mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-26 21:33:05 +00:00
3c8d6c7c7a
Since FreeIPA 4.9.8 the 'config_mod' command has parameters to enable
and configure SIDs, and set the Netbios name.
This patch adds the following parameters to ipaconfig plugin:
enable_sids: New users and groups automatically get a SID assigned
add_sids: Add SIDs for existing users and groups
netbios_name: NetBIOS name of the IPA domain
Both add_sids and netbios_name requires 'enable_sid: yes'.
'enable_sid' and 'netbios_name' are returned when querying IPA
configuration.
'add_sids' always generate SIDs for users and groups, so, muiltiple
executions of the playbook with 'add_sids: yes' will return 'changed',
even if users and groups SIDs are not modified.
A new test playbook is available:
tests/config/test_config_sid.yml
New examples playbooks are available:
playbooks/config/change-ipa-domain-netbios-name.yml
playbooks/config/generate-users-groups-sids.yml
Fixes: #781
Related: https://bugzilla.redhat.com/show_bug.cgi?id=2069174
Related: https://bugzilla.redhat.com/show_bug.cgi?id=2069184
71 lines
2.2 KiB
YAML
71 lines
2.2 KiB
YAML
---
|
|
- name: Test config
|
|
hosts: "{{ ipa_test_host | default('ipaserver') }}"
|
|
become: no
|
|
gather_facts: no
|
|
|
|
tasks:
|
|
|
|
# GET CURRENT CONFIG
|
|
|
|
- name: Return current values of the global configuration options
|
|
ipaconfig:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
register: previous
|
|
|
|
# TESTS
|
|
- block:
|
|
- name: Ensure SID is enabled.
|
|
ipaconfig:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
enable_sid: yes
|
|
register: result
|
|
failed_when: result.failed or previous.config.enable_sid == result.changed
|
|
|
|
- name: Ensure SID is enabled, again.
|
|
ipaconfig:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
enable_sid: yes
|
|
register: result
|
|
failed_when: result.failed or result.changed
|
|
|
|
- name: Ensure netbios_name is "IPATESTPLAY"
|
|
ipaconfig:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
enable_sid: yes
|
|
netbios_name: IPATESTPLAY
|
|
register: result
|
|
failed_when: result.failed or not result.changed
|
|
|
|
- name: Ensure netbios_name is "IPATESTPLAY", again
|
|
ipaconfig:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
enable_sid: yes
|
|
netbios_name: IPATESTPLAY
|
|
register: result
|
|
failed_when: result.failed or result.changed
|
|
|
|
# add_sids is not idempotent as it always tries to generate the missing
|
|
# SIDs for users and groups.
|
|
- name: Add SIDs to users and groups.
|
|
ipaconfig:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
enable_sid: yes
|
|
add_sids: yes
|
|
|
|
# REVERT TO PREVIOUS CONFIG
|
|
always:
|
|
# Once SID is enabled, it cannot be reverted.
|
|
- name: Revert netbios_name to original configuration
|
|
ipaconfig:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
netbios_name: "{{ previous.config.netbios_name | default(omit) }}"
|
|
enable_sid: yes
|