Hello,
There is an open issue about this: https://github.com/ansible/ansible/issues/25660
You can try ansible-freeipa (https://github.com/freeipa/ansible-freeipa), that has an idempotent ipagroup module.
Regards,
Rafael
On Wed, Mar 4, 2020 at 9:54 AM Monkey Bizness via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
Hello,
I am working to automate my freeipa configuration (parts of it at least) and I hit a strange behavior. I'm not sure if it's a bug or if i'm doing it wrong.
When creating a user group with the ipa_group ansible role (ansible 2.9.5) it works fine if the there are some modifications to perform or if the group doesn't exist. But if I run it another time, the task fails with the message "msg": "response group_mod: no modifications to be performed"
It looks like the task sends a modification request with nothing to modify...
I do not see the same behavior for external groups. The tasks does nothing as expected.
Is it a known issue? Is there a workaround? Am I doing it wrong?
Here is a sample of code that generates the error.
- name: Playbook to configure IPA clients with username/password
hosts: localhost become: true
tasks:
- name: "Create IPA user group"
ipa_group: cn: "ipagroup" external: False state: present validate_certs: False ipa_host: "{{ ipaserver_host }}" ipa_user: "{{ ipaadmin_principal }}" ipa_pass: "{{ ipaadmin_password }}" ...
Thank you Monkey _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...