parent: a77c7414 | patch | commit | ignore whitespace
Guillaume Coré
2017-11-14 40ddad91b43133bd55bfb3f587c05224bfd653eb 
restart sssd: add a do-until block
1 files modified
29 ■■■■■ changed files
ansible/roles/bastion-opentlc-ipa/tasks/main.yml 29 ●●●●● patch | view | raw | blame | history 
 ansible/roles/bastion-opentlc-ipa/tasks/main.yml


@@ -13,16 +13,27 @@


  shell: "/usr/sbin/ipa-client-install --domain=OPENTLC.COM -w {{ipa_host_password}} -N -U --mkhomedir --no-dns-sshfp --hostname={{bastion_public_dns_chomped}}"




# quick fix for sssd


# TODO: test /usr/bin/sss_ssh_authorizedkeys $username


# if it works, then no need to restart


- name: Wait before restarting sssd


  pause:


    seconds: 5


- name: check IPA authorized_key


  command: /usr/bin/sss_ssh_authorizedkeys jenkins-sfo01


  register: output_sss


  changed_when: false


  ignore_errors: true




- name: Restart sssd


  service:


    name: sssd


    state: restarted


- name: restart until IPA is working


  until: output_sss | succeeded


  retries: 10


  delay: 20


  block:


  - name: Restart sssd


    service:


      name: sssd


      state: restarted




  - name: check IPA authorized_key


    command: /usr/bin/sss_ssh_authorizedkeys jenkins-sfo01


    register: output_sss


    changed_when: false


    ignore_errors: true




- name: Add opentlc-access ipa group to sudoers.d


  lineinfile: