Skip to content

WIP: Ansible playground #1368

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 7 commits into
base: master
Choose a base branch
from
Draft

Conversation

rjeffman
Copy link
Member

@rjeffman rjeffman commented Jun 9, 2025

Run tests against ansible-core 2.19 beta release.

Summary by Sourcery

Update CI and uninstall tasks to support ansible-core 2.19 beta and ensure tests run

Enhancements:

  • Add a check-mode task to verify IPA server packages are installed before executing the uninstall routine

CI:

  • Bump Azure Pipelines ansible-core version to 2.19.0b5 for both ansible_version and ansible_latest variables

Tests:

  • Add a "Force tests to run: TRUE" marker in ansible_freeipa_module to ensure test execution

rjeffman added 2 commits June 6, 2025 10:24
SSSD 2.10+ runs under non-privileged user 'sssd' and relies on system
capabilities to get access to certain resources like /etc/krb5.keytab.
Not having these capabilities result in SSSD not starting.

Podman has reduced the capabilities granted to containers, and to be
able to start SSSD it is needed to add DAC_READ_SEARCH back.

See:  containers/podman#24904 (comment)

Signed-off-by: Rafael Guterres Jeffman <[email protected]>
When running ipaserver role with 'state: absent' and packages are not
installed, uninstallation fails trying to execute 'ipa-server-install
--uninstall' as the command is not available.

As user is user is trying to remove a server that does not exist, no
error should be raised, as the state is already satisfied.

Signed-off-by: Rafael Guterres Jeffman <[email protected]>
@rjeffman rjeffman added the DRAFT label Jun 9, 2025
@rjeffman rjeffman force-pushed the ansible_playground branch from 9a982ac to 714df50 Compare June 9, 2025 18:13
rjeffman added 4 commits June 12, 2025 15:28
In ansible-core 2.19, when clauses (when, failed_when, etc) do not
convert values to bool automatically, also, templating with "|bool" does
not work too, so an actual value comparison is required.

Signed-off-by: Rafael Guterres Jeffman <[email protected]>
In ansible-core, templates and expressions must use trusted sources,
such as playbooks or roles, and module results are considered untrusted
sources.

Signed-off-by: Rafael Guterres Jeffman <[email protected]>
As ansible-core 2.19 'upper' and 'lower' filters make lists into strings
and these strings are not interpreted as lists when running the plugins,
it is needed to use 'map(<filter>)' to apply the filter to all entries
of a list.

Signed-off-by: Rafael Guterres Jeffman <[email protected]>
In ansible-core 2.19 there's no automatic coersion from None or empty
strings to the boolean value "false", so we need to compare the result
of the filter 'regex_search' to 'None' and the empty string to evaluate
if any match occurred.

In fixing this issue, it was found that the tests were incorrectly
evaluating the results, and the comparisons were fixed.

Signed-off-by: Rafael Guterres Jeffman <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant