ipahost: Extension to be able handle several hosts and all settings

The ipahost management module was not able to add several hosts at once. Addtionally there have been settings missing. ansible_freeipa_module has been extended to provide two additional functions that are needed to simplify the extension of the ipahost module: gen_add_del_lists(user_list, res_list) encode_certificate(cert) gen_add_del_lists will generate the lists for the addition and removal of members using the provided user and ipa settings. encode_certificate will encode a certificate using base64 with also taking FreeIPA and Python versions into account. The missing settings in ipahost have been: certificate managedby_host principal create_keytab_[user,group,host,hostgroup] retrieve_keytab_[user,group,host,hostgroup] sshpubkey userclass auth_ind requires_pre_auth ok_as_delegate ok_to_auth_as_delegate The README-host.md file has been updated to provide information about the new settings and also the members. Also examples for the new things have been added. New example playbooks have been added: playbooks/host/add-host.yml playbooks/host/host-member-allow_create_keytab-absent.yml playbooks/host/host-member-allow_create_keytab-present.yml playbooks/host/host-member-allow_retrieve_keytab-absent.yml playbooks/host/host-member-allow_retrieve_keytab-present.yml playbooks/host/host-member-certificate-absent.yml playbooks/host/host-member-certificate-present.yml playbooks/host/host-member-managedby_host-absent.yml playbooks/host/host-member-managedby_host-present.yml playbooks/host/host-member-principal-absent.yml playbooks/host/host-member-principal-present.yml playbooks/host/host-present-with-allow_create_keytab.yml playbooks/host/host-present-with-allow_retrieve_keytab.yml playbooks/host/host-present-with-certificate.yml playbooks/host/host-present-with-managedby_host.yml playbooks/host/host-present-with-principal.yml playbooks/host/host-present-with-randompassword.yml playbooks/host/host-present.yml playbooks/host/hosts-member-certificate-absent.yml playbooks/host/hosts-member-certificate-present.yml playbooks/host/hosts-member-managedby_host-absent.yml playbooks/host/hosts-member-managedby_host-present.yml playbooks/host/hosts-member-principal-absent.yml playbooks/host/hosts-member-principal-present.yml playbooks/host/hosts-present-with-certificate.yml playbooks/host/hosts-present-with-managedby_host.yml playbooks/host/hosts-present-with-randompasswords.yml New tests have been added for the module: tests/host/certificate/cert1.der tests/host/certificate/cert1.pem tests/host/certificate/cert2.der tests/host/certificate/cert2.pem tests/host/certificate/cert3.der tests/host/certificate/cert3.pem tests/host/certificate/private1.key tests/host/certificate/private2.key tests/host/certificate/private3.key tests/host/certificate/test_host_certificate.yml tests/host/certificate/test_hosts_certificate.yml tests/host/test_host.yml tests/host/test_host_allow_create_keytab.yml tests/host/test_host_allow_retrieve_keytab.yml tests/host/test_host_managedby_host.yml tests/host/test_host_principal.yml tests/host/test_host_random.yml tests/host/test_hosts.yml tests/host/test_hosts_managedby_host.yml tests/host/test_hosts_principal.yml
2026-05-14 05:22:05 +00:00 · 2019-12-02 14:02:59 +01:00
parent 8da4b73b44
commit 94b1f25b37
50 changed files with 3435 additions and 146 deletions
--- a/tests/host/test_hosts_principal.yml
+++ b/tests/host/test_hosts_principal.yml
@@ -0,0 +1,179 @@
+---
+- name: Test hosts principal
+  hosts: ipaserver
+  become: true
+
+  tasks:
+  - name: Get Domain from server name
+    set_fact:
+      ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
+    when: ipaserver_domain is not defined
+
+  - name: Get Realm from server name
+    set_fact:
+      ipaserver_realm: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') | upper }}"
+    when: ipaserver_realm is not defined
+
+  - name: Set host1_fqdn .. host2_fqdn
+    set_fact:
+      host1_fqdn: "{{ 'host1.' + ipaserver_domain }}"
+      host2_fqdn: "{{ 'host2.' + ipaserver_domain }}"
+
+  - name: Host host1... and host2... absent
+    ipahost:
+      ipaadmin_password: MyPassword123
+      name:
+      - "{{ host1_fqdn }}"
+      - "{{ host2_fqdn }}"
+      update_dns: yes
+      state: absent
+
+  - name: Host hostX... present with principal host/testhostX... X=[1,2]
+    ipahost:
+      ipaadmin_password: MyPassword123
+      hosts:
+      - name: "{{ host1_fqdn }}"
+        principal:
+        - "{{ 'host/testhost1.' + ipaserver_domain + '@' + ipaserver_realm }}" 
+        force: yes
+      - name: "{{ host2_fqdn }}"
+        principal:
+        - "{{ 'host/testhost2.' + ipaserver_domain + '@' + ipaserver_realm }}" 
+        force: yes
+    register: result
+    failed_when: not result.changed
+
+  - name: Host hostX... principal 'host/hostX... present (existing already) X=[1,2]
+    ipahost:
+      ipaadmin_password: MyPassword123
+      hosts:
+      - name: "{{ host1_fqdn }}"
+        principal:
+        - "{{ 'host/host1.' + ipaserver_domain + '@' + ipaserver_realm }}"
+      - name: "{{ host2_fqdn }}"
+        principal:
+        - "{{ 'host/host2.' + ipaserver_domain + '@' + ipaserver_realm }}"
+      action: member
+    register: result
+    failed_when: result.changed
+
+  - name: Host hostX... principal host/testhostX... present again X=[1,2]
+    ipahost:
+      ipaadmin_password: MyPassword123
+      hosts:
+      - name: "{{ host1_fqdn }}"
+        principal:
+        - "{{ 'host/testhost1.' + ipaserver_domain + '@' + ipaserver_realm }}"
+      - name: "{{ host2_fqdn }}"
+        principal:
+        - "{{ 'host/testhost2.' + ipaserver_domain + '@' + ipaserver_realm }}"
+      action: member
+    register: result
+    failed_when: result.changed
+
+  - name: Host hostX.. principal host/testhostX... absent X=[1,2]
+    ipahost:
+      ipaadmin_password: MyPassword123
+      hosts:
+      - name: "{{ host1_fqdn }}"
+        principal:
+        - "{{ 'host/testhost1.' + ipaserver_domain + '@' + ipaserver_realm }}"
+      - name: "{{ host2_fqdn }}"
+        principal:
+        - "{{ 'host/testhost2.' + ipaserver_domain + '@' + ipaserver_realm }}"
+      action: member
+      state: absent
+    register: result
+    failed_when: not result.changed
+
+  - name: Host hostX... principal host/testhostX... absent again X=[1,2]
+    ipahost:
+      ipaadmin_password: MyPassword123
+      hosts:
+      - name: "{{ host1_fqdn }}"
+        principal:
+        - "{{ 'host/testhost1.' + ipaserver_domain + '@' + ipaserver_realm }}"
+      - name: "{{ host2_fqdn }}"
+        principal:
+        - "{{ 'host/testhost2.' + ipaserver_domain + '@' + ipaserver_realm }}"
+      action: member
+      state: absent
+    register: result
+    failed_when: result.changed
+
+  - name: Host hostX... principal host/testhostX... and host/myhostX... present X=[1,2]
+    ipahost:
+      ipaadmin_password: MyPassword123
+      hosts:
+      - name: "{{ host1_fqdn }}"
+        principal:
+        - "{{ 'host/testhost1.' + ipaserver_domain + '@' + ipaserver_realm }}"
+        - "{{ 'host/myhost1.' + ipaserver_domain + '@' + ipaserver_realm }}"
+      - name: "{{ host2_fqdn }}"
+        principal:
+        - "{{ 'host/testhost2.' + ipaserver_domain + '@' + ipaserver_realm }}"
+        - "{{ 'host/myhost2.' + ipaserver_domain + '@' + ipaserver_realm }}"
+      action: member
+    register: result
+    failed_when: not result.changed
+
+  - name: Host hostX... principal host/testhostX... and host/myhostX... present again X=[1,2]
+    ipahost:
+      ipaadmin_password: MyPassword123
+      hosts:
+      - name: "{{ host1_fqdn }}"
+        principal:
+        - "{{ 'host/testhost1.' + ipaserver_domain + '@' + ipaserver_realm }}"
+        - "{{ 'host/myhost1.' + ipaserver_domain + '@' + ipaserver_realm }}"
+      - name: "{{ host2_fqdn }}"
+        principal:
+        - "{{ 'host/testhost2.' + ipaserver_domain + '@' + ipaserver_realm }}"
+        - "{{ 'host/myhost2.' + ipaserver_domain + '@' + ipaserver_realm }}"
+      action: member
+    register: result
+    failed_when: result.changed
+
+  - name: Host hostX... principal host/testhostX... and host/myhostX... absent X=[1,2]
+    ipahost:
+      ipaadmin_password: MyPassword123
+      hosts:
+      - name: "{{ host1_fqdn }}"
+        principal:
+        - "{{ 'host/testhost1.' + ipaserver_domain + '@' + ipaserver_realm }}"
+        - "{{ 'host/myhost1.' + ipaserver_domain + '@' + ipaserver_realm }}"
+      hosts:
+      - name: "{{ host2_fqdn }}"
+        principal:
+        - "{{ 'host/testhost2.' + ipaserver_domain + '@' + ipaserver_realm }}"
+        - "{{ 'host/myhost2.' + ipaserver_domain + '@' + ipaserver_realm }}"
+      action: member
+      state: absent
+    register: result
+    failed_when: not result.changed
+
+  - name: Host hostX... principal host/testhostX... and host/myhostX... absent again X=[1,2]
+    ipahost:
+      ipaadmin_password: MyPassword123
+      hosts:
+      - name: "{{ host1_fqdn }}"
+        principal:
+        - "{{ 'host/testhost1.' + ipaserver_domain + '@' + ipaserver_realm }}"
+        - "{{ 'host/myhost1.' + ipaserver_domain + '@' + ipaserver_realm }}"
+      hosts:
+      - name: "{{ host2_fqdn }}"
+        principal:
+        - "{{ 'host/testhost2.' + ipaserver_domain + '@' + ipaserver_realm }}"
+        - "{{ 'host/myhost2.' + ipaserver_domain + '@' + ipaserver_realm }}"
+      action: member
+      state: absent
+    register: result
+    failed_when: result.changed
+
+  - name: Hosts host1... and host2... absent
+    ipahost:
+      ipaadmin_password: MyPassword123
+      name:
+      - "{{ host1_fqdn }}"
+      - "{{ host2_fqdn }}"
+      update_dns: yes
+      state: absent