Convert domain controller test not to use rolekit
Rolekit is going away. At least for the F29 cycle, though, we still want to test basically the same functionality. This ports the 'domain controller role' test to use ipa-server-install directly rather than rolectl. Signed-off-by: Adam Williamson <awilliam@redhat.com>
This commit is contained in:
parent
1c1b33840f
commit
7e7016ea14
@ -28,8 +28,15 @@ sub run {
|
|||||||
assert_script_run 'mkdir -p /etc/ipa';
|
assert_script_run 'mkdir -p /etc/ipa';
|
||||||
assert_script_run 'printf "[global]\ndebug = True\n" > /etc/ipa/server.conf';
|
assert_script_run 'printf "[global]\ndebug = True\n" > /etc/ipa/server.conf';
|
||||||
# read DNS server IPs from host's /etc/resolv.conf for passing to
|
# read DNS server IPs from host's /etc/resolv.conf for passing to
|
||||||
# rolectl
|
# ipa-server-install / rolectl
|
||||||
my @forwards = get_host_dns();
|
my @forwards = get_host_dns();
|
||||||
|
# from here we branch: for F28 and earlier we use rolekit as
|
||||||
|
# always, for F29+ we deploy directly ourselves as rolekit is
|
||||||
|
# deprecated
|
||||||
|
my $version = get_var("VERSION");
|
||||||
|
# for upgrade tests we need to check CURRREL not VERSION
|
||||||
|
$version = get_var("CURRREL") if (get_var("UPGRADE"));
|
||||||
|
if ($version < 29 && $version ne 'Rawhide') {
|
||||||
# we are now gonna work around a stupid bug in rolekit. we want to
|
# we are now gonna work around a stupid bug in rolekit. we want to
|
||||||
# pass it a list of ipv4 DNS forwarders and have no ipv6 DNS
|
# pass it a list of ipv4 DNS forwarders and have no ipv6 DNS
|
||||||
# forwarders. but it won't allow you to have a dns_forwarders array
|
# forwarders. but it won't allow you to have a dns_forwarders array
|
||||||
@ -65,12 +72,27 @@ sub run {
|
|||||||
# things running in phx2 cannot reach; we must make sure the phx2
|
# things running in phx2 cannot reach; we must make sure the phx2
|
||||||
# deployments use the phx2 nameservers.
|
# deployments use the phx2 nameservers.
|
||||||
assert_script_run 'echo \'{"admin_password":"monkeys123","dns_forwarders":{"ipv4":' . $fourlist . ',"ipv6":' . $sixlist .'}}\' | rolectl deploy domaincontroller --name=domain.local --settings-stdin', 1200;
|
assert_script_run 'echo \'{"admin_password":"monkeys123","dns_forwarders":{"ipv4":' . $fourlist . ',"ipv6":' . $sixlist .'}}\' | rolectl deploy domaincontroller --name=domain.local --settings-stdin', 1200;
|
||||||
# FIXME: workaround for RHBZ #1400293 on Fedora 24. Can be removed
|
|
||||||
# when Firefox is fixed.
|
|
||||||
my $release = lc(get_var('VERSION'));
|
|
||||||
if ($release ne "rawhide" && $release < 25) {
|
|
||||||
assert_script_run 'ipa-getcert resubmit -d /etc/httpd/alias -n Server-Cert -D $( uname -n )';
|
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
# this is the other side of the version branch - we're on 29+,
|
||||||
|
# so no rolekit. First install the necessary packages
|
||||||
|
assert_script_run "dnf -y groupinstall freeipa-server", 600;
|
||||||
|
# configure the firewall
|
||||||
|
for my $service (qw(freeipa-ldap freeipa-ldaps dns)) {
|
||||||
|
assert_script_run "firewall-cmd --permanent --add-service $service";
|
||||||
|
}
|
||||||
|
assert_script_run "systemctl restart firewalld.service";
|
||||||
|
# deploy the server
|
||||||
|
my $args = "-U --realm=DOMAIN.LOCAL --domain=domain.local --ds-password=monkeys123 --admin-password=monkeys123 --setup-dns --no-reverse";
|
||||||
|
for my $fwd (@forwards) {
|
||||||
|
$args .= " --forwarder=$fwd";
|
||||||
|
}
|
||||||
|
assert_script_run "ipa-server-install $args", 1200;
|
||||||
|
# enable and start the systemd service
|
||||||
|
assert_script_run "systemctl enable ipa.service";
|
||||||
|
assert_script_run "systemctl start ipa.service", 300;
|
||||||
|
}
|
||||||
|
|
||||||
# kinit as admin
|
# kinit as admin
|
||||||
assert_script_run 'echo "monkeys123" | kinit admin';
|
assert_script_run 'echo "monkeys123" | kinit admin';
|
||||||
# set up an OTP for client001 enrolment (it will enrol with a kickstart)
|
# set up an OTP for client001 enrolment (it will enrol with a kickstart)
|
||||||
|
@ -8,6 +8,13 @@ sub run {
|
|||||||
my $self = shift;
|
my $self = shift;
|
||||||
# if this is an update, notify clients that we're now up again
|
# if this is an update, notify clients that we're now up again
|
||||||
mutex_create('server_upgraded') if get_var("UPGRADE");
|
mutex_create('server_upgraded') if get_var("UPGRADE");
|
||||||
|
# from here we branch: for F28 and earlier we use rolekit as
|
||||||
|
# always, for F29+ we decommission directly ourselves as rolekit
|
||||||
|
# is deprecated
|
||||||
|
my $version = get_var("VERSION");
|
||||||
|
# for upgrade tests we need to check CURRREL not VERSION
|
||||||
|
$version = get_var("CURRREL") if (get_var("UPGRADE"));
|
||||||
|
if ($version < 29 && $version ne 'Rawhide') {
|
||||||
# check the role status, should be 'running'
|
# check the role status, should be 'running'
|
||||||
validate_script_output 'rolectl status domaincontroller/domain.local', sub { $_ =~ m/^running/ };
|
validate_script_output 'rolectl status domaincontroller/domain.local', sub { $_ =~ m/^running/ };
|
||||||
# check the admin password is listed in 'settings'
|
# check the admin password is listed in 'settings'
|
||||||
@ -25,6 +32,17 @@ sub run {
|
|||||||
assert_script_run 'rolectl decommission domaincontroller/domain.local', 300;
|
assert_script_run 'rolectl decommission domaincontroller/domain.local', 300;
|
||||||
# check role is decommissioned
|
# check role is decommissioned
|
||||||
validate_script_output 'rolectl list instances', sub { $_ eq "" };
|
validate_script_output 'rolectl list instances', sub { $_ eq "" };
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
# once child jobs are done, stop the server
|
||||||
|
wait_for_children;
|
||||||
|
assert_script_run 'systemctl stop ipa.service';
|
||||||
|
# check server is stopped
|
||||||
|
assert_script_run '! systemctl is-active ipa.service';
|
||||||
|
# decommission the server
|
||||||
|
assert_script_run 'ipa-server-install -U --uninstall', 300;
|
||||||
|
# FIXME check server is decommissioned...how?
|
||||||
|
}
|
||||||
# run post-fail hook to upload logs - even when this test passes
|
# run post-fail hook to upload logs - even when this test passes
|
||||||
# there are often cases where we need to see the logs (e.g. client
|
# there are often cases where we need to see the logs (e.g. client
|
||||||
# test failed due to server issue)
|
# test failed due to server issue)
|
||||||
|
Loading…
Reference in New Issue
Block a user