From 623e2ba9c2cfe3e5967f8eb8dc0bc87403a488a4 Mon Sep 17 00:00:00 2001
From: Andrey Limachko <liannnix@altlinux.org>
Date: Mon, 11 Apr 2022 22:46:10 +0400
Subject: [PATCH] kerberos5: Small refactore

---
 roles/kerberos5/tasks/main.yml   | 8 +++++---
 roles/kerberos5/tasks/master.yml | 6 ++++++
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/roles/kerberos5/tasks/main.yml b/roles/kerberos5/tasks/main.yml
index 1dd13d5..9eb1e5d 100644
--- a/roles/kerberos5/tasks/main.yml
+++ b/roles/kerberos5/tasks/main.yml
@@ -15,6 +15,7 @@
     register:
       altlinux_openresolv_status
     failed_when: False
+    changed_when: False
 
   - set_fact:
       altlinux_openresolv_exists: "{{ altlinux_openresolv_status.rc != 3 }}"
@@ -36,9 +37,10 @@
       group: root
       mode: 0644
 
-  - name: set hostname (non permanent)
-    shell: hostname "{{inventory_hostname_short}}.{{krb5_realm}}"
-    changed_when: false
+  - name: set hostname
+    ansible.builtin.hostname:
+      name: "{{ inventory_hostname_short  }}.{{ krb5_realm }}"
+      use: systemd
 
 - name: Deploy Kerberos 5 server
   include_tasks: master.yml
diff --git a/roles/kerberos5/tasks/master.yml b/roles/kerberos5/tasks/master.yml
index 8c8620a..4dd504d 100644
--- a/roles/kerberos5/tasks/master.yml
+++ b/roles/kerberos5/tasks/master.yml
@@ -52,10 +52,16 @@
     group: root
     mode: 0600
 
+- name: Check Kerberos 5 admin principal
+  shell: "kadmin.local listprincs admin/admin"
+  register: admin_principal_state
+  changed_when: False
+
 # Then we need at least one principal with administrative privileges
 # in order to work with Kerberos database via `kadmin` daemon.
 - name: Create Kerberos 5 admin principal
   shell: "kadmin.local -q 'addprinc -pw {{ krb5_admin_pass }} admin/admin@{{ krb5_realm | upper }}'"
+  when: admin_principal_state is success and admin_principal_state.stdout | length == 0
 
 # Start krb5kdc finally
 - name: Enable and start krb5kdc