mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-05-08 06:13:21 +00:00
845afc0f80
Due to an issue with FreeIPA, when modifying the SOA serial attribute along with other attributes, the value is ignored. In order to have the value provided, the attribute is set is a later call to dnszone-mod allowing it to retain the desired value. Ref: https://pagure.io/freeipa/issue/8489
395 lines
9.8 KiB
YAML
395 lines
9.8 KiB
YAML
---
|
|
- name: Test dnszone
|
|
hosts: ipaserver
|
|
become: true
|
|
gather_facts: true
|
|
|
|
tasks:
|
|
|
|
# Setup
|
|
- name: Setup testing environment
|
|
include_tasks: env_setup.yml
|
|
|
|
# Tests
|
|
- name: Verify if zone can be created with a specific SOA serial.
|
|
block:
|
|
- name: Create zone with serial, refresh, retry and expire.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
serial: 4567
|
|
refresh: 70
|
|
retry: 89
|
|
expire: 200
|
|
|
|
- name: Verify zone was created with correct values.
|
|
shell: |
|
|
echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin
|
|
KRB5CCNAME={{ KRB5CCNAME }} ipa dnszone-show testzone.local
|
|
kdestroy -A -q -c {{ KRB5CCNAME }}
|
|
register: result
|
|
failed_when: |
|
|
result.failed or not (
|
|
"serial: 4567" in result.stdout
|
|
and "refresh: 70" in result.stdout
|
|
and "retry: 89" in result.stdout
|
|
and "expire: 200" in result.stdout
|
|
)
|
|
|
|
- name: Remove test zone.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
state: absent
|
|
|
|
vars:
|
|
KRB5CCNAME: verify_bz_1876896
|
|
|
|
- name: Verify if a zone can have the the SOA serial modified to a specific value.
|
|
block:
|
|
- name: Create zone.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
state: present
|
|
|
|
- name: Modify zone with serial, refresh, retry and expire.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
serial: 4567
|
|
refresh: 70
|
|
retry: 89
|
|
expire: 200
|
|
|
|
- name: Verify zone was modified to the correct values
|
|
shell: |
|
|
echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin
|
|
KRB5CCNAME={{ KRB5CCNAME }} ipa dnszone-show testzone.local
|
|
kdestroy -A -q -c {{ KRB5CCNAME }}
|
|
register: result
|
|
failed_when: |
|
|
result.failed or not (
|
|
"serial: 4567" in result.stdout
|
|
and "refresh: 70" in result.stdout
|
|
and "retry: 89" in result.stdout
|
|
and "expire: 200" in result.stdout
|
|
)
|
|
|
|
- name: Remove test zone.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
state: absent
|
|
|
|
vars:
|
|
KRB5CCNAME: verify_bz_1876896
|
|
|
|
- name: Ensure zone is present.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
allow_sync_ptr: true
|
|
dynamic_update: true
|
|
dnssec: true
|
|
allow_transfer:
|
|
- 1.1.1.1
|
|
- 2.2.2.2
|
|
allow_query:
|
|
- 1.1.1.1
|
|
- 2.2.2.2
|
|
serial: 1234
|
|
refresh: 3600
|
|
retry: 900
|
|
expire: 1209600
|
|
minimum: 3600
|
|
ttl: 60
|
|
default_ttl: 60
|
|
name_server: ipaserver.test.local.
|
|
skip_nameserver_check: true
|
|
admin_email: admin@example.com
|
|
nsec3param_rec: "1 7 100 abcd"
|
|
state: present
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Set serial to 1234, again.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
serial: 1234
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Set different nsec3param_rec.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
nsec3param_rec: "2 8 200 abcd"
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Set same nsec3param_rec.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
nsec3param_rec: "2 8 200 abcd"
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Set default_ttl to 1200
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
default_ttl: 1200
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Set default_ttl to 1200, again
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
default_ttl: 1200
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Set ttl to 900
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
ttl: 900
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Set ttl to 900, again
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
ttl: 900
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Set minimum to 1000
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
minimum: 1000
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Set minimum to 1000, again
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
minimum: 1000
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Set expire to 1209601
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
expire: 1209601
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Set expire to 1209601, again
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
expire: 1209601
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Set retry to 1200.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
retry: 1200
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Set retry to 1200, again.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
retry: 1200
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Set refresh to 4000.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
refresh: 4000
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Set refresh to 4000, again.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
refresh: 4000
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Set serial to 12345.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
serial: 12345
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Set serial to 12345, again.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
serial: 12345
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Set dnssec to false.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
dnssec: false
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Set dnssec to false, again.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
dnssec: false
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Set allow_sync_ptr to false.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
allow_sync_ptr: false
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Set allow_sync_ptr to false, again.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
allow_sync_ptr: false
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Set dynamic_update to false.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
dynamic_update: false
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Set dynamic_update to false, again.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
dynamic_update: false
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Update allow_transfer.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
allow_transfer:
|
|
- 1.1.1.1
|
|
- 2.2.2.2
|
|
- 3.3.3.3
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Update allow_transfer, again.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
allow_transfer:
|
|
- 1.1.1.1
|
|
- 2.2.2.2
|
|
- 3.3.3.3
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Remove allow transfer.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
allow_transfer: []
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Remove allow transfer, again.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
allow_transfer: []
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Update allow_query.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
allow_query:
|
|
- 1.1.1.1
|
|
- 2.2.2.2
|
|
- 3.3.3.3
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Update allow_query, again.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
allow_query:
|
|
- 1.1.1.1
|
|
- 2.2.2.2
|
|
- 3.3.3.3
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Ensure allow query is empty.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
allow_query: []
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure allow query is empty, again.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
allow_query: []
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Update admin email.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
admin_email: admin2@example.com
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Update admin email, again.
|
|
ipadnszone:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testzone.local
|
|
admin_email: admin2@example.com
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
# Teardown
|
|
- name: Teardown testing environment
|
|
include_tasks: env_teardown.yml
|