move freeipa validation back to validate task

sjpb · sjpb · commit 40b6cff8dd8a · 2023-11-01T10:18:31.000Z
diff --git a/ansible/roles/freeipa/tasks/server.yml b/ansible/roles/freeipa/tasks/server.yml
@@ -1,32 +1,5 @@
 # Based on https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/installing_identity_management/preparing-the-system-for-ipa-server-installation_installing-identity-management#host-name-and-dns-requirements-for-ipa_preparing-the-system-for-ipa-server-installation
 
-- name: Get hostname as reported by command
-  command: hostname
-  register: _freeipa_validate_hostname
-  changed_when: false
-
-- name: Ensure hostname is fully-qualified
-  # see section 2.7 of redhat guide to installing identity management
-  assert:
-    that: _freeipa_validate_hostname.stdout | split('.') | length >= 3
-    fail_msg: "freeipa_server hostname '{{ _freeipa_validate_hostname.stdout }}' is not fully-qualified (a.b.c)"
-
-- name: Check for virtual servers in httpd configuration of freeipa_server
-  # e.g. fatimage with OOD config; community.general.ipa_host fails with "401 Unauthorized: No session cookie found"
-  # https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/7RH7XDFR35KDPYJ7AQCQI2H2EOWIZCWA/
-  find:
-    path: /etc/httpd/conf.d/
-    contains: '<VirtualHost'
-    read_whole_file: false
-    pattern: '*.conf'
-  register: _find_httpd_conf
-
-- name: Assert no other name-based virtual servers on freeipa_server
-  assert:
-    that: item.path == '/etc/httpd/conf.d/ssl.conf' # this one is OK
-    fail_msg: "freeipa_server host must not have other virtual servers defined: see {{ item.path }}"
-  loop: "{{ _find_httpd_conf.files }}"
-
 - name: Install freeipa server packages
   dnf:
     name: '@idm:DL1/dns'
diff --git a/ansible/roles/freeipa/tasks/validate.yml b/ansible/roles/freeipa/tasks/validate.yml
@@ -1,3 +1,34 @@
+- name: Get hostname as reported by command
+  command: hostname
+  register: _freeipa_validate_hostname
+  changed_when: false
+  when: "'freeipa_server' in group_names"
+
+- name: Ensure hostname is fully-qualified
+  # see section 2.7 of redhat guide to installing identity management
+  assert:
+    that: _freeipa_validate_hostname.stdout | split('.') | length >= 3
+    fail_msg: "freeipa_server hostname '{{ _freeipa_validate_hostname.stdout }}' is not fully-qualified (a.b.c)"
+  when: "'freeipa_server' in group_names"
+
+- name: Check for virtual servers in httpd configuration of freeipa_server
+  # e.g. fatimage with OOD config; community.general.ipa_host fails with "401 Unauthorized: No session cookie found"
+  # https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/7RH7XDFR35KDPYJ7AQCQI2H2EOWIZCWA/
+  find:
+    path: /etc/httpd/conf.d/
+    contains: '<VirtualHost'
+    read_whole_file: false
+    pattern: '*.conf'
+  register: _find_httpd_conf
+  when: "'freeipa_server' in group_names"
+
+- name: Assert no other name-based virtual servers on freeipa_server
+  assert:
+    that: item.path == '/etc/httpd/conf.d/ssl.conf' # this one is OK
+    fail_msg: "freeipa_server host must not have other virtual servers defined: see {{ item.path }}"
+  loop: "{{ _find_httpd_conf.files }}"
+  when: "'freeipa_server' in group_names"
+
 - name: Ensure control node has persistent storage defined
   assert:
     that: "{{ 'appliances_state_dir' in hostvars[groups['control'] | first ] }}"
