Test upgrade of FreeIPA server and client deployment
Summary:
This adds an upgrade variant of the FreeIPA tests, with only
the simplest client enrolment (sssd) for now. The server test
starts from the N-1 release and deploys the domain controller
role. The client test similarly starts from the N-1 release
and, when the server is deployed, enrols as a domain client.
Then the server upgrades itself, while the client waits (as the
server is its name server). Then the client upgrades itself,
while the server does some self-checks. The server then waits
for the client to do its checks before decommissioning itself,
as usual. So, summary: *deployment* of both server and client
occurs on N-1, then both are upgraded, then the actual *checks*
occur on N.
In my testing, this all more or less works, except the role
decommission step fails. This failure seems to be a genuine one
so far as I can tell; I intend to file a bug for it soon.
Test Plan:
Run the new tests, check they work. Run the existing
FreeIPA tests (both the compose and the update variants), check
they both behave the same.
Reviewers: jsedlak, jskladan
Reviewed By: jsedlak
Subscribers: tflink
Differential Revision: https://phab.qa.fedoraproject.org/D1204
2017-05-17 19:39:45 +00:00
|
|
|
use base "installedtest";
|
|
|
|
use strict;
|
|
|
|
use testapi;
|
|
|
|
use lockapi;
|
|
|
|
use mmapi;
|
|
|
|
|
|
|
|
sub run {
|
|
|
|
my $self = shift;
|
|
|
|
# if this is an update, notify clients that we're now up again
|
|
|
|
mutex_create('server_upgraded') if get_var("UPGRADE");
|
2018-07-09 22:43:05 +00:00
|
|
|
# from here we branch: for F28 and earlier we use rolekit as
|
|
|
|
# always, for F29+ we decommission directly ourselves as rolekit
|
|
|
|
# is deprecated
|
|
|
|
my $version = get_var("VERSION");
|
|
|
|
if ($version < 29 && $version ne 'Rawhide') {
|
|
|
|
# check the role status, should be 'running'
|
|
|
|
validate_script_output 'rolectl status domaincontroller/domain.local', sub { $_ =~ m/^running/ };
|
|
|
|
# check the admin password is listed in 'settings'
|
|
|
|
validate_script_output 'rolectl settings domaincontroller/domain.local', sub {$_ =~m/dm_password = \w{5,}/ };
|
|
|
|
# sanitize the settings
|
|
|
|
assert_script_run 'rolectl sanitize domaincontroller/domain.local';
|
|
|
|
# check the password now shows as 'None'
|
|
|
|
validate_script_output 'rolectl settings domaincontroller/domain.local', sub {$_ =~ m/dm_password = None/ };
|
|
|
|
# once child jobs are done, stop the role
|
|
|
|
wait_for_children;
|
|
|
|
assert_script_run 'rolectl stop domaincontroller/domain.local';
|
|
|
|
# check role is stopped
|
|
|
|
validate_script_output 'rolectl status domaincontroller/domain.local', sub { $_ =~ m/^ready-to-start/ };
|
|
|
|
# decommission the role
|
|
|
|
assert_script_run 'rolectl decommission domaincontroller/domain.local', 300;
|
|
|
|
# check role is decommissioned
|
|
|
|
validate_script_output 'rolectl list instances', sub { $_ eq "" };
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
# once child jobs are done, stop the server
|
|
|
|
wait_for_children;
|
|
|
|
assert_script_run 'systemctl stop ipa.service';
|
|
|
|
# check server is stopped
|
|
|
|
assert_script_run '! systemctl is-active ipa.service';
|
|
|
|
# decommission the server
|
|
|
|
assert_script_run 'ipa-server-install -U --uninstall', 300;
|
2018-07-18 22:53:54 +00:00
|
|
|
# try and un-garble the screen that the above garbles...
|
|
|
|
assert_script_run 'clear';
|
2018-07-09 22:43:05 +00:00
|
|
|
# FIXME check server is decommissioned...how?
|
|
|
|
}
|
2017-09-05 16:32:33 +00:00
|
|
|
# run post-fail hook to upload logs - even when this test passes
|
|
|
|
# there are often cases where we need to see the logs (e.g. client
|
|
|
|
# test failed due to server issue)
|
|
|
|
$self->post_fail_hook();
|
Test upgrade of FreeIPA server and client deployment
Summary:
This adds an upgrade variant of the FreeIPA tests, with only
the simplest client enrolment (sssd) for now. The server test
starts from the N-1 release and deploys the domain controller
role. The client test similarly starts from the N-1 release
and, when the server is deployed, enrols as a domain client.
Then the server upgrades itself, while the client waits (as the
server is its name server). Then the client upgrades itself,
while the server does some self-checks. The server then waits
for the client to do its checks before decommissioning itself,
as usual. So, summary: *deployment* of both server and client
occurs on N-1, then both are upgraded, then the actual *checks*
occur on N.
In my testing, this all more or less works, except the role
decommission step fails. This failure seems to be a genuine one
so far as I can tell; I intend to file a bug for it soon.
Test Plan:
Run the new tests, check they work. Run the existing
FreeIPA tests (both the compose and the update variants), check
they both behave the same.
Reviewers: jsedlak, jskladan
Reviewed By: jsedlak
Subscribers: tflink
Differential Revision: https://phab.qa.fedoraproject.org/D1204
2017-05-17 19:39:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
sub test_flags {
|
|
|
|
return { fatal => 1 };
|
|
|
|
}
|
|
|
|
|
|
|
|
1;
|
|
|
|
|
|
|
|
# vim: set sw=4 et:
|