From 11cf16ff5370aea57ea716fdbe9f98b5c3ce7d4f Mon Sep 17 00:00:00 2001
From: Pavlov Makar <mpavlov@olssonul.com>
Date: Sat, 16 Aug 2025 15:28:48 +0300
Subject: [PATCH] Remove certificates from IPA tracking on repo rebuild

---
 roles/rproxy/tasks/repo.yml | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/roles/rproxy/tasks/repo.yml b/roles/rproxy/tasks/repo.yml
index bad05b2..1cd47e2 100644
--- a/roles/rproxy/tasks/repo.yml
+++ b/roles/rproxy/tasks/repo.yml
@@ -36,7 +36,16 @@
         -N CN={{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }}
         -F {{ rproxy_dir }}/certs/RootCA.crt
 
-    # sudo ipa-getcert stop-tracking -i 20250813210258 if track already exists
+    - name: Get all tracking certificates
+      ansible.builtin.shell:
+        cmd: ipa-getcert list | grep "ID" | awk '{print $NF}' | tr -d "'\|:"
+      register: tracking_list
+
+    - name: Remove certificates from IPA tracking
+      ansible.builtin.shell:
+        cmd: "ipa-getcert stop-tracking -i {{ item }}"
+      loop: "{{ tracking_list.stdout_lines }}"
+      ignore_errors: true
 
     - name: Wait for certificate to appear
       ansible.builtin.wait_for: