From 46427d10ef41b2a4cc2eed1eab2df8c167fdc421 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Wed, 22 Jul 2020 17:10:58 -0300 Subject: [PATCH 1/4] Standardize passwords used in tests and examples. --- playbooks/service/service-host-is-absent.yml | 2 +- playbooks/service/service-host-is-present.yml | 2 +- playbooks/service/service-is-absent.yml | 2 +- playbooks/service/service-is-disabled.yml | 2 +- playbooks/service/service-is-present-with-all-attributes.yml | 2 +- playbooks/service/service-is-present-with-host-force.yml | 2 +- playbooks/service/service-is-present-without-host-object.yml | 2 +- playbooks/service/service-is-present.yml | 2 +- playbooks/service/service-member-allow_create_keytab-absent.yml | 2 +- .../service/service-member-allow_create_keytab-present.yml | 2 +- .../service/service-member-allow_retrieve_keytab-absent.yml | 2 +- .../service/service-member-allow_retrieve_keytab-present.yml | 2 +- playbooks/service/service-member-certificate-absent.yml | 2 +- playbooks/service/service-member-certificate-present.yml | 2 +- playbooks/service/service-member-principal-absent.yml | 2 +- playbooks/service/service-member-principal-present.yml | 2 +- 16 files changed, 16 insertions(+), 16 deletions(-) diff --git a/playbooks/service/service-host-is-absent.yml b/playbooks/service/service-host-is-absent.yml index 5963340f..5b3fbcbb 100644 --- a/playbooks/service/service-host-is-absent.yml +++ b/playbooks/service/service-host-is-absent.yml @@ -7,7 +7,7 @@ tasks: # Ensure management host is absent. - ipaservice: - ipaadmin_password: MyPassword123 + ipaadmin_password: SomeADMINpassword name: HTTP/www.example.com host: "{{ groups.ipaserver[0] }}" action: member diff --git a/playbooks/service/service-host-is-present.yml b/playbooks/service/service-host-is-present.yml index 2460051e..46f5bb6f 100644 --- a/playbooks/service/service-host-is-present.yml +++ b/playbooks/service/service-host-is-present.yml @@ -7,7 +7,7 @@ tasks: # Ensure management host is present. - ipaservice: - ipaadmin_password: MyPassword123 + ipaadmin_password: SomeADMINpassword name: HTTP/www.example.com host: "{{ groups.ipaserver[0] }}" action: member diff --git a/playbooks/service/service-is-absent.yml b/playbooks/service/service-is-absent.yml index fe65771e..7fd138c0 100644 --- a/playbooks/service/service-is-absent.yml +++ b/playbooks/service/service-is-absent.yml @@ -7,6 +7,6 @@ tasks: # Ensure service is absent - ipaservice: - ipaadmin_password: MyPassword123 + ipaadmin_password: SomeADMINpassword name: HTTP/www.example.com state: absent diff --git a/playbooks/service/service-is-disabled.yml b/playbooks/service/service-is-disabled.yml index 2bf01fb1..b21e1929 100644 --- a/playbooks/service/service-is-disabled.yml +++ b/playbooks/service/service-is-disabled.yml @@ -7,6 +7,6 @@ tasks: # Ensure service is disabled - ipaservice: - ipaadmin_password: MyPassword123 + ipaadmin_password: SomeADMINpassword name: HTTP/www.example.com state: disabled diff --git a/playbooks/service/service-is-present-with-all-attributes.yml b/playbooks/service/service-is-present-with-all-attributes.yml index f7e59ebc..a7494cc8 100644 --- a/playbooks/service/service-is-present-with-all-attributes.yml +++ b/playbooks/service/service-is-present-with-all-attributes.yml @@ -7,7 +7,7 @@ tasks: # Ensure service is present - ipaservice: - ipaadmin_password: MyPassword123 + ipaadmin_password: SomeADMINpassword name: HTTP/www.example.com certificate: - MIICBjCCAW8CFHnm32VcXaUDGfEGdDL/erPSijUAMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQwHhcNMjAwMTIzMDA1NjQ2WhcNMjEwMTIyMDA1NjQ2WjBCMQswCQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYrdVmsr7iT3f67DM5bb1osSEe5/c91UUMEIcFq5wrgBhzVfs8iIMDVC1yiUGTsDLJNJc4nb1tUxeR9K5fh25E6n/eWDBP75NStotjAXRU4Ahi3FNRhWFOKesds5xNqgDk5/dY8UekJv2yUblQuZzeF8b2XFrmHuCaYuFctzPfWwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBACF+5RS8Ce0HRixGPu4Xd51i+Kzblg++lx8fDJ8GW5G16/Z1AsB72Hc7etJL2PksHlue/xCq6SA9fIfHc4TBNCiWjPSP1NhHJeYyoPiSkcYsqXuxWyoyRLbnAhBVvhoiqZbUt3u3tGB0uMMA0yJvj07mP7Nea2KdBYVH8X1pM0V+ diff --git a/playbooks/service/service-is-present-with-host-force.yml b/playbooks/service/service-is-present-with-host-force.yml index 2268ea8f..a02fa7c2 100644 --- a/playbooks/service/service-is-present-with-host-force.yml +++ b/playbooks/service/service-is-present-with-host-force.yml @@ -7,7 +7,7 @@ tasks: # Ensure service is present - ipaservice: - ipaadmin_password: MyPassword123 + ipaadmin_password: SomeADMINpassword name: HTTP/ihavenodns.info force: yes # state: absent diff --git a/playbooks/service/service-is-present-without-host-object.yml b/playbooks/service/service-is-present-without-host-object.yml index ddf72b8e..2496177a 100644 --- a/playbooks/service/service-is-present-without-host-object.yml +++ b/playbooks/service/service-is-present-without-host-object.yml @@ -7,6 +7,6 @@ tasks: # Ensure service is present - ipaservice: - ipaadmin_password: MyPassword123 + ipaadmin_password: SomeADMINpassword name: HTTP/www.ansible.com skip_host_check: yes diff --git a/playbooks/service/service-is-present.yml b/playbooks/service/service-is-present.yml index 06e88343..e2c49274 100644 --- a/playbooks/service/service-is-present.yml +++ b/playbooks/service/service-is-present.yml @@ -7,5 +7,5 @@ tasks: # Ensure service is present - ipaservice: - ipaadmin_password: MyPassword123 + ipaadmin_password: SomeADMINpassword name: HTTP/www.example.com diff --git a/playbooks/service/service-member-allow_create_keytab-absent.yml b/playbooks/service/service-member-allow_create_keytab-absent.yml index d4a15ea4..5db45def 100644 --- a/playbooks/service/service-member-allow_create_keytab-absent.yml +++ b/playbooks/service/service-member-allow_create_keytab-absent.yml @@ -6,7 +6,7 @@ tasks: - name: Service HTTP/www.example.com members allow_create_keytab absent for users, groups, hosts and hostgroups ipaservice: - ipaadmin_password: MyPassword123 + ipaadmin_password: SomeADMINpassword name: HTTP/www.example.com allow_create_keytab_user: - user01 diff --git a/playbooks/service/service-member-allow_create_keytab-present.yml b/playbooks/service/service-member-allow_create_keytab-present.yml index b28b6dc2..a1f6928f 100644 --- a/playbooks/service/service-member-allow_create_keytab-present.yml +++ b/playbooks/service/service-member-allow_create_keytab-present.yml @@ -6,7 +6,7 @@ tasks: - name: Service HTTP/www.example.com members allow_create_keytab present for users, groups, hosts and hostgroups ipaservice: - ipaadmin_password: MyPassword123 + ipaadmin_password: SomeADMINpassword name: HTTP/www.example.com allow_create_keytab_user: - user01 diff --git a/playbooks/service/service-member-allow_retrieve_keytab-absent.yml b/playbooks/service/service-member-allow_retrieve_keytab-absent.yml index ceada70e..92c80a60 100644 --- a/playbooks/service/service-member-allow_retrieve_keytab-absent.yml +++ b/playbooks/service/service-member-allow_retrieve_keytab-absent.yml @@ -6,7 +6,7 @@ tasks: - name: Service HTTP/www.example.com members allow_retrieve_keytab absent for users, groups, hosts and hostgroups ipaservice: - ipaadmin_password: MyPassword123 + ipaadmin_password: SomeADMINpassword name: HTTP/www.example.com allow_retrieve_keytab_user: - user01 diff --git a/playbooks/service/service-member-allow_retrieve_keytab-present.yml b/playbooks/service/service-member-allow_retrieve_keytab-present.yml index ac98904b..b87834ad 100644 --- a/playbooks/service/service-member-allow_retrieve_keytab-present.yml +++ b/playbooks/service/service-member-allow_retrieve_keytab-present.yml @@ -6,7 +6,7 @@ tasks: - name: Service HTTP/www.example.com members allow_retrieve_keytab present for users, groups, hosts and hostgroups ipaservice: - ipaadmin_password: MyPassword123 + ipaadmin_password: SomeADMINpassword name: HTTP/www.example.com allow_retrieve_keytab_user: - user01 diff --git a/playbooks/service/service-member-certificate-absent.yml b/playbooks/service/service-member-certificate-absent.yml index 57b71e5e..bb4092b9 100644 --- a/playbooks/service/service-member-certificate-absent.yml +++ b/playbooks/service/service-member-certificate-absent.yml @@ -7,7 +7,7 @@ tasks: # Ensure service certificate is absent - ipaservice: - ipaadmin_password: MyPassword123 + ipaadmin_password: SomeADMINpassword name: HTTP/www.example.com certificate: diff --git a/playbooks/service/service-member-certificate-present.yml b/playbooks/service/service-member-certificate-present.yml index bfa01d05..025d0aa3 100644 --- a/playbooks/service/service-member-certificate-present.yml +++ b/playbooks/service/service-member-certificate-present.yml @@ -7,7 +7,7 @@ tasks: # Ensure service certificate is present - ipaservice: - ipaadmin_password: MyPassword123 + ipaadmin_password: SomeADMINpassword name: HTTP/www.example.com certificate: - MIICBjCCAW8CFHnm32VcXaUDGfEGdDL/erPSijUAMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQwHhcNMjAwMTIzMDA1NjQ2WhcNMjEwMTIyMDA1NjQ2WjBCMQswCQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYrdVmsr7iT3f67DM5bb1osSEe5/c91UUMEIcFq5wrgBhzVfs8iIMDVC1yiUGTsDLJNJc4nb1tUxeR9K5fh25E6n/eWDBP75NStotjAXRU4Ahi3FNRhWFOKesds5xNqgDk5/dY8UekJv2yUblQuZzeF8b2XFrmHuCaYuFctzPfWwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBACF+5RS8Ce0HRixGPu4Xd51i+Kzblg++lx8fDJ8GW5G16/Z1AsB72Hc7etJL2PksHlue/xCq6SA9fIfHc4TBNCiWjPSP1NhHJeYyoPiSkcYsqXuxWyoyRLbnAhBVvhoiqZbUt3u3tGB0uMMA0yJvj07mP7Nea2KdBYVH8X1pM0V+ diff --git a/playbooks/service/service-member-principal-absent.yml b/playbooks/service/service-member-principal-absent.yml index 6bfb168c..df6a9a83 100644 --- a/playbooks/service/service-member-principal-absent.yml +++ b/playbooks/service/service-member-principal-absent.yml @@ -6,7 +6,7 @@ tasks: - name: Service HTTP/www.exmaple.com member principals host/test.exmaple.com absent ipaservice: - ipaadmin_password: MyPassword123 + ipaadmin_password: SomeADMINpassword name: HTTP/www.example.com principal: - host/test.exmaple.com diff --git a/playbooks/service/service-member-principal-present.yml b/playbooks/service/service-member-principal-present.yml index aa94f32e..e55902b2 100644 --- a/playbooks/service/service-member-principal-present.yml +++ b/playbooks/service/service-member-principal-present.yml @@ -6,7 +6,7 @@ tasks: - name: Service HTTP/www.exmaple.com member principals host/test.exmaple.com present ipaservice: - ipaadmin_password: MyPassword123 + ipaadmin_password: SomeADMINpassword name: HTTP/www.example.com principal: - host/test.exmaple.com From 19058f1320d9092076ee987aee88ce5241454666 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Wed, 22 Jul 2020 17:11:28 -0300 Subject: [PATCH 2/4] Add an ip address required for SMB service test. --- tests/service/test_service.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/service/test_service.yml b/tests/service/test_service.yml index 78e353f5..1c81b4b0 100644 --- a/tests/service/test_service.yml +++ b/tests/service/test_service.yml @@ -52,7 +52,6 @@ hosts: - name: "{{ host1_fqdn }}" ip_address: "{{ ipv4_prefix + '.101' }}" - force: yes - name: "{{ host2_fqdn }}" ip_address: "{{ ipv4_prefix + '.102' }}" force: yes From 8852fa6ece3c86602a41c734bbd0d96f391ddfc2 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Wed, 22 Jul 2020 17:20:11 -0300 Subject: [PATCH 3/4] Add test to verify service disable idempotency. --- tests/service/test_service_disable.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/service/test_service_disable.yml b/tests/service/test_service_disable.yml index e8f281b1..e96b9202 100644 --- a/tests/service/test_service_disable.yml +++ b/tests/service/test_service_disable.yml @@ -74,6 +74,14 @@ register: result failed_when: result.failed or result.stdout | regex_search(" Keytab. true") + - name: Ensure service is disabled, with no keytab. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "mysvc1/{{ ansible_fqdn }}" + state: disabled + register: result + failed_when: result.changed + - name: Ensure service is absent ipaservice: ipaadmin_password: SomeADMINpassword From 70e3e1a544fd812ef992aece0c86bf562c177ced Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 30 Jul 2020 15:49:31 -0300 Subject: [PATCH 4/4] Remove usage of external host name. The name "www.ansible.com" was used as a host, but this required that DNS forwarding is enabled and configured to test serivces for hosts that have an IP address but are not host objects in IPA. This change set a a host name that lies in the testing domain, and has an IP address defined, buth is not added as a host object, so the forwarding DNS configuration is not needed for this test. --- tests/service/test_service.yml | 42 ++++++++++++++++++++++++++-------- 1 file changed, 33 insertions(+), 9 deletions(-) diff --git a/tests/service/test_service.yml b/tests/service/test_service.yml index 1c81b4b0..26f509ef 100644 --- a/tests/service/test_service.yml +++ b/tests/service/test_service.yml @@ -4,7 +4,7 @@ # To test against earlier versions, use test_without_skip_host_check.yml. # # This test define 6 hosts: -# - www.ansible.com: a host with a DNS setup (external), not present in IPA +# - nohost_fqdn: a host with a DNS setup, not enrolled as a host in IPA. # - no.idontexist.info: a host without DNS and not present in IPA. # - svc.ihavenodns.inf: a host without DNS, but present in IPA. # - svc_fqdn: a host with DNS and present in IPA. @@ -27,12 +27,21 @@ host1_fqdn: "{{ 'host1.' + ipaserver_domain }}" host2_fqdn: "{{ 'host2.' + ipaserver_domain }}" svc_fqdn: "{{ 'svc.' + ipaserver_domain }}" + nohost_fqdn: "{{ 'nohost.' + ipaserver_domain }}" + + - name: Remove IP address for "nohost" host. + ipadnsrecord: + ipaadmin_password: SomeADMINpassword + zone_name: "{{ ipaserver_domain }}" + name: nohost + del_all: yes + state: absent - name: Host absent ipahost: ipaadmin_password: SomeADMINpassword name: - - www.ansible.com + - "{{ nohost_fqdn }}" - no.idontexist.info - svc.ihavenodns.info - "{{ host1_fqdn }}" @@ -46,6 +55,13 @@ ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] | join('.') }}" + - name: Add IP address for "nohost" host. + ipadnsrecord: + ipaadmin_password: SomeADMINpassword + zone_name: "{{ ipaserver_domain }}" + name: nohost + a_ip_address: "{{ ipv4_prefix + '.100' }}" + - name: Add hosts for tests. ipahost: ipaadmin_password: SomeADMINpassword @@ -100,7 +116,7 @@ ipaadmin_password: SomeADMINpassword name: - "HTTP/{{ svc_fqdn }}" - - HTTP/www.ansible.com + - "HTTP/{{ nohost_fqdn }}" - HTTP/svc.ihavenodns.info - HTTP/no.idontexist.info state: absent @@ -161,7 +177,7 @@ - name: Ensure service is present, without host object. ipaservice: ipaadmin_password: SomeADMINpassword - name: HTTP/www.ansible.com + name: "HTTP/{{ nohost_fqdn }}" skip_host_check: yes register: result failed_when: not result.changed @@ -169,7 +185,7 @@ - name: Ensure service is present, without host object, again. ipaservice: ipaadmin_password: SomeADMINpassword - name: HTTP/www.ansible.com + name: "HTTP/{{ nohost_fqdn }}" skip_host_check: yes register: result failed_when: result.changed @@ -522,7 +538,7 @@ ipaadmin_password: SomeADMINpassword name: - "HTTP/{{ svc_fqdn }}" - - HTTP/www.ansible.com + - "HTTP/{{ nohost_fqdn }}" - HTTP/svc.ihavenodns.info - HTTP/no.idontexist.local continue: yes @@ -535,7 +551,7 @@ ipaadmin_password: SomeADMINpassword name: - "HTTP/{{ svc_fqdn }}" - - HTTP/www.ansible.com + - "HTTP/{{ nohost_fqdn }}" - HTTP/svc.ihavenodns.info - HTTP/no.idontexist.local continue: yes @@ -584,7 +600,7 @@ ipaadmin_password: SomeADMINpassword name: - "HTTP/{{ svc_fqdn }}" - - HTTP/www.ansible.com + - "HTTP/{{ nohost_fqdn }}" - HTTP/svc.ihavenodns.info - HTTP/no.idontexist.local - "cifs/{{ host1_fqdn }}" @@ -603,7 +619,7 @@ name: - "{{ host1_fqdn }}" - "{{ host2_fqdn }}" - - www.ansible.com + - "{{ nohost_fqdn }}" - svc.ihavenodns.info update_dns: no state: absent @@ -637,3 +653,11 @@ name: - hostgroup02 state: absent + + - name: Remove IP address for "nohost" host. + ipadnsrecord: + ipaadmin_password: SomeADMINpassword + zone_name: "{{ ipaserver_domain }}" + name: nohost + del_all: yes + state: absent