Current version of ansible-list pre-commit hook required changes in the
ansible-freeipa yamllint configuration and these changes triggered
issues in the current playbooks on roles and tests.
This patch adds the required changes to yaml lint configuration and
fixes the affected playbooks.
Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
The generated certificates have been X.509 v1. This is not supported any
more. Only X.509 v3 is supported.
A new certificates/extensions.conf file has been added to make v3
certificates.
The existing certificates/pkinit/extensions.conf has been renamed to
certificates/pkinit-extensions.conf with additional changes. For example
"[kdc_cert]" had to be removed for v3.
The extensions config files are using environment variables, which are
set by the generate-certificates.sh script before calling openssl.
The script generate-certificates.sh has been reworked for a simpler
structure, also new options have been added: "ca" and "cleanup".
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.
All the replaced ansible.builtins:
assert, command, copy, debug, fail, fetch, file, import_playbook,
import_tasks, include_role, include_tasks, include_vars, package,
set_fact, shell, slurp, stat, systemd
The certificates should not be pre-generated as they will expire at some
point. Simply generate them for each test run using the domain used in the
test. Copy the certificate files each time into the test server after
removing the old ones.
