From 3e435182dd0fafe39c94fa2093f854ac5c13952b Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Wed, 23 Mar 2016 13:52:00 -0700 Subject: [PATCH] add firewall kickstart tests (disabled and configured) Summary: these together test QA:Testcase_kickstart_firewall from the Server matrix. I'll have to come up with some kinda way to handle reporting that, might be tricky. Couple of tweaks to overall test flow: tests can now specify a POSTINSTALL variable which will load a post-install test following a naming convention, and tests can specify USER_LOGIN as 'false' to disable the 'log in as a user' step entirely. We could easily adjust the kickstarts to create a user so the test could log in as one, but it seems like an unnecessary step and I liked the idea of allowing the user login to be skipped. Test Plan: Schedule 'universal' tests, check the new tests run and pass or fail as they should, check no other test is broken by the logic flow changes. Reviewers: jskladan, garretraziel Reviewed By: garretraziel Subscribers: tflink Differential Revision: https://phab.qadevel.cloud.fedoraproject.org/D792 --- VARIABLES.md | 4 +-- main.pm | 6 ++++ templates | 42 ++++++++++++++++++++++++ tests/_console_wait_login.pm | 5 ++- tests/firewall_configured_postinstall.pm | 29 ++++++++++++++++ tests/firewall_disabled_postinstall.pm | 26 +++++++++++++++ 6 files changed, 109 insertions(+), 3 deletions(-) create mode 100644 tests/firewall_configured_postinstall.pm create mode 100644 tests/firewall_disabled_postinstall.pm diff --git a/VARIABLES.md b/VARIABLES.md index 81b3f766..3b9e5e1b 100644 --- a/VARIABLES.md +++ b/VARIABLES.md @@ -67,8 +67,8 @@ it also means that `B` conflicts `A` even if not shown in the table). | `DESKTOP` | boolean | `false`/not set | nothing | set to indicate that Fedora is running with GUI (so for example OpenQA should expect graphical login screen) | | `ROOT_PASSWORD` | string | `weakpassword` | nothing | root password is set to this value | | `GRUB` | string | not set | nothing | when set, append this string to kernel line in GRUB | -| `USER_LOGIN` | string | not set | should be used with `USER_PASSWORD` | when set, user login is set to this value | -| `USER_PASSWORD` | string | not set | should be used with `USER_LOGIN` | when set, user password is set to this value | +| `USER_LOGIN` | string | not set | should be used with `USER_PASSWORD` (unless `false`) | when set, user login is set to this value. If not set, default value `test` is used for console installs, no login is done for graphical installs. If set to `false`, no user login will be done | +| `USER_PASSWORD` | string | not set | should be used with `USER_LOGIN` | when set, user password is set to this value. If not set, default value `weakpassword` is used for console installs, no login is done for graphical installs | | `BOOT_UPDATES_IMG_URL` | boolean | `false`/not set | set to indicate that path to updates.img was appended to kernel line | | `UEFI` | boolean | `false`/not set | nothing | whether to use UEFI, this variable isn't usually set in test suites but in machine definition | diff --git a/main.pm b/main.pm index 04ad8bcd..a697f9a0 100644 --- a/main.pm +++ b/main.pm @@ -192,6 +192,12 @@ else if (get_var("UEFI")) { autotest::loadtest "tests/uefi_postinstall.pm"; } + + # generic post-install test load + if (get_var("POSTINSTALL")) { + autotest::loadtest "tests/".get_var('POSTINSTALL')."_postinstall.pm"; + } + # we should shut down before uploading disk images if (get_var("STORE_HDD_1") || get_var("PUBLISH_HDD_1")) { autotest::loadtest "tests/_console_shutdown.pm"; diff --git a/templates b/templates index fb90bd46..55a6a81c 100755 --- a/templates +++ b/templates @@ -721,6 +721,28 @@ }, test_suite => { name => "install_european_language" }, }, + { + machine => { name => "64bit" }, + prio => 40, + product => { + arch => "x86_64", + distri => "fedora", + flavor => "universal", + version => "*", + }, + test_suite => { name => "install_kickstart_firewall_disabled" }, + }, +{ + machine => { name => "64bit" }, + prio => 40, + product => { + arch => "x86_64", + distri => "fedora", + flavor => "universal", + version => "*", + }, + test_suite => { name => "install_kickstart_firewall_configured" }, + }, { machine => { name => "64bit" }, prio => 11, @@ -1361,5 +1383,25 @@ { key => "HDD_1", value => "disk_%FLAVOR%_%MACHINE%.qcow2" }, ], }, + { + name => "install_kickstart_firewall_disabled", + settings => [ + { key => "KICKSTART", value => "1" }, + { key => "GRUB", value => "inst.ks=http://fedorapeople.org/groups/qa/kickstarts/firewall-disabled-net.ks" }, + { key => "POSTINSTALL", value => "firewall_disabled" }, + { key => "ROOT_PASSWORD", value => "anaconda" }, + { key => "USER_LOGIN", value => "false" }, + ], + }, + { + name => "install_kickstart_firewall_configured", + settings => [ + { key => "KICKSTART", value => "1" }, + { key => "GRUB", value => "inst.ks=http://fedorapeople.org/groups/qa/kickstarts/firewall-configured-net.ks" }, + { key => "POSTINSTALL", value => "firewall_configured" }, + { key => "ROOT_PASSWORD", value => "anaconda" }, + { key => "USER_LOGIN", value => "false" }, + ], + }, ], } diff --git a/tests/_console_wait_login.pm b/tests/_console_wait_login.pm index 1fef73f8..28e42452 100644 --- a/tests/_console_wait_login.pm +++ b/tests/_console_wait_login.pm @@ -12,7 +12,10 @@ sub run { # Reboot and wait for the text login assert_screen "text_console_login", $wait_time; - $self->console_login(user=>get_var("USER_LOGIN", "test"), password=>get_var("USER_PASSWORD", "weakpassword")); + # do user login unless USER_LOGIN is set to string 'false' + unless (get_var("USER_LOGIN") eq "false") { + $self->console_login(user=>get_var("USER_LOGIN", "test"), password=>get_var("USER_PASSWORD", "weakpassword")); + } if (get_var("ROOT_PASSWORD")) { $self->console_login(user=>"root", password=>get_var("ROOT_PASSWORD")); } diff --git a/tests/firewall_configured_postinstall.pm b/tests/firewall_configured_postinstall.pm new file mode 100644 index 00000000..89b75be7 --- /dev/null +++ b/tests/firewall_configured_postinstall.pm @@ -0,0 +1,29 @@ +use base "installedtest"; +use strict; +use testapi; + +sub run { + my $self=shift; + if (not( check_screen "root_console", 0)) { + $self->root_console(tty=>3); + } + # this only succeeds if the firewall is running + assert_script_run 'firewall-cmd --state'; + # these succeed if the specified service/port is allowed + assert_script_run 'firewall-cmd --query-service ftp'; + assert_script_run 'firewall-cmd --query-port imap/tcp'; + assert_script_run 'firewall-cmd --query-port 1234/udp'; + assert_script_run 'firewall-cmd --query-port 47/tcp'; +} + +sub test_flags { + # without anything - rollback to 'lastgood' snapshot if failed + # 'fatal' - whole test suite is in danger if this fails + # 'milestone' - after this test succeeds, update 'lastgood' + # 'important' - if this fails, set the overall state to 'fail' + return { fatal => 1 }; +} + +1; + +# vim: set sw=4 et: diff --git a/tests/firewall_disabled_postinstall.pm b/tests/firewall_disabled_postinstall.pm new file mode 100644 index 00000000..d14e001a --- /dev/null +++ b/tests/firewall_disabled_postinstall.pm @@ -0,0 +1,26 @@ +use base "installedtest"; +use strict; +use testapi; + +sub run { + my $self=shift; + if (not( check_screen "root_console", 0)) { + $self->root_console(tty=>3); + } + # this asserts that the command fails (which it does when fw is not running) + assert_script_run '! firewall-cmd --state'; + # check there are no 'REJECT' rules in iptables + validate_script_output 'iptables -L -v', sub { $_ !~ m/.*REJECT.*/s }; +} + +sub test_flags { + # without anything - rollback to 'lastgood' snapshot if failed + # 'fatal' - whole test suite is in danger if this fails + # 'milestone' - after this test succeeds, update 'lastgood' + # 'important' - if this fails, set the overall state to 'fail' + return { fatal => 1 }; +} + +1; + +# vim: set sw=4 et: