---
# Configures an IPA client for the Rocky infrastructure

- name: Configure IPA client
  hosts: ipaclients
  become: true
  vars_files:
  - vars/encpass.yml
  - vars/ipaclient.yml

  pre_tasks:
    - name: Check if ansible cannot be run here
      stat:
        path: /etc/no-ansible
      register: no_ansible

    - name: Verify if we can run ansible
      assert:
        that:
          - "not no_ansible.stat.exists"
        msg: "/etc/no-ansible exists - skipping run on this node"

#    - name: Check if we can see LDAP srv records


  roles:
    - role: freeipa.ansible_freeipa.ipaclient
      state: present

  post_tasks:
    - name: Touching run file that ansible has ran here
      file:
        path: /var/log/ansible.run
        state: touch
        mode: '0644'
        owner: root
        group: root