| |
@@ -93,19 +93,25 @@
|
| |
- ipa/server
|
| |
- config
|
| |
|
| |
- # ipactl status has return code > 0 when the IPA is not set up yet
|
| |
- # even if the client is already installed
|
| |
- # Previously we checked in /etc/ipa/default.conf exists, but this
|
| |
- # is already created in ipa/client role so the replica never
|
| |
- # started
|
| |
- - name: determine whether we need to set up replication
|
| |
- shell: ipactl status
|
| |
- register: replication_status
|
| |
- ignore_errors: true
|
| |
+ # During the ipa-replica-install /var/log/ipainstall.log is created
|
| |
+ # Let's check if the file is available and prevent breaking replica
|
| |
+ # by running ipa-replica-install more than once
|
| |
+ - name: Check if /var/log/ipainstall.log is available
|
| |
+ ansible.builtin.stat:
|
| |
+ path: /var/log/ipainstall.log
|
| |
+ register: replica_check
|
| |
+ tags:
|
| |
+ - ipa/server
|
| |
+ - config
|
| |
+
|
| |
+ - name: ask admin if they are ok reinstalling this ipa server replica
|
| |
+ ansible.builtin.pause:
|
| |
+ prompt: "Looks like this replica should be reinstalled, are you sure you want to do that? (yes/no)"
|
| |
+ when: not ipa_initial and (not replica_check.stat.exists)
|
| |
+ register: confirm_replica
|
| |
tags:
|
| |
- ipa/server
|
| |
- config
|
| |
- when: not ipa_initial
|
| |
|
| |
- name: configure replication
|
| |
block:
|
| |
@@ -136,7 +142,7 @@
|
| |
--server={{ipa_server}}
|
| |
--dirsrv-config-file=/root/ldif/replica-install.ldif
|
| |
when: ansible_distribution_major_version|int >= 8
|
| |
- when: not ipa_initial and replication_status.rc > 0
|
| |
+ when: (confirm_replica is defined) and (confirm_replica.user_input | bool)
|
| |
tags:
|
| |
- ipa/server
|
| |
- config
|
| |
As found on in https://pagure.io/fedora-infrastructure/issue/12149 the current
method of checking if the ipa-replica-install have to be executed is not
reliable enough.
Let's instead check for log file that is created during the installation. This
will need manual intervention in case the ipa-replica-install needs to be run
again, but it will be much more reliable otherwise.
Signed-off-by: Michal Konecny mkonecny@redhat.com