add firewall kickstart tests (disabled and configured)
Summary: these together test QA:Testcase_kickstart_firewall from the Server matrix. I'll have to come up with some kinda way to handle reporting that, might be tricky. Couple of tweaks to overall test flow: tests can now specify a POSTINSTALL variable which will load a post-install test following a naming convention, and tests can specify USER_LOGIN as 'false' to disable the 'log in as a user' step entirely. We could easily adjust the kickstarts to create a user so the test could log in as one, but it seems like an unnecessary step and I liked the idea of allowing the user login to be skipped. Test Plan: Schedule 'universal' tests, check the new tests run and pass or fail as they should, check no other test is broken by the logic flow changes. Reviewers: jskladan, garretraziel Reviewed By: garretraziel Subscribers: tflink Differential Revision: https://phab.qadevel.cloud.fedoraproject.org/D792
This commit is contained in:
parent
ca60b9abb8
commit
3e435182dd
6 changed files with 109 additions and 3 deletions
|
@ -67,8 +67,8 @@ it also means that `B` conflicts `A` even if not shown in the table).
|
|||
| `DESKTOP` | boolean | `false`/not set | nothing | set to indicate that Fedora is running with GUI (so for example OpenQA should expect graphical login screen) |
|
||||
| `ROOT_PASSWORD` | string | `weakpassword` | nothing | root password is set to this value |
|
||||
| `GRUB` | string | not set | nothing | when set, append this string to kernel line in GRUB |
|
||||
| `USER_LOGIN` | string | not set | should be used with `USER_PASSWORD` | when set, user login is set to this value |
|
||||
| `USER_PASSWORD` | string | not set | should be used with `USER_LOGIN` | when set, user password is set to this value |
|
||||
| `USER_LOGIN` | string | not set | should be used with `USER_PASSWORD` (unless `false`) | when set, user login is set to this value. If not set, default value `test` is used for console installs, no login is done for graphical installs. If set to `false`, no user login will be done |
|
||||
| `USER_PASSWORD` | string | not set | should be used with `USER_LOGIN` | when set, user password is set to this value. If not set, default value `weakpassword` is used for console installs, no login is done for graphical installs |
|
||||
| `BOOT_UPDATES_IMG_URL` | boolean | `false`/not set | set to indicate that path to updates.img was appended to kernel line |
|
||||
| `UEFI` | boolean | `false`/not set | nothing | whether to use UEFI, this variable isn't usually set in test suites but in machine definition |
|
||||
|
||||
|
|
6
main.pm
6
main.pm
|
@ -192,6 +192,12 @@ else
|
|||
if (get_var("UEFI")) {
|
||||
autotest::loadtest "tests/uefi_postinstall.pm";
|
||||
}
|
||||
|
||||
# generic post-install test load
|
||||
if (get_var("POSTINSTALL")) {
|
||||
autotest::loadtest "tests/".get_var('POSTINSTALL')."_postinstall.pm";
|
||||
}
|
||||
|
||||
# we should shut down before uploading disk images
|
||||
if (get_var("STORE_HDD_1") || get_var("PUBLISH_HDD_1")) {
|
||||
autotest::loadtest "tests/_console_shutdown.pm";
|
||||
|
|
42
templates
42
templates
|
@ -721,6 +721,28 @@
|
|||
},
|
||||
test_suite => { name => "install_european_language" },
|
||||
},
|
||||
{
|
||||
machine => { name => "64bit" },
|
||||
prio => 40,
|
||||
product => {
|
||||
arch => "x86_64",
|
||||
distri => "fedora",
|
||||
flavor => "universal",
|
||||
version => "*",
|
||||
},
|
||||
test_suite => { name => "install_kickstart_firewall_disabled" },
|
||||
},
|
||||
{
|
||||
machine => { name => "64bit" },
|
||||
prio => 40,
|
||||
product => {
|
||||
arch => "x86_64",
|
||||
distri => "fedora",
|
||||
flavor => "universal",
|
||||
version => "*",
|
||||
},
|
||||
test_suite => { name => "install_kickstart_firewall_configured" },
|
||||
},
|
||||
{
|
||||
machine => { name => "64bit" },
|
||||
prio => 11,
|
||||
|
@ -1361,5 +1383,25 @@
|
|||
{ key => "HDD_1", value => "disk_%FLAVOR%_%MACHINE%.qcow2" },
|
||||
],
|
||||
},
|
||||
{
|
||||
name => "install_kickstart_firewall_disabled",
|
||||
settings => [
|
||||
{ key => "KICKSTART", value => "1" },
|
||||
{ key => "GRUB", value => "inst.ks=http://fedorapeople.org/groups/qa/kickstarts/firewall-disabled-net.ks" },
|
||||
{ key => "POSTINSTALL", value => "firewall_disabled" },
|
||||
{ key => "ROOT_PASSWORD", value => "anaconda" },
|
||||
{ key => "USER_LOGIN", value => "false" },
|
||||
],
|
||||
},
|
||||
{
|
||||
name => "install_kickstart_firewall_configured",
|
||||
settings => [
|
||||
{ key => "KICKSTART", value => "1" },
|
||||
{ key => "GRUB", value => "inst.ks=http://fedorapeople.org/groups/qa/kickstarts/firewall-configured-net.ks" },
|
||||
{ key => "POSTINSTALL", value => "firewall_configured" },
|
||||
{ key => "ROOT_PASSWORD", value => "anaconda" },
|
||||
{ key => "USER_LOGIN", value => "false" },
|
||||
],
|
||||
},
|
||||
],
|
||||
}
|
||||
|
|
|
@ -12,7 +12,10 @@ sub run {
|
|||
# Reboot and wait for the text login
|
||||
assert_screen "text_console_login", $wait_time;
|
||||
|
||||
$self->console_login(user=>get_var("USER_LOGIN", "test"), password=>get_var("USER_PASSWORD", "weakpassword"));
|
||||
# do user login unless USER_LOGIN is set to string 'false'
|
||||
unless (get_var("USER_LOGIN") eq "false") {
|
||||
$self->console_login(user=>get_var("USER_LOGIN", "test"), password=>get_var("USER_PASSWORD", "weakpassword"));
|
||||
}
|
||||
if (get_var("ROOT_PASSWORD")) {
|
||||
$self->console_login(user=>"root", password=>get_var("ROOT_PASSWORD"));
|
||||
}
|
||||
|
|
29
tests/firewall_configured_postinstall.pm
Normal file
29
tests/firewall_configured_postinstall.pm
Normal file
|
@ -0,0 +1,29 @@
|
|||
use base "installedtest";
|
||||
use strict;
|
||||
use testapi;
|
||||
|
||||
sub run {
|
||||
my $self=shift;
|
||||
if (not( check_screen "root_console", 0)) {
|
||||
$self->root_console(tty=>3);
|
||||
}
|
||||
# this only succeeds if the firewall is running
|
||||
assert_script_run 'firewall-cmd --state';
|
||||
# these succeed if the specified service/port is allowed
|
||||
assert_script_run 'firewall-cmd --query-service ftp';
|
||||
assert_script_run 'firewall-cmd --query-port imap/tcp';
|
||||
assert_script_run 'firewall-cmd --query-port 1234/udp';
|
||||
assert_script_run 'firewall-cmd --query-port 47/tcp';
|
||||
}
|
||||
|
||||
sub test_flags {
|
||||
# without anything - rollback to 'lastgood' snapshot if failed
|
||||
# 'fatal' - whole test suite is in danger if this fails
|
||||
# 'milestone' - after this test succeeds, update 'lastgood'
|
||||
# 'important' - if this fails, set the overall state to 'fail'
|
||||
return { fatal => 1 };
|
||||
}
|
||||
|
||||
1;
|
||||
|
||||
# vim: set sw=4 et:
|
26
tests/firewall_disabled_postinstall.pm
Normal file
26
tests/firewall_disabled_postinstall.pm
Normal file
|
@ -0,0 +1,26 @@
|
|||
use base "installedtest";
|
||||
use strict;
|
||||
use testapi;
|
||||
|
||||
sub run {
|
||||
my $self=shift;
|
||||
if (not( check_screen "root_console", 0)) {
|
||||
$self->root_console(tty=>3);
|
||||
}
|
||||
# this asserts that the command fails (which it does when fw is not running)
|
||||
assert_script_run '! firewall-cmd --state';
|
||||
# check there are no 'REJECT' rules in iptables
|
||||
validate_script_output 'iptables -L -v', sub { $_ !~ m/.*REJECT.*/s };
|
||||
}
|
||||
|
||||
sub test_flags {
|
||||
# without anything - rollback to 'lastgood' snapshot if failed
|
||||
# 'fatal' - whole test suite is in danger if this fails
|
||||
# 'milestone' - after this test succeeds, update 'lastgood'
|
||||
# 'important' - if this fails, set the overall state to 'fail'
|
||||
return { fatal => 1 };
|
||||
}
|
||||
|
||||
1;
|
||||
|
||||
# vim: set sw=4 et:
|
Loading…
Reference in a new issue