WAS SSO configuration not idempontent

[marde16]

As an admin I ran the following playbooks to implement a staging envrionment with a already exsiting LDAP server.

ansible-playbook -i environments/examples/cnx8/db2/inventory_examples/cnx8/db2.ini playbooks/third_party/setup-database.yml
ansible-playbook -i environments/examples/cnx8/db2/inventory_examples/cnx8/db2.ini playbooks/third_party/setup-nfs.yml
ansible-playbook -i environments/examples/cnx8/db2/inventory_examples/cnx8/db2.ini playbooks/hcl/setup-connections-wizards.yml
ansible-playbook -i environments/examples/cnx8/db2/inventory_examples/cnx8/db2.ini playbooks/third_party/setup-tdi.yml
ansible-playbook -i environments/examples/cnx8/db2/inventory_examples/cnx8/db2.ini playbooks/third_party/setup-webspherend.yml
ansible-playbook -i environments/examples/cnx8/db2/inventory_examples/cnx8/db2.ini playbooks/hcl/setup-connections-only.yml
ansible-playbook -i environments/examples/cnx8/db2/inventory_examples/cnx8/db2.ini playbooks/hcl/connections-post-install.yml

After the playbooks are finished and the Connections environment was tested successfully, I ran the playbook for the docs deploymenent, which failed with the following error because about a broken restart of the IHS server.

TASK [was-dmgr-config-add-cert-truststore : Add connections.mydomain.com certificate to cell scope truststore] ***************************************************************
FAILED - RETRYING: Add connections.mydomain.com certificate to cell scope truststore (5 retries left).
FAILED - RETRYING: Add connections.mydomain.com certificate to cell scope truststore (4 retries left).
FAILED - RETRYING: Add connections.mydomain.com certificate to cell scope truststore (3 retries left).
FAILED - RETRYING: Add connections.mydomain.com certificate to cell scope truststore (2 retries left).
FAILED - RETRYING: Add connections.mydomain.com certificate to cell scope truststore (1 retries left).
fatal: [dmgr.mydomain.com -> dmgr.mydomain.com]: FAILED! => {"attempts": 5, "changed": false, "cmd": ["/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/wsadmin.sh", "-lang", "jython", "-port", "8879", "-username", "wasadmin", "-password", "password", "-f", "/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/add_trust_signer_cert.py"], ....... "WASX7017E: Exception received while running file "/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/add_trust_signer_cert.py"; exception information: com.ibm.websphere.management.cmdframework.CommandException", "java.net.ConnectException: java.net.ConnectException: Connection refused (Connection refused)"]}

On this step the docs playbook failed:

connections-automation/roles/hcl/docs/tasks/main.yml

Lines 65 to 71 in 84b57ec

	- name: Add domain to WAS SSO setting
	include_role:
	name: roles/third_party/ibm/wasnd/was-dmgr-config-sso-update
	apply:
	delegate_to: "{{ dmgr_hostname }}"
	become: true
	when: inventory_hostname in groups["dmgr"]

In my opinion there is a missing step e.g. check_env and set the necessary variable __sso_config_enable (or sso.config.success file) before starting the config_sso.yml.

connections-automation/roles/third_party/ibm/wasnd/was-dmgr-config-sso-update/tasks/main.yml

Lines 1 to 10 in 84b57ec

	---
	- name: Generate SSO variable
	include_tasks: create_sso_domainnames.yml
	when:
	- __sso_config_enable |bool
	- name: Configure SSO if configuration is enabled
	include_tasks: config_sso.yml
	when:
	- __sso_config_enable |bool

... because in my situation the sso config should have been skipped.

It's error-prone when a admin have to rethink all settings before starting the playbook.

BTW: I had another failed run with the docs playbooks (some steps before), because I forgot to disable the setup_connections_wizards variable, because db2 scripts were missing (about skipped wizard download / extraction).