ca-less: No pre-generated certificates, generate them for each run

The certificates should not be pre-generated as they will expire at some point. Simply generate them for each test run using the domain used in the test. Copy the certificate files each time into the test server after removing the old ones.
2026-05-13 21:12:02 +00:00 · 2020-06-03 12:16:54 +02:00
parent 07d7e2fa86
commit 0372fec0e3
17 changed files with 74 additions and 458 deletions
--- a/tests/ca-less/install_server_without_ca.yml
+++ b/tests/ca-less/install_server_without_ca.yml
@@ -1,32 +1,66 @@
 ---
+- name: Generate certificates
+  hosts: localhost
+  gather_facts: false
+
+  tasks:
+  - name: Run generate-certificates.sh
+    command: >
+      /bin/bash
+      generate-certificates.sh
+      "{{ groups.ipaserver[0] }}"
+      "{{ ipaserver_domain | default(groups.ipaserver[0].split('.')[1:] | join ('.')) }}"
+    args:
+      chdir: "{{ playbook_dir }}"
+
 - name: Test ipaserver installation without CA
  hosts: ipaserver
  become: true
+
  vars:
    # Root CA certificate
    ipaserver_ca_cert_files:
-      - /root/freeipa/certificates/root-ca.crt
+      - /root/ca-less-test/ca.crt
    # Directory server certificates
    ipaserver_dirsrv_cert_name: dirsrv-cert
    ipaserver_dirsrv_cert_files:
-      - /root/freeipa/certificates/dirsrv.p12
+      - /root/ca-less-test/dirsrv.p12
    ipaserver_dirsrv_pin: SomePKCS12password
    # Apache certificates
    ipaserver_http_cert_name: httpd-cert
    ipaserver_http_cert_files:
-      - /root/freeipa/certificates/httpd.p12
+      - /root/ca-less-test/httpd.p12
    ipaserver_http_pin: SomePKCS12password
    # PKINIT configuration
    ipaserver_no_pkinit: no
    ipaserver_pkinit_cert_name: pkinit-cert
    ipaserver_pkinit_cert_files:
-      - /root/freeipa/certificates/pkinit.p12
+      - /root/ca-less-test/pkinit.p12
    ipaserver_pkinit_pin: SomePKCS12password
+
  pre_tasks:
-    - name: Copy certificates
+    - name: Remove "/root/ca-less-test"
+      file:
+        path: "/root/ca-less-test"
+        state: absent
+
+    - name: Generate "/root/ca-less-test"
+      file:
+        path: "/root/ca-less-test"
+        state: directory
+
+    - name: Copy CA certificate
+      copy:
+        src: "{{ playbook_dir }}/certificates/root-ca/cert.pem"
+        dest: "/root/ca-less-test/ca.crt"
+        owner: root
+        group: root
+        mode: "0644"
+
+    - name: Copy p12 certificates
      copy:
        src: "{{ playbook_dir }}/certificates/{{ item }}/ipaserver/cert.p12"
-        dest: "/root/freeipa/certificates/{{ item }}.p12"
+        dest: "/root/ca-less-test/{{ item }}.p12"
        owner: root
        group: root
        mode: "0644"
@@ -34,6 +68,7 @@
        - dirsrv
        - httpd
        - pkinit
+
  roles:
    - role: ipaserver
-      state: present
+      state: present