zlopez / fedora-infra / ansible

Forked from fedora-infra/ansible 2 years ago
Clone

c253054 ipa/client: Ignore hosts still hooked up with FAS

3 files Authored by nphilipp 3 years ago, Committed by smooge 3 years ago,
    ipa/client: Ignore hosts still hooked up with FAS
    
    This is necessary because:
    
    - The ipa/client role is pulled in if only one host is in the play which
      uses it.
    - The prepare-ipa-info tasks operate on all hosts in the play in order
      to gather together operations on the IPA server which would otherwise
      be (potentially, unnecessarily) repeated for many hosts in the play
      and which have to be serialized to avoid race conditions when changing
      data in IPA.
    
    For now, we set `primary_auth_source` to `fas` for `all`, and to `ipa`
    for the `staging` group. We can set this to `ipa` for individual host
    groups in prod to enable this piece meal while we roll out the change.
    
    Fixes: https://pagure.io/fedora-infrastructure/issue/9674
    
    Signed-off-by: Nils Philippsen <nils@redhat.com>
    
        
file modified
+2 -0
file modified
+2 -0