RedHatTraining/agnosticd.git

run ipa_optimze before visudo validation

Because we use 'validate: visudo -cf %s' when updating sudoers file the
'lineinfile' module timeout.

Do the ipa_optimize.sh before 'visudo -cf'.

This commit fixes:

TASK [/tmp/three-tier-app-08fe/ansible_agnostic_deployer/ansible/roles/bastion-opentlc-ipa : Add opentlc-access ipa group to sudoers.d] ***
Thursday 01 March 2018  07:22:55 -0500 (0:01:26.927)       0:10:39.070 ********
fatal: [ec2-54-207-35-242.sa-east-1.compute.amazonaws.com]: FAILED! => {"msg": "Timeout (12s) waiting for privilege escalation prompt: "}
...ignoring

TASK [/tmp/three-tier-app-08fe/ansible_agnostic_deployer/ansible/roles/bastion-opentlc-ipa : report error] ***
Thursday 01 March 2018  07:23:10 -0500 (0:00:15.234)       0:10:54.305 ********
fatal: [ec2-54-207-35-242.sa-east-1.compute.amazonaws.com]: FAILED! => {"changed": false, "msg": "Unable to update sudoers.d/opentlc-sudoers"}
        to retry, use: --limit @/tmp/three-tier-app-08fe/ansible_agnostic_deployer/ansible/main.retry

			@@ -20,6 +20,15 @@
			- ipa_kerberos_user is defined
			- ipa_kerberos_password is defined

			- name: copy over ipa_optimize.sh script
			copy:
			src: "{{ role_path }}/files/ipa_optimize.sh"
			dest: /opt/ipa_optimize.sh
			owner: root
			group: root
			mode: 0700
			notify: Run ipa_optimize.sh

			- name: Add opentlc-access ipa group to sudoers.d
			lineinfile:
			path: /etc/sudoers.d/opentlc-sudoers
			@@ -36,12 +45,3 @@
			fail:
			msg: Unable to update sudoers.d/opentlc-sudoers
			when: not result\|succeeded

			- name: copy over ipa_optimize.sh script
			copy:
			src: "{{ role_path }}/files/ipa_optimize.sh"
			dest: /opt/ipa_optimize.sh
			owner: root
			group: root
			mode: 0700
			notify: Run ipa_optimize.sh