Modified for ipa test run

Signed-off-by: Sudhir Menon <[email protected]>
menonsudhir · Feb 15, 2024 · 8cdd23f · 8cdd23f
1 parent 4931a99
commit 8cdd23f
Show file tree

Hide file tree

Showing 13 changed files with 12 additions and 311 deletions.
diff --git a/Makefile b/Makefile
@@ -23,7 +23,6 @@ stop:
 
 down:
 	docker-compose -f docker-compose.yml \
-	-f docker-compose.keycloak.yml \
 	-f docker-compose.passkey.yml down
 
 update:

diff --git a/docker-compose.keycloak.yml b/docker-compose.keycloak.yml
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -39,53 +39,10 @@ services:
     networks:
       sssd:
         ipv4_address: 172.16.100.10
-  ldap:
-    image: ${REGISTRY}/ci-ldap:${TAG}
-    container_name: ldap
-    hostname: master.ldap.test
-    dns: 172.16.100.2
-    env_file: ./env.containers
-    volumes:
-    - ./shared:/shared:rw
-    cap_add:
-    - SYS_PTRACE
-    - AUDIT_WRITE
-    - AUDIT_CONTROL
-    - SYS_CHROOT
-    - NET_ADMIN
-    security_opt:
-    - apparmor=unconfined
-    - label=disable
-    - seccomp=unconfined
-    networks:
-      sssd:
-        ipv4_address: 172.16.100.20
-  samba:
-    image: ${REGISTRY}/ci-samba:${TAG}
-    container_name: samba
-    hostname: dc.samba.test
-    dns: 172.16.100.2
-    env_file: ./env.containers
-    volumes:
-    - ./shared:/shared:rw
-    cap_add:
-    - SYS_ADMIN
-    - SYS_PTRACE
-    - AUDIT_WRITE
-    - AUDIT_CONTROL
-    - SYS_CHROOT
-    - NET_ADMIN
-    security_opt:
-    - apparmor=unconfined
-    - label=disable
-    - seccomp=unconfined
-    networks:
-      sssd:
-        ipv4_address: 172.16.100.30
   client:
     image: ${REGISTRY}/ci-client:${TAG}
     container_name: client
-    hostname: client.test
+    hostname: client.ipa.test
     dns: 172.16.100.2
     env_file: ./env.containers
     volumes:
@@ -104,53 +61,7 @@ services:
     - seccomp=unconfined
     networks:
       sssd:
-        ipv4_address: 172.16.100.40
-  nfs:
-    image: ${REGISTRY}/ci-nfs:${TAG}
-    container_name: nfs
-    hostname: nfs.test
-    dns: 172.16.100.2
-    env_file: ./env.containers
-    volumes:
-    - ./shared:/shared:rw
-    - ./exports:/exports:rw
-    cap_add:
-    - SYS_ADMIN
-    - SYS_PTRACE
-    - AUDIT_WRITE
-    - AUDIT_CONTROL
-    - SYS_CHROOT
-    - NET_ADMIN
-    security_opt:
-    - apparmor=unconfined
-    - label=disable
-    - seccomp=unconfined
-    networks:
-      sssd:
-        ipv4_address: 172.16.100.50
-  kdc:
-    image: ${REGISTRY}/ci-kdc:${TAG}
-    container_name: kdc
-    hostname: kdc.test
-    dns: 172.16.100.2
-    env_file: ./env.containers
-    volumes:
-    - ./shared:/shared:rw
-    - ./exports:/exports:rw
-    cap_add:
-    - SYS_ADMIN
-    - SYS_PTRACE
-    - AUDIT_WRITE
-    - AUDIT_CONTROL
-    - SYS_CHROOT
-    - NET_ADMIN
-    security_opt:
-    - apparmor=unconfined
-    - label=disable
-    - seccomp=unconfined
-    networks:
-      sssd:
-        ipv4_address: 172.16.100.60
+        ipv4_address: 172.16.100.20
 networks:
   sssd:
     name: sssd-ci

diff --git a/env.example b/env.example
@@ -1,4 +1,4 @@
 # This is the docker-compose environment file.
 # Copy it to .env or use --env-file=env.example on docker-compose command.
 REGISTRY=quay.io/sssd
-TAG=latest
+TAG=fedora-39
diff --git a/src/ansible/group_vars/all b/src/ansible/group_vars/all
@@ -6,43 +6,10 @@ service: {
     netbios: 'IPA',
     password: 'Secret123'
   },
-  ldap: {
-    domain: 'ldap.test',
-    hostname: 'master',
-    fqn: 'master.ldap.test',
-    suffix: 'dc=ldap,dc=test',
-    bind: {
-      dn: 'cn=Directory Manager',
-      password: 'Secret123'
-    }
-  },
-  samba: {
-    netbios: SAMBA,
-    domain: samba.test,
-    password: Secret123
-  },
   client: {
-    domain: 'client.test',
-    fqn: 'client.test'
+    domain: 'client.ipa.test',
+    fqn: 'client.ipa.test'
   },
-  kdc: {
-    realm: TEST,
-    domain: test,
-    fqn: kdc.test,
-    master_password: Secret123
-  },
-  keycloak: {
-    domain: keycloak.test,
-    fqn: master.keycloak.test,
-    admin_password: Secret123
-  },
-  ad: {
-    domain: ad.test,
-    hostname: 'dc',
-    netbios: AD,
-    safe_password: Secret123,
-    suffix: 'dc=ad,dc=test'
-  }
 }
 
 user_regular_uid: 1000
@@ -58,20 +25,14 @@ user: {
 }
 
 freeipa_packages: {
-    server: [ freeipa-server, freeipa-server-dns, freeipa-server-trust-ad ],
+    server: [ freeipa-server, freeipa-server-dns ],
     client: [ freeipa-client, ]
 }
 
 ipa_packages: {
-    server: [ ipa-server-dns, ipa-server, ipa-server-trust-ad ],
+    server: [ ipa-server-dns, ipa-server ],
     client: [ ipa-client, ]
 }
 
-join_samba: yes
 join_ipa: yes
-join_ldap: yes
-join_ad: no
-trust_ipa_samba: yes
-trust_ipa_ad: no
-trust_ipa_ad_two_way: no
 extended_packageset: yes
diff --git a/src/ansible/inventory.yml b/src/ansible/inventory.yml
@@ -14,30 +14,6 @@ all:
         base_ipa:
           hosts:
             base-ipa
-        base_ldap:
-          hosts:
-            base-ldap
-        base_samba:
-          hosts:
-            base-samba
-        base_nfs:
-          hosts:
-            base-nfs
-        base_kdc:
-          hosts:
-            base-kdc
-        base_keycloak:
-          hosts:
-            base-keycloak
-        base_ground:
-          hosts:
-            base-ground
-        client_devel:
-          hosts:
-            client-devel
-        ipa_devel:
-          hosts:
-            ipa-devel
       vars:
         ansible_connection: podman
         ansible_host: sssd-wip-base
@@ -53,37 +29,6 @@ all:
           hosts:
             master.ipa.test:
               ansible_host: sssd-wip-ipa
-        ldap:
-          hosts:
-            master.ldap.test:
-              ansible_host: sssd-wip-ldap
-        samba:
-          hosts:
-            dc.samba.test:
-              ansible_host: sssd-wip-samba
-        nfs:
-          hosts:
-            nfs.test:
-              ansible_host: sssd-wip-nfs
-        kdc:
-          hosts:
-            kdc.test:
-              ansible_host: sssd-wip-kdc
-        keycloak:
-          hosts:
-            master.keycloak.test:
-              ansible_host: sssd-wip-keycloak
       vars:
         ansible_connection: podman
         ansible_python_interpreter: /usr/bin/python3
-    windows:
-      children:
-        ad:
-          hosts:
-            dc.ad.test:
-              ansible_host: 172.16.200.10
-      vars:
-        ansible_connection: winrm
-        ansible_port: 5985
-        ansible_user: .\Administrator
-        ansible_password: vagrant
diff --git a/src/ansible/playbook_image_service.yml b/src/ansible/playbook_image_service.yml
@@ -6,43 +6,18 @@
   - firewall
   - no_nscd
 
-- hosts: master.ldap.test
-  gather_facts: no
-  roles:
-  - ldap
-
-- hosts: dc.samba.test
-  gather_facts: no
-  roles:
-  - samba
-
 - hosts: master.ipa.test
   gather_facts: no
   roles:
   - ipa
   - { role: passkey, when: ansible_distribution == "Ubuntu" or ansible_distribution == "Debian" }
 
-- hosts: client.test
+- hosts: client.ipa.test
   gather_facts: no
   roles:
   - client
   - { role: passkey, when: ansible_distribution == "Ubuntu" or ansible_distribution == "Debian" }
 
-- hosts: nfs.test
-  gather_facts: no
-  roles:
-  - nfs
-
-- hosts: kdc.test
-  gather_facts: no
-  roles:
-  - kdc
-
-- hosts: master.keycloak.test
-  gather_facts: no
-  roles:
-  - keycloak
-
 - hosts: services
   gather_facts: no
   roles:

diff --git a/src/ansible/playbook_vm.yml b/src/ansible/playbook_vm.yml
@@ -18,16 +18,5 @@
     passkey_support: "{{ override_passkey_support | default('no') | bool }}"
     user_regular_uid: 1024
     ansible_become: yes
-    join_ad: "{{ override_join_ad | default('yes') | bool }}"
-    join_ldap: "{{ override_join_ldap | default('yes') | bool }}"
-    join_samba: "{{ override_join_samba | default('yes') | bool }}"
     join_ipa: "{{ override_join_ipa | default('yes') | bool }}"
-    trust_ipa_samba: "{{ override_trust_ipa_samba | default('yes') | bool }}"
-    trust_ipa_ad: "{{ override_trust_ipa_ad | default('yes') | bool }}"
-    trust_ipa_ad_two_way: "{{ override_trust_ipa_ad_two_way | default('no') | bool }}"
     extended_packageset: "{{ override_extended_packageset | default('no') | bool }}"
-
-- hosts: ad
-  gather_facts: yes
-  roles:
-  - { role: ad, skip_addc_install: yes, skip_dns: yes, ad_permanent_users: ['Administrator'] }
diff --git a/src/ansible/roles/client/tasks/main.yml b/src/ansible/roles/client/tasks/main.yml
@@ -18,29 +18,6 @@
   - '"ipa" in groups and groups["ipa"]'
   - join_ipa
 
-- name: Join Samba domain
-  ansible.builtin.include_tasks:
-    file: enroll_samba.yml
-  when:
-  - '"samba" in groups and groups["samba"]'
-  - join_samba
-
-- name: Join ldap domain
-  block:
-  - name: Add ldap to domains
-    set_fact:
-      domains: "{{ domains + [service.ldap.domain] }}"
-  when:
-  - '"ldap" in groups and groups["ldap"]'
-  - join_ldap
-
-- name: Join AD
-  ansible.builtin.include_tasks:
-    file: enroll_AD.yml
-  when:
-  - '"ad" in groups and groups["ad"]'
-  - join_ad
-
 - name: Stop SSSD
   service:
     name: sssd.service

diff --git a/src/ansible/roles/packages/tasks/Fedora.yml b/src/ansible/roles/packages/tasks/Fedora.yml
@@ -197,6 +197,8 @@
       name:
       - ci-sssd-random
       - umockdev
+      - lsusb
+      - fido2-tools
     when: passkey_support
   when: "'base_client' in group_names or 'client' in group_names or 'base_ipa' in group_names or 'ipa' in group_names"
-Original file line number
+Diff line change
@@ Expand Up / @@ -23,7 +23,6 @@ stop: @@
     down:
     	docker-compose -f docker-compose.yml \
-    	-f docker-compose.keycloak.yml \
     	-f docker-compose.passkey.yml down
     update:
@@ Expand Down @@