mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-05-07 13:53:23 +00:00
b3d5b32e31
If random is enabled and update_password is limited to "create_only", the random password may only be changed if the host does not exist yet. Additionally the generation of the random password will fail, if the host is already enrolled if update_password is "always" (default value). An error will be reported early in this case now. The command host_show is now used instead of host_find, as `has_password` and `has_keytab` are only returned by host_show, but not by host_find. The find_host function has been adapated for this change. Resolves: #253 (ipahost is not idempotent)
103 lines
2.7 KiB
YAML
103 lines
2.7 KiB
YAML
---
|
|
- name: Test ipahost random password generation
|
|
hosts: ipaserver
|
|
become: true
|
|
|
|
tasks:
|
|
- name: Get Domain from server name
|
|
set_fact:
|
|
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
|
|
when: ipaserver_domain is not defined
|
|
|
|
- name: Set host1_fqdn and host2_fqdn
|
|
set_fact:
|
|
host1_fqdn: "{{ 'host1.' + ipaserver_domain }}"
|
|
host2_fqdn: "{{ 'host2.' + ipaserver_domain }}"
|
|
|
|
- name: Test hosts absent
|
|
ipahost:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name:
|
|
- "{{ host1_fqdn }}"
|
|
- "{{ host2_fqdn }}"
|
|
update_dns: yes
|
|
state: absent
|
|
|
|
- name: Host "{{ host1_fqdn }}" present with random password
|
|
ipahost:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ host1_fqdn }}"
|
|
random: yes
|
|
force: yes
|
|
update_password: on_create
|
|
register: ipahost
|
|
failed_when: not ipahost.changed
|
|
|
|
- assert:
|
|
that:
|
|
- ipahost.host.randompassword is defined
|
|
|
|
- name: Print generated random password
|
|
debug:
|
|
var: ipahost.host.randompassword
|
|
|
|
- name: Host "{{ host1_fqdn }}" absent
|
|
ipahost:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name:
|
|
- "{{ host1_fqdn }}"
|
|
state: absent
|
|
|
|
- name: Hosts "{{ host1_fqdn }}" and "{{ host2_fqdn }}" present with random password
|
|
ipahost:
|
|
ipaadmin_password: SomeADMINpassword
|
|
hosts:
|
|
- name: "{{ host1_fqdn }}"
|
|
random: yes
|
|
force: yes
|
|
- name: "{{ host2_fqdn }}"
|
|
random: yes
|
|
force: yes
|
|
update_password: on_create
|
|
register: ipahost
|
|
failed_when: not ipahost.changed
|
|
|
|
- assert:
|
|
that:
|
|
- ipahost.host["{{host1_fqdn }}"].randompassword is
|
|
defined
|
|
- ipahost.host["{{host2_fqdn }}"].randompassword is
|
|
defined
|
|
|
|
- name: Print generated random password for "{{host1_fqdn }}"
|
|
debug:
|
|
var: ipahost.host["{{host1_fqdn }}"].randompassword
|
|
|
|
- name: Print generated random password for "{{host2_fqdn }}"
|
|
debug:
|
|
var: ipahost.host["{{host2_fqdn }}"].randompassword
|
|
|
|
- name: Enrolled host "{{ groups.ipaserver[0] }}" fails to set random password with update_password always
|
|
ipahost:
|
|
ipaadmin_password: SomeADMINpassword
|
|
hosts:
|
|
- name: "{{ groups.ipaserver[0] }}"
|
|
random: yes
|
|
update_password: always
|
|
register: ipahost
|
|
failed_when: ipahost.changed
|
|
|
|
- assert:
|
|
that:
|
|
- ipahost.host["{{ groups.ipaserver[0] }}"].randompassword is
|
|
not defined
|
|
- "'Password cannot be set on enrolled host' in ipahost.msg"
|
|
|
|
- name: Hosts "{{ host1_fqdn }}" and "{{ host2_fqdn }}" absent
|
|
ipahost:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name:
|
|
- "{{ host1_fqdn }}"
|
|
- "{{ host2_fqdn }}"
|
|
state: absent
|