Bug 1784514
| Summary: | [ansible-freeipa] Not able to modify "requires_pre_auth", "ok_to_auth_as_delegate" and "ok_as_delegate" variable in the host module | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Varun Mylaraiah <mvarun> |
| Component: | ansible-freeipa | Assignee: | Thomas Woerner <twoerner> |
| Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.2 | ||
| Target Milestone: | rc | ||
| Target Release: | 8.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ansible-freeipa-0.1.8-2.el8 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-04-28 16:01:56 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Here is the upstream PR: https://github.com/freeipa/ansible-freeipa/pull/201 Verified Manual execution console output: ================================ # rpm -q ansible-freeipa ansible-freeipa-0.1.8-3.el8.noarch ############ Test case-1 Test to verify that the bool parameters can be modified(requires-pre-auth, ok-as-delegate, and ok-to-auth-as-delegate is False) ############ [root@master ~]# ipa host-show host514a.ipadomain.test --all ipa: ERROR: host514a.ipadomain.test: host not found [root@ansible ~]# cat bz514_01.yaml --- - name: Playbook to handle hosts hosts: ipaserver become: true tasks: - ipahost: ipaadmin_password: <xxxxxxxxx> name: host514a.ipadomain.test description: Example host force: yes ok_to_auth_as_delegate: False ok_as_delegate: False requires_pre_auth: False [root@ansible ~]# ansible-playbook -vv -i inventory/server.hosts bz514_01.yaml ansible-playbook 2.9.5 config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.6/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.6.8 (default, Dec 5 2019, 15:45:45) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)] Using /etc/ansible/ansible.cfg as config file PLAYBOOK: bz514_01.yaml ********************************************************************************************** 1 plays in bz514_01.yaml PLAY [Playbook to handle hosts] ************************************************************************************** TASK [Gathering Facts] *********************************************************************************************** task path: /root/bz514_01.yaml:2 ok: [master.ipadomain.test] META: ran handlers TASK [ipahost] ******************************************************************************************************* task path: /root/bz514_01.yaml:7 changed: [master.ipadomain.test] => {"changed": true, "host": {}} META: ran handlers META: ran handlers PLAY RECAP *********************************************************************************************************** master.ipadomain.test : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 [root@master ~]# ipa host-show host514a.ipadomain.test --all dn: fqdn=host514a.ipadomain.test,cn=computers,cn=accounts,dc=ipadomain,dc=test Host name: host514a.ipadomain.test Description: Example host Principal name: host/host514a.ipadomain.test Principal alias: host/host514a.ipadomain.test Requires pre-authentication: False Trusted for delegation: False Trusted to authenticate as user: False Password: False Keytab: False Managed by: host514a.ipadomain.test Managing: host514a.ipadomain.test cn: host514a.ipadomain.test ipauniqueid: fd468c4c-5c5e-11ea-97d0-fa163e2d47e1 krbpwdpolicyreference: cn=Default Host Password Policy,cn=computers,cn=accounts,dc=ipadomain,dc=test krbticketflags: 0 objectclass: ipaobject, nshost, ipahost, pkiuser, ipaservice, krbprincipalaux, krbprincipal, ieee802device, ipasshhost, krbticketpolicyaux, top, ipaSshGroupOfPubKeys serverhostname: host514a ############ Test case-2 Test to verify that the bool parameters can be modified(requires-pre-auth, ok-as-delegate, and ok-to-auth-as-delegate is True) ############ [root@ansible ~]# cat bz514_02.yaml --- - name: Playbook to handle hosts hosts: ipaserver become: true tasks: - ipahost: ipaadmin_password: <xxxxxxxxx> name: host514a.ipadomain.test ok_to_auth_as_delegate: True ok_as_delegate: True requires_pre_auth: True [root@ansible ~]# ansible-playbook -vv -i inventory/server.hosts bz514_02.yaml ansible-playbook 2.9.5 config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.6/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.6.8 (default, Dec 5 2019, 15:45:45) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)] Using /etc/ansible/ansible.cfg as config file PLAYBOOK: bz514_02.yaml ********************************************************************************************** 1 plays in bz514_02.yaml PLAY [Playbook to handle hosts] ************************************************************************************** TASK [Gathering Facts] *********************************************************************************************** task path: /root/bz514_02.yaml:2 ok: [master.ipadomain.test] META: ran handlers TASK [ipahost] ******************************************************************************************************* task path: /root/bz514_02.yaml:7 changed: [master.ipadomain.test] => {"changed": true, "host": {}} META: ran handlers META: ran handlers PLAY RECAP *********************************************************************************************************** master.ipadomain.test : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 [root@master ~]# ipa host-show host514a.ipadomain.test --all dn: fqdn=host514a.ipadomain.test,cn=computers,cn=accounts,dc=ipadomain,dc=test Host name: host514a.ipadomain.test Description: Example host Principal name: host/host514a.ipadomain.test Principal alias: host/host514a.ipadomain.test Requires pre-authentication: True Trusted for delegation: True Trusted to authenticate as user: True Password: False Keytab: False Managed by: host514a.ipadomain.test Managing: host514a.ipadomain.test cn: host514a.ipadomain.test ipauniqueid: fd468c4c-5c5e-11ea-97d0-fa163e2d47e1 krbpwdpolicyreference: cn=Default Host Password Policy,cn=computers,cn=accounts,dc=ipadomain,dc=test krbticketflags: 3145856 objectclass: ipaobject, nshost, ipahost, pkiuser, ipaservice, krbprincipalaux, krbprincipal, ieee802device, ipasshhost, krbticketpolicyaux, top, ipaSshGroupOfPubKeys serverhostname: host514a Automated test console output: =============================== 2020-03-03T10:21:23 ansible_freeipa_tests/host_module.py::Testhost33_34::test_add_host_with_preauth_delegate_authdelegate_no 2020-03-03T10:21:23 [1m-------------------------------- live log call ---------------------------------[0m 2020-03-03T10:21:23 [pytest_multihost.host.Host.master.ParamikoTransport] [32mINFO[0m RUN ['ipactl', 'status'] 2020-03-03T10:21:26 [pytest_multihost.host.Host.master.ParamikoTransport] [32mINFO[0m RUN ['kinit', 'admin'] 2020-03-03T10:21:26 [pytest_multihost.host.Host.master.ParamikoTransport] [32mINFO[0m RUN ['ipa', 'host-find'] 2020-03-03T10:21:27 [pytest_multihost.host.Host.master.ParamikoTransport] [32mINFO[0m RUN ['kdestroy', '-A'] 2020-03-03T10:21:27 [pytest_multihost.host.Host.ansible.ParamikoTransport] [32mINFO[0m WRITE inventory/host.hosts 2020-03-03T10:21:27 [pytest_multihost.host.Host.ansible.ParamikoTransport] [32mINFO[0m PUT host_module.yml 2020-03-03T10:21:27 [pytest_multihost.host.Host.ansible.ParamikoTransport] [32mINFO[0m RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/host.hosts', 'host_module.yml'] 2020-03-03T10:21:32 [pytest_multihost.host.Host.master.ParamikoTransport] [32mINFO[0m RUN ['kinit', 'admin'] 2020-03-03T10:21:32 [pytest_multihost.host.Host.master.ParamikoTransport] [32mINFO[0m RUN ['ipa', 'host-show', 'myhost1784514.ipadomain.test', '--all'] 2020-03-03T10:21:33 [pytest_multihost.host.Host.master.ParamikoTransport] [32mINFO[0m RUN ['kdestroy', '-A'] 2020-03-03T10:21:33 [32mPASSED[0m[36m [ 83%][0m 2020-03-03T10:21:33 ansible_freeipa_tests/host_module.py::Testhost33_34::test_add_host_with_preauth_delegate_authdelegate_yes 2020-03-03T10:21:33 [1m-------------------------------- live log call ---------------------------------[0m 2020-03-03T10:21:33 [pytest_multihost.host.Host.ansible.ParamikoTransport] [32mINFO[0m WRITE inventory/host.hosts 2020-03-03T10:21:33 [pytest_multihost.host.Host.ansible.ParamikoTransport] [32mINFO[0m PUT host_module.yml 2020-03-03T10:21:33 [pytest_multihost.host.Host.ansible.ParamikoTransport] [32mINFO[0m RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/host.hosts', 'host_module.yml'] 2020-03-03T10:21:39 [pytest_multihost.host.Host.master.ParamikoTransport] [32mINFO[0m RUN ['kinit', 'admin'] 2020-03-03T10:21:39 [pytest_multihost.host.Host.master.ParamikoTransport] [32mINFO[0m RUN ['ipa', 'host-show', 'myhost1784514.ipadomain.test', '--all'] 2020-03-03T10:21:40 [pytest_multihost.host.Host.master.ParamikoTransport] [32mINFO[0m RUN ['kdestroy', '-A'] 2020-03-03T10:21:40 [32mPASSED[0m[36m [100%][0m Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:1705 |
Description of problem: "requires_pre_auth", "ok_as_delegate", and "ok_to_auth_as_delegate" variable are not working on existing host in the host module Version-Release number of selected component (if applicable): ansible-freeipa-0.1.7-1.el8.noarch Steps to Reproduce: Observe this error with the below playbook. fatal: [master.ipadomain.test]: FAILED! => {"changed": false, "msg": "'bool' object is not iterable"} Playbook-1 ########### # cat addhost2.yaml --- - name: Playbook to handle hosts hosts: ipaserver become: true tasks: - ipahost: ipaadmin_password: <xxxxxxxxx> name: host14.ipadomain.test description: Example host ok_to_auth_as_delegate: False Playbook-2 ########### # cat addhost2.yaml --- - name: Playbook to handle hosts hosts: ipaserver become: true tasks: - ipahost: ipaadmin_password: <xxxxxxxxx> name: host14.ipadomain.test description: Example host ok_as_delegate: False Playbook-3 ########### # cat addhost2.yaml --- - name: Playbook to handle hosts hosts: ipaserver become: true tasks: - ipahost: ipaadmin_password: <xxxxxxxxx> name: host14.ipadomain.test description: Example host requires_pre_auth: False Playbook-4 ########### # cat addhost2.yaml --- - name: Playbook to handle hosts hosts: ipaserver become: true tasks: - ipahost: ipaadmin_password: <xxxxxxxxx> name: host14.ipadomain.test description: Example host requires_pre_auth: False ok_as_delegate: False ok_to_auth_as_delegate: False Expected results: should accept changes Additional info: Command-line output =================== [root@master ~]# ipa host-mod hosta1.ipadomain.test --ok-as-delegate=True --ok-to-auth-as-delegate=True --requires-pre-auth=True ------------------------------------- Modified host "hosta1.ipadomain.test" ------------------------------------- Host name: hosta1.ipadomain.test Principal name: host/hosta1.ipadomain.test Principal alias: host/hosta1.ipadomain.test Requires pre-authentication: True Trusted for delegation: True Trusted to authenticate as user: True Password: False Keytab: False Managed by: hosta1.ipadomain.test [root@master ~]# ipa host-mod hosta1.ipadomain.test --ok-as-delegate=False --ok-to-auth-as-delegate=False --requires-pre-auth=False ------------------------------------- Modified host "hosta1.ipadomain.test" ------------------------------------- Host name: hosta1.ipadomain.test Principal name: host/hosta1.ipadomain.test Principal alias: host/hosta1.ipadomain.test Requires pre-authentication: False Trusted for delegation: False Trusted to authenticate as user: False Password: False Keytab: False Managed by: hosta1.ipadomain.test