diff --git a/inventory/group_vars/all b/inventory/group_vars/all index 15e447a778..7b1a719693 100644 --- a/inventory/group_vars/all +++ b/inventory/group_vars/all @@ -355,6 +355,8 @@ additional_host_keytabs: [] ipa_server: ipa01.iad2.fedoraproject.org ipa_realm: FEDORAPROJECT.ORG ipa_admin_password: "{{ ipa_prod_admin_password }}" +# Let this become "ipa" at some point +primary_auth_source: fas # Normal default sshd port is 22 sshd_port: 22 diff --git a/inventory/group_vars/staging b/inventory/group_vars/staging index 79e35ac99a..4a414c6e34 100644 --- a/inventory/group_vars/staging +++ b/inventory/group_vars/staging @@ -26,3 +26,5 @@ deployment_type: stg ipa_server: ipa01.stg.iad2.fedoraproject.org ipa_realm: STG.FEDORAPROJECT.ORG ipa_admin_password: "{{ ipa_stg_admin_password }}" +# RIP, FAS +primary_auth_source: ipa diff --git a/roles/ipa/client/tasks/prepare-ipa-info.yml b/roles/ipa/client/tasks/prepare-ipa-info.yml index cf8df73849..5686ee9dc9 100644 --- a/roles/ipa/client/tasks/prepare-ipa-info.yml +++ b/roles/ipa/client/tasks/prepare-ipa-info.yml @@ -1,5 +1,10 @@ --- # NOTE: configuration is based on host groups, i.e. set the ipa_* vars only in group_vars +# +# NOTE^2: This will be "active" if only one host with the role is in the play, so we need to filter +# on something, this something is the `primary_auth_source` variable which can be either +# `fas` or `ipa`. Only hosts that have it set to `ipa` should be listed in the following +# variables. # Thanks to having two environments, staging and prod, this has to deal with the "responsible" IPA # server for individual hosts. @@ -82,7 +87,12 @@ }} ipa_servers: "{{ ipa_servers | default([]) | union([hostvars[item]['ipa_server']]) }}" loop: "{{ ansible_play_hosts }}" - when: hostvars[item]['ipa_server'] is defined and hostvars[item]['ipa_host_group'] is defined + when: >- + (hostvars[item]['primary_auth_source'] | default("fas")) == "ipa" + and + hostvars[item]['ipa_server'] is defined + and + hostvars[item]['ipa_host_group'] is defined # ipa_server_host_groups -> # [