diff --git a/README.md b/README.md index 36da52d..008d563 100644 --- a/README.md +++ b/README.md @@ -212,7 +212,8 @@ assuming your machines are joined to a FreeIPA domain. - name: monger-cockpit dns: ['localhost', 'www.example.com'] ca: ipa - group: cockpit-ws + # with Cockpit < 257 (RHEL 7) you need: + # group: cockpit-ws ``` Note: Generating a new certificate using the `certificate` system role in the playbook remains supported. @@ -235,7 +236,8 @@ This example also installs Cockpit with an IdM-issued web server certificate. - name: /etc/cockpit/ws-certs.d/monger-cockpit dns: ['localhost', 'www.example.com'] ca: ipa - group: cockpit-ws # or cockpit-wsinstance on newer cockpit versions + # with Cockpit < 257 (RHEL 7) you need: + # group: cockpit-ws ``` NOTE: The `certificate` role, unless using IPA and joining the systems to an IPA domain, diff --git a/tests/tasks/get_cockpit_group.yml b/tests/tasks/get_cockpit_group.yml index 8895467..31ba766 100644 --- a/tests/tasks/get_cockpit_group.yml +++ b/tests/tasks/get_cockpit_group.yml @@ -1,13 +1,11 @@ # SPDX-License-Identifier: MIT --- -- name: Get name of cockpit group for tests - getent: - database: group - key: cockpit-wsinstance - fail_key: false +# The ownership of the certificate hasn't mattered since Cockpit 257, +# which is in RHEL 8.7, 9.0, and all current Fedora/Debian/Ubuntu OSes. +# This only matters for RHEL 7 - name: Set __cockpit_test_group set_fact: - __cockpit_test_group: "{{ 'cockpit-wsinstance' - if ansible_facts['getent_group'].get('cockpit-wsinstance') - else 'cockpit-ws' }}" + __cockpit_test_group: "{{ 'cockpit-ws' + if (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_version'] | int == 7) + else 'root' }}"