|
Packit Service |
0f71a7 |
# This test uses skip_host_check, so it will fail if not using
|
|
Packit Service |
0f71a7 |
# FreeIPA version 4.7.0 or later.
|
|
Packit Service |
0f71a7 |
#
|
|
Packit Service |
0f71a7 |
# To test against earlier versions, use test_without_skip_host_check.yml.
|
|
Packit Service |
0f71a7 |
#
|
|
Packit Service |
0f71a7 |
# This test define 6 hosts:
|
|
Packit Service |
0f71a7 |
# - www.ansible.com: a host with a DNS setup (external), not present in IPA
|
|
Packit Service |
0f71a7 |
# - no.idontexist.info: a host without DNS and not present in IPA.
|
|
Packit Service |
0f71a7 |
# - svc.ihavenodns.inf: a host without DNS, but present in IPA.
|
|
Packit Service |
0f71a7 |
# - svc_fqdn: a host with DNS and present in IPA.
|
|
Packit Service |
0f71a7 |
# - host1_fqdn and host2_fqdn: used for member actions only.
|
|
Packit Service |
0f71a7 |
#
|
|
Packit Service |
0f71a7 |
---
|
|
Packit Service |
0f71a7 |
- name: Test service
|
|
Packit Service |
0f71a7 |
hosts: ipaserver
|
|
Packit Service |
0f71a7 |
become: yes
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
tasks:
|
|
Packit Service |
0f71a7 |
# setup
|
|
Packit Service |
0f71a7 |
- name: Get Domain from server name
|
|
Packit Service |
0f71a7 |
set_fact:
|
|
Packit Service |
0f71a7 |
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
|
|
Packit Service |
0f71a7 |
when: ipaserver_domain is not defined
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Set host1, host2 and svc hosts fqdn
|
|
Packit Service |
0f71a7 |
set_fact:
|
|
Packit Service |
0f71a7 |
host1_fqdn: "{{ 'host1.' + ipaserver_domain }}"
|
|
Packit Service |
0f71a7 |
host2_fqdn: "{{ 'host2.' + ipaserver_domain }}"
|
|
Packit Service |
0f71a7 |
svc_fqdn: "{{ 'svc.' + ipaserver_domain }}"
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Host absent
|
|
Packit Service |
0f71a7 |
ipahost:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name:
|
|
Packit Service |
0f71a7 |
- www.ansible.com
|
|
Packit Service |
0f71a7 |
- no.idontexist.info
|
|
Packit Service |
0f71a7 |
- svc.ihavenodns.info
|
|
Packit Service |
0f71a7 |
- "{{ host1_fqdn }}"
|
|
Packit Service |
0f71a7 |
- "{{ host2_fqdn }}"
|
|
Packit Service |
0f71a7 |
- "{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
update_dns: no
|
|
Packit Service |
0f71a7 |
state: absent
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Get IPv4 address prefix from server node
|
|
Packit Service |
0f71a7 |
set_fact:
|
|
Packit Service |
0f71a7 |
ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] |
|
|
Packit Service |
0f71a7 |
join('.') }}"
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Add hosts for tests.
|
|
Packit Service |
0f71a7 |
ipahost:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
hosts:
|
|
Packit Service |
0f71a7 |
- name: "{{ host1_fqdn }}"
|
|
Packit Service |
0f71a7 |
force: yes
|
|
Packit Service |
0f71a7 |
- name: "{{ host2_fqdn }}"
|
|
Packit Service |
0f71a7 |
force: yes
|
|
Packit Service |
0f71a7 |
- name: "{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
ip_address: "{{ ipv4_prefix + '.201' }}"
|
|
Packit Service |
0f71a7 |
- name: svc.ihavenodns.info
|
|
Packit Service |
0f71a7 |
force: yes
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure testing user user01 is present.
|
|
Packit Service |
0f71a7 |
ipauser:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: user01
|
|
Packit Service |
0f71a7 |
first: user01
|
|
Packit Service |
0f71a7 |
last: last
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure testing user user02 is present.
|
|
Packit Service |
0f71a7 |
ipauser:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: user02
|
|
Packit Service |
0f71a7 |
first: user02
|
|
Packit Service |
0f71a7 |
last: last
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure testing group group01 is present.
|
|
Packit Service |
0f71a7 |
ipagroup:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: group01
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure testing group group02 is present.
|
|
Packit Service |
0f71a7 |
ipagroup:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: group02
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure testing hostgroup hostgroup01 is present.
|
|
Packit Service |
0f71a7 |
ipahostgroup:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: hostgroup01
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure testing hostgroup hostgroup02 is present.
|
|
Packit Service |
0f71a7 |
ipahostgroup:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: hostgroup02
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure services are absent.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name:
|
|
Packit Service |
0f71a7 |
- "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
- HTTP/www.ansible.com
|
|
Packit Service |
0f71a7 |
- HTTP/svc.ihavenodns.info
|
|
Packit Service |
0f71a7 |
- HTTP/no.idontexist.info
|
|
Packit Service |
0f71a7 |
state: absent
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
# tests
|
|
Packit Service |
0f71a7 |
- name: Ensure service is present
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
pac_type:
|
|
Packit Service |
0f71a7 |
- MS-PAC
|
|
Packit Service |
0f71a7 |
- PAD
|
|
Packit Service |
0f71a7 |
auth_ind: otp
|
|
Packit Service |
0f71a7 |
skip_host_check: no
|
|
Packit Service |
0f71a7 |
force: yes
|
|
Packit Service |
0f71a7 |
requires_pre_auth: yes
|
|
Packit Service |
0f71a7 |
ok_as_delegate: no
|
|
Packit Service |
0f71a7 |
ok_to_auth_as_delegate: no
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure service is present, again
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
pac_type:
|
|
Packit Service |
0f71a7 |
- MS_PAC
|
|
Packit Service |
0f71a7 |
- PAD
|
|
Packit Service |
0f71a7 |
auth_ind: otp
|
|
Packit Service |
0f71a7 |
skip_host_check: no
|
|
Packit Service |
0f71a7 |
force: no
|
|
Packit Service |
0f71a7 |
requires_pre_auth: yes
|
|
Packit Service |
0f71a7 |
ok_as_delegate: no
|
|
Packit Service |
0f71a7 |
ok_to_auth_as_delegate: no
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Modify service.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
pac_type: NONE
|
|
Packit Service |
0f71a7 |
ok_as_delegate: yes
|
|
Packit Service |
0f71a7 |
ok_to_auth_as_delegate: yes
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Modify service, again.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
pac_type: NONE
|
|
Packit Service |
0f71a7 |
ok_as_delegate: yes
|
|
Packit Service |
0f71a7 |
ok_to_auth_as_delegate: yes
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure service is present, without host object.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: HTTP/www.ansible.com
|
|
Packit Service |
0f71a7 |
skip_host_check: yes
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure service is present, without host object, again.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: HTTP/www.ansible.com
|
|
Packit Service |
0f71a7 |
skip_host_check: yes
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure service is present, with host not in DNS.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: HTTP/svc.ihavenodns.info
|
|
Packit Service |
0f71a7 |
skip_host_check: no
|
|
Packit Service |
0f71a7 |
force: yes
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure service is present, with host not in DNS, again.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: HTTP/svc.ihavenodns.info
|
|
Packit Service |
0f71a7 |
skip_host_check: no
|
|
Packit Service |
0f71a7 |
force: yes
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure service is present, whithout host object and with host not in DNS.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: HTTP/no.idontexist.info
|
|
Packit Service |
0f71a7 |
skip_host_check: yes
|
|
Packit Service |
0f71a7 |
force: yes
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure service is present, whithout host object and with host not in DNS, again.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: HTTP/no.idontexist.info
|
|
Packit Service |
0f71a7 |
skip_host_check: yes
|
|
Packit Service |
0f71a7 |
force: yes
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Principal host/test.example.com present in service.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
principal:
|
|
Packit Service |
0f71a7 |
- host/test.example.com
|
|
Packit Service |
0f71a7 |
action: member
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Principal host/test.example.com present in service, again.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
principal:
|
|
Packit Service |
0f71a7 |
- host/test.example.com
|
|
Packit Service |
0f71a7 |
action: member
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Principal host/test.example.com absent in service.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
principal:
|
|
Packit Service |
0f71a7 |
- host/test.example.com
|
|
Packit Service |
0f71a7 |
action: member
|
|
Packit Service |
0f71a7 |
state: absent
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Principal host/test.example.com absent in service, again.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
principal:
|
|
Packit Service |
0f71a7 |
- host/test.example.com
|
|
Packit Service |
0f71a7 |
action: member
|
|
Packit Service |
0f71a7 |
state: absent
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure host can manage service.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
host:
|
|
Packit Service |
0f71a7 |
- "{{ host1_fqdn }}"
|
|
Packit Service |
0f71a7 |
- "{{ host2_fqdn }}"
|
|
Packit Service |
0f71a7 |
action: member
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure host can manage service, again.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
host: "{{ host1_fqdn }}"
|
|
Packit Service |
0f71a7 |
action: member
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure host cannot manage service.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
host:
|
|
Packit Service |
0f71a7 |
- "{{ host1_fqdn }}"
|
|
Packit Service |
0f71a7 |
- "{{ host2_fqdn }}"
|
|
Packit Service |
0f71a7 |
action: member
|
|
Packit Service |
0f71a7 |
state: absent
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure host cannot manage service, again.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
host:
|
|
Packit Service |
0f71a7 |
- "{{ host1_fqdn }}"
|
|
Packit Service |
0f71a7 |
- "{{ host2_fqdn }}"
|
|
Packit Service |
0f71a7 |
action: member
|
|
Packit Service |
0f71a7 |
state: absent
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
allow_create_keytab_user:
|
|
Packit Service |
0f71a7 |
- user01
|
|
Packit Service |
0f71a7 |
- user02
|
|
Packit Service |
0f71a7 |
allow_create_keytab_group:
|
|
Packit Service |
0f71a7 |
- group01
|
|
Packit Service |
0f71a7 |
- group02
|
|
Packit Service |
0f71a7 |
allow_create_keytab_host:
|
|
Packit Service |
0f71a7 |
- "{{ host1_fqdn }}"
|
|
Packit Service |
0f71a7 |
- "{{ host2_fqdn }}"
|
|
Packit Service |
0f71a7 |
allow_create_keytab_hostgroup:
|
|
Packit Service |
0f71a7 |
- hostgroup01
|
|
Packit Service |
0f71a7 |
- hostgroup02
|
|
Packit Service |
0f71a7 |
action: member
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups, again.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
allow_create_keytab_user:
|
|
Packit Service |
0f71a7 |
- user01
|
|
Packit Service |
0f71a7 |
- user02
|
|
Packit Service |
0f71a7 |
allow_create_keytab_group:
|
|
Packit Service |
0f71a7 |
- group01
|
|
Packit Service |
0f71a7 |
- group02
|
|
Packit Service |
0f71a7 |
allow_create_keytab_host:
|
|
Packit Service |
0f71a7 |
- "{{ host1_fqdn }}"
|
|
Packit Service |
0f71a7 |
- "{{ host2_fqdn }}"
|
|
Packit Service |
0f71a7 |
allow_create_keytab_hostgroup:
|
|
Packit Service |
0f71a7 |
- hostgroup01
|
|
Packit Service |
0f71a7 |
- hostgroup02
|
|
Packit Service |
0f71a7 |
action: member
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
allow_create_keytab_user:
|
|
Packit Service |
0f71a7 |
- user01
|
|
Packit Service |
0f71a7 |
- user02
|
|
Packit Service |
0f71a7 |
allow_create_keytab_group:
|
|
Packit Service |
0f71a7 |
- group01
|
|
Packit Service |
0f71a7 |
- group02
|
|
Packit Service |
0f71a7 |
allow_create_keytab_host:
|
|
Packit Service |
0f71a7 |
- "{{ host1_fqdn }}"
|
|
Packit Service |
0f71a7 |
- "{{ host2_fqdn }}"
|
|
Packit Service |
0f71a7 |
allow_create_keytab_hostgroup:
|
|
Packit Service |
0f71a7 |
- hostgroup01
|
|
Packit Service |
0f71a7 |
- hostgroup02
|
|
Packit Service |
0f71a7 |
action: member
|
|
Packit Service |
0f71a7 |
state: absent
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups, again.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
allow_create_keytab_user:
|
|
Packit Service |
0f71a7 |
- user01
|
|
Packit Service |
0f71a7 |
- user02
|
|
Packit Service |
0f71a7 |
allow_create_keytab_group:
|
|
Packit Service |
0f71a7 |
- group01
|
|
Packit Service |
0f71a7 |
- group02
|
|
Packit Service |
0f71a7 |
allow_create_keytab_host:
|
|
Packit Service |
0f71a7 |
- "{{ host1_fqdn }}"
|
|
Packit Service |
0f71a7 |
- "{{ host2_fqdn }}"
|
|
Packit Service |
0f71a7 |
allow_create_keytab_hostgroup:
|
|
Packit Service |
0f71a7 |
- hostgroup01
|
|
Packit Service |
0f71a7 |
- hostgroup02
|
|
Packit Service |
0f71a7 |
action: member
|
|
Packit Service |
0f71a7 |
state: absent
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
allow_retrieve_keytab_user:
|
|
Packit Service |
0f71a7 |
- user01
|
|
Packit Service |
0f71a7 |
- user02
|
|
Packit Service |
0f71a7 |
allow_retrieve_keytab_group:
|
|
Packit Service |
0f71a7 |
- group01
|
|
Packit Service |
0f71a7 |
- group02
|
|
Packit Service |
0f71a7 |
allow_retrieve_keytab_host:
|
|
Packit Service |
0f71a7 |
- "{{ host1_fqdn }}"
|
|
Packit Service |
0f71a7 |
- "{{ host2_fqdn }}"
|
|
Packit Service |
0f71a7 |
allow_retrieve_keytab_hostgroup:
|
|
Packit Service |
0f71a7 |
- hostgroup01
|
|
Packit Service |
0f71a7 |
- hostgroup02
|
|
Packit Service |
0f71a7 |
action: member
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups, again.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
allow_retrieve_keytab_user:
|
|
Packit Service |
0f71a7 |
- user01
|
|
Packit Service |
0f71a7 |
- user02
|
|
Packit Service |
0f71a7 |
allow_retrieve_keytab_group:
|
|
Packit Service |
0f71a7 |
- group01
|
|
Packit Service |
0f71a7 |
- group02
|
|
Packit Service |
0f71a7 |
allow_retrieve_keytab_host:
|
|
Packit Service |
0f71a7 |
- "{{ host1_fqdn }}"
|
|
Packit Service |
0f71a7 |
- host02.exampl "{{ groups.ipaserver[0] }}"e.com
|
|
Packit Service |
0f71a7 |
allow_retrieve_keytab_hostgroup:
|
|
Packit Service |
0f71a7 |
- hostgroup01
|
|
Packit Service |
0f71a7 |
- hostgroup02
|
|
Packit Service |
0f71a7 |
action: member
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
allow_retrieve_keytab_user:
|
|
Packit Service |
0f71a7 |
- user01
|
|
Packit Service |
0f71a7 |
- user02
|
|
Packit Service |
0f71a7 |
allow_retrieve_keytab_group:
|
|
Packit Service |
0f71a7 |
- group01
|
|
Packit Service |
0f71a7 |
- group02
|
|
Packit Service |
0f71a7 |
allow_retrieve_keytab_host:
|
|
Packit Service |
0f71a7 |
- "{{ host1_fqdn }}"
|
|
Packit Service |
0f71a7 |
- "{{ host2_fqdn }}"
|
|
Packit Service |
0f71a7 |
allow_retrieve_keytab_hostgroup:
|
|
Packit Service |
0f71a7 |
- hostgroup01
|
|
Packit Service |
0f71a7 |
- hostgroup02
|
|
Packit Service |
0f71a7 |
action: member
|
|
Packit Service |
0f71a7 |
state: absent
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups, again.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
allow_retrieve_keytab_user:
|
|
Packit Service |
0f71a7 |
- user01
|
|
Packit Service |
0f71a7 |
- user02
|
|
Packit Service |
0f71a7 |
allow_retrieve_keytab_group:
|
|
Packit Service |
0f71a7 |
- group01
|
|
Packit Service |
0f71a7 |
- group02
|
|
Packit Service |
0f71a7 |
allow_retrieve_keytab_host:
|
|
Packit Service |
0f71a7 |
- "{{ host1_fqdn }}"
|
|
Packit Service |
0f71a7 |
- "{{ host2_fqdn }}"
|
|
Packit Service |
0f71a7 |
allow_retrieve_keytab_hostgroup:
|
|
Packit Service |
0f71a7 |
- hostgroup01
|
|
Packit Service |
0f71a7 |
- hostgroup02
|
|
Packit Service |
0f71a7 |
action: member
|
|
Packit Service |
0f71a7 |
state: absent
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
#
|
|
Packit Service |
0f71a7 |
- name: Ensure service is absent
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
state: absent
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure service is absent, again
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
state: absent
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure service is present, with multiple auth_ind values.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
auth_ind: otp,radius
|
|
Packit Service |
0f71a7 |
skip_host_check: no
|
|
Packit Service |
0f71a7 |
force: yes
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure service is present, with multiple auth_ind values, again.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
auth_ind: otp,radius
|
|
Packit Service |
0f71a7 |
skip_host_check: no
|
|
Packit Service |
0f71a7 |
force: yes
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Clear auth_ind.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
auth_ind: ""
|
|
Packit Service |
0f71a7 |
skip_host_check: no
|
|
Packit Service |
0f71a7 |
force: yes
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Clear auth_ind, again.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
auth_ind: ""
|
|
Packit Service |
0f71a7 |
skip_host_check: no
|
|
Packit Service |
0f71a7 |
force: yes
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure services are absent.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name:
|
|
Packit Service |
0f71a7 |
- "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
- HTTP/www.ansible.com
|
|
Packit Service |
0f71a7 |
- HTTP/svc.ihavenodns.info
|
|
Packit Service |
0f71a7 |
- HTTP/no.idontexist.local
|
|
Packit Service |
0f71a7 |
continue: yes
|
|
Packit Service |
0f71a7 |
state: absent
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure services are absent.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name:
|
|
Packit Service |
0f71a7 |
- "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
- HTTP/www.ansible.com
|
|
Packit Service |
0f71a7 |
- HTTP/svc.ihavenodns.info
|
|
Packit Service |
0f71a7 |
- HTTP/no.idontexist.local
|
|
Packit Service |
0f71a7 |
continue: yes
|
|
Packit Service |
0f71a7 |
state: absent
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure SMB service is present.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: MyPassword123
|
|
Packit Service |
0f71a7 |
name: "{{ host1_fqdn }}"
|
|
Packit Service |
0f71a7 |
smb: yes
|
|
Packit Service |
0f71a7 |
netbiosname: SAMBASVC
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure SMB service is again.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: MyPassword123
|
|
Packit Service |
0f71a7 |
name: "{{ host1_fqdn }}"
|
|
Packit Service |
0f71a7 |
smb: yes
|
|
Packit Service |
0f71a7 |
netbiosname: SAMBASVC
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure SMB service is absent.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: MyPassword123
|
|
Packit Service |
0f71a7 |
name: "cifs/{{ host1_fqdn }}"
|
|
Packit Service |
0f71a7 |
state: absent
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure SMB service is absent, again.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: MyPassword123
|
|
Packit Service |
0f71a7 |
name: "cifs/{{ host1_fqdn }}"
|
|
Packit Service |
0f71a7 |
state: absent
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
# cleanup
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure services are absent.
|
|
Packit Service |
0f71a7 |
ipaservice:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name:
|
|
Packit Service |
0f71a7 |
- "HTTP/{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
- HTTP/www.ansible.com
|
|
Packit Service |
0f71a7 |
- HTTP/svc.ihavenodns.info
|
|
Packit Service |
0f71a7 |
- HTTP/no.idontexist.local
|
|
Packit Service |
0f71a7 |
- "cifs/{{ host1_fqdn }}"
|
|
Packit Service |
0f71a7 |
state: absent
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure host "{{ svc_fqdn }}" is absent
|
|
Packit Service |
0f71a7 |
ipahost:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: "{{ svc_fqdn }}"
|
|
Packit Service |
0f71a7 |
update_dns: yes
|
|
Packit Service |
0f71a7 |
state: absent
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure host is absent
|
|
Packit Service |
0f71a7 |
ipahost:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name:
|
|
Packit Service |
0f71a7 |
- "{{ host1_fqdn }}"
|
|
Packit Service |
0f71a7 |
- "{{ host2_fqdn }}"
|
|
Packit Service |
0f71a7 |
- www.ansible.com
|
|
Packit Service |
0f71a7 |
- svc.ihavenodns.info
|
|
Packit Service |
0f71a7 |
update_dns: no
|
|
Packit Service |
0f71a7 |
state: absent
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure testing users are absent.
|
|
Packit Service |
0f71a7 |
ipauser:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name:
|
|
Packit Service |
0f71a7 |
- user01
|
|
Packit Service |
0f71a7 |
- user02
|
|
Packit Service |
0f71a7 |
state: absent
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure testing groups are absent.
|
|
Packit Service |
0f71a7 |
ipagroup:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name:
|
|
Packit Service |
0f71a7 |
- group01
|
|
Packit Service |
0f71a7 |
- group02
|
|
Packit Service |
0f71a7 |
state: absent
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure testing hostgroup hostgroup01 is absent.
|
|
Packit Service |
0f71a7 |
ipagroup:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name:
|
|
Packit Service |
0f71a7 |
- hostgroup01
|
|
Packit Service |
0f71a7 |
state: absent
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure testing hostgroup hostgroup02 is absent.
|
|
Packit Service |
0f71a7 |
ipagroup:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name:
|
|
Packit Service |
0f71a7 |
- hostgroup02
|
|
Packit Service |
0f71a7 |
state: absent
|