ipa_host disable logic is broken

[quasd]

Summary

When trying to disable host, instead of it getting disabled the module says it can't find the host.

The module also prints out the ipa_host dict instead of just hostname

I have working version here: main...quasd:community.general:quasd-fix-host-disabling

Perhaps not written in way to could be merged, but it should showcase the actual logic problem.

Currently if the host exists + and you are trying to set it disabled, there is no way for the code to pass.

Issue Type

Bug Report

Component Name

ipa_host

Ansible Version

Yes this is not supported ansible version, but it doesn't change the bug.

ansible@2.20 --version
ansible [core 2.20.2]
  config file = /home/eki/.ansible.cfg
  configured module search path = ['/home/eki/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/eki/.local/pipx/venvs/ansible-core@2-20/lib/python3.12/site-packages/ansible
  ansible collection location = /home/eki/repos/collections
  executable location = /home/eki/.local/bin/ansible@2.20
  python version = 3.12.3 (main, Jan 22 2026, 20:57:42) [GCC 13.3.0] (/home/eki/.local/pipx/venvs/ansible-core@2-20/bin/python)
  jinja version = 3.1.6
  pyyaml version = 6.0.3 (with libyaml v0.2.5)

Community.general Version

ansible-galaxy@2.20 collection list community.general

# /home/eki/repos/collections/ansible_collections
Collection        Version
----------------- -------
community.general 12.3.0 

Configuration

No response

OS / Environment

Ubuntu 24.04.3 LTS

Steps to Reproduce

Run play and try to disable host

- name: Test
  hosts: localhost
  connection: local
  gather_facts: false
  become: false
  tasks:
    - name: Ensure that host is disabled
      community.general.ipa_host:
        name: "<fqdn retracted>"
        state: disabled
        validate_certs: "true"
      delegate_to: "localhost"
      become: false
      register: ipahost_disable

Expected Results

The host should get its has_keytab changed to false

Actual Results

The playbook fails with following error ( There host is clearly found in ipa, but the logic is broken )

fatal: [localhost]: FAILED! => {"changed": false, "msg": "No host with name
        {'ipasshpubkey': ['ecdsa-sha2-nistp256 <retracted>', 'ssh-ed25519 <retracted>', 'ssh-rsa <retracted>'],
        'krblastpwdchange': ['20260209142959Z'], 'objectclass': ['ipaobject', 'nshost', 'ipahost', 'pkiuser', 'ipaservice', 'ieee802device', 'ipasshhost', 'top', 'ipaSshGroupOfPubKeys', 'krbPrincipalAux'],
        'cn': ['<retracted>'], 'serverhostname': ['<retracted>'], 'ipauniqueid': ['<retracted>'], 'fqdn': ['<retracted>'], 'krbcanonicalname': ['host/<retracted>'], 'krbprincipalname': ['host/<retracted>'], 
        'ipakrbrequirespreauth': True, 'ipakrbokasdelegate': False, 'ipakrboktoauthasdelegate': False,
        'sshpubkeyfp': ['SHA256:<retracted> (ecdsa-sha2-nistp256)', 'SHA256:<retracted> (ssh-ed25519)', 'SHA256:<retracted>/Y (ssh-rsa)'], 'memberof_hostgroup': [<retracted>], 'managedby_host': [<retracted>],
        'managing_host': [<retracted>], 'memberofindirect_netgroup': [<retracted>],
        'memberofindirect_sudorule': [<retracted>],
        'memberofindirect_hostgroup': [<retracted>],
        'memberofindirect_hbacrule': [<retracted>],
        'dn': 'fqdn=<retracted>,cn=computers,cn=accounts,<retracted>'} found"
}

Code of Conduct

• I agree to follow the Ansible Code of Conduct

[ansibullbot]

Files identified in the description:

• plugins/modules/ipa_host.py

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

[ansibullbot]

cc @Akasurde @Nosmoht @justchris1
click here for bot help

[russoz]

Hi @quasd thanks for reporting.

Since you seem to have a working version, would you please submit it in a PR so that it can be reviewed and eventually merged into the code? That would be greatly appreciated.

BTW, ansible-core 2.20 is supported by this collection, but 2.19 and 2.20 have been introducing a significant amount of changes, so it is not entirely impossible that the different version has had an impact. However, this module currently has no automated tests, so it is hard to say.

[quasd]

Hi @quasd thanks for reporting.

Since you seem to have a working version, would you please submit it in a PR so that it can be reviewed and eventually merged into the code? That would be greatly appreciated.

I will try to get around doing that today. I will run some workloads with the fixed version first to confirm I haven't broken something else. ( Not running the exact same code since we have older version of ansible/collection actually in use )

BTW, ansible-core 2.20 is supported by this collection, but 2.19 and 2.20 have been introducing a significant amount of changes, so it is not entirely impossible that the different version has had an impact. However, this module currently has no automated tests, so it is hard to say.

That comment was written while I was testing with old ansible [core 2.15.13] which I am using. ( Forgot to update the comment after deciding to validate with newer ansible ). Sorry for confusion.

[ansibullbot]

Components

plugins/modules/ipa_host.py
support: core
maintainers: Akasurde Nosmoht justchris1

Metadata

waiting_on: maintainer
needs_info: False

click here for bot help

[Andersson007]

sorry for the noise folks, now i think i should've created a test issue, thanks