diff --git a/playbooks/service/service-host-is-absent.yml b/playbooks/service/service-host-is-absent.yml
index 5963340f3447aa83c8569fb905381cc7d4b84e7c..5b3fbcbb75714b9b134399b7dc1587f135985d18 100644
--- a/playbooks/service/service-host-is-absent.yml
+++ b/playbooks/service/service-host-is-absent.yml
@@ -7,7 +7,7 @@
tasks:
# Ensure management host is absent.
- ipaservice:
- ipaadmin_password: MyPassword123
+ ipaadmin_password: SomeADMINpassword
name: HTTP/www.example.com
host: "{{ groups.ipaserver[0] }}"
action: member
diff --git a/playbooks/service/service-host-is-present.yml b/playbooks/service/service-host-is-present.yml
index 2460051ebf793ab6e357cf24cd02499c1aaeb777..46f5bb6f245745fbf9c2f521ba88c8f4df0084a0 100644
--- a/playbooks/service/service-host-is-present.yml
+++ b/playbooks/service/service-host-is-present.yml
@@ -7,7 +7,7 @@
tasks:
# Ensure management host is present.
- ipaservice:
- ipaadmin_password: MyPassword123
+ ipaadmin_password: SomeADMINpassword
name: HTTP/www.example.com
host: "{{ groups.ipaserver[0] }}"
action: member
diff --git a/playbooks/service/service-is-absent.yml b/playbooks/service/service-is-absent.yml
index fe65771ef893048fcc888adb4f0ca226026acaac..7fd138c092f0d0a0cb1e4ddcd127d86ea3b61dda 100644
--- a/playbooks/service/service-is-absent.yml
+++ b/playbooks/service/service-is-absent.yml
@@ -7,6 +7,6 @@
tasks:
# Ensure service is absent
- ipaservice:
- ipaadmin_password: MyPassword123
+ ipaadmin_password: SomeADMINpassword
name: HTTP/www.example.com
state: absent
diff --git a/playbooks/service/service-is-disabled.yml b/playbooks/service/service-is-disabled.yml
index 2bf01fb156aa88ba0a3f9d8ded7ea084ccc06f9d..b21e19298b833646353e708e411814068c4a3aae 100644
--- a/playbooks/service/service-is-disabled.yml
+++ b/playbooks/service/service-is-disabled.yml
@@ -7,6 +7,6 @@
tasks:
# Ensure service is disabled
- ipaservice:
- ipaadmin_password: MyPassword123
+ ipaadmin_password: SomeADMINpassword
name: HTTP/www.example.com
state: disabled
diff --git a/playbooks/service/service-is-present-with-all-attributes.yml b/playbooks/service/service-is-present-with-all-attributes.yml
index f7e59ebca7ad8082befb552d5b3e06ba433dab78..a7494cc8668e76ee12fd5cc0d413a84da3d8f36c 100644
--- a/playbooks/service/service-is-present-with-all-attributes.yml
+++ b/playbooks/service/service-is-present-with-all-attributes.yml
@@ -7,7 +7,7 @@
tasks:
# Ensure service is present
- ipaservice:
- ipaadmin_password: MyPassword123
+ ipaadmin_password: SomeADMINpassword
name: HTTP/www.example.com
certificate:
- MIICBjCCAW8CFHnm32VcXaUDGfEGdDL/erPSijUAMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQwHhcNMjAwMTIzMDA1NjQ2WhcNMjEwMTIyMDA1NjQ2WjBCMQswCQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYrdVmsr7iT3f67DM5bb1osSEe5/c91UUMEIcFq5wrgBhzVfs8iIMDVC1yiUGTsDLJNJc4nb1tUxeR9K5fh25E6n/eWDBP75NStotjAXRU4Ahi3FNRhWFOKesds5xNqgDk5/dY8UekJv2yUblQuZzeF8b2XFrmHuCaYuFctzPfWwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBACF+5RS8Ce0HRixGPu4Xd51i+Kzblg++lx8fDJ8GW5G16/Z1AsB72Hc7etJL2PksHlue/xCq6SA9fIfHc4TBNCiWjPSP1NhHJeYyoPiSkcYsqXuxWyoyRLbnAhBVvhoiqZbUt3u3tGB0uMMA0yJvj07mP7Nea2KdBYVH8X1pM0V+
diff --git a/playbooks/service/service-is-present-with-host-force.yml b/playbooks/service/service-is-present-with-host-force.yml
index 2268ea8f402afc815df7fe978177ee3d93f6c3eb..a02fa7c2461d0a6d9dc91eeada2b67395a447bc2 100644
--- a/playbooks/service/service-is-present-with-host-force.yml
+++ b/playbooks/service/service-is-present-with-host-force.yml
@@ -7,7 +7,7 @@
tasks:
# Ensure service is present
- ipaservice:
- ipaadmin_password: MyPassword123
+ ipaadmin_password: SomeADMINpassword
name: HTTP/ihavenodns.info
force: yes
# state: absent
diff --git a/playbooks/service/service-is-present-without-host-object.yml b/playbooks/service/service-is-present-without-host-object.yml
index ddf72b8e24ad6a57e564fe2c4321487c77c2955c..2496177a16d59db7baf5b1043240eae470ce0070 100644
--- a/playbooks/service/service-is-present-without-host-object.yml
+++ b/playbooks/service/service-is-present-without-host-object.yml
@@ -7,6 +7,6 @@
tasks:
# Ensure service is present
- ipaservice:
- ipaadmin_password: MyPassword123
+ ipaadmin_password: SomeADMINpassword
name: HTTP/www.ansible.com
skip_host_check: yes
diff --git a/playbooks/service/service-is-present.yml b/playbooks/service/service-is-present.yml
index 06e883431b13f6b3e275f7117387725eac68f703..e2c492741e3708b064cfe1090e498e771b026b87 100644
--- a/playbooks/service/service-is-present.yml
+++ b/playbooks/service/service-is-present.yml
@@ -7,5 +7,5 @@
tasks:
# Ensure service is present
- ipaservice:
- ipaadmin_password: MyPassword123
+ ipaadmin_password: SomeADMINpassword
name: HTTP/www.example.com
diff --git a/playbooks/service/service-member-allow_create_keytab-absent.yml b/playbooks/service/service-member-allow_create_keytab-absent.yml
index d4a15ea4828753242d5527e52e2db4b7ebd5b15a..5db45defe880d7f52a7c5b310d0297fde30d82c2 100644
--- a/playbooks/service/service-member-allow_create_keytab-absent.yml
+++ b/playbooks/service/service-member-allow_create_keytab-absent.yml
@@ -6,7 +6,7 @@
tasks:
- name: Service HTTP/www.example.com members allow_create_keytab absent for users, groups, hosts and hostgroups
ipaservice:
- ipaadmin_password: MyPassword123
+ ipaadmin_password: SomeADMINpassword
name: HTTP/www.example.com
allow_create_keytab_user:
- user01
diff --git a/playbooks/service/service-member-allow_create_keytab-present.yml b/playbooks/service/service-member-allow_create_keytab-present.yml
index b28b6dc23a89e061eaa267426543746c1938f2d4..a1f6928f2973676261c9341d1cdb965211f3b744 100644
--- a/playbooks/service/service-member-allow_create_keytab-present.yml
+++ b/playbooks/service/service-member-allow_create_keytab-present.yml
@@ -6,7 +6,7 @@
tasks:
- name: Service HTTP/www.example.com members allow_create_keytab present for users, groups, hosts and hostgroups
ipaservice:
- ipaadmin_password: MyPassword123
+ ipaadmin_password: SomeADMINpassword
name: HTTP/www.example.com
allow_create_keytab_user:
- user01
diff --git a/playbooks/service/service-member-allow_retrieve_keytab-absent.yml b/playbooks/service/service-member-allow_retrieve_keytab-absent.yml
index ceada70e5ee1b75e80f6fde05298fa28852902e2..92c80a6060eb6d38a00d9aa7a60eb38a8c5cbf55 100644
--- a/playbooks/service/service-member-allow_retrieve_keytab-absent.yml
+++ b/playbooks/service/service-member-allow_retrieve_keytab-absent.yml
@@ -6,7 +6,7 @@
tasks:
- name: Service HTTP/www.example.com members allow_retrieve_keytab absent for users, groups, hosts and hostgroups
ipaservice:
- ipaadmin_password: MyPassword123
+ ipaadmin_password: SomeADMINpassword
name: HTTP/www.example.com
allow_retrieve_keytab_user:
- user01
diff --git a/playbooks/service/service-member-allow_retrieve_keytab-present.yml b/playbooks/service/service-member-allow_retrieve_keytab-present.yml
index ac98904b32b2ec3e58ab2d9366d76e7177cad28e..b87834ad82863b8cc56786f7a1e20047b74efc6e 100644
--- a/playbooks/service/service-member-allow_retrieve_keytab-present.yml
+++ b/playbooks/service/service-member-allow_retrieve_keytab-present.yml
@@ -6,7 +6,7 @@
tasks:
- name: Service HTTP/www.example.com members allow_retrieve_keytab present for users, groups, hosts and hostgroups
ipaservice:
- ipaadmin_password: MyPassword123
+ ipaadmin_password: SomeADMINpassword
name: HTTP/www.example.com
allow_retrieve_keytab_user:
- user01
diff --git a/playbooks/service/service-member-certificate-absent.yml b/playbooks/service/service-member-certificate-absent.yml
index 57b71e5eda70c4cc8fffcf3cd93b0c314620ab12..bb4092b91ce6e3361f2d54dab06d7bf9190a46ce 100644
--- a/playbooks/service/service-member-certificate-absent.yml
+++ b/playbooks/service/service-member-certificate-absent.yml
@@ -7,7 +7,7 @@
tasks:
# Ensure service certificate is absent
- ipaservice:
- ipaadmin_password: MyPassword123
+ ipaadmin_password: SomeADMINpassword
name: HTTP/www.example.com
certificate:
diff --git a/playbooks/service/service-member-certificate-present.yml b/playbooks/service/service-member-certificate-present.yml
index bfa01d055d1e5efd8b88422a7b9000469782cc7a..025d0aa3f23b3bedc7889fcea6ae4f6ebf36f8f8 100644
--- a/playbooks/service/service-member-certificate-present.yml
+++ b/playbooks/service/service-member-certificate-present.yml
@@ -7,7 +7,7 @@
tasks:
# Ensure service certificate is present
- ipaservice:
- ipaadmin_password: MyPassword123
+ ipaadmin_password: SomeADMINpassword
name: HTTP/www.example.com
certificate:
- MIICBjCCAW8CFHnm32VcXaUDGfEGdDL/erPSijUAMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQwHhcNMjAwMTIzMDA1NjQ2WhcNMjEwMTIyMDA1NjQ2WjBCMQswCQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYrdVmsr7iT3f67DM5bb1osSEe5/c91UUMEIcFq5wrgBhzVfs8iIMDVC1yiUGTsDLJNJc4nb1tUxeR9K5fh25E6n/eWDBP75NStotjAXRU4Ahi3FNRhWFOKesds5xNqgDk5/dY8UekJv2yUblQuZzeF8b2XFrmHuCaYuFctzPfWwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBACF+5RS8Ce0HRixGPu4Xd51i+Kzblg++lx8fDJ8GW5G16/Z1AsB72Hc7etJL2PksHlue/xCq6SA9fIfHc4TBNCiWjPSP1NhHJeYyoPiSkcYsqXuxWyoyRLbnAhBVvhoiqZbUt3u3tGB0uMMA0yJvj07mP7Nea2KdBYVH8X1pM0V+
diff --git a/playbooks/service/service-member-principal-absent.yml b/playbooks/service/service-member-principal-absent.yml
index 6bfb168c4f8233384a1c8cdaea9f492c53b10c9c..df6a9a8348044e08e83e5a864a04b9a68613430c 100644
--- a/playbooks/service/service-member-principal-absent.yml
+++ b/playbooks/service/service-member-principal-absent.yml
@@ -6,7 +6,7 @@
tasks:
- name: Service HTTP/www.exmaple.com member principals host/test.exmaple.com absent
ipaservice:
- ipaadmin_password: MyPassword123
+ ipaadmin_password: SomeADMINpassword
name: HTTP/www.example.com
principal:
- host/test.exmaple.com
diff --git a/playbooks/service/service-member-principal-present.yml b/playbooks/service/service-member-principal-present.yml
index aa94f32e896e568076a2ae017aaac8f224cde09d..e55902b2878bec391583f328185e9f56ad3e50e4 100644
--- a/playbooks/service/service-member-principal-present.yml
+++ b/playbooks/service/service-member-principal-present.yml
@@ -6,7 +6,7 @@
tasks:
- name: Service HTTP/www.exmaple.com member principals host/test.exmaple.com present
ipaservice:
- ipaadmin_password: MyPassword123
+ ipaadmin_password: SomeADMINpassword
name: HTTP/www.example.com
principal:
- host/test.exmaple.com
diff --git a/tests/service/test_service.yml b/tests/service/test_service.yml
index 78e353f5fe763ced69584c5d87ecbd9f1780dd04..26f509efa619ff23053dd66b77adf78b9e2a14f1 100644
--- a/tests/service/test_service.yml
+++ b/tests/service/test_service.yml
@@ -4,7 +4,7 @@
# To test against earlier versions, use test_without_skip_host_check.yml.
#
# This test define 6 hosts:
-# - www.ansible.com: a host with a DNS setup (external), not present in IPA
+# - nohost_fqdn: a host with a DNS setup, not enrolled as a host in IPA.
# - no.idontexist.info: a host without DNS and not present in IPA.
# - svc.ihavenodns.inf: a host without DNS, but present in IPA.
# - svc_fqdn: a host with DNS and present in IPA.
@@ -27,12 +27,21 @@
host1_fqdn: "{{ 'host1.' + ipaserver_domain }}"
host2_fqdn: "{{ 'host2.' + ipaserver_domain }}"
svc_fqdn: "{{ 'svc.' + ipaserver_domain }}"
+ nohost_fqdn: "{{ 'nohost.' + ipaserver_domain }}"
+
+ - name: Remove IP address for "nohost" host.
+ ipadnsrecord:
+ ipaadmin_password: SomeADMINpassword
+ zone_name: "{{ ipaserver_domain }}"
+ name: nohost
+ del_all: yes
+ state: absent
- name: Host absent
ipahost:
ipaadmin_password: SomeADMINpassword
name:
- - www.ansible.com
+ - "{{ nohost_fqdn }}"
- no.idontexist.info
- svc.ihavenodns.info
- "{{ host1_fqdn }}"
@@ -46,13 +55,19 @@
ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] |
join('.') }}"
+ - name: Add IP address for "nohost" host.
+ ipadnsrecord:
+ ipaadmin_password: SomeADMINpassword
+ zone_name: "{{ ipaserver_domain }}"
+ name: nohost
+ a_ip_address: "{{ ipv4_prefix + '.100' }}"
+
- name: Add hosts for tests.
ipahost:
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
ip_address: "{{ ipv4_prefix + '.101' }}"
- force: yes
- name: "{{ host2_fqdn }}"
ip_address: "{{ ipv4_prefix + '.102' }}"
force: yes
@@ -101,7 +116,7 @@
ipaadmin_password: SomeADMINpassword
name:
- "HTTP/{{ svc_fqdn }}"
- - HTTP/www.ansible.com
+ - "HTTP/{{ nohost_fqdn }}"
- HTTP/svc.ihavenodns.info
- HTTP/no.idontexist.info
state: absent
@@ -162,7 +177,7 @@
- name: Ensure service is present, without host object.
ipaservice:
ipaadmin_password: SomeADMINpassword
- name: HTTP/www.ansible.com
+ name: "HTTP/{{ nohost_fqdn }}"
skip_host_check: yes
register: result
failed_when: not result.changed
@@ -170,7 +185,7 @@
- name: Ensure service is present, without host object, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
- name: HTTP/www.ansible.com
+ name: "HTTP/{{ nohost_fqdn }}"
skip_host_check: yes
register: result
failed_when: result.changed
@@ -523,7 +538,7 @@
ipaadmin_password: SomeADMINpassword
name:
- "HTTP/{{ svc_fqdn }}"
- - HTTP/www.ansible.com
+ - "HTTP/{{ nohost_fqdn }}"
- HTTP/svc.ihavenodns.info
- HTTP/no.idontexist.local
continue: yes
@@ -536,7 +551,7 @@
ipaadmin_password: SomeADMINpassword
name:
- "HTTP/{{ svc_fqdn }}"
- - HTTP/www.ansible.com
+ - "HTTP/{{ nohost_fqdn }}"
- HTTP/svc.ihavenodns.info
- HTTP/no.idontexist.local
continue: yes
@@ -585,7 +600,7 @@
ipaadmin_password: SomeADMINpassword
name:
- "HTTP/{{ svc_fqdn }}"
- - HTTP/www.ansible.com
+ - "HTTP/{{ nohost_fqdn }}"
- HTTP/svc.ihavenodns.info
- HTTP/no.idontexist.local
- "cifs/{{ host1_fqdn }}"
@@ -604,7 +619,7 @@
name:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
- - www.ansible.com
+ - "{{ nohost_fqdn }}"
- svc.ihavenodns.info
update_dns: no
state: absent
@@ -638,3 +653,11 @@
name:
- hostgroup02
state: absent
+
+ - name: Remove IP address for "nohost" host.
+ ipadnsrecord:
+ ipaadmin_password: SomeADMINpassword
+ zone_name: "{{ ipaserver_domain }}"
+ name: nohost
+ del_all: yes
+ state: absent
diff --git a/tests/service/test_service_disable.yml b/tests/service/test_service_disable.yml
index e8f281b15f4bc1af5de291da5ea821e2a27a4a46..e96b920273c69d1bb4bcba5119995728324a2b82 100644
--- a/tests/service/test_service_disable.yml
+++ b/tests/service/test_service_disable.yml
@@ -74,6 +74,14 @@
register: result
failed_when: result.failed or result.stdout | regex_search(" Keytab. true")
+ - name: Ensure service is disabled, with no keytab.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "mysvc1/{{ ansible_fqdn }}"
+ state: disabled
+ register: result
+ failed_when: result.changed
+
- name: Ensure service is absent
ipaservice:
ipaadmin_password: SomeADMINpassword