Updated network ipaclient network settings do not propagate

[jabl]

When updating the ipaclient settings, e.g. adding another DNS server, and rerunning the playbook, the updated settings aren't applied. The reason seems to be that ansible-freeipa only checks that the file /etc/NetworkManager/conf.d/zzz-ipa.conf exists and not that the contents reflect the variables defined in ansible. E.g. for the DNS setting, https://github.com/freeipa/ansible-freeipa/blob/cf779e43bb8aa6c244d4daefa3d58e81577c10bc/roles/ipaclient/library/ipaclient_configure_dns_resolver.py#L198

(IIRC we saw the same issue with some other setting (DNS domain maybe), so it's not only the list of DNS servers, but I no longer remember exactly what it was)

[rjeffman]

The deployment roles are not idempotent, you should not re-run the playbook to update settings.

Did the deployment failed and you had to try it again? If that's the case, you should "undeploy" and then deploy it again.

If it is to change the settings on a fully deployed IPA client, I'd suggest using some plugin that deal with Network Manager, as the network Linux System Role

[t-woerner]

For ipaclient role, you can enable ipaclient_allow_repair. This will try to repair and apply configuration changes.

[jabl]

Yes, we do have ipaclient_allow_repair enabled. Unfortunately it didn't help with this particular issue.

[t-woerner]

It seems you found a bug.

[t-woerner]

That was the wrong issue :-)