From 5868f77c539c52120b7b416b132fd3a81ce55e34 Mon Sep 17 00:00:00 2001
From: Aurélien Bompard <aurelien@bompard.org>
Date: Oct 13 2020 15:02:18 +0000
Subject: IPA: fix the new tasks


Signed-off-by: Aurélien Bompard <aurelien@bompard.org>

---

diff --git a/roles/ipa/server/tasks/main.yml b/roles/ipa/server/tasks/main.yml
index 9c29d5f..6e7eb9d 100644
--- a/roles/ipa/server/tasks/main.yml
+++ b/roles/ipa/server/tasks/main.yml
@@ -264,11 +264,6 @@
   - ipa/server
   - config
 
-#- name: Check if we should import or update the certificate profile
-#  stat:
-#    path: /etc/ipa/certprofiles/userCerts.conf
-#  register: st_profile
-
 - name: Copy the certificate profile for users
   template:
     src: userCerts.conf
@@ -289,11 +284,10 @@
   tags:
   - ipa/server
   - config
-  #when: ipa_initial and not st_profile.stat.exists
   when: ipa_initial
-  register: output
-  changed_when: "'Modified profile' in output.stdout"
-  failed_when: "'no modifications to be performed' not in output.stderr and output.rc != 0"
+  register: create_output
+  changed_when: "'already exists' not in create_output.stdout"
+  failed_when: "'already exists' not in create_output.stdout and create_output.rc != 0"
 
 - name: Update the certificate profile
   command:
@@ -307,11 +301,7 @@
   tags:
   - ipa/server
   - config
-  #when: ipa_initial and st_profile.stat.exists
-  when: ipa_initial
-  register: update_output
-  changed_when: "'Modified profile' in output.stdout"
-  failed_when: "'no modifications to be performed' not in output.stderr and output.rc != 0"
+  when: "ipa_initial and 'already exists' in create_output.stdout"
 
 # Create a new ACL linking the new profile and ipausers group (that all users are members of)
 - name: Create the CA ACL for the new certificate profile