From b8515e6bcecdf27495d2eacfcc8cb0ce94ac75da Mon Sep 17 00:00:00 2001
From: Mark O'Brien <markobri@redhat.com>
Date: Thu, 15 Apr 2021 14:44:37 +0100
Subject: [PATCH] ipa: add script to check which sysadmins do not have otp
 tokens

---
 roles/ipa/server/tasks/main.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/roles/ipa/server/tasks/main.yml b/roles/ipa/server/tasks/main.yml
index 8f688332dd..ecdea31ccd 100644
--- a/roles/ipa/server/tasks/main.yml
+++ b/roles/ipa/server/tasks/main.yml
@@ -629,3 +629,14 @@
   copy:
     src: data-only-backup
     dest: "/etc/cron.d/data-only-backup"
+
+- name: Ensure python dep is present
+  pip:
+    name: python-freeipa
+
+- name: Copy file for checking if sysadmins have otp set
+  template:
+    src: check_sysadmin_otp.py.j2
+    dest: /root
+    owner: root
+    group: root