mirror-update: update keytab testing
Keytabs are slightly longer than what is being tested; upto 100 bytes or so. This means the encoded data breaks over lines, which means you need to be more careful about quoting. Update the testing to a longer keytab (100 bytes of random data) and fix up the quoting. Also enable no_logging to avoid putting key material into the logs. Change-Id: I73c391a2ebd2c962dc9a422f9d44265160210852
This commit is contained in:
parent
b85282c046
commit
aa357fc19f
@ -9,10 +9,10 @@
|
|||||||
# "real" binary data like a keytab. See issues like:
|
# "real" binary data like a keytab. See issues like:
|
||||||
# https://github.com/ansible/ansible/issues/20150
|
# https://github.com/ansible/ansible/issues/20150
|
||||||
- name: Install afsadmin keytab
|
- name: Install afsadmin keytab
|
||||||
shell: 'echo {{ mirror_update_keytab_afsadmin }} | base64 -d > /etc/afsadmin.keytab'
|
shell: 'echo "{{ mirror_update_keytab_afsadmin }}" | base64 -d > /etc/afsadmin.keytab'
|
||||||
args:
|
args:
|
||||||
creates: /etc/afsadmin.keytab
|
creates: /etc/afsadmin.keytab
|
||||||
#no_log: True
|
no_log: True
|
||||||
|
|
||||||
- name: Ensure permissions on afsadmin keytab
|
- name: Ensure permissions on afsadmin keytab
|
||||||
file:
|
file:
|
||||||
|
@ -18,11 +18,11 @@
|
|||||||
- yum-puppetlabs
|
- yum-puppetlabs
|
||||||
|
|
||||||
- name: Copy keytab files in place
|
- name: Copy keytab files in place
|
||||||
shell: 'echo {{ lookup("vars", "mirror_update_keytab_" + item) }} | base64 -d > /etc/{{ item }}.keytab'
|
shell: 'echo "{{ lookup("vars", "mirror_update_keytab_" + item) }}" | base64 -d > /etc/{{ item }}.keytab'
|
||||||
args:
|
args:
|
||||||
creates: '/etc/{{ item }}.keytab'
|
creates: '/etc/{{ item }}.keytab'
|
||||||
loop: '{{ rsync_update_scripts }}'
|
loop: '{{ rsync_update_scripts }}'
|
||||||
# no_log: True
|
no_log: True
|
||||||
|
|
||||||
- name: Ensure keytab permissions
|
- name: Ensure keytab permissions
|
||||||
file:
|
file:
|
||||||
|
@ -1,12 +1,18 @@
|
|||||||
mirror_update_keytab_afsadmin: |-
|
mirror_update_keytab_afsadmin: |-
|
||||||
AQIDBAUGBwgJEBESExQVFm9wZW5kZXYub3JnIHNhbXBsZSBrZXl0YWIWFRQTEhEQCQgHBgUEAwIB
|
aEkRPhZllm2F2y71Zgf3X9NjyHT7/sS8bd/vXt9oG1PKkUmpeBXprFnrxzMuKiupHwwTa09w5LuB
|
||||||
|
blLvBOC8W5Miz1u6TkRe+/jLQurLpzYHwk3bJCJ6s3WwPKDej54TDVgrVQ==
|
||||||
mirror_update_keytab_centos: |-
|
mirror_update_keytab_centos: |-
|
||||||
AQIDBAUGBwgJEBESExQVFm9wZW5kZXYub3JnIHNhbXBsZSBrZXl0YWIWFRQTEhEQCQgHBgUEAwIB
|
aEkRPhZllm2F2y71Zgf3X9NjyHT7/sS8bd/vXt9oG1PKkUmpeBXprFnrxzMuKiupHwwTa09w5LuB
|
||||||
|
blLvBOC8W5Miz1u6TkRe+/jLQurLpzYHwk3bJCJ6s3WwPKDej54TDVgrVQ==
|
||||||
mirror_update_keytab_epel: |-
|
mirror_update_keytab_epel: |-
|
||||||
AQIDBAUGBwgJEBESExQVFm9wZW5kZXYub3JnIHNhbXBsZSBrZXl0YWIWFRQTEhEQCQgHBgUEAwIB
|
aEkRPhZllm2F2y71Zgf3X9NjyHT7/sS8bd/vXt9oG1PKkUmpeBXprFnrxzMuKiupHwwTa09w5LuB
|
||||||
|
blLvBOC8W5Miz1u6TkRe+/jLQurLpzYHwk3bJCJ6s3WwPKDej54TDVgrVQ==
|
||||||
mirror_update_keytab_fedora: |-
|
mirror_update_keytab_fedora: |-
|
||||||
AQIDBAUGBwgJEBESExQVFm9wZW5kZXYub3JnIHNhbXBsZSBrZXl0YWIWFRQTEhEQCQgHBgUEAwIB
|
aEkRPhZllm2F2y71Zgf3X9NjyHT7/sS8bd/vXt9oG1PKkUmpeBXprFnrxzMuKiupHwwTa09w5LuB
|
||||||
|
blLvBOC8W5Miz1u6TkRe+/jLQurLpzYHwk3bJCJ6s3WwPKDej54TDVgrVQ==
|
||||||
mirror_update_keytab_opensuse: |-
|
mirror_update_keytab_opensuse: |-
|
||||||
AQIDBAUGBwgJEBESExQVFm9wZW5kZXYub3JnIHNhbXBsZSBrZXl0YWIWFRQTEhEQCQgHBgUEAwIB
|
aEkRPhZllm2F2y71Zgf3X9NjyHT7/sS8bd/vXt9oG1PKkUmpeBXprFnrxzMuKiupHwwTa09w5LuB
|
||||||
|
blLvBOC8W5Miz1u6TkRe+/jLQurLpzYHwk3bJCJ6s3WwPKDej54TDVgrVQ==
|
||||||
mirror_update_keytab_yum-puppetlabs: |-
|
mirror_update_keytab_yum-puppetlabs: |-
|
||||||
AQIDBAUGBwgJEBESExQVFm9wZW5kZXYub3JnIHNhbXBsZSBrZXl0YWIWFRQTEhEQCQgHBgUEAwIB
|
aEkRPhZllm2F2y71Zgf3X9NjyHT7/sS8bd/vXt9oG1PKkUmpeBXprFnrxzMuKiupHwwTa09w5LuB
|
||||||
|
blLvBOC8W5Miz1u6TkRe+/jLQurLpzYHwk3bJCJ6s3WwPKDej54TDVgrVQ==
|
||||||
|
@ -16,7 +16,7 @@
|
|||||||
testinfra_hosts = ['mirror-update01.opendev.org']
|
testinfra_hosts = ['mirror-update01.opendev.org']
|
||||||
|
|
||||||
# Manually calculated from the "secret" value in the test host vars
|
# Manually calculated from the "secret" value in the test host vars
|
||||||
KEYTAB_SHA256 = '8f4e9384338ffa41b927ed3c15463512384cb7268693a7c60c1e1254f690b7d0'
|
KEYTAB_SHA256 = '88d4ac38ad3da024913843d8917d5be89ceac4abef7b977718f2c3f1db3ccde4'
|
||||||
|
|
||||||
def test_tools(host):
|
def test_tools(host):
|
||||||
f = host.file('/usr/bin/k5start')
|
f = host.file('/usr/bin/k5start')
|
||||||
|
Loading…
Reference in New Issue
Block a user