Revert "Use the new modules"

The version of ansible-freeipa we have does not have the new modules yet. This reverts commit dad2290c7f.
2020-10-21 16:39:40 +02:00 · 2020-10-21 16:39:40 +02:00 · dc9ad4da3f
commit dc9ad4da3f
parent dad2290c7f
1 changed files with 52 additions and 38 deletions
--- a/roles/ipa/server/tasks/main.yml
+++ b/roles/ipa/server/tasks/main.yml
@ -356,15 +356,6 @@
  when: ipa_initial
  register: output

- name: Destroy admin ticket
-  command: kdestroy -A
-  tags:
-  - ipa/server
-  - keytab
-  - config
-  - krb5
-  when: ipa_initial
-
 # Noggin user setup

 - name: Register the proper noggin admin password
@ -391,57 +382,80 @@
  when: ipa_initial

 - name: Create the noggin privilege
-  ipaprivilege:
-    name: Self-service Portal Administrators
-    description: Noggin admin users
-    ipaadmin_password: "{{ ipa_admin_password }}"
+  command:
+    argv:
+      - ipa
+      - privilege-add
+      - Self-service Portal Administrators
+      - --desc=Noggin admin users
  tags:
  - ipa/server
  - config
  when: ipa_initial
+  register: output
+  changed_when: "'already exists' not in output.stderr"
+  failed_when: "'already exists' not in output.stderr and output.rc != 0"

 - name: Setup the noggin privilege
-  ipaprivilege:
-    name: Self-service Portal Administrators
-    permission:
-    - "System: Modify Users"
-    - "System: Change User password"
-    - "System: Add Stage User"
-    - "System: Read Stage Users"
-    - "System: Modify Stage User"
-    - "System: Modify User RDN"
-    - "System: Remove Stage User"
-    - "System: Add Users"
-    - "System: Add User to default group"
-    action: member
-    ipaadmin_password: "{{ ipa_admin_password }}"
+  command:
+    argv:
+      - ipa
+      - privilege-add-permission
+      - Self-service Portal Administrators
+      - "--permissions=System: Modify Users"
+      - "--permissions=System: Change User password"
+      - "--permissions=System: Add Stage User"
+      - "--permissions=System: Read Stage Users"
+      - "--permissions=System: Modify Stage User"
+      - "--permissions=System: Modify User RDN"
+      - "--permissions=System: Remove Stage User"
+      - "--permissions=System: Add Users"
+      - "--permissions=System: Add User to default group"
+  tags:
+  - ipa/server
+  - config
+  when: ipa_initial
+  register: output
+  changed_when: "'Number of permissions added 0' not in output.stdout"
+  failed_when: "'Number of permissions added 0' not in output.stdout and output.rc != 0"
+
+- name: Create the noggin role
+  ipa_role:
+    name: "Self-service Portal Administrator"
+    description: "Noggin admin user"
+    privilege:
+    - "Self-service Portal Administrators"
+    user:
+    - noggin
+    ipa_host: localhost
+    ipa_user: admin
+    ipa_pass: "{{ipa_admin_password}}"
+    validate_certs: no
  tags:
  - ipa/server
  - config
  when: ipa_initial

- name: Create the noggin role
-  iparole:
-    name: "Self-service Portal Administrator"
-    description: "Noggin admin user"
-    user:
-    - noggin
-    privilege:
-    - "Self-service Portal Administrators"
-    ipaadmin_password: "{{ ipa_admin_password }}"
+- name: Destroy admin ticket
+  command: kdestroy -A
  tags:
  - ipa/server
+  - keytab
  - config
+  - krb5
  when: ipa_initial


 - name: Set the members of the admin group
-  ipagroup:
+  ipa_group:
    name: admins
    user:
    - admin
    - fas_sync
-    ipaadmin_password: "{{ ipa_admin_password }}"
+    ipa_host: localhost
+    ipa_user: admin
+    ipa_pass: "{{ipa_admin_password}}"
+    validate_certs: no
  tags:
  - ipa/server
  - config