Move IPA hostname checks to ipa_initial variable

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>

inventory/group_vars/ipa

@@ -1,12 +1,12 @@
 ---
-# Define resources for this group of hosts here. 
+# Define resources for this group of hosts here.
 lvm_size: 30000
 mem_size: 6144
 num_cpus: 2
 
 tcp_ports: [ 80, 88, 389, 443, 464, 636 ]
 
-custom_rules: [ 
+custom_rules: [
     '-A INPUT -p udp -m udp -s 10.5.0.0/16 --dport 53 -j ACCEPT'
 ]
 
@@ -15,5 +15,6 @@ fas_client_groups: sysadmin-main,sysadmin-accounts
 nrpe_procs_warn: 300
 nrpe_procs_crit: 500
 
+ipa_initial: false
 ipa_dm_password: "{{ ipa_prod_dm_password }}"
 ipa_ldap_socket: ldapi://%2fvar%2frun%2fslapd-FEDORAPROJECT-ORG.socket

inventory/host_vars/ipa01.phx2.fedoraproject.org

@@ -8,3 +8,4 @@ volgroup: /dev/vg_guests00
 eth0_ip: 10.5.126.162
 vmhost: virthost15.phx2.fedoraproject.org
 datacenter: phx2
+ipa_initial: true

inventory/host_vars/ipa01.stg.phx2.fedoraproject.org

@@ -8,3 +8,4 @@ volgroup: /dev/vg_guests
 eth0_ip: 10.5.128.136
 vmhost: virthost04.stg.phx2.fedoraproject.org
 datacenter: phx2
+ipa_initial: true

roles/ipa/server/tasks/main.yml

@@ -38,7 +38,7 @@
   tags:
   - ipa/server
   - config
-  when: inventory_hostname.startswith("ipa01")
+  when: ipa_initial
 
 - name: install IPA vault
   command: ipa-kra-install
@@ -49,7 +49,7 @@
   tags:
   - ipa/server
   - config
-  when: inventory_hostname.startswith("ipa01")
+  when: ipa_initial
 
 - name: determine whether we need to set up replication
   stat: path=/etc/ipa/default.conf
@@ -57,31 +57,29 @@
   tags:
   - ipa/server
   - config
-  when: not inventory_hostname.startswith("ipa01")
+  when: not ipa_initial
 
 - name: create replica file
-  delegate_to: ipa01.{{ item }}.fedoraproject.org
+  delegate_to: ipa01.phx2.fedoraproject.org
   command: ipa-replica-prepare
            --password={{ipa_dm_password}}
            --ip-address={{eth0_ip}}
            {{inventory_hostname}}
            creates=/var/lib/ipa/replica-info-{{inventory_hostname}}.gpg
-  with_items: "{{ datacenter }}"
   tags:
   - ipa/server
   - config
-  when: not inventory_hostname.startswith("ipa01") and not replication_status.stat.exists
+  when: not ipa_initial and not replication_status.stat.exists
 
 - name: retrieve replica file
-  delegate_to: ipa01.{{ item }}.fedoraproject.org
+  delegate_to: ipa01.phx2.fedoraproject.org
-  with_items: "{{ datacenter }}"
   fetch: src=/var/lib/ipa/replica-info-{{inventory_hostname}}.gpg
          dest=/tmp/ipa_replica_{{inventory_hostname}}.gpg
          flat=yes
   tags:
   - ipa/server
   - config
-  when: not inventory_hostname.startswith("ipa01") and not replication_status.stat.exists
+  when: not ipa_initial and not replication_status.stat.exists
 
 - name: deploy replica file
   copy: src=/tmp/ipa_replica_{{inventory_hostname}}.gpg
@@ -90,7 +88,7 @@
   tags:
   - ipa/server
   - config
-  when: not inventory_hostname.startswith("ipa01") and not replication_status.stat.exists
+  when: not ipa_initial and not replication_status.stat.exists
 
 - name: destroy replica file on ansible host
   delegate_to: localhost
@@ -98,7 +96,7 @@
   tags:
   - ipa/server
   - config
-  when: not inventory_hostname.startswith("ipa01") and not replication_status.stat.exists
+  when: not ipa_initial and not replication_status.stat.exists
 
 - name: deploy replica
   command: ipa-replica-install
@@ -121,7 +119,7 @@
   tags:
   - ipa/server
   - config
-  when: not inventory_hostname.startswith("ipa01") and not replication_status.stat.exists
+  when: not ipa_initial and not replication_status.stat.exists
 
 - name: Disable rewrites
   copy: src=ipa-rewrite.conf dest=/etc/httpd/conf.d/ipa-rewrite.conf
@@ -137,14 +135,14 @@
   tags:
   - ipa/server
   - config
-  when: inventory_hostname.startswith("ipa01")
+  when: ipa_initial
 
 - name: Run configuration script
   command: /bin/bash /root/configure-ipa.sh {{ipa_admin_password}}
   tags:
   - ipa/server
   - config
-  when: inventory_hostname.startswith("ipa01") and config_deployed.changed
+  when: ipa_initial and config_deployed.changed
 
 - name: Get admin ticket
   shell: echo "{{ipa_admin_password}}" | kinit admin
@@ -153,14 +151,14 @@
   - keytab
   - config
   - krb5
-  when: inventory_hostname.startswith("ipa01")
+  when: ipa_initial
 
 - name: Create fas_sync user
   command: ipa user-add fas_sync --first=FAS --last=Sync
   tags:
   - ipa/server
   - config
-  when: inventory_hostname.startswith("ipa01")
+  when: ipa_initial
   register: create_output
   changed_when: "'already exists' not in create_output.stderr"
   failed_when: "'already exists' not in create_output.stderr and create_output.rc != 0"
@@ -170,7 +168,7 @@
   tags:
   - ipa/server
   - config
-  when: inventory_hostname.startswith("ipa01")
+  when: ipa_initial
   register: promote_output
   changed_when: "'already a member' not in promote_output.stdout"
   failed_when: "'already a member' not in promote_output.stdout and promote_output.rc != 0"
@@ -180,7 +178,7 @@
   tags:
   - ipa/server
   - config
-  when: inventory_hostname.startswith("ipa01")
+  when: ipa_initial
   register: pwpolicy_output
   changed_when: "'no modifications to be performed' not in pwpolicy_output.stderr"
   failed_when: "'no modifications to be performed' not in pwpolicy_output.stderr and pwpolicy_output.rc != 0"
@@ -192,7 +190,7 @@
   - keytab
   - config
   - krb5
-  when: inventory_hostname.startswith("ipa01")
+  when: ipa_initial
 
 - name: Create LDIF directory
   file: path=/root/ldif state=directory owner=root group=root mode=0750
@@ -216,7 +214,7 @@
   with_items:
   - grant_fas_sync
   - use_id_fp_o
-  when: inventory_hostname.startswith("ipa01")
+  when: ipa_initial
   tags:
   - ipa/server
   - config