internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-06 21:33:14 +00:00
Code Issues Projects Releases Wiki Activity
Files
1dd2b54e771ff103de135470a2e28a94cc77fe01
ansible-freeipa/tests/host/test_host_managedby_host.yml
Thomas Woerner 94b1f25b37 ipahost: Extension to be able handle several hosts and all settings 
The ipahost management module was not able to add several hosts at once.
Addtionally there have been settings missing.

ansible_freeipa_module has been extended to provide two additional functions
that are needed to simplify the extension of the ipahost module:

    gen_add_del_lists(user_list, res_list)
    encode_certificate(cert)

gen_add_del_lists will generate the lists for the addition and removal of
members using the provided user and ipa settings.

encode_certificate will encode a certificate using base64 with also taking
FreeIPA and Python versions into account.

The missing settings in ipahost have been:

    certificate
    managedby_host
    principal
    create_keytab_[user,group,host,hostgroup]
    retrieve_keytab_[user,group,host,hostgroup]
    sshpubkey
    userclass
    auth_ind
    requires_pre_auth
    ok_as_delegate
    ok_to_auth_as_delegate

The README-host.md file has been updated to provide information about the
new settings and also the members. Also examples for the new things have
been added.

New example playbooks have been added:

    playbooks/host/add-host.yml
    playbooks/host/host-member-allow_create_keytab-absent.yml
    playbooks/host/host-member-allow_create_keytab-present.yml
    playbooks/host/host-member-allow_retrieve_keytab-absent.yml
    playbooks/host/host-member-allow_retrieve_keytab-present.yml
    playbooks/host/host-member-certificate-absent.yml
    playbooks/host/host-member-certificate-present.yml
    playbooks/host/host-member-managedby_host-absent.yml
    playbooks/host/host-member-managedby_host-present.yml
    playbooks/host/host-member-principal-absent.yml
    playbooks/host/host-member-principal-present.yml
    playbooks/host/host-present-with-allow_create_keytab.yml
    playbooks/host/host-present-with-allow_retrieve_keytab.yml
    playbooks/host/host-present-with-certificate.yml
    playbooks/host/host-present-with-managedby_host.yml
    playbooks/host/host-present-with-principal.yml
    playbooks/host/host-present-with-randompassword.yml
    playbooks/host/host-present.yml
    playbooks/host/hosts-member-certificate-absent.yml
    playbooks/host/hosts-member-certificate-present.yml
    playbooks/host/hosts-member-managedby_host-absent.yml
    playbooks/host/hosts-member-managedby_host-present.yml
    playbooks/host/hosts-member-principal-absent.yml
    playbooks/host/hosts-member-principal-present.yml
    playbooks/host/hosts-present-with-certificate.yml
    playbooks/host/hosts-present-with-managedby_host.yml
    playbooks/host/hosts-present-with-randompasswords.yml

New tests have been added for the module:

    tests/host/certificate/cert1.der
    tests/host/certificate/cert1.pem
    tests/host/certificate/cert2.der
    tests/host/certificate/cert2.pem
    tests/host/certificate/cert3.der
    tests/host/certificate/cert3.pem
    tests/host/certificate/private1.key
    tests/host/certificate/private2.key
    tests/host/certificate/private3.key
    tests/host/certificate/test_host_certificate.yml
    tests/host/certificate/test_hosts_certificate.yml
    tests/host/test_host.yml
    tests/host/test_host_allow_create_keytab.yml
    tests/host/test_host_allow_retrieve_keytab.yml
    tests/host/test_host_managedby_host.yml
    tests/host/test_host_principal.yml
    tests/host/test_host_random.yml
    tests/host/test_hosts.yml
    tests/host/test_hosts_managedby_host.yml
    tests/host/test_hosts_principal.yml
2019-12-02 17:23:04 +01:00

126 lines
3.5 KiB
YAML
Raw Blame History

---
- name: Test host managedby_host
hosts: ipaserver
become: true
tasks:
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Set host1_fqdn .. host2_fqdn
set_fact:
host1_fqdn: "{{ 'host1.' + ipaserver_domain }}"
host2_fqdn: "{{ 'host2.' + ipaserver_domain }}"
- name: Host absent
ipahost:
ipaadmin_password: MyPassword123
name:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
update_dns: yes
state: absent
- name: Host "{{ host1_fqdn }}" present
ipahost:
ipaadmin_password: MyPassword123
name: "{{ host1_fqdn }}"
force: yes
register: result
failed_when: not result.changed
- name: Host "{{ host2_fqdn }}" present
ipahost:
ipaadmin_password: MyPassword123
name: "{{ host2_fqdn }}"
force: yes
register: result
failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" managed by "{{ 'host2.' + ipaserver_domain }}"
ipahost:
ipaadmin_password: MyPassword123
name: "{{ host1_fqdn }}"
managedby_host: "{{ host2_fqdn }}"
register: result
failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" managed by "{{ 'host2.' + ipaserver_domain }}" again
ipahost:
ipaadmin_password: MyPassword123
name: "{{ host1_fqdn }}"
managedby_host: "{{ host2_fqdn }}"
register: result
failed_when: result.changed
- name: Host "{{ host1_fqdn }}" managed by "{{ groups.ipaserver[0] }}"
ipahost:
ipaadmin_password: MyPassword123
name: "{{ host1_fqdn }}"
managedby_host: "{{ groups.ipaserver[0] }}"
action: member
register: result
failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" managed by "{{ groups.ipaserver[0] }}" again
ipahost:
ipaadmin_password: MyPassword123
name: "{{ host1_fqdn }}"
managedby_host: "{{ groups.ipaserver[0] }}"
action: member
register: result
failed_when: result.changed
- name: Host "{{ host1_fqdn }}" not managed by "{{ groups.ipaserver[0] }}"
ipahost:
ipaadmin_password: MyPassword123
name: "{{ host1_fqdn }}"
managedby_host: "{{ groups.ipaserver[0] }}"
action: member
state: absent
register: result
failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" not managed by "{{ groups.ipaserver[0] }}" again
ipahost:
ipaadmin_password: MyPassword123
name: "{{ host1_fqdn }}"
managedby_host: "{{ groups.ipaserver[0] }}"
action: member
state: absent
register: result
failed_when: result.changed
- name: Host "{{ host1_fqdn }}" not managed by "{{ 'host2.' + ipaserver_domain }}"
ipahost:
ipaadmin_password: MyPassword123
name: "{{ host1_fqdn }}"
managedby_host: "{{ host2_fqdn }}"
state: absent
action: member
register: result
failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" not managed by "{{ 'host2.' + ipaserver_domain }}" again
ipahost:
ipaadmin_password: MyPassword123
name: "{{ host1_fqdn }}"
managedby_host: "{{ host2_fqdn }}"
action: member
state: absent
register: result
failed_when: result.changed
- name: Host absent
ipahost:
ipaadmin_password: MyPassword123
name:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
update_dns: yes
state: absent
register: result
failed_when: not result.changed
Reference in New Issue View Git Blame Copy Permalink