ipahost: Extension to be able handle several hosts and all settings

The ipahost management module was not able to add several hosts at once. Addtionally there have been settings missing. ansible_freeipa_module has been extended to provide two additional functions that are needed to simplify the extension of the ipahost module: gen_add_del_lists(user_list, res_list) encode_certificate(cert) gen_add_del_lists will generate the lists for the addition and removal of members using the provided user and ipa settings. encode_certificate will encode a certificate using base64 with also taking FreeIPA and Python versions into account. The missing settings in ipahost have been: certificate managedby_host principal create_keytab_[user,group,host,hostgroup] retrieve_keytab_[user,group,host,hostgroup] sshpubkey userclass auth_ind requires_pre_auth ok_as_delegate ok_to_auth_as_delegate The README-host.md file has been updated to provide information about the new settings and also the members. Also examples for the new things have been added. New example playbooks have been added: playbooks/host/add-host.yml playbooks/host/host-member-allow_create_keytab-absent.yml playbooks/host/host-member-allow_create_keytab-present.yml playbooks/host/host-member-allow_retrieve_keytab-absent.yml playbooks/host/host-member-allow_retrieve_keytab-present.yml playbooks/host/host-member-certificate-absent.yml playbooks/host/host-member-certificate-present.yml playbooks/host/host-member-managedby_host-absent.yml playbooks/host/host-member-managedby_host-present.yml playbooks/host/host-member-principal-absent.yml playbooks/host/host-member-principal-present.yml playbooks/host/host-present-with-allow_create_keytab.yml playbooks/host/host-present-with-allow_retrieve_keytab.yml playbooks/host/host-present-with-certificate.yml playbooks/host/host-present-with-managedby_host.yml playbooks/host/host-present-with-principal.yml playbooks/host/host-present-with-randompassword.yml playbooks/host/host-present.yml playbooks/host/hosts-member-certificate-absent.yml playbooks/host/hosts-member-certificate-present.yml playbooks/host/hosts-member-managedby_host-absent.yml playbooks/host/hosts-member-managedby_host-present.yml playbooks/host/hosts-member-principal-absent.yml playbooks/host/hosts-member-principal-present.yml playbooks/host/hosts-present-with-certificate.yml playbooks/host/hosts-present-with-managedby_host.yml playbooks/host/hosts-present-with-randompasswords.yml New tests have been added for the module: tests/host/certificate/cert1.der tests/host/certificate/cert1.pem tests/host/certificate/cert2.der tests/host/certificate/cert2.pem tests/host/certificate/cert3.der tests/host/certificate/cert3.pem tests/host/certificate/private1.key tests/host/certificate/private2.key tests/host/certificate/private3.key tests/host/certificate/test_host_certificate.yml tests/host/certificate/test_hosts_certificate.yml tests/host/test_host.yml tests/host/test_host_allow_create_keytab.yml tests/host/test_host_allow_retrieve_keytab.yml tests/host/test_host_managedby_host.yml tests/host/test_host_principal.yml tests/host/test_host_random.yml tests/host/test_hosts.yml tests/host/test_hosts_managedby_host.yml tests/host/test_hosts_principal.yml
2026-03-26 21:33:05 +00:00 · 2019-12-02 14:02:59 +01:00
parent 8da4b73b44
commit 94b1f25b37
50 changed files with 3435 additions and 146 deletions
--- a/tests/host/test_host.yml
+++ b/tests/host/test_host.yml
@@ -0,0 +1,218 @@
+---
+- name: Test host
+  hosts: ipaserver
+  become: true
+
+  tasks:
+  - name: Get Domain from server name
+    set_fact:
+      ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
+    when: ipaserver_domain is not defined
+
+  - name: Set host1_fqdn .. host6_fqdn
+    set_fact:
+      host1_fqdn: "{{ 'host1.' + ipaserver_domain }}"
+      host2_fqdn: "{{ 'host2.' + ipaserver_domain }}"
+      host3_fqdn: "{{ 'host3.' + ipaserver_domain }}"
+      host4_fqdn: "{{ 'host4.' + ipaserver_domain }}"
+      host5_fqdn: "{{ 'host5.' + ipaserver_domain }}"
+      host6_fqdn: "{{ 'host6.' + ipaserver_domain }}"
+
+  - name: Host absent
+    ipahost:
+      ipaadmin_password: MyPassword123
+      name:
+      - "{{ host1_fqdn }}"
+      - "{{ host2_fqdn }}"
+      - "{{ host3_fqdn }}"
+      - "{{ host4_fqdn }}"
+      - "{{ host5_fqdn }}"
+      - "{{ host6_fqdn }}"
+      update_dns: yes
+      state: absent
+
+  - name: Get IPv4 address prefix from server node
+    set_fact:
+      ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] |
+                       join('.') }}"
+
+  - name: Host "{{ host1_fqdn }}" present
+    ipahost:
+      ipaadmin_password: MyPassword123
+      name: "{{ host1_fqdn }}"
+      ip_address: "{{ ipv4_prefix + '.201' }}"
+      update_dns: yes
+      reverse: no
+    register: result
+    failed_when: not result.changed
+
+  - name: Host "{{ host1_fqdn }}" present again
+    ipahost:
+      ipaadmin_password: MyPassword123
+      name: "{{ host1_fqdn }}"
+      ip_address: "{{ ipv4_prefix + '.201' }}"
+      update_dns: yes
+      reverse: no
+    register: result
+    failed_when: result.changed
+
+  - name: Host "{{ host2_fqdn }}" present
+    ipahost:
+      ipaadmin_password: MyPassword123
+      name: "{{ host2_fqdn }}"
+      ip_address: "{{ ipv4_prefix + '.202' }}"
+      update_dns: yes
+      reverse: no
+    register: result
+    failed_when: not result.changed
+
+  - name: Host "{{ host2_fqdn }}" present again
+    ipahost:
+      ipaadmin_password: MyPassword123
+      name: "{{ host2_fqdn }}"
+      ip_address: "{{ ipv4_prefix + '.202' }}"
+      update_dns: yes
+      reverse: no
+    register: result
+    failed_when: result.changed
+
+  - name: Host "{{ host3_fqdn }}" present
+    ipahost:
+      ipaadmin_password: MyPassword123
+      name: "{{ host3_fqdn }}"
+      ip_address: "{{ ipv4_prefix + '.203' }}"
+      update_dns: yes
+      reverse: no
+    register: result
+    failed_when: not result.changed
+
+  - name: Host "{{ host3_fqdn }}" present again
+    ipahost:
+      ipaadmin_password: MyPassword123
+      name: "{{ host3_fqdn }}"
+      ip_address: "{{ ipv4_prefix + '.203' }}"
+      update_dns: yes
+      reverse: no
+    register: result
+    failed_when: result.changed
+
+  - name: Host "{{ host4_fqdn }}" present
+    ipahost:
+      ipaadmin_password: MyPassword123
+      name: "{{ host4_fqdn }}"
+      ip_address: "{{ ipv4_prefix + '.204' }}"
+      update_dns: yes
+      reverse: no
+    register: result
+    failed_when: not result.changed
+
+  - name: Host "{{ host4_fqdn }}" present again
+    ipahost:
+      ipaadmin_password: MyPassword123
+      name: "{{ host4_fqdn }}"
+      ip_address: "{{ ipv4_prefix + '.204' }}"
+      update_dns: yes
+      reverse: no
+    register: result
+    failed_when: result.changed
+
+  - name: Host "{{ host5_fqdn }}" present
+    ipahost:
+      ipaadmin_password: MyPassword123
+      name: "{{ host5_fqdn }}"
+      ip_address: "{{ ipv4_prefix + '.205' }}"
+      update_dns: yes
+      reverse: no
+    register: result
+    failed_when: not result.changed
+
+  - name: Host "{{ host5_fqdn }}" present again
+    ipahost:
+      ipaadmin_password: MyPassword123
+      name: "{{ host1_fqdn }}"
+      ip_address: "{{ ipv4_prefix + '.205' }}"
+      update_dns: yes
+      reverse: no
+    register: result
+    failed_when: result.changed
+
+  - name: Host "{{ host6_fqdn }}" present
+    ipahost:
+      ipaadmin_password: MyPassword123
+      name: "{{ host6_fqdn }}"
+      ip_address: "{{ ipv4_prefix + '.206' }}"
+      update_dns: yes
+      reverse: no
+    register: result
+    failed_when: not result.changed
+
+  - name: Host "{{ host6_fqdn }}" present again
+    ipahost:
+      ipaadmin_password: MyPassword123
+      name: "{{ host6_fqdn }}"
+      ip_address: "{{ ipv4_prefix + '.206' }}"
+      update_dns: yes
+      reverse: no
+    register: result
+    failed_when: result.changed
+
+  # disabled can only be checked with enabled hosts, all hosts above are
+  # not enabled.
+  #- name: Hosts host1..host6 disabled
+  #  ipahost:
+  #    ipaadmin_password: MyPassword123
+  #    name:
+  #    - "{{ host1_fqdn }}"
+  #    - "{{ host2_fqdn }}"
+  #    - "{{ host3_fqdn }}"
+  #    - "{{ host4_fqdn }}"
+  #    - "{{ host5_fqdn }}"
+  #    - "{{ host6_fqdn }}"
+  #    state: disabled
+  #  register: result
+  #  failed_when: not result.changed
+  #
+  #- name: Hosts host1..host6 disabled again
+  #  ipahost:
+  #    ipaadmin_password: MyPassword123
+  #    name:
+  #    - "{{ host1_fqdn }}"
+  #    - "{{ host2_fqdn }}"
+  #    - "{{ host3_fqdn }}"
+  #    - "{{ host4_fqdn }}"
+  #    - "{{ host5_fqdn }}"
+  #    - "{{ host6_fqdn }}"
+  #    state: disabled
+  #  register: result
+  #  failed_when: result.changed
+
+  - name: Hosts host1..host6 absent
+    ipahost:
+      ipaadmin_password: MyPassword123
+      name:
+      - "{{ host1_fqdn }}"
+      - "{{ host2_fqdn }}"
+      - "{{ host3_fqdn }}"
+      - "{{ host4_fqdn }}"
+      - "{{ host5_fqdn }}"
+      - "{{ host6_fqdn }}"
+      update_dns: yes
+      state: absent
+    register: result
+    failed_when: not result.changed
+
+  - name: Hosts host1..host6 absent again
+    ipahost:
+      ipaadmin_password: MyPassword123
+      name:
+      - "{{ host1_fqdn }}"
+      - "{{ host2_fqdn }}"
+      - "{{ host3_fqdn }}"
+      - "{{ host4_fqdn }}"
+      - "{{ host5_fqdn }}"
+      - "{{ host6_fqdn }}"
+      update_dns: yes
+      state: absent
+    register: result
+    failed_when: result.changed
+