From 976cd1baa70b3ac1a271a362163e469b8d54d04a Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Mon, 22 Feb 2021 13:28:04 +0100 Subject: [PATCH 01/12] ipaclient: Do not fail on rmkeytab error #7 Due to commit f3f9672d527008dc741ac90aa465bac842eea08d (ipa-rmkeytab: Check return value of krb5_kt_(start|end)_seq_get) in IPA 4.9.2 there is a new error reported for ipa-rmkeytab in case of a non existing keytab file. Using ipa-rmkeytab now results in the error #7 in this case. The client role is using ipa-rmkeytab and needs to ignore error #7 also. Fixes: #510 (ipa-client installation with OTP is failed with error code 7 (keytab: /usr/sbin/ipa-rmkeytab returned 7)) --- roles/ipaclient/tasks/install.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml index fccc72e0..23f95297 100644 --- a/roles/ipaclient/tasks/install.yml +++ b/roles/ipaclient/tasks/install.yml @@ -181,8 +181,12 @@ # Do not fail on error codes 3 and 5: # 3 - Unable to open keytab # 5 - Principal name or realm not found in keytab + # 7 - Failed to set cursor, typically when errcode + # would be issued in past failed_when: result_ipa_rmkeytab.rc != 0 and - result_ipa_rmkeytab.rc != 3 and result_ipa_rmkeytab.rc != 5 + result_ipa_rmkeytab.rc != 3 and + result_ipa_rmkeytab.rc != 5 and + result_ipa_rmkeytab.rc != 7 when: (ipaclient_use_otp | bool or ipaclient_force_join | bool) and not ipaclient_on_master | bool - name: Install - Backup and set hostname From 7a23531047e2f58b1b3905862047fa831081e567 Mon Sep 17 00:00:00 2001 From: Grzegorz Grasza Date: Mon, 15 Mar 2021 14:22:13 +0100 Subject: [PATCH 02/12] Use ansible_facts variable Without this change the "Import variables specific to distribution" tasks fail with "Could not find file on the Ansible Controller..." on environments with inject facts disabled. This changes the tests to run with ansible with inject_facts_as_vars = false and fixes other roles and playbooks. --- .../vault-is-present-with-password-file.yml | 6 ++--- .../vault-is-present-with-public-key-file.yml | 6 ++--- .../tasks/copy_backup_from_server.yml | 2 +- roles/ipabackup/tasks/restore.yml | 6 ++--- roles/ipaclient/tasks/install.yml | 2 +- roles/ipaclient/tasks/main.yml | 6 ++--- roles/ipareplica/tasks/install.yml | 2 +- roles/ipareplica/tasks/main.yml | 6 ++--- roles/ipareplica/tasks/uninstall.yml | 2 +- roles/ipaserver/tasks/install.yml | 2 +- roles/ipaserver/tasks/main.yml | 6 ++--- tests/ansible.cfg | 1 + tests/dnsrecord/env_vars.yml | 4 +-- tests/dnsrecord/test_dnsrecord.yml | 2 +- tests/hbacrule/test_hbacrule.yml | 2 +- .../certificate/test_host_certificate.yml | 2 +- .../certificate/test_hosts_certificate.yml | 2 +- tests/host/test_host.yml | 4 +-- tests/host/test_host_allow_create_keytab.yml | 4 +-- .../host/test_host_allow_retrieve_keytab.yml | 4 +-- tests/host/test_host_bool_params.yml | 2 +- tests/host/test_host_ipaddresses.yml | 4 +-- tests/host/test_host_managedby_host.yml | 18 ++++++------- tests/host/test_host_principal.yml | 4 +-- tests/host/test_host_random.yml | 8 +++--- tests/host/test_host_reverse.yml | 4 +-- tests/host/test_hosts.yml | 2 +- tests/host/test_hosts_managedby_host.yml | 2 +- tests/host/test_hosts_principal.yml | 4 +-- tests/hostgroup/test_hostgroup.yml | 2 +- tests/role/env_facts.yml | 2 +- .../certificate/test_service_certificate.yml | 4 +-- tests/service/env_vars.yml | 4 +-- tests/service/test_service_disable.yml | 24 ++++++++--------- tests/sudorule/test_sudorule.yml | 10 +++---- tests/sudorule/test_sudorule_categories.yml | 2 +- tests/vault/env_cleanup.yml | 2 +- tests/vault/env_setup.yml | 2 +- tests/vault/tasks_vault_members.yml | 16 ++++++------ tests/vault/test_vault_asymmetric.yml | 26 +++++++++---------- tests/vault/test_vault_standard.yml | 8 +++--- tests/vault/test_vault_symmetric.yml | 16 ++++++------ 42 files changed, 119 insertions(+), 118 deletions(-) diff --git a/playbooks/vault/vault-is-present-with-password-file.yml b/playbooks/vault/vault-is-present-with-password-file.yml index b552ac66..bedb75df 100644 --- a/playbooks/vault/vault-is-present-with-password-file.yml +++ b/playbooks/vault/vault-is-present-with-password-file.yml @@ -7,7 +7,7 @@ tasks: - copy: src: "{{ playbook_dir }}/password.txt" - dest: "{{ ansible_env.HOME }}/password.txt" + dest: "{{ ansible_facts['env'].HOME }}/password.txt" owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: 0600 @@ -16,7 +16,7 @@ name: symvault username: admin vault_type: symmetric - vault_password_file: "{{ ansible_env.HOME }}/password.txt" + vault_password_file: "{{ ansible_facts['env'].HOME }}/password.txt" - file: - path: "{{ ansible_env.HOME }}/password.txt" + path: "{{ ansible_facts['env'].HOME }}/password.txt" state: absent diff --git a/playbooks/vault/vault-is-present-with-public-key-file.yml b/playbooks/vault/vault-is-present-with-public-key-file.yml index 2420f836..5d7eda02 100644 --- a/playbooks/vault/vault-is-present-with-public-key-file.yml +++ b/playbooks/vault/vault-is-present-with-public-key-file.yml @@ -12,7 +12,7 @@ tasks: - copy: src: "{{ playbook_dir }}/public.pem" - dest: "{{ ansible_env.HOME }}/public.pem" + dest: "{{ ansible_facts['env'].HOME }}/public.pem" owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: 0600 @@ -21,7 +21,7 @@ name: asymvault username: admin vault_type: asymmetric - vault_public_key_file: "{{ ansible_env.HOME }}/public.pem" + vault_public_key_file: "{{ ansible_facts['env'].HOME }}/public.pem" - file: - path: "{{ ansible_env.HOME }}/public.pem" + path: "{{ ansible_facts['env'].HOME }}/public.pem" state: absent diff --git a/roles/ipabackup/tasks/copy_backup_from_server.yml b/roles/ipabackup/tasks/copy_backup_from_server.yml index 1cfef3de..e9964fdd 100644 --- a/roles/ipabackup/tasks/copy_backup_from_server.yml +++ b/roles/ipabackup/tasks/copy_backup_from_server.yml @@ -10,7 +10,7 @@ set_fact: ipabackup_controller_dir: "{{ ipabackup_controller_path | default(lookup('env','PWD')) }}/{{ - ipabackup_name_prefix | default(ansible_fqdn) }}_{{ + ipabackup_name_prefix | default(ansible_facts['fqdn']) }}_{{ ipabackup_item }}/" - name: Stat backup on server diff --git a/roles/ipabackup/tasks/restore.yml b/roles/ipabackup/tasks/restore.yml index 36273552..55576c6e 100644 --- a/roles/ipabackup/tasks/restore.yml +++ b/roles/ipabackup/tasks/restore.yml @@ -6,9 +6,9 @@ - name: Import variables specific to distribution include_vars: "{{ item }}" with_first_found: - - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml" - - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" - - "{{ role_path }}/vars/{{ ansible_distribution }}.yml" + - "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_version'] }}.yml" + - "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_major_version'] }}.yml" + - "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}.yml" - "{{ role_path }}/vars/default.yml" ### GET SERVICES FROM BACKUP diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml index 23f95297..515bab2f 100644 --- a/roles/ipaclient/tasks/install.yml +++ b/roles/ipaclient/tasks/install.yml @@ -33,7 +33,7 @@ domain: "{{ ipaserver_domain | default(ipaclient_domain) | default(omit) }}" servers: "{{ ipaclient_servers | default(omit) }}" realm: "{{ ipaserver_realm | default(ipaclient_realm) | default(omit) }}" - hostname: "{{ ipaclient_hostname | default(ansible_fqdn) }}" + hostname: "{{ ipaclient_hostname | default(ansible_facts['fqdn']) }}" ntp_servers: "{{ ipaclient_ntp_servers | default(omit) }}" ntp_pool: "{{ ipaclient_ntp_pool | default(omit) }}" no_ntp: "{{ ipaclient_no_ntp }}" diff --git a/roles/ipaclient/tasks/main.yml b/roles/ipaclient/tasks/main.yml index d8b3c03a..8840bb5f 100644 --- a/roles/ipaclient/tasks/main.yml +++ b/roles/ipaclient/tasks/main.yml @@ -4,9 +4,9 @@ - name: Import variables specific to distribution include_vars: "{{ item }}" with_first_found: - - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml" - - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" - - "{{ role_path }}/vars/{{ ansible_distribution }}.yml" + - "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_version'] }}.yml" + - "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_major_version'] }}.yml" + - "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}.yml" - "{{ role_path }}/vars/default.yml" - name: Install IPA client diff --git a/roles/ipareplica/tasks/install.yml b/roles/ipareplica/tasks/install.yml index bae12531..695242d1 100644 --- a/roles/ipareplica/tasks/install.yml +++ b/roles/ipareplica/tasks/install.yml @@ -72,7 +72,7 @@ default(omit) }}" servers: "{{ ipareplica_servers | default(omit) }}" realm: "{{ ipareplica_realm | default(ipaserver_realm) |default(omit) }}" - hostname: "{{ ipareplica_hostname | default(ansible_fqdn) }}" + hostname: "{{ ipareplica_hostname | default(ansible_facts['fqdn']) }}" ca_cert_files: "{{ ipareplica_ca_cert_files | default([]) }}" hidden_replica: "{{ ipareplica_hidden_replica }}" skip_mem_check: "{{ not ipareplica_mem_check }}" diff --git a/roles/ipareplica/tasks/main.yml b/roles/ipareplica/tasks/main.yml index 0d9cd7ac..18bbe256 100644 --- a/roles/ipareplica/tasks/main.yml +++ b/roles/ipareplica/tasks/main.yml @@ -4,9 +4,9 @@ - name: Import variables specific to distribution include_vars: "{{ item }}" with_first_found: - - "vars/{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml" - - "vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" - - "vars/{{ ansible_distribution }}.yml" + - "vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_version'] }}.yml" + - "vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_major_version'] }}.yml" + - "vars/{{ ansible_facts['distribution'] }}.yml" - "vars/default.yml" - name: Install IPA replica diff --git a/roles/ipareplica/tasks/uninstall.yml b/roles/ipareplica/tasks/uninstall.yml index 5df73e93..a9240d77 100644 --- a/roles/ipareplica/tasks/uninstall.yml +++ b/roles/ipareplica/tasks/uninstall.yml @@ -25,7 +25,7 @@ # command: > # /usr/sbin/ipa-replica-manage # del -# {{ ipareplica_hostname | default(ansible_fqdn) }} +# {{ ipareplica_hostname | default(ansible_facts['fqdn']) }} # --force # --password={{ ipadm_password }} # failed_when: False diff --git a/roles/ipaserver/tasks/install.yml b/roles/ipaserver/tasks/install.yml index d34bc125..8099a158 100644 --- a/roles/ipaserver/tasks/install.yml +++ b/roles/ipaserver/tasks/install.yml @@ -65,7 +65,7 @@ master_password: "{{ ipaserver_master_password | default(omit) }}" domain: "{{ ipaserver_domain | default(omit) }}" realm: "{{ ipaserver_realm | default(omit) }}" - hostname: "{{ ipaserver_hostname | default(ansible_fqdn) }}" + hostname: "{{ ipaserver_hostname | default(ansible_facts['fqdn']) }}" ca_cert_files: "{{ ipaserver_ca_cert_files | default(omit) }}" no_host_dns: "{{ ipaserver_no_host_dns }}" pki_config_override: "{{ ipaserver_pki_config_override | default(omit) }}" diff --git a/roles/ipaserver/tasks/main.yml b/roles/ipaserver/tasks/main.yml index 6ae77ae0..c4e1bd7c 100644 --- a/roles/ipaserver/tasks/main.yml +++ b/roles/ipaserver/tasks/main.yml @@ -4,9 +4,9 @@ - name: Import variables specific to distribution include_vars: "{{ item }}" with_first_found: - - "vars/{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml" - - "vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" - - "vars/{{ ansible_distribution }}.yml" + - "vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_version'] }}.yml" + - "vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_major_version'] }}.yml" + - "vars/{{ ansible_facts['distribution'] }}.yml" - "vars/default.yml" - name: Install IPA server diff --git a/tests/ansible.cfg b/tests/ansible.cfg index e7f44439..5436b8c0 100644 --- a/tests/ansible.cfg +++ b/tests/ansible.cfg @@ -3,3 +3,4 @@ roles_path = ../roles:~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/rol library = ../plugins/modules:~/.ansible/plugins/modules:/usr/share/ansible/plugins/modules module_utils = ../plugins/module_utils:~/.ansible/plugins/module_utils:/usr/share/ansible/plugins/module_utils host_key_checking = false +inject_facts_as_vars = false diff --git a/tests/dnsrecord/env_vars.yml b/tests/dnsrecord/env_vars.yml index d3aef920..d95e1381 100644 --- a/tests/dnsrecord/env_vars.yml +++ b/tests/dnsrecord/env_vars.yml @@ -2,9 +2,9 @@ # Set common vars and facts for test. - name: Set IPv4 address prefix. set_fact: - ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] | + ipv4_prefix: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] | join('.') }}" - ipv4_reverse_sufix: "{{ ansible_default_ipv4.address.split('.')[:-1] | + ipv4_reverse_sufix: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] | reverse | join('.') }}" diff --git a/tests/dnsrecord/test_dnsrecord.yml b/tests/dnsrecord/test_dnsrecord.yml index 75f6a92a..05379ce4 100644 --- a/tests/dnsrecord/test_dnsrecord.yml +++ b/tests/dnsrecord/test_dnsrecord.yml @@ -564,7 +564,7 @@ ipaadmin_password: SomeADMINpassword name: iron01 zone_name: "{{ safezone }}" - ip_address: "{{ ansible_default_ipv4.address }}" + ip_address: "{{ ansible_facts['default_ipv4'].address }}" register: result failed_when: not result.changed diff --git a/tests/hbacrule/test_hbacrule.yml b/tests/hbacrule/test_hbacrule.yml index ce1f29c5..e0dc3b8e 100644 --- a/tests/hbacrule/test_hbacrule.yml +++ b/tests/hbacrule/test_hbacrule.yml @@ -6,7 +6,7 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined # CLEANUP TEST ITEMS diff --git a/tests/host/certificate/test_host_certificate.yml b/tests/host/certificate/test_host_certificate.yml index c4149491..1feb66b5 100644 --- a/tests/host/certificate/test_host_certificate.yml +++ b/tests/host/certificate/test_host_certificate.yml @@ -6,7 +6,7 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Generate self-signed certificates. diff --git a/tests/host/certificate/test_hosts_certificate.yml b/tests/host/certificate/test_hosts_certificate.yml index f2ef1a22..00940f3c 100644 --- a/tests/host/certificate/test_hosts_certificate.yml +++ b/tests/host/certificate/test_hosts_certificate.yml @@ -6,7 +6,7 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Host test absent diff --git a/tests/host/test_host.yml b/tests/host/test_host.yml index d4760c18..e04105b9 100644 --- a/tests/host/test_host.yml +++ b/tests/host/test_host.yml @@ -6,7 +6,7 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Set host1_fqdn .. host6_fqdn @@ -33,7 +33,7 @@ - name: Get IPv4 address prefix from server node set_fact: - ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] | + ipv4_prefix: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] | join('.') }}" - name: Host "{{ host1_fqdn }}" present diff --git a/tests/host/test_host_allow_create_keytab.yml b/tests/host/test_host_allow_create_keytab.yml index 4be1305e..358a6780 100644 --- a/tests/host/test_host_allow_create_keytab.yml +++ b/tests/host/test_host_allow_create_keytab.yml @@ -6,12 +6,12 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Get Realm from server name set_fact: - ipaserver_realm: "{{ ansible_fqdn.split('.')[1:] | join ('.') | upper }}" + ipaserver_realm: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') | upper }}" when: ipaserver_realm is not defined - name: Set host1_fqdn .. host3_fqdn diff --git a/tests/host/test_host_allow_retrieve_keytab.yml b/tests/host/test_host_allow_retrieve_keytab.yml index 9be0ef61..c5eba377 100644 --- a/tests/host/test_host_allow_retrieve_keytab.yml +++ b/tests/host/test_host_allow_retrieve_keytab.yml @@ -6,12 +6,12 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Get Realm from server name set_fact: - ipaserver_realm: "{{ ansible_fqdn.split('.')[1:] | join ('.') | upper }}" + ipaserver_realm: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') | upper }}" when: ipaserver_realm is not defined - name: Set host1_fqdn .. host3_fqdn diff --git a/tests/host/test_host_bool_params.yml b/tests/host/test_host_bool_params.yml index bc35f97e..e685fbea 100644 --- a/tests/host/test_host_bool_params.yml +++ b/tests/host/test_host_bool_params.yml @@ -6,7 +6,7 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Set host1_fqdn .. host6_fqdn diff --git a/tests/host/test_host_ipaddresses.yml b/tests/host/test_host_ipaddresses.yml index bcca18fc..c9774a60 100644 --- a/tests/host/test_host_ipaddresses.yml +++ b/tests/host/test_host_ipaddresses.yml @@ -6,7 +6,7 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Set host1_fqdn .. host6_fqdn @@ -17,7 +17,7 @@ - name: Get IPv4 address prefix from server node set_fact: - ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] | + ipv4_prefix: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] | join('.') }}" - name: Host absent diff --git a/tests/host/test_host_managedby_host.yml b/tests/host/test_host_managedby_host.yml index d5d36780..81fccbd6 100644 --- a/tests/host/test_host_managedby_host.yml +++ b/tests/host/test_host_managedby_host.yml @@ -6,7 +6,7 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Set host1_fqdn .. host2_fqdn @@ -55,39 +55,39 @@ register: result failed_when: result.changed - - name: Host "{{ host1_fqdn }}" managed by "{{ ansible_fqdn }}" + - name: Host "{{ host1_fqdn }}" managed by "{{ ansible_facts['fqdn'] }}" ipahost: ipaadmin_password: SomeADMINpassword name: "{{ host1_fqdn }}" - managedby_host: "{{ ansible_fqdn }}" + managedby_host: "{{ ansible_facts['fqdn'] }}" action: member register: result failed_when: not result.changed - - name: Host "{{ host1_fqdn }}" managed by "{{ ansible_fqdn }}" again + - name: Host "{{ host1_fqdn }}" managed by "{{ ansible_facts['fqdn'] }}" again ipahost: ipaadmin_password: SomeADMINpassword name: "{{ host1_fqdn }}" - managedby_host: "{{ ansible_fqdn }}" + managedby_host: "{{ ansible_facts['fqdn'] }}" action: member register: result failed_when: result.changed - - name: Host "{{ host1_fqdn }}" not managed by "{{ ansible_fqdn }}" + - name: Host "{{ host1_fqdn }}" not managed by "{{ ansible_facts['fqdn'] }}" ipahost: ipaadmin_password: SomeADMINpassword name: "{{ host1_fqdn }}" - managedby_host: "{{ ansible_fqdn }}" + managedby_host: "{{ ansible_facts['fqdn'] }}" action: member state: absent register: result failed_when: not result.changed - - name: Host "{{ host1_fqdn }}" not managed by "{{ ansible_fqdn }}" again + - name: Host "{{ host1_fqdn }}" not managed by "{{ ansible_facts['fqdn'] }}" again ipahost: ipaadmin_password: SomeADMINpassword name: "{{ host1_fqdn }}" - managedby_host: "{{ ansible_fqdn }}" + managedby_host: "{{ ansible_facts['fqdn'] }}" action: member state: absent register: result diff --git a/tests/host/test_host_principal.yml b/tests/host/test_host_principal.yml index 5bef0522..0e85626f 100644 --- a/tests/host/test_host_principal.yml +++ b/tests/host/test_host_principal.yml @@ -6,12 +6,12 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Get Realm from server name set_fact: - ipaserver_realm: "{{ ansible_fqdn.split('.')[1:] | join ('.') | upper }}" + ipaserver_realm: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') | upper }}" when: ipaserver_realm is not defined - name: Set host1_fqdn diff --git a/tests/host/test_host_random.yml b/tests/host/test_host_random.yml index 211d660c..3de73d96 100644 --- a/tests/host/test_host_random.yml +++ b/tests/host/test_host_random.yml @@ -6,7 +6,7 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Set host1_fqdn and host2_fqdn @@ -77,11 +77,11 @@ debug: var: ipahost.host["{{host2_fqdn }}"].randompassword - - name: Enrolled host "{{ ansible_fqdn }}" fails to set random password with update_password always + - name: Enrolled host "{{ ansible_facts['fqdn'] }}" fails to set random password with update_password always ipahost: ipaadmin_password: SomeADMINpassword hosts: - - name: "{{ ansible_fqdn }}" + - name: "{{ ansible_facts['fqdn'] }}" random: yes update_password: always register: ipahost @@ -89,7 +89,7 @@ - assert: that: - - ipahost.host["{{ ansible_fqdn }}"].randompassword is + - ipahost.host["{{ ansible_facts['fqdn'] }}"].randompassword is not defined - "'Password cannot be set on enrolled host' in ipahost.msg" diff --git a/tests/host/test_host_reverse.yml b/tests/host/test_host_reverse.yml index 9a59c489..36a0abcc 100644 --- a/tests/host/test_host_reverse.yml +++ b/tests/host/test_host_reverse.yml @@ -6,7 +6,7 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Set host1_fqdn @@ -23,7 +23,7 @@ - name: Get IPv4 address prefix from server node set_fact: - ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] | + ipv4_prefix: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] | join('.') }}" - name: Set zone prefixes. diff --git a/tests/host/test_hosts.yml b/tests/host/test_hosts.yml index 1159e078..cf0f22b9 100644 --- a/tests/host/test_hosts.yml +++ b/tests/host/test_hosts.yml @@ -6,7 +6,7 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Set host1_fqdn .. host6_fqdn diff --git a/tests/host/test_hosts_managedby_host.yml b/tests/host/test_hosts_managedby_host.yml index 0fc6651f..95f71dcd 100644 --- a/tests/host/test_hosts_managedby_host.yml +++ b/tests/host/test_hosts_managedby_host.yml @@ -6,7 +6,7 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Set host1_fqdn .. host5_fqdn diff --git a/tests/host/test_hosts_principal.yml b/tests/host/test_hosts_principal.yml index b53c0433..67b4a202 100644 --- a/tests/host/test_hosts_principal.yml +++ b/tests/host/test_hosts_principal.yml @@ -6,12 +6,12 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Get Realm from server name set_fact: - ipaserver_realm: "{{ ansible_fqdn.split('.')[1:] | join ('.') | upper }}" + ipaserver_realm: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') | upper }}" when: ipaserver_realm is not defined - name: Set host1_fqdn .. host2_fqdn diff --git a/tests/hostgroup/test_hostgroup.yml b/tests/hostgroup/test_hostgroup.yml index f5af7bbe..a0df6ec1 100644 --- a/tests/hostgroup/test_hostgroup.yml +++ b/tests/hostgroup/test_hostgroup.yml @@ -7,7 +7,7 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Ensure host-group databases, mysql-server and oracle-server are absent diff --git a/tests/role/env_facts.yml b/tests/role/env_facts.yml index f9bca93f..c6ae0659 100644 --- a/tests/role/env_facts.yml +++ b/tests/role/env_facts.yml @@ -1,7 +1,7 @@ --- - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Set fact for realm name diff --git a/tests/service/certificate/test_service_certificate.yml b/tests/service/certificate/test_service_certificate.yml index 3dc24c5b..087bce86 100644 --- a/tests/service/certificate/test_service_certificate.yml +++ b/tests/service/certificate/test_service_certificate.yml @@ -29,12 +29,12 @@ # setup - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Get IPv4 address prefix from server node set_fact: - ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] | + ipv4_prefix: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] | join('.') }}" - name: Set test host FQDN diff --git a/tests/service/env_vars.yml b/tests/service/env_vars.yml index eb53c7a0..37c9e1cb 100644 --- a/tests/service/env_vars.yml +++ b/tests/service/env_vars.yml @@ -1,7 +1,7 @@ --- - name: Get Domain from server name set_fact: - test_domain: "{{ ansible_fqdn.split('.')[1:] | join('.') }}" + test_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join('.') }}" - name: Set host1, host2 and svc hosts fqdn set_fact: @@ -12,4 +12,4 @@ - name: Get IPv4 address prefix from server node set_fact: - ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] | join('.') }}" + ipv4_prefix: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] | join('.') }}" diff --git a/tests/service/test_service_disable.yml b/tests/service/test_service_disable.yml index e96b9202..358b7886 100644 --- a/tests/service/test_service_disable.yml +++ b/tests/service/test_service_disable.yml @@ -19,13 +19,13 @@ - name: Ensure service is absent ipaservice: ipaadmin_password: SomeADMINpassword - name: "mysvc1/{{ ansible_fqdn }}" + name: "mysvc1/{{ ansible_facts['fqdn'] }}" state: absent - name: Ensure service is present ipaservice: ipaadmin_password: SomeADMINpassword - name: "mysvc1/{{ ansible_fqdn }}" + name: "mysvc1/{{ ansible_facts['fqdn'] }}" certificate: - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq force: no @@ -33,51 +33,51 @@ failed_when: not result.changed - name: Obtain keytab - shell: ipa-getkeytab -s "{{ ansible_fqdn }}" -p "mysvc1/{{ ansible_fqdn }}" -k mysvc1.keytab + shell: ipa-getkeytab -s "{{ ansible_facts['fqdn'] }}" -p "mysvc1/{{ ansible_facts['fqdn'] }}" -k mysvc1.keytab - name: Verify keytab - shell: ipa service-find "mysvc1/{{ ansible_fqdn }}" + shell: ipa service-find "mysvc1/{{ ansible_facts['fqdn'] }}" register: result failed_when: result.failed or result.stdout | regex_search(" Keytab. true") - name: Ensure service is disabled ipaservice: ipaadmin_password: SomeADMINpassword - name: "mysvc1/{{ ansible_fqdn }}" + name: "mysvc1/{{ ansible_facts['fqdn'] }}" state: disabled register: result failed_when: not result.changed - name: Verify keytab - shell: ipa service-find "mysvc1/{{ ansible_fqdn }}" + shell: ipa service-find "mysvc1/{{ ansible_facts['fqdn'] }}" register: result failed_when: result.failed or result.stdout | regex_search(" Keytab. true") - name: Obtain keytab - shell: ipa-getkeytab -s "{{ ansible_fqdn }}" -p "mysvc1/{{ ansible_fqdn }}" -k mysvc1.keytab + shell: ipa-getkeytab -s "{{ ansible_facts['fqdn'] }}" -p "mysvc1/{{ ansible_facts['fqdn'] }}" -k mysvc1.keytab - name: Verify keytab - shell: ipa service-find "mysvc1/{{ ansible_fqdn }}" + shell: ipa service-find "mysvc1/{{ ansible_facts['fqdn'] }}" register: result failed_when: result.failed or result.stdout | regex_search(" Keytab. true") - name: Ensure service is disabled ipaservice: ipaadmin_password: SomeADMINpassword - name: "mysvc1/{{ ansible_fqdn }}" + name: "mysvc1/{{ ansible_facts['fqdn'] }}" state: disabled register: result failed_when: not result.changed - name: Verify keytab - shell: ipa service-find "mysvc1/{{ ansible_fqdn }}" + shell: ipa service-find "mysvc1/{{ ansible_facts['fqdn'] }}" register: result failed_when: result.failed or result.stdout | regex_search(" Keytab. true") - name: Ensure service is disabled, with no keytab. ipaservice: ipaadmin_password: SomeADMINpassword - name: "mysvc1/{{ ansible_fqdn }}" + name: "mysvc1/{{ ansible_facts['fqdn'] }}" state: disabled register: result failed_when: result.changed @@ -85,7 +85,7 @@ - name: Ensure service is absent ipaservice: ipaadmin_password: SomeADMINpassword - name: "mysvc1/{{ ansible_fqdn }}" + name: "mysvc1/{{ ansible_facts['fqdn'] }}" - name: Destroy Kerberos tickets. shell: kdestroy -A -q -c ${KRB5CCNAME} diff --git a/tests/sudorule/test_sudorule.yml b/tests/sudorule/test_sudorule.yml index 15ba7f46..579db11b 100644 --- a/tests/sudorule/test_sudorule.yml +++ b/tests/sudorule/test_sudorule.yml @@ -43,7 +43,7 @@ ipahostgroup: ipaadmin_password: SomeADMINpassword name: cluster - host: "{{ ansible_fqdn }}" + host: "{{ ansible_facts['fqdn'] }}" - name: Ensure some sudocmds are available ipasudocmd: @@ -500,20 +500,20 @@ register: result failed_when: result.changed - - name: Ensure host "{{ ansible_fqdn }}" is present in sudorule. + - name: Ensure host "{{ ansible_facts['fqdn'] }}" is present in sudorule. ipasudorule: ipaadmin_password: SomeADMINpassword name: testrule1 - host: "{{ ansible_fqdn }}" + host: "{{ ansible_facts['fqdn'] }}" action: member register: result failed_when: not result.changed - - name: Ensure host "{{ ansible_fqdn }}" is present in sudorule, again. + - name: Ensure host "{{ ansible_facts['fqdn'] }}" is present in sudorule, again. ipasudorule: ipaadmin_password: SomeADMINpassword name: testrule1 - host: "{{ ansible_fqdn }}" + host: "{{ ansible_facts['fqdn'] }}" action: member register: result failed_when: result.changed diff --git a/tests/sudorule/test_sudorule_categories.yml b/tests/sudorule/test_sudorule_categories.yml index a7740c57..43d73520 100644 --- a/tests/sudorule/test_sudorule_categories.yml +++ b/tests/sudorule/test_sudorule_categories.yml @@ -7,7 +7,7 @@ tasks: - name: Get Domain from the server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" - name: Ensure sudorules are absent ipasudorule: diff --git a/tests/vault/env_cleanup.yml b/tests/vault/env_cleanup.yml index 31cc1799..9b0d6f7e 100644 --- a/tests/vault/env_cleanup.yml +++ b/tests/vault/env_cleanup.yml @@ -40,7 +40,7 @@ - name: Remove files from target host. file: - path: "{{ ansible_env.HOME }}/{{ item }}" + path: "{{ ansible_facts['env'].HOME }}/{{ item }}" state: absent with_items: - A_private.pem diff --git a/tests/vault/env_setup.yml b/tests/vault/env_setup.yml index 47baa292..059caf5f 100644 --- a/tests/vault/env_setup.yml +++ b/tests/vault/env_setup.yml @@ -19,7 +19,7 @@ - name: Copy files to target host. copy: src: "{{ playbook_dir }}/{{ item }}" - dest: "{{ ansible_env.HOME }}/{{ item }}" + dest: "{{ ansible_facts['env'].HOME }}/{{ item }}" with_items: - A_private.pem - A_public.pem diff --git a/tests/vault/tasks_vault_members.yml b/tests/vault/tasks_vault_members.yml index 99e2fd0c..e53accee 100644 --- a/tests/vault/tasks_vault_members.yml +++ b/tests/vault/tasks_vault_members.yml @@ -151,7 +151,7 @@ ipaadmin_password: SomeADMINpassword name: "{{vault.name}}" action: member - services: "HTTP/{{ ansible_fqdn }}" + services: "HTTP/{{ ansible_facts['fqdn'] }}" register: result failed_when: not result.changed @@ -160,7 +160,7 @@ ipaadmin_password: SomeADMINpassword name: "{{vault.name}}" action: member - services: "HTTP/{{ ansible_fqdn }}" + services: "HTTP/{{ ansible_facts['fqdn'] }}" register: result failed_when: result.changed @@ -169,7 +169,7 @@ ipaadmin_password: SomeADMINpassword name: "{{vault.name}}" action: member - services: "HTTP/{{ ansible_fqdn }}" + services: "HTTP/{{ ansible_facts['fqdn'] }}" state: absent register: result failed_when: not result.changed @@ -179,7 +179,7 @@ ipaadmin_password: SomeADMINpassword name: "{{vault.name}}" action: member - services: "HTTP/{{ ansible_fqdn }}" + services: "HTTP/{{ ansible_facts['fqdn'] }}" state: absent register: result failed_when: result.changed @@ -264,7 +264,7 @@ ipavault: ipaadmin_password: SomeADMINpassword name: "{{vault.name}}" - ownerservices: "HTTP/{{ ansible_fqdn }}" + ownerservices: "HTTP/{{ ansible_facts['fqdn'] }}" action: member register: result failed_when: not result.changed @@ -273,7 +273,7 @@ ipavault: ipaadmin_password: SomeADMINpassword name: "{{vault.name}}" - ownerservices: "HTTP/{{ ansible_fqdn }}" + ownerservices: "HTTP/{{ ansible_facts['fqdn'] }}" action: member register: result failed_when: result.changed @@ -282,7 +282,7 @@ ipavault: ipaadmin_password: SomeADMINpassword name: "{{vault.name}}" - ownerservices: "HTTP/{{ ansible_fqdn }}" + ownerservices: "HTTP/{{ ansible_facts['fqdn'] }}" state: absent action: member register: result @@ -292,7 +292,7 @@ ipavault: ipaadmin_password: SomeADMINpassword name: "{{vault.name}}" - ownerservices: "HTTP/{{ ansible_fqdn }}" + ownerservices: "HTTP/{{ ansible_facts['fqdn'] }}" state: absent action: member register: result diff --git a/tests/vault/test_vault_asymmetric.yml b/tests/vault/test_vault_asymmetric.yml index d0a7cca7..60e5ab8b 100644 --- a/tests/vault/test_vault_asymmetric.yml +++ b/tests/vault/test_vault_asymmetric.yml @@ -68,7 +68,7 @@ ipaadmin_password: SomeADMINpassword name: asymvault vault_type: asymmetric - public_key_file: "{{ ansible_env.HOME }}/A_public.pem" + public_key_file: "{{ ansible_facts['env'].HOME }}/A_public.pem" private_key: "{{ lookup('file', 'B_private.b64') }}" register: result failed_when: result.failed or not result.changed @@ -77,7 +77,7 @@ ipavault: ipaadmin_password: SomeADMINpassword name: asymvault - private_key_file: "{{ ansible_env.HOME }}/A_private.pem" + private_key_file: "{{ ansible_facts['env'].HOME }}/A_private.pem" state: retrieved register: result failed_when: result.failed or result.changed or result.vault.data != 'SomeValue' @@ -87,8 +87,8 @@ ipaadmin_password: SomeADMINpassword name: asymvault vault_type: asymmetric - public_key_file: "{{ ansible_env.HOME }}/B_public.pem" - private_key_file: "{{ ansible_env.HOME }}/A_private.pem" + public_key_file: "{{ ansible_facts['env'].HOME }}/B_public.pem" + private_key_file: "{{ ansible_facts['env'].HOME }}/A_private.pem" register: result failed_when: result.failed or not result.changed @@ -115,8 +115,8 @@ ipavault: ipaadmin_password: SomeADMINpassword name: asymvault - public_key_file: "{{ ansible_env.HOME }}/B_public.pem" - private_key_file: "{{ ansible_env.HOME }}/A_private.pem" + public_key_file: "{{ ansible_facts['env'].HOME }}/B_public.pem" + private_key_file: "{{ ansible_facts['env'].HOME }}/A_private.pem" register: result failed_when: result.failed or not result.changed @@ -154,11 +154,11 @@ register: result failed_when: result.vault.data != 'Hello World.' or result.changed - - name: Retrieve data from asymmetric vault into file {{ ansible_env.HOME }}/data.txt. + - name: Retrieve data from asymmetric vault into file {{ ansible_facts['env'].HOME }}/data.txt. ipavault: ipaadmin_password: SomeADMINpassword name: asymvault - out: "{{ ansible_env.HOME }}/data.txt" + out: "{{ ansible_facts['env'].HOME }}/data.txt" private_key: "{{ lookup('file', 'B_private.b64') }}" state: retrieved register: result @@ -166,7 +166,7 @@ - name: Verify retrieved data. slurp: - src: "{{ ansible_env.HOME }}/data.txt" + src: "{{ ansible_facts['env'].HOME }}/data.txt" register: slurpfile failed_when: slurpfile['content'] | b64decode != 'Hello World.' @@ -192,7 +192,7 @@ ipaadmin_password: SomeADMINpassword name: asymvault vault_type: asymmetric - in: "{{ ansible_env.HOME }}/in.txt" + in: "{{ ansible_facts['env'].HOME }}/in.txt" register: result failed_when: not result.changed @@ -242,7 +242,7 @@ ipavault: ipaadmin_password: SomeADMINpassword name: asymvault - public_key_file: "{{ ansible_env.HOME }}/B_public.pem" + public_key_file: "{{ ansible_facts['env'].HOME }}/B_public.pem" vault_type: asymmetric register: result failed_when: not result.changed @@ -251,7 +251,7 @@ ipavault: ipaadmin_password: SomeADMINpassword name: asymvault - public_key_file: "{{ ansible_env.HOME }}/B_public.pem" + public_key_file: "{{ ansible_facts['env'].HOME }}/B_public.pem" vault_type: asymmetric register: result failed_when: result.changed @@ -277,7 +277,7 @@ ipavault: ipaadmin_password: SomeADMINpassword name: asymvault - private_key_file: "{{ ansible_env.HOME }}/B_private.pem" + private_key_file: "{{ ansible_facts['env'].HOME }}/B_private.pem" state: retrieved register: result failed_when: result.vault.data != 'Hello World.' or result.changed diff --git a/tests/vault/test_vault_standard.yml b/tests/vault/test_vault_standard.yml index ad5b097b..2cda5e1a 100644 --- a/tests/vault/test_vault_standard.yml +++ b/tests/vault/test_vault_standard.yml @@ -57,18 +57,18 @@ register: result failed_when: result.vault.data != 'Hello World.' or result.changed - - name: Retrieve data from standard vault into file {{ ansible_env.HOME }}/data.txt. + - name: Retrieve data from standard vault into file {{ ansible_facts['env'].HOME }}/data.txt. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault - out: "{{ ansible_env.HOME }}/data.txt" + out: "{{ ansible_facts['env'].HOME }}/data.txt" state: retrieved register: result failed_when: result.changed or result.failed or (result.vault.data | default(false)) - name: Verify retrieved data. slurp: - src: "{{ ansible_env.HOME }}/data.txt" + src: "{{ ansible_facts['env'].HOME }}/data.txt" register: slurpfile failed_when: slurpfile['content'] | b64decode != 'Hello World.' @@ -93,7 +93,7 @@ ipaadmin_password: SomeADMINpassword name: stdvault vault_type: standard - in: "{{ ansible_env.HOME }}/in.txt" + in: "{{ ansible_facts['env'].HOME }}/in.txt" register: result failed_when: not result.changed diff --git a/tests/vault/test_vault_symmetric.yml b/tests/vault/test_vault_symmetric.yml index 8794ef72..fd85d06e 100644 --- a/tests/vault/test_vault_symmetric.yml +++ b/tests/vault/test_vault_symmetric.yml @@ -63,19 +63,19 @@ register: result failed_when: result.changed or result.failed or result.vault.data != 'Hello World.' - - name: Retrieve data from symmetric vault into file {{ ansible_env.HOME }}/data.txt. + - name: Retrieve data from symmetric vault into file {{ ansible_facts['env'].HOME }}/data.txt. ipavault: ipaadmin_password: SomeADMINpassword name: symvault password: SomeVAULTpassword - out: "{{ ansible_env.HOME }}/data.txt" + out: "{{ ansible_facts['env'].HOME }}/data.txt" state: retrieved register: result failed_when: result.changed or result.failed or (result.vault.data | default(false)) - name: Verify retrieved data. slurp: - src: "{{ ansible_env.HOME }}/data.txt" + src: "{{ ansible_facts['env'].HOME }}/data.txt" register: slurpfile failed_when: slurpfile['content'] | b64decode != 'Hello World.' @@ -101,7 +101,7 @@ ipavault: ipaadmin_password: SomeADMINpassword name: symvault - in: "{{ ansible_env.HOME }}/in.txt" + in: "{{ ansible_facts['env'].HOME }}/in.txt" password: SomeVAULTpassword register: result failed_when: result.failed or not result.changed @@ -154,7 +154,7 @@ ipaadmin_password: SomeADMINpassword name: symvault username: user01 - password_file: "{{ ansible_env.HOME }}/password.txt" + password_file: "{{ ansible_facts['env'].HOME }}/password.txt" vault_type: symmetric register: result failed_when: result.failed or not result.changed @@ -164,7 +164,7 @@ ipaadmin_password: SomeADMINpassword name: symvault username: user01 - password_file: "{{ ansible_env.HOME }}/password.txt" + password_file: "{{ ansible_facts['env'].HOME }}/password.txt" vault_type: symmetric register: result failed_when: result.failed or result.changed @@ -191,7 +191,7 @@ ipavault: ipaadmin_password: SomeADMINpassword name: symvault - password_file: "{{ ansible_env.HOME }}/password.txt" + password_file: "{{ ansible_facts['env'].HOME }}/password.txt" state: retrieved register: result failed_when: result.failed or result.changed or result.vault.data != 'Hello World.' @@ -328,7 +328,7 @@ ipaadmin_password: SomeADMINpassword name: symvault password: APasswordToChange - new_password_file: "{{ ansible_env.HOME }}/password.txt" + new_password_file: "{{ ansible_facts['env'].HOME }}/password.txt" vault_type: symmetric register: result failed_when: not result.changed or result.failed From 0e7f4e2b1b13a5a34c1e3f087ffe142c3faa7b85 Mon Sep 17 00:00:00 2001 From: Ivan PANICO Date: Wed, 10 Mar 2021 10:14:39 +0100 Subject: [PATCH 03/12] change variable in get_ipabackup_dir.yml --- roles/ipabackup/tasks/get_ipabackup_dir.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/ipabackup/tasks/get_ipabackup_dir.yml b/roles/ipabackup/tasks/get_ipabackup_dir.yml index 41597e8d..45cb48a1 100644 --- a/roles/ipabackup/tasks/get_ipabackup_dir.yml +++ b/roles/ipabackup/tasks/get_ipabackup_dir.yml @@ -1,6 +1,6 @@ --- - name: Get IPA_BACKUP_DIR dir from ipaplatform - command: "{{ ansible_playbook_python }}" + command: "{{ ansible_python_interpreter | default('/usr/bin/python') }}" args: stdin: | from ipaplatform.paths import paths From f7b75cc438288d898d7271bc4eee7e0723526861 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Fri, 30 Apr 2021 16:17:18 +0200 Subject: [PATCH 04/12] tests/azure: Set ANSIBLE_LIBRARY to fix unknown interpreter issue The ANSIBLE_LIBRARY environment variable needs to point to molecule directory. --- tests/azure/templates/build_container.yml | 2 ++ tests/azure/templates/playbook_tests.yml | 2 ++ tests/azure/templates/pytest_tests.yml | 2 ++ 3 files changed, 6 insertions(+) diff --git a/tests/azure/templates/build_container.yml b/tests/azure/templates/build_container.yml index 0bd49321..c77e2745 100644 --- a/tests/azure/templates/build_container.yml +++ b/tests/azure/templates/build_container.yml @@ -23,6 +23,8 @@ jobs: - script: molecule create -s ${{ parameters.build_scenario_name }} displayName: Create test container + env: + ANSIBLE_LIBRARY: ./molecule - script: | docker stop ${{ parameters.build_scenario_name }} diff --git a/tests/azure/templates/playbook_tests.yml b/tests/azure/templates/playbook_tests.yml index d5b5d818..6962fb76 100644 --- a/tests/azure/templates/playbook_tests.yml +++ b/tests/azure/templates/playbook_tests.yml @@ -44,6 +44,8 @@ jobs: cp -a plugins/module_utils/* ~/.ansible/module_utils molecule create -s ${{ parameters.scenario }} displayName: Setup test container + env: + ANSIBLE_LIBRARY: ./molecule - script: | pytest \ diff --git a/tests/azure/templates/pytest_tests.yml b/tests/azure/templates/pytest_tests.yml index 64fe0b45..d4254543 100644 --- a/tests/azure/templates/pytest_tests.yml +++ b/tests/azure/templates/pytest_tests.yml @@ -36,6 +36,8 @@ jobs: cp -a plugins/module_utils/* ~/.ansible/module_utils molecule create -s ${{ parameters.scenario }} displayName: Setup test container + env: + ANSIBLE_LIBRARY: ./molecule - script: | pytest \ From 846566192518fba52b360c818e1f65c7777abeac Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Mon, 3 May 2021 11:40:38 +0200 Subject: [PATCH 05/12] tests/azure: Deactivate NTP in prepare-build In CentOS 8 and also Fedora the configuration and start of chrony fails with Fatal error : adjtimex(0x8001) failed : Operation not permitted For more information: https://bugzilla.redhat.com/show_bug.cgi?id=1772053 NTP will not be needed before a separate namespace is used for clocks. --- molecule/resources/playbooks/prepare-build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/molecule/resources/playbooks/prepare-build.yml b/molecule/resources/playbooks/prepare-build.yml index 41f513d4..5e8e5a92 100644 --- a/molecule/resources/playbooks/prepare-build.yml +++ b/molecule/resources/playbooks/prepare-build.yml @@ -25,3 +25,4 @@ ipadm_password: SomeDMpassword ipaserver_domain: test.local ipaserver_realm: TEST.LOCAL + ipaclient_no_ntp: yes From f108b71c295032993f2f66903de8d825caa59a36 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Wed, 10 Mar 2021 12:16:50 -0300 Subject: [PATCH 06/12] Fix execution of Github Workflow to verify ansible docs. The Github workflow Ubuntu images do not provide Ansible pre-installed anymore, and this patch forces its installation through Python's pip. Different jobs were created to test documentation with different versions of Ansible, currently 2.9 and the latest available. --- .github/workflows/docs.yml | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index b2aa5f74..2b7f782e 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -4,8 +4,8 @@ on: - push - pull_request jobs: - check_docs: - name: Check Ansible Documentation. + check_docs_29: + name: Check Ansible Documentation with Ansible 2.9. runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 @@ -13,4 +13,20 @@ jobs: with: python-version: '3.x' - name: Run ansible-doc-test - run: ANSIBLE_LIBRARY="." python utils/ansible-doc-test roles plugins + run: | + python -m pip install "ansible < 2.10" + ANSIBLE_LIBRARY="." python utils/ansible-doc-test roles plugins + + check_docs_latest: + name: Check Ansible Documentation with latest Ansible. + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-python@v2 + with: + python-version: '3.x' + - name: Run ansible-doc-test + run: | + python -m pip install ansible + ANSIBLE_LIBRARY="." python utils/ansible-doc-test roles plugins + From 122068cefca8ccaf5cb41af9d358ddff92d6b07d Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Wed, 10 Mar 2021 13:03:20 -0300 Subject: [PATCH 07/12] Fix documentation format for ipa_python_version description. --- roles/ipaclient/library/ipaclient_test.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/ipaclient/library/ipaclient_test.py b/roles/ipaclient/library/ipaclient_test.py index d5d7f718..1a80fafb 100644 --- a/roles/ipaclient/library/ipaclient_test.py +++ b/roles/ipaclient/library/ipaclient_test.py @@ -180,9 +180,9 @@ ntp_servers: type: list sample: ["ntp.example.com"] ipa_python_version: - description: - - The IPA python version as a number: - - *10000+*100+ + description: > + The IPA python version as a number: + *10000+*100+ returned: always type: int sample: 040400 From b5c579b11be770b928ed423fb5d703c65932a723 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Wed, 10 Mar 2021 13:05:20 -0300 Subject: [PATCH 08/12] Add DOCUMENTATION attribute to ipaclient/ipaclient_get_facts.py. --- roles/ipaclient/library/ipaclient_get_facts.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/ipaclient/library/ipaclient_get_facts.py b/roles/ipaclient/library/ipaclient_get_facts.py index 003715ef..b7e270fc 100644 --- a/roles/ipaclient/library/ipaclient_get_facts.py +++ b/roles/ipaclient/library/ipaclient_get_facts.py @@ -1,6 +1,15 @@ #!/usr/bin/python # -*- coding: utf-8 -*- +DOCUMENTATION = """ +--- +module: ipaclient_get_facts +short description: Get facts about IPA client and server configuration. +description: Get facts about IPA client and server configuration. +author: + - Thomas Woerner +""" + import os import re import six From 6d37806a85a380416222a0ab6863490a5a6e0643 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Fri, 27 Nov 2020 08:52:12 -0300 Subject: [PATCH 09/12] Tests: Change inline certificates to file lookups in ipaservice tests. Tests for service certificates were still using pre-generated certificate files. This patch uses the same approach as other tests, it generates a certficate, when needed, and use file lookup. --- tests/service/certificate/cert1.der | Bin 771 -> 0 bytes tests/service/certificate/cert1.pem | 19 ------ tests/service/certificate/cert2.der | Bin 771 -> 0 bytes tests/service/certificate/cert2.pem | 19 ------ tests/service/certificate/private1.key | 28 -------- tests/service/certificate/private2.key | 28 -------- .../certificate/test_service_certificate.yml | 63 +++++++++--------- tests/service/test_service_disable.yml | 21 +++++- 8 files changed, 50 insertions(+), 128 deletions(-) delete mode 100644 tests/service/certificate/cert1.der delete mode 100644 tests/service/certificate/cert1.pem delete mode 100644 tests/service/certificate/cert2.der delete mode 100644 tests/service/certificate/cert2.pem delete mode 100644 tests/service/certificate/private1.key delete mode 100644 tests/service/certificate/private2.key diff --git a/tests/service/certificate/cert1.der b/tests/service/certificate/cert1.der deleted file mode 100644 index b1b90efde6d33ab44ca7b62941eee06fdbc05da9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 771 zcmXqLV)}2;#Q1yxGZP~dlZe5^6M6Lu+crHd-@kXE>cabLgbS>BkANhkjbLS#J;867*=|%sE9*)_Al& zo^Ql|K=js!)el@liX?W4?nyhX_H%K~(U+HsgcsV>ckkm8zq0RVqTJ?-KZQ2ceo=U+ zvoK+`+p>AT6_&2L5ht@!c8T{qP4!D(ILz)2~?WT*nbB^vg zl`USb?8vx7*FK@~qqs@)&1)rMOa(f-H+Kp-yZ-RwnUocC%sxueHTUUmtt|(6)=zoNh`BR7>G4sSHKTaAk4`4pM}+c8Au@qJ1{PR!OqCAAY8ZZ znsb5NxuUDHN}`O#B$S+9|M~DH;MjwwJJ%<6cBtM=yi^j@dE@KsjF3(K>*ns~;r=>% z!rM6(j!7%#?D)Zb#*@!GXs(~`7OR{4)q6JT?7GQ4b;ohnbCs(8F^}>b(?2-R^53&k z{bf!>U?x*%+oK6jQm(nl)rOTghUj1FI8-mcUstWbVP8W*yhzJFd&xU1p8XNgO8xyqL7L&Y J*3>sgvjD#_KokG~ diff --git a/tests/service/certificate/cert1.pem b/tests/service/certificate/cert1.pem deleted file mode 100644 index ab3704bb..00000000 --- a/tests/service/certificate/cert1.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQEL -BQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQx -MDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk -+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa -8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0am -nvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cj -QQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidS -X0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYuku -H/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAP -BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0 -WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqic -uPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkG -wIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyE -iaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj -9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV -7MVq ------END CERTIFICATE----- diff --git a/tests/service/certificate/cert2.der b/tests/service/certificate/cert2.der deleted file mode 100644 index e176c2ba50270b331c457e784dea5f5f6a09e53a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 771 zcmXqLV)}2;#Q1yxGZP~dlZcyC&Wnw@6$cKLNIea6o%isBP`jG}FB_*;n@8JsUPeZ4 zRt5upLtX=JHs(+kW*(N3)Z!8YIdNVi0|O%i6GIadBNKxtab9B(*AU9Z)X>DJgls4y zD+6;ABR>Ps9b8OJjEoFBqUW_=jJhSTa4EOQWbfoxa~FKQcEYD`_q<~n8PigZY;C@0 z^Yen-9Hq{g3ECU_S(@i^)hWu*uG3#2i{a%C2_f_e0 zyK4BiJUAmzmAk*vazc>ogUvRL-$WHU|K=*c-1y;<-aEPXkE3NZE^H}%o_3N3RUs+DfoW1jW_p2Mh88hbd$GQHV z%_^VyyXyR_!ndA@>sbv2Lpx$#iLkbFGBGnUFfI-@2sDrdhO;amix`W@+bt^UPu(VT zKdy|FJn(kPg=wzwt_JcTX=N4(1F;6|3iv?^gc%wCv#=U411aQS2gW5Z*clnZ?tKY- z&d7Z3c6Zoz0ltpsR}0D>JYF@wVVA|6&38f#%bNw550&j%Tw$Lg-rB2?bZni-iooaM z=Q2!Xv{T+q;C4M9xp7r)QKM^s?5;PT0^*eP6c-$~e(~Vs-*`9EzO(=Je;&K=J1%B& zsO{SP)iJMbuK)PX;``>ycBk^>=11i2{#>eLdSfClZ=Rxt@=Euw`tMR=IPK@$Qsyjm z`d(kgCw8zgUo_U|=em}CJf}}h{G;t;Ho2rhTI#4%E5rZ&SGbSn1RQD!brx`U{_yGZ zoVvmfMbDV;pL#BTCw7OHpsJR3?D^;AUt^o+H!;n=`tQ>U0ZF%#8=v!+d|CN-W%8W) JIzc "cert{{ item }}.b64" + with_items: [1, 2] + become: no + delegate_to: localhost + - name: Get Domain from server name set_fact: ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" @@ -78,7 +66,7 @@ ipaadmin_password: SomeADMINpassword name: "HTTP/{{ test_host }}" certificate: - - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq + - "{{ lookup('file', 'cert1.b64') }}" pac_type: - MS-PAC - PAD @@ -95,7 +83,7 @@ ipaadmin_password: SomeADMINpassword name: "HTTP/{{ test_host }}" certificate: - - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq + - "{{ lookup('file', 'cert1.b64') }}" pac_type: - MS_PAC - PAD @@ -120,7 +108,7 @@ ipaadmin_password: SomeADMINpassword name: "HTTP/{{ test_host }}" certificate: - - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq + - "{{ lookup('file', 'cert1.b64') }}" action: member state: present register: result @@ -131,7 +119,7 @@ ipaadmin_password: SomeADMINpassword name: "HTTP/{{ test_host }}" certificate: - - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq + - "{{ lookup('file', 'cert1.b64') }}" action: member state: present register: result @@ -142,8 +130,8 @@ ipaadmin_password: SomeADMINpassword name: "HTTP/{{ test_host }}" certificate: - - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq - - MIIC/zCCAeegAwIBAgIURhps6LEteMDCdBrlVkWe4cgSh0YwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQyNDBaFw0zMDAyMDExNDQyNDBaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4W56H0VraEKGlCxSTS2PqnaD11shMjruexmholmTEtYPePPnQHpwiiZlgK7CPBIOdCn4hHH+hXQDg/TJRMjrde1VzD0pFRBUq6H25sy8oOlfD0bDXkncWn82SOJu2UJHeL7htQLRxW14VIAO2YO9zaXdophy6/csTAkFq1ls/vTBp73pnnYp8D7TgzBB6bb95OZBSHeCzPIH2FSCJ/W0j6bHw4i7uHu/jWx0o0LR152fSFFwk0Wrmp8HHb2083OlnSBgTM+BZDg9rB7jpLCsIGHWXbjG36jmRaZu5z4vq2FNomJ8PXkX7mwUfaft6z+px7UlhrwUxEVWIXOoUBYcJAgMBAAGjUzBRMB0GA1UdDgQWBBTttCQn5UaQi+N5WRnA7ZTQlkVfRTAfBgNVHSMEGDAWgBTttCQn5UaQi+N5WRnA7ZTQlkVfRTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBW3vRR5wEDztuLVrcQDojn1XB24OOqn4C6OJyz3FUxd4MQA8J2vKN4P2QXhY0oYsauFKhR5xfOaDUcK2TukAtFz1mxqm1ygUVQHbrs8lBeIi4hoMc76ODJ/V9GNY7N/y/5xtD7XlyTVT2tb6tc6tmv8e4497PTPspuHp9YbbvzdSI12JENDW4hKCOpR/Uv7mRcCT+c2iMJdUL3f3YOFsGBbxVdTPmuhL4My8qR/CtCNpN0gBsaxUKFAP+/1AvFbFDChFVDEEdD8PLznH5x8HLmA9/K5x/cXbgqESUqK13P53f1XYOfggKb1f7yqBAZRnTY82+k9Kn9qWOcnyxSuUtZ + - "{{ lookup('file', 'cert1.b64') }}" + - "{{ lookup('file', 'cert2.b64') }}" action: member state: present register: result @@ -154,7 +142,7 @@ ipaadmin_password: SomeADMINpassword name: "HTTP/{{ test_host }}" certificate: - - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq + - "{{ lookup('file', 'cert1.b64') }}" action: member state: absent register: result @@ -165,7 +153,7 @@ ipaadmin_password: SomeADMINpassword name: "HTTP/{{ test_host }}" certificate: - - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq + - "{{ lookup('file', 'cert1.b64') }}" action: member state: absent register: result @@ -176,8 +164,8 @@ ipaadmin_password: SomeADMINpassword name: "HTTP/{{ test_host }}" certificate: - - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq - - MIIC/zCCAeegAwIBAgIURhps6LEteMDCdBrlVkWe4cgSh0YwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQyNDBaFw0zMDAyMDExNDQyNDBaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4W56H0VraEKGlCxSTS2PqnaD11shMjruexmholmTEtYPePPnQHpwiiZlgK7CPBIOdCn4hHH+hXQDg/TJRMjrde1VzD0pFRBUq6H25sy8oOlfD0bDXkncWn82SOJu2UJHeL7htQLRxW14VIAO2YO9zaXdophy6/csTAkFq1ls/vTBp73pnnYp8D7TgzBB6bb95OZBSHeCzPIH2FSCJ/W0j6bHw4i7uHu/jWx0o0LR152fSFFwk0Wrmp8HHb2083OlnSBgTM+BZDg9rB7jpLCsIGHWXbjG36jmRaZu5z4vq2FNomJ8PXkX7mwUfaft6z+px7UlhrwUxEVWIXOoUBYcJAgMBAAGjUzBRMB0GA1UdDgQWBBTttCQn5UaQi+N5WRnA7ZTQlkVfRTAfBgNVHSMEGDAWgBTttCQn5UaQi+N5WRnA7ZTQlkVfRTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBW3vRR5wEDztuLVrcQDojn1XB24OOqn4C6OJyz3FUxd4MQA8J2vKN4P2QXhY0oYsauFKhR5xfOaDUcK2TukAtFz1mxqm1ygUVQHbrs8lBeIi4hoMc76ODJ/V9GNY7N/y/5xtD7XlyTVT2tb6tc6tmv8e4497PTPspuHp9YbbvzdSI12JENDW4hKCOpR/Uv7mRcCT+c2iMJdUL3f3YOFsGBbxVdTPmuhL4My8qR/CtCNpN0gBsaxUKFAP+/1AvFbFDChFVDEEdD8PLznH5x8HLmA9/K5x/cXbgqESUqK13P53f1XYOfggKb1f7yqBAZRnTY82+k9Kn9qWOcnyxSuUtZ + - "{{ lookup('file', 'cert1.b64') }}" + - "{{ lookup('file', 'cert2.b64') }}" action: member state: absent register: result @@ -188,7 +176,7 @@ ipaadmin_password: SomeADMINpassword name: "HTTP/{{ test_host }}" certificate: - - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq + - "{{ lookup('file', 'cert1.b64') }}" action: member state: present register: result @@ -223,3 +211,12 @@ name: "{{ test_host }}" update_dns: yes state: absent + + - name: Remove certificate files. + shell: + cmd: rm -f "private{{ item }}.key" "cert{{ item }}.pem" "cert{{ item }}.der" "cert{{ item }}.b64" + with_items: [1, 2] + become: no + delegate_to: localhost + args: + warn: no # suppres warning for not using the `file` module. diff --git a/tests/service/test_service_disable.yml b/tests/service/test_service_disable.yml index 358b7886..19bf7243 100644 --- a/tests/service/test_service_disable.yml +++ b/tests/service/test_service_disable.yml @@ -16,6 +16,16 @@ - name: Get Kerberos ticket for `admin`. shell: echo SomeADMINpassword | kinit -c ${KRB5CCNAME} admin + - name: Generate self-signed certificates. + shell: + cmd: | + openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout "private{{ item }}.key" -out "cert{{ item }}.pem" -subj '/CN=test' + openssl x509 -outform der -in "cert{{ item }}.pem" -out "cert{{ item }}.der" + base64 "cert{{ item }}.der" -w5000 > "cert{{ item }}.b64" + with_items: [1] + become: no + delegate_to: localhost + - name: Ensure service is absent ipaservice: ipaadmin_password: SomeADMINpassword @@ -27,7 +37,7 @@ ipaadmin_password: SomeADMINpassword name: "mysvc1/{{ ansible_facts['fqdn'] }}" certificate: - - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq + - "{{ lookup('file', 'cert1.b64', rstrip=False) }}" force: no register: result failed_when: not result.changed @@ -89,3 +99,12 @@ - name: Destroy Kerberos tickets. shell: kdestroy -A -q -c ${KRB5CCNAME} + + - name: Remove certificate files. + shell: + cmd: rm -f "private{{ item }}.key" "cert{{ item }}.pem" "cert{{ item }}.der" "cert{{ item }}.b64" + with_items: [1] + become: no + delegate_to: localhost + args: + warn: no # suppres warning for not using the `file` module. From 09942c3d69c20f89667441f6de83b8d8fc8e4bb2 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Wed, 17 Mar 2021 15:35:04 -0300 Subject: [PATCH 10/12] Force plugins to execute using LANGUAGE='C'. IPA translates exception messages and Ansible uses controller's language to execute plugins on target hosts, and since ansible-freeipa uses Exceptions messages to detect some errors and/or states, using any language that has a translation for the required messages may cause the plugin to misbehave. This patch modifies ansible_freeipa_module in plugin/module_utils to force the use of "C" as the language by setting the environment variable LANGUAGE. Tests were added to verify the correct behavior: tests/environment/test_locale.yml The first test will fail, if ansible_freeipa_module is not patched, with the message: host_show failed: nonexistent: host nicht gefunden This issue is not present if the language selected does not provide a translation for the eror message. This patch does not fix encoding issues that might occur in certain releases (e.g.: CentOS 8.3). Fix #516 --- .../module_utils/ansible_freeipa_module.py | 3 ++ tests/environment/test_locale.yml | 32 +++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 tests/environment/test_locale.yml diff --git a/plugins/module_utils/ansible_freeipa_module.py b/plugins/module_utils/ansible_freeipa_module.py index 16e7343f..5ac52c73 100644 --- a/plugins/module_utils/ansible_freeipa_module.py +++ b/plugins/module_utils/ansible_freeipa_module.py @@ -93,6 +93,9 @@ except ImportError: if six.PY3: unicode = str +# ansible-freeipa requires locale to be C, IPA requires utf-8. +os.environ["LANGUAGE"] = "C" + def valid_creds(module, principal): # noqa """Get valid credentials matching the princial, try GSSAPI first.""" diff --git a/tests/environment/test_locale.yml b/tests/environment/test_locale.yml new file mode 100644 index 00000000..27d03de7 --- /dev/null +++ b/tests/environment/test_locale.yml @@ -0,0 +1,32 @@ +--- +- name: Test language variations + hosts: ipaserver + + tasks: + - name: Ensure a host is not present, with language set to "de_DE". + ipahost: + ipaadmin_password: SomeADMINpassword + name: nonexistent + state: absent + environment: + LANGUAGE: "de_DE" + register: result + failed_when: result.failed or result.changed + + - name: Ensure a host is not present, with language set to "C". + ipahost: + ipaadmin_password: SomeADMINpassword + name: nonexistent + state: absent + environment: + LANGUAGE: "C" + register: result + failed_when: result.failed or result.changed + + - name: Ensure a host is not present, using controller language. + ipahost: + ipaadmin_password: SomeADMINpassword + name: nonexistent + state: absent + register: result + failed_when: result.failed or result.changed From c17e9fe24af9ba876f93d94fe0b8a8f76da2bc60 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Tue, 13 Apr 2021 19:08:14 -0300 Subject: [PATCH 11/12] Fix compare_args_ipa when passing None as parameter. There were no test for the arguments of compare_args_ipa() to check if they were `None`, and they were used in contexts where `None` would raise exceptions. A test was added to return `False` if only one of the parameters is `None`, and `True` if both are None. --- plugins/module_utils/ansible_freeipa_module.py | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/plugins/module_utils/ansible_freeipa_module.py b/plugins/module_utils/ansible_freeipa_module.py index 5ac52c73..02e02630 100644 --- a/plugins/module_utils/ansible_freeipa_module.py +++ b/plugins/module_utils/ansible_freeipa_module.py @@ -285,6 +285,23 @@ def compare_args_ipa(module, args, ipa): # noqa """ base_debug_msg = "Ansible arguments and IPA commands differed. " + # If both args and ipa are None, return there's no difference. + # If only one is None, return there is a difference. + # This tests avoid unecessary invalid access to attributes. + if args is None and ipa is None: + return True + if args is None or ipa is None: + module.debug( + base_debug_msg + "args is%s None an ipa is%s None" % ( + "" if args is None else " not", "" if ipa is None else " not", + ) + ) + return False + + # Fail if args or ipa are not dicts. + if not (isinstance(args, dict) and isinstance(ipa, dict)): + raise TypeError("Expected 'dicts' to compare.") + for key in args.keys(): if key not in ipa: module.debug( From f4a8cf4ec7cc6782e8d5e3729941aef3229d4550 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Tue, 13 Apr 2021 19:16:39 -0300 Subject: [PATCH 12/12] Fix creation of privilege with permissions. Module was raising exceptions when trying to create a new privilege with permissions. This change fixes the behavior and ensuure idempotence with trying to create a privilege with the same values. Tests for this behavior have been appended to: tests/privilege/test_privilege.yml --- plugins/modules/ipaprivilege.py | 12 ++++++++++-- tests/privilege/test_privilege.yml | 24 ++++++++++++++++++++++++ 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/plugins/modules/ipaprivilege.py b/plugins/modules/ipaprivilege.py index 18074f58..66af01e5 100644 --- a/plugins/modules/ipaprivilege.py +++ b/plugins/modules/ipaprivilege.py @@ -234,14 +234,22 @@ def main(): if action == "privilege": # Found the privilege if res_find is not None: + res_cmp = { + k: v for k, v in res_find.items() + if k not in [ + "objectclass", "cn", "dn", + "memberof_permisssion" + ] + } # For all settings is args, check if there are # different settings in the find result. # If yes: modify - if not compare_args_ipa(ansible_module, args, - res_find): + if args and not compare_args_ipa(ansible_module, args, + res_cmp): commands.append([name, "privilege_mod", args]) else: commands.append([name, "privilege_add", args]) + res_find = {} member_args = {} if permission: diff --git a/tests/privilege/test_privilege.yml b/tests/privilege/test_privilege.yml index 2a13187d..0f6a29d7 100644 --- a/tests/privilege/test_privilege.yml +++ b/tests/privilege/test_privilege.yml @@ -140,6 +140,30 @@ register: result failed_when: result.changed or result.failed + - name: Ensure "Broad Privilege" is absent. + ipaprivilege: + ipaadmin_password: SomeADMINpassword + name: Broad Privilege + state: absent + + - name: Ensure privilege Broad Privilege is created with permission. (issue 529) + ipaprivilege: + ipaadmin_password: SomeADMINpassword + name: Broad Privilege + permission: + - "Write IPA Configuration" + register: result + failed_when: not result.changed or result.failed + + - name: Ensure privilege Broad Privilege is created with permission, again. (issue 529) + ipaprivilege: + ipaadmin_password: SomeADMINpassword + name: Broad Privilege + permission: + - "Write IPA Configuration" + register: result + failed_when: result.changed or result.failed + # CLEANUP TEST ITEMS - name: Ensure privilege testing privileges are absent