internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-03-26 21:33:05 +00:00
Code Issues Projects Releases Wiki Activity

tests: Improve FreeIPA facts

Browse Source 
This patch improves tests/env_freeipa_facts.yml by ensuring
ipaserver_realm is set, making AD server availability discoverable, and
allowing playbooks to run with 'gather_facts: false' by gathering
minimal facts.
This commit is contained in:
Rafael Guterres Jeffman
2025-01-29 00:27:22 -03:00
parent a9602431ce
commit 8581b79eba
1 changed files with 26 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
tests/env_freeipa_facts.yml
View File

@@ -7,6 +7,10 @@
# ipa_api_version: The installed FreeIPA API version. # ipa_api_version: The installed FreeIPA API version.
# #
--- ---
- name: Ensure minimal facts are available
ansible.builtin.setup:
gather_subset: dns
- name: Retrieving FreeIPA version. - name: Retrieving FreeIPA version.
ansible.builtin.shell: ansible.builtin.shell:
cmd: 'ipa --version | sed -n "s/VERSION: \([^,]*\).*API_VERSION: \([^,]*\).*/\1\\n\2/p"' cmd: 'ipa --version | sed -n "s/VERSION: \([^,]*\).*API_VERSION: \([^,]*\).*/\1\\n\2/p"'
@@ -15,20 +19,31 @@
- name: Verify if host is an IPA server or client. - name: Verify if host is an IPA server or client.
ansible.builtin.shell: ansible.builtin.shell:
cmd: | cmd: |
echo SomeADMINpassword | kinit -c {{ krb5ccname }} admin echo SomeADMINpassword | kinit -c {{ krb5ccname }} admin >/dev/null
RESULT=$(KRB5CCNAME={{ krb5ccname }} ipa server-show `hostname` && echo SERVER || echo CLIENT) RESULT=$(KRB5CCNAME={{ krb5ccname }} ipa server-show `hostname` >/dev/null && echo SERVER || echo CLIENT)
kdestroy -A -c {{ krb5ccname }} kdestroy -A -c {{ krb5ccname }} >/dev/null
echo $RESULT echo $RESULT
vars: vars:
krb5ccname: "__check_ipa_host_is_client_or_server__" krb5ccname: "__check_ipa_host_is_client_or_server__"
register: output register: check_client
- name: Verify if AD tests are possible
ansible.builtin.shell:
cmd: |
echo SomeADMINpassword | kinit -c {{ krb5ccname }} admin > /dev/null
RESULT=$(KRB5CCNAME={{ krb5ccname }} ipa server-find --all | grep "Enabled server roles")
kdestroy -A -c {{ krb5ccname }} > /dev/null
echo $RESULT
vars:
krb5ccname: "__check_ipa_host_is_client_or_server__"
register: check_ad_support
- name: Set FreeIPA facts. - name: Set FreeIPA facts.
ansible.builtin.set_fact: ansible.builtin.set_fact:
ipa_version: "{{ ipa_cmd_version.stdout_lines[0] }}" ipa_version: "{{ ipa_cmd_version.stdout_lines[0] }}"
ipa_api_version: "{{ ipa_cmd_version.stdout_lines[1] }}" ipa_api_version: "{{ ipa_cmd_version.stdout_lines[1] }}"
ipa_host_is_client: "{{ (output.stdout_lines[-1] == 'CLIENT') | bool }}" ipa_host_is_client: "{{ (check_client.stdout_lines[-1] == 'CLIENT') | bool }}"
trust_test_is_supported: no trust_test_is_supported: "{{ 'AD trust agent' in check_ad_support.stdout }}"
- name: Ensure ipaserver_domain is set - name: Ensure ipaserver_domain is set
when: ipaserver_domain is not defined when: ipaserver_domain is not defined
@@ -42,3 +57,8 @@
ansible.builtin.set_fact: ansible.builtin.set_fact:
ipaserver_domain: "ipa.test" ipaserver_domain: "ipa.test"
when: "'fqdn' not in ansible_facts" when: "'fqdn' not in ansible_facts"
- name: Ensure ipaserver_realm is set
ansible.builtin.set_fact:
ipaserver_realm: "{{ ipaserver_domain | upper }}"
when: ipaserver_realm is not defined