WIP: Enable AD DC tests using ipalab-config

ipalab-config allows the creation of complex IPA environments using rootless containers. The tool provides the means to create an environment where a trust can be set between IPA and Samba AD DC, which is similar enough to Windows AD DC to be used in ansible-freeipa testing. To start a test scenario run 'infra/scenario/start-scenario' passing the scenario configuration as parameter. A list of the containers created will be printed on the screen, and an inventory file will be create on the repository root with the name 'inventory-scenario.yml'. Test playbooks can be executed using this scenario, or it can be used along with 'pytest'. Only one scenario can be run at a single time. When the tests are finished, 'infra/scenario/stop-scenario' will cleanup the environment, and a new scenario can be started. The inventory file created will not be removed, but will be overwritten if a new scenario is created. Signed-off-by: Rafael Guterres Jeffman <[email protected]>
rjeffman · Feb 6, 2025 · 68dff03 · 68dff03
1 parent 06447df
commit 68dff03
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 0 deletions.
diff --git a/infra/scenarios/ipa-ad-trust.yml b/infra/scenarios/ipa-ad-trust.yml
@@ -0,0 +1,54 @@
+# IPA trust to Samba AD DC.
+#
+# Steps to set trust on 'server':
+#   # kinit admin <<< SomeADMINpassword
+#   # ipa dnsforwardzone-add ad.ipa.test. --forwarder=192.168.13.250
+#   # ipa trust-add ad.ipa.test --type ad --range-type ipa-ad-trust --two-way true --admin=Administrator --password <<< Secret123
+#
+# Create samba user on 'addc':
+#   # samba-tool user create jdoe --given-name John --surname Doe
+#
+# Checking user on IPA server:
+#
+#  # getent passwd [email protected]
+#  # kinit [email protected]
+#
+---
+lab_name: ipa-ad-trust
+subnet: "192.168.13.0/24"
+extra_data:
+  - playbooks
+external:
+  hosts:
+  - name: addc
+    hostname: dc.ad.ipa.test
+    role: addc
+    ip_address: 192.168.13.250
+    options:
+      forwarder: 192.168.13.100
+ipa_deployments:
+  - name: ipa
+    domain: linux.ipa.test
+    admin_password: SomeADMINpassword
+    dm_password: SomeDMpassword
+    cluster:
+      servers:
+        - name: server
+          capabilities: ["DNS", "AD", "KRA"]
+          ip_address: 192.168.13.100
+          vars:
+            ipaserver_netbios_name: IPA
+            ipaserver_idstart: 60000
+            ipaserver_idmax: 62000
+            ipaserver_rid_base: 63000
+            ipaserver_secondary_rid_base: 70000
+            # trust test vars
+            winserver_domain: ad.ipa.test
+            winserver_admin_password: Secret123
+            winserver_ip: 192.168.13.250
+            # external users vars
+            test_ad_user: 'jdoe@DC'
+            test_alt_user: '[email protected]'
+      clients:
+        - name: cli01
+          dns: server
diff --git a/infra/scenarios/requirements.txt b/infra/scenarios/requirements.txt
@@ -0,0 +1,2 @@
+ipalab-config>=0.10.2
+podman-compose>=1.2.0