From f51cc116f30ddd9399caf816ee6c80d34dedb89e Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Wed, 26 Jun 2024 20:28:48 +0000 Subject: [PATCH] ansible_fqdn is set to localhost when running with containers. --- tests/env_freeipa_facts.yml | 15 +++++++++++-- tests/host/test_host_random.yml | 20 +++++++++++++---- tests/service/env_vars.yml | 13 ++++++++++- tests/service/test_service_disable.yml | 31 ++++++++++++++++---------- 4 files changed, 60 insertions(+), 19 deletions(-) diff --git a/tests/env_freeipa_facts.yml b/tests/env_freeipa_facts.yml index 280e8efa43..6e96697f54 100644 --- a/tests/env_freeipa_facts.yml +++ b/tests/env_freeipa_facts.yml @@ -12,6 +12,17 @@ cmd: 'ipa --version | sed -n "s/VERSION: \([^,]*\).*API_VERSION: \([^,]*\).*/\1\\n\2/p"' register: ipa_cmd_version +- name: Query ipaserver hostname and set server_fqdn + block: + - name: Run hostname command + ansible.builtin.shell: hostname -f + changed_when: false + register: hostname + + - name: Set server_fqdn + ansible.builtin.set_fact: + node_fqdn: "{{ hostname.stdout }}" + - name: Verify if host is an IPA server or client. ansible.builtin.shell: cmd: | @@ -35,8 +46,8 @@ block: - name: Get Domain from server name ansible.builtin.set_fact: - ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join('.') }}" - when: "'fqdn' in ansible_facts" + ipaserver_domain: "{{ node_fqdn.split('.')[1:] | join('.') }}" + when: ipaserver_domain is not defined - name: Set Domain to 'ipa.test' if FQDN could not be retrieved. ansible.builtin.set_fact: diff --git a/tests/host/test_host_random.yml b/tests/host/test_host_random.yml index b2a6a49e28..c605265104 100644 --- a/tests/host/test_host_random.yml +++ b/tests/host/test_host_random.yml @@ -2,18 +2,30 @@ - name: Test ipahost random password generation hosts: ipaserver become: true + gather_facts: true tasks: + + - name: Query ipaserver hostname and set server_fqdn + block: + - name: Run hostname command + ansible.builtin.shell: hostname -f + changed_when: false + register: hostname + + - name: Set server_fqdn + ansible.builtin.set_fact: + server_fqdn: "{{ hostname.stdout }}" + - name: Get Domain from server name ansible.builtin.set_fact: - ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join('.') }}" + ipaserver_domain: "{{ server_fqdn.split('.')[1:] | join('.') }}" when: ipaserver_domain is not defined - name: Set host1_fqdn and host2_fqdn ansible.builtin.set_fact: host1_fqdn: "{{ 'host1.' + ipaserver_domain }}" host2_fqdn: "{{ 'host2.' + ipaserver_domain }}" - server_fqdn: "{{ ansible_facts['fqdn'] }}" - name: Test hosts absent ipahost: @@ -92,11 +104,11 @@ - name: Print generated random password for "{{ host1_fqdn }}" ansible.builtin.debug: - var: ipahost.host["{{ host1_fqdn }}"].randompassword + var: "ipahost.host[{{ host1_fqdn }}].randompassword" - name: Print generated random password for "{{ host2_fqdn }}" ansible.builtin.debug: - var: ipahost.host["{{ host2_fqdn }}"].randompassword + var: "ipahost.host[{{ host2_fqdn }}].randompassword" - name: Enrolled host "{{ server_fqdn }}" fails to set random password with update_password always ipahost: diff --git a/tests/service/env_vars.yml b/tests/service/env_vars.yml index db11dcd635..be4283e3c1 100644 --- a/tests/service/env_vars.yml +++ b/tests/service/env_vars.yml @@ -1,7 +1,18 @@ --- + - name: Query ipaserver hostname and set server_fqdn + block: + - name: Run hostname command + ansible.builtin.shell: hostname -f + changed_when: false + register: hostname + + - name: Set server_fqdn + ansible.builtin.set_fact: + node_fqdn: "{{ hostname.stdout }}" + - name: Get Domain from server name ansible.builtin.set_fact: - test_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join('.') }}" + test_domain: "{{ node_fqdn.split('.')[1:] | join('.') }}" - name: Set host1, host2 and svc hosts fqdn ansible.builtin.set_fact: diff --git a/tests/service/test_service_disable.yml b/tests/service/test_service_disable.yml index 3152280a8a..040410e091 100644 --- a/tests/service/test_service_disable.yml +++ b/tests/service/test_service_disable.yml @@ -13,6 +13,13 @@ KRB5CCNAME: test_service_disable_ccache tasks: + - name: Include tasks env_setup.yml + ansible.builtin.include_tasks: env_setup.yml + + - name: Set server_fqdn + ansible.builtin.set_fact: + server_fqdn: "{{ node_fqdn }}" + - name: Get Kerberos ticket for `admin`. ansible.builtin.shell: echo SomeADMINpassword | kinit -c ${KRB5CCNAME} admin @@ -29,13 +36,13 @@ - name: Ensure service is absent ipaservice: ipaadmin_password: SomeADMINpassword - name: "mysvc1/{{ ansible_facts['fqdn'] }}" + name: "mysvc1/{{ server_fqdn }}" state: absent - name: Ensure service is present ipaservice: ipaadmin_password: SomeADMINpassword - name: "mysvc1/{{ ansible_facts['fqdn'] }}" + name: "mysvc1/{{ server_fqdn }}" certificate: - "{{ lookup('file', 'cert1.b64', rstrip=False) }}" force: no @@ -43,51 +50,51 @@ failed_when: not result.changed or result.failed - name: Obtain keytab - ansible.builtin.shell: ipa-getkeytab -s "{{ ansible_facts['fqdn'] }}" -p "mysvc1/{{ ansible_facts['fqdn'] }}" -k mysvc1.keytab + ansible.builtin.shell: ipa-getkeytab -s "{{ server_fqdn }}" -p "mysvc1/{{ server_fqdn }}" -k mysvc1.keytab - name: Verify keytab - ansible.builtin.shell: ipa service-find "mysvc1/{{ ansible_facts['fqdn'] }}" + ansible.builtin.shell: ipa service-find "mysvc1/{{ server_fqdn }}" register: result failed_when: result.failed or result.stdout | regex_search(" Keytab. true") - name: Ensure service is disabled ipaservice: ipaadmin_password: SomeADMINpassword - name: "mysvc1/{{ ansible_facts['fqdn'] }}" + name: "mysvc1/{{ server_fqdn }}" state: disabled register: result failed_when: not result.changed or result.failed - name: Verify keytab - ansible.builtin.shell: ipa service-find "mysvc1/{{ ansible_facts['fqdn'] }}" + ansible.builtin.shell: ipa service-find "mysvc1/{{ server_fqdn }}" register: result failed_when: result.failed or result.stdout | regex_search(" Keytab. true") - name: Obtain keytab - ansible.builtin.shell: ipa-getkeytab -s "{{ ansible_facts['fqdn'] }}" -p "mysvc1/{{ ansible_facts['fqdn'] }}" -k mysvc1.keytab + ansible.builtin.shell: ipa-getkeytab -s "{{ server_fqdn }}" -p "mysvc1/{{ server_fqdn }}" -k mysvc1.keytab - name: Verify keytab - ansible.builtin.shell: ipa service-find "mysvc1/{{ ansible_facts['fqdn'] }}" + ansible.builtin.shell: ipa service-find "mysvc1/{{ server_fqdn }}" register: result failed_when: result.failed or result.stdout | regex_search(" Keytab. true") - name: Ensure service is disabled ipaservice: ipaadmin_password: SomeADMINpassword - name: "mysvc1/{{ ansible_facts['fqdn'] }}" + name: "mysvc1/{{ server_fqdn }}" state: disabled register: result failed_when: not result.changed or result.failed - name: Verify keytab - ansible.builtin.shell: ipa service-find "mysvc1/{{ ansible_facts['fqdn'] }}" + ansible.builtin.shell: ipa service-find "mysvc1/{{ server_fqdn }}" register: result failed_when: result.failed or result.stdout | regex_search(" Keytab. true") - name: Ensure service is disabled, with no keytab. ipaservice: ipaadmin_password: SomeADMINpassword - name: "mysvc1/{{ ansible_facts['fqdn'] }}" + name: "mysvc1/{{ server_fqdn }}" state: disabled register: result failed_when: result.changed or result.failed @@ -95,7 +102,7 @@ - name: Ensure service is absent ipaservice: ipaadmin_password: SomeADMINpassword - name: "mysvc1/{{ ansible_facts['fqdn'] }}" + name: "mysvc1/{{ server_fqdn }}" - name: Destroy Kerberos tickets. ansible.builtin.shell: kdestroy -A -q -c ${KRB5CCNAME}