x
/
tripleo-ipa
Code Issues Proposed changes

Merge "Add_ipa_user.yml: Adds logical to concatenate services with role" into stable/wallaby

This commit is contained in:
Zuul 2022-08-08 09:05:35 +00:00 committed by Gerrit Code Review
parent 89465c1aec c1508c6d51
commit 8cf247001b
5 changed files with 125 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
tripleo_ipa/molecule/default/converge.yml
View File

@ -15,7 +15,7 @@
# under the License.
- name: Setup server
hosts: all
hosts: centos8
vars:
ipa_domain: example.test
ipa_server_ip: 10.88.0.22
@ -27,6 +27,7 @@
- name: install python urllib gssapi
pip:
name: urllib_gssapi
- name: install ipa client
package:
name: ipa-client
@ -38,15 +39,25 @@
stdin: |
search {{ ipa_domain }}
nameserver {{ ipa_server_ip }}
- name: Set fqdn in /etc/hosts
shell:
cmd: cat > /etc/hosts
- name: Set fqdn in /etc/hosts
shell:
cmd: cat > /etc/hosts
stdin: |
127.0.0.1 test-0.example.test test-0 localhost localhost.localdomain
- name: check FreeIPA LDAP port is open
wait_for:
host=ipa.example.test
port=389
delay=1
timeout=300
ignore_errors: true
- name: enroll the server as an ipa client using admin creds
shell: |
ipa-client-install -U \
@ -79,8 +90,79 @@
IPA_HOST: "{{ ipa_server_hostname }}"
IPA_PASS: "{{ ipa_server_password }}"
- name: Setup dummy server
hosts: centos8-dummy
vars:
ipa_domain: example.test
ipa_server_ip: 10.88.0.22
ipa_server_user: admin
ipa_server_password: password123
ipa_server_hostname: ipa.example.test
undercloud_fqdn: dummy.example.test
tasks:
- name: install python urllib gssapi
pip:
name: urllib_gssapi
- name: install ipa client
package:
name: ipa-client
state: present
- name: set resolv.conf to point to the ipa server
shell:
cmd: cat > /etc/resolv.conf
stdin: |
search {{ ipa_domain }}
nameserver {{ ipa_server_ip }}
- name: Set fqdn in /etc/hosts
shell:
cmd: cat > /etc/hosts
- name: Set fqdn in /etc/hosts
shell:
cmd: cat > /etc/hosts
stdin: |
127.0.0.1 dummy.example.test dummy localhost localhost.localdomain
- name: enroll the server as an ipa client using admin creds
shell: |
ipa-client-install -U \
--server "{{ ipa_server_hostname }}" \
--domain "{{ ipa_domain }}" \
--realm "{{ ipa_domain | upper }}" \
--principal "{{ ipa_server_user }}" \
--password "{{ ipa_server_password }}" \
--no-ntp --force-join --no-nisdomain --debug
args:
creates: /etc/ipa/default.conf
# we need this keytab for operations that we cannot do yet with ansible
- name: kinit to get admin creds
command: kinit "{{ ipa_server_user }}"
args:
stdin: "{{ ipa_server_password }}"
- name: Ensure "tripleo-admin" group exists
group:
name: tripleo-admin
state: present
- name: create users, perms, get keytab
include_role:
name: tripleo_ipa_setup
apply:
environment:
IPA_USER: "{{ ipa_server_user }}"
IPA_HOST: "{{ ipa_server_hostname }}"
IPA_PASS: "{{ ipa_server_password }}"
- name: Converge - add host and relevant services
hosts: all
hosts: centos8
vars:
tripleo_ipa_enroll_base_server: true
tripleo_ipa_base_server_fqdn: test-0.example.test
@ -144,7 +226,7 @@
- name: Converge - add dns entries
hosts: all
hosts: centos8
vars:
cloud_domain: ooo.test
hosts_entry:

18
tripleo_ipa/molecule/default/molecule.yml
View File

@ -22,6 +22,22 @@ platforms:
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
- name: centos8-dummy
hostname: dummy.example.test
image: centos/centos:stream8
registry:
url: quay.io
command: /sbin/init
tmpfs:
- /run
- /tmp
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
dockerfile: Dockerfile
network_mode: host
environment: *env
provisioner:
name: ansible
log: true
@ -36,6 +52,8 @@ provisioner:
hosts:
centos8:
ansible_python_interpreter: /usr/bin/python3
centos8-dummy:
ansible_python_interpreter: /usr/bin/python3
scenario:
test_sequence:

4
tripleo_ipa/molecule/default/tests/test_default.py
View File

@ -7,7 +7,7 @@ import testinfra.utils.ansible_runner
inventory = os.environ['MOLECULE_INVENTORY_FILE']
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
inventory).get_hosts('all')
inventory).get_hosts('centos8')
def setup_module(module):
@ -121,7 +121,7 @@ def test_role(host):
assert 'Role name: {}'.format(role) in result
assert 'Description: {}'.format(role) in result
assert 'Privileges: {}'.format(pri) in result
assert 'Member services: nova/test-0.example.test@EXAMPLE.TEST' in result
assert 'Member services: nova/test-0.example.test@EXAMPLE.TEST, nova/dummy.example.test@EXAMPLE.TEST' in result
@pytest.mark.parametrize('name', [

2
tripleo_ipa/molecule/default/verify.yml
View File

@ -2,7 +2,7 @@
# This is an example playbook to execute Ansible tests.
- name: Verify
hosts: all
hosts: centos8
tasks:
- name: Example assertion
assert:

21
tripleo_ipa/roles/tripleo_ipa_setup/tasks/add_ipa_user.yml
View File

@ -29,11 +29,28 @@
state: present
force: true
# TODO(dsedgmen): remove when community ipa modules are replaced with ansible-freeipa
# From looking at the ansible-freeipa modules they take into account exsisting
# services assigned to the role
# https://review.opendev.org/c/x/tripleo-ipa/+/771065
- name: get current list of services assigned role Nova Host Manager
ipa_role:
name: Nova Host Manager
register: services_roles
# TODO(dsedgmen): remove when community ipa modules are replaced with ansible-freeipa
# From looking at the ansible-freeipa modules they take into account exsisting
# services assigned to the role
# https://review.opendev.org/c/x/tripleo-ipa/+/771065
- name: create list of services for role
set_fact:
nova_service: "{{ [ nova_service ] + services_roles.role.member_service }}"
when: services_roles.role.member_service is defined
- name: add Nova Host Manager role
ipa_role:
name: Nova Host Manager
description: Nova Host Manager
privilege:
- Nova Host Management
service:
- "{{ nova_service }}"
service: "{{ nova_service }}"