From 77b9de661ebd36436b442969acfc4299f1518f82 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= Date: Wed, 21 Oct 2020 16:21:20 +0200 Subject: [PATCH] Adjust conditions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Aurélien Bompard --- roles/ipa/server/tasks/main.yml | 34 ++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/roles/ipa/server/tasks/main.yml b/roles/ipa/server/tasks/main.yml index 360604a930..7715eae320 100644 --- a/roles/ipa/server/tasks/main.yml +++ b/roles/ipa/server/tasks/main.yml @@ -237,14 +237,18 @@ failed_when: "'no modifications to be performed' not in output.stderr and output.rc != 0" - name: Configure password policy - command: ipa pwpolicy-mod global_policy --maxlife=0 --minlife=0 --history=0 --minclasses=0 --minlength=0 --maxfail=0 + ipapwpolicy: + minlife: 0 + maxlife: 0 + history: 0 + minclasses: 0 + minlength: 0 + maxfail: 0 + ipaadmin_password: "{{ ipa_admin_password }}" tags: - ipa/server - config when: ipa_initial - register: pwpolicy_output - changed_when: "'no modifications to be performed' not in pwpolicy_output.stderr" - failed_when: "'no modifications to be performed' not in pwpolicy_output.stderr and pwpolicy_output.rc != 0" - name: Create fas_sync user ipauser: @@ -296,8 +300,8 @@ - config when: ipa_initial register: create_output - changed_when: "'already exists' not in create_output.stdout" - failed_when: "'already exists' not in create_output.stdout and create_output.rc != 0" + changed_when: "'already exists' not in create_output.stderr" + failed_when: "'already exists' not in create_output.stderr and create_output.rc != 0" - name: Update the certificate profile command: @@ -311,7 +315,7 @@ tags: - ipa/server - config - when: "ipa_initial and 'already exists' in create_output.stdout" + when: "ipa_initial and 'already exists' in create_output.stderr" # Create a new ACL linking the new profile and ipausers group (that all users are members of) - name: Create the CA ACL for the new certificate profile @@ -321,8 +325,8 @@ - config when: ipa_initial register: output - changed_when: "'already exists' not in output.stdout" - failed_when: "'already exists' not in output.stdout and output.rc != 0" + changed_when: "'already exists' not in output.stderr" + failed_when: "'already exists' not in output.stderr and output.rc != 0" - name: Add the ipausers group to the CA ACL command: ipa caacl-add-user userCerts --group ipausers tags: @@ -330,8 +334,8 @@ - config when: ipa_initial register: output - changed_when: "'already exists' not in output.stdout" - failed_when: "'already exists' not in output.stdout and output.rc != 0" + changed_when: "'already exists' not in output.stderr" + failed_when: "'already exists' not in output.stderr and output.rc != 0" - name: Add the ipausers group to the CA ACL command: ipa caacl-add-profile userCerts --certprofile userCerts tags: @@ -339,8 +343,8 @@ - config when: ipa_initial register: output - changed_when: "'already exists' not in output.stdout" - failed_when: "'already exists' not in output.stdout and output.rc != 0" + changed_when: "'already exists' not in output.stderr" + failed_when: "'already exists' not in output.stderr and output.rc != 0" # HBAC @@ -389,8 +393,8 @@ - config when: ipa_initial register: output - changed_when: "'already exists' not in output.stdout" - failed_when: "'already exists' not in output.stdout and output.rc != 0" + changed_when: "'already exists' not in output.stderr" + failed_when: "'already exists' not in output.stderr and output.rc != 0" - name: Setup the noggin privilege command: