internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-03-26 21:33:05 +00:00
Code Issues Projects Releases Wiki Activity
Files
ed4434451964fe278dfe61e26dab29308b25c433
ansible-freeipa/tests/config/test_config.yml
Rafael Guterres Jeffman 52f7f7848e ansible-lint: Fix deprecation warning with bool and omit 
The application of the 'bool' filter to an OmitType value is deprecated
and will be removed on ansible-core 2.23.
2025-11-10 11:38:52 -03:00

501 lines
21 KiB
YAML
Raw Blame History

---
- name: Playbook to handle server configuration
hosts: "{{ ipa_test_host | default('ipaserver') }}"
become: true
gather_facts: false
tasks:
- name: Include tasks ../env_freeipa_facts.yml
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
- name: Execute config tests
block:
# Retrieve current configuration.
- name: Return current values of the global configuration options
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
register: previousconfig
- name: Display current configuration.
ansible.builtin.debug:
var: previousconfig
# setup environment.
- name: Create test group
ipagroup:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: somedefaultgroup
- name: Ensure the default e-mail domain is ipa.test.
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
emaildomain: ipa.test
- name: Set default shell to '/bin/sh'
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
defaultshell: /bin/sh
- name: Set default group
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
defaultgroup: ipausers
- name: Set default home directory
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
homedirectory: /home
- name: Clear pac-type
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
pac_type: ""
- name: Execute tests if ipa_version >= 4.8.0
when: ipa_version is version('4.8.0', '>=')
block:
- name: Set maxhostname to 255
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
maxhostname: 255
- name: Set maxusername to 45
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
maxusername: 45
- name: Set pwdexpnotify to 0
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
pwdexpnotify: 0
- name: Set searchrecordslimit to 10
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
searchrecordslimit: 10
- name: Set searchtimelimit to 1
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
searchtimelimit: 1
- name: Clear configstring
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
configstring: ""
- name: Set configstring to AllowNThash
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
configstring: 'KDC:Disable Lockout'
- name: Set selinuxusermapdefault
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
selinuxusermapdefault: "staff_u:s0-s0:c0.c1023"
- name: Set selinuxusermaporder
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
selinuxusermaporder: 'user_u:s0$staff_u:s0-s0:c0.c1023'
- name: Set usersearch to `uid`
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
usersearch: uid
- name: Set groupsearch to `cn`
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
groupsearch: cn
# tests
- name: Ensure the default e-mail domain is somedomain.test.
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
emaildomain: somedomain.test
register: result
failed_when: not result.changed or result.failed
- name: Ensure the default e-mail domain is somedomain.test, again.
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
emaildomain: somedomain.test
register: result
failed_when: result.changed or result.failed
- name: Set default shell to '/bin/someshell'
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
defaultshell: /bin/someshell
register: result
failed_when: not result.changed or result.failed
- name: Set default shell to '/bin/someshell', again.
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
defaultshell: /bin/someshell
register: result
failed_when: result.changed or result.failed
- name: Set default group
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
defaultgroup: somedefaultgroup
register: result
failed_when: not result.changed or result.failed
- name: Set default group, again
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
defaultgroup: somedefaultgroup
register: result
failed_when: result.changed or result.failed
- name: Set default home directory
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
homedirectory: /Users
register: result
failed_when: not result.changed or result.failed
- name: Set default home directory, again
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
homedirectory: /Users
register: result
failed_when: result.changed or result.failed
- name: Set pac-type
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
pac_type: "nfs:NONE"
register: result
failed_when: not result.changed or result.failed
- name: Set pac-type, again.
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
pac_type: "nfs:NONE"
register: result
failed_when: result.changed or result.failed
- name: Set maxusername to 33
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
maxusername: 33
register: result
failed_when: not result.changed or result.failed
- name: Set maxusername to 33, again.
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
maxusername: 33
register: result
failed_when: result.changed or result.failed
- name: Execute tests if ipa_version >= 4.8.0
when: ipa_version is version('4.8.0', '>=')
block:
- name: Set maxhostname to 77
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
maxhostname: 77
register: result
failed_when: not result.changed or result.failed
- name: Set maxhostname to 77, again
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
maxhostname: 77
register: result
failed_when: result.changed or result.failed
- name: Set pwdexpnotify to 17
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
pwdexpnotify: 17
register: result
failed_when: not result.changed or result.failed
- name: Set pwdexpnotify to 17, again
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
pwdexpnotify: 17
register: result
failed_when: result.changed or result.failed
- name: Set searchrecordslimit to -1
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
searchrecordslimit: -1
register: result
failed_when: not result.changed or result.failed
- name: Set searchrecordslimit to -1, again.
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
searchrecordslimit: -1
register: result
failed_when: result.changed or result.failed
- name: Set searchtimelimit to 12345
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
searchtimelimit: 12345
register: result
failed_when: not result.changed or result.failed
- name: Set searchtimelimit to 12345, again.
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
searchtimelimit: 12345
register: result
failed_when: result.changed or result.failed
- name: Change enable_migration
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
enable_migration: '{{ not (previousconfig.config.enable_migration | bool) }}'
register: result
failed_when: not result.changed or result.failed
- name: Change enable_migration, again
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
enable_migration: '{{ not (previousconfig.config.enable_migration | bool) }}'
register: result
failed_when: result.changed or result.failed
- name: Set configstring to AllowNThash
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
configstring: AllowNThash
register: result
failed_when: not result.changed or result.failed
- name: Set configstring to AllowNThash, again.
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
configstring: AllowNThash
register: result
failed_when: result.changed or result.failed
- name: Set selinuxusermaporder
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
selinuxusermaporder: 'user_u:s0$staff_u:s0-s0:c0.c1023$sysadm_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023'
register: result
failed_when: not result.changed or result.failed
- name: Set selinuxusermaporder, again
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
selinuxusermaporder: 'user_u:s0$staff_u:s0-s0:c0.c1023$sysadm_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023'
register: result
failed_when: result.changed or result.failed
- name: Set selinuxusermapdefault
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
selinuxusermapdefault: 'user_u:s0'
register: result
failed_when: not result.changed or result.failed
- name: Set selinuxusermapdefault, again
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
selinuxusermapdefault: 'user_u:s0'
register: result
failed_when: result.changed or result.failed
- name: Set groupsearch to `description`
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
groupsearch: description
register: result
failed_when: not result.changed or result.failed
- name: Set groupsearch to `gidNumber`, again
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
groupsearch: description
register: result
failed_when: result.changed or result.failed
- name: Set usersearch to `uidNumber`
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
usersearch: uidNumber
register: result
failed_when: not result.changed or result.failed
- name: Set usersearch to `uidNumber`, again
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
usersearch: uidNumber
register: result
failed_when: result.changed or result.failed
- name: Reset changed fields
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
maxusername: '{{ previousconfig.config.maxusername | default(32) | int }}'
homedirectory: '{{ previousconfig.config.homedirectory | default(omit) }}'
defaultshell: '{{ previousconfig.config.defaultshell | default(omit) }}'
defaultgroup: '{{ previousconfig.config.defaultgroup | default(omit) }}'
emaildomain: '{{ previousconfig.config.emaildomain | default(omit) }}'
searchtimelimit: '{{ previousconfig.config.searchtimelimit | default(2) | int }}'
searchrecordslimit: '{{ previousconfig.config.searchrecordslimit | default(100) | int }}'
usersearch: '{{ previousconfig.config.usersearch | default(omit) }}'
groupsearch: '{{ previousconfig.config.groupsearch | default(omit) }}'
enable_migration: '{{ omit if previousconfig.config.enable_migration is not defined else (previousconfig.config.enable_migration | bool) }}'
groupobjectclasses: '{{ previousconfig.config.groupobjectclasses | default(omit) }}'
userobjectclasses: '{{ previousconfig.config.userobjectclasses | default(omit) }}'
pwdexpnotify: '{{ previousconfig.config.pwdexpnotify | default(4) | int }}'
configstring: '{{ previousconfig.config.configstring | default(omit) }}'
selinuxusermapdefault: '{{ previousconfig.config.selinuxusermapdefault | default(omit) }}'
selinuxusermaporder: '{{ previousconfig.config.selinuxusermaporder | default(omit) }}'
pac_type: '{{ previousconfig.config.pac_type | default(omit) }}'
user_auth_type: '{{ previousconfig.config.user_auth_type | default(omit) }}'
domain_resolution_order: '{{ previousconfig.config.domain_resolution_order | default(omit) }}'
ca_renewal_master_server: '{{ previousconfig.config.ca_renewal_master_server | default(omit) }}'
register: result
failed_when: not result.changed or result.failed
- name: Execute tests if ipa_version >= 4.8.0
when: ipa_version is version('4.8.0', '>=')
block:
- name: Reset maxhostname
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
maxhostname: '{{ previousconfig.config.maxhostname | default(omit) }}'
- name: Reset changed fields, again
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
maxusername: '{{ previousconfig.config.maxusername | default(omit) | int }}'
homedirectory: '{{ previousconfig.config.homedirectory | default(omit) }}'
defaultshell: '{{ previousconfig.config.defaultshell | default(omit) }}'
defaultgroup: '{{ previousconfig.config.defaultgroup | default(omit) }}'
emaildomain: '{{ previousconfig.config.emaildomain | default(omit) }}'
searchtimelimit: '{{ previousconfig.config.searchtimelimit | default(omit) | int }}'
searchrecordslimit: '{{ previousconfig.config.searchrecordslimit | default(omit) | int }}'
usersearch: '{{ previousconfig.config.usersearch | default(omit) }}'
groupsearch: '{{ previousconfig.config.groupsearch | default(omit) }}'
enable_migration: '{{ omit if previousconfig.config.enable_migration is not defined else (previousconfig.config.enable_migration | bool) }}'
groupobjectclasses: '{{ previousconfig.config.groupobjectclasses | default(omit) }}'
userobjectclasses: '{{ previousconfig.config.userobjectclasses | default(omit) }}'
pwdexpnotify: '{{ previousconfig.config.pwdexpnotify | default(omit) | int }}'
configstring: '{{ previousconfig.config.configstring | default(omit) }}'
selinuxusermapdefault: '{{ previousconfig.config.selinuxusermapdefault | default(omit) }}'
selinuxusermaporder: '{{ previousconfig.config.selinuxusermaporder | default(omit) }}'
pac_type: '{{ previousconfig.config.pac_type | default(omit) }}'
user_auth_type: '{{ previousconfig.config.user_auth_type | default(omit) }}'
domain_resolution_order: '{{ previousconfig.config.domain_resolution_order | default(omit) }}'
ca_renewal_master_server: '{{ previousconfig.config.ca_renewal_master_server | default(omit) }}'
register: result
failed_when: result.changed or result.failed
- name: Execute tests if ipa_version >= 4.8.0
when: ipa_version is version('4.8.0', '>=')
block:
- name: Reset maxhostname
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
maxhostname: '{{ previousconfig.config.maxhostname | default(omit) }}'
rescue:
- name: Set fields to IPA default, due to error
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
maxusername: '{{ previousconfig.config.maxusername | default(omit) | int }}'
homedirectory: '{{ previousconfig.config.homedirectory | default(omit) }}'
defaultshell: '{{ previousconfig.config.defaultshell | default(omit) }}'
defaultgroup: '{{ previousconfig.config.defaultgroup | default(omit) }}'
emaildomain: '{{ previousconfig.config.emaildomain | default(omit) }}'
searchtimelimit: '{{ previousconfig.config.searchtimelimit | default(omit) | int }}'
searchrecordslimit: '{{ previousconfig.config.searchrecordslimit | default(omit) | int }}'
usersearch: '{{ previousconfig.config.usersearch | default(omit) }}'
groupsearch: '{{ previousconfig.config.groupsearch | default(omit) }}'
enable_migration: '{{ omit if previousconfig.config.enable_migration is not defined else (previousconfig.config.enable_migration | bool) }}'
groupobjectclasses: '{{ previousconfig.config.groupobjectclasses | default(omit) }}'
userobjectclasses: '{{ previousconfig.config.userobjectclasses | default(omit) }}'
pwdexpnotify: '{{ previousconfig.config.pwdexpnotify | default(omit) | int }}'
configstring: '{{ previousconfig.config.configstring | default(omit) }}'
selinuxusermapdefault: '{{ previousconfig.config.selinuxusermapdefault | default(omit) }}'
selinuxusermaporder: '{{ previousconfig.config.selinuxusermaporder | default(omit) }}'
pac_type: '{{ previousconfig.config.pac_type | default(omit) }}'
user_auth_type: '{{ previousconfig.config.user_auth_type | default(omit) }}'
domain_resolution_order: '{{ previousconfig.config.domain_resolution_order | default(omit) }}'
ca_renewal_master_server: '{{ previousconfig.config.ca_renewal_master_server | default(omit) }}'
register: result
- name: "CA-Renewal server warning."
ansible.builtin.debug:
msg: "Due to a test failure, IPA CA-Renewal Server might not be correctly be set. Check your configuration."
always:
# cleanup
- name: Cleanup test group
ipagroup:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: somedefaultgroup
state: absent
Reference in New Issue View Git Blame Copy Permalink