add firewall kickstart tests (disabled and configured)

Summary:
these together test QA:Testcase_kickstart_firewall from the
Server matrix. I'll have to come up with some kinda way to
handle reporting that, might be tricky.

Couple of tweaks to overall test flow: tests can now specify
a POSTINSTALL variable which will load a post-install test
following a naming convention, and tests can specify USER_LOGIN
as 'false' to disable the 'log in as a user' step entirely. We
could easily adjust the kickstarts to create a user so the test
could log in as one, but it seems like an unnecessary step and
I liked the idea of allowing the user login to be skipped.

Test Plan:
Schedule 'universal' tests, check the new tests run
and pass or fail as they should, check no other test is broken
by the logic flow changes.

Reviewers: jskladan, garretraziel

Reviewed By: garretraziel

Subscribers: tflink

Differential Revision: https://phab.qadevel.cloud.fedoraproject.org/D792
This commit is contained in:
Adam Williamson 2016-03-23 13:52:00 -07:00
parent ca60b9abb8
commit 3e435182dd
6 changed files with 109 additions and 3 deletions

View file

@ -67,8 +67,8 @@ it also means that `B` conflicts `A` even if not shown in the table).
| `DESKTOP` | boolean | `false`/not set | nothing | set to indicate that Fedora is running with GUI (so for example OpenQA should expect graphical login screen) |
| `ROOT_PASSWORD` | string | `weakpassword` | nothing | root password is set to this value |
| `GRUB` | string | not set | nothing | when set, append this string to kernel line in GRUB |
| `USER_LOGIN` | string | not set | should be used with `USER_PASSWORD` | when set, user login is set to this value |
| `USER_PASSWORD` | string | not set | should be used with `USER_LOGIN` | when set, user password is set to this value |
| `USER_LOGIN` | string | not set | should be used with `USER_PASSWORD` (unless `false`) | when set, user login is set to this value. If not set, default value `test` is used for console installs, no login is done for graphical installs. If set to `false`, no user login will be done |
| `USER_PASSWORD` | string | not set | should be used with `USER_LOGIN` | when set, user password is set to this value. If not set, default value `weakpassword` is used for console installs, no login is done for graphical installs |
| `BOOT_UPDATES_IMG_URL` | boolean | `false`/not set | set to indicate that path to updates.img was appended to kernel line |
| `UEFI` | boolean | `false`/not set | nothing | whether to use UEFI, this variable isn't usually set in test suites but in machine definition |

View file

@ -192,6 +192,12 @@ else
if (get_var("UEFI")) {
autotest::loadtest "tests/uefi_postinstall.pm";
}
# generic post-install test load
if (get_var("POSTINSTALL")) {
autotest::loadtest "tests/".get_var('POSTINSTALL')."_postinstall.pm";
}
# we should shut down before uploading disk images
if (get_var("STORE_HDD_1") || get_var("PUBLISH_HDD_1")) {
autotest::loadtest "tests/_console_shutdown.pm";

View file

@ -721,6 +721,28 @@
},
test_suite => { name => "install_european_language" },
},
{
machine => { name => "64bit" },
prio => 40,
product => {
arch => "x86_64",
distri => "fedora",
flavor => "universal",
version => "*",
},
test_suite => { name => "install_kickstart_firewall_disabled" },
},
{
machine => { name => "64bit" },
prio => 40,
product => {
arch => "x86_64",
distri => "fedora",
flavor => "universal",
version => "*",
},
test_suite => { name => "install_kickstart_firewall_configured" },
},
{
machine => { name => "64bit" },
prio => 11,
@ -1361,5 +1383,25 @@
{ key => "HDD_1", value => "disk_%FLAVOR%_%MACHINE%.qcow2" },
],
},
{
name => "install_kickstart_firewall_disabled",
settings => [
{ key => "KICKSTART", value => "1" },
{ key => "GRUB", value => "inst.ks=http://fedorapeople.org/groups/qa/kickstarts/firewall-disabled-net.ks" },
{ key => "POSTINSTALL", value => "firewall_disabled" },
{ key => "ROOT_PASSWORD", value => "anaconda" },
{ key => "USER_LOGIN", value => "false" },
],
},
{
name => "install_kickstart_firewall_configured",
settings => [
{ key => "KICKSTART", value => "1" },
{ key => "GRUB", value => "inst.ks=http://fedorapeople.org/groups/qa/kickstarts/firewall-configured-net.ks" },
{ key => "POSTINSTALL", value => "firewall_configured" },
{ key => "ROOT_PASSWORD", value => "anaconda" },
{ key => "USER_LOGIN", value => "false" },
],
},
],
}

View file

@ -12,7 +12,10 @@ sub run {
# Reboot and wait for the text login
assert_screen "text_console_login", $wait_time;
$self->console_login(user=>get_var("USER_LOGIN", "test"), password=>get_var("USER_PASSWORD", "weakpassword"));
# do user login unless USER_LOGIN is set to string 'false'
unless (get_var("USER_LOGIN") eq "false") {
$self->console_login(user=>get_var("USER_LOGIN", "test"), password=>get_var("USER_PASSWORD", "weakpassword"));
}
if (get_var("ROOT_PASSWORD")) {
$self->console_login(user=>"root", password=>get_var("ROOT_PASSWORD"));
}

View file

@ -0,0 +1,29 @@
use base "installedtest";
use strict;
use testapi;
sub run {
my $self=shift;
if (not( check_screen "root_console", 0)) {
$self->root_console(tty=>3);
}
# this only succeeds if the firewall is running
assert_script_run 'firewall-cmd --state';
# these succeed if the specified service/port is allowed
assert_script_run 'firewall-cmd --query-service ftp';
assert_script_run 'firewall-cmd --query-port imap/tcp';
assert_script_run 'firewall-cmd --query-port 1234/udp';
assert_script_run 'firewall-cmd --query-port 47/tcp';
}
sub test_flags {
# without anything - rollback to 'lastgood' snapshot if failed
# 'fatal' - whole test suite is in danger if this fails
# 'milestone' - after this test succeeds, update 'lastgood'
# 'important' - if this fails, set the overall state to 'fail'
return { fatal => 1 };
}
1;
# vim: set sw=4 et:

View file

@ -0,0 +1,26 @@
use base "installedtest";
use strict;
use testapi;
sub run {
my $self=shift;
if (not( check_screen "root_console", 0)) {
$self->root_console(tty=>3);
}
# this asserts that the command fails (which it does when fw is not running)
assert_script_run '! firewall-cmd --state';
# check there are no 'REJECT' rules in iptables
validate_script_output 'iptables -L -v', sub { $_ !~ m/.*REJECT.*/s };
}
sub test_flags {
# without anything - rollback to 'lastgood' snapshot if failed
# 'fatal' - whole test suite is in danger if this fails
# 'milestone' - after this test succeeds, update 'lastgood'
# 'important' - if this fails, set the overall state to 'fail'
return { fatal => 1 };
}
1;
# vim: set sw=4 et: