diff --git a/README.md b/README.md index 0d996c7..0506706 100644 --- a/README.md +++ b/README.md @@ -227,7 +227,7 @@ This example also installs Cockpit with an IdM-issued web server certificate. - name: /etc/cockpit/ws-certs.d/monger-cockpit dns: ['localhost', 'www.example.com'] ca: ipa - group: cockpit-ws + group: cockpit-ws # or cockpit-wsinstance on newer cockpit versions ``` NOTE: The `certificate` role, unless using IPA and joining the systems to an IPA domain, diff --git a/tests/tasks/get_cockpit_group.yml b/tests/tasks/get_cockpit_group.yml new file mode 100644 index 0000000..d0f03db --- /dev/null +++ b/tests/tasks/get_cockpit_group.yml @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: MIT +--- +- name: Get name of cockpit group for tests + getent: + database: group + key: cockpit-wsinstance + fail_key: false + +- name: Set __cockpit_test_group + set_fact: + __cockpit_test_group: "{{ 'cockpit-wsinstance' + if 'cockpit-wsinstance' in ansible_facts['getent_group'] + else 'cockpit-ws' }}" diff --git a/tests/tests_certificate_external.yml b/tests/tests_certificate_external.yml index abee39e..3aeab53 100644 --- a/tests/tests_certificate_external.yml +++ b/tests/tests_certificate_external.yml @@ -26,6 +26,10 @@ setype: cert_t mode: "0755" + # returns global variable __cockpit_test_group + - name: Get name of cockpit group to use + include_tasks: tasks/get_cockpit_group.yml + # has to be done dynamically, as the first step checks it out - name: Generate certificate with certificate system role include_role: @@ -35,7 +39,7 @@ - name: /etc/cockpit/ws-certs.d/monger-cockpit dns: ['localhost', 'www.example.com'] ca: self-sign - group: cockpit-ws + group: "{{ __cockpit_test_group }}" # ostree cannot remove packages and cannot cleanup properly # this works around that issue diff --git a/tests/tests_certificate_internal.yml b/tests/tests_certificate_internal.yml index 9c9edd6..b287184 100644 --- a/tests/tests_certificate_internal.yml +++ b/tests/tests_certificate_internal.yml @@ -9,6 +9,18 @@ - name: >- Install cockpit using the certificate role to create a certificate block: + # install cockpit package to get group + - name: Include role + include_role: + name: linux-system-roles.cockpit + public: true + vars: + cockpit_packages: minimal + + # returns global variable __cockpit_test_group + - name: Get name of cockpit group to use + include_tasks: tasks/get_cockpit_group.yml + - name: Install cockpit with cockpit_certificates request vars: cockpit_packages: minimal @@ -16,7 +28,7 @@ - name: "{{ cert_name }}" dns: ['localhost', 'www.example.com'] ca: self-sign - group: cockpit-ws + group: "{{ __cockpit_test_group }}" include_role: name: linux-system-roles.cockpit public: true diff --git a/tests/tests_certificate_runafter.yml b/tests/tests_certificate_runafter.yml index 9978573..f86d61b 100644 --- a/tests/tests_certificate_runafter.yml +++ b/tests/tests_certificate_runafter.yml @@ -24,6 +24,10 @@ setype: cert_t mode: "0755" + # returns global variable __cockpit_test_group + - name: Get name of cockpit group to use + include_tasks: tasks/get_cockpit_group.yml + # has to be done dynamically, as the first step checks it out - name: Generate certificate with certificate system role include_role: @@ -34,7 +38,7 @@ - name: monger-cockpit dns: ['localhost', 'www.example.com'] ca: local - group: cockpit-ws + group: "{{ __cockpit_test_group }}" # ideally we'd put the cert directly into /etc/cockpit/ws-certs.d; # however, cockpit in RHEL/CentOS 7 does not yet support a separate # key file, and lsr.certificate sets wrong permissions @@ -44,7 +48,7 @@ cat {{ __certificate_default_directory }}/certs/monger-cockpit.crt \ {{ __certificate_default_directory }}/private/monger-cockpit.key > $DEST chmod 640 $DEST - chown root:cockpit-ws $DEST + chown root:{{ __cockpit_test_group }} $DEST - name: Validate installation block: