[Freeipa-devel] Re: [DESIGN DRAFT] IPA client installation with Ansible

On 08/02/2017 01:36 PM, Florence Blanc-Renaud via FreeIPA-devel wrote: Hi! Thanks for the design. I'd like to share some thoughts. 1. I find it confusing that ipaclient module will just check the domain and realm if it is already configured. I can imagine a situation where an admin modifies the installargs, re-runs the playbook and expects the changes to be applied. Unfortunately, I can't think of a good solution for this. I wouldn't expect this behavior as a user of this module. At the very least, this should be very well documented. 2a. I think ipaclient role should support at least Fedora, RHEL and Debian. Do we know about any distribution specifics besides the different package names? 2b. Since the packages names are different and we have to have distro-specific code anyway, is there any advantage to using the `package` module instead of `dnf`, `yum` and `apt` modules? 3. The ipaclient role state=absent could uninstall the packages by default, but provide a variable to override this behavior. 4. I'd appreciate to see comprehensive documentation of all the options for the modules -- similar to Ansible documentation for modules (e.g. [1]). Some options were mentioned in the text and examples, but I'm not sure whether the list is exhaustive and an overview of all options would be nice. 5. Regarding the minimum version of ipa-client-install: 4.4+ has to be supported, as that's the version in current Fedora and also in Debian. It might be worth investigating how difficult would it be to support the version of ipa-client-install that's in RHEL 6.9. If the complexity is high, I wouldn't support it. [1] - http://docs.ansible.com/ansible/latest/service_module.html -- Tomas Krizek PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869