internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-08 14:23:11 +00:00
Code Issues Projects Releases Wiki Activity
Files
fix-role-readme-title-1
ansible-freeipa/tests/host/test_host_random.yml
Thomas Woerner b3d5b32e31 ipahost: Honour update_password also for random 
If random is enabled and update_password is limited to "create_only", the
random password may only be changed if the host does not exist yet.

Additionally the generation of the random password will fail, if the host
is already enrolled if update_password is "always" (default value). An
error will be reported early in this case now.

The command host_show is now used instead of host_find, as `has_password`
and `has_keytab` are only returned by host_show, but not by host_find. The
find_host function has been adapated for this change.

Resolves: #253 (ipahost is not idempotent)
2020-05-11 13:13:54 +02:00

103 lines
2.7 KiB
YAML
Raw Permalink Blame History

---
- name: Test ipahost random password generation
hosts: ipaserver
become: true
tasks:
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Set host1_fqdn and host2_fqdn
set_fact:
host1_fqdn: "{{ 'host1.' + ipaserver_domain }}"
host2_fqdn: "{{ 'host2.' + ipaserver_domain }}"
- name: Test hosts absent
ipahost:
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
update_dns: yes
state: absent
- name: Host "{{ host1_fqdn }}" present with random password
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
random: yes
force: yes
update_password: on_create
register: ipahost
failed_when: not ipahost.changed
- assert:
that:
- ipahost.host.randompassword is defined
- name: Print generated random password
debug:
var: ipahost.host.randompassword
- name: Host "{{ host1_fqdn }}" absent
ipahost:
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
state: absent
- name: Hosts "{{ host1_fqdn }}" and "{{ host2_fqdn }}" present with random password
ipahost:
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
random: yes
force: yes
- name: "{{ host2_fqdn }}"
random: yes
force: yes
update_password: on_create
register: ipahost
failed_when: not ipahost.changed
- assert:
that:
- ipahost.host["{{host1_fqdn }}"].randompassword is
defined
- ipahost.host["{{host2_fqdn }}"].randompassword is
defined
- name: Print generated random password for "{{host1_fqdn }}"
debug:
var: ipahost.host["{{host1_fqdn }}"].randompassword
- name: Print generated random password for "{{host2_fqdn }}"
debug:
var: ipahost.host["{{host2_fqdn }}"].randompassword
- name: Enrolled host "{{ groups.ipaserver[0] }}" fails to set random password with update_password always
ipahost:
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ groups.ipaserver[0] }}"
random: yes
update_password: always
register: ipahost
failed_when: ipahost.changed
- assert:
that:
- ipahost.host["{{ groups.ipaserver[0] }}"].randompassword is
not defined
- "'Password cannot be set on enrolled host' in ipahost.msg"
- name: Hosts "{{ host1_fqdn }}" and "{{ host2_fqdn }}" absent
ipahost:
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
state: absent
Reference in New Issue View Git Blame Copy Permalink