---
- name: install ipsilon (if this task fails, run kinit as root)
  command: ipsilon-server-install --hostname {{ ipsilon.hostname }} --ipa yes --openidc yes --admin-user {{ ipsilon.admin_user }} --info-sssd=yes --form=yes --root-instance
  args:
    creates: /etc/ipsilon/root
- name: fix permissions
  command: chown -R ipsilon:ipsilon /var/lib/ipsilon/ /etc/ipsilon/
- name: create public host
  shell: ipa host-find {{ ipsilon.hostname }} || ipa host-add {{ ipsilon.hostname }}
- name: create public service
  shell: ipa service-find HTTP/{{ ipsilon.hostname }} || ipa service-add HTTP/{{ ipsilon.hostname }}
- name: add public service to keytab
  shell: klist -k /etc/httpd/conf/http.keytab | grep HTTP/{{ ipsilon.hostname }} || ipa-getkeytab -p HTTP/{{ ipsilon.hostname }} -k /etc/httpd/conf/http.keytab
- name: restart httpd
  service:
    name: httpd
    state: restarted