internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-03-27 05:43:05 +00:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: internet:v1.9.0
Branches Tags
internet:master internet:run_collection_playbooks internet:validate_emaildomain internet:0.4 internet:automember_verify_condition_keys internet:ipaautomember_documantation_fix internet:fix_image_build internet:t-woerner-permission-typo1 internet:fix-role-readme-title-1 internet:fix-role-readme-title internet:t-woerner-group-readme-external internet:fix_logger_info_calls
internet:v1.16.0 internet:v1.15.1 internet:v1.15.0 internet:v1.14.7 internet:v1.14.6 internet:v1.14.5 internet:v1.14.4 internet:v1.14.3 internet:v1.14.2 internet:v1.14.1 internet:v1.14.0 internet:v1.13.2 internet:v1.13.1 internet:v1.13.0 internet:v1.12.1 internet:v1.12.0 internet:v1.11.1 internet:v1.11.0 internet:v1.10.0 internet:v1.9.2 internet:v1.9.1 internet:v1.9.0 internet:v1.8.4 internet:v1.8.3 internet:v1.8.2 internet:v1.8.1 internet:v1.8.0 internet:v1.7.0 internet:v1.6.3 internet:v1.6.2 internet:v1.6.1 internet:v1.6.0 internet:v1.5.3 internet:v1.5.2 internet:v1.5.1 internet:v1.5.0 internet:v0.4.2 internet:v0.4.1 internet:v0.4.0 internet:v0.3.8 internet:v0.3.7 internet:v0.3.6 internet:v0.3.5 internet:v0.3.4 internet:v0.3.3 internet:v0.3.2 internet:v0.3.1 internet:v0.3.0 internet:v0.2.1 internet:v0.2.0 internet:v0.1.12 internet:v0.1.11 internet:v0.1.10 internet:v0.1.9 internet:v0.1.8 internet:v0.1.7 internet:v0.1.6 internet:v0.1.5 internet:v0.1.4 internet:v0.1.3 internet:v0.1.2 internet:v0.1.1 internet:v0.1.0
...
compare: internet:v1.9.2
Branches Tags
internet:master internet:run_collection_playbooks internet:validate_emaildomain internet:0.4 internet:automember_verify_condition_keys internet:ipaautomember_documantation_fix internet:fix_image_build internet:t-woerner-permission-typo1 internet:fix-role-readme-title-1 internet:fix-role-readme-title internet:t-woerner-group-readme-external internet:fix_logger_info_calls
internet:v1.16.0 internet:v1.15.1 internet:v1.15.0 internet:v1.14.7 internet:v1.14.6 internet:v1.14.5 internet:v1.14.4 internet:v1.14.3 internet:v1.14.2 internet:v1.14.1 internet:v1.14.0 internet:v1.13.2 internet:v1.13.1 internet:v1.13.0 internet:v1.12.1 internet:v1.12.0 internet:v1.11.1 internet:v1.11.0 internet:v1.10.0 internet:v1.9.2 internet:v1.9.1 internet:v1.9.0 internet:v1.8.4 internet:v1.8.3 internet:v1.8.2 internet:v1.8.1 internet:v1.8.0 internet:v1.7.0 internet:v1.6.3 internet:v1.6.2 internet:v1.6.1 internet:v1.6.0 internet:v1.5.3 internet:v1.5.2 internet:v1.5.1 internet:v1.5.0 internet:v0.4.2 internet:v0.4.1 internet:v0.4.0 internet:v0.3.8 internet:v0.3.7 internet:v0.3.6 internet:v0.3.5 internet:v0.3.4 internet:v0.3.3 internet:v0.3.2 internet:v0.3.1 internet:v0.3.0 internet:v0.2.1 internet:v0.2.0 internet:v0.1.12 internet:v0.1.11 internet:v0.1.10 internet:v0.1.9 internet:v0.1.8 internet:v0.1.7 internet:v0.1.6 internet:v0.1.5 internet:v0.1.4 internet:v0.1.3 internet:v0.1.2 internet:v0.1.1 internet:v0.1.0

87 Commits
v1.9.0 ... v1.9.2

Author SHA1 Message Date
Rafael Guterres Jeffman
0c23ae5b37 Merge pull request #1033 from t-woerner/use_ipabackup_item_again 
ipabackup: Use ipabackup_item again in copy_backup_to_server
 2023-01-31 10:29:55 -03:00
Thomas Woerner
3b4367cf89 ipabackup: Use ipabackup_item again in copy_backup_to_server 
ipabackup_item needs to be set again in copy_backup_to_server.yml. The
variable is later on used in restore.yml.
 2023-01-31 10:16:53 +01:00
Thomas Woerner
e96f92c36f Merge pull request #1031 from rjeffman/ci_increase_timeout 
upstream CI: increase Azure test timeout.
 2023-01-23 20:07:38 +01:00
Rafael Guterres Jeffman
683a894876 upstream CI: increase Azure test timeout. 
Due to DNS issues and the increase number of tests, the timeout setting
used for upstream tests was being reached. As we still have room for
running the tests using Azure infrastructure, this patch increases the
timeout to 240 minutes (4h), per worker.
 2023-01-23 14:42:43 -03:00
Rafael Guterres Jeffman
2761c7e8d9 Merge pull request #1030 from t-woerner/use_yml_extension_for_pytest_tests 
Use yml extension for pytest tests
 2023-01-19 15:48:32 -03:00
Thomas Woerner
7d3921e510 Use yml extension for pytest tests 
The pytest .yaml files have been rename to .yml to enable
build-galaxy-release to fix the prefix of the ansible-freeipa modules.
 2023-01-19 16:07:42 +01:00
Thomas Woerner
6000aac687 Merge pull request #1029 from rjeffman/automount_tests_fix_ansible_lint 
playbooks: Fix automount tasks to make ansible-lint happy
 2023-01-18 09:45:17 +01:00
Thomas Woerner
e8354932b4 Merge pull request #1028 from rjeffman/dnszone_fix_typo 
dnszone tests: Fix typo on task names.
 2023-01-18 09:44:47 +01:00
Rafael Guterres Jeffman
a3089484b1 playbooks: Fix automount tasks to make ansible-lint happy 
A few playbooks still had task name starting with lower case letters.
 2023-01-17 14:24:09 -03:00
Rafael Guterres Jeffman
1469ac6058 dnszone tests: Fix typo on task names. 2023-01-17 14:00:28 -03:00
Rafael Guterres Jeffman
308d970b6c Merge pull request #1026 from t-woerner/ansible_lint_tests 
Ansible lint tests
 2023-01-17 12:02:50 -03:00
Rafael Guterres Jeffman
7b470ceb60 Merge pull request #1022 from t-woerner/pwpolicy_bool_checks 
pwpolicy: Fix new bool checks for IPA prior to 4.9.10
 2023-01-17 11:49:23 -03:00
Rafael Guterres Jeffman
77f5d8751f Merge pull request #1027 from t-woerner/use_yml_extension_for_all_automount_example_playbooks 
playbooks/automount: All playbooks should use .yml
 2023-01-17 09:45:17 -03:00
Thomas Woerner
3292252802 playbooks/automount: All playbooks should use .yml 
The playbooks automount-map-absent.yaml and automount-map-present.yaml
have been using the wrong extention. The files have been renamed to use
.yml now.
 2023-01-17 13:34:19 +01:00
Thomas Woerner
414dc06c86 ansible-lint: All names should start with an uppercase letter 2023-01-17 12:53:02 +01:00
Thomas Woerner
d2f9fe6325 Fix jinja2 white spaces issues reported by ansible-lint 
This replaces double spaces by single spaces, fixes spaces in slices,
adds spaces before brackets and fixes bracket placing in when clauses.
 2023-01-17 12:38:51 +01:00
Thomas Woerner
d7c02d1347 Improve jinja2 spacing: Remove space between join and () 
This change removes the space between join and (): "join ()" to "join()"
 2023-01-17 11:51:38 +01:00
Thomas Woerner
cc6a80fa88 .github/workflows/lint.yml: Enable ansible-lint for the whole collection 
The whole collection is tested with this change. Before it has been
limited to the roles and plugins folder.
 2023-01-17 11:28:27 +01:00
Thomas Woerner
fe6edbabdb .ansible-lint: Deactivate experimental and name[template] tests 
The experimental tests is running several additional tests like for
example to check module arg values. It fails everytime a variable is
used to pass the value in.

Examples:
- playbooks/topology/add-topologysegments.yml:15: args[module]: value of
  suffix must be one of: domain, ca, domain+ca, got: {{ item.suffix }}
- tests/host/test_host.yml:21: args[module]: value of ipaapi_context must
  be one of: server, client, got: {{ ipa_context | default(omit) }}

The name template test is failing for every template use inside of a name.
This is forcing to have only generic names and nothing specific in the
log anymore.

These two tests have been deactivated to have less overflow in the
ansible-lint output.
 2023-01-17 11:20:10 +01:00
Rafael Guterres Jeffman
434905432d Merge pull request #1024 from rjeffman/pwpolicy_client_fix 
pwpolicy: Fix tests for 'minlength: ""'
 2023-01-16 22:44:51 -03:00
Rafael Guterres Jeffman
9f773ff5ac pwpolicy: Fix tests for 'minlength: ""' 
When clearing minimum length parameter, FreeIPA raises an error, and the
error is different when executing the playbook in server or client
context. Since the error message is evaluated in the text, both errors
must be accepted as "not a failure", since ansible-freeipa did the
correct call.

Once https://pagure.io/freeipa/issue/9297 is fixed, the test must be
updated to not accept any of these error messages.
 2023-01-16 21:33:46 -03:00
Rafael Guterres Jeffman
e95bec1803 Merge pull request #1023 from t-woerner/ansible_lint_needs_collection_source_dir 
.github/workflows/lint.yml: ansible-lint needs collection source dir
 2023-01-16 16:47:24 -03:00
Thomas Woerner
ea709ebc4d .github/workflows/lint.yml: ansible-lint needs collection source dir 
ansible-lint required to be run in a collection source directory with
correct and working galaxy.yml

As ansible-freeipa is not converted to a collection, the galaxy.yml file
can not be used to create the collection. This needs to be done with
utils/build-galaxy-release.sh. The script is fixing all the prefixes for
the roles and modules in all the yml files and also example snippets and
in the documentation.

Therefore utils/build-galaxy-release.sh is called with the "-k" option
to keep the directory that has been used to generate the collection with
the script. Afterwards ansible-lint is run in this build directory.
 2023-01-16 16:45:36 -03:00
Thomas Woerner
add89c25ee Merge pull request #1014 from rjeffman/roles_ansible_lint 
Fix ansible-test lint warnings in roles.
 2023-01-16 18:20:49 +01:00
Thomas Woerner
9108065ea7 pwpolicy: Fix new bool checks for IPA prior to 4.9.10 
With 4.9.10, the value of bools have been changed from "TRUE" and
"FALSE" to real bool values.

With IPA < 4.9.10 the new bool checks distcheck and usercheck failed
the tests for enabling the checks with a "already enabled" error.

A new version check altogether with providing the ansible module for
gen_args has been added. The values True and False are now transformed
into "TRUE" and "FALSE" for IPA < 4.9.10.

The function bool_param has been renamed to bool_or_empty_param to match
the int_or_empty_param and to have a more explaining name.
 2023-01-16 16:35:02 +01:00
Thomas Woerner
6cac891287 Merge pull request #977 from rjeffman/ci_update_ansible_2_14 
upstream ci: Update Ansible versions on Azure pipelines.
 2023-01-13 16:28:22 +01:00
Thomas Woerner
fc5fc9d9ef Merge pull request #1012 from rjeffman/pwpolicy_clean_values 
pwpolicy: Allow clearing policy values.
 2023-01-13 15:00:25 +01:00
Thomas Woerner
670740bdc0 Merge pull request #999 from rjeffman/update_tool_versions 
Update development and Github workflow tools.
 2023-01-13 14:53:49 +01:00
Rafael Guterres Jeffman
529deae407 ansible-lint: Fix file kind and ignores. 
ansible-lint must ignore Azure configuration, and handle non-test files
with the proper kind (tasks or playbook).
 2023-01-12 13:21:52 -03:00
Rafael Guterres Jeffman
a945862540 roles: Fix ansible-lint name:template warnings 
ansible-lint warns if Jinja2 templates are not used as the last item in
a task name.
 2023-01-12 13:13:31 -03:00
Rafael Guterres Jeffman
8240d9beb6 roles: Fix ansible-lint warning on var-naming. 
ansible-lint warns if set_fact sets a variable where the name is used
or can be as a parameter for the role.
 2023-01-12 12:49:41 -03:00
Rafael Guterres Jeffman
6da6110432 Fix issues raised by Flake8 version 5.0.3 2023-01-12 12:34:28 -03:00
Rafael Guterres Jeffman
1d8deb8e2d Fix issues raised by Pylint version 2.14.4. 2023-01-12 12:34:28 -03:00
Rafael Guterres Jeffman
b3856a1e2c Update Github workflow linter and check tools. 
Update Github workflow tools to match the versions on Fedora 37.
 2023-01-12 12:34:28 -03:00
Rafael Guterres Jeffman
410682a01d pwpolicy: Allow clearing policy values. 
All values for pwpolicy can be cleared with an empty string in IPA CLI,
and this behavior was missing in ansible-freeipa.

As of today, there is an issue in FreeIPA that does not allow clearing
'minlength' policy. The is is tracked by the FreeIPA project through
https://pagure.io/freeipa/issue/9297

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2150334
 2023-01-12 12:18:57 -03:00
Rafael Guterres Jeffman
ee59ec2142 upstream ci: Update Ansible versions on Azure pipelines. 
As we now have ansible-core 2.14 available through 'pip', the versions
used for testing on Azure should be 2.12, 2.13 and 2.14, as Ansible
keeps upstream support for the latest version plus the two previous
ones.

This patch update the version used in tests by increasing the version
used by 1 (MINOR).
 2023-01-11 19:00:13 -03:00
Rafael Guterres Jeffman
d043a3bdd1 Update development tools. 
Update development tools to match Fedora 37 versions.
 2023-01-11 18:38:37 -03:00
Rafael Guterres Jeffman
5062ac2b09 roles: Fix when, block and always key order. 
ansible-lint warns if  'warn' key is used before block and always keys.
 2023-01-11 14:37:39 -03:00
Rafael Guterres Jeffman
292e2eb60e roles: Fix jinja2 template spacing 
This patch fixes ansible-lint warns on jinja2 template spacing in roles
 2023-01-11 14:29:40 -03:00
Rafael Guterres Jeffman
baa7cae8bf roles: Fix task names to start with uppercase letters 
ansible-lint warns if task names don't start with an uppercase letter.
 2023-01-11 14:29:33 -03:00
Rafael Guterres Jeffman
6b7633976c roles: Fix use of ansible.builtin.fail free-form message. 
ansible-lint warns to avoid using free-form when calling module actions
and ansible-freeipa roles used this form with 'ansible.builtin.fail'.
 2023-01-11 14:27:59 -03:00
Rafael Guterres Jeffman
9a32359a5d roles: Fix type of data used for for versions in meta files 
ansible-lint warns if version strings are used as numbers instead fo
strings.
 2023-01-11 14:27:59 -03:00
Rafael Guterres Jeffman
82e176af95 Merge pull request #1013 from t-woerner/unnamed-tasks 
yamllint: All tasks need to be named
 2023-01-11 12:08:29 -03:00
Thomas Woerner
2a1ecdbd83 yamllint: All tasks need to be named 
yamllint is failing for unnamed tasks. All block and include_tasks tasks
are now named.
 2023-01-11 15:27:35 +01:00
Rafael Guterres Jeffman
f8b5851610 Merge pull request #1016 from t-woerner/galaxyfy_ansible_builtin 
utils files: Support builtins with ansible.builtin. prefix
 2023-01-09 17:54:23 -03:00
Thomas Woerner
b760863847 utils/get_test_modules.py: Support ansible.builtin. prefix 
The ansible.builtin. prefix was not supported. Therefore tasks have not
been identified properly.
 2023-01-09 18:04:07 +01:00
Thomas Woerner
e3bf82d873 utils/galaxyfy.py: Support builtins with ansible.builtin. prefix 
The ansible builtins are using the ansible.builtin. prefix now, but
galaxyfy was not supporting the prefix. Therefore vars in set_fact tasks
got the collection prefix and include_role tasks have not been handled
correctly.
 2023-01-09 17:36:56 +01:00
Thomas Woerner
76ca587d76 Merge pull request #1009 from rjeffman/ci_issue_995 
upstream ci: Allow tasks to retry in case of connection failure.
 2023-01-05 14:33:29 +01:00
Rafael Guterres Jeffman
5c630d6021 Merge pull request #1003 from dkarpele/dkarpele-2144724 
Use netgroup_find instead of netgroup_show to workaround IPA bug.
 2023-01-05 09:13:43 -03:00
Denis Karpelevich
483d51b418 Use netgroup_find instead of netgroup_show to workaround IPA bug. 
Patch fixes https://bugzilla.redhat.com/show_bug.cgi?id=2144724 which
depends on https://pagure.io/freeipa/issue/9284.
Add comment why replacing `netgroup_show` with `netgroup_find`.

Signed-off-by: Denis Karpelevich <dkarpele@redhat.com>
 2023-01-04 20:30:44 +01:00
Rafael Guterres Jeffman
ba353a9b16 Merge pull request #1007 from t-woerner/FQCN_ansible_builtin 
Use FQCN for ansible.builtin
 2023-01-03 16:24:19 -03:00
Rafael Guterres Jeffman
56560855b4 upstream ci: Allow tasks to retry in case of connection failure. 
Some tasks used to setup Azure environment might fail to temporary
errors like timeouts and connection failures. Allowing the tasks to
retry a few times will allow the test to be correctly executed rather
than returning an error that is not related to the feature tested.
 2022-12-26 12:15:06 -03:00
Rafael Guterres Jeffman
a8d44e2c52 Merge pull request #1002 from t-woerner/fix_spec_file_for_loop 
ansible-freeipa.spec.in: Fix for loop with wildcard
 2022-12-23 18:53:59 -03:00
Thomas Woerner
b175c78c95 vault: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:55:19 +01:00
Thomas Woerner
198298b2d0 user: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:55:03 +01:00
Thomas Woerner
d5269c83e6 trust: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:54:42 +01:00
Thomas Woerner
9d47ffc2b9 sudo*: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:54:26 +01:00
Thomas Woerner
feadbfce95 servicedelegation*: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:54:01 +01:00
Thomas Woerner
a9257e7f44 service: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:53:43 +01:00
Thomas Woerner
d204b6d480 server: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:53:30 +01:00
Thomas Woerner
c645841444 selfservice: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:52:52 +01:00
Thomas Woerner
f2a0edeb25 role: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:52:36 +01:00
Thomas Woerner
45baf5c108 pwpolicy: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:52:21 +01:00
Thomas Woerner
deec31c3ab privilege: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:52:05 +01:00
Thomas Woerner
fea480b348 permission: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:51:51 +01:00
Thomas Woerner
defd1e4e92 netgroup: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:51:21 +01:00
Thomas Woerner
adc262bcb0 location: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:50:58 +01:00
Thomas Woerner
72b4b89116 idrange: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:50:46 +01:00
Thomas Woerner
473ed03e26 host*: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:50:23 +01:00
Thomas Woerner
d546b4614d hbac*: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:49:50 +01:00
Thomas Woerner
872537f4de group: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:49:18 +01:00
Thomas Woerner
d6658347c9 tests/external-signed-ca-*: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:48:37 +01:00
Thomas Woerner
062b53a676 tests/env_freeipa_facts.yml: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:47:21 +01:00
Thomas Woerner
470d0ddc1b dnszone: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:46:54 +01:00
Thomas Woerner
2e707a48cb dnsrecord: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:46:36 +01:00
Thomas Woerner
971d40c3a9 dnsforwardzone: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:46:10 +01:00
Thomas Woerner
7d89af48b6 dnsconfig: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:45:44 +01:00
Thomas Woerner
03ce096fbb delegation: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:45:08 +01:00
Thomas Woerner
91edff3b21 config: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:44:38 +01:00
Thomas Woerner
84c0188023 tests/ca-less: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:43:59 +01:00
Thomas Woerner
1f91730b17 automount: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:41:14 +01:00
Thomas Woerner
99c7acbe5f automember: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:40:09 +01:00
Thomas Woerner
14706cc49e ipabackup role: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:38:30 +01:00
Thomas Woerner
dde5b06b97 ipaclient role: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:37:07 +01:00
Thomas Woerner
c7e83685e3 ipareplica role: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:36:32 +01:00
Thomas Woerner
882d60515d ipaserver role: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
 2022-12-20 13:35:03 +01:00
Thomas Woerner
27cbd40182 ansible-freeipa.spec.in: Fix for loop with wildcard 
The issue within the for loops to remove python shebangs and to remove the
execution flag from python files has been solved.
 2022-12-06 10:18:08 +01:00
213 changed files with 1719 additions and 1246 deletions
Expand all files Collapse all files

7
.ansible-lint
View File

@@ -16,6 +16,11 @@ exclude_paths:
kinds:
- playbook: '**/tests/**/test_*.yml'
- playbook: '**/playbooks/**/*.yml'
- playbook: '**/tests/ca-less/install_*_without_ca.yml'
- playbook: '**/tests/ca-less/clean_up_certificates.yml'
- playbook: '**/tests/external-signed-ca-with-automatic-copy/install-server-with-external-ca-with-automatic-copy.yml'
- playbook: '**/tests/external-signed-ca-with-manual-copy/install-server-with-external-ca-with-manual-copy.yml'
- playbook: '**/tests/user/create_users_json.yml'
- tasks: '**/tasks_*.yml'
- tasks: '**/env_*.yml'
@@ -28,6 +33,8 @@ skip_list:
- '305' # Use shell only when shell functionality is required
- '306' # risky-shell-pipe
- yaml # yamllint should be executed separately.
- experimental # Do not run any experimental tests
- name[template] # Allow Jinja templating inside task names
use_default_rules: true

73
.github/workflows/docs.yml vendored
View File

@@ -4,41 +4,7 @@ on:
- push
- pull_request
jobs:
check_docs_29:
name: Check Ansible Documentation with Ansible 2.9.
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3.1.0
with:
fetch-depth: 0
- uses: actions/setup-python@v4.3.0
with:
python-version: '3.x'
- name: Install Ansible 2.9
run: |
python -m pip install "ansible < 2.10"
- name: Run ansible-doc-test
run: |
ANSIBLE_LIBRARY="." ANSIBLE_DOC_FRAGMENT_PLUGINS="." python utils/ansible-doc-test -v roles plugins
check_docs_2_11:
name: Check Ansible Documentation with ansible-core 2.11.
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3.1.0
with:
fetch-depth: 0
- uses: actions/setup-python@v4.3.0
with:
python-version: '3.x'
- name: Install Ansible 2.11
run: |
python -m pip install "ansible-core >=2.11,<2.12"
- name: Run ansible-doc-test
run: |
ANSIBLE_LIBRARY="." ANSIBLE_DOC_FRAGMENT_PLUGINS="." python utils/ansible-doc-test -v roles plugins
check_docs_2_12:
check_docs_oldest_supported:
name: Check Ansible Documentation with ansible-core 2.12.
runs-on: ubuntu-latest
steps:
@@ -53,10 +19,43 @@ jobs:
python -m pip install "ansible-core >=2.12,<2.13"
- name: Run ansible-doc-test
run: |
python -m pip install "ansible-core >=2.12,<2.13"
ANSIBLE_LIBRARY="." ANSIBLE_DOC_FRAGMENT_PLUGINS="." python utils/ansible-doc-test -v roles plugins
check_docs_latest:
check_docs_previous:
name: Check Ansible Documentation with ansible-core 2.13.
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3.1.0
with:
fetch-depth: 0
- uses: actions/setup-python@v4.3.0
with:
python-version: '3.x'
- name: Install Ansible 2.13
run: |
python -m pip install "ansible-core >=2.13,<2.14"
- name: Run ansible-doc-test
run: |
ANSIBLE_LIBRARY="." ANSIBLE_DOC_FRAGMENT_PLUGINS="." python utils/ansible-doc-test -v roles plugins
check_docs_current:
name: Check Ansible Documentation with ansible-core 2.14.
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3.1.0
with:
fetch-depth: 0
- uses: actions/setup-python@v4.3.0
with:
python-version: '3.x'
- name: Install Ansible 2.14
run: |
python -m pip install "ansible-core >=2.14,<2.15"
- name: Run ansible-doc-test
run: |
ANSIBLE_LIBRARY="." ANSIBLE_DOC_FRAGMENT_PLUGINS="." python utils/ansible-doc-test -v roles plugins
check_docs_ansible_latest:
name: Check Ansible Documentation with latest Ansible version.
runs-on: ubuntu-latest
steps:

16
.github/workflows/lint.yml vendored
View File

@@ -16,12 +16,10 @@ jobs:
python-version: "3.x"
- name: Run ansible-lint
run: |
pip install ansible-core==2.11.6 ansible-lint
find playbooks roles tests -name '*.yml' ! -name "env_*" ! -name "tasks_*" -exec ansible-lint --force-color {} \+
env:
ANSIBLE_MODULE_UTILS: plugins/module_utils
ANSIBLE_LIBRARY: plugins/modules
ANSIBLE_DOC_FRAGMENT_PLUGINS: plugins/doc_fragments
pip install "ansible-core >=2.14,<2.15" ansible-lint
utils/build-galaxy-release.sh -ki
cd .galaxy-build
ansible-lint
yamllint:
name: Verify yamllint
@@ -34,7 +32,7 @@ jobs:
with:
python-version: "3.x"
- name: Run yaml-lint
uses: ibiqlik/action-yamllint@v1
uses: ibiqlik/action-yamllint@v3.1.1
pydocstyle:
name: Verify pydocstyle
@@ -63,7 +61,7 @@ jobs:
python-version: "3.x"
- name: Run flake8
run: |
pip install flake8
pip install flake8 flake8-bugbear
flake8
pylint:
@@ -78,7 +76,7 @@ jobs:
python-version: "3.x"
- name: Run pylint
run: |
pip install pylint==2.13.7 wrapt==1.14.0
pip install pylint==2.14.4 wrapt==1.14.0
pylint plugins roles --disable=import-error
shellcheck:

10
.pre-commit-config.yaml
View File

@@ -1,7 +1,7 @@
---
repos:
- repo: https://github.com/ansible/ansible-lint.git
rev: v5.3.2
rev: v6.6.1
hooks:
- id: ansible-lint
always_run: false
@@ -11,20 +11,20 @@ repos:
entry: |
env ANSIBLE_LIBRARY=./plugins/modules ANSIBLE_MODULE_UTILS=./plugins/module_utils ANSIBLE_DOC_FRAGMENT_PLUGINS=./plugins/doc_fragments ansible-lint
- repo: https://github.com/adrienverge/yamllint.git
rev: v1.26.1
rev: v1.28.0
hooks:
- id: yamllint
files: \.(yaml|yml)$
- repo: https://github.com/pycqa/flake8
rev: 3.9.2
rev: 5.0.3
hooks:
- id: flake8
- repo: https://github.com/pycqa/pydocstyle
rev: 6.1.1
rev: 6.0.0
hooks:
- id: pydocstyle
- repo: https://github.com/pycqa/pylint
rev: v2.12.2
rev: v2.14.4
hooks:
- id: pylint
args:

2
playbooks/automount/automount-map-absent.yaml → playbooks/automount/automount-map-absent.yml
View File

@@ -4,7 +4,7 @@
become: no
tasks:
- name: ensure map TestMap is absent
- name: Ensure map TestMap is absent
ipaautomountmap:
ipaadmin_password: SomeADMINpassword
name: TestMap

2
playbooks/automount/automount-map-present.yaml → playbooks/automount/automount-map-present.yml
View File

@@ -4,7 +4,7 @@
become: no
tasks:
- name: ensure map TestMap is present
- name: Ensure map TestMap is present
ipaautomountmap:
ipaadmin_password: SomeADMINpassword
name: TestMap

2
playbooks/config/retrieve-config.yml
View File

@@ -11,5 +11,5 @@
register: serverconfig
- name: Display current configuration.
debug:
ansible.builtin.debug:
msg: "{{ serverconfig }}"

2
playbooks/config/set-ca-renewal-master-server.yml
View File

@@ -5,7 +5,7 @@
gather_facts: no
tasks:
- name: set ca_renewal_master_server
- name: Set ca_renewal_master_server
ipaconfig:
ipaadmin_password: SomeADMINpassword
ca_renewal_master_server: carenewal.example.com

2
playbooks/dnszone/dnszone-all-params.yml
View File

@@ -1,5 +1,5 @@
---
- name: dnszone present
- name: All dnszone parameters
hosts: ipaserver
become: true

2
playbooks/dnszone/dnszone-present.yml
View File

@@ -1,5 +1,5 @@
---
- name: dnszone present
- name: Dnszone present
hosts: ipaserver
become: true

2
playbooks/dnszone/dnszone-reverse-from-ip.yml
View File

@@ -11,5 +11,5 @@
register: result
- name: Zone name inferred from `name_from_ip`
debug:
ansible.builtin.debug:
msg: "Zone created: {{ result.dnszone.name }}"

2
playbooks/host/ensure_host_with_randompassword.yml
View File

@@ -14,5 +14,5 @@
register: ipahost
- name: Print generated random password
debug:
ansible.builtin.debug:
var: ipahost.host.randompassword

2
playbooks/host/host-present-with-randompassword.yml
View File

@@ -13,5 +13,5 @@
register: ipahost
- name: Print generated random password
debug:
ansible.builtin.debug:
var: ipahost.host.randompassword

4
playbooks/host/hosts-present-with-randompasswords.yml
View File

@@ -17,9 +17,9 @@
register: ipahost
- name: Print generated random password for host01.example.com
debug:
ansible.builtin.debug:
var: ipahost.host["host01.example.com"].randompassword
- name: Print generated random password for host02.example.com
debug:
ansible.builtin.debug:
var: ipahost.host["host02.example.com"].randompassword

2
playbooks/trust/add-trust.yml
View File

@@ -4,7 +4,7 @@
become: true
tasks:
- name: ensure the trust is present
- name: Ensure the trust is present
ipatrust:
ipaadmin_password: SomeADMINpassword
realm: windows.local

2
playbooks/trust/del-trust.yml
View File

@@ -4,7 +4,7 @@
become: true
tasks:
- name: ensure the trust is absent
- name: Ensure the trust is absent
ipatrust:
ipaadmin_password: SomeADMINpassword
realm: windows.local

2
playbooks/user/ensure_user_with_randompassword.yml
View File

@@ -15,5 +15,5 @@
register: ipauser
- name: Print generated random password
debug:
ansible.builtin.debug:
var: ipauser.user.randompassword

4
playbooks/user/ensure_users_with_randompasswords.yml
View File

@@ -20,9 +20,9 @@
register: ipauser
- name: Print generated random password for user1
debug:
ansible.builtin.debug:
var: ipauser.user.user1.randompassword
- name: Print generated random password for user2
debug:
ansible.builtin.debug:
var: ipauser.user.user2.randompassword

2
playbooks/vault/retrive-data-asymmetric-vault.yml
View File

@@ -15,5 +15,5 @@
register: result
no_log: true
- name: Display retrieved data.
debug:
ansible.builtin.debug:
msg: "Data: {{ result.vault.data }}"

2
playbooks/vault/retrive-data-symmetric-vault.yml
View File

@@ -15,5 +15,5 @@
register: result
no_log: true
- name: Display retrieved data.
debug:
ansible.builtin.debug:
msg: "Data: {{ result.vault.data }}"

4
playbooks/vault/vault-is-present-with-password-file.yml
View File

@@ -6,7 +6,7 @@
tasks:
- name: Copy file containing password to server.
copy:
ansible.builtin.copy:
src: "{{ playbook_dir }}/password.txt"
dest: "{{ ansible_facts['env'].HOME }}/password.txt"
owner: "{{ ansible_user }}"
@@ -20,6 +20,6 @@
vault_type: symmetric
vault_password_file: "{{ ansible_facts['env'].HOME }}/password.txt"
- name: Remove file containing password from server.
file:
ansible.builtin.file:
path: "{{ ansible_facts['env'].HOME }}/password.txt"
state: absent

4
playbooks/vault/vault-is-present-with-public-key-file.yml
View File

@@ -11,7 +11,7 @@
tasks:
- name: Copy public key file to server.
copy:
ansible.builtin.copy:
src: "{{ playbook_dir }}/public.pem"
dest: "{{ ansible_facts['env'].HOME }}/public.pem"
owner: "{{ ansible_user }}"
@@ -25,6 +25,6 @@
vault_type: asymmetric
vault_public_key_file: "{{ ansible_facts['env'].HOME }}/public.pem"
- name: Remove public key file from server.
file:
ansible.builtin.file:
path: "{{ ansible_facts['env'].HOME }}/public.pem"
state: absent

4
plugins/module_utils/ansible_freeipa_module.py
View File

@@ -1125,8 +1125,8 @@ class IPAAnsibleModule(AnsibleModule):
def ipa_get_domain(self):
"""Retrieve IPA API domain."""
if not hasattr(self, "__ipa_api_domain"):
setattr(self, "__ipa_api_domain", api_get_domain())
return getattr(self, "__ipa_api_domain")
setattr(self, "__ipa_api_domain", api_get_domain()) # noqa: B010
return getattr(self, "__ipa_api_domain") # noqa: B009
@staticmethod
def ipa_get_realm():

2
plugins/modules/ipaautomountmap.py
View File

@@ -126,7 +126,7 @@ class AutomountMap(IPAAnsibleModule):
self.params_fail_used_invalid(invalid, state)
def get_args(self, mapname, desc): # pylint: disable=no-self-use
def get_args(self, mapname, desc):
# automountmapname is required for all automountmap operations.
if not mapname:
self.fail_json(msg="automountmapname cannot be None or empty.")

3
plugins/modules/ipadnszone.py
View File

@@ -280,7 +280,8 @@ class DNSZoneModule(IPAAnsibleModule):
if any(invalid_ips):
self.fail_json(msg=error_msg % invalid_ips)
def is_valid_nsec3param_rec(self, nsec3param_rec): # pylint: disable=R0201
@staticmethod
def is_valid_nsec3param_rec(nsec3param_rec):
try:
part1, part2, part3, part4 = nsec3param_rec.split(" ")
except ValueError:

27
plugins/modules/ipanetgroup.py
View File

@@ -157,18 +157,29 @@ RETURN = """
from ansible.module_utils.ansible_freeipa_module import \
IPAAnsibleModule, compare_args_ipa, gen_add_del_lists, \
gen_add_list, gen_intersection_list, ipalib_errors, ensure_fqdn
gen_add_list, gen_intersection_list, ensure_fqdn
def find_netgroup(module, name):
"""Find if a netgroup with the given name already exist."""
try:
_result = module.ipa_command("netgroup_show", name, {"all": True})
except ipalib_errors.NotFound:
# An exception is raised if netgroup name is not found.
return None
else:
return _result["result"]
_args = {
"all": True,
"cn": name,
}
# `netgroup_find` is used here instead of `netgroup_show` to workaround
# FreeIPA bug https://pagure.io/freeipa/issue/9284.
# `ipa netgroup-show hostgroup` shows hostgroup - it's a bug.
# `ipa netgroup-find hostgroup` doesn't show hostgroup - it's correct.
_result = module.ipa_command("netgroup_find", name, _args)
if len(_result["result"]) > 1:
module.fail_json(
msg="There is more than one netgroup '%s'" % name)
elif len(_result["result"]) == 1:
return _result["result"][0]
return None
def gen_args(description, nisdomain, nomembers):

119
plugins/modules/ipapwpolicy.py
View File

@@ -46,82 +46,82 @@ options:
aliases: ["cn"]
maxlife:
description: Maximum password lifetime (in days)
type: int
type: str
required: false
aliases: ["krbmaxpwdlife"]
minlife:
description: Minimum password lifetime (in hours)
type: int
type: str
required: false
aliases: ["krbminpwdlife"]
history:
description: Password history size
type: int
type: str
required: false
aliases: ["krbpwdhistorylength"]
minclasses:
description: Minimum number of character classes
type: int
type: str
required: false
aliases: ["krbpwdmindiffchars"]
minlength:
description: Minimum length of password
type: int
type: str
required: false
aliases: ["krbpwdminlength"]
priority:
description: Priority of the policy (higher number means lower priority)
type: int
type: str
required: false
aliases: ["cospriority"]
maxfail:
description: Consecutive failures before lockout
type: int
type: str
required: false
aliases: ["krbpwdmaxfailure"]
failinterval:
description: Period after which failure count will be reset (seconds)
type: int
type: str
required: false
aliases: ["krbpwdfailurecountinterval"]
lockouttime:
description: Period for which lockout is enforced (seconds)
type: int
type: str
required: false
aliases: ["krbpwdlockoutduration"]
maxrepeat:
description: >
Maximum number of same consecutive characters.
Requires IPA 4.9+
type: int
type: str
required: false
aliases: ["ipapwdmaxrepeat"]
maxsequence:
description: >
The maximum length of monotonic character sequences (abcd).
Requires IPA 4.9+
type: int
type: str
required: false
aliases: ["ipapwdmaxsequence"]
dictcheck:
description: >
Check if the password is a dictionary word.
Requires IPA 4.9+
type: bool
type: str
required: false
aliases: ["ipapwdictcheck"]
usercheck:
description: >
Check if the password contains the username.
Requires IPA 4.9+
type: bool
type: str
required: false
aliases: ["ipapwdusercheck"]
gracelimit:
description: >
Number of LDAP authentications allowed after expiration.
Requires IPA 4.10.1+
type: int
type: str
required: false
aliases: ["passwordgracelimit"]
state:
@@ -171,7 +171,8 @@ def find_pwpolicy(module, name):
return None
def gen_args(maxlife, minlife, history, minclasses, minlength, priority,
def gen_args(module,
maxlife, minlife, history, minclasses, minlength, priority,
maxfail, failinterval, lockouttime, maxrepeat, maxsequence,
dictcheck, usercheck, gracelimit):
_args = {}
@@ -198,9 +199,19 @@ def gen_args(maxlife, minlife, history, minclasses, minlength, priority,
if maxsequence is not None:
_args["ipapwdmaxrsequence"] = maxsequence
if dictcheck is not None:
_args["ipapwddictcheck"] = dictcheck
if module.ipa_check_version("<", "4.9.10"):
# Allowed values: "TRUE", "FALSE", ""
_args["ipapwddictcheck"] = "TRUE" if dictcheck is True else \
"FALSE" if dictcheck is False else dictcheck
else:
_args["ipapwddictcheck"] = dictcheck
if usercheck is not None:
_args["ipapwdusercheck"] = usercheck
if module.ipa_check_version("<", "4.9.10"):
# Allowed values: "TRUE", "FALSE", ""
_args["ipapwdusercheck"] = "TRUE" if usercheck is True else \
"FALSE" if usercheck is False else usercheck
else:
_args["ipapwdusercheck"] = usercheck
if gracelimit is not None:
_args["passwordgracelimit"] = gracelimit
@@ -242,31 +253,31 @@ def main():
default=None, required=False),
# present
maxlife=dict(type="int", aliases=["krbmaxpwdlife"], default=None),
minlife=dict(type="int", aliases=["krbminpwdlife"], default=None),
history=dict(type="int", aliases=["krbpwdhistorylength"],
maxlife=dict(type="str", aliases=["krbmaxpwdlife"], default=None),
minlife=dict(type="str", aliases=["krbminpwdlife"], default=None),
history=dict(type="str", aliases=["krbpwdhistorylength"],
default=None),
minclasses=dict(type="int", aliases=["krbpwdmindiffchars"],
minclasses=dict(type="str", aliases=["krbpwdmindiffchars"],
default=None),
minlength=dict(type="int", aliases=["krbpwdminlength"],
minlength=dict(type="str", aliases=["krbpwdminlength"],
default=None),
priority=dict(type="int", aliases=["cospriority"], default=None),
maxfail=dict(type="int", aliases=["krbpwdmaxfailure"],
priority=dict(type="str", aliases=["cospriority"], default=None),
maxfail=dict(type="str", aliases=["krbpwdmaxfailure"],
default=None),
failinterval=dict(type="int",
failinterval=dict(type="str",
aliases=["krbpwdfailurecountinterval"],
default=None),
lockouttime=dict(type="int", aliases=["krbpwdlockoutduration"],
lockouttime=dict(type="str", aliases=["krbpwdlockoutduration"],
default=None),
maxrepeat=dict(type="int", aliases=["ipapwdmaxrepeat"],
maxrepeat=dict(type="str", aliases=["ipapwdmaxrepeat"],
default=None),
maxsequence=dict(type="int", aliases=["ipapwdmaxsequence"],
maxsequence=dict(type="str", aliases=["ipapwdmaxsequence"],
default=None),
dictcheck=dict(type="bool", aliases=["ipapwdictcheck"],
dictcheck=dict(type="str", aliases=["ipapwdictcheck"],
default=None),
usercheck=dict(type="bool", aliases=["ipapwusercheck"],
usercheck=dict(type="str", aliases=["ipapwusercheck"],
default=None),
gracelimit=dict(type="int", aliases=["passwordgracelimit"],
gracelimit=dict(type="str", aliases=["passwordgracelimit"],
default=None),
# state
state=dict(type="str", default="present",
@@ -325,7 +336,48 @@ def main():
ansible_module.params_fail_used_invalid(invalid, state)
if gracelimit is not None:
# Ensure parameter values are valid and have proper type.
def int_or_empty_param(value, param):
if value is not None and value != "":
try:
value = int(value)
except ValueError:
ansible_module.fail_json(
msg="Invalid value '%s' for argument '%s'" % (value, param)
)
return value
maxlife = int_or_empty_param(maxlife, "maxlife")
minlife = int_or_empty_param(minlife, "minlife")
history = int_or_empty_param(history, "history")
minclasses = int_or_empty_param(minclasses, "minclasses")
minlength = int_or_empty_param(minlength, "minlength")
priority = int_or_empty_param(priority, "priority")
maxfail = int_or_empty_param(maxfail, "maxfail")
failinterval = int_or_empty_param(failinterval, "failinterval")
lockouttime = int_or_empty_param(lockouttime, "lockouttime")
maxrepeat = int_or_empty_param(maxrepeat, "maxrepeat")
maxsequence = int_or_empty_param(maxsequence, "maxsequence")
gracelimit = int_or_empty_param(gracelimit, "gracelimit")
def bool_or_empty_param(value, param): # pylint: disable=R1710
# As of Ansible 2.14, values True, False, Yes an No, with variable
# capitalization are accepted by Ansible.
if not value:
return value
if value in ["TRUE", "True", "true", "YES", "Yes", "yes"]:
return True
if value in ["FALSE", "False", "false", "NO", "No", "no"]:
return False
ansible_module.fail_json(
msg="Invalid value '%s' for argument '%s'." % (value, param)
)
dictcheck = bool_or_empty_param(dictcheck, "dictcheck")
usercheck = bool_or_empty_param(usercheck, "usercheck")
# Ensure gracelimit has proper limit.
if gracelimit:
if gracelimit < -1:
ansible_module.fail_json(
msg="'gracelimit' must be no less than -1")
@@ -351,7 +403,8 @@ def main():
# Create command
if state == "present":
# Generate args
args = gen_args(maxlife, minlife, history, minclasses,
args = gen_args(ansible_module,
maxlife, minlife, history, minclasses,
minlength, priority, maxfail, failinterval,
lockouttime, maxrepeat, maxsequence, dictcheck,
usercheck, gracelimit)

12
requirements-dev.txt
View File

@@ -1,10 +1,10 @@
-r requirements-tests.txt
ipdb==0.13.4
pre-commit
flake8==4.0.1
pre-commit==2.20.0
flake8==5.0.3
flake8-bugbear==22.10.27
pylint==2.13.7
wrapt >= 1.14.0
pylint==2.14.4
wrapt == 1.14.0
pydocstyle==6.0.0
yamllint==1.26.3
ansible-lint==5.3.2
yamllint==1.28.0
ansible-lint==6.6.1

7
requirements-tests.txt
View File

@@ -1,7 +1,8 @@
-r requirements.txt
pytest>=2.7
pytest-sourceorder>=0.5
pytest==7.1.3
pytest-sourceorder==0.6.0
pytest-split>=0.8.0
pytest-custom_exit_code>=0.3.0
pytest-testinfra>=5.0
pytest-testinfra==6.8.0
pytest-randomly==3.12.0
pyyaml>=3

6
roles/ipabackup/meta/main.yml
View File

@@ -6,15 +6,15 @@ galaxy_info:
description: A role to backup and restore an IPA server
company: Red Hat, Inc
license: GPLv3
min_ansible_version: 2.8
min_ansible_version: "2.8"
platforms:
- name: Fedora
versions:
- all
- name: EL
versions:
- 7
- 8
- "7"
- "8"
galaxy_tags:
- identity
- ipa

21
roles/ipabackup/tasks/backup.yml
View File

@@ -2,20 +2,22 @@
# tasks file for ipabackup
- name: Create backup
shell: >
ansible.builtin.shell: >
ipa-backup
{{ "--gpg" if ipabackup_gpg | bool else "" }}
{{ "--gpg-keyring="+ipabackup_gpg_keyring if ipabackup_gpg_keyring is defined else "" }}
{{ "--gpg-keyring=" + ipabackup_gpg_keyring if ipabackup_gpg_keyring is defined else "" }}
{{ "--data" if ipabackup_data | bool else "" }}
{{ "--logs" if ipabackup_logs | bool else "" }}
{{ "--online" if ipabackup_online | bool else "" }}
{{ "--disable-role-check" if ipabackup_disable_role_check | bool else "" }}
{{ "--log-file="+ipabackup_log_file if ipabackup_log_file is defined else "" }}
{{ "--log-file=" + ipabackup_log_file if ipabackup_log_file is defined else "" }}
register: result_ipabackup
- block:
- name: Handle backup
when: ipabackup_to_controller
block:
- name: Get ipabackup_item from stderr or stdout output
set_fact:
ansible.builtin.set_fact:
ipabackup_item: "{{ item | regex_search('\n.*/([^\n]+)','\\1') | first }}"
when: item.find("Backed up to "+ipabackup_dir+"/") > 0
with_items:
@@ -25,15 +27,14 @@
label: ""
- name: Fail on missing ipabackup_item
fail: msg="Failed to get ipabackup_item"
ansible.builtin.fail:
msg: "Failed to get ipabackup_item"
when: ipabackup_item is not defined
- name: Copy backup to controller
include_tasks: "{{ role_path }}/tasks/copy_backup_from_server.yml"
ansible.builtin.include_tasks: "{{ role_path }}/tasks/copy_backup_from_server.yml"
when: state|default("present") == "present"
- name: Remove backup on server
include_tasks: "{{ role_path }}/tasks/remove_backup_from_server.yml"
ansible.builtin.include_tasks: "{{ role_path }}/tasks/remove_backup_from_server.yml"
when: not ipabackup_keep_on_server
when: ipabackup_to_controller

24
roles/ipabackup/tasks/copy_backup_from_server.yml
View File

@@ -1,45 +1,47 @@
---
- name: Fail on invalid ipabackup_item
fail: msg="ipabackup_item {{ ipabackup_item }} is not valid"
ansible.builtin.fail:
msg: "ipabackup_item {{ ipabackup_item }} is not valid"
when: ipabackup_item is not defined or
ipabackup_item | length < 1 or
(ipabackup_item.find("ipa-full-") == -1 and
ipabackup_item.find("ipa-data-") == -1)
- name: Set controller destination directory
set_fact:
ipabackup_controller_dir:
"{{ ipabackup_controller_path | default(lookup('env','PWD')) }}/{{
ansible.builtin.set_fact:
__derived_controller_dir:
"{{ ipabackup_controller_path | default(lookup('env', 'PWD')) }}/{{
ipabackup_name_prefix | default(ansible_facts['fqdn']) }}_{{
ipabackup_item }}/"
- name: Stat backup on server
stat:
ansible.builtin.stat:
path: "{{ ipabackup_dir }}/{{ ipabackup_item }}"
register: result_backup_stat
- name: Fail on missing backup directory
fail: msg="Unable to find backup {{ ipabackup_item }}"
ansible.builtin.fail:
msg: "Unable to find backup {{ ipabackup_item }}"
when: result_backup_stat.stat.isdir is not defined
- name: Get backup files to copy for "{{ ipabackup_item }}"
shell:
ansible.builtin.shell:
find . -type f | cut -d"/" -f 2
args:
chdir: "{{ ipabackup_dir }}/{{ ipabackup_item }}"
register: result_find_backup_files
- name: Copy server backup files to controller
fetch:
ansible.builtin.fetch:
flat: yes
src: "{{ ipabackup_dir }}/{{ ipabackup_item }}/{{ item }}"
dest: "{{ ipabackup_controller_dir }}"
dest: "{{ __derived_controller_dir }}"
with_items:
- "{{ result_find_backup_files.stdout_lines }}"
- name: Fix file modes for backup on controller
file:
dest: "{{ ipabackup_controller_dir }}"
ansible.builtin.file:
dest: "{{ __derived_controller_dir }}"
mode: u=rwX,go=
recurse: yes
delegate_to: localhost

26
roles/ipabackup/tasks/copy_backup_to_server.yml
View File

@@ -1,41 +1,43 @@
---
- name: Fail on invalid ipabackup_name
fail: msg="ipabackup_name {{ ipabackup_name }} is not valid"
ansible.builtin.fail:
msg: "ipabackup_name {{ ipabackup_name }} is not valid"
when: ipabackup_name is not defined or
ipabackup_name | length < 1 or
(ipabackup_name.find("ipa-full-") == -1 and
ipabackup_name.find("ipa-data-") == -1)
- name: Set controller source directory
set_fact:
ipabackup_controller_dir:
"{{ ipabackup_controller_path | default(lookup('env','PWD')) }}"
ansible.builtin.set_fact:
__derived_controller_dir:
"{{ ipabackup_controller_path | default(lookup('env', 'PWD')) }}"
- name: Set ipabackup_item
set_fact:
ansible.builtin.set_fact:
ipabackup_item:
"{{ ipabackup_name | regex_search('.*_(ipa-.+)','\\1') | first }}"
"{{ ipabackup_name | regex_search('.*_(ipa-.+)', '\\1') | first }}"
when: "'_ipa-' in ipabackup_name"
- name: Set ipabackup_item
set_fact:
ansible.builtin.set_fact:
ipabackup_item: "{{ ipabackup_name }}"
when: "'_ipa-' not in ipabackup_name"
- name: Stat backup to copy
stat:
path: "{{ ipabackup_controller_dir }}/{{ ipabackup_name }}"
ansible.builtin.stat:
path: "{{ __derived_controller_dir }}/{{ ipabackup_name }}"
register: result_backup_stat
delegate_to: localhost
become: no
- name: Fail on missing backup to copy
fail: msg="Unable to find backup {{ ipabackup_name }}"
ansible.builtin.fail:
msg: "Unable to find backup {{ ipabackup_name }}"
when: result_backup_stat.stat.isdir is not defined
- name: Copy backup files to server for "{{ ipabackup_item }}"
copy:
src: "{{ ipabackup_controller_dir }}/{{ ipabackup_name }}/"
ansible.builtin.copy:
src: "{{ __derived_controller_dir }}/{{ ipabackup_name }}/"
dest: "{{ ipabackup_dir }}/{{ ipabackup_item }}"
owner: root
group: root

2
roles/ipabackup/tasks/get_ipabackup_dir.yml
View File

@@ -4,5 +4,5 @@
register: result_ipabackup_get_backup_dir
- name: Set IPA backup dir
set_fact:
ansible.builtin.set_fact:
ipabackup_dir: "{{ result_ipabackup_get_backup_dir.backup_dir }}"

85
roles/ipabackup/tasks/main.yml
View File

@@ -2,7 +2,8 @@
# tasks file for ipabackup
- name: Check for empty vars
fail: msg="Variable {{ item }} is empty"
ansible.builtin.fail:
msg: "Variable {{ item }} is empty"
when: "item in vars and not vars[item]"
with_items: "{{ ipabackup_empty_var_checks }}"
vars:
@@ -18,74 +19,82 @@
- ipabackup_firewalld_zone
- name: Set ipabackup_data if ipabackup_data is not set but ipabackup_online is
set_fact:
ansible.builtin.set_fact:
ipabackup_data: yes
when: ipabackup_online | bool and not ipabackup_data | bool
- name: Fail if ipabackup_from_controller and ipabackup_to_controller are set
fail: msg="ipabackup_from_controller and ipabackup_to_controller are set"
ansible.builtin.fail:
msg: "ipabackup_from_controller and ipabackup_to_controller are set"
when: ipabackup_from_controller | bool and ipabackup_to_controller | bool
- name: Fail for given ipabackup_name if state is not copied, restored or absent
fail: msg="ipabackup_name is given and state is not copied, restored or absent"
ansible.builtin.fail:
msg: "ipabackup_name is given and state is not copied, restored or absent"
when: state is not defined or
(state != "copied" and state != "restored" and state != "absent") and
ipabackup_name is defined
- name: Get ipabackup_dir from IPA installation
include_tasks: "{{ role_path }}/tasks/get_ipabackup_dir.yml"
ansible.builtin.include_tasks: "{{ role_path }}/tasks/get_ipabackup_dir.yml"
- name: Backup IPA server
include_tasks: "{{ role_path }}/tasks/backup.yml"
ansible.builtin.include_tasks: "{{ role_path }}/tasks/backup.yml"
when: state|default("present") == "present"
- name: Fail on missing ipabackup_name
fail: msg="ipabackup_name is not set"
ansible.builtin.fail:
msg: "ipabackup_name is not set"
when: (ipabackup_name is not defined or not ipabackup_name) and
state is defined and
(state == "copied" or state == "restored" or state == "absent")
- block:
- name: Get all backup names for copy to controller
when: state is defined and
((state == "copied" and ipabackup_to_controller) or
state == "absent") and
ipabackup_name is defined and ipabackup_name == "all"
block:
- name: Get list of all backups on IPA server
shell:
ansible.builtin.shell:
find . -name "ipa-full-*" -o -name "ipa-data-*" | cut -d"/" -f 2
args:
chdir: "{{ ipabackup_dir }}/"
register: result_backup_find_backup_files
- name: Set ipabackup_names using backup list
set_fact:
ansible.builtin.set_fact:
ipabackup_names: "{{ result_backup_find_backup_files.stdout_lines }}"
when: state is defined and
((state == "copied" and ipabackup_to_controller) or
state == "absent") and
ipabackup_name is defined and ipabackup_name == "all"
- block:
- name: Set ipabackup_names from ipabackup_name
when: ipabackup_names is not defined and ipabackup_name is defined
block:
- name: Fail on ipabackup_name all
fail: msg="ipabackup_name can not be all in this case"
ansible.builtin.fail:
msg: "ipabackup_name can not be all in this case"
when: ipabackup_name is defined and ipabackup_name == "all"
- name: Set ipabackup_names from ipabackup_name string
set_fact:
ansible.builtin.set_fact:
ipabackup_names: ["{{ ipabackup_name }}"]
when: ipabackup_name | type_debug != "list"
- name: Set ipabackup_names from ipabackup_name list
set_fact:
ansible.builtin.set_fact:
ipabackup_names: "{{ ipabackup_name }}"
when: ipabackup_name | type_debug == "list"
when: ipabackup_names is not defined and ipabackup_name is defined
- name: Set empty ipabackup_names if ipabackup_name is not defined
set_fact:
ansible.builtin.set_fact:
ipabackup_names: []
when: ipabackup_names is not defined and ipabackup_name is not defined
- block:
- name: Process "{{ ipabackup_names }}"
when: state is defined and
((state == "copied" and ipabackup_to_controller) or state == "absent")
block:
- name: Copy backup from IPA server
include_tasks: "{{ role_path }}/tasks/copy_backup_from_server.yml"
ansible.builtin.include_tasks: "{{ role_path }}/tasks/copy_backup_from_server.yml"
vars:
ipabackup_item: "{{ main_item | basename }}"
with_items:
@@ -95,7 +104,7 @@
when: state is defined and state == "copied"
- name: Remove backup from IPA server
include_tasks: "{{ role_path }}/tasks/remove_backup_from_server.yml"
ansible.builtin.include_tasks: "{{ role_path }}/tasks/remove_backup_from_server.yml"
vars:
ipabackup_item: "{{ main_item | basename }}"
with_items:
@@ -104,34 +113,32 @@
loop_var: main_item
when: state is defined and state == "absent"
when: state is defined and
((state == "copied" and ipabackup_to_controller) or state == "absent")
# Fail with more than one entry in ipabackup_names for copy to sever and
# restore.
- name: Fail to copy or restore more than one backup on the server
fail: msg="Only one backup can be copied to the server or restored"
ansible.builtin.fail:
msg: "Only one backup can be copied to the server or restored"
when: state is defined and (state == "copied" or state == "restored") and
ipabackup_from_controller | bool and ipabackup_names | length != 1
# Use only first item in ipabackup_names for copy to server and for restore.
- block:
- name: Copy backup to server
include_tasks: "{{ role_path }}/tasks/copy_backup_to_server.yml"
- name: Restore IPA server after copy
include_tasks: "{{ role_path }}/tasks/restore.yml"
when: state|default("present") == "restored"
vars:
ipabackup_name: "{{ ipabackup_names[0] }}"
- name: Process "{{ ipabackup_names[0] }}"
when: ipabackup_from_controller or
(state|default("present") == "copied" and not ipabackup_to_controller)
vars:
ipabackup_name: "{{ ipabackup_names[0] }}"
block:
- name: Copy backup to server
ansible.builtin.include_tasks: "{{ role_path }}/tasks/copy_backup_to_server.yml"
- name: Restore IPA server after copy
ansible.builtin.include_tasks: "{{ role_path }}/tasks/restore.yml"
when: state|default("present") == "restored"
- name: Restore IPA server
include_tasks: "{{ role_path }}/tasks/restore.yml"
ansible.builtin.include_tasks: "{{ role_path }}/tasks/restore.yml"
vars:
ipabackup_item: "{{ ipabackup_names[0] | basename }}"
when: not ipabackup_from_controller and

2
roles/ipabackup/tasks/remove_backup_from_server.yml
View File

@@ -1,5 +1,5 @@
---
- name: Remove backup "{{ ipabackup_item }}"
file:
ansible.builtin.file:
path: "{{ ipabackup_dir }}/{{ ipabackup_item }}"
state: absent

62
roles/ipabackup/tasks/restore.yml
View File

@@ -4,7 +4,7 @@
### VARIABLES
- name: Import variables specific to distribution
include_vars: "{{ item }}"
ansible.builtin.include_vars: "{{ item }}"
with_first_found:
- "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_version'] }}.yml"
- "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_major_version'] }}.yml"
@@ -21,30 +21,32 @@
### GET SERVICES FROM BACKUP
- name: Stat backup on server
stat:
ansible.builtin.stat:
path: "{{ ipabackup_dir }}/{{ ipabackup_item }}"
register: result_backup_stat
- name: Fail on missing backup directory
fail: msg="Unable to find backup {{ ipabackup_item }}"
ansible.builtin.fail:
msg: "Unable to find backup {{ ipabackup_item }}"
when: result_backup_stat.stat.isdir is not defined
- name: Stat header file in backup "{{ ipabackup_item }}"
stat:
ansible.builtin.stat:
path: "{{ ipabackup_dir }}/{{ ipabackup_item }}/header"
register: result_backup_header_stat
- name: Fail on missing header file in backup
fail: msg="Unable to find backup {{ ipabackup_item }} header file"
ansible.builtin.fail:
msg: "Unable to find backup {{ ipabackup_item }} header file"
when: result_backup_header_stat.stat.isreg is not defined
- name: Get services from backup
shell: >
ansible.builtin.shell: >
grep "^services = " "{{ ipabackup_dir }}/{{ ipabackup_item }}/header" | cut -d"=" -f2 | tr -d '[:space:]'
register: result_services_grep
- name: Set ipabackup_services
set_fact:
ansible.builtin.set_fact:
ipabackup_services: "{{ result_services_grep.stdout.split(',') }}"
ipabackup_service_dns: DNS
ipabackup_service_adtrust: ADTRUST
@@ -52,78 +54,78 @@
### INSTALL PACKAGES
- block:
- name: Package installation
when: ipabackup_install_packages | bool
block:
- name: Ensure that IPA server packages are installed
package:
ansible.builtin.package:
name: "{{ ipaserver_packages }}"
state: present
- name: Ensure that IPA server packages for dns are installed
package:
ansible.builtin.package:
name: "{{ ipaserver_packages_dns }}"
state: present
when: ipabackup_service_dns in ipabackup_services
- name: Ensure that IPA server packages for adtrust are installed
package:
ansible.builtin.package:
name: "{{ ipaserver_packages_adtrust }}"
state: present
when: ipabackup_service_adtrust in ipabackup_services
- name: Ensure that firewalld packages are installed
package:
ansible.builtin.package:
name: "{{ ipaserver_packages_firewalld }}"
state: present
when: ipabackup_setup_firewalld | bool
when: ipabackup_install_packages | bool
### START FIREWALLD
- block:
- name: Firewall configuration
when: ipabackup_setup_firewalld | bool
block:
- name: Ensure that firewalld is running
systemd:
ansible.builtin.systemd:
name: firewalld
enabled: yes
state: started
- name: Firewalld - Verify runtime zone "{{ ipabackup_firewalld_zone }}"
shell: >
ansible.builtin.shell: >
firewall-cmd
--info-zone="{{ ipabackup_firewalld_zone }}"
>/dev/null
when: ipabackup_firewalld_zone is defined
- name: Firewalld - Verify permanent zone "{{ ipabackup_firewalld_zone }}"
shell: >
ansible.builtin.shell: >
firewall-cmd
--permanent
--info-zone="{{ ipabackup_firewalld_zone }}"
>/dev/null
when: ipabackup_firewalld_zone is defined
when: ipabackup_setup_firewalld | bool
### RESTORE
- name: Restore backup
no_log: True
shell: >
ansible.builtin.shell: >
ipa-restore
{{ ipabackup_item }}
--unattended
{{ "--password="+ipabackup_password if ipabackup_password is defined else "" }}
{{ "--password=" + ipabackup_password if ipabackup_password is defined else "" }}
{{ "--data" if ipabackup_data | bool else "" }}
{{ "--online" if ipabackup_online | bool else "" }}
{{ "--instance="+ipabackup_instance if ipabackup_instance is defined else "" }}
{{ "--backend="+ipabackup_backend if ipabackup_backend is defined else "" }}
{{ "--instance=" + ipabackup_instance if ipabackup_instance is defined else "" }}
{{ "--backend=" + ipabackup_backend if ipabackup_backend is defined else "" }}
{{ "--no-logs" if ipabackup_no_logs | bool else "" }}
{{ "--log-file="+ipabackup_log_file if ipabackup_log_file is defined else "" }}
{{ "--log-file=" + ipabackup_log_file if ipabackup_log_file is defined else "" }}
register: result_iparestore
ignore_errors: yes
- name: Report error for restore operation
debug:
ansible.builtin.debug:
msg: "{{ result_iparestore.stderr }}"
when: result_iparestore is failed
failed_when: yes
@@ -131,10 +133,10 @@
### CONFIGURE FIREWALLD
- name: Configure firewalld
command: >
ansible.builtin.command: >
firewall-cmd
--permanent
{{ "--zone="+ipabackup_firewalld_zone if ipabackup_firewalld_zone is defined else "" }}
{{ "--zone=" + ipabackup_firewalld_zone if ipabackup_firewalld_zone is defined else "" }}
--add-service=freeipa-ldap
--add-service=freeipa-ldaps
{{ "--add-service=freeipa-trust" if ipabackup_service_adtrust in ipabackup_services else "" }}
@@ -143,9 +145,9 @@
when: ipabackup_setup_firewalld | bool
- name: Configure firewalld runtime
command: >
ansible.builtin.command: >
firewall-cmd
{{ "--zone="+ipabackup_firewalld_zone if ipabackup_firewalld_zone is defined else "" }}
{{ "--zone=" + ipabackup_firewalld_zone if ipabackup_firewalld_zone is defined else "" }}
--add-service=freeipa-ldap
--add-service=freeipa-ldaps
{{ "--add-service=freeipa-trust" if ipabackup_service_adtrust in ipabackup_services else "" }}

6
roles/ipaclient/meta/main.yml
View File

@@ -6,15 +6,15 @@ galaxy_info:
description: A role to join a machine to an IPA domain
company: Red Hat, Inc
license: GPLv3
min_ansible_version: 2.8
min_ansible_version: "2.8"
platforms:
- name: Fedora
versions:
- all
- name: EL
versions:
- 7
- 8
- "7"
- "8"
galaxy_tags:
- identity
- ipa

126
roles/ipaclient/tasks/install.yml
View File

@@ -2,40 +2,45 @@
# tasks file for ipaclient
- name: Install - Ensure that IPA client packages are installed
package:
ansible.builtin.package:
name: "{{ ipaclient_packages }}"
state: present
when: ipaclient_install_packages | bool
- name: Install - Set ipaclient_servers
set_fact:
ansible.builtin.set_fact:
ipaclient_servers: "{{ groups['ipaservers'] | list }}"
when: groups.ipaservers is defined and ipaclient_servers is not defined
- name: Install - Set ipaclient_servers from cluster inventory
set_fact:
ansible.builtin.set_fact:
ipaclient_servers: "{{ groups['ipaserver'] | list }}"
when: ipaclient_no_dns_lookup | bool and groups.ipaserver is defined and
ipaclient_servers is not defined
- name: Install - Check that either password or keytab is set
fail: msg="ipaadmin_password and ipaadmin_keytab cannot be used together"
ansible.builtin.fail:
msg: "ipaadmin_password and ipaadmin_keytab cannot be used together"
when: ipaadmin_keytab is defined and ipaadmin_password is defined
- name: Install - Set default principal if no keytab is given
set_fact:
ansible.builtin.set_fact:
ipaadmin_principal: admin
when: ipaadmin_principal is undefined and ipaclient_keytab is undefined
- name: Install - Configure DNS resolver Block
- name: Install - DNS resolver configuration
when: ipaclient_configure_dns_resolver | bool
and not ipaclient_on_master | bool
block:
- name: Install - Fail on missing ipaclient_domain and ipaserver_domain
fail: msg="ipaclient_domain or ipaserver_domain is required for ipaclient_configure_dns_resolver"
ansible.builtin.fail:
msg: "ipaclient_domain or ipaserver_domain is required for ipaclient_configure_dns_resolver"
when: ipaserver_domain is not defined and ipaclient_domain is not defined
- name: Install - Fail on missing ipaclient_servers
fail: msg="ipaclient_dns_servers is required for ipaclient_configure_dns_resolver"
ansible.builtin.fail:
msg: "ipaclient_dns_servers is required for ipaclient_configure_dns_resolver"
when: ipaclient_dns_servers is not defined
- name: Install - Configure DNS resolver
@@ -44,9 +49,6 @@
searchdomains: "{{ ipaserver_domain | default(ipaclient_domain) }}"
state: present
when: ipaclient_configure_dns_resolver | bool
and not ipaclient_on_master | bool
- name: Install - IPA client test
ipaclient_test:
### basic ###
@@ -72,9 +74,13 @@
| default(ipasssd_enable_dns_updates) }}"
register: result_ipaclient_test
- block:
- name: Install - Client deployment
when: not ansible_check_mode and
not (result_ipaclient_test.client_already_configured and
not ipaclient_allow_repair | bool and not ipaclient_force_join | bool)
block:
- name: Install - Cleanup leftover ccache
file:
ansible.builtin.file:
path: "/etc/ipa/.dns_ccache"
state: absent
@@ -91,12 +97,12 @@
domain: "{{ result_ipaclient_test.domain }}"
- name: Install - Make sure One-Time Password is enabled if it's already defined
set_fact:
ansible.builtin.set_fact:
ipaclient_use_otp: "yes"
when: ipaclient_otp is defined
- name: Install - Disable One-Time Password for on_master
set_fact:
ansible.builtin.set_fact:
ipaclient_use_otp: "no"
when: ipaclient_use_otp | bool and ipaclient_on_master | bool
@@ -112,7 +118,7 @@
- name: Install - Disable One-Time Password for client with working
krb5.keytab
set_fact:
ansible.builtin.set_fact:
ipaclient_use_otp: "no"
when: ipaclient_use_otp | bool and
result_ipaclient_test_keytab.krb5_keytab_ok and
@@ -125,10 +131,12 @@
# to create a OneTime Password
# If a keytab is specified in the hostent, then the hostent will be disabled
# if ipaclient_use_otp is set.
- block:
- name: Install - Obtain OTP
when: ipaclient_use_otp | bool and ipaclient_otp is not defined
block:
- name: Install - Keytab or password is required for getting otp
ansible.builtin.fail:
msg: Keytab or password is required for getting otp
msg: "Keytab or password is required for getting otp"
when: ipaadmin_keytab is undefined and ipaadmin_password is undefined
- name: Install - Create temporary file for keytab
@@ -159,20 +167,17 @@
delegate_to: "{{ result_ipaclient_test.servers[0] }}"
- name: Install - Report error for OTP generation
debug:
ansible.builtin.debug:
msg: "{{ result_ipaclient_get_otp.msg }}"
when: result_ipaclient_get_otp is failed
failed_when: yes
- name: Install - Store the previously obtained OTP
no_log: yes
set_fact:
ansible.builtin.set_fact:
ipaadmin_orig_password: "{{ ipaadmin_password | default(omit) }}"
ipaadmin_password: "{{ result_ipaclient_get_otp.host.randompassword
if result_ipaclient_get_otp.host is defined }}"
when: ipaclient_use_otp | bool and ipaclient_otp is not defined
always:
- name: Install - Remove keytab temporary file
ansible.builtin.file:
@@ -183,12 +188,14 @@
- name: Store predefined OTP in admin_password
no_log: yes
set_fact:
ansible.builtin.set_fact:
ipaadmin_orig_password: "{{ ipaadmin_password | default(omit) }}"
ipaadmin_password: "{{ ipaclient_otp }}"
when: ipaclient_otp is defined
- block:
- name: Install - Check keytab, principal and keytab
when: not ipaclient_on_master | bool
block:
# This block is executed only when
# not (not ipaclient_on_master | bool and
# not result_ipaclient_join.changed and
@@ -198,19 +205,20 @@
# result_ipaclient_join.already_joined)))
- name: Install - Check if principal and keytab are set
fail: msg="Admin principal and client keytab cannot be used together"
ansible.builtin.fail:
msg: "Admin principal and client keytab cannot be used together"
when: ipaadmin_principal is defined and ipaclient_keytab is defined
- name: Install - Check if one of password or keytabs are set
fail: msg="At least one of password or keytabs must be specified"
ansible.builtin.fail:
msg: "At least one of password or keytabs must be specified"
when: not result_ipaclient_test_keytab.krb5_keytab_ok
and ipaadmin_password is undefined
and ipaadmin_keytab is undefined
and ipaclient_keytab is undefined
when: not ipaclient_on_master | bool
- name: Install - Purge {{ result_ipaclient_test.realm }} from host keytab
command: >
- name: "Install - From host keytab, purge {{ result_ipaclient_test.realm }}"
ansible.builtin.command: >
/usr/sbin/ipa-rmkeytab
-k /etc/krb5.keytab
-r "{{ result_ipaclient_test.realm }}"
@@ -252,30 +260,38 @@
(not result_ipaclient_test_keytab.krb5_keytab_ok or
ipaclient_force_join)
- block:
- name: krb5 configuration not correct
fail:
msg: >
The krb5 configuration is not correct, please enable allow_repair
to fix this.
when: not result_ipaclient_test_keytab.krb5_conf_ok
- name: IPA test failed
fail:
msg: "The IPA test failed, please enable allow_repair to fix this."
when: not result_ipaclient_test_keytab.ping_test_ok
- name: ca.crt file is missing
fail:
msg: >
The ca.crt file is missing, please enable allow_repair to fix this.
when: not result_ipaclient_test_keytab.ca_crt_exists
- name: Install - Allow repair checks
when: not ipaclient_on_master | bool and
not result_ipaclient_join.changed and
not ipaclient_allow_repair | bool and
(result_ipaclient_test_keytab.krb5_keytab_ok or
(result_ipaclient_join.already_joined is defined and
result_ipaclient_join.already_joined))
block:
- name: The krb5 configuration is not correct
ansible.builtin.fail:
msg: >
The krb5 configuration is not correct, please enable allow_repair
to fix this.
when: not result_ipaclient_test_keytab.krb5_conf_ok
- name: IPA test failed
ansible.builtin.fail:
msg: "The IPA test failed, please enable allow_repair to fix this."
when: not result_ipaclient_test_keytab.ping_test_ok
- name: Fail due to missing ca.crt file
ansible.builtin.fail:
msg: >
The ca.crt file is missing, please enable allow_repair to fix this.
when: not result_ipaclient_test_keytab.ca_crt_exists
- block:
- name: Install - Configuration
when: not (not ipaclient_on_master | bool and
not result_ipaclient_join.changed and
not ipaclient_allow_repair | bool
and (result_ipaclient_test_keytab.krb5_keytab_ok
or (result_ipaclient_join.already_joined is defined
and result_ipaclient_join.already_joined)))
block:
- name: Install - Configure IPA default.conf
ipaclient_ipa_conf:
servers: "{{ result_ipaclient_test.servers }}"
@@ -396,26 +412,14 @@
domain: "{{ result_ipaclient_test.domain }}"
nisdomain: "{{ ipaclient_nisdomain | default(omit) }}"
when: not ipaclient_no_nisdomain | bool
when: not (not ipaclient_on_master | bool and
not result_ipaclient_join.changed and
not ipaclient_allow_repair | bool
and (result_ipaclient_test_keytab.krb5_keytab_ok
or (result_ipaclient_join.already_joined is defined
and result_ipaclient_join.already_joined)))
when: not ansible_check_mode and
not (result_ipaclient_test.client_already_configured and
not ipaclient_allow_repair | bool and not ipaclient_force_join | bool)
always:
- name: Install - Restore original admin password if overwritten by OTP
no_log: yes
set_fact:
ansible.builtin.set_fact:
ipaadmin_password: "{{ ipaadmin_orig_password }}"
when: ipaclient_use_otp | bool and ipaadmin_orig_password is defined
- name: Cleanup leftover ccache
file:
ansible.builtin.file:
path: "/etc/ipa/.dns_ccache"
state: absent

6
roles/ipaclient/tasks/main.yml
View File

@@ -2,7 +2,7 @@
# tasks file for ipaclient
- name: Import variables specific to distribution
include_vars: "{{ item }}"
ansible.builtin.include_vars: "{{ item }}"
with_first_found:
- "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_version'] }}.yml"
- "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_major_version'] }}.yml"
@@ -17,9 +17,9 @@
- "{{ role_path }}/vars/default.yml"
- name: Install IPA client
include_tasks: install.yml
ansible.builtin.include_tasks: install.yml
when: state|default('present') == 'present'
- name: Uninstall IPA client
include_tasks: uninstall.yml
ansible.builtin.include_tasks: uninstall.yml
when: state|default('present') == 'absent'

4
roles/ipaclient/tasks/uninstall.yml
View File

@@ -2,7 +2,7 @@
# tasks to uninstall IPA client
- name: Uninstall - Uninstall IPA client
command: >
ansible.builtin.command: >
/usr/sbin/ipa-client-install
--uninstall
-U
@@ -17,6 +17,6 @@
when: ipaclient_cleanup_dns_resolver | bool
#- name: Remove IPA client package
# package:
# ansible.builtin.package:
# name: "{{ ipaclient_packages }}"
# state: absent

6
roles/ipareplica/meta/main.yml
View File

@@ -6,15 +6,15 @@ galaxy_info:
description: A role to setup an IPA domain replica
company: Red Hat, Inc
license: GPLv3
min_ansible_version: 2.8
min_ansible_version: "2.8"
platforms:
- name: Fedora
versions:
- all
- name: EL
versions:
- 7
- 8
- "7"
- "8"
galaxy_tags:
- identity
- ipa

92
roles/ipareplica/tasks/install.yml
View File

@@ -1,64 +1,64 @@
---
# tasks file for ipareplica
- block:
- name: Package installation
when: ipareplica_install_packages | bool
block:
- name: Install - Ensure IPA replica packages are installed
package:
ansible.builtin.package:
name: "{{ ipareplica_packages }}"
state: present
- name: Install - Ensure IPA replica packages for dns are installed
package:
ansible.builtin.package:
name: "{{ ipareplica_packages_dns }}"
state: present
when: ipareplica_setup_dns | bool
- name: Install - Ensure IPA replica packages for adtrust are installed
package:
ansible.builtin.package:
name: "{{ ipareplica_packages_adtrust }}"
state: present
when: ipareplica_setup_adtrust | bool
- name: Install - Ensure that firewall packages installed
package:
ansible.builtin.package:
name: "{{ ipareplica_packages_firewalld }}"
state: present
when: ipareplica_setup_firewalld | bool
when: ipareplica_install_packages | bool
- block:
- name: Firewall configuration
when: ipareplica_setup_firewalld | bool
block:
- name: Firewalld service - Ensure that firewalld is running
systemd:
ansible.builtin.systemd:
name: firewalld
enabled: yes
state: started
- name: Firewalld - Verify runtime zone "{{ ipareplica_firewalld_zone }}"
shell: >
ansible.builtin.shell: >
firewall-cmd
--info-zone="{{ ipareplica_firewalld_zone }}"
>/dev/null
when: ipareplica_firewalld_zone is defined
- name: Firewalld - Verify permanent zone "{{ ipareplica_firewalld_zone }}"
shell: >
ansible.builtin.shell: >
firewall-cmd
--permanent
--info-zone="{{ ipareplica_firewalld_zone }}"
>/dev/null
when: ipareplica_firewalld_zone is defined
when: ipareplica_setup_firewalld | bool
- name: Install - Set ipareplica_servers
set_fact:
ansible.builtin.set_fact:
ipareplica_servers: "{{ groups['ipaservers'] | list }}"
when: groups.ipaservers is defined and ipareplica_servers is not defined
- name: Install - Set default principal if no keytab is given
set_fact:
ansible.builtin.set_fact:
ipaadmin_principal: admin
when: ipaadmin_principal is undefined and ipaclient_keytab is undefined
@@ -71,7 +71,7 @@
domain: "{{ ipareplica_domain | default(ipaserver_domain) |
default(omit) }}"
servers: "{{ ipareplica_servers | default(omit) }}"
realm: "{{ ipareplica_realm | default(ipaserver_realm) |default(omit) }}"
realm: "{{ ipareplica_realm | default(ipaserver_realm) | default(omit) }}"
hostname: "{{ ipareplica_hostname | default(ansible_facts['fqdn']) }}"
ca_cert_files: "{{ ipareplica_ca_cert_files | default([]) }}"
hidden_replica: "{{ ipareplica_hidden_replica }}"
@@ -101,14 +101,18 @@
no_dnssec_validation: "{{ ipareplica_no_dnssec_validation }}"
register: result_ipareplica_test
- block:
- name: Install - Deploy replica
when: not ansible_check_mode and
not (result_ipareplica_test.client_already_configured is defined or
result_ipareplica_test.server_already_configured is defined)
block:
# This block is executed only when
# not ansible_check_mode and
# not (result_ipareplica_test.client_already_configured is defined or
# result_ipareplica_test.server_already_configured is defined)
- name: Install - Setup client
include_role:
ansible.builtin.include_role:
name: ipaclient
vars:
state: present
@@ -120,7 +124,7 @@
when: not result_ipareplica_test.client_enrolled
- name: Install - Configure firewalld
command: >
ansible.builtin.command: >
firewall-cmd
--permanent
--zone="{{ ipareplica_firewalld_zone if ipareplica_firewalld_zone is
@@ -134,7 +138,7 @@
when: ipareplica_setup_firewalld | bool
- name: Install - Configure firewalld runtime
command: >
ansible.builtin.command: >
firewall-cmd
--zone="{{ ipareplica_firewalld_zone if ipareplica_firewalld_zone is
defined else '' }}"
@@ -222,8 +226,8 @@
- name: Install - Set dirman password
no_log: yes
set_fact:
ipareplica_dirman_password:
ansible.builtin.set_fact:
__derived_dirman_password:
"{{ result_ipareplica_master_password.password }}"
- name: Install - Setup certmonger
@@ -264,7 +268,7 @@
_add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
_ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
_subject_base: "{{ result_ipareplica_prepare._subject_base }}"
dirman_password: "{{ ipareplica_dirman_password }}"
dirman_password: "{{ __derived_dirman_password }}"
config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
config_master_host_name:
"{{ result_ipareplica_prepare.config_master_host_name }}"
@@ -302,13 +306,13 @@
ccache: "{{ result_ipareplica_prepare.ccache }}"
installer_ccache: "{{ result_ipareplica_prepare.installer_ccache }}"
_ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
_dirsrv_pkcs12_info: "{{ result_ipareplica_prepare._dirsrv_pkcs12_info if result_ipareplica_prepare._dirsrv_pkcs12_info != None else omit }}"
_dirsrv_pkcs12_info: "{{ result_ipareplica_prepare._dirsrv_pkcs12_info if result_ipareplica_prepare._dirsrv_pkcs12_info != None else omit }}"
subject_base: "{{ result_ipareplica_prepare.subject_base }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
_add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
_ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
_subject_base: "{{ result_ipareplica_prepare._subject_base }}"
dirman_password: "{{ ipareplica_dirman_password }}"
dirman_password: "{{ __derived_dirman_password }}"
config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
config_master_host_name:
"{{ result_ipareplica_install_ca_certs.config_master_host_name }}"
@@ -352,7 +356,7 @@
_add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
_ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
_subject_base: "{{ result_ipareplica_prepare._subject_base }}"
dirman_password: "{{ ipareplica_dirman_password }}"
dirman_password: "{{ __derived_dirman_password }}"
setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
- name: Install - Setup KRB
@@ -367,9 +371,9 @@
config_master_host_name:
"{{ result_ipareplica_install_ca_certs.config_master_host_name }}"
ccache: "{{ result_ipareplica_prepare.ccache }}"
_pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
_pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
dirman_password: "{{ ipareplica_dirman_password }}"
dirman_password: "{{ __derived_dirman_password }}"
# We need to point to the master in ipa default conf when certmonger
# asks for HTTP certificate in newer ipa versions. In these versions
@@ -410,7 +414,7 @@
_add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
_ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
_subject_base: "{{ result_ipareplica_prepare._subject_base }}"
dirman_password: "{{ ipareplica_dirman_password }}"
dirman_password: "{{ __derived_dirman_password }}"
setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
master:
"{{ result_ipareplica_install_ca_certs.config_master_host_name }}"
@@ -434,7 +438,7 @@
_dirsrv_pkcs12_info: "{{ result_ipareplica_prepare._dirsrv_pkcs12_info if result_ipareplica_prepare._dirsrv_pkcs12_info != None else omit }}"
_pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
dirman_password: "{{ ipareplica_dirman_password }}"
dirman_password: "{{ __derived_dirman_password }}"
ds_ca_subject: "{{ result_ipareplica_setup_ds.ds_ca_subject }}"
- name: Install - Setup http
@@ -455,7 +459,7 @@
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
_http_pkcs12_info: "{{ result_ipareplica_prepare._http_pkcs12_info if result_ipareplica_prepare._http_pkcs12_info != None else omit }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
dirman_password: "{{ ipareplica_dirman_password }}"
dirman_password: "{{ __derived_dirman_password }}"
# Need to point back to ourself after the cert for HTTP is obtained
- name: Install - Create original IPA conf again
@@ -494,7 +498,7 @@
_add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
_ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
_subject_base: "{{ result_ipareplica_prepare._subject_base }}"
dirman_password: "{{ ipareplica_dirman_password }}"
dirman_password: "{{ __derived_dirman_password }}"
setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
when: result_ipareplica_test.change_master_for_certmonger
@@ -513,7 +517,7 @@
ccache: "{{ result_ipareplica_prepare.ccache }}"
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
dirman_password: "{{ ipareplica_dirman_password }}"
dirman_password: "{{ __derived_dirman_password }}"
- name: Install - Setup custodia
ipareplica_setup_custodia:
@@ -534,7 +538,7 @@
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
_pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
dirman_password: "{{ ipareplica_dirman_password }}"
dirman_password: "{{ __derived_dirman_password }}"
- name: Install - Setup CA
ipareplica_setup_ca:
@@ -557,7 +561,7 @@
_pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
_random_serial_numbers: "{{ result_ipareplica_prepare._random_serial_numbers }}"
dirman_password: "{{ ipareplica_dirman_password }}"
dirman_password: "{{ __derived_dirman_password }}"
config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
config_master_host_name:
"{{ result_ipareplica_install_ca_certs.config_master_host_name }}"
@@ -582,7 +586,7 @@
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
_pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
dirman_password: "{{ ipareplica_dirman_password }}"
dirman_password: "{{ __derived_dirman_password }}"
- name: Install - DS apply updates
ipareplica_ds_apply_updates:
@@ -602,7 +606,7 @@
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
_pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
dirman_password: "{{ ipareplica_dirman_password }}"
dirman_password: "{{ __derived_dirman_password }}"
ds_ca_subject: "{{ result_ipareplica_setup_ds.ds_ca_subject }}"
- name: Install - Setup kra
@@ -642,7 +646,7 @@
_add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
_ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
_subject_base: "{{ result_ipareplica_prepare._subject_base }}"
dirman_password: "{{ ipareplica_dirman_password }}"
dirman_password: "{{ __derived_dirman_password }}"
when: result_ipareplica_test.setup_kra
- name: Install - Restart KDC
@@ -660,7 +664,7 @@
ccache: "{{ result_ipareplica_prepare.ccache }}"
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
dirman_password: "{{ ipareplica_dirman_password }}"
dirman_password: "{{ __derived_dirman_password }}"
- name: Install - Custodia import dm password
ipareplica_custodia_import_dm_password:
@@ -681,7 +685,7 @@
_kra_enabled: "{{ result_ipareplica_prepare._kra_enabled }}"
_kra_host_name: "{{ result_ipareplica_prepare.config_kra_host_name }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
dirman_password: "{{ ipareplica_dirman_password }}"
dirman_password: "{{ __derived_dirman_password }}"
config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
- name: Install - Promote SSSD
@@ -776,21 +780,17 @@
register: result_ipareplica_enable_ipa
- name: Install - Cleanup root IPA cache
file:
ansible.builtin.file:
path: "/root/.ipa_cache"
state: absent
when: result_ipareplica_enable_ipa.changed
always:
- name: Cleanup temporary files
file:
ansible.builtin.file:
path: "{{ item }}"
state: absent
with_items:
- "/etc/ipa/.tmp_pkcs12_dirsrv"
- "/etc/ipa/.tmp_pkcs12_http"
- "/etc/ipa/.tmp_pkcs12_pkinit"
when: not ansible_check_mode and
not (result_ipareplica_test.client_already_configured is defined or
result_ipareplica_test.server_already_configured is defined)

6
roles/ipareplica/tasks/main.yml
View File

@@ -2,7 +2,7 @@
# tasks file for ipareplica
- name: Import variables specific to distribution
include_vars: "{{ item }}"
ansible.builtin.include_vars: "{{ item }}"
with_first_found:
- "vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_version'] }}.yml"
- "vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_major_version'] }}.yml"
@@ -17,9 +17,9 @@
- "vars/default.yml"
- name: Install IPA replica
include_tasks: install.yml
ansible.builtin.include_tasks: install.yml
when: state|default('present') == 'present'
- name: Uninstall IPA replica
include_tasks: uninstall.yml
ansible.builtin.include_tasks: uninstall.yml
when: state|default('present') == 'absent'

6
roles/ipareplica/tasks/uninstall.yml
View File

@@ -2,7 +2,7 @@
# tasks to uninstall IPA replica
- name: Uninstall - Uninstall IPA replica
command: >
ansible.builtin.command: >
/usr/sbin/ipa-server-install
--uninstall
-U
@@ -22,7 +22,7 @@
delay: 1
#- name: Uninstall - Remove all replication agreements and data about replica
# command: >
# ansible.builtin.command: >
# /usr/sbin/ipa-replica-manage
# del
# {{ ipareplica_hostname | default(ansible_facts['fqdn']) }}
@@ -32,6 +32,6 @@
# delegate_to: "{{ groups.ipaserver[0] | default(fail) }}"
#- name: Remove IPA replica packages
# package:
# ansible.builtin.package:
# name: "{{ ipareplica_packages }}"
# state: absent

6
roles/ipaserver/meta/main.yml
View File

@@ -6,15 +6,15 @@ galaxy_info:
description: A role to setup an iPA domain server
company: Red Hat, Inc
license: GPLv3
min_ansible_version: 2.8
min_ansible_version: "2.8"
platforms:
- name: Fedora
versions:
- all
- name: EL
versions:
- 7
- 8
- "7"
- "8"
galaxy_tags:
- identity
- ipa

30
roles/ipaserver/tasks/copy_external_cert.yml
View File

@@ -1,14 +1,18 @@
---
- name: Install - Initialize ipaserver_external_cert_files
set_fact:
ipaserver_external_cert_files: []
when: ipaserver_external_cert_files is undefined
- name: Install - Copy "{{ item }}" "{{ inventory_hostname }}':/root/'{{ item | basename }}"
copy:
src: "{{ item }}"
dest: "/root/{{ item | basename }}"
mode: preserve
force: yes
- name: Install - Extend ipaserver_external_cert_files with "/root/{{ item | basename }}"
set_fact:
ipaserver_external_cert_files: "{{ ipaserver_external_cert_files + [ '/root/' + (item | basename) ] }}"
- name: Copy external certificates
vars:
__item_basename: "{{ item | basename }}"
block:
- name: Install - Initialize ipaserver_external_cert_files
ansible.builtin.set_fact:
ipaserver_external_cert_files: []
when: ipaserver_external_cert_files is undefined
- name: Install - Copy "{{ item + " " + inventory_hostname + ':/root/' + __item_basename }}"
ansible.builtin.copy:
src: "{{ item }}"
dest: "/root/{{ __item_basename }}"
mode: preserve
force: yes
- name: Install - Extend ipaserver_external_cert_files with "/root/{{ __item_basename }}"
ansible.builtin.set_fact:
ipaserver_external_cert_files: "{{ ipaserver_external_cert_files + ['/root/' + (__item_basename)] }}"

88
roles/ipaserver/tasks/install.yml
View File

@@ -1,57 +1,59 @@
---
# tasks file for ipaserver
- block:
- name: Install - Package installation
when: ipaserver_install_packages | bool
block:
- name: Install - Ensure that IPA server packages are installed
package:
ansible.builtin.package:
name: "{{ ipaserver_packages }}"
state: present
- name: Install - Ensure that IPA server packages for dns are installed
package:
ansible.builtin.package:
name: "{{ ipaserver_packages_dns }}"
state: present
when: ipaserver_setup_dns | bool
- name: Install - Ensure that IPA server packages for adtrust are installed
package:
ansible.builtin.package:
name: "{{ ipaserver_packages_adtrust }}"
state: present
when: ipaserver_setup_adtrust | bool
- name: Install - Ensure that firewall packages installed
package:
ansible.builtin.package:
name: "{{ ipaserver_packages_firewalld }}"
state: present
when: ipaserver_setup_firewalld | bool
when: ipaserver_install_packages | bool
- block:
- name: Install - Firewall configuration
when: ipaserver_setup_firewalld | bool
block:
- name: Firewalld service - Ensure that firewalld is running
systemd:
ansible.builtin.systemd:
name: firewalld
enabled: yes
state: started
- name: Firewalld - Verify runtime zone "{{ ipaserver_firewalld_zone }}"
shell: >
ansible.builtin.shell: >
firewall-cmd
--info-zone="{{ ipaserver_firewalld_zone }}"
>/dev/null
when: ipaserver_firewalld_zone is defined
- name: Firewalld - Verify permanent zone "{{ ipaserver_firewalld_zone }}"
shell: >
ansible.builtin.shell: >
firewall-cmd
--permanent
--info-zone="{{ ipaserver_firewalld_zone }}"
>/dev/null
when: ipaserver_firewalld_zone is defined
when: ipaserver_setup_firewalld | bool
- include_tasks: "{{ role_path }}/tasks/copy_external_cert.yml"
- name: Copy external certs
ansible.builtin.include_tasks: "{{ role_path }}/tasks/copy_external_cert.yml"
with_items: "{{ ipaserver_external_cert_files_from_controller }}"
when: ipaserver_external_cert_files_from_controller is defined and
ipaserver_external_cert_files_from_controller|length > 0 and
@@ -127,14 +129,15 @@
### additional ###
register: result_ipaserver_test
- block:
# This block is executed only when
# not ansible_check_mode and
# not (not result_ipaserver_test.changed and
# (result_ipaserver_test.client_already_configured is defined or
# result_ipaserver_test.server_already_configured is defined)
- block:
- name: Install - Deploy server
when: not ansible_check_mode and not
(not result_ipaserver_test.changed and
(result_ipaserver_test.client_already_configured is defined or
result_ipaserver_test.server_already_configured is defined))
block:
- name: Install - Obtain master password
when: ipaserver_master_password is undefined
block:
- name: Install - Master password creation
no_log: yes
ipaserver_master_password:
@@ -144,11 +147,15 @@
- name: Install - Use new master password
no_log: yes
set_fact:
ipaserver_master_password:
ansible.builtin.set_fact:
__derived_master_password:
"{{ result_ipaserver_master_password.password }}"
when: ipaserver_master_password is undefined
- name: Use user defined master password, if provided
when: ipaserver_master_password is defined
no_log: yes
ansible.builtin.set_fact:
__derived_master_password: "{{ ipaserver_master_password }}"
- name: Install - Server preparation
ipaserver_prepare:
@@ -207,7 +214,7 @@
ipaserver_setup_ds:
dm_password: "{{ ipadm_password }}"
password: "{{ ipaadmin_password }}"
# master_password: "{{ ipaserver_master_password }}"
# master_password: "{{ __derived_master_password }}"
domain: "{{ result_ipaserver_test.domain }}"
realm: "{{ result_ipaserver_test.realm | default(omit) }}"
hostname: "{{ result_ipaserver_test.hostname }}"
@@ -236,7 +243,7 @@
ipaserver_setup_krb:
dm_password: "{{ ipadm_password }}"
password: "{{ ipaadmin_password }}"
master_password: "{{ ipaserver_master_password }}"
master_password: "{{ __derived_master_password }}"
domain: "{{ result_ipaserver_test.domain }}"
realm: "{{ result_ipaserver_test.realm }}"
hostname: "{{ result_ipaserver_test.hostname }}"
@@ -269,7 +276,7 @@
ipaserver_setup_ca:
dm_password: "{{ ipadm_password }}"
password: "{{ ipaadmin_password }}"
master_password: "{{ ipaserver_master_password }}"
master_password: "{{ __derived_master_password }}"
# ip_addresses: "{{ result_ipaserver_prepare.ip_addresses }}"
domain: "{{ result_ipaserver_test.domain }}"
realm: "{{ result_ipaserver_test.realm }}"
@@ -307,15 +314,17 @@
_http_ca_cert: "{{ result_ipaserver_test._http_ca_cert }}"
register: result_ipaserver_setup_ca
- name: Copy /root/ipa.csr to "{{ inventory_hostname }}-ipa.csr"
fetch:
- name: Copy /root/ipa.csr to "{{ inventory_hostname + '-ipa.csr' }}"
ansible.builtin.fetch:
src: /root/ipa.csr
dest: "{{ inventory_hostname }}-ipa.csr"
flat: yes
when: result_ipaserver_setup_ca.csr_generated | bool and
ipaserver_copy_csr_to_controller | bool
- block:
- name: Install - Configure services
when: not result_ipaserver_setup_ca.csr_generated | bool
block:
- name: Install - Setup otpd
ipaserver_setup_otpd:
realm: "{{ result_ipaserver_test.realm }}"
@@ -326,7 +335,7 @@
ipaserver_setup_http:
dm_password: "{{ ipadm_password }}"
password: "{{ ipaadmin_password }}"
master_password: "{{ ipaserver_master_password }}"
master_password: "{{ __derived_master_password }}"
domain: "{{ result_ipaserver_test.domain }}"
realm: "{{ result_ipaserver_test.realm }}"
hostname: "{{ result_ipaserver_test.hostname }}"
@@ -416,7 +425,7 @@
_dirsrv_pkcs12_info: "{{ result_ipaserver_test._dirsrv_pkcs12_info if result_ipaserver_test._dirsrv_pkcs12_info != None else omit }}"
- name: Install - Setup client
include_role:
ansible.builtin.include_role:
name: ipaclient
vars:
state: present
@@ -438,13 +447,13 @@
register: result_ipaserver_enable_ipa
- name: Install - Cleanup root IPA cache
file:
ansible.builtin.file:
path: "/root/.ipa_cache"
state: absent
when: result_ipaserver_enable_ipa.changed
- name: Install - Configure firewalld
command: >
ansible.builtin.command: >
firewall-cmd
--permanent
--zone="{{ ipaserver_firewalld_zone if ipaserver_firewalld_zone is
@@ -458,7 +467,7 @@
when: ipaserver_setup_firewalld | bool
- name: Install - Configure firewalld runtime
command: >
ansible.builtin.command: >
firewall-cmd
--zone="{{ ipaserver_firewalld_zone if ipaserver_firewalld_zone is
defined else '' }}"
@@ -470,19 +479,12 @@
{{ "--add-service=ntp" if not ipaclient_no_ntp | bool else "" }}
when: ipaserver_setup_firewalld | bool
when: not result_ipaserver_setup_ca.csr_generated | bool
always:
- name: Cleanup temporary files
file:
ansible.builtin.file:
path: "{{ item }}"
state: absent
with_items:
- "/etc/ipa/.tmp_pkcs12_dirsrv"
- "/etc/ipa/.tmp_pkcs12_http"
- "/etc/ipa/.tmp_pkcs12_pkinit"
when: not ansible_check_mode and not
(not result_ipaserver_test.changed and
(result_ipaserver_test.client_already_configured is defined or
result_ipaserver_test.server_already_configured is defined))

6
roles/ipaserver/tasks/main.yml
View File

@@ -2,7 +2,7 @@
# tasks file for ipaserver
- name: Import variables specific to distribution
include_vars: "{{ item }}"
ansible.builtin.include_vars: "{{ item }}"
with_first_found:
- "vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_version'] }}.yml"
- "vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_major_version'] }}.yml"
@@ -17,9 +17,9 @@
- "vars/default.yml"
- name: Install IPA server
include_tasks: install.yml
ansible.builtin.include_tasks: install.yml
when: state|default('present') == 'present'
- name: Uninstall IPA server
include_tasks: uninstall.yml
ansible.builtin.include_tasks: uninstall.yml
when: state|default('present') == 'absent'

4
roles/ipaserver/tasks/uninstall.yml
View File

@@ -2,7 +2,7 @@
# tasks to uninstall IPA server
- name: Uninstall - Uninstall IPA server
command: >
ansible.builtin.command: >
/usr/sbin/ipa-server-install
--uninstall
-U
@@ -15,6 +15,6 @@
changed_when: uninstall.rc == 0
#- name: Remove IPA server packages
# package:
# ansible.builtin.package:
# name: "{{ ipaserver_packages }}"
# state: absent

6
roles/ipasmartcard_client/meta/main.yml
View File

@@ -6,15 +6,15 @@ galaxy_info:
description: A role to setup IPA server(s) for Smart Card authentication
company: Red Hat, Inc
license: GPLv3
min_ansible_version: 2.8
min_ansible_version: "2.8"
platforms:
- name: Fedora
versions:
- all
- name: EL
versions:
- 7
- 8
- "7"
- "8"
galaxy_tags:
- identity
- ipa

21
roles/ipasmartcard_client/tasks/main.yml
View File

@@ -2,7 +2,8 @@
# tasks file for ipasmartcard_client role
- name: Uninstall smartcard client
ansible.builtin.fail: msg="Uninstalling smartcard for IPA is not supported"
ansible.builtin.fail:
msg: "Uninstalling smartcard for IPA is not supported"
when: state|default('present') == 'absent'
- name: Import variables specific to distribution
@@ -20,7 +21,8 @@
# If neither distro nor family is supported, try a default configuration.
- "vars/default.yml"
- block:
- name: Client configuration
block:
# CA CERTS
@@ -35,7 +37,8 @@
# Fail on empty "ipasmartcard_client_ca_certs"
- name: Fail on empty "ipasmartcard_client_ca_certs"
ansible.builtin.fail: msg="No CA certs given in 'ipasmartcard_client_ca_certs'"
ansible.builtin.fail:
msg: "No CA certs given in 'ipasmartcard_client_ca_certs'"
when: ipasmartcard_client_ca_certs is not defined or
ipasmartcard_client_ca_certs | length < 1
@@ -67,13 +70,13 @@
ipaadmin_principal: admin
when: ipaadmin_principal is undefined
- name: kinit using "{{ ipaadmin_principal }}" password
- name: Authenticate using kinit with password for "{{ ipaadmin_principal }}"
ansible.builtin.command: kinit "{{ ipaadmin_principal }}"
args:
stdin: "{{ ipaadmin_password }}"
when: ipaadmin_password is defined
- name: kinit using "{{ ipaadmin_principal }}" keytab
- name: Authenticate using kinit with keytab for "{{ ipaadmin_principal }}"
ansible.builtin.command: kinit -kt "{{ ipaadmin_keytab }}" "{{ ipaadmin_principal }}"
when: ipaadmin_keytab is defined
@@ -99,7 +102,9 @@
# Ensure /etc/sssd/pki exists
- block:
- name: Prepare for authselect
when: ipasmartcard_client_vars.USE_AUTHSELECT
block:
- name: Ensure /etc/sssd/pki exists
ansible.builtin.file:
path: /etc/sssd/pki
@@ -111,8 +116,6 @@
path: /etc/sssd/pki/sssd_auth_ca_db.pem
state: absent
when: ipasmartcard_client_vars.USE_AUTHSELECT
# Upload smartcard CA certificates to systemwide db
- name: Upload smartcard CA certificates to systemwide db
@@ -169,5 +172,5 @@
### ALWAYS ###
always:
- name: kdestroy
- name: Destroy Kerberos tickets
ansible.builtin.command: kdestroy -A

6
roles/ipasmartcard_server/meta/main.yml
View File

@@ -6,15 +6,15 @@ galaxy_info:
description: A role to setup IPA server(s) for Smart Card authentication
company: Red Hat, Inc
license: GPLv3
min_ansible_version: 2.8
min_ansible_version: "2.8"
platforms:
- name: Fedora
versions:
- all
- name: EL
versions:
- 7
- 8
- "7"
- "8"
galaxy_tags:
- identity
- ipa

38
roles/ipasmartcard_server/tasks/main.yml
View File

@@ -2,7 +2,8 @@
# tasks file for ipasmartcard_server role
- name: Uninstall smartcard server
ansible.builtin.fail: msg="Uninstalling smartcard for IPA is not supported"
ansible.builtin.fail:
msg: "Uninstalling smartcard for IPA is not supported"
when: state|default('present') == 'absent'
- name: Import variables specific to distribution
@@ -20,13 +21,15 @@
# If neither distro nor family is supported, try a default configuration.
- "vars/default.yml"
- block:
- name: Server configuration
block:
# CA CERTS
# Fail on empty "ipasmartcard_server_ca_certs"
- name: Fail on empty "ipasmartcard_server_ca_certs"
ansible.builtin.fail: msg="No CA certs given in 'ipasmartcard_server_ca_certs'"
ansible.builtin.fail:
msg: "No CA certs given in 'ipasmartcard_server_ca_certs'"
when: ipasmartcard_server_ca_certs is not defined or
ipasmartcard_server_ca_certs | length < 1
@@ -39,7 +42,7 @@
# INSTALL bind-utils
- name: Ensure {{ ipasmartcard_server_bindutils_packages }} are installed
- name: Ensure bind utilities packages are installed
ansible.builtin.package:
name: "{{ ipasmartcard_server_bindutils_packages }}"
state: present
@@ -52,13 +55,13 @@
ipaadmin_principal: admin
when: ipaadmin_principal is undefined
- name: kinit using "{{ ipaadmin_principal }}" password
- name: Athenticate with kinit and password for "{{ ipaadmin_principal }}"
ansible.builtin.command: kinit "{{ ipaadmin_principal }}"
args:
stdin: "{{ ipaadmin_password }}"
when: ipaadmin_password is defined
- name: kinit using "{{ ipaadmin_principal }}" keytab
- name: Authenticate with kinit and keytab for "{{ ipaadmin_principal }}"
ansible.builtin.command: kinit -kt "{{ ipaadmin_keytab }}" "{{ ipaadmin_principal }}"
when: ipaadmin_keytab is defined
@@ -69,12 +72,13 @@
register: result_ipa_server_show
- name: Fail if not an IPA server
ansible.builtin.fail: msg="Not an IPA server"
ansible.builtin.fail:
msg: "Not an IPA server"
when: result_ipa_server_show.failed
- name: Get Domain from server-find server name
ansible.builtin.set_fact:
ipaserver_domain: "{{ (result_ipa_server_show.stdout | regex_search('cn: (.+)', '\\1'))[0].split('.')[1:] | join ('.') }}"
ipaserver_domain: "{{ (result_ipa_server_show.stdout | regex_search('cn: (.+)', '\\1'))[0].split('.')[1:] | join('.') }}"
when: ipaserver_domain is not defined
- name: Get ipa-ca records
@@ -82,7 +86,8 @@
register: result_get_ipaca_records
- name: Fail if ipa-ca records are not resolvable
ansible.builtin.fail: msg="ipa-ca records are not resolvable"
ansible.builtin.fail:
msg: "ipa-ca records are not resolvable"
when: result_get_ipaca_records.failed or
result_get_ipaca_records.stdout | length == 0
@@ -162,10 +167,11 @@
# HTTPD IFP
- block:
- name: Allow HTTPD ifp
when: ipasmartcard_server_vars.allow_httpd_ifp
block:
# Allow Apache to access SSSD IFP
- name: Allow Apache to access SSSD IFP
ansible.builtin.command: "{{ ipasmartcard_server_vars.python_interpreter }}"
args:
@@ -186,11 +192,11 @@
name: sssd
state: restarted
when: ipasmartcard_server_vars.allow_httpd_ifp
# Ensure /etc/sssd/pki exists
- block:
- name: Prepare for authselect
when: ipasmartcard_server_vars.USE_AUTHSELECT
block:
- name: Ensure /etc/sssd/pki exists
ansible.builtin.file:
path: /etc/sssd/pki
@@ -202,8 +208,6 @@
path: /etc/sssd/pki/sssd_auth_ca_db.pem
state: absent
when: ipasmartcard_server_vars.USE_AUTHSELECT
# Upload smartcard CA certificates to systemwide db
- name: Upload smartcard CA certificates to systemwide db
@@ -243,5 +247,5 @@
### ALWAYS ###
always:
- name: kdestroy
- name: Destroy Kereberos tickets
ansible.builtin.command: kdestroy -A

6
tests/automember/test_automember_client_context.yml
View File

@@ -6,7 +6,7 @@
tasks:
- name: Include FreeIPA facts.
include_tasks: ../env_freeipa_facts.yml
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
# Test will only be executed if host is not a server.
- name: Execute with server context in the client.
@@ -28,13 +28,13 @@
# in upstream CI.
- name: Test automember using client context, in client host.
import_playbook: test_automember.yml
ansible.builtin.import_playbook: test_automember.yml
when: groups['ipaclients']
vars:
ipa_test_host: ipaclients
- name: Test automember using client context, in server host.
import_playbook: test_automember.yml
ansible.builtin.import_playbook: test_automember.yml
when: groups['ipaclients'] is not defined or not groups['ipaclients']
vars:
ipa_context: client

4
tests/automember/test_automember_orphans_removed.yml
View File

@@ -8,9 +8,9 @@
# SET FACTS
- name: Get Domain from server name
set_fact:
ansible.builtin.set_fact:
ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] |
join ('.') }}"
join('.') }}"
when: ipaserver_domain is not defined
# CLEANUP TEST ITEMS

4
tests/automember/test_automember_rebuilt.yml
View File

@@ -8,9 +8,9 @@
# SET FACTS
- name: Get Domain from server name
set_fact:
ansible.builtin.set_fact:
ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] |
join ('.') }}"
join('.') }}"
when: ipaserver_domain is not defined
# CLEANUP TEST ITEMS

35
tests/automount/test_automountkey.yml
View File

@@ -5,18 +5,18 @@
gather_facts: no
tasks:
- name: ensure test location TestLocation is present
- name: Ensure test location TestLocation is present
ipaautomountlocation:
ipaadmin_password: SomeADMINpassword
name: TestLocation
- name: ensure test map TestMap is present
- name: Ensure test map TestMap is present
ipaautomountmap:
ipaadmin_password: SomeADMINpassword
name: TestMap
location: TestLocation
- name: ensure key NewKeyName is absent
- name: Ensure key NewKeyName is absent
ipaautomountkey:
ipaadmin_password: SomeADMINpassword
location: TestLocation
@@ -24,7 +24,7 @@
key: NewKeyName
state: absent
- name: ensure key TestKey is absent
- name: Ensure key TestKey is absent
ipaautomountkey:
ipaadmin_password: SomeADMINpassword
location: TestLocation
@@ -32,9 +32,10 @@
key: NewKeyName
state: absent
- block:
- name: Execute Automount Key tests
block:
### test the key creation, and modification
- name: ensure key TestKey is present
- name: Ensure key TestKey is present
ipaautomountkey:
ipaadmin_password: SomeADMINpassword
location: TestLocation
@@ -45,7 +46,7 @@
register: result
failed_when: result.failed or not result.changed
- name: ensure key TestKey is present again
- name: Ensure key TestKey is present again
ipaautomountkey:
ipaadmin_password: SomeADMINpassword
location: TestLocation
@@ -57,7 +58,7 @@
failed_when: result.failed or result.changed
## modify the key
- name: ensure key TestKey information has been updated
- name: Ensure key TestKey information has been updated
ipaautomountkey:
ipaadmin_password: SomeADMINpassword
location: TestLocation
@@ -68,7 +69,7 @@
register: result
failed_when: result.failed or not result.changed
- name: ensure key TestKey information has been updated again
- name: Ensure key TestKey information has been updated again
ipaautomountkey:
ipaadmin_password: SomeADMINpassword
location: TestLocation
@@ -80,7 +81,7 @@
failed_when: result.failed or result.changed
## modify the name
- name: ensure key TestKey has been renamed to NewKeyName
- name: Ensure key TestKey has been renamed to NewKeyName
ipaautomountkey:
ipaadmin_password: SomeADMINpassword
location: TestLocation
@@ -91,7 +92,7 @@
register: result
failed_when: result.failed or not result.changed
- name: ensure key TestKey is absent
- name: Ensure key TestKey is absent
ipaautomountkey:
ipaadmin_password: SomeADMINpassword
location: TestLocation
@@ -101,7 +102,7 @@
register: result
failed_when: result.failed or result.changed
- name: ensure key NewKeyName is present
- name: Ensure key NewKeyName is present
ipaautomountkey:
ipaadmin_password: SomeADMINpassword
location: TestLocation
@@ -112,7 +113,7 @@
register: result
failed_when: result.failed or result.changed
- name: ensure failure when state is renamed and newname is not set
- name: Ensure failure when state is renamed and newname is not set
ipaautomountkey:
ipaadmin_password: SomeADMINpassword
location: TestLocation
@@ -124,7 +125,7 @@
### cleanup after the tests
always:
- name: ensure key NewKeyName is absent
- name: Ensure key NewKeyName is absent
ipaautomountkey:
ipaadmin_password: SomeADMINpassword
location: TestLocation
@@ -132,7 +133,7 @@
key: NewKeyName
state: absent
- name: ensure key TestKey is absent
- name: Ensure key TestKey is absent
ipaautomountkey:
ipaadmin_password: SomeADMINpassword
location: TestLocation
@@ -140,14 +141,14 @@
key: NewKeyName
state: absent
- name: ensure map TestMap is absent
- name: Ensure map TestMap is absent
ipaautomountmap:
ipaadmin_password: SomeADMINpassword
name: TestMap
location: TestLocation
state: absent
- name: ensure location TestLocation is absent
- name: Ensure location TestLocation is absent
ipaautomountlocation:
ipaadmin_password: SomeADMINpassword
name: TestLocation

6
tests/automount/test_automountkey_client_context.yml
View File

@@ -6,7 +6,7 @@
tasks:
- name: Include FreeIPA facts.
include_tasks: ../env_freeipa_facts.yml
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
# Test will only be executed if host is not a server.
- name: Execute with server context in the client.
@@ -29,13 +29,13 @@
# in upstream CI.
- name: Test automountlocation using client context, in client host.
import_playbook: test_automountkey.yml
ansible.builtin.import_playbook: test_automountkey.yml
when: groups['ipaclients']
vars:
ipa_test_host: ipaclients
- name: Test automountlocation using client context, in server host.
import_playbook: test_automountkey.yml
ansible.builtin.import_playbook: test_automountkey.yml
when: groups['ipaclients'] is not defined or not groups['ipaclients']
vars:
ipa_context: client

22
tests/automount/test_automountlocation.yml
View File

@@ -5,7 +5,7 @@
gather_facts: false
tasks:
- name: ensure automountlocation TestLocations are absent before testing
- name: Ensure automountlocation TestLocations are absent before testing
ipaautomountlocation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -14,7 +14,7 @@
- TestLocation_02
state: absent
- name: ensure empty automountlocation does nothing
- name: Ensure empty automountlocation does nothing
ipaautomountlocation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -23,7 +23,7 @@
register: result
failed_when: not result.failed or "At least one location must be provided" not in result.msg
- name: ensure empty automountlocation does nothing on absent
- name: Ensure empty automountlocation does nothing on absent
ipaautomountlocation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -32,7 +32,7 @@
register: result
failed_when: not result.failed or "At least one location must be provided" not in result.msg
- name: ensure automountlocation TestLocation is present
- name: Ensure automountlocation TestLocation is present
ipaautomountlocation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -41,7 +41,7 @@
register: result
failed_when: not result.changed or result.failed
- name: ensure automountlocation TestLocation is present again
- name: Ensure automountlocation TestLocation is present again
ipaautomountlocation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -50,7 +50,7 @@
register: result
failed_when: result.changed or result.failed
- name: ensure automountlocation TestLocation is absent
- name: Ensure automountlocation TestLocation is absent
ipaautomountlocation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -59,7 +59,7 @@
register: result
failed_when: not result.changed or result.failed
- name: ensure automountlocation TestLocation is absent again
- name: Ensure automountlocation TestLocation is absent again
ipaautomountlocation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -68,7 +68,7 @@
register: result
failed_when: result.changed or result.failed
- name: ensure a list of automountlocations are present
- name: Ensure a list of automountlocations are present
ipaautomountlocation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -79,7 +79,7 @@
register: result
failed_when: result.failed or not result.changed
- name: ensure a list of automountlocations exist
- name: Ensure a list of automountlocations exist
ipaautomountlocation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -90,7 +90,7 @@
register: result
failed_when: result.changed or result.failed
- name: ensure a list of automountlocations are absent
- name: Ensure a list of automountlocations are absent
ipaautomountlocation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -101,7 +101,7 @@
register: result
failed_when: result.failed or not result.changed
- name: ensure multiple automountlocations are absent
- name: Ensure multiple automountlocations are absent
ipaautomountlocation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"

6
tests/automount/test_automountlocation_client_context.yml
View File

@@ -6,7 +6,7 @@
tasks:
- name: Include FreeIPA facts.
include_tasks: ../env_freeipa_facts.yml
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
# Test will only be executed if host is not a server.
- name: Execute with server context in the client.
@@ -27,13 +27,13 @@
# in upstream CI.
- name: Test automountlocation using client context, in client host.
import_playbook: test_automountlocation.yml
ansible.builtin.import_playbook: test_automountlocation.yml
when: groups['ipaclients']
vars:
ipa_test_host: ipaclients
- name: Test automountlocation using client context, in server host.
import_playbook: test_automountlocation.yml
ansible.builtin.import_playbook: test_automountlocation.yml
when: groups['ipaclients'] is not defined or not groups['ipaclients']
vars:
ipa_context: client

39
tests/automount/test_automountmap.yml
View File

@@ -6,7 +6,7 @@
tasks:
# setup environment
- name: ensure test maps are absent
- name: Ensure test maps are absent
ipaautomountmap:
ipaadmin_password: SomeADMINpassword
name:
@@ -15,28 +15,29 @@
location: TestLocation
state: absent
- name: ensure location TestLocation is absent
- name: Ensure location TestLocation is absent
ipaautomountlocation:
ipaadmin_password: SomeADMINpassword
name: TestLocation
state: absent
- name: ensure map TestMap is absent
- name: Ensure map TestMap is absent
ipaautomountmap:
ipaadmin_password: SomeADMINpassword
name: TestMap
location: TestLocation
state: absent
- name: ensure location TestLocation is present
- name: Ensure location TestLocation is present
ipaautomountlocation:
ipaadmin_password: SomeADMINpassword
name: TestLocation
state: present
# TESTS
- block:
- name: ensure map TestMap is present
- name: Execute Automount Map tests
block:
- name: Ensure map TestMap is present
ipaautomountmap:
ipaadmin_password: SomeADMINpassword
name: TestMap
@@ -45,7 +46,7 @@
register: result
failed_when: result.failed or not result.changed
- name: ensure map TestMap is present again
- name: Ensure map TestMap is present again
ipaautomountmap:
ipaadmin_password: SomeADMINpassword
name: TestMap
@@ -53,7 +54,7 @@
register: result
failed_when: result.failed or result.changed
- name: ensure map TestMap has a different description
- name: Ensure map TestMap has a different description
ipaautomountmap:
ipaadmin_password: SomeADMINpassword
name: TestMap
@@ -62,7 +63,7 @@
register: result
failed_when: result.failed or not result.changed
- name: ensure map TestMap has a different description, again
- name: Ensure map TestMap has a different description, again
ipaautomountmap:
ipaadmin_password: SomeADMINpassword
name: TestMap
@@ -71,7 +72,7 @@
register: result
failed_when: result.failed or result.changed
- name: ensure map TestMap has an empty description
- name: Ensure map TestMap has an empty description
ipaautomountmap:
ipaadmin_password: SomeADMINpassword
name: TestMap
@@ -80,7 +81,7 @@
register: result
failed_when: result.failed or not result.changed
- name: ensure map TestMap has an empty description, again
- name: Ensure map TestMap has an empty description, again
ipaautomountmap:
ipaadmin_password: SomeADMINpassword
name: TestMap
@@ -89,7 +90,7 @@
register: result
failed_when: result.failed or result.changed
- name: ensure map TestMap is removed
- name: Ensure map TestMap is removed
ipaautomountmap:
ipaadmin_password: SomeADMINpassword
name: TestMap
@@ -98,7 +99,7 @@
register: result
failed_when: result.failed or not result.changed
- name: ensure map TestMap has been removed
- name: Ensure map TestMap has been removed
ipaautomountmap:
ipaadmin_password: SomeADMINpassword
name: TestMap
@@ -107,7 +108,7 @@
register: result
failed_when: result.failed or result.changed
- name: ensure map TestMap01 is present
- name: Ensure map TestMap01 is present
ipaautomountmap:
ipaadmin_password: SomeADMINpassword
name: TestMap01
@@ -116,7 +117,7 @@
register: result
failed_when: result.failed or not result.changed
- name: ensure map TestMap02 is present
- name: Ensure map TestMap02 is present
ipaautomountmap:
ipaadmin_password: SomeADMINpassword
name: TestMap02
@@ -125,7 +126,7 @@
register: result
failed_when: result.failed or not result.changed
- name: ensure TestMap01 and TestMap02 are both absent
- name: Ensure TestMap01 and TestMap02 are both absent
ipaautomountmap:
ipaadmin_password: SomeADMINpassword
name:
@@ -136,7 +137,7 @@
register: result
failed_when: result.failed or not result.changed
- name: ensure TestMap01 and TestMap02 are both absent again
- name: Ensure TestMap01 and TestMap02 are both absent again
ipaautomountmap:
ipaadmin_password: SomeADMINpassword
name:
@@ -149,7 +150,7 @@
# CLEAN UP
always:
- name: ensure test maps are absent
- name: Ensure test maps are absent
ipaautomountmap:
ipaadmin_password: SomeADMINpassword
name:
@@ -158,7 +159,7 @@
location: TestLocation
state: absent
- name: ensure location TestLocation is absent
- name: Ensure location TestLocation is absent
ipaautomountlocation:
ipaadmin_password: SomeADMINpassword
name: TestLocation

6
tests/automount/test_automountmap_client_context.yml
View File

@@ -6,7 +6,7 @@
tasks:
- name: Include FreeIPA facts.
include_tasks: ../env_freeipa_facts.yml
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
# Test will only be executed if host is not a server.
- name: Execute with server context in the client.
@@ -28,13 +28,13 @@
# in upstream CI.
- name: Test automountmap using client context, in client host.
import_playbook: test_automountmap.yml
ansible.builtin.import_playbook: test_automountmap.yml
when: groups['ipaclients']
vars:
ipa_test_host: ipaclients
- name: Test automountmap using client context, in server host.
import_playbook: test_automountmap.yml
ansible.builtin.import_playbook: test_automountmap.yml
when: groups['ipaclients'] is not defined or not groups['ipaclients']
vars:
ipa_context: client

21
tests/azure/azure-pipelines.yml
View File

@@ -9,6 +9,17 @@ stages:
# Fedora
- stage: Fedora_Ansible_Latest
dependsOn: []
jobs:
- template: templates/group_tests.yml
parameters:
build_number: $(Build.BuildNumber)
scenario: fedora-latest
ansible_version: "-core"
# Fedora
- stage: Fedora_Latest
dependsOn: []
jobs:
@@ -16,7 +27,7 @@ stages:
parameters:
build_number: $(Build.BuildNumber)
scenario: fedora-latest
ansible_version: "-core >=2.12,<2.13"
ansible_version: "-core >=2.13,<2.14"
# Galaxy on Fedora
@@ -27,7 +38,7 @@ stages:
parameters:
build_number: $(Build.BuildNumber)
scenario: fedora-latest
ansible_version: "-core >=2.12,<2.13"
ansible_version: "-core >=2.13,<2.14"
# CentOS 9 Stream
@@ -38,7 +49,7 @@ stages:
parameters:
build_number: $(Build.BuildNumber)
scenario: c9s
ansible_version: "-core >=2.12,<2.13"
ansible_version: "-core >=2.13,<2.14"
# CentOS 8 Stream
@@ -49,7 +60,7 @@ stages:
parameters:
build_number: $(Build.BuildNumber)
scenario: c8s
ansible_version: "-core >=2.12,<2.13"
ansible_version: "-core >=2.13,<2.14"
# CentOS 7
@@ -60,4 +71,4 @@ stages:
parameters:
build_number: $(Build.BuildNumber)
scenario: centos-7
ansible_version: "-core >=2.12,<2.13"
ansible_version: "-core >=2.13,<2.14"

216
tests/azure/nightly.yml
View File

@@ -16,15 +16,6 @@ stages:
# Fedora
- stage: FedoraLatest_Ansible_Core_2_11
dependsOn: []
jobs:
- template: templates/group_tests.yml
parameters:
build_number: $(Build.BuildNumber)
scenario: fedora-latest
ansible_version: "-core >=2.11,<2.12"
- stage: FedoraLatest_Ansible_Core_2_12
dependsOn: []
jobs:
@@ -34,6 +25,24 @@ stages:
scenario: fedora-latest
ansible_version: "-core >=2.12,<2.13"
- stage: FedoraLatest_Ansible_Core_2_13
dependsOn: []
jobs:
- template: templates/group_tests.yml
parameters:
build_number: $(Build.BuildNumber)
scenario: fedora-latest
ansible_version: "-core >=2.13,<2.14"
- stage: FedoraLatest_Ansible_Core_2_14
dependsOn: []
jobs:
- template: templates/group_tests.yml
parameters:
build_number: $(Build.BuildNumber)
scenario: fedora-latest
ansible_version: "-core >=2.14,<2.15"
- stage: FedoraLatest_Ansible_latest
dependsOn: []
jobs:
@@ -43,26 +52,8 @@ stages:
scenario: fedora-latest
ansible_version: ""
- stage: FedoraLatest_Ansible_Core_latest
dependsOn: []
jobs:
- template: templates/group_tests.yml
parameters:
build_number: $(Build.BuildNumber)
scenario: fedora-latest
ansible_version: "-core"
# Galaxy on Fedora
- stage: Galaxy_FedoraLatest_Ansible_Core_2_11
dependsOn: []
jobs:
- template: templates/galaxy_tests.yml
parameters:
build_number: $(Build.BuildNumber)
scenario: fedora-latest
ansible_version: "-core >=2.11,<2.12"
- stage: Galaxy_FedoraLatest_Ansible_Core_2_12
dependsOn: []
jobs:
@@ -72,6 +63,24 @@ stages:
scenario: fedora-latest
ansible_version: "-core >=2.12,<2.13"
- stage: Galaxy_FedoraLatest_Ansible_Core_2_13
dependsOn: []
jobs:
- template: templates/galaxy_tests.yml
parameters:
build_number: $(Build.BuildNumber)
scenario: fedora-latest
ansible_version: "-core >=2.13,<2.14"
- stage: Galaxy_FedoraLatest_Ansible_Core_2_14
dependsOn: []
jobs:
- template: templates/galaxy_tests.yml
parameters:
build_number: $(Build.BuildNumber)
scenario: fedora-latest
ansible_version: "-core >=2.14,<2.15"
- stage: Galaxy_FedoraLatest_Ansible_latest
dependsOn: []
jobs:
@@ -81,26 +90,8 @@ stages:
scenario: fedora-latest
ansible_version: ""
- stage: Galaxy_FedoraLatest_Ansible_Core_latest
dependsOn: []
jobs:
- template: templates/galaxy_tests.yml
parameters:
build_number: $(Build.BuildNumber)
scenario: fedora-latest
ansible_version: "-core"
# Fedora Rawhide
- stage: FedoraRawhide_Ansible_Core_2_11
dependsOn: []
jobs:
- template: templates/group_tests.yml
parameters:
build_number: $(Build.BuildNumber)
scenario: fedora-rawhide
ansible_version: "-core >=2.11,<2.12"
- stage: FedoraRawhide_Ansible_Core_2_12
dependsOn: []
jobs:
@@ -110,6 +101,24 @@ stages:
scenario: fedora-rawhide
ansible_version: "-core >=2.12,<2.13"
- stage: FedoraRawhide_Ansible_Core_2_13
dependsOn: []
jobs:
- template: templates/group_tests.yml
parameters:
build_number: $(Build.BuildNumber)
scenario: fedora-rawhide
ansible_version: "-core >=2.13,<2.14"
- stage: FedoraRawhide_Ansible_Core_2_14
dependsOn: []
jobs:
- template: templates/group_tests.yml
parameters:
build_number: $(Build.BuildNumber)
scenario: fedora-rawhide
ansible_version: "-core >=2.14,<2.15"
- stage: FedoraRawhide_Ansible_latest
dependsOn: []
jobs:
@@ -119,26 +128,8 @@ stages:
scenario: fedora-rawhide
ansible_version: ""
- stage: FedoraRawhide_Ansible_Core_latest
dependsOn: []
jobs:
- template: templates/group_tests.yml
parameters:
build_number: $(Build.BuildNumber)
scenario: fedora-rawhide
ansible_version: "-core"
# CentoOS 9 Stream
- stage: c9s_Ansible_Core_2_11
dependsOn: []
jobs:
- template: templates/group_tests.yml
parameters:
build_number: $(Build.BuildNumber)
scenario: c9s
ansible_version: "-core >=2.11,<2.12"
- stage: c9s_Ansible_Core_2_12
dependsOn: []
jobs:
@@ -148,6 +139,24 @@ stages:
scenario: c9s
ansible_version: "-core >=2.12,<2.13"
- stage: c9s_Ansible_Core_2_13
dependsOn: []
jobs:
- template: templates/group_tests.yml
parameters:
build_number: $(Build.BuildNumber)
scenario: c9s
ansible_version: "-core >=2.13,<2.14"
- stage: c9s_Ansible_Core_2_14
dependsOn: []
jobs:
- template: templates/group_tests.yml
parameters:
build_number: $(Build.BuildNumber)
scenario: c9s
ansible_version: "-core >=2.14,<2.15"
- stage: c9s_Ansible_latest
dependsOn: []
jobs:
@@ -157,26 +166,8 @@ stages:
scenario: c9s
ansible_version: ""
- stage: c9s_Ansible_Core_latest
dependsOn: []
jobs:
- template: templates/group_tests.yml
parameters:
build_number: $(Build.BuildNumber)
scenario: c9s
ansible_version: "-core"
# CentOS 8 Stream
- stage: c8s_Ansible_Core_2_11
dependsOn: []
jobs:
- template: templates/group_tests.yml
parameters:
build_number: $(Build.BuildNumber)
scenario: c8s
ansible_version: "-core >=2.11,<2.12"
- stage: c8s_Ansible_Core_2_12
dependsOn: []
jobs:
@@ -186,6 +177,24 @@ stages:
scenario: c8s
ansible_version: "-core >=2.12,<2.13"
- stage: c8s_Ansible_Core_2_13
dependsOn: []
jobs:
- template: templates/group_tests.yml
parameters:
build_number: $(Build.BuildNumber)
scenario: c8s
ansible_version: "-core >=2.13,<2.14"
- stage: c8s_Ansible_Core_2_14
dependsOn: []
jobs:
- template: templates/group_tests.yml
parameters:
build_number: $(Build.BuildNumber)
scenario: c8s
ansible_version: "-core >=2.14,<2.15"
- stage: c8s_Ansible_latest
dependsOn: []
jobs:
@@ -195,26 +204,8 @@ stages:
scenario: c8s
ansible_version: ""
- stage: c8s_Ansible_Core_latest
dependsOn: []
jobs:
- template: templates/group_tests.yml
parameters:
build_number: $(Build.BuildNumber)
scenario: c8s
ansible_version: "-core"
# CentOS 7
- stage: CentOS7_Ansible_Core_2_11
dependsOn: []
jobs:
- template: templates/group_tests.yml
parameters:
build_number: $(Build.BuildNumber)
scenario: centos-7
ansible_version: "-core >=2.11,<2.12"
- stage: CentOS7_Ansible_Core_2_12
dependsOn: []
jobs:
@@ -224,6 +215,24 @@ stages:
scenario: centos-7
ansible_version: "-core >=2.12,<2.13"
- stage: CentOS7_Ansible_Core_2_13
dependsOn: []
jobs:
- template: templates/group_tests.yml
parameters:
build_number: $(Build.BuildNumber)
scenario: centos-7
ansible_version: "-core >=2.13,<2.14"
- stage: CentOS7_Ansible_Core_2_14
dependsOn: []
jobs:
- template: templates/group_tests.yml
parameters:
build_number: $(Build.BuildNumber)
scenario: centos-7
ansible_version: "-core >=2.14,<2.15"
- stage: CentOS7_Ansible_latest
dependsOn: []
jobs:
@@ -232,12 +241,3 @@ stages:
build_number: $(Build.BuildNumber)
scenario: centos-7
ansible_version: ""
- stage: CentOS7_Ansible_Core_latest
dependsOn: []
jobs:
- template: templates/group_tests.yml
parameters:
build_number: $(Build.BuildNumber)
scenario: centos-7
ansible_version: "-core"

8
tests/azure/pr-pipeline.yml
View File

@@ -38,7 +38,7 @@ stages:
parameters:
build_number: $(Build.BuildNumber)
scenario: c9s
ansible_version: "-core >=2.12,<2.13"
ansible_version: "-core >=2.13,<2.14"
# CentOS 8 Stream
@@ -49,7 +49,7 @@ stages:
parameters:
build_number: $(Build.BuildNumber)
scenario: c8s
ansible_version: "-core >=2.12,<2.13"
ansible_version: "-core >=2.13,<2.14"
# CentOS 7
@@ -60,7 +60,7 @@ stages:
parameters:
build_number: $(Build.BuildNumber)
scenario: centos-7
ansible_version: "-core >=2.12,<2.13"
ansible_version: "-core >=2.13,<2.14"
# Rawhide
@@ -71,4 +71,4 @@ stages:
parameters:
build_number: $(Build.BuildNumber)
scenario: fedora-rawhide
ansible_version: "-core >=2.12,<2.13"
ansible_version: "-core >=2.13,<2.14"

3
tests/azure/templates/build_container.yml
View File

@@ -19,12 +19,15 @@ jobs:
versionSpec: '${{ parameters.python_version }}'
- script: python -m pip install --upgrade pip setuptools wheel ansible
retryCountOnTaskFailure: 5
displayName: Install tools
- script: pip install molecule[docker]
retryCountOnTaskFailure: 5
displayName: Install molecule
- script: molecule create -s ${{ parameters.build_scenario_name }}
retryCountOnTaskFailure: 5
displayName: Create test container
env:
ANSIBLE_LIBRARY: ./molecule

7
tests/azure/templates/galaxy_pytest_script.yml
View File

@@ -15,7 +15,7 @@ parameters:
jobs:
- job: Test_PyTests
displayName: Run pytests on ${{ parameters.scenario }}
timeoutInMinutes: 120
timeoutInMinutes: 240
steps:
- task: UsePythonVersion@0
inputs:
@@ -25,16 +25,21 @@ jobs:
pip install \
"molecule[docker]>=3" \
"ansible${{ parameters.ansible_version }}"
retryCountOnTaskFailure: 5
displayName: Install molecule and Ansible
- script: ansible-galaxy collection install community.docker ansible.posix
retryCountOnTaskFailure: 5
displayName: Install Ansible collections
- script: pip install -r requirements-tests.txt
retryCountOnTaskFailure: 5
displayName: Install dependencies
- script: |
utils/build-galaxy-release.sh -i
molecule create -s ${{ parameters.scenario }}
retryCountOnTaskFailure: 5
displayName: Setup test container
env:
ANSIBLE_LIBRARY: ./molecule

6
tests/azure/templates/galaxy_script.yml
View File

@@ -22,7 +22,7 @@ parameters:
jobs:
- job: Test_Group${{ parameters.group_number }}
displayName: Run playbook tests ${{ parameters.scenario }} (${{ parameters.group_number }}/${{ parameters.number_of_groups }})
timeoutInMinutes: 120
timeoutInMinutes: 240
variables:
- template: variables.yaml
- template: variables_${{ parameters.scenario }}.yaml
@@ -35,17 +35,21 @@ jobs:
pip install \
"molecule[docker]>=3" \
"ansible${{ parameters.ansible_version }}"
retryCountOnTaskFailure: 5
displayName: Install molecule and Ansible
- script: ansible-galaxy collection install community.docker ansible.posix
retryCountOnTaskFailure: 5
displayName: Install Ansible collections
- script: pip install -r requirements-tests.txt
retryCountOnTaskFailure: 5
displayName: Install dependencies
- script: |
utils/build-galaxy-release.sh -i
molecule create -s ${{ parameters.scenario }}
retryCountOnTaskFailure: 5
displayName: Setup test container
env:
ANSIBLE_LIBRARY: ./molecule

7
tests/azure/templates/playbook_fast.yml
View File

@@ -21,7 +21,7 @@ parameters:
jobs:
- job: Test_Group${{ parameters.group_number }}
displayName: Run playbook tests ${{ parameters.scenario }} (${{ parameters.group_number }}/${{ parameters.number_of_groups }})
timeoutInMinutes: 120
timeoutInMinutes: 240
variables:
- template: variables.yaml
- template: variables_${{ parameters.scenario }}.yaml
@@ -34,20 +34,25 @@ jobs:
pip install \
"molecule[docker]>=3" \
"ansible${{ parameters.ansible_version }}"
retryCountOnTaskFailure: 5
displayName: Install molecule and Ansible
- script: ansible-galaxy collection install community.docker ansible.posix
retryCountOnTaskFailure: 5
displayName: Install Ansible collections
- script: pip install -r requirements-tests.txt
retryCountOnTaskFailure: 5
displayName: Install dependencies
- script: |
rm -rf ~/ansible
mkdir -p ~/.ansible/roles ~/.ansible/library ~/.ansible/module_utils
cp -a roles/* ~/.ansible/roles
cp -a plugins/modules/* ~/.ansible/library
cp -a plugins/module_utils/* ~/.ansible/module_utils
molecule create -s ${{ parameters.scenario }}
retryCountOnTaskFailure: 5
displayName: Setup test container
env:
ANSIBLE_LIBRARY: ./molecule

7
tests/azure/templates/playbook_tests.yml
View File

@@ -21,7 +21,7 @@ parameters:
jobs:
- job: Test_Group${{ parameters.group_number }}
displayName: Run playbook tests ${{ parameters.scenario }} (${{ parameters.group_number }}/${{ parameters.number_of_groups }})
timeoutInMinutes: 120
timeoutInMinutes: 240
variables:
- template: variables.yaml
- template: variables_${{ parameters.scenario }}.yaml
@@ -34,20 +34,25 @@ jobs:
pip install \
"molecule[docker]>=3" \
"ansible${{ parameters.ansible_version }}"
retryCountOnTaskFailure: 5
displayName: Install molecule and Ansible
- script: ansible-galaxy collection install community.docker ansible.posix
retryCountOnTaskFailure: 5
displayName: Install Ansible collections
- script: pip install -r requirements-tests.txt
retryCountOnTaskFailure: 5
displayName: Install dependencies
- script: |
rm -rf ~/ansible
mkdir -p ~/.ansible/roles ~/.ansible/library ~/.ansible/module_utils
cp -a roles/* ~/.ansible/roles
cp -a plugins/modules/* ~/.ansible/library
cp -a plugins/module_utils/* ~/.ansible/module_utils
molecule create -s ${{ parameters.scenario }}
retryCountOnTaskFailure: 5
displayName: Setup test container
env:
ANSIBLE_LIBRARY: ./molecule

7
tests/azure/templates/pytest_tests.yml
View File

@@ -15,7 +15,7 @@ parameters:
jobs:
- job: Test_PyTests
displayName: Run pytests on ${{ parameters.scenario }}
timeoutInMinutes: 120
timeoutInMinutes: 240
variables:
- template: variables.yaml
- template: variables_${{ parameters.scenario }}.yaml
@@ -28,20 +28,25 @@ jobs:
pip install \
"molecule[docker]>=3" \
"ansible${{ parameters.ansible_version }}"
retryCountOnTaskFailure: 5
displayName: Install molecule and Ansible
- script: ansible-galaxy collection install community.docker ansible.posix
retryCountOnTaskFailure: 5
displayName: Install Ansible collections
- script: pip install -r requirements-tests.txt
retryCountOnTaskFailure: 5
displayName: Install dependencies
- script: |
rm -rf ~/.ansible
mkdir -p ~/.ansible/roles ~/.ansible/library ~/.ansible/module_utils
cp -a roles/* ~/.ansible/roles
cp -a plugins/modules/* ~/.ansible/library
cp -a plugins/module_utils/* ~/.ansible/module_utils
molecule create -s ${{ parameters.scenario }}
retryCountOnTaskFailure: 5
displayName: Setup test container
env:
ANSIBLE_LIBRARY: ./molecule

8
tests/backup_role/test_backup.yml
View File

@@ -174,7 +174,7 @@
become: no
# Copy all backups from server
- name: list all existing backups on server
- name: List all existing backups on server
ansible.builtin.find:
path: /var/lib/ipa/backup
recurse: no
@@ -305,7 +305,7 @@
become: no
# Remove all backups from server
- name: list all existing backups on server
- name: List all existing backups on server
ansible.builtin.find:
path: /var/lib/ipa/backup
recurse: no
@@ -320,7 +320,7 @@
state: absent
ipabackup_name: all
- name: list all existing backups on server
- name: List all existing backups on server
ansible.builtin.find:
path: /var/lib/ipa/backup
recurse: no
@@ -342,7 +342,7 @@
state: absent
ipabackup_name: all
- name: list all existing backups on server
- name: List all existing backups on server
ansible.builtin.find:
path: /var/lib/ipa/backup
recurse: no

2
tests/ca-less/clean_up_certificates.yml
View File

@@ -5,7 +5,7 @@
tasks:
- name: Run generate-certificates.sh
command: >
ansible.builtin.command: >
/bin/bash
generate-certificates.sh delete "{{ item }}"
args:

14
tests/ca-less/install_replica_without_ca.yml
View File

@@ -5,11 +5,11 @@
tasks:
- name: Run generate-certificates.sh
command: >
ansible.builtin.command: >
/bin/bash
generate-certificates.sh create
"{{ groups.ipareplicas[0] }}"
"{{ ipareplica_domain | default(groups.ipareplicas[0].split('.')[1:] | join ('.')) }}"
"{{ ipareplica_domain | default(groups.ipareplicas[0].split('.')[1:] | join('.')) }}"
args:
chdir: "{{ playbook_dir }}"
@@ -40,18 +40,18 @@
pre_tasks:
- name: Remove "/root/ca-less-test"
file:
ansible.builtin.file:
path: "/root/ca-less-test"
state: absent
- name: Generate "/root/ca-less-test"
file:
ansible.builtin.file:
path: "/root/ca-less-test"
state: directory
mode: 0775
- name: Copy CA certificate
copy:
ansible.builtin.copy:
src: "{{ playbook_dir }}/certificates/root-ca/cert.pem"
dest: "/root/ca-less-test/ca.crt"
owner: root
@@ -59,7 +59,7 @@
mode: "0644"
- name: Copy p12 certificates
copy:
ansible.builtin.copy:
src: "{{ playbook_dir }}/certificates/{{ item }}/{{ groups.ipareplicas[0] }}/cert.p12"
dest: "/root/ca-less-test/{{ item }}.p12"
owner: root
@@ -76,7 +76,7 @@
post_tasks:
- name: Fix KDC certificate permissions
file:
ansible.builtin.file:
path: /var/kerberos/krb5kdc/kdc.crt
owner: root
group: root

12
tests/ca-less/install_server_without_ca.yml
View File

@@ -5,11 +5,11 @@
tasks:
- name: Run generate-certificates.sh
command: >
ansible.builtin.command: >
/bin/bash
generate-certificates.sh create
"{{ groups.ipaserver[0] }}"
"{{ ipaserver_domain | default(groups.ipaserver[0].split('.')[1:] | join ('.')) }}"
"{{ ipaserver_domain | default(groups.ipaserver[0].split('.')[1:] | join('.')) }}"
args:
chdir: "{{ playbook_dir }}"
@@ -40,18 +40,18 @@
pre_tasks:
- name: Remove "/root/ca-less-test"
file:
ansible.builtin.file:
path: "/root/ca-less-test"
state: absent
- name: Generate "/root/ca-less-test"
file:
ansible.builtin.file:
path: "/root/ca-less-test"
state: directory
mode: 0775
- name: Copy CA certificate
copy:
ansible.builtin.copy:
src: "{{ playbook_dir }}/certificates/root-ca/cert.pem"
dest: "/root/ca-less-test/ca.crt"
owner: root
@@ -59,7 +59,7 @@
mode: "0644"
- name: Copy p12 certificates
copy:
ansible.builtin.copy:
src: "{{ playbook_dir }}/certificates/{{ item }}/{{ groups.ipaserver[0] }}/cert.p12"
dest: "/root/ca-less-test/{{ item }}.p12"
owner: root

126
tests/config/test_config.yml
View File

@@ -5,22 +5,24 @@
gather_facts: false
tasks:
- include_tasks: ../env_freeipa_facts.yml
- name: Include tasks ../env_freeipa_facts.yml
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
- block:
- name: Execute config tests
block:
# Retrieve current configuration.
- name: return current values of the global configuration options
- name: Return current values of the global configuration options
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
register: previousconfig
- name: Display current configuration.
debug:
ansible.builtin.debug:
var: previousconfig
# setup environment.
- name: create test group
- name: Create test group
ipagroup:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -32,93 +34,94 @@
ipaapi_context: "{{ ipa_context | default(omit) }}"
emaildomain: ipa.test
- name: set default shell to '/bin/sh'
- name: Set default shell to '/bin/sh'
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
defaultshell: /bin/sh
- name: set default group
- name: Set default group
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
defaultgroup: ipausers
- name: set default home directory
- name: Set default home directory
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
homedirectory: /home
- name: clear pac-type
- name: Clear pac-type
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
pac_type: ""
- block:
- name: set maxhostname to 255
- name: Execute tests if ipa_version >= 4.8.0
block:
- name: Set maxhostname to 255
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
maxhostname: 255
when: ipa_version is version('4.8.0', '>=')
- name: set maxusername to 45
- name: Set maxusername to 45
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
maxusername: 45
- name: set pwdexpnotify to 0
- name: Set pwdexpnotify to 0
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
pwdexpnotify: 0
- name: set searchrecordslimit to 10
- name: Set searchrecordslimit to 10
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
searchrecordslimit: 10
- name: set searchtimelimit to 1
- name: Set searchtimelimit to 1
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
searchtimelimit: 1
- name: clear configstring
- name: Clear configstring
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
configstring: ""
- name: set configstring to AllowNThash
- name: Set configstring to AllowNThash
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
configstring: 'KDC:Disable Lockout'
- name: set selinuxusermapdefault
- name: Set selinuxusermapdefault
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
selinuxusermapdefault: "staff_u:s0-s0:c0.c1023"
- name: set selinuxusermaporder
- name: Set selinuxusermaporder
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
selinuxusermaporder: 'user_u:s0$staff_u:s0-s0:c0.c1023'
- name: set usersearch to `uid`
- name: Set usersearch to `uid`
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
usersearch: uid
- name: set groupsearch to `cn`
- name: Set groupsearch to `cn`
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -141,7 +144,7 @@
register: result
failed_when: result.changed or result.failed
- name: set default shell to '/bin/someshell'
- name: Set default shell to '/bin/someshell'
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -149,7 +152,7 @@
register: result
failed_when: not result.changed or result.failed
- name: set default shell to '/bin/someshell', again.
- name: Set default shell to '/bin/someshell', again.
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -157,7 +160,7 @@
register: result
failed_when: result.changed or result.failed
- name: set default group
- name: Set default group
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -165,7 +168,7 @@
register: result
failed_when: not result.changed or result.failed
- name: set default group, again
- name: Set default group, again
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -173,7 +176,7 @@
register: result
failed_when: result.changed or result.failed
- name: set default home directory
- name: Set default home directory
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -181,7 +184,7 @@
register: result
failed_when: not result.changed or result.failed
- name: set default home directory, again
- name: Set default home directory, again
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -189,7 +192,7 @@
register: result
failed_when: result.changed or result.failed
- name: set pac-type
- name: Set pac-type
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -197,7 +200,7 @@
register: result
failed_when: not result.changed or result.failed
- name: set pac-type, again.
- name: Set pac-type, again.
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -205,7 +208,7 @@
register: result
failed_when: result.changed or result.failed
- name: set maxusername to 33
- name: Set maxusername to 33
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -213,7 +216,7 @@
register: result
failed_when: not result.changed or result.failed
- name: set maxusername to 33, again.
- name: Set maxusername to 33, again.
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -221,8 +224,9 @@
register: result
failed_when: result.changed or result.failed
- block:
- name: set maxhostname to 77
- name: Execute tests if ipa_version >= 4.8.0
block:
- name: Set maxhostname to 77
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -230,7 +234,7 @@
register: result
failed_when: not result.changed or result.failed
- name: set maxhostname to 77, again
- name: Set maxhostname to 77, again
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -239,7 +243,7 @@
failed_when: result.changed or result.failed
when: ipa_version is version('4.8.0', '>=')
- name: set pwdexpnotify to 17
- name: Set pwdexpnotify to 17
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -247,7 +251,7 @@
register: result
failed_when: not result.changed or result.failed
- name: set pwdexpnotify to 17, again
- name: Set pwdexpnotify to 17, again
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -255,7 +259,7 @@
register: result
failed_when: result.changed or result.failed
- name: set searchrecordslimit to -1
- name: Set searchrecordslimit to -1
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -263,7 +267,7 @@
register: result
failed_when: not result.changed or result.failed
- name: set searchrecordslimit to -1, again.
- name: Set searchrecordslimit to -1, again.
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -271,7 +275,7 @@
register: result
failed_when: result.changed or result.failed
- name: set searchtimelimit to 12345
- name: Set searchtimelimit to 12345
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -279,7 +283,7 @@
register: result
failed_when: not result.changed or result.failed
- name: set searchtimelimit to 12345, again.
- name: Set searchtimelimit to 12345, again.
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -287,7 +291,7 @@
register: result
failed_when: result.changed or result.failed
- name: change enable_migration
- name: Change enable_migration
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -295,7 +299,7 @@
register: result
failed_when: not result.changed or result.failed
- name: change enable_migration, again
- name: Change enable_migration, again
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -303,7 +307,7 @@
register: result
failed_when: result.changed or result.failed
- name: set configstring to AllowNThash
- name: Set configstring to AllowNThash
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -311,7 +315,7 @@
register: result
failed_when: not result.changed or result.failed
- name: set configstring to AllowNThash, again.
- name: Set configstring to AllowNThash, again.
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -319,7 +323,7 @@
register: result
failed_when: result.changed or result.failed
- name: set selinuxusermaporder
- name: Set selinuxusermaporder
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -327,7 +331,7 @@
register: result
failed_when: not result.changed or result.failed
- name: set selinuxusermaporder, again
- name: Set selinuxusermaporder, again
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -335,7 +339,7 @@
register: result
failed_when: result.changed or result.failed
- name: set selinuxusermapdefault
- name: Set selinuxusermapdefault
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -343,7 +347,7 @@
register: result
failed_when: not result.changed or result.failed
- name: set selinuxusermapdefault, again
- name: Set selinuxusermapdefault, again
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -351,7 +355,7 @@
register: result
failed_when: result.changed or result.failed
- name: set groupsearch to `description`
- name: Set groupsearch to `description`
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -359,7 +363,7 @@
register: result
failed_when: not result.changed or result.failed
- name: set groupsearch to `gidNumber`, again
- name: Set groupsearch to `gidNumber`, again
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -367,7 +371,7 @@
register: result
failed_when: result.changed or result.failed
- name: set usersearch to `uidNumber`
- name: Set usersearch to `uidNumber`
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -375,7 +379,7 @@
register: result
failed_when: not result.changed or result.failed
- name: set usersearch to `uidNumber`, again
- name: Set usersearch to `uidNumber`, again
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -383,7 +387,7 @@
register: result
failed_when: result.changed or result.failed
- name: reset changed fields
- name: Reset changed fields
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -410,15 +414,16 @@
register: result
failed_when: not result.changed or result.failed
- block:
- name: reset maxhostname
- name: Execute tests if ipa_version >= 4.8.0
block:
- name: Reset maxhostname
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
maxhostname: '{{ previousconfig.config.maxhostname | default(omit) }}'
when: ipa_version is version('4.8.0', '>=')
- name: reset changed fields, again
- name: Reset changed fields, again
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -445,8 +450,9 @@
register: result
failed_when: result.changed or result.failed
- block:
- name: reset maxhostname
- name: Execute tests if ipa_version >= 4.8.0
block:
- name: Reset maxhostname
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -481,12 +487,12 @@
register: result
- name: "CA-Renewal server warning."
debug:
ansible.builtin.debug:
msg: "Due to a test failure, IPA CA-Renewal Server might not be correctly be set. Check your configuration."
always:
# cleanup
- name: cleanup test group
- name: Cleanup test group
ipagroup:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"

6
tests/config/test_config_client_context.yml
View File

@@ -6,7 +6,7 @@
tasks:
- name: Include FreeIPA facts.
include_tasks: ../env_freeipa_facts.yml
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
# Test will only be executed if host is not a server.
- name: Execute with server context in the client.
@@ -26,13 +26,13 @@
# in upstream CI.
- name: Test config using client context, in client host.
import_playbook: test_config.yml
ansible.builtin.import_playbook: test_config.yml
when: groups['ipaclients']
vars:
ipa_test_host: ipaclients
- name: Test config using client context, in server host.
import_playbook: test_config.yml
ansible.builtin.import_playbook: test_config.yml
when: groups['ipaclients'] is not defined or not groups['ipaclients']
vars:
ipa_context: client

5
tests/config/test_config_sid.yml
View File

@@ -7,7 +7,7 @@
tasks:
- name: Set FreeIPA facts.
include_tasks: ../env_freeipa_facts.yml
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
# GET CURRENT CONFIG
@@ -18,7 +18,8 @@
register: previous
# TESTS
- block:
- name: Test config sid
block:
- name: Check if SID is enabled.
ipaconfig:
ipaadmin_password: SomeADMINpassword

6
tests/delegation/test_delegation_client_context.yml
View File

@@ -6,7 +6,7 @@
tasks:
- name: Include FreeIPA facts.
include_tasks: ../env_freeipa_facts.yml
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
# Test will only be executed if host is not a server.
- name: Execute with server context in the client.
@@ -27,13 +27,13 @@
# in upstream CI.
- name: Test delegation using client context, in client host.
import_playbook: test_delegation.yml
ansible.builtin.import_playbook: test_delegation.yml
when: groups['ipaclients']
vars:
ipa_test_host: ipaclients
- name: Test delegation using client context, in server host.
import_playbook: test_delegation.yml
ansible.builtin.import_playbook: test_delegation.yml
when: groups['ipaclients'] is not defined or not groups['ipaclients']
vars:
ipa_context: client

6
tests/dnsconfig/test_dnsconfig_client_context.yml
View File

@@ -6,7 +6,7 @@
tasks:
- name: Include FreeIPA facts.
include_tasks: ../env_freeipa_facts.yml
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
# Test will only be executed if host is not a server.
- name: Execute with server context in the client.
@@ -27,13 +27,13 @@
# in upstream CI.
- name: Test dnsconfig using client context, in client host.
import_playbook: test_dnsconfig.yml
ansible.builtin.import_playbook: test_dnsconfig.yml
when: groups['ipaclients']
vars:
ipa_test_host: ipaclients
- name: Test dnsconfig using client context, in server host.
import_playbook: test_dnsconfig.yml
ansible.builtin.import_playbook: test_dnsconfig.yml
when: groups['ipaclients'] is not defined or not groups['ipaclients']
vars:
ipa_context: client

3
tests/dnsconfig/test_dnsconfig_forwarders_ports.yml
View File

@@ -5,7 +5,8 @@
gather_facts: no
tasks:
- block:
- name: Test dnsconfig forwarders ports
block:
# Setup.
- name: Ensure forwarder with custom port is absent.
ipadnsconfig:

58
tests/dnsforwardzone/test_dnsforwardzone.yml
View File

@@ -5,7 +5,7 @@
gather_facts: false
tasks:
- name: ensure test forwardzones are absent
- name: Ensure test forwardzones are absent
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -14,7 +14,7 @@
- newfailzone.com
state: absent
- name: ensure forwardzone example.com is created
- name: Ensure forwardzone example.com is created
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -27,7 +27,7 @@
register: result
failed_when: not result.changed or result.failed
- name: ensure forwardzone example.com is present again
- name: Ensure forwardzone example.com is present again
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -40,7 +40,7 @@
register: result
failed_when: result.changed or result.failed
- name: ensure forwardzone example.com has two forwarders
- name: Ensure forwardzone example.com has two forwarders
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -55,7 +55,7 @@
register: result
failed_when: not result.changed or result.failed
- name: ensure forwardzone example.com has one forwarder again
- name: Ensure forwardzone example.com has one forwarder again
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -68,7 +68,7 @@
register: result
failed_when: result.changed or result.failed
- name: skip_overlap_check can only be set on creation so change nothing
- name: Skip_overlap_check can only be set on creation so change nothing
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -81,7 +81,7 @@
register: result
failed_when: result.changed or result.failed
- name: ensure forwardzone example.com is absent.
- name: Ensure forwardzone example.com is absent.
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -90,7 +90,7 @@
register: result
failed_when: not result.changed or result.failed
- name: ensure forwardzone example.com is absent, again.
- name: Ensure forwardzone example.com is absent, again.
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -99,7 +99,7 @@
register: result
failed_when: result.changed or result.failed
- name: change all the things at once
- name: Change all the things at once
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -115,7 +115,7 @@
register: result
failed_when: not result.changed or result.failed
- name: change zone forward policy
- name: Change zone forward policy
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -124,7 +124,7 @@
register: result
failed_when: not result.changed or result.failed
- name: change zone forward policy, again
- name: Change zone forward policy, again
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -133,7 +133,7 @@
register: result
failed_when: result.changed or result.failed
- name: ensure forwardzone example.com is absent.
- name: Ensure forwardzone example.com is absent.
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -142,7 +142,7 @@
register: result
failed_when: not result.changed or result.failed
- name: ensure forwardzone example.com is absent, again.
- name: Ensure forwardzone example.com is absent, again.
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -151,7 +151,7 @@
register: result
failed_when: result.changed or result.failed
- name: ensure forwardzone example.com is created with minimal args
- name: Ensure forwardzone example.com is created with minimal args
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -163,7 +163,7 @@
register: result
failed_when: not result.changed or result.failed
- name: ensure forwardzone example.com is created with minimal args, again
- name: Ensure forwardzone example.com is created with minimal args, again
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -175,7 +175,7 @@
register: result
failed_when: result.changed or result.failed
- name: add a forwarder to any existing ones
- name: Add a forwarder to any existing ones
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -188,7 +188,7 @@
register: result
failed_when: not result.changed or result.failed
- name: add a forwarder to any existing ones, again
- name: Add a forwarder to any existing ones, again
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -201,7 +201,7 @@
register: result
failed_when: result.changed or result.failed
- name: check the list of forwarders is what we expect
- name: Check the list of forwarders is what we expect
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -215,7 +215,7 @@
register: result
failed_when: result.changed or result.failed
- name: remove a single forwarder
- name: Remove a single forwarder
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -227,7 +227,7 @@
register: result
failed_when: not result.changed or result.failed
- name: remove a single forwarder, again
- name: Remove a single forwarder, again
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -239,7 +239,7 @@
register: result
failed_when: result.changed or result.failed
- name: check the list of forwarders is what we expect now
- name: Check the list of forwarders is what we expect now
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -292,7 +292,7 @@
register: result
failed_when: result.changed or result.failed
- name: disable the forwarder
- name: Disable the forwarder
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -301,7 +301,7 @@
register: result
failed_when: not result.changed or result.failed
- name: disable the forwarder again
- name: Disable the forwarder again
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -310,7 +310,7 @@
register: result
failed_when: result.changed or result.failed
- name: enable the forwarder
- name: Enable the forwarder
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -319,7 +319,7 @@
register: result
failed_when: not result.changed or result.failed
- name: enable the forwarder, again
- name: Enable the forwarder, again
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -328,14 +328,14 @@
register: result
failed_when: result.changed or result.failed
- name: ensure forwardzone example.com is absent again
- name: Ensure forwardzone example.com is absent again
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: example.com
state: absent
- name: try to create a new forwarder with action=member
- name: Try to create a new forwarder with action=member
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -349,7 +349,7 @@
register: result
failed_when: not result.failed or "not found" not in result.msg
- name: try to create a new forwarder with disabled state
- name: Try to create a new forwarder with disabled state
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -366,7 +366,7 @@
register: result
failed_when: not result.failed or "No forwarders specified" not in result.msg
- name: ensure forwardzone example.com is absent - tidy up
- name: Ensure forwardzone example.com is absent - tidy up
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"

6
tests/dnsforwardzone/test_dnsforwardzone_client_context.yml
View File

@@ -6,7 +6,7 @@
tasks:
- name: Include FreeIPA facts.
include_tasks: ../env_freeipa_facts.yml
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
# Test will only be executed if host is not a server.
- name: Execute with server context in the client.
@@ -27,13 +27,13 @@
# in upstream CI.
- name: Test dnsforwardzone using client context, in client host.
import_playbook: test_dnsforwardzone.yml
ansible.builtin.import_playbook: test_dnsforwardzone.yml
when: groups['ipaclients']
vars:
ipa_test_host: ipaclients
- name: Test dnsforwardzone using client context, in server host.
import_playbook: test_dnsforwardzone.yml
ansible.builtin.import_playbook: test_dnsforwardzone.yml
when: groups['ipaclients'] is not defined or not groups['ipaclients']
vars:
ipa_context: client

4
tests/dnsrecord/env_setup.yml
View File

@@ -1,10 +1,10 @@
---
- name: Setup variables and facts.
include_tasks: env_vars.yml
ansible.builtin.include_tasks: env_vars.yml
# Cleanup before setup.
- name: Cleanup test environment.
include_tasks: env_cleanup.yml
ansible.builtin.include_tasks: env_cleanup.yml
# Common setup tasks.
- name: Ensure DNS testing zones are present.

10
tests/dnsrecord/env_vars.yml
View File

@@ -1,7 +1,7 @@
---
# Set common vars and facts for test.
- name: Set IPv4 address prefix.
set_fact:
ansible.builtin.set_fact:
ipv4_prefix: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] |
join('.') }}"
ipv4_reverse: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] |
@@ -9,12 +9,12 @@
join('.') }}"
- name: Set zone prefixes.
set_fact:
ansible.builtin.set_fact:
testzone: 'testzone.test'
safezone: 'safezone.test'
zone_ipv6_reverse: "ip6.arpa."
zone_ipv6_reverse_workaround: "d.f.ip6.arpa."
zone_prefix_reverse: "in-addr.arpa."
zone_prefix_reverse_24: "{{ ipv4_reverse.split('.')[:] | join ('.') }}.in-addr.arpa."
zone_prefix_reverse_16: "{{ ipv4_reverse.split('.')[1:] | join ('.') }}.in-addr.arpa."
zone_prefix_reverse_8: "{{ ipv4_reverse.split('.')[2:] | join ('.') }}.in-addr.arpa."
zone_prefix_reverse_24: "{{ ipv4_reverse.split('.')[:] | join('.') }}.in-addr.arpa."
zone_prefix_reverse_16: "{{ ipv4_reverse.split('.')[1:] | join('.') }}.in-addr.arpa."
zone_prefix_reverse_8: "{{ ipv4_reverse.split('.')[2:] | join('.') }}.in-addr.arpa."

6
tests/dnsrecord/test_dnsrecord.yml
View File

@@ -7,10 +7,10 @@
tasks:
- name: Setup testing environment.
include_tasks: env_setup.yml
ansible.builtin.include_tasks: env_setup.yml
- name: Generate self-signed certificates.
shell:
ansible.builtin.shell:
cmd: |
openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout "private{{ item }}.key" -out "cert{{ item }}.pem" -subj '/CN=test'
openssl x509 -outform der -in "cert{{ item }}.pem" -out "cert{{ item }}.der"
@@ -1547,7 +1547,7 @@
# cleanup
- name: Cleanup test environment.
include_tasks: env_cleanup.yml
ansible.builtin.include_tasks: env_cleanup.yml
- name: Remove certificate files. # noqa: deprecated-command-syntax
ansible.builtin.shell: rm -f "private{{ item }}.key" "cert{{ item }}.pem" "cert{{ item }}.der" "cert{{ item }}.b64"

6
tests/dnsrecord/test_dnsrecord_client_context.yml
View File

@@ -6,7 +6,7 @@
tasks:
- name: Include FreeIPA facts.
include_tasks: ../env_freeipa_facts.yml
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
# Test will only be executed if host is not a server.
- name: Execute with server context in the client.
@@ -27,13 +27,13 @@
# in upstream CI.
- name: Test dnsrecord using client context, in client host.
import_playbook: test_dnsrecord.yml
ansible.builtin.import_playbook: test_dnsrecord.yml
when: groups['ipaclients']
vars:
ipa_test_host: ipaclients
- name: Test dnsrecord using client context, in server host.
import_playbook: test_dnsrecord.yml
ansible.builtin.import_playbook: test_dnsrecord.yml
when: groups['ipaclients'] is not defined or not groups['ipaclients']
vars:
ipa_context: client

4
tests/dnsrecord/test_dnsrecord_full_records.yml
View File

@@ -7,7 +7,7 @@
tasks:
- name: Setup test environment
include_tasks: env_setup.yml
ansible.builtin.include_tasks: env_setup.yml
# tests
@@ -147,4 +147,4 @@
# Cleanup
- name: Cleanup test environment.
include_tasks: env_cleanup.yml
ansible.builtin.include_tasks: env_cleanup.yml

4
tests/dnsrecord/test_dnsrecord_modify_record.yml
View File

@@ -6,7 +6,7 @@
tasks:
- name: Setup testing environment.
include_tasks: env_setup.yml
ansible.builtin.include_tasks: env_setup.yml
- name: Add test host.
ipahost:
@@ -177,4 +177,4 @@
state: absent
# cleanup
- name: Cleanup test environment.
include_tasks: env_cleanup.yml
ansible.builtin.include_tasks: env_cleanup.yml

2
tests/dnszone/env_setup.yml
View File

@@ -1,3 +1,3 @@
---
- name: Cleanup test environment.
include_tasks: env_cleanup.yml
ansible.builtin.include_tasks: env_cleanup.yml

2
tests/dnszone/env_teardown.yml
View File

@@ -1,3 +1,3 @@
---
- name: Cleanup test environment.
include_tasks: env_cleanup.yml
ansible.builtin.include_tasks: env_cleanup.yml

10
tests/dnszone/test_dnszone.yml
View File

@@ -8,10 +8,10 @@
# Setup
- name: Setup testing environment
include_tasks: env_setup.yml
ansible.builtin.include_tasks: env_setup.yml
# Tests
- name: Check if zone is present, when in shouldn't be.
- name: Check if zone is present, when it shouldn't be.
ipadnszone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -21,7 +21,7 @@
register: result
failed_when: not result.changed or result.failed
- name: Check if zone is present again, when in shouldn't be.
- name: Check if zone is present again, when it shouldn't be.
ipadnszone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -40,7 +40,7 @@
register: result
failed_when: not result.changed or result.failed
- name: Check if zone is present, when in should be.
- name: Check if zone is present, when it should be.
ipadnszone:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
@@ -267,4 +267,4 @@
# Teardown
- name: Teardown testing environment
include_tasks: env_teardown.yml
ansible.builtin.include_tasks: env_teardown.yml

6
tests/dnszone/test_dnszone_client_context.yml
View File

@@ -6,7 +6,7 @@
tasks:
- name: Include FreeIPA facts.
include_tasks: ../env_freeipa_facts.yml
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
# Test will only be executed if host is not a server.
- name: Execute with server context in the client.
@@ -27,13 +27,13 @@
# in upstream CI.
- name: Test dnszone using client context, in client host.
import_playbook: test_dnszone.yml
ansible.builtin.import_playbook: test_dnszone.yml
when: groups['ipaclients']
vars:
ipa_test_host: ipaclients
- name: Test dnszone using client context, in server host.
import_playbook: test_dnszone.yml
ansible.builtin.import_playbook: test_dnszone.yml
when: groups['ipaclients'] is not defined or not groups['ipaclients']
vars:
ipa_context: client

4
tests/dnszone/test_dnszone_mod.yml
View File

@@ -8,7 +8,7 @@
# Setup
- name: Setup testing environment
include_tasks: env_setup.yml
ansible.builtin.include_tasks: env_setup.yml
- name: Ensure zone is present.
ipadnszone:
@@ -291,4 +291,4 @@
# Teardown
- name: Teardown testing environment
include_tasks: env_teardown.yml
ansible.builtin.include_tasks: env_teardown.yml

6
tests/dnszone/test_dnszone_name_from_ip.yml
View File

@@ -8,7 +8,7 @@
# Setup
- name: Setup testing environment
include_tasks: env_setup.yml
ansible.builtin.include_tasks: env_setup.yml
# Tests
- name: Ensure zone exists for reverse IP.
@@ -55,7 +55,7 @@
register: ipv6_zone
failed_when: not ipv6_zone.changed or ipv6_zone.failed
# - debug:
# - ansible.builtin.debug:
# msg: "{{ipv6_zone}}"
- name: Ensure ipv6 zone was created.
@@ -95,4 +95,4 @@
# Teardown
- name: Teardown testing environment
include_tasks: env_teardown.yml
ansible.builtin.include_tasks: env_teardown.yml

15
tests/env_freeipa_facts.yml
View File

@@ -8,12 +8,12 @@
#
---
- name: Retrieving FreeIPA version.
shell:
ansible.builtin.shell:
cmd: 'ipa --version | sed -n "s/VERSION: \([^,]*\).*API_VERSION: \([^,]*\).*/\1\\n\2/p"'
register: ipa_cmd_version
- name: Verify if host is an IPA server or client.
shell:
ansible.builtin.shell:
cmd: |
echo SomeADMINpassword | kinit -c {{ krb5ccname }} admin
RESULT=$(KRB5CCNAME={{ krb5ccname }} ipa server-show `hostname` && echo SERVER || echo CLIENT)
@@ -24,20 +24,21 @@
register: output
- name: Set FreeIPA facts.
set_fact:
ansible.builtin.set_fact:
ipa_version: "{{ ipa_cmd_version.stdout_lines[0] }}"
ipa_api_version: "{{ ipa_cmd_version.stdout_lines[1] }}"
ipa_host_is_client: "{{ (output.stdout_lines[-1] == 'CLIENT') | bool }}"
trust_test_is_supported: no
- block:
- name: Ensure ipaserver_domain is set
block:
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}"
ansible.builtin.set_fact:
ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join('.') }}"
when: "'fqdn' in ansible_facts"
- name: Set Domain to 'ipa.test' if FQDN could not be retrieved.
set_fact:
ansible.builtin.set_fact:
ipaserver_domain: "ipa.test"
when: "'fqdn' not in ansible_facts"
when: ipaserver_domain is not defined

4
tests/external-signed-ca-with-automatic-copy/install-server-with-external-ca-with-automatic-copy.yml
View File

@@ -15,11 +15,11 @@
tasks:
- name: Run external-ca.sh
command: >
ansible.builtin.command: >
/bin/bash
external-ca.sh
"{{ groups.ipaserver[0] }}"
"{{ ipaserver_domain | default(groups.ipaserver[0].split('.')[1:] | join ('.')) }}"
"{{ ipaserver_domain | default(groups.ipaserver[0].split('.')[1:] | join('.')) }}"
args:
chdir: "{{ playbook_dir }}"

8
tests/external-signed-ca-with-manual-copy/install-server-with-external-ca-with-manual-copy.yml
View File

@@ -11,7 +11,7 @@
post_tasks:
- name: Copy CSR /root/ipa.csr from node to "{{ groups.ipaserver[0] + '-ipa.csr' }}"
fetch:
ansible.builtin.fetch:
src: /root/ipa.csr
dest: "{{ groups.ipaserver[0] + '-ipa.csr' }}"
flat: yes
@@ -21,11 +21,11 @@
tasks:
- name: Run external-ca.sh
command: >
ansible.builtin.command: >
/bin/bash
external-ca.sh
"{{ groups.ipaserver[0] }}"
"{{ ipaserver_domain | default(groups.ipaserver[0].split('.')[1:] | join ('.')) }}"
"{{ ipaserver_domain | default(groups.ipaserver[0].split('.')[1:] | join('.')) }}"
args:
chdir: "{{ playbook_dir }}"
@@ -38,7 +38,7 @@
pre_tasks:
- name: Copy "{{ groups.ipaserver[0] + '-chain.crt' }}" to /root/chain.crt on node
copy:
ansible.builtin.copy:
src: "{{ groups.ipaserver[0] + '-chain.crt' }}"
dest: "/root/chain.crt"
force: yes

8
tests/group/test_group.yml
View File

@@ -6,12 +6,13 @@
tasks:
# setup
- include_tasks: ../env_freeipa_facts.yml
- name: Include tasks ../env_freeipa_facts.yml
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
# GET FQDN_AT_DOMAIN
- name: Get fqdn_at_domain
set_fact:
ansible.builtin.set_fact:
fqdn_at_domain: "{{ ansible_facts['fqdn'] + '@' + ipaserver_realm }}"
# CLEANUP TEST ITEMS
@@ -136,7 +137,8 @@
# service
- block:
- name: Execute tests if ipa_verison >= 4.7.0
block:
- name: Ensure service "{{ 'HTTP/' + fqdn_at_domain }}" is present in group group1
ipagroup:

Some files were not shown because too many files have changed in this diff Show More