internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-06 21:33:14 +00:00
Code Issues Projects Releases Wiki Activity
Files
66b3152a2ee2551e9d0e39e9bbffd9f26ecf9baa
ansible-freeipa/tests/host/test_host_allow_create_keytab.yml
Thomas Woerner 94b1f25b37 ipahost: Extension to be able handle several hosts and all settings 
The ipahost management module was not able to add several hosts at once.
Addtionally there have been settings missing.

ansible_freeipa_module has been extended to provide two additional functions
that are needed to simplify the extension of the ipahost module:

    gen_add_del_lists(user_list, res_list)
    encode_certificate(cert)

gen_add_del_lists will generate the lists for the addition and removal of
members using the provided user and ipa settings.

encode_certificate will encode a certificate using base64 with also taking
FreeIPA and Python versions into account.

The missing settings in ipahost have been:

    certificate
    managedby_host
    principal
    create_keytab_[user,group,host,hostgroup]
    retrieve_keytab_[user,group,host,hostgroup]
    sshpubkey
    userclass
    auth_ind
    requires_pre_auth
    ok_as_delegate
    ok_to_auth_as_delegate

The README-host.md file has been updated to provide information about the
new settings and also the members. Also examples for the new things have
been added.

New example playbooks have been added:

    playbooks/host/add-host.yml
    playbooks/host/host-member-allow_create_keytab-absent.yml
    playbooks/host/host-member-allow_create_keytab-present.yml
    playbooks/host/host-member-allow_retrieve_keytab-absent.yml
    playbooks/host/host-member-allow_retrieve_keytab-present.yml
    playbooks/host/host-member-certificate-absent.yml
    playbooks/host/host-member-certificate-present.yml
    playbooks/host/host-member-managedby_host-absent.yml
    playbooks/host/host-member-managedby_host-present.yml
    playbooks/host/host-member-principal-absent.yml
    playbooks/host/host-member-principal-present.yml
    playbooks/host/host-present-with-allow_create_keytab.yml
    playbooks/host/host-present-with-allow_retrieve_keytab.yml
    playbooks/host/host-present-with-certificate.yml
    playbooks/host/host-present-with-managedby_host.yml
    playbooks/host/host-present-with-principal.yml
    playbooks/host/host-present-with-randompassword.yml
    playbooks/host/host-present.yml
    playbooks/host/hosts-member-certificate-absent.yml
    playbooks/host/hosts-member-certificate-present.yml
    playbooks/host/hosts-member-managedby_host-absent.yml
    playbooks/host/hosts-member-managedby_host-present.yml
    playbooks/host/hosts-member-principal-absent.yml
    playbooks/host/hosts-member-principal-present.yml
    playbooks/host/hosts-present-with-certificate.yml
    playbooks/host/hosts-present-with-managedby_host.yml
    playbooks/host/hosts-present-with-randompasswords.yml

New tests have been added for the module:

    tests/host/certificate/cert1.der
    tests/host/certificate/cert1.pem
    tests/host/certificate/cert2.der
    tests/host/certificate/cert2.pem
    tests/host/certificate/cert3.der
    tests/host/certificate/cert3.pem
    tests/host/certificate/private1.key
    tests/host/certificate/private2.key
    tests/host/certificate/private3.key
    tests/host/certificate/test_host_certificate.yml
    tests/host/certificate/test_hosts_certificate.yml
    tests/host/test_host.yml
    tests/host/test_host_allow_create_keytab.yml
    tests/host/test_host_allow_retrieve_keytab.yml
    tests/host/test_host_managedby_host.yml
    tests/host/test_host_principal.yml
    tests/host/test_host_random.yml
    tests/host/test_hosts.yml
    tests/host/test_hosts_managedby_host.yml
    tests/host/test_hosts_principal.yml
2019-12-02 17:23:04 +01:00

279 lines
7.0 KiB
YAML
Raw Blame History

---
- name: Test host allow_create_keytab
hosts: ipaserver
become: true
tasks:
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Get Realm from server name
set_fact:
ipaserver_realm: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') | upper }}"
when: ipaserver_realm is not defined
- name: Set host1_fqdn .. host3_fqdn
set_fact:
host1_fqdn: "{{ 'host1.' + ipaserver_domain }}"
host2_fqdn: "{{ 'host2.' + ipaserver_domain }}"
host3_fqdn: "{{ 'host3.' + ipaserver_domain }}"
- name: Host host1..., host2... and host3... absent
ipahost:
ipaadmin_password: MyPassword123
name:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
- "{{ host3_fqdn }}"
state: absent
- name: Ensure host-groups hostgroup1 and hostgroup2 absent
ipahostgroup:
ipaadmin_password: MyPassword123
name: hostgroup1,hostgroup2
state: absent
- name: Ensure users user1 and user2 absent
ipauser:
ipaadmin_password: MyPassword123
users:
- name: user1
- name: user2
state: absent
- name: Ensure group1 and group2 absent
ipagroup:
ipaadmin_password: MyPassword123
name: group1,group2
state: absent
- name: Host host2... and host3... present
ipahost:
ipaadmin_password: MyPassword123
hosts:
- name: "{{ host2_fqdn }}"
force: yes
- name: "{{ host3_fqdn }}"
force: yes
register: result
failed_when: not result.changed
- name: Ensure host-group hostgroup1 present
ipahostgroup:
ipaadmin_password: MyPassword123
name: hostgroup1
state: present
register: result
failed_when: not result.changed
- name: Ensure host-group hostgroup2 present
ipahostgroup:
ipaadmin_password: MyPassword123
name: hostgroup2
state: present
register: result
failed_when: not result.changed
- name: Ensure users user1 and user2 present
ipauser:
ipaadmin_password: MyPassword123
users:
- name: user1
first: First1
last: Last1
- name: user2
first: First2
last: Last2
register: result
failed_when: not result.changed
- name: Ensure group1 present
ipagroup:
ipaadmin_password: MyPassword123
name: group1
register: result
failed_when: not result.changed
- name: Ensure group2 present
ipagroup:
ipaadmin_password: MyPassword123
name: group2
register: result
failed_when: not result.changed
- name: Host host1... present with allow_create_keytab users,groups,hosts and hostgroups
ipahost:
ipaadmin_password: MyPassword123
name: "{{ host1_fqdn }}"
allow_create_keytab_user:
- user1
- user2
allow_create_keytab_group:
- group1
- group2
allow_create_keytab_host:
- "{{ host2_fqdn }}"
- "{{ host3_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup1
- hostgroup2
force: yes
register: result
failed_when: not result.changed
- name: Host host1... present with allow_create_keytab users,groups,hosts and hostgroups again
ipahost:
ipaadmin_password: MyPassword123
name: "{{ host1_fqdn }}"
allow_create_keytab_user:
- user1
- user2
allow_create_keytab_group:
- group1
- group2
allow_create_keytab_host:
- "{{ host2_fqdn }}"
- "{{ host3_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup1
- hostgroup2
force: yes
register: result
failed_when: result.changed
- name: Host host1... absent
ipahost:
ipaadmin_password: MyPassword123
name:
- "{{ host1_fqdn }}"
state: absent
- name: Host host1... present
ipahost:
ipaadmin_password: MyPassword123
name: "{{ host1_fqdn }}"
force: yes
register: result
failed_when: not result.changed
- name: Host host1... ensure allow_create_keytab users,groups,hosts and hostgroups present
ipahost:
ipaadmin_password: MyPassword123
name: "{{ host1_fqdn }}"
allow_create_keytab_user:
- user1
- user2
allow_create_keytab_group:
- group1
- group2
allow_create_keytab_host:
- "{{ host2_fqdn }}"
- "{{ host3_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup1
- hostgroup2
action: member
register: result
failed_when: not result.changed
- name: Host host1... ensure allow_create_keytab users,groups,hosts and hostgroups present again
ipahost:
ipaadmin_password: MyPassword123
name: "{{ host1_fqdn }}"
allow_create_keytab_user:
- user1
- user2
allow_create_keytab_group:
- group1
- group2
allow_create_keytab_host:
- "{{ host2_fqdn }}"
- "{{ host3_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup1
- hostgroup2
action: member
register: result
failed_when: result.changed
- name: Host host1... ensure allow_create_keytab users,groups,hosts and hostgroups absent
ipahost:
ipaadmin_password: MyPassword123
name: "{{ host1_fqdn }}"
allow_create_keytab_user:
- user1
- user2
allow_create_keytab_group:
- group1
- group2
allow_create_keytab_host:
- "{{ host2_fqdn }}"
- "{{ host3_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup1
- hostgroup2
action: member
state: absent
register: result
failed_when: not result.changed
- name: Host host1... ensure allow_create_keytab users,groups,hosts and hostgroups absent again
ipahost:
ipaadmin_password: MyPassword123
name: "{{ host1_fqdn }}"
allow_create_keytab_user:
- user1
- user2
allow_create_keytab_group:
- group1
- group2
allow_create_keytab_host:
- "{{ host2_fqdn }}"
- "{{ host3_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup1
- hostgroup2
action: member
state: absent
register: result
failed_when: result.changed
- name: Host host1..., host2... and host3... absent
ipahost:
ipaadmin_password: MyPassword123
name:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
- "{{ host3_fqdn }}"
state: absent
register: result
failed_when: not result.changed
- name: Ensure host-groups hostgroup1 and hostgroup2 absent
ipahostgroup:
ipaadmin_password: MyPassword123
name: hostgroup1,hostgroup2
state: absent
register: result
failed_when: not result.changed
- name: Ensure users user1 and user2 absent
ipauser:
ipaadmin_password: MyPassword123
users:
- name: user1
- name: user2
state: absent
register: result
failed_when: not result.changed
- name: Ensure group1 and group2 absent
ipagroup:
ipaadmin_password: MyPassword123
name: group1,group2
state: absent
register: result
failed_when: not result.changed
Reference in New Issue View Git Blame Copy Permalink