ipa/client: Add common IPA configuration

The `common.yml` sub-playbook runs tasks necessary for the `hbac.yml`
and `sudo.yml` sub-playbooks, but not specific to either.

Signed-off-by: Nils Philippsen <nils@redhat.com>

roles/ipa/client/tasks/common.yml

@@ -0,0 +1,5 @@
+## Cluster-wide rules
+
+- name: Check that sysadmin-main group exists
+  command: "getent group sysadmin-main"
+  changed_when: False

roles/ipa/client/tasks/hbac.yml

@@ -1,9 +1,5 @@
 ## Cluster-wide rules
 
-- name: Check that sysadmin-main group exists
-  command: "getent group sysadmin-main"
-  changed_when: False
-
 - name: "Give members of group sysadmin-main access to anything, anywhere"
   ipahbacrule:
     name: "usergroup/sysadmin-main"

roles/ipa/client/tasks/main.yml

@@ -22,6 +22,15 @@
     - ipa/client
     - config
 
+- name: Basic configuration for client on IPA cluster
+  delegate_to: "{{ ipa_server }}"
+  import_tasks: common.yml
+  # don't muck with prod for now
+  when: env == 'staging'
+  tags:
+    - ipa/client
+    - config
+
 - name: Configure HBAC on IPA cluster
   delegate_to: "{{ ipa_server }}"
   import_tasks: hbac.yml