- delegate_to: '{{ groups[''Undercloud''] | first }}'
  name: Get undercloud FQDN
  set_fact:
    undercloud_fqdn: '{{ ansible_facts[''fqdn''] }}'
- include_role:
    apply:
      delegate_to: '{{ groups[''Undercloud''] | first }}'
      environment:
        IPA_HOST: ipa.ooo.test
        IPA_USER: nova/{{ undercloud_fqdn }}
        KRB5CCNAME: /etc/novajoin/krb5.cache
        KRB5_CLIENT_KTNAME: FILE:/etc/novajoin/krb5.keytab
    name: tripleo_ipa_registration
  vars:
    tripleo_ipa_base_server_fqdn: '{{ fqdn_canonical }}'
    tripleo_ipa_delegate_server: '{{ inventory_hostname }}'
    tripleo_ipa_enroll_base_server: true
    tripleo_ipa_server_metadata: '{{ service_metadata_settings | to_json }}'
  when: '''ipaservice'' in group_names and ''excluded_overcloud'' not in group_names'
- block:
  - name: check if default.conf exists
    register: ipa_conf_exists
    stat:
      path: /etc/ipa/default.conf
  - become: true
    name: install openssl-perl
    package:
      name: openssl-perl
      state: present
    when:
    - ipaclient_install_packages|bool
  - include_role:
      apply:
        become: true
      name: ipaclient
    name: register as an ipa client
    vars:
      ansible_distribution: '{{ ansible_facts[''distribution''] }}'
      ansible_distribution_major_version: '{{ ansible_facts[''distribution_major_version'']
        }}'
      ansible_distribution_release: '{{ ansible_facts[''distribution_release''] }}'
      ansible_distribution_version: '{{ ansible_facts[''distribution_version''] }}'
      ansible_fqdn: '{{ ipaclient_hostname }}'
      ansible_os_family: '{{ ansible_facts[''os_family''] }}'
      ipaclient_domain: ooo.test
      ipaclient_force: true
      ipaclient_hostname: '{{ fqdn_canonical }}'
      ipaclient_mkhomedir: false
      ipaclient_no_ntp: false
      ipaclient_otp: '{{ ipa_host_otp }}'
      ipaclient_servers:
      - ipa.ooo.test
      ipaclients:
      - ipaclient_hostname
      state: present
    when:
    - idm_enroll_base_server|bool
    - not ipa_conf_exists.stat.exists
  - become: true
    name: restart certmonger service
    systemd:
      daemon_reload: true
      name: certmonger.service
      state: restarted
    when:
    - idm_enroll_base_server|bool
    - not ipa_conf_exists.stat.exists
  - name: set discovered ipa realm
    set_fact:
      idm_realm: '{{ lookup(''ini'', ''realm default=OOO.TEST section=global file=/etc/ipa/default.conf'')}}'
  name: Enroll the node as an ipa client
  vars:
    idm_enroll_base_server: true
    ipaclient_install_packages: false
  when: '''ipaservice'' in group_names and ''excluded_overcloud'' not in group_names'