Don't execute deployment roles if packages are not installed

rjeffman · rjeffman · commit f0289932e705 · 2025-07-14T21:37:36.000-03:00
When running the deployment roles, if packages are not installed, an
error of a missing module is shown, which is confusing to users.

By ensuring that either installation or uninstallation only work if a
minimal set of tools is available allows to provide a meaningful message
and let users act on the environment.

For installation, if ipa-server/client-install is not available, the
installation is aborted with a meaningful error. For uninstallation, we
assume that IPA is not installed and gently finish the process with no
errors.

Signed-off-by: Rafael Guterres Jeffman &lt;rjeffman@redhat.com&gt;
diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml
@@ -7,6 +7,19 @@
     state: present
   when: ipaclient_install_packages | bool
 
+- name: Check package availability
+  when: not (ipaclient_install_packages | bool)
+  block:
+    - name: Install - Check package installation
+      ansible.builtin.stat:
+        path: /usr/sbin/ipa-client-install
+      register: __ipa_client_install_available
+
+    - name: Install - Abort installation due to missing packages
+      ansible.builtin.fail:
+        msg: "IPA client packages missing or corrupted"
+      when: not __ipa_client_install_available.stat.exists
+
 - name: Install - Set ipaclient_servers
   ansible.builtin.set_fact:
     ipaclient_servers: "{{ groups['ipaservers'] | list }}"
diff --git a/roles/ipaclient/tasks/uninstall.yml b/roles/ipaclient/tasks/uninstall.yml
@@ -1,17 +1,25 @@
 ---
 # tasks to uninstall IPA client
 
-- name: Uninstall - Uninstall IPA client
-  ansible.builtin.command: >
-    /usr/sbin/ipa-client-install
-    --uninstall
-    -U
-  register: uninstall
-  # 2 means that uninstall failed because IPA client was not configured
-  failed_when: uninstall.rc != 0 and uninstall.rc != 2
-  changed_when: uninstall.rc == 0
+- name: Uninstall - Check if ipa-client-install is present
+  ansible.builtin.stat:
+    path: /usr/sbin/ipa-client-install
+  register: __ipa_client_install_available
 
-- name: Uninstall - Unconfigure DNS resolver
-  ipaclient_configure_dns_resolver:
-    state: absent
-  when: ipaclient_cleanup_dns_resolver | bool
+- name: Uninstall - Perform uninstall
+  when: __ipa_client_install_available.stat.exists
+  block:
+  - name: Uninstall - Uninstall IPA client
+    ansible.builtin.command: >
+      /usr/sbin/ipa-client-install
+      --uninstall
+      -U
+    register: uninstall
+    # 2 means that uninstall failed because IPA client was not configured
+    failed_when: uninstall.rc != 0 and uninstall.rc != 2
+    changed_when: uninstall.rc == 0
+
+  - name: Uninstall - Unconfigure DNS resolver
+    ipaclient_configure_dns_resolver:
+      state: absent
+    when: ipaclient_cleanup_dns_resolver | bool
diff --git a/roles/ipareplica/tasks/install.yml b/roles/ipareplica/tasks/install.yml
@@ -28,6 +28,19 @@
       state: present
     when: ipareplica_setup_firewalld | bool
 
+- name: Check package availability
+  when: not (ipareplica_install_packages | bool)
+  block:
+    - name: Install - Check package installation
+      ansible.builtin.stat:
+        path: /usr/sbin/ipa-server-install
+      register: __ipa_replica_install_available
+
+    - name: Install - Abort installation due to missing packages
+      ansible.builtin.fail:
+        msg: "IPA server packages missing or corrupted"
+      when: not __ipa_replica_install_available.stat.exists
+
 - name: Firewall configuration
   when: ipareplica_setup_firewalld | bool
   block:
diff --git a/roles/ipaserver/tasks/install.yml b/roles/ipaserver/tasks/install.yml
@@ -27,6 +27,18 @@
       state: present
     when: ipaserver_setup_firewalld | bool
 
+- name: Check package availability
+  when: not (ipaserver_install_packages | bool)
+  block:
+    - name: Install - Check package installation
+      ansible.builtin.stat:
+        path: /usr/sbin/ipa-server-install
+      register: __ipa_server_install_available
+
+    - name: Install - Abort installation due to missing packages
+      ansible.builtin.fail:
+        msg: "IPA server packages missing or corrupted"
+      when: not __ipa_server_install_available.stat.exists
 
 - name: Install - Firewall configuration
   when: ipaserver_setup_firewalld | bool
diff --git a/roles/ipaserver/tasks/uninstall.yml b/roles/ipaserver/tasks/uninstall.yml
@@ -42,6 +42,11 @@
     when: ipaserver_remove_on_server is defined or
           result_get_connected_server.server is defined
 
+- name: Uninstall - Check if ipa-server-install is present
+  ansible.builtin.stat:
+    path: /usr/sbin/ipa-server-install
+  register: __ipa_server_install_available
+
 - name: Uninstall - Uninstall IPA server
   ansible.builtin.command: >
     /usr/sbin/ipa-server-install
@@ -54,3 +59,4 @@
   # 1 means that uninstall failed because IPA server was not configured
   failed_when: uninstall.rc != 0 and uninstall.rc != 1
   changed_when: uninstall.rc == 0
+  when: __ipa_server_install_available.stat.exists
