ipareplica_setup_ds fails with “installer_ccache is None” (1.15.1)

[florianfeigl]

Environment

• Collection: freeipa.ansible_freeipa 1.15.1 from Galaxy
• Ansible: <your ansible --version>
• Target: FreeIPA replica (silberdachs.cs.plus.ac.at, Rocky 9; master honigdachs.cs.plus.ac.at)
• Play: freeipa/ansible_freeipa/roles/ipareplica via install-ipa-replica.yml

Steps to Reproduce

1. Install the collection from Galaxy (1.15.1).
2. Run ansible-playbook playbooks/freeipa/install-ipa-replica.yml against a host in the ipareplicas inventory group.
3. The role reaches task “Install – Setup DS”.

Observed Result

  TASK [freeipa.ansible_freeipa.ipareplica : Install - Setup DS]
  fatal: [silberdachs.cs.plus.ac.at]: FAILED! => {
    "changed": false,
    "msg": "argument 'installer_ccache' is of type NoneType and we were unable to convert to str: 'None' is not a string and conversion is not allowed"
  }

Origin: roles/ipareplica/tasks/install.yml:310

ipareplica_prepare returned installer_ccache=None, so the module call hits the required str constraint and aborts.

Expected Result

Replica install proceeds; when the prepare step cannot produce a dedicated installer cache, the modules should fall back to the main Kerberos cache returned as ccache.

Workaround

Update every installer_ccache argument in roles/ipareplica/tasks/install.yml to fall back when the value is falsy:

  installer_ccache: "{{ result_ipareplica_prepare.installer_ccache | default(result_ipareplica_prepare.ccache, true) }}"

This resolves the failure for tasks:

• ipareplica_install_ca_certs
• ipareplica_setup_ds
• ipareplica_setup_http
• ipareplica_setup_custodia
• ipareplica_setup_kra
• ipareplica_add_to_ipaservers
• ipareplica_create_ipa_conf
• Any other occurrence in the same role.

Suggested Fix

Apply the fallback above in all installer_ccache uses, or make the module arguments optional. I’d be happy to open a PR if this approach is acceptable.

[t-woerner]

installer_ccache is be set by ipareplica_prepare module. Are there errors in the installer log file /var/log/ipareplica-install.log? Is the replica role used without modifications?

[florianfeigl]

installer_ccache is be set by ipareplica_prepare module. Are there errors in the installer log file /var/log/ipareplica-install.log? Is the replica role used without modifications?

There’s no error or stack trace preceding the module returning installer_ccache=None. This was
on a stock 1.15.1 install of the replica role; I only added the fallback after the failure so
the playbook could continue. The debug output shows the prepare step ran to completion, but
the returned structure still had installer_ccache=None. Using the Jinja fallback—or making the
module arguments non‑required—sidesteps the issue in practice.

[t-woerner]

installer_cacche could only be none if the new replica is already known to the domain as an ipaserver. In this case the replica will not be added to the domain again. There should be something about this in the ipareplica-install.log.

[florianfeigl]

I did a complete new setup and could not replicate the issue, sorry.