alangm/wiki
1
0
Fork 0
forked from testing/wiki
Code Pull Requests Activity
7e57d699fd
wiki/QA/Testcase_Post_Identity_Management.md
Lukas Magauer 1a6d80cf8e Add Identity Management testcase (#45) 
Co-authored-by: lumarel <lumarel@users.noreply.github.com>
2022-10-13 18:32:51 -05:00

3.3 KiB
Raw Blame History

title author revision_date rc
QA:Testcase Identity Management Lukas Magauer 2022-10-08
prod ver level
Rocky Linux
8
9
Final

!!! info "Release relevance" This Testcase applies the following versions of {{ rc.prod }}: {% for version in rc.ver %}{{ version }}{% if not loop.last %}, {% endif %}{% endfor %}

!!! info "Associated release criterion" This test case is associated with the Release_Criteria#packages-and-module-installation release criterion. If you are doing release validation testing, a failure of this test case may be a breach of that release criterion.

Description

Setting up a IdM system (FreeIPA) and using it's functionality leverages not also a lot of the packages in the official repos, it also tests quite a lot of used functions a corporate environment. This installatation will host it's own dns server for more generic testing without relying on the individual infrastructure of the environment.

Requirements

  • A freshly provisioned system (no other functions are allowed on this system except running the IdM services)
  • IPv4 network with unmanaged domain name (installer will check for dns servers) and unmanaged reverse dns network (in my case here 10.30.30.0/24 and ipa1.network)
  • In the case of this writeup the external dns server has the domain example.com, this has to have a entry for r8-ipa1-dev.example.com (this could also be replaced by a entry in the /etc/hosts file if no external dns server should be involved)

Setup

  1. dnf module enable idm:DL1

  2. dnf module install idm:DL1/dns

  3. ipa-server-install

    • Do you want to configure integrated DNS (BIND)? [no]: yes
    • Server host name [r8-ipa1-dev.example.com]: r8-ipa1-dev.example.com
    • Please confirm the domain name [ipa1.network]: ipa1.network
    • Please provide a realm name [IPA1.NETWORK]: IPA1.NETWORK
    • Directory Manager password: <password> Password (confirm): <password>
    • IPA admin password: <other-password> Password (confirm): <other-password>
    • Please provide the IP address to be used for this host name: 10.30.30.1
    • Enter an additional IP address, or press Enter to skip: leave empty
    • Do you want to configure DNS forwarders? [yes]: yes
    • Do you want to configure these servers as DNS forwarders? [yes]: yes
    • Enter an IP address for a DNS forwarder, or press Enter to skip: leave empty
    • Do you want to search for missing reverse zones? [yes]: yes
    • NetBIOS domain name [IPA1]: IPA1
    • Do you want to configure chrony with NTP server or pool address? [no]: yes
    • Enter NTP source server addresses separated by comma, or press Enter to skip: leave empty
    • Enter a NTP source pool address, or press Enter to skip: pool.ntp.org
    • Continue to configure the system with these values? [no]: yes

  4. firewall-cmd --add-service={freeipa-4,dns} --permanent

  5. firewall-cmd --add-service={freeipa-4,dns}

How to test

  1. Make sure Kerberos works, by running kinit admin and klist
  2. Make sure the webfrontend is reachable and login works
  3. Furthermore you can also attach another system (DNS + connecting via SSSD)

Expected Results

After installation all services should be available and work correctly.

{% include 'testing/qa_testcase_bottom.md' %}