From 593d3c8ce11128912ef6b4746c3a8747e5a91175 Mon Sep 17 00:00:00 2001
From: Grzegorz Grasza <xek@redhat.com>
Date: Mon, 4 May 2020 14:57:30 +0200
Subject: [PATCH] Make sure IdMServer is optional

When IPA_HOST is an empty string, the ansible module doesn't
fallback on DNS. The environment variable must be not defined,
if the value is an empty string. This might be fixed in a future:
https://github.com/ansible-collections/community.general/pull/241
This change also adds a note to the description, because in case
the server is provided, the domain is required:
https://pagure.io/freeipa/issue/3912

Change-Id: Idf38c234e50442aed082d9a0ebbd488344d50a90
---
 .../ipa/ipaservices-baremetal-ansible.yaml     | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/deployment/ipa/ipaservices-baremetal-ansible.yaml b/deployment/ipa/ipaservices-baremetal-ansible.yaml
index 0c6b00146f..30eb17f778 100644
--- a/deployment/ipa/ipaservices-baremetal-ansible.yaml
+++ b/deployment/ipa/ipaservices-baremetal-ansible.yaml
@@ -43,7 +43,8 @@ parameters:
     type: string
   IdMServer:
     default: ''
-    description: FQDN for the FreeIPA server.  Typically, this is discovered
+    description: FQDN for the FreeIPA server.  If you set this value, IdMDomain
+                 also has to be provided.  Typically, this is discovered
                  through DNS and does not have to set explicitly.
     type: string
   IdMNovaKeytab:
@@ -72,6 +73,11 @@ parameters:
     description:  The level by which the PTR DNS record is split when creating zones.
     type: string
 
+conditions:
+  idm_server_provided:
+    not:
+      equals: [{get_param: IdMServer}, ""]
+
 outputs:
   role_data:
     description: Role data for the ipaservice service
@@ -97,9 +103,13 @@ outputs:
                 tripleo_ipa_ptr_zone_split_ipv4: {get_param: IdMZoneSplitIPv4}
                 tripleo_ipa_ptr_zone_split_ipv6: {get_param: IdMZoneSplitIPv6}
           environment:
-            IPA_HOST: {get_param: IdMServer}
-            IPA_USER: "nova/{{ ansible_fqdn }}"
-            KRB5_CLIENT_KTNAME: {get_param: IdMNovaKeytab}
+            if:
+              - idm_server_provided
+              - IPA_HOST: {get_param: IdMServer}
+                IPA_USER: "nova/{{ ansible_fqdn }}"
+                KRB5_CLIENT_KTNAME: {get_param: IdMNovaKeytab}
+              - IPA_USER: "nova/{{ ansible_fqdn }}"
+                KRB5_CLIENT_KTNAME: {get_param: IdMNovaKeytab}
       deploy_steps_tasks:
         - name: enroll the node as an ipa client
           when: step|int == 1