testing/os-autoinst-distri-rocky-migrated
10
0
Fork 0
Code Issues 12 Pull Requests 1 Packages Projects Releases Wiki Activity

Tweak setup_tap_static and FreeIPA tests for resolved

Browse Source 
This does some of the things suggested by cheimes in
https://bugzilla.redhat.com/show_bug.cgi?id=1880628#c24 . It
seems to make the replica tests work with resolved, still work
with pre-F33 resolving, and not break anything. Also remove the
workaround to disable resolved if it's running, as we can now
work with it.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
This commit is contained in:
Adam Williamson 2020-10-09 10:49:49 -07:00
parent 92f5bf90c0
commit 94b47afc53
3 changed files with 3 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/tapnet.pm
View File

@ -53,8 +53,6 @@ sub setup_tap_static {
assert_script_run "nmcli con up '$connection'"; assert_script_run "nmcli con up '$connection'";
# for debugging # for debugging
assert_script_run "nmcli -t con show '$connection'"; assert_script_run "nmcli -t con show '$connection'";
# the above doesn't seem to reliably set up resolv.conf, so...
clone_host_file "/etc/resolv.conf";
} }
sub get_host_dns { sub get_host_dns {

20
tests/realmd_join_sssd.pm
View File

@ -22,7 +22,6 @@ sub run {
$server_mutex = 'replica_ready'; $server_mutex = 'replica_ready';
} }
bypass_1691487; bypass_1691487;
assert_script_run "printf 'search domain.local\nnameserver ${server_ip}' > /etc/resolv.conf";
# this gets us the name of the first connection in the list, # this gets us the name of the first connection in the list,
# which should be what we want # which should be what we want
my $connection = script_output "nmcli --fields NAME con show | head -2 | tail -1"; my $connection = script_output "nmcli --fields NAME con show | head -2 | tail -1";
@ -41,15 +40,6 @@ sub run {
# do the enrolment # do the enrolment
if (get_var("FREEIPA_REPLICA")) { if (get_var("FREEIPA_REPLICA")) {
# here we're enrolling not just as a client, but as a replica # here we're enrolling not just as a client, but as a replica
# disable systemd-resolved, it kinda conflicts with FreeIPA's
# bind: https://bugzilla.redhat.com/show_bug.cgi?id=1880628
unless (script_run "systemctl is-active systemd-resolved.service") {
script_run "systemctl stop systemd-resolved.service";
script_run "systemctl disable systemd-resolved.service";
script_run "rm -f /etc/resolv.conf";
script_run "systemctl restart NetworkManager";
}
# install server packages # install server packages
assert_script_run "dnf -y groupinstall freeipa-server", 600; assert_script_run "dnf -y groupinstall freeipa-server", 600;
@ -58,10 +48,6 @@ sub run {
assert_script_run "dnf -y install haveged", 300; assert_script_run "dnf -y install haveged", 300;
assert_script_run 'systemctl start haveged.service'; assert_script_run 'systemctl start haveged.service';
# read DNS server IPs from host's /etc/resolv.conf for passing to
# ipa-replica-install
my @forwards = get_host_dns();
# configure the firewall # configure the firewall
for my $service (qw(freeipa-ldap freeipa-ldaps dns)) { for my $service (qw(freeipa-ldap freeipa-ldaps dns)) {
assert_script_run "firewall-cmd --permanent --add-service $service"; assert_script_run "firewall-cmd --permanent --add-service $service";
@ -69,10 +55,8 @@ sub run {
assert_script_run "systemctl restart firewalld.service"; assert_script_run "systemctl restart firewalld.service";
# deploy as a replica # deploy as a replica
my $args = "--setup-dns --setup-ca --allow-zone-overlap -U --principal admin --admin-password monkeys123"; my ($ip, $hostname) = split(/ /, get_var("POST_STATIC"));
for my $fwd (@forwards) { my $args = "--ip-address=$ip --setup-dns --auto-forwarders --setup-ca --allow-zone-overlap -U --principal admin --admin-password monkeys123";
$args .= " --forwarder=$fwd";
}
assert_script_run "ipa-replica-install $args", 1500; assert_script_run "ipa-replica-install $args", 1500;
# enable and start the systemd service # enable and start the systemd service

16
tests/role_deploy_domain_controller.pm
View File

@ -19,14 +19,6 @@ sub run {
# aren't in Modular Server composes) # aren't in Modular Server composes)
my $extraparams = ''; my $extraparams = '';
$extraparams = '--enablerepo=fedora' if (get_var("MODULAR")); $extraparams = '--enablerepo=fedora' if (get_var("MODULAR"));
# disable systemd-resolved, it kinda conflicts with FreeIPA's
# bind: https://bugzilla.redhat.com/show_bug.cgi?id=1880628
unless (script_run "systemctl is-active systemd-resolved.service") {
script_run "systemctl stop systemd-resolved.service";
script_run "systemctl disable systemd-resolved.service";
script_run "rm -f /etc/resolv.conf";
script_run "systemctl restart NetworkManager";
}
# we need a lot of entropy for this, and we don't care how good # we need a lot of entropy for this, and we don't care how good
# it is, so let's use haveged # it is, so let's use haveged
assert_script_run "dnf ${extraparams} -y install haveged", 300; assert_script_run "dnf ${extraparams} -y install haveged", 300;
@ -38,9 +30,6 @@ sub run {
# per ab, this gets us more debugging for bind # per ab, this gets us more debugging for bind
assert_script_run 'mkdir -p /etc/systemd/system/named-pkcs11.service.d'; assert_script_run 'mkdir -p /etc/systemd/system/named-pkcs11.service.d';
assert_script_run 'printf "[Service]\nEnvironment=OPTIONS=-d5\n" > /etc/systemd/system/named-pkcs11.service.d/debug.conf'; assert_script_run 'printf "[Service]\nEnvironment=OPTIONS=-d5\n" > /etc/systemd/system/named-pkcs11.service.d/debug.conf';
# read DNS server IPs from host's /etc/resolv.conf for passing to
# ipa-server-install / rolectl
my @forwards = get_host_dns();
# First install the necessary packages # First install the necessary packages
assert_script_run "dnf -y groupinstall freeipa-server", 600; assert_script_run "dnf -y groupinstall freeipa-server", 600;
# configure the firewall # configure the firewall
@ -49,10 +38,7 @@ sub run {
} }
assert_script_run "systemctl restart firewalld.service"; assert_script_run "systemctl restart firewalld.service";
# deploy the server # deploy the server
my $args = "-U --realm=DOMAIN.LOCAL --domain=domain.local --ds-password=monkeys123 --admin-password=monkeys123 --setup-dns --reverse-zone=2.16.172.in-addr.arpa --allow-zone-overlap"; my $args = "-U --auto-forwarders --realm=DOMAIN.LOCAL --domain=domain.local --ds-password=monkeys123 --admin-password=monkeys123 --setup-dns --reverse-zone=2.16.172.in-addr.arpa --allow-zone-overlap";
for my $fwd (@forwards) {
$args .= " --forwarder=$fwd";
}
assert_script_run "ipa-server-install $args", 1200; assert_script_run "ipa-server-install $args", 1200;
# enable and start the systemd service # enable and start the systemd service
assert_script_run "systemctl enable ipa.service"; assert_script_run "systemctl enable ipa.service";