mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-26 21:33:05 +00:00
ff1a026ef4
When testing passkey attributes some version of IPA do not support it, se we need a fact that states that the support is available for proper testing. Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
77 lines
2.8 KiB
YAML
77 lines
2.8 KiB
YAML
# This playbook should be included with `include_tasks` as the first task
|
|
# of a test playbook that requires FreeIPA information.
|
|
#
|
|
# Available Facts:
|
|
#
|
|
# ipa_version: The installed FreeIPA version.
|
|
# ipa_api_version: The installed FreeIPA API version.
|
|
#
|
|
---
|
|
- name: Ensure minimal facts are available
|
|
ansible.builtin.setup:
|
|
gather_subset: dns
|
|
|
|
- name: Retrieving FreeIPA version.
|
|
ansible.builtin.shell:
|
|
cmd: 'ipa --version | sed -n "s/VERSION: \([^,]*\).*API_VERSION: \([^,]*\).*/\1\\n\2/p"'
|
|
register: ipa_cmd_version
|
|
|
|
- name: Verify if host is an IPA server or client.
|
|
ansible.builtin.shell:
|
|
cmd: |
|
|
echo SomeADMINpassword | kinit -c {{ krb5ccname }} admin >/dev/null
|
|
RESULT=$(KRB5CCNAME={{ krb5ccname }} ipa server-show `hostname` >/dev/null && echo SERVER || echo CLIENT)
|
|
kdestroy -A -c {{ krb5ccname }} >/dev/null
|
|
echo $RESULT
|
|
vars:
|
|
krb5ccname: "__check_ipa_host_is_client_or_server__"
|
|
register: check_client
|
|
|
|
- name: Verify if AD tests are possible
|
|
ansible.builtin.shell:
|
|
cmd: |
|
|
echo SomeADMINpassword | kinit -c {{ krb5ccname }} admin > /dev/null
|
|
RESULT=$(KRB5CCNAME={{ krb5ccname }} ipa server-find --all | grep "Enabled server roles")
|
|
kdestroy -A -c {{ krb5ccname }} > /dev/null
|
|
echo $RESULT
|
|
vars:
|
|
krb5ccname: "__check_ipa_host_is_client_or_server__"
|
|
register: check_ad_support
|
|
|
|
- name: Verify if passkey tests are possible
|
|
ansible.builtin.shell:
|
|
cmd: |
|
|
echo SomeADMINpassword | kinit -c {{ krb5ccname }} admin > /dev/null
|
|
RESULT=$(KRB5CCNAME={{ krb5ccname }} ipa command-find passkey | grep "Number of entries returned")
|
|
kdestroy -A -c {{ krb5ccname }} > /dev/null
|
|
echo $RESULT
|
|
vars:
|
|
krb5ccname: "__check_ipa_host_is_client_or_server__"
|
|
register: check_passkey_support
|
|
|
|
- name: Set FreeIPA facts.
|
|
ansible.builtin.set_fact:
|
|
ipa_version: "{{ ipa_cmd_version.stdout_lines[0] }}"
|
|
ipa_api_version: "{{ ipa_cmd_version.stdout_lines[1] }}"
|
|
ipa_host_is_client: "{{ (check_client.stdout_lines[-1] == 'CLIENT') | bool }}"
|
|
trust_test_is_supported: "{{ 'AD trust agent' in check_ad_support.stdout }}"
|
|
passkey_is_supported: "{{ 'Number of entries returned 0' not in check_passkey_support.stdout }}"
|
|
|
|
- name: Ensure ipaserver_domain is set
|
|
when: ipaserver_domain is not defined
|
|
block:
|
|
- name: Get Domain from server name
|
|
ansible.builtin.set_fact:
|
|
ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join('.') }}"
|
|
when: "'fqdn' in ansible_facts"
|
|
|
|
- name: Set Domain to 'ipa.test' if FQDN could not be retrieved.
|
|
ansible.builtin.set_fact:
|
|
ipaserver_domain: "ipa.test"
|
|
when: "'fqdn' not in ansible_facts"
|
|
|
|
- name: Ensure ipaserver_realm is set
|
|
ansible.builtin.set_fact:
|
|
ipaserver_realm: "{{ ipaserver_domain | upper }}"
|
|
when: ipaserver_realm is not defined
|