{% set hostname=grains['host'] %}
{% set ip=grains['fqdn_ip4'][0] %}
freeipa_sshpass:
  pkg.installed:
    - name: sshpass

set_salt_ipa_password:
  environ.setenv:
    - name: SALT_PASSWORD
    - value: "{%- include 'secure/passwords/ipa_salt_password.txt' -%}"

create_host:
  cmd.run:
    - name: 'sshpass -p $SALT_PASSWORD ssh salt@ipa.actcur.com -oStrictHostKeyChecking=no "rm {{hostname}}.keytab;echo $SALT_PASSWORD | kinit salt;ipa host-add --force --ip-address={{ip}} {{hostname}}.actcur.com --class=server; ipa host-allow-create-keytab {{hostname}}.actcur.com --groups server_enroller;/usr/sbin/ipa-getkeytab -s ipa.actcur.com -p host/{{hostname}}.actcur.com -k ./{{hostname}}.keytab"'

grab_keytab:
  cmd.run:
    - name: 'sshpass -p $SALT_PASSWORD scp -oStrictHostKeyChecking=no salt@ipa.actcur.com:./{{hostname}}.keytab /etc/krb5.keytab'

delete_keytab:
    cmd.run:
      - name: 'sshpass -p $SALT_PASSWORD ssh salt@ipa.actcur.com -oStrictHostKeyChecking=no "rm {{hostname}}.keytab;"'

unset_salt_ipa_password:
  environ.setenv:
    - name: SALT_PASSWORD
    - value: "False"
    - false_unsets: true

freeipa_setup_sssd_service_down:
  service.dead:
    - name: sssd

freeipa_setup_sssd_service:
  service.running:
    - name: sssd
    - enable: true

freeipa_setup_nscd_service_down:
  service.dead:
    - name: nscd

freeipa_setup_nscd_service:
  service.running:
    - name: nscd
    - enable: true