629 lines
19 KiB
Diff
629 lines
19 KiB
Diff
|
# Skipping 3ab575bcac310166e7d29c5a5349d90482f4e629 as it is reorganizing
|
||
|
# service module test test_service.yml and
|
||
|
# test_service_without_skip_host_check.yml
|
||
|
|
||
|
From b5e93c705fc56f6592121aa09bfb9f6dce5cee35 Mon Sep 17 00:00:00 2001
|
||
|
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
|
||
|
Date: Tue, 11 Aug 2020 16:23:15 -0300
|
||
|
Subject: [PATCH] Fix `allow_retrieve_keytab_host` in service module.
|
||
|
|
||
|
The attribute `allow_retrieve_keytab_host` was not working due to
|
||
|
wrong processing of the input and verification if the values should
|
||
|
be updated. Both the issues are fixed by this change.
|
||
|
|
||
|
Tests were added to better verify service keytab members.
|
||
|
---
|
||
|
plugins/modules/ipaservice.py | 4 +-
|
||
|
tests/service/env_cleanup.yml | 68 +++++
|
||
|
tests/service/env_setup.yml | 73 +++++
|
||
|
tests/service/env_vars.yml | 15 +
|
||
|
tests/service/test_service_keytab.yml | 397 ++++++++++++++++++++++++++
|
||
|
5 files changed, 555 insertions(+), 2 deletions(-)
|
||
|
create mode 100644 tests/service/env_cleanup.yml
|
||
|
create mode 100644 tests/service/env_setup.yml
|
||
|
create mode 100644 tests/service/env_vars.yml
|
||
|
create mode 100644 tests/service/test_service_keytab.yml
|
||
|
|
||
|
diff --git a/plugins/modules/ipaservice.py b/plugins/modules/ipaservice.py
|
||
|
index b0d2535..8bc390d 100644
|
||
|
--- a/plugins/modules/ipaservice.py
|
||
|
+++ b/plugins/modules/ipaservice.py
|
||
|
@@ -460,7 +460,7 @@ def main():
|
||
|
allow_retrieve_keytab_group = module_params_get(
|
||
|
ansible_module, "allow_retrieve_keytab_group")
|
||
|
allow_retrieve_keytab_host = module_params_get(
|
||
|
- ansible_module, "allow_create_keytab_host")
|
||
|
+ ansible_module, "allow_retrieve_keytab_host")
|
||
|
allow_retrieve_keytab_hostgroup = module_params_get(
|
||
|
ansible_module, "allow_retrieve_keytab_hostgroup")
|
||
|
delete_continue = module_params_get(ansible_module, "delete_continue")
|
||
|
@@ -727,7 +727,7 @@ def main():
|
||
|
# Allow retrieve keytab
|
||
|
if len(allow_retrieve_keytab_user_add) > 0 or \
|
||
|
len(allow_retrieve_keytab_group_add) > 0 or \
|
||
|
- len(allow_retrieve_keytab_hostgroup_add) > 0 or \
|
||
|
+ len(allow_retrieve_keytab_host_add) > 0 or \
|
||
|
len(allow_retrieve_keytab_hostgroup_add) > 0:
|
||
|
commands.append(
|
||
|
[name, "service_allow_retrieve_keytab",
|
||
|
diff --git a/tests/service/env_cleanup.yml b/tests/service/env_cleanup.yml
|
||
|
new file mode 100644
|
||
|
index 0000000..f96a75b
|
||
|
--- /dev/null
|
||
|
+++ b/tests/service/env_cleanup.yml
|
||
|
@@ -0,0 +1,68 @@
|
||
|
+---
|
||
|
+# Cleanup tasks for the service module tests.
|
||
|
+- name: Ensure services are absent.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name:
|
||
|
+ - "HTTP/{{ svc_fqdn }}"
|
||
|
+ - "HTTP/{{ nohost_fqdn }}"
|
||
|
+ - HTTP/svc.ihavenodns.info
|
||
|
+ - HTTP/no.idontexist.local
|
||
|
+ - "cifs/{{ host1_fqdn }}"
|
||
|
+ state: absent
|
||
|
+
|
||
|
+- name: Ensure host "{{ svc_fqdn }}" is absent
|
||
|
+ ipahost:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "{{ svc_fqdn }}"
|
||
|
+ update_dns: yes
|
||
|
+ state: absent
|
||
|
+
|
||
|
+- name: Ensure host is absent
|
||
|
+ ipahost:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name:
|
||
|
+ - "{{ host1_fqdn }}"
|
||
|
+ - "{{ host2_fqdn }}"
|
||
|
+ - "{{ nohost_fqdn }}"
|
||
|
+ - svc.ihavenodns.info
|
||
|
+ update_dns: no
|
||
|
+ state: absent
|
||
|
+
|
||
|
+- name: Ensure testing users are absent.
|
||
|
+ ipauser:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name:
|
||
|
+ - user01
|
||
|
+ - user02
|
||
|
+ state: absent
|
||
|
+
|
||
|
+- name: Ensure testing groups are absent.
|
||
|
+ ipagroup:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name:
|
||
|
+ - group01
|
||
|
+ - group02
|
||
|
+ state: absent
|
||
|
+
|
||
|
+- name: Ensure testing hostgroup hostgroup01 is absent.
|
||
|
+ ipagroup:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name:
|
||
|
+ - hostgroup01
|
||
|
+ state: absent
|
||
|
+
|
||
|
+- name: Ensure testing hostgroup hostgroup02 is absent.
|
||
|
+ ipagroup:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name:
|
||
|
+ - hostgroup02
|
||
|
+ state: absent
|
||
|
+
|
||
|
+- name: Remove IP address for "nohost" host.
|
||
|
+ ipadnsrecord:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ zone_name: "{{ test_domain }}."
|
||
|
+ name: nohost
|
||
|
+ del_all: yes
|
||
|
+ state: absent
|
||
|
diff --git a/tests/service/env_setup.yml b/tests/service/env_setup.yml
|
||
|
new file mode 100644
|
||
|
index 0000000..309cfc0
|
||
|
--- /dev/null
|
||
|
+++ b/tests/service/env_setup.yml
|
||
|
@@ -0,0 +1,73 @@
|
||
|
+# Setup environment for service module tests.
|
||
|
+---
|
||
|
+- name: Setup variables and facts.
|
||
|
+ include_tasks: env_vars.yml
|
||
|
+
|
||
|
+# Cleanup before setup.
|
||
|
+- name: Cleanup test environment.
|
||
|
+ include_tasks: env_cleanup.yml
|
||
|
+
|
||
|
+- name: Add IP address for "nohost" host.
|
||
|
+ ipadnsrecord:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ zone_name: "{{ test_domain }}."
|
||
|
+ name: nohost
|
||
|
+ a_ip_address: "{{ ipv4_prefix + '.100' }}"
|
||
|
+
|
||
|
+- name: Add hosts for tests.
|
||
|
+ ipahost:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ hosts:
|
||
|
+ - name: "{{ host1_fqdn }}"
|
||
|
+ ip_address: "{{ ipv4_prefix + '.101' }}"
|
||
|
+ - name: "{{ host2_fqdn }}"
|
||
|
+ ip_address: "{{ ipv4_prefix + '.102' }}"
|
||
|
+ - name: "{{ svc_fqdn }}"
|
||
|
+ ip_address: "{{ ipv4_prefix + '.201' }}"
|
||
|
+ - name: svc.ihavenodns.info
|
||
|
+ force: yes
|
||
|
+ update_dns: yes
|
||
|
+
|
||
|
+- name: Ensure testing user user01 is present.
|
||
|
+ ipauser:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: user01
|
||
|
+ first: user01
|
||
|
+ last: last
|
||
|
+
|
||
|
+- name: Ensure testing user user02 is present.
|
||
|
+ ipauser:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: user02
|
||
|
+ first: user02
|
||
|
+ last: last
|
||
|
+
|
||
|
+- name: Ensure testing group group01 is present.
|
||
|
+ ipagroup:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: group01
|
||
|
+
|
||
|
+- name: Ensure testing group group02 is present.
|
||
|
+ ipagroup:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: group02
|
||
|
+
|
||
|
+- name: Ensure testing hostgroup hostgroup01 is present.
|
||
|
+ ipahostgroup:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: hostgroup01
|
||
|
+
|
||
|
+- name: Ensure testing hostgroup hostgroup02 is present.
|
||
|
+ ipahostgroup:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: hostgroup02
|
||
|
+
|
||
|
+- name: Ensure services are absent.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name:
|
||
|
+ - "HTTP/{{ svc_fqdn }}"
|
||
|
+ - "HTTP/{{ nohost_fqdn }}"
|
||
|
+ - HTTP/svc.ihavenodns.info
|
||
|
+ - HTTP/no.idontexist.info
|
||
|
+ state: absent
|
||
|
diff --git a/tests/service/env_vars.yml b/tests/service/env_vars.yml
|
||
|
new file mode 100644
|
||
|
index 0000000..eb53c7a
|
||
|
--- /dev/null
|
||
|
+++ b/tests/service/env_vars.yml
|
||
|
@@ -0,0 +1,15 @@
|
||
|
+---
|
||
|
+ - name: Get Domain from server name
|
||
|
+ set_fact:
|
||
|
+ test_domain: "{{ ansible_fqdn.split('.')[1:] | join('.') }}"
|
||
|
+
|
||
|
+ - name: Set host1, host2 and svc hosts fqdn
|
||
|
+ set_fact:
|
||
|
+ host1_fqdn: "{{ 'host1.' + test_domain }}"
|
||
|
+ host2_fqdn: "{{ 'host2.' + test_domain }}"
|
||
|
+ svc_fqdn: "{{ 'svc.' + test_domain }}"
|
||
|
+ nohost_fqdn: "{{ 'nohost.' + test_domain }}"
|
||
|
+
|
||
|
+ - name: Get IPv4 address prefix from server node
|
||
|
+ set_fact:
|
||
|
+ ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] | join('.') }}"
|
||
|
diff --git a/tests/service/test_service_keytab.yml b/tests/service/test_service_keytab.yml
|
||
|
new file mode 100644
|
||
|
index 0000000..0918802
|
||
|
--- /dev/null
|
||
|
+++ b/tests/service/test_service_keytab.yml
|
||
|
@@ -0,0 +1,397 @@
|
||
|
+---
|
||
|
+- name: Test service
|
||
|
+ hosts: ipaserver
|
||
|
+ become: yes
|
||
|
+
|
||
|
+ tasks:
|
||
|
+ # setup
|
||
|
+ - name: Setup test envirnoment.
|
||
|
+ include_tasks: env_setup.yml
|
||
|
+
|
||
|
+ # Add service to test keytab create/retrieve attributes.
|
||
|
+ - name: Ensure test service is present
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ pac_type:
|
||
|
+ - MS-PAC
|
||
|
+ - PAD
|
||
|
+ auth_ind: otp
|
||
|
+ force: yes
|
||
|
+ requires_pre_auth: yes
|
||
|
+ ok_as_delegate: no
|
||
|
+ ok_to_auth_as_delegate: no
|
||
|
+
|
||
|
+ # tests
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_create_keytab_user:
|
||
|
+ - user01
|
||
|
+ - user02
|
||
|
+ action: member
|
||
|
+ register: result
|
||
|
+ failed_when: not result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, again.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_create_keytab_user:
|
||
|
+ - user01
|
||
|
+ - user02
|
||
|
+ action: member
|
||
|
+ register: result
|
||
|
+ failed_when: result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_create_keytab_user:
|
||
|
+ - user01
|
||
|
+ - user02
|
||
|
+ action: member
|
||
|
+ state: absent
|
||
|
+ register: result
|
||
|
+ failed_when: not result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, again.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_create_keytab_user:
|
||
|
+ - user01
|
||
|
+ - user02
|
||
|
+ action: member
|
||
|
+ state: absent
|
||
|
+ register: result
|
||
|
+ failed_when: result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for group.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_create_keytab_group:
|
||
|
+ - group01
|
||
|
+ - group02
|
||
|
+ action: member
|
||
|
+ register: result
|
||
|
+ failed_when: not result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for group, again.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_create_keytab_group:
|
||
|
+ - group01
|
||
|
+ - group02
|
||
|
+ action: member
|
||
|
+ register: result
|
||
|
+ failed_when: result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for group.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_create_keytab_group:
|
||
|
+ - group01
|
||
|
+ - group02
|
||
|
+ action: member
|
||
|
+ state: absent
|
||
|
+ register: result
|
||
|
+ failed_when: not result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for group, again.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_create_keytab_group:
|
||
|
+ - group01
|
||
|
+ - group02
|
||
|
+ action: member
|
||
|
+ state: absent
|
||
|
+ register: result
|
||
|
+ failed_when: result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for host.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_create_keytab_host:
|
||
|
+ - "{{ host1_fqdn }}"
|
||
|
+ - "{{ host2_fqdn }}"
|
||
|
+ action: member
|
||
|
+ register: result
|
||
|
+ failed_when: not result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for host, again.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_create_keytab_host:
|
||
|
+ - "{{ host1_fqdn }}"
|
||
|
+ - "{{ host2_fqdn }}"
|
||
|
+ action: member
|
||
|
+ register: result
|
||
|
+ failed_when: result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for host.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_create_keytab_host:
|
||
|
+ - "{{ host1_fqdn }}"
|
||
|
+ - "{{ host2_fqdn }}"
|
||
|
+ action: member
|
||
|
+ state: absent
|
||
|
+ register: result
|
||
|
+ failed_when: not result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for host, again.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_create_keytab_host:
|
||
|
+ - "{{ host1_fqdn }}"
|
||
|
+ - "{{ host2_fqdn }}"
|
||
|
+ action: member
|
||
|
+ state: absent
|
||
|
+ register: result
|
||
|
+ failed_when: result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for hostgroup.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_create_keytab_hostgroup:
|
||
|
+ - hostgroup01
|
||
|
+ - hostgroup02
|
||
|
+ action: member
|
||
|
+ register: result
|
||
|
+ failed_when: not result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for hostgroup, again.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_create_keytab_hostgroup:
|
||
|
+ - hostgroup01
|
||
|
+ - hostgroup02
|
||
|
+ action: member
|
||
|
+ register: result
|
||
|
+ failed_when: result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for hostgroup.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_create_keytab_hostgroup:
|
||
|
+ - hostgroup01
|
||
|
+ - hostgroup02
|
||
|
+ state: absent
|
||
|
+ action: member
|
||
|
+ register: result
|
||
|
+ failed_when: not result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for hostgroup, again.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_create_keytab_hostgroup:
|
||
|
+ - hostgroup01
|
||
|
+ - hostgroup02
|
||
|
+ action: member
|
||
|
+ state: absent
|
||
|
+ register: result
|
||
|
+ failed_when: result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_retrieve_keytab_user:
|
||
|
+ - user01
|
||
|
+ - user02
|
||
|
+ action: member
|
||
|
+ register: result
|
||
|
+ failed_when: not result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, again.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_retrieve_keytab_user:
|
||
|
+ - user01
|
||
|
+ - user02
|
||
|
+ action: member
|
||
|
+ register: result
|
||
|
+ failed_when: result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_retrieve_keytab_user:
|
||
|
+ - user01
|
||
|
+ - user02
|
||
|
+ action: member
|
||
|
+ state: absent
|
||
|
+ register: result
|
||
|
+ failed_when: not result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, again.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_retrieve_keytab_user:
|
||
|
+ - user01
|
||
|
+ - user02
|
||
|
+ action: member
|
||
|
+ state: absent
|
||
|
+ register: result
|
||
|
+ failed_when: result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for group.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_retrieve_keytab_group:
|
||
|
+ - group01
|
||
|
+ - group02
|
||
|
+ action: member
|
||
|
+ register: result
|
||
|
+ failed_when: not result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for group, again.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_retrieve_keytab_group:
|
||
|
+ - group01
|
||
|
+ - group02
|
||
|
+ action: member
|
||
|
+ register: result
|
||
|
+ failed_when: result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for group.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_retrieve_keytab_group:
|
||
|
+ - group01
|
||
|
+ - group02
|
||
|
+ action: member
|
||
|
+ state: absent
|
||
|
+ register: result
|
||
|
+ failed_when: not result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for group, again.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_retrieve_keytab_group:
|
||
|
+ - group01
|
||
|
+ - group02
|
||
|
+ action: member
|
||
|
+ state: absent
|
||
|
+ register: result
|
||
|
+ failed_when: result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for host.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_retrieve_keytab_host:
|
||
|
+ - "{{ host1_fqdn }}"
|
||
|
+ - "{{ host2_fqdn }}"
|
||
|
+ action: member
|
||
|
+ register: result
|
||
|
+ failed_when: not result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for host, again.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_retrieve_keytab_host:
|
||
|
+ - "{{ host1_fqdn }}"
|
||
|
+ - "{{ host2_fqdn }}"
|
||
|
+ action: member
|
||
|
+ register: result
|
||
|
+ failed_when: result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for host.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_retrieve_keytab_host:
|
||
|
+ - "{{ host1_fqdn }}"
|
||
|
+ - "{{ host2_fqdn }}"
|
||
|
+ action: member
|
||
|
+ state: absent
|
||
|
+ register: result
|
||
|
+ failed_when: not result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for host, again.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_retrieve_keytab_host:
|
||
|
+ - "{{ host1_fqdn }}"
|
||
|
+ - "{{ host2_fqdn }}"
|
||
|
+ action: member
|
||
|
+ state: absent
|
||
|
+ register: result
|
||
|
+ failed_when: result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for hostgroup.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_retrieve_keytab_hostgroup:
|
||
|
+ - hostgroup01
|
||
|
+ - hostgroup02
|
||
|
+ action: member
|
||
|
+ register: result
|
||
|
+ failed_when: not result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for hostgroup, again.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_retrieve_keytab_hostgroup:
|
||
|
+ - hostgroup01
|
||
|
+ - hostgroup02
|
||
|
+ action: member
|
||
|
+ register: result
|
||
|
+ failed_when: result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for hostgroup.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_retrieve_keytab_hostgroup:
|
||
|
+ - hostgroup01
|
||
|
+ - hostgroup02
|
||
|
+ action: member
|
||
|
+ state: absent
|
||
|
+ register: result
|
||
|
+ failed_when: not result.changed
|
||
|
+
|
||
|
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for hostgroup, again.
|
||
|
+ ipaservice:
|
||
|
+ ipaadmin_password: SomeADMINpassword
|
||
|
+ name: "HTTP/{{ svc_fqdn }}"
|
||
|
+ allow_retrieve_keytab_hostgroup:
|
||
|
+ - hostgroup01
|
||
|
+ - hostgroup02
|
||
|
+ action: member
|
||
|
+ state: absent
|
||
|
+ register: result
|
||
|
+ failed_when: result.changed
|
||
|
+
|
||
|
+ # cleanup
|
||
|
+ - name: Clean-up envirnoment.
|
||
|
+ include_tasks: env_cleanup.yml
|
||
|
--
|
||
|
2.26.2
|
||
|
|