---
- name: Playbook to ensure
hosts: ipaserver
become: no
gather_facts: yes
tasks:
- name: Setup testing environment.
include_tasks: env_setup.yml
- name: Add test host.
ipahost:
ipaadmin_password: SomeADMINpassword
name: "iron01.{{ safezone }}"
ip_address: 192.168.1.253
force: yes
- name: Cleanup test records.
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: safezone.test
records:
- name: iron01
ns_rec: iron01
ds_record:
- 1234 3 3 84763786e4213cca9a6938dba5dacd64f87ec216
- 1234 3 3 84763786e4213cca9a6938dba5dacd64f87ec222
- 5555 5 5 84763786e4213cca9a6938dba5dacd64f87ec222
cert_record:
- 1 1234 3 AwIBAgIUb14+Oug2nPMIIBdTCCAR+g
- 2 567 4 AwIBAgIUb14+Oug2nPMIIBdTCCAR+g
state: absent
- name: Add NS records to test.
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: safezone.test
records:
- name: iron01
ns_rec: iron01
register: result
failed_when: result.failed or not result.changed
- name: Add DS records to test.
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: safezone.test
records:
- name: iron01
ds_record:
- 1234 3 3 84763786e4213cca9a6938dba5dacd64f87ec216
- 1234 3 3 84763786e4213cca9a6938dba5dacd64f87ec222
register: result
failed_when: result.failed or not result.changed
- name: Add CERT records to test.
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: safezone.test
records:
- name: host01
cert_record:
- 1 1234 3 AwIBAgIUb14+Oug2nPMIIBdTCCAR+g
- 5 555 4 AwIBAgIUb14+Oug2nPMIIBdTCCAAS+g
register: result
failed_when: result.failed or not result.changed
- name: Modify CERT record.
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: safezone.test
name: host01
cert_type: 2
cert_key_tag: 567
cert_algorithm: 4
cert_rec: 1 1234 3 AwIBAgIUb14+Oug2nPMIIBdTCCAR+g
register: result
failed_when: result.failed or not result.changed
- name: Verify modified CERT records exists.
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: safezone.test
records:
- name: host01
cert_record: 2 567 4 AwIBAgIUb14+Oug2nPMIIBdTCCAR+g
register: result
failed_when: result.failed or result.changed
- name: Verify if old CERT record does not exist.
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: safezone.test
records:
- name: host01
cert_record: 1 1234 3 AwIBAgIUb14+Oug2nPMIIBdTCCAR+g
state: absent
register: result
failed_when: result.failed or result.changed
- name: Verify if unmodified CERT record does exist.
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: safezone.test
records:
- name: host01
cert_record: 5 555 4 AwIBAgIUb14+Oug2nPMIIBdTCCAAS+g
register: result
failed_when: result.failed or result.changed
- name: Try to modify the same DS record twice.
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: safezone.test
records:
- name: iron01
ds_key_tag: 5555
ds_algorithm: 5
ds_digest_type: 5
ds_digest: 84763786e4213cca9a6938dba5dacd64f87ec222
ds_record: 1234 3 3 84763786e4213cca9a6938dba5dacd64f87ec216
- name: iron01
ds_key_tag: 5555
ds_algorithm: 5
ds_digest_type: 5
ds_digest: 84763786e4213cca9a6938dba5dacd64f87ec222
ds_record: 1234 3 3 84763786e4213cca9a6938dba5dacd64f87ec216
register: result
failed_when: not result.failed or "DS record does not contain" not in result.msg
- name: Verify if unmodified DS record still exists.
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: safezone.test
records:
- name: iron01
ds_record: 1234 3 3 84763786e4213cca9a6938dba5dacd64f87ec222
register: result
failed_when: result.failed or result.changed
- name: Verify DS record was modified
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: safezone.test
records:
- name: iron01
ds_record: 5555 5 5 84763786e4213cca9a6938dba5dacd64f87ec222
register: result
failed_when: result.failed or result.changed
- name: Verify if modified DS record was not created.
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: safezone.test
records:
- name: iron01
ds_record: 1234 3 3 84763786e4213cca9a6938dba5dacd64f87ec216
state: absent
register: result
failed_when: result.failed or result.changed
- name: Cleanup test records.
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: safezone.test
records:
- name: iron01
ds_record:
- 1234 3 3 84763786e4213cca9a6938dba5dacd64f87ec216
- 1234 3 3 84763786e4213cca9a6938dba5dacd64f87ec222
- 5555 5 5 84763786e4213cca9a6938dba5dacd64f87ec222
- name: host01
cert_record:
- 1 1234 3 AwIBAgIUb14+Oug2nPMIIBdTCCAR+g
- 2 567 4 AwIBAgIUb14+Oug2nPMIIBdTCCAR+g
state: absent
# cleanup
- name: Cleanup test environment.
include_tasks: env_cleanup.yml