Skip to content

Commit

Permalink
ansible_fqdn is set to localhost when running with containers.
Browse files Browse the repository at this point in the history
  • Loading branch information
rjeffman committed Jun 26, 2024
1 parent 1d59593 commit f51cc11
Show file tree
Hide file tree
Showing 4 changed files with 60 additions and 19 deletions.
15 changes: 13 additions & 2 deletions tests/env_freeipa_facts.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,17 @@
cmd: 'ipa --version | sed -n "s/VERSION: \([^,]*\).*API_VERSION: \([^,]*\).*/\1\\n\2/p"'
register: ipa_cmd_version

- name: Query ipaserver hostname and set server_fqdn
block:
- name: Run hostname command
ansible.builtin.shell: hostname -f
changed_when: false
register: hostname

- name: Set server_fqdn
ansible.builtin.set_fact:
node_fqdn: "{{ hostname.stdout }}"

- name: Verify if host is an IPA server or client.
ansible.builtin.shell:
cmd: |
Expand All @@ -35,8 +46,8 @@
block:
- name: Get Domain from server name
ansible.builtin.set_fact:
ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join('.') }}"
when: "'fqdn' in ansible_facts"
ipaserver_domain: "{{ node_fqdn.split('.')[1:] | join('.') }}"
when: ipaserver_domain is not defined

- name: Set Domain to 'ipa.test' if FQDN could not be retrieved.
ansible.builtin.set_fact:
Expand Down
20 changes: 16 additions & 4 deletions tests/host/test_host_random.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,18 +2,30 @@
- name: Test ipahost random password generation
hosts: ipaserver
become: true
gather_facts: true

tasks:

- name: Query ipaserver hostname and set server_fqdn
block:
- name: Run hostname command
ansible.builtin.shell: hostname -f
changed_when: false
register: hostname

- name: Set server_fqdn
ansible.builtin.set_fact:
server_fqdn: "{{ hostname.stdout }}"

- name: Get Domain from server name
ansible.builtin.set_fact:
ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join('.') }}"
ipaserver_domain: "{{ server_fqdn.split('.')[1:] | join('.') }}"
when: ipaserver_domain is not defined

- name: Set host1_fqdn and host2_fqdn
ansible.builtin.set_fact:
host1_fqdn: "{{ 'host1.' + ipaserver_domain }}"
host2_fqdn: "{{ 'host2.' + ipaserver_domain }}"
server_fqdn: "{{ ansible_facts['fqdn'] }}"

- name: Test hosts absent
ipahost:
Expand Down Expand Up @@ -92,11 +104,11 @@

- name: Print generated random password for "{{ host1_fqdn }}"
ansible.builtin.debug:
var: ipahost.host["{{ host1_fqdn }}"].randompassword
var: "ipahost.host[{{ host1_fqdn }}].randompassword"

- name: Print generated random password for "{{ host2_fqdn }}"
ansible.builtin.debug:
var: ipahost.host["{{ host2_fqdn }}"].randompassword
var: "ipahost.host[{{ host2_fqdn }}].randompassword"

- name: Enrolled host "{{ server_fqdn }}" fails to set random password with update_password always
ipahost:
Expand Down
13 changes: 12 additions & 1 deletion tests/service/env_vars.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,18 @@
---
- name: Query ipaserver hostname and set server_fqdn
block:
- name: Run hostname command
ansible.builtin.shell: hostname -f
changed_when: false
register: hostname

- name: Set server_fqdn
ansible.builtin.set_fact:
node_fqdn: "{{ hostname.stdout }}"

- name: Get Domain from server name
ansible.builtin.set_fact:
test_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join('.') }}"
test_domain: "{{ node_fqdn.split('.')[1:] | join('.') }}"

- name: Set host1, host2 and svc hosts fqdn
ansible.builtin.set_fact:
Expand Down
31 changes: 19 additions & 12 deletions tests/service/test_service_disable.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,13 @@
KRB5CCNAME: test_service_disable_ccache

tasks:
- name: Include tasks env_setup.yml
ansible.builtin.include_tasks: env_setup.yml

- name: Set server_fqdn
ansible.builtin.set_fact:
server_fqdn: "{{ node_fqdn }}"

- name: Get Kerberos ticket for `admin`.
ansible.builtin.shell: echo SomeADMINpassword | kinit -c ${KRB5CCNAME} admin

Expand All @@ -29,73 +36,73 @@
- name: Ensure service is absent
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "mysvc1/{{ ansible_facts['fqdn'] }}"
name: "mysvc1/{{ server_fqdn }}"
state: absent

- name: Ensure service is present
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "mysvc1/{{ ansible_facts['fqdn'] }}"
name: "mysvc1/{{ server_fqdn }}"
certificate:
- "{{ lookup('file', 'cert1.b64', rstrip=False) }}"
force: no
register: result
failed_when: not result.changed or result.failed

- name: Obtain keytab
ansible.builtin.shell: ipa-getkeytab -s "{{ ansible_facts['fqdn'] }}" -p "mysvc1/{{ ansible_facts['fqdn'] }}" -k mysvc1.keytab
ansible.builtin.shell: ipa-getkeytab -s "{{ server_fqdn }}" -p "mysvc1/{{ server_fqdn }}" -k mysvc1.keytab

- name: Verify keytab
ansible.builtin.shell: ipa service-find "mysvc1/{{ ansible_facts['fqdn'] }}"
ansible.builtin.shell: ipa service-find "mysvc1/{{ server_fqdn }}"
register: result
failed_when: result.failed or result.stdout | regex_search(" Keytab. true")

- name: Ensure service is disabled
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "mysvc1/{{ ansible_facts['fqdn'] }}"
name: "mysvc1/{{ server_fqdn }}"
state: disabled
register: result
failed_when: not result.changed or result.failed

- name: Verify keytab
ansible.builtin.shell: ipa service-find "mysvc1/{{ ansible_facts['fqdn'] }}"
ansible.builtin.shell: ipa service-find "mysvc1/{{ server_fqdn }}"
register: result
failed_when: result.failed or result.stdout | regex_search(" Keytab. true")

- name: Obtain keytab
ansible.builtin.shell: ipa-getkeytab -s "{{ ansible_facts['fqdn'] }}" -p "mysvc1/{{ ansible_facts['fqdn'] }}" -k mysvc1.keytab
ansible.builtin.shell: ipa-getkeytab -s "{{ server_fqdn }}" -p "mysvc1/{{ server_fqdn }}" -k mysvc1.keytab

- name: Verify keytab
ansible.builtin.shell: ipa service-find "mysvc1/{{ ansible_facts['fqdn'] }}"
ansible.builtin.shell: ipa service-find "mysvc1/{{ server_fqdn }}"
register: result
failed_when: result.failed or result.stdout | regex_search(" Keytab. true")

- name: Ensure service is disabled
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "mysvc1/{{ ansible_facts['fqdn'] }}"
name: "mysvc1/{{ server_fqdn }}"
state: disabled
register: result
failed_when: not result.changed or result.failed

- name: Verify keytab
ansible.builtin.shell: ipa service-find "mysvc1/{{ ansible_facts['fqdn'] }}"
ansible.builtin.shell: ipa service-find "mysvc1/{{ server_fqdn }}"
register: result
failed_when: result.failed or result.stdout | regex_search(" Keytab. true")

- name: Ensure service is disabled, with no keytab.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "mysvc1/{{ ansible_facts['fqdn'] }}"
name: "mysvc1/{{ server_fqdn }}"
state: disabled
register: result
failed_when: result.changed or result.failed

- name: Ensure service is absent
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "mysvc1/{{ ansible_facts['fqdn'] }}"
name: "mysvc1/{{ server_fqdn }}"

- name: Destroy Kerberos tickets.
ansible.builtin.shell: kdestroy -A -q -c ${KRB5CCNAME}
Expand Down

0 comments on commit f51cc11

Please sign in to comment.