update some functional tests

func/README.md

@@ -28,9 +28,11 @@ How to Run
 There are two ways to run through the tests:
 
 * By running `/bin/bash runtests.sh`
-  * Runs all tests
+  * Runs all core tests
+* By running `/bin/bash stacktests.sh`
+  * Runs all stack tests (eg, lamp, ipa)
 * By running `/bin/bash monotests.sh`
-  * Runs all tests one by one to help identify failures as they happen
+  * Supposed to runs all tests one by one to help identify failures as they happen (not functional)
 
 Adding Tests
 ------------
@@ -316,6 +318,9 @@ Current Tree
 │   │   ├── 00-install-lsof.sh
 │   │   ├── 10-test-lsof.sh
 │   │   └── README.md
+│   ├── pkg_mdadm
+│   │   ├── 00-install-mdadm.sh
+│   │   └── 01-test-mdadm.sh
 │   ├── pkg_network
 │   │   ├── 00-install-packages.sh
 │   │   ├── 10-tracepath.sh
@@ -348,6 +353,13 @@ Current Tree
 │   │   ├── 30-postfix-sasl.sh
 │   │   ├── 40-postfix-tls.sh
 │   │   └── README.md
+│   ├── pkg_postgresql
+│   │   ├── 00-install-postgresql.sh
+│   │   ├── 01-configure-postgresql.sh
+│   │   ├── 10-create-db.sh
+│   │   ├── 11-create-user.sh
+│   │   ├── 20-drop-db.sh
+│   │   └── 21-drop-user.sh
 │   ├── pkg_python
 │   │   ├── 00-install-python.sh
 │   │   ├── 10-test-python3.sh
@@ -423,6 +435,11 @@ Current Tree
 │   ├── pkg_telnet
 │   │   ├── 00-install-telnet.sh
 │   │   └── 10-test-telnet.sh
+│   ├── pkg_tftp-server
+│   │   ├── 00-install-tftp.sh
+│   │   ├── 01-configure-tftp.sh
+│   │   ├── 10-get-test.sh
+│   │   └── 11-put-test.sh
 │   ├── pkg_vsftpd
 │   │   ├── 00-install-vsftpd.sh
 │   │   ├── 10-anonymous-vsftpd.sh
@@ -447,20 +464,21 @@ Current Tree
 ├── README.md
 ├── runtests.sh
 ├── skip.list
-└── stacks
+├── stacks
-    ├── ipa
+│   ├── ipa
-    │   ├── 00-ipa-pregame.sh
+│   │   ├── 00-ipa-pregame.sh
-    │   ├── 10-install-ipa.sh
+│   │   ├── 10-install-ipa.sh
-    │   ├── 11-configure-ipa.sh
+│   │   ├── 11-configure-ipa.sh
-    │   ├── 12-verify-ipa.sh
+│   │   ├── 12-verify-ipa.sh
-    │   ├── 20-ipa-user.sh
+│   │   ├── 20-ipa-user.sh
-    │   ├── 21-ipa-service.sh
+│   │   ├── 21-ipa-service.sh
-    │   ├── 22-ipa-dns.sh
+│   │   ├── 22-ipa-dns.sh
-    │   ├── 23-ipa-sudo.sh
+│   │   ├── 23-ipa-sudo.sh
-    │   ├── 50-cleanup-ipa.sh
+│   │   ├── 50-cleanup-ipa.sh
-    │   └── README.md
+│   │   └── README.md
-    └── lamp
+│   └── lamp
-        ├── 00-install-lamp.sh
+│       ├── 00-install-lamp.sh
-        ├── 01-verification.sh
+│       ├── 01-verification.sh
-        └── 10-test-lamp.sh
+│       └── 10-test-lamp.sh
+└── stacks.sh
 ```

func/core/pkg_firefox/10-check-firefox-start-page.sh

@@ -9,7 +9,7 @@ fi
 
 COUNTS="$(grep -c rockylinux.org $FIREPATH)"
 
-if [ "$COUNTS" -eq 2 ]; then
+if [ "$COUNTS" -ge 2 ]; then
   r_checkExitStatus 0
 else
   r_checkExitStatus 1

func/core/pkg_mdadm/00-install-mdadm.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+r_log "mdadm" "Install mdadm"
+p_installPackageNormal mdadm

func/core/pkg_mdadm/01-test-mdadm.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+r_log "mdadm" "Check that mdadm will operate and return the right exit codes"
+[ ${EUID} -eq 0 ] || { r_log "mdadm" "Not running as root. Skipping." ; exit "$PASS"; }
+MDADM=$(which mdadm)
+
+[ -z "${MDADM}" ] && { r_log "mdadm" "which reported the binary but it doesn't exist, why?"; exit "$FAIL"; }
+
+${MDADM} --detail --scan &> /dev/null
+ret_val=$?
+
+[ "$ret_val" -eq 0 ] || { r_log "mdadm" "There was a non-zero exit. This is likely fatal."; exit "$FAIL"; }
+
+r_checkExitStatus $ret_val

func/core/pkg_postgresql/00-install-postgresql.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+r_log "postgresql" "Installing postgresql"
+p_installPackageNormal postgresql-server postgresql

func/core/pkg_postgresql/01-configure-postgresql.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+r_log "postgresql" "Initialize postgresql"
+postgresql-setup --initdb
+m_serviceCycler postgresql-server cycle
+sleep 15

func/core/pkg_postgresql/10-create-db.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+r_log "postgresql" "Creating db"
+su - postgres -c 'createdb pg_test'
+r_checkExitStatus $?

func/core/pkg_postgresql/11-create-user.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+r_log "postgresql" "Creating user"
+su - postgres -c 'createuser -S -R -D testuser' > /dev/null 2>&1
+r_checkExitStatus $?

func/core/pkg_postgresql/20-drop-db.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+r_log "postgresql" "Dropping database"
+su - postgres -c 'dropdb pg_test' > /dev/null 2>&1
+r_checkExitStatus $?

func/core/pkg_postgresql/21-drop-user.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+r_log "postgresql" "Dropping user"
+su - postgres -c 'dropuser testuser' > /dev/null 2>&1
+r_checkExitStatus $?

func/core/pkg_release/30-os-release.sh

@@ -4,10 +4,10 @@ r_log "rocky" "Check /etc/os-release stuff"
 r_log "rocky" "Verify support directives"
 for s in NAME=\"Rocky\ Linux\" \
   ID=\"rocky\" \
-  ROCKY_SUPPORT_PRODUCT=\"Rocky\ Linux\" \
+  ROCKY_SUPPORT_PRODUCT=\"Rocky-Linux-$RL_VER\" \
   ROCKY_SUPPORT_PRODUCT_VERSION=\"$RL_VER\"; do
   if ! grep -q "$s" /etc/os-release; then
-    r_log "rocky" "Missing string in /etc/os-release"
+    r_log "rocky" "Missing string ($s) in /etc/os-release"
     r_checkExitStatus 1
   fi
 done

func/core/pkg_tftp-server/00-install-tftp.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+r_log "tftp" "Installing packages"
+p_installPackageNormal tftp-server tftp

func/core/pkg_tftp-server/01-configure-tftp.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+r_log "tftp" "Configure tftp"
+
+cat <<EOF > /etc/xinetd.d/tftp
+service tftp
+{
+    socket_type   = dgram
+    protocol      = udp
+    wait          = yes
+    user          = root
+    server        = /usr/sbin/in.tftpd
+    server_args   = -s /var/lib/tftpboot
+    disable       = no
+    per_source    = 11
+    cps           = 100 2
+    flags         = IPv4
+}
+EOF
+
+m_serviceCycler tftp.socket start

func/core/pkg_tftp-server/10-get-test.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+r_log "tftp" "Getting a file from tftp"
+
+chmod 777 /var/lib/tftpboot
+echo "rocky func" > /var/lib/tftpboot/tftptest
+tftp 127.0.0.1 -c get tftptest
+
+grep -q "rocky func" tftptest
+r_checkExitStatus
+/bin/rm tftptest

func/core/pkg_tftp-server/11-put-test.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+r_log "tftp" "Testing anon write"
+TFTPDIR=/var/lib/tftpboot
+setsebool tftp_anon_write 1
+chmod 777 $TFTPDIR
+echo "rocky func" > puttest
+touch $TFTPDIR > $TFTPDIR/puttest
+chmod 666 $TFTPDIR/puttest
+tftp 127.0.0.1 -c put puttest
+sleep 2
+grep -q 'rocky func' $TFTPDIR/puttest
+r_checkExitStatus $?
+/bin/rm puttest
+/bin/rm $TFTPDIR/puttest

func/stacks.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+# Release Engineering Core Functionality Testing
+# Louis Abel <label@rockylinux.org> @nazunalika
+
+################################################################################
+# Settings and variables
+
+# Exits on any non-zero exit status - Disabled for now.
+#set -e
+# Undefined variables will cause an exit
+set -u
+
+COMMON_EXPORTS='./common/exports.sh'
+COMMON_IMPORTS='./common/imports.sh'
+SELINUX=$(getenforce)
+
+# End
+################################################################################
+
+# shellcheck source=/dev/null disable=SC2015
+[ -f $COMMON_EXPORTS ] && source $COMMON_EXPORTS || { echo -e "\n[-] $(date): Variables cannot be sourced."; exit 1; }
+# shellcheck source=/dev/null disable=SC2015
+[ -f $COMMON_IMPORTS ] && source $COMMON_IMPORTS || { echo -e "\n[-] $(date): Functions cannot be sourced."; exit 1; }
+# Init log
+# shellcheck disable=SC2015
+[ -e "$LOGFILE" ] && m_recycleLog || touch "$LOGFILE"
+# SELinux check
+if [ "$SELINUX" != "Enforcing" ]; then
+  echo -e "\n[-] $(date): SELinux is not enforcing."
+  exit 1
+fi
+
+r_log "internal" "Starting Release Engineering Core Tests"
+
+################################################################################
+# Script Work
+
+# Skip tests in a list - some tests are already -x, so it won't be an issue
+if [ -e skip.list ]; then
+  r_log "internal" "Disabling tests"
+  # shellcheck disable=SC2162
+  grep -E "^${RL_VER}" skip.list | while read line; do
+    # shellcheck disable=SC2086
+    testFile="$(echo $line | cut -d '|' -f 2)"
+    r_log "internal" "SKIP ${testFile}"
+    chmod -x "${testFile}"
+  done
+  r_log "internal" "WARNING: Tests above were disabled."
+fi
+
+# TODO: should we let $1 judge what directory is ran?
+# TODO: get some stacks and lib in there
+
+#r_processor <(/usr/bin/find ./core -type f | sort -t'/')
+#r_processor <(/usr/bin/find ./lib -type f | sort -t'/')
+r_processor <(/usr/bin/find ./stacks -type f | sort -t'/')
+
+r_log "internal" "Core Tests completed"
+exit 0

func/stacks/ipa/10-install-ipa.sh

@@ -9,5 +9,6 @@ fi
 # going to be the same thing or not so this check is there just in case.
 if [ "$RL_VER" -eq 8 ]; then
   p_enableModule idm:DL1/{client,common,dns,server}
-  p_installPackageNormal ipa-server ipa-server-dns
 fi
+
+p_installPackageNormal ipa-server ipa-server-dns

func/stacks/ipa/20-ipa-user.sh

@@ -4,8 +4,77 @@ if m_getArch aarch64 | grep -qE 'aarch64'; then
   exit 0
 fi
 
-if [ "$IPAINSTALLED" -eq 1 ]; then
+if [ "$IPAINSTALLED" -eq 1  ]; then
   r_log "ipa" "IPA was not successfully installed. Aborting."
   r_checkExitStatus 1
 fi
 
+kdestroy &> /dev/null
+klist 2>&1 | grep -E "(No credentials|Credentials cache .* not found)" &> /dev/null
+r_checkExitStatus $?
+
+expect -f - <<EOF
+set send_human {.1 .3 1 .05 2}
+spawn kinit admin
+sleep 1
+expect "Password for admin@RLIPA.LOCAL:"
+send -h "b1U3OnyX!\r"
+sleep 5
+close
+EOF
+
+klist | grep "admin@RLIPA.LOCAL" &> /dev/null
+r_checkExitStatus $?
+
+r_log "ipa" "Test adding a user"
+userDetails="$(ipa user-add --first=test --last=user --random ipatestuser)"
+echo "$userDetails" | grep -q 'Added user "ipatestuser"'
+r_checkExitStatus $?
+
+echo "$userDetails" | grep -q 'First name: test'
+r_checkExitStatus $?
+echo "$userDetails" | grep -q 'Last name: user'
+r_checkExitStatus $?
+echo "$userDetails" | grep -q 'Full name: test user'
+r_checkExitStatus $?
+echo "$userDetails" | grep -q 'Home directory: /home/ipatestuser'
+r_checkExitStatus $?
+
+r_log "ipa" "Changing password of the user"
+kdestroy &> /dev/null
+
+expect -f -  <<EOF
+set send_human {.1 .3 1 .05 2}
+spawn kinit ipatestuser
+sleep 1
+expect "Password for ipatestuser@RLIPA.LOCAL: "
+send -h -- "$(echo "$userDetails" | awk '$0 ~ /Random password/ {print $3}')\r"
+sleep 1
+expect "Enter new password: "
+send -h -- "gr@YAm3thy5st!\r"
+sleep 1
+expect "Enter it again: "
+send -h -- "gr@YAm3thy5st!\r"
+sleep 5
+close
+EOF
+
+r_log "ipa" "Re-doing a kinit"
+expect -f - <<EOF
+set send_human {.1 .3 1 .05 2}
+spawn kinit ipatestuser
+sleep 1
+expect "Password for ipatestuser@C6IPA.LOCAL:"
+send -h "gr@YAm3thy5st!\r"
+sleep 1
+close
+EOF
+
+klist | grep "ipatestuser@RLIPA.LOCAL" &> /dev/null
+r_checkExitStatus $?
+
+kdestroy &> /dev/null
+
+r_log "ipa" "Testing for user in getent"
+getent passwd ipatestuser &> /dev/null
+r_checkExitStatus $?

func/stacks/ipa/21-ipa-service.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 if m_getArch aarch64 | grep -qE 'aarch64'; then
-  r_log "ipa -bash" "Skipping for aarch64"
+  r_log "ipa" "Skipping for aarch64"
   exit 0
 fi
 
@@ -9,3 +9,61 @@ if [ "$IPAINSTALLED" -eq 1 ]; then
   r_checkExitStatus 1
 fi
 
+kdestroy &> /dev/null
+klist 2>&1  | grep -E "(No credentials|Credentials cache .* not found)" &> /dev/null
+r_checkExitStatus $?
+
+expect -f - <<EOF
+set send_human {.1 .3 1 .05 2}
+spawn kinit admin
+sleep 1
+expect "Password for admin@RLIPA.LOCAL:"
+send -h "b1U3OnyX!\r"
+sleep 5
+close
+EOF
+
+klist | grep "admin@RLIPA.LOCAL" &> /dev/null
+r_checkExitStatus $?
+
+r_log "ipa" "Adding test service"
+ipa service-add testservice/rltest.rlipa.local &> /dev/null
+r_checkExitStatus $?
+
+r_log "ipa" "Getting keytab for service"
+ipa-getkeytab -s rltest.rlipa.local -p testservice/rltest.rlipa.local -k /tmp/testservice.keytab &> /dev/null
+r_checkExitStatus $?
+
+r_log "ipa" "Getting a certificate for service"
+ipa-getcert request -K testservice/rltest.rlipa.local -D rltest.rlipa.local -f /etc/pki/tls/certs/testservice.crt -k /etc/pki/tls/private/testservice.key &> /dev/null
+r_checkExitStatus $?
+
+while true; do
+  entry="$(ipa-getcert list -r | sed -n '/Request ID/,/auto-renew: yes/p')"
+  if [[ $entry =~ "status:"  ]] && [[ $entry =~ "CA_REJECTED"  ]]; then
+    r_checkExitStatus 1
+    break
+  fi
+  if [[ $entry =~ ""  ]]; then 
+    r_checkExitStatus 0
+    break
+  fi
+  sleep 1
+done
+
+while ! stat /etc/pki/tls/certs/testservice.crt &> /dev/null; do
+  sync
+  sleep 1
+done
+
+r_log "ipa" "Verifying keytab"
+klist -k /tmp/testservice.keytab | grep "testservice/rltest.rlipa.local" &> /dev/null
+r_checkExitStatus $?
+
+r_log "ipa" "Verifying key matches the certificate"
+diff <(openssl x509 -in /etc/pki/tls/certs/testservice.crt -noout -modulus 2>&1 ) <(openssl rsa -in /etc/pki/tls/private/testservice.key -noout -modulus 2>&1 )
+r_checkExitStatus $?
+
+r_log "ipa" "Verifying the certificate against our CA"
+openssl verify -CAfile /etc/ipa/ca.crt /etc/pki/tls/certs/testservice.crt | grep "/etc/pki/tls/certs/testservice.crt: OK" &> /dev/null
+r_checkExitStatus $?

func/stacks/ipa/22-ipa-dns.sh

@@ -9,3 +9,46 @@ if [ "$IPAINSTALLED" -eq 1 ]; then
   r_checkExitStatus 1
 fi
 
+kdestroy &> /dev/null
+klist 2>&1  | grep -qE "(No credentials|Credentials cache .* not found)" &> /dev/null
+r_checkExitStatus $?
+
+expect -f - <<EOF
+set send_human {.1 .3 1 .05 2}
+spawn kinit admin
+sleep 1
+expect "Password for admin@RLIPA.LOCAL:"
+send -h "b1U3OnyX!\r"
+sleep 5
+close
+EOF
+
+klist | grep "admin@RLIPA.LOCAL" &> /dev/null
+r_checkExitStatus $?
+
+r_log "ipa" "Adding testzone subdomain"
+ipa dnszone-add --name-server=rltest.rlipa.local. --admin-email=hostmaster.testzone.rlipa.local. testzone.rlipa.local &> /dev/null
+r_checkExitStatus $?
+sleep 5
+
+r_log "ipa" "Get SOA from testzone subdomain"
+dig @localhost SOA testzone.rlipa.local | grep -q "status: NOERROR" &> /dev/null
+r_checkExitStatus $?
+
+r_log "ipa" "Adding a CNAME record to the primary domain"
+ipa dnsrecord-add rlipa.local testrecord --cname-hostname=rltest &> /dev/null
+r_checkExitStatus $?
+sleep 5
+
+r_log "ipa" "Retrieving CNAME record"
+dig @localhost CNAME testrecord.rlipa.local | grep -q "status: NOERROR" &> /dev/null
+r_checkExitStatus $?
+
+r_log "ipa" "Adding a CNAME to subdomain"
+ipa dnsrecord-add testzone.rlipa.local testrecord --cname-hostname=rltest.rlipa.local. &> /dev/null
+r_checkExitStatus $?
+sleep 5
+
+r_log "ipa" "Testing can retrieve record from subdomain"
+dig @localhost CNAME testrecord.testzone.rlipa.local | grep -q "status: NOERROR" &> /dev/null
+r_checkExitStatus $?

func/stacks/ipa/23-ipa-sudo.sh

@@ -9,3 +9,19 @@ if [ "$IPAINSTALLED" -eq 1 ]; then
   r_checkExitStatus 1
 fi
 
+kdestroy &> /dev/null
+klist 2>&1  | grep -E "(No credentials|Credentials cache .* not found)" &> /dev/null
+r_checkExitStatus $?
+
+expect -f - <<EOF
+set send_human {.1 .3 1 .05 2}
+spawn kinit admin
+sleep 1
+expect "Password for admin@RLIPA.LOCAL:"
+send -h "b1U3OnyX!\r"
+sleep 5
+close
+EOF
+
+klist | grep "admin@RLIPA.LOCAL" &> /dev/null
+r_checkExitStatus $?

func/stacks/ipa/50-cleanup-ipa.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 if m_getArch aarch64 | grep -qE 'aarch64'; then
-  r_log "ipa -bash" "Skipping for aarch64"
+  r_log "ipa" "Skipping for aarch64"
   exit 0
 fi
 

iso/empanadas/empanadas/configs/el9-beta.yaml

@@ -56,6 +56,10 @@
     images:
       - dvd
       - minimal
+    lorax_variants:
+      - dvd
+      - minimal
+      - BaseOS
     repos:
       - 'BaseOS'
       - 'AppStream'

iso/empanadas/empanadas/configs/el9.yaml

@@ -56,6 +56,10 @@
     images:
       - dvd
       - minimal
+    lorax_variants:
+      - dvd
+      - minimal
+      - BaseOS
     repos:
       - 'BaseOS'
       - 'AppStream'

iso/empanadas/empanadas/configs/el9lh.yaml

@@ -56,6 +56,10 @@
     images:
       - dvd
       - minimal
+    lorax_variants:
+      - dvd
+      - minimal
+      - BaseOS
     repos:
       - 'BaseOS'
       - 'AppStream'

iso/empanadas/empanadas/util/iso_utils.py

@@ -406,7 +406,7 @@ class IsoBuild:
             self.log.info(
                     'Copying base lorax for ' + Color.BOLD + arch + Color.END
             )
-            for variant in self.iso_map['images']:
+            for variant in self.iso_map['lorax_variants']:
                 self._copy_lorax_to_variant(self.force_unpack, arch, variant)
 
         self.log.info(
@@ -576,7 +576,10 @@ class IsoBuild:
                 return
 
         self.log.info('Copying base lorax to %s directory...' % image)
-        shutil.copytree(src_to_image, path_to_image)
+        try:
+            shutil.copytree(src_to_image, path_to_image, copy_function=shutil.copy2)
+        except:
+            self.log.error('%s already exists??' % image)
 
     def run_boot_sync(self):
         """
@@ -596,14 +599,14 @@ class IsoBuild:
             unpack_single_arch = True
             arches_to_unpack = [self.arch]
 
-        self.sync_boot(force_unpack=self.force_unpack, arch=self.arch)
+        self._sync_boot(force_unpack=self.force_unpack, arch=self.arch)
         self.treeinfo_write(arch=self.arch)
 
-    def _sync_boot(self, force_unpack, arch, variant):
+    def _sync_boot(self, force_unpack, arch, image):
         """
         Syncs whatever
         """
-        self.log.info('Copying lorax to %s directory...' % variant)
+        self.log.info('Copying lorax to %s directory...' % image)
         # checks here, report that it already exists
 
     def treeinfo_write(self, arch):
@@ -616,7 +619,7 @@ class IsoBuild:
         """
         Fixes lorax treeinfo
         """
-        self.log.info('Fixing up lorax treeinfo...')
+        self.log.info('Fixing up lorax treeinfo for %s ...' % )
 
     def discinfo_write(self):
         """
@@ -651,7 +654,7 @@ class IsoBuild:
         """
         print()
 
-    def generate_graft_points(self):
+    def _generate_graft_points(self):
         """
         Get a list of packages for an extras ISO. This should NOT be called
         during the usual run() section.