- name: Install ipa-client
  package: name=ipa-client state=present

- name: "Check if ipa is already configured"
  shell: "grep {{ ands_domain }} /etc/krb5.conf"
  register: ipa_check
  changed_when: ipa_check is failed
  failed_when: false

- name: "Read FQDN"
  command: "cat /etc/hostname"
  register: hostname
  changed_when: false

- name: "Configure ipa"
  command: "/usr/sbin/ipa-client-install  -p admin  -w {{ config.ands_idm_admin_password | quote }} --hostname={{ hostname.stdout }} --domain={{ ands_domain }} --server={{ ands_idm_server }} --enable-dns-updates --mkhomedir --request-cert  --unattended"
  when: 
    - ipa_check.rc != 0

# This may break krb authentication for users with exsiting tickets all together until idm server is restarted  
- name: "Enable hostname canonicalization"
  lineinfile: path="/etc/krb5.conf" regexp="dns_canonicalize_hostname" line="  dns_canonicalize_hostname = true" state="present"
  notify:
    - restart sssd