host group
  delegate_to: "{{ item[0] }}"
@ -113,3 +120,4 @@
    state: present
    group: "{{ ipa_server_host_groups_dict[item[0]][item[1]]['shell_groups'] }}"
  loop: "{{ ipa_server_host_groups }}"
+  when: ipa_server_host_groups is defined
--- a/roles/ipa/client/tasks/prepare-ipa-info.yml
+++ b/roles/ipa/client/tasks/prepare-ipa-info.yml
@ -92,6 +92,7 @@
        + ([item.key] | product(item.value | list) | list)
      }}
  loop: "{{ ipa_server_host_groups_dict | dict2items }}"
+  when: ipa_server_host_groups_dict is defined

 # ipa_server_user_groups ->
 #   [
@ -109,6 +110,7 @@
        + ([item.key] | product(item.value.groups) | list)
      }}
  loop: "{{ ipa_server_all_groups_hosts_dict | dict2items }}"
+  when: ipa_server_all_groups_hosts_dict is defined

 # ipa_server_host_user_groups_hosts ->
 #   [
@ -152,3 +154,4 @@
          ]
      }}
  loop: "{{ ipa_server_host_groups }}"
+  when: ipa_server_host_groups is defined
--- a/roles/ipa/client/tasks/sudo.yml
+++ b/roles/ipa/client/tasks/sudo.yml
@ -16,6 +16,7 @@
      - sysadmin-main
  no_log: true
  loop: "{{ ipa_server_admin_passwords | dict2items }}"
+  when: ipa_server_admin_passwords is defined

 - name: Give certain groups sudo access to anything per host group
  delegate_to: "{{ item[0] }}"
@ -30,3 +31,4 @@
    runasusercategory: "all"
    runasgroupcategory: "all"
  loop: "{{ ipa_server_host_groups }}"
+  when: ipa_server_host_groups is defined