Compare commits

..

1 commit

Author SHA1 Message Date
Louis Abel
ff01caf988
Update FreeIPA tests
Updating freeipa tests to:

  * Make it more consistent with Rocky Linux
  * Use of rockylinux.org domain instead of fedoraproject.org
  * Ensure fedora-only elements are removed or changed to work in EL
2023-05-17 14:03:44 -07:00
48 changed files with 158 additions and 514 deletions

View file

@ -1,17 +0,0 @@
{
"area": [
{
"xpos": 66,
"ypos": 295,
"width": 441,
"type": "match",
"height": 20
}
],
"properties": [],
"tags": [
"ENV-DISTRI-rocky",
"ENV-LANGUAGE-english",
"anaconda_help_localization_link"
]
}

Binary file not shown.

Before

Width:  |  Height:  |  Size: 91 KiB

View file

@ -1,17 +0,0 @@
{
"area": [
{
"width": 36,
"ypos": 145,
"xpos": 250,
"height": 11,
"type": "match"
}
],
"properties": [],
"tags": [
"ENV-DISTRI-rocky",
"LANGUAGE-arabic",
"anaconda_install_user_created"
]
}

Binary file not shown.

Before

Width:  |  Height:  |  Size: 123 KiB

View file

@ -1,24 +0,0 @@
{
"area": [
{
"ypos": 634,
"xpos": 716,
"width": 305,
"height": 14,
"type": "match"
},
{
"type": "match",
"height": 14,
"ypos": 698,
"width": 105,
"xpos": 875
}
],
"properties": [],
"tags": [
"ENV-DISTRI-rocky",
"LANGUAGE-japanese",
"anaconda_install_done"
]
}

Binary file not shown.

Before

Width:  |  Height:  |  Size: 226 KiB

View file

@ -1,17 +0,0 @@
{
"area": [
{
"xpos": 398,
"ypos": 145,
"width": 36,
"type": "match",
"height": 11
}
],
"properties": [],
"tags": [
"ENV-DISTRI-rocky",
"LANGUAGE-russian",
"anaconda_install_user_created"
]
}

Binary file not shown.

Before

Width:  |  Height:  |  Size: 129 KiB

View file

@ -1,17 +0,0 @@
{
"area": [
{
"xpos": 224,
"ypos": 361,
"width": 45,
"height": 11,
"type": "match"
}
],
"properties": [],
"tags": [
"ENV-DISTRI-rocky",
"LANGUAGE-arabic",
"anaconda_network_connected"
]
}

Binary file not shown.

Before

Width:  |  Height:  |  Size: 250 KiB

View file

@ -1,17 +0,0 @@
{
"area": [
{
"xpos": 783,
"ypos": 364,
"width": 60,
"height": 10,
"type": "match"
}
],
"properties": [],
"tags": [
"ENV-DISTRI-rocky",
"LANGUAGE-french",
"anaconda_network_connected"
]
}

Binary file not shown.

Before

Width:  |  Height:  |  Size: 253 KiB

View file

@ -1,17 +0,0 @@
{
"area": [
{
"xpos": 785,
"ypos": 362,
"width": 50,
"height": 10,
"type": "match"
}
],
"properties": [],
"tags": [
"ENV-DISTRI-rocky",
"LANGUAGE-japanese",
"anaconda_network_connected"
]
}

View file

@ -1,17 +0,0 @@
{
"area": [
{
"xpos": 719,
"height": 18,
"type": "match",
"ypos": 359,
"width": 105
}
],
"properties": [],
"tags": [
"ENV-DISTRI-rocky",
"ENV-LANGUAGE-english",
"anaconda_network_connected"
]
}

Binary file not shown.

Before

Width:  |  Height:  |  Size: 250 KiB

View file

@ -1,17 +0,0 @@
{
"area": [
{
"xpos": 778,
"ypos": 364,
"width": 68,
"height": 10,
"type": "match"
}
],
"properties": [],
"tags": [
"ENV-DISTRI-rocky",
"LANGUAGE-russian",
"anaconda_network_connected"
]
}

View file

@ -1,21 +0,0 @@
{
"area": [
{
"height": 21,
"type": "match",
"width": 42,
"xpos": 965,
"ypos": 34,
"click_point": {
"xpos": 21,
"ypos": 10.5
}
}
],
"properties": [],
"tags": [
"ENV-DISTRI-rocky",
"LANGUAGE-arabic",
"anaconda_spoke_done"
]
}

Binary file not shown.

Before

Width:  |  Height:  |  Size: 126 KiB

View file

@ -1,20 +0,0 @@
{
"area": [
{
"width": 56,
"ypos": 34,
"xpos": 17,
"height": 21,
"type": "match",
"click_point": {
"xpos": 28,
"ypos": 10.5
}
}
],
"properties": [],
"tags": [
"LANGUAGE-russian",
"anaconda_spoke_done"
]
}

Binary file not shown.

Before

Width:  |  Height:  |  Size: 127 KiB

View file

@ -1,16 +0,0 @@
{
"area": [
{
"ypos": 475,
"xpos": 529,
"width": 40,
"height": 21,
"type": "match"
}
],
"properties": [],
"tags": [
"ENV-DISTRI-rocky",
"autoupdate_planned_time"
]
}

Binary file not shown.

Before

Width:  |  Height:  |  Size: 47 KiB

View file

@ -1,17 +0,0 @@
{
"area": [
{
"height": 28,
"type": "match",
"ypos": 585,
"xpos": 264,
"width": 133
}
],
"properties": [],
"tags": [
"ENV-DISTRI-rocky",
"ENV-LANGUAGE-english",
"cockpit_services_detail"
]
}

Binary file not shown.

Before

Width:  |  Height:  |  Size: 73 KiB

View file

@ -1,17 +0,0 @@
{
"area": [
{
"ypos": 362,
"width": 39,
"xpos": 14,
"height": 18,
"type": "match"
}
],
"properties": [],
"tags": [
"ENV-DISTRI-rocky",
"ENV-LANGUAGE-english",
"cockpit_logs"
]
}

Binary file not shown.

Before

Width:  |  Height:  |  Size: 76 KiB

View file

@ -1,17 +0,0 @@
{
"area": [
{
"ypos": 618,
"xpos": 16,
"width": 143,
"height": 10,
"type": "match"
}
],
"properties": [],
"tags": [
"ENV-DISTRI-rocky",
"LANGUAGE-english",
"boot_enter_passphrase"
]
}

Binary file not shown.

Before

Width:  |  Height:  |  Size: 97 KiB

View file

@ -1,17 +0,0 @@
{
"area": [
{
"width": 113,
"ypos": 575,
"xpos": 427,
"type": "match",
"height": 19
}
],
"properties": [],
"tags": [
"ENV-DISTRI-rocky",
"ENV-LANGUAGE-english",
"bootloader_uefi"
]
}

Binary file not shown.

Before

Width:  |  Height:  |  Size: 9.8 KiB

View file

@ -1,18 +0,0 @@
{
"area": [
{
"type": "match",
"ypos": 611,
"width": 113,
"xpos": 210,
"height": 19
}
],
"properties": [],
"tags": [
"ENV-DISTRI-rocky",
"ENV-LANGUAGE-english",
"bootloader",
"bootloader_uefi"
]
}

Binary file not shown.

Before

Width:  |  Height:  |  Size: 9.4 KiB

View file

@ -1,18 +0,0 @@
{
"area": [
{
"width": 113,
"ypos": 611,
"type": "match",
"height": 19,
"xpos": 210
}
],
"properties": [],
"tags": [
"ENV-DISTRI-rocky",
"ENV-LANGUAGE-english",
"bootloader",
"bootloader_uefi"
]
}

Binary file not shown.

Before

Width:  |  Height:  |  Size: 6.9 KiB

View file

@ -1,16 +0,0 @@
{
"area": [
{
"type": "match",
"height": 157,
"width": 163,
"ypos": 224,
"xpos": 445
}
],
"properties": [],
"tags": [
"ENV-DISTRI-rocky",
"getting_started"
]
}

Binary file not shown.

Before

Width:  |  Height:  |  Size: 201 KiB

View file

@ -1,18 +1,16 @@
#!/bin/bash
set -e
MAJOR_VERSION=9
MINOR_VERSION=0
## Usage: Posts ISOs to openQA for each of the universal, dvd-iso, package-set, minimal-iso, and boot-iso FLAVORs.
# scripts/run-all-flavors.sh
# Test a beta build with alternative repo URL
# ROCKY_EXTRA_ARGS="GRUB=ip=dhcp GRUBADD=inst.repo=https://dl.rockylinux.org/stg/rocky/8.8-BETA/BaseOS/x86_64/os DNF_CONTENTDIR=stg CURRREL=8 IDENTIFICATION=false" scripts/run-all-flavors.sh
ROCKY_VERSION="9.2"
MAJOR_VERSION=${ROCKY_VERSION:0:1}
MINOR_VERSION=${ROCKY_VERSION:2:1}
ROCKY_VERSION="$MAJOR_VERSION.$MINOR_VERSION"
ROCKY_ARCH="${ROCKY_ARCH:=x86_64}"
ROCKY_EXTRA_ARGS="${ROCKY_EXTRA_ARGS:-}"
BUILD_NAME="-$(date +%Y%m%d).0-$(git branch --show-current)-$ROCKY_VERSION"
BUILD_PREFIX="-$(date +%Y%m%d.%H%M%S).0-$(git branch --show-current)"
ISO_PREFIX="Rocky-$ROCKY_VERSION-$ROCKY_ARCH"
DVD_ISOTYPE=dvd1
@ -33,8 +31,8 @@ openqa-cli api \
DISTRI=rocky \
FLAVOR=universal \
VERSION="$ROCKY_VERSION" \
BUILD="$BUILD_NAME" \
${ROCKY_EXTRA_ARGS}
BUILD="$BUILD_PREFIX-universal-$ROCKY_VERSION" \
"${ROCKY_EXTRA_ARGS}"
openqa-cli api \
-X POST isos \
@ -43,8 +41,8 @@ openqa-cli api \
DISTRI=rocky \
FLAVOR="dvd-iso" \
VERSION="$ROCKY_VERSION" \
BUILD="$BUILD_NAME" \
${ROCKY_EXTRA_ARGS}
BUILD="$BUILD_PREFIX-dvd-$ROCKY_VERSION" \
"${ROCKY_EXTRA_ARGS}"
openqa-cli api \
-X POST isos \
@ -53,8 +51,8 @@ openqa-cli api \
DISTRI=rocky \
FLAVOR=package-set \
VERSION="$ROCKY_VERSION" \
BUILD="$BUILD_NAME" \
${ROCKY_EXTRA_ARGS}
BUILD="$BUILD_PREFIX-packageset-$ROCKY_VERSION" \
"${ROCKY_EXTRA_ARGS}"
openqa-cli api \
-X POST isos \
@ -63,8 +61,8 @@ openqa-cli api \
DISTRI=rocky \
FLAVOR=minimal-iso \
VERSION="$ROCKY_VERSION" \
BUILD="$BUILD_NAME" \
${ROCKY_EXTRA_ARGS}
BUILD="$BUILD_PREFIX-minimal-$ROCKY_VERSION" \
"${ROCKY_EXTRA_ARGS}"
openqa-cli api \
-X POST isos \
@ -73,5 +71,5 @@ openqa-cli api \
DISTRI=rocky \
FLAVOR=boot-iso \
VERSION="$ROCKY_VERSION" \
BUILD="$BUILD_NAME" \
${ROCKY_EXTRA_ARGS}
BUILD="$BUILD_PREFIX-boot-$ROCKY_VERSION" \
"${ROCKY_EXTRA_ARGS}"

View file

@ -1,6 +1,9 @@
#!/bin/bash
set -e
MAJOR_VERSION=9
MINOR_VERSION=0
## Usage: Post an ISO for the specified FLAVOR. Defaults to boot-iso.
#
## Run the boot-iso FLAVOR
@ -12,14 +15,13 @@ set -e
## Run the localization test suites
# ROCKY_FLAVOR ROCKY_EXTRA_ARGS=TEST=install_arabic_language,install_asian_language,install_european_language,install_cyrillic_language scripts/run-openqa-tests.sh
ROCKY_VERSION="9.2"
MAJOR_VERSION=${ROCKY_VERSION:0:1}
MINOR_VERSION=${ROCKY_VERSION:2:1}
ROCKY_FLAVOR="${ROCKY_FLAVOR:-boot-iso}"
ROCKY_VERSION="$MAJOR_VERSION.$MINOR_VERSION"
ROCKY_ARCH="${ROCKY_ARCH:=x86_64}"
ROCKY_EXTRA_ARGS="${ROCKY_EXTRA_ARGS:-}"
BUILD_NAME="-$(date +%Y%m%d).0-$(git branch --show-current)-$ROCKY_VERSION"
BUILD_PREFIX="-$(date +%Y%m%d.%H%M%S).0-$(git branch --show-current)"
BUILD_NAME="$BUILD_PREFIX-$ROCKY_FLAVOR-$ROCKY_VERSION"
ISO_PREFIX="Rocky-$ROCKY_VERSION-$ROCKY_ARCH"
if [[ "$ROCKY_FLAVOR" == "dvd-iso" || "$ROCKY_FLAVOR" == "universal" ]]; then

View file

@ -82,7 +82,7 @@
},
"version": "*"
},
"rocky-boot-iso-aarch64-*": {
"rocky-boot-iso-aarch64-*": {
"arch": "aarch64",
"distri": "rocky",
"flavor": "boot-iso",
@ -210,7 +210,7 @@
"machine": "uefi",
"product": "rocky-GenericCloud_LVM-qcow2-qcow2-x86_64-*"
},
"rocky-boot-iso-aarch64-*-aarch64": {
"rocky-boot-iso-aarch64-*-aarch64": {
"machine": "aarch64",
"product": "rocky-boot-iso-aarch64-*"
},
@ -422,7 +422,7 @@
"POSTINSTALL": "autocloud"
}
},
"install_resize_lvm": {
"install_resize_lvm": {
"profiles": {
"rocky-dvd-iso-aarch64-*-aarch64": 40,
"rocky-dvd-iso-x86_64-*-64bit": 40
@ -926,8 +926,8 @@
},
"install_scsi_updates_img": {
"profiles": {
"rocky-universal-aarch64-*-aarch64": 20,
"rocky-universal-x86_64-*-64bit": 20
"rocky-universal-aarch64-*-aarch64": 20,
"rocky-universal-x86_64-*-64bit": 20
},
"settings": {
"CDMODEL": "scsi-cd",
@ -1418,36 +1418,6 @@
"WORKER_CLASS": "tap"
}
},
"slurm22": {
"profiles": {
"rocky-dvd-iso-aarch64-*-aarch64": 10,
"rocky-dvd-iso-x86_64-*-64bit": 10
},
"settings": {
"BOOTFROM": "c",
"HDD_1": "disk_%FLAVOR%_%MACHINE%.qcow2",
"POSTINSTALL": "slurm",
"START_AFTER_TEST": "%DEPLOY_UPLOAD_TEST%",
"ROOT_PASSWORD": "weakpassword",
"USER_LOGIN": "false",
"SLURM_VERSION": "22"
}
},
"slurm23": {
"profiles": {
"rocky-dvd-iso-aarch64-*-aarch64": 10,
"rocky-dvd-iso-x86_64-*-64bit": 10
},
"settings": {
"BOOTFROM": "c",
"HDD_1": "disk_%FLAVOR%_%MACHINE%.qcow2",
"POSTINSTALL": "slurm",
"START_AFTER_TEST": "%DEPLOY_UPLOAD_TEST%",
"ROOT_PASSWORD": "weakpassword",
"USER_LOGIN": "false",
"SLURM_VERSION": "23"
}
},
"support_server": {
"profiles": {
"rocky-dvd-iso-aarch64-*-aarch64": 10,

View file

@ -2,37 +2,24 @@ use base "installedtest";
use strict;
use testapi;
use packagetest;
use utils;
sub run {
my $self = shift;
# switch to TTY3 for both, graphical and console tests
$self->root_console(tty => 3);
# enable test repos and install test packages
prepare_test_packages;
# check rpm agrees they installed good
verify_installed_packages;
if (get_var("DISTRI") eq "rocky") {
if (get_version_major() < 9) {
# pandoc-common is in PowerTools in Rocky Linux 8
assert_script_run 'dnf config-manager --set-enabled powertools', 60;
}
else {
# pandoc-common is in CRB in Rocky Linux 8
assert_script_run 'dnf config-manager --set-enabled crb', 60;
}
# pandoc-common is in PowerTools in RockyLinux
assert_script_run 'dnf config-manager --set-enabled powertools', 60;
}
# update the fake pandoc-common (should come from the real repo)
# this can take a long time if we get unlucky with the metadata refresh
assert_script_run 'dnf -y --disablerepo=openqa-testrepo* --disablerepo=updates-testing update pandoc-common', 600;
# check we got the updated version
verify_updated_packages;
# now remove pandoc-common, and see if we can do a straight
# install from the default repos
assert_script_run 'dnf -y remove pandoc-common';

View file

@ -8,18 +8,20 @@ sub run {
# switch to tty1 (we're usually there already, but just in case
# we're carrying on from a failed freeipa_webui that didn't fail
# at tty1)
my $ipa_domain = 'test.openqa.rockylinux.org';
my $ipa_realm = 'TEST.OPENQA.ROCKYLINUX.ORG';
send_key "ctrl-alt-f1";
wait_still_screen 1;
# check domain is listed in 'realm list'
validate_script_output 'realm list', sub { $_ =~ m/domain-name: test\.openqa\.rockylinux\.org.*configured: kerberos-member/s };
# check we can see the admin user in getent
assert_script_run 'getent passwd admin@TEST.OPENQA.ROCKYLINUX.ORG';
assert_script_run "getent passwd admin\@$ipa_realm";
# check keytab entries
my $hostname = script_output 'hostname';
my $qhost = quotemeta($hostname);
validate_script_output 'klist -k', sub { $_ =~ m/$qhost\@TEST\.OPENQA\.ROCKYLINUX\.ORG/ };
# check we can kinit with the host principal
assert_script_run "kinit -k host/$hostname\@TEST.OPENQA.ROCKYLINUX.ORG";
assert_script_run "kinit -k host/$hostname\@$ipa_realm";
# Set a longer timeout for login(1) to workaround RHBZ #1661273
assert_script_run 'echo "LOGIN_TIMEOUT 180" >> /etc/login.defs';
# switch to tty2 for login tests
@ -32,7 +34,7 @@ sub run {
# "permission denied" message doesn't last that long
sleep 2;
assert_screen "text_console_login";
type_string "test2\@TEST.OPENQA.ROCKYLINUX.ORG\n";
type_string "test2\@$ipa_realm\n";
assert_screen "console_password_required";
type_string "batterystaple\n";
assert_screen "login_permission_denied";

View file

@ -9,7 +9,9 @@ sub run {
# we're restarting firefox (instead of using the same one from
# realmd_join_cockpit) so Firefox's trusted CA store refreshes and
# it trusts the web server cert
start_webui("admin", "monkeys123");
my $ipa_realm = 'TEST.OPENQA.ROCKYLINUX.ORG';
my $ipa_admin_password = 'b1U3OnyX!';
start_webui("admin", $ipa_admin_password);
add_user("test3", "Three");
add_user("test4", "Four");
assert_screen "freeipa_webui_users_added";
@ -48,8 +50,8 @@ sub run {
assert_screen "root_console";
wait_still_screen 5;
# set permanent passwords for both accounts
assert_script_run 'printf "correcthorse\nbatterystaple\nbatterystaple" | kinit test3@TEST.OPENQA.ROCKYLINUX.ORG';
assert_script_run 'printf "correcthorse\nbatterystaple\nbatterystaple" | kinit test4@TEST.OPENQA.ROCKYLINUX.ORG';
assert_script_run "printf 'correcthorse\nbatterystaple\nbatterystaple' | kinit test3\@$ipa_realm";
assert_script_run "printf 'correcthorse\nbatterystaple\nbatterystaple' | kinit test4\@$ipa_realm";
# switch to tty4 (boy, the tty jugglin')
send_key "ctrl-alt-f4";
# try and login as test3, should work

View file

@ -57,7 +57,7 @@ sub run {
type_string("admin", 4);
send_key "tab";
sleep 3;
type_string("monkeys123", 4);
type_string("b1U3OnyX!", 4);
sleep 3;
assert_and_click "cockpit_join_button";
# join involves package installs, so it may take some time

View file

@ -6,12 +6,39 @@ use mmapi;
use tapnet;
use utils;
# Adapted from Fedora's OpenQA tests, with some modifications. This will need
# to be maintained per major version as necessary.
# label@rockylinux.org
use feature "switch";
sub run {
my $self = shift;
# use FreeIPA server or replica as DNS server
my $version_major = get_version_major;
my $relnum = get_release_number;
my $ipa_admin_password = 'b1U3OnyX!';
my $server = 'ipa001.test.openqa.rockylinux.org';
my $server_ip = '172.16.2.100';
my $server_mutex = 'freeipa_ready';
my $ipa_install_cmd;
my @ipa_firewall_services;
given ($version_major) {
when ('8') {
$ipa_install_cmd = 'dnf --assumeyes module install idm:DL1/{dns,client,server,common}';
@ipa_firewall_services = qw(http https kerberos kpasswd ldap ldaps dns);
}
when ('9') {
$ipa_install_cmd = 'dnf --assumeyes install ipa-server ipa-client ipa-server-dns sssd sssd-ipa';
@ipa_firewall_services = qw(freeipa-4 dns);
}
default {
$ipa_install_cmd = 'dnf --assumeyes install ipa-server ipa-client ipa-server-dns sssd sssd-ipa';
@ipa_firewall_services = qw(freeipa-4 dns);
}
}
if (get_var("FREEIPA_REPLICA")) {
$server = 'ipa002.test.openqa.rockylinux.org';
$server_ip = '172.16.2.106';
@ -40,22 +67,22 @@ sub run {
if (get_var("FREEIPA_REPLICA")) {
# here we're enrolling not just as a client, but as a replica
# install server packages
assert_script_run "dnf -y groupinstall freeipa-server", 600;
assert_script_run "$ipa_install_cmd", 600;
# we need a lot of entropy for this, and we don't care how good
# it is, so let's use haveged
assert_script_run "dnf -y install haveged", 300;
assert_script_run 'systemctl start haveged.service';
assert_script_run "dnf --assumeyes install rng-tools", 300;
assert_script_run 'systemctl start rngd.service';
# configure the firewall
for my $service (qw(freeipa-ldap freeipa-ldaps dns)) {
for my $service (@ipa_firewall_services) {
assert_script_run "firewall-cmd --permanent --add-service $service";
}
assert_script_run "systemctl restart firewalld.service";
# deploy as a replica
my ($ip, $hostname) = split(/ /, get_var("POST_STATIC"));
my $args = "--ip-address=$ip --setup-dns --auto-forwarders --setup-ca --allow-zone-overlap -U --principal admin --admin-password monkeys123";
my $args = "--ip-address=$ip --setup-dns --auto-forwarders --setup-ca --allow-zone-overlap -U --principal admin --admin-password $ipa_admin_password";
assert_script_run "ipa-replica-install $args", 1500;
# enable and start the systemd service
@ -69,7 +96,7 @@ sub run {
wait_for_children;
}
else {
assert_script_run "echo 'monkeys123' | realm join --user=admin ${server}", 300;
assert_script_run "echo '$ipa_admin_password' | realm join --user=admin ${server}", 300;
}
# set sssd debugging level higher (useful for debugging failures)
# optional as it's not really part of the test

View file

@ -6,23 +6,45 @@ use mmapi;
use tapnet;
use utils;
# Adapted from Fedora's OpenQA tests, with some modifications. This will need
# to be maintained per major version as necessary.
# label@rockylinux.org
use feature "switch";
sub run {
my $self = shift;
my $version_major = get_version_major;
my $relnum = get_release_number;
my $ipa_hostname = script_output 'hostname';
my $ipa_install_cmd;
my @ipa_firewall_services;
my $ipa_domain = 'test.openqa.rockylinux.org';
my $ipa_realm = 'TEST.OPENQA.ROCKYLINUX.ORG';
my $ipa_admin_password = 'b1U3OnyX!';
my $ipa_reverse_zone = '2.16.172.in-addr.arpa';
my $ipa_install_args = "-U --auto-forwarders --realm=$ipa_realm --domain=$ipa_domain --ds-password=$ipa_admin_password --admin-password=$ipa_admin_password --setup-dns --reverse-zone=$ipa_reverse_zone --allow-zone-overlap";
given ($version_major) {
when ('8') {
$ipa_install_cmd = 'dnf --assumeyes module install idm:DL1/{dns,client,server,common}';
@ipa_firewall_services = qw(http https kerberos kpasswd ldap ldaps dns);
}
when ('9') {
$ipa_install_cmd = 'dnf --assumeyes install ipa-server ipa-client ipa-server-dns sssd sssd-ipa';
@ipa_firewall_services = qw(freeipa-4 dns);
}
default {
$ipa_install_cmd = 'dnf --assumeyes install ipa-server ipa-client ipa-server-dns sssd sssd-ipa';
@ipa_firewall_services = qw(freeipa-4 dns);
}
}
# login
$self->root_console();
# use compose repo, disable u-t, etc. unless this is an upgrade
# test (in which case we're on the 'old' release at this point;
# one of the upgrade test modules does repo_setup later)
repo_setup() unless get_var("UPGRADE");
# use --enablerepo=fedora for Modular compose testing (we need to
# create and use a non-Modular repo to get some packages which
# aren't in Modular Server composes)
my $extraparams = '';
$extraparams = '--enablerepo=fedora' if (get_var("MODULAR"));
# we need a lot of entropy for this, and we don't care how good
# it is, so let's use haveged
assert_script_run "dnf ${extraparams} -y install haveged", 300;
assert_script_run 'systemctl start haveged.service';
# We need entropy. Install rng-tools and start it up. Fedora uses haveged
# but Rocky Linux does not have it unless EPEL is used.
assert_script_run "dnf --assumeyes install rng-tools", 300;
assert_script_run 'systemctl start rngd.service';
# per ab, this should get us extra debug logging from the web UI
# in error_log
assert_script_run 'mkdir -p /etc/ipa';
@ -30,24 +52,49 @@ sub run {
# per ab, this gets us more debugging for bind
assert_script_run 'mkdir -p /etc/systemd/system/named-pkcs11.service.d';
assert_script_run 'printf "[Service]\nEnvironment=OPTIONS=-d5\n" > /etc/systemd/system/named-pkcs11.service.d/debug.conf';
# First install the necessary packages
assert_script_run "dnf -y groupinstall freeipa-server", 600;
# configure the firewall
for my $service (qw(freeipa-ldap freeipa-ldaps dns)) {
# Based on the major version, install FreeIPA
assert_script_run "$ipa_install_cmd", 600;
# Enable all the firewall services as needed per major version
for my $service (@ipa_firewall_services) {
assert_script_run "firewall-cmd --permanent --add-service $service";
}
assert_script_run "systemctl restart firewalld.service";
# deploy the server
my $args = "-U --auto-forwarders --realm=TEST.OPENQA.ROCKYLINUX.ORG --domain=test.openqa.rockylinux.org --ds-password=monkeys123 --admin-password=monkeys123 --setup-dns --reverse-zone=2.16.172.in-addr.arpa --allow-zone-overlap";
assert_script_run "ipa-server-install $args", 1200;
assert_script_run "ipa-server-install $ipa_install_args", 1200;
# enable and start the systemd service
assert_script_run "systemctl enable ipa.service";
assert_script_run "systemctl start ipa.service", 300;
# kinit as admin
assert_script_run 'echo "monkeys123" | kinit admin';
# set up an OTP for client001 enrolment (it will enrol with a kickstart)
assert_script_run 'ipa host-add client001.test.openqa.rockylinux.org --password=monkeys --force';
assert_script_run "echo '$ipa_admin_password' | kinit admin";
# set up an OTP for client001 enrolment (this should enroll by kickstart or another way)
assert_script_run "ipa host-add client001.$ipa_domain --password=monkeys --force";
############################################################################
# Testing kerb services
assert_script_run "ipa service-add testservice/$ipa_hostname";
assert_script_run "ipa-getkeytab -s $ipa_hostname -p testservice/$ipa_hostname";
validate_script_output 'klist -k /tmp/testservice.keytab', sub { $_ =~ m/testservice\/$ipa_hostname/ };
# This is commented for now. We need a while loop that watches for ipa-getcert list -r to become empty.
#assert_script_run "ipa-getcert request -K testservice/$ipa_hostname -D $ipa_hostname -f /etc/pki/tls/certs/testservice.pki -k /etc/pki/tls/private/testservice.key";
#validate_script_output "ipa-getcert list -r | sed -n '/Request ID/,/auto-renew: yes/p'", sub { $_ =~ m// };
############################################################################
# Testing DNS
assert_script_run "ipa dnszone-add --name-server=$ipa_hostname. --admin-email=hostmaster.testzone.$ipa_domain. testzone.$ipa_domain";
sleep(5);
# ensure subdomain was made
validate_script_output "dig \@localhost SOA testzone.$ipa_domain", sub { $_ =~ m/status: NOERROR/ };
# make test records with CNAME
assert_script_run "ipa dnsrecord-add $ipa_domain testrecord --cname-hostname=onyxtest";
# validate it works
validate_script_output "dig \@localhost CNAME testrecord.$ipa_domain", sub { $_ =~ m/status: NOERROR/ };
# make test records with CNAME in subdomain
assert_script_run "ipa dnsrecord-add testzone.$ipa_domain testrecord --cname-hostname=onyxtest.$ipa_domain";
# validate it works
validate_script_output "dig \@localhost CNAME testrecord.testzone.$ipa_domain", sub { $_ =~ m/status: NOERROR/ };
############################################################################
# User Accounts + HBAC + SUDO
# create two user accounts, test1 and test2
assert_script_run 'echo "correcthorse" | ipa user-add test1 --first test --last one --password';
assert_script_run 'echo "correcthorse" | ipa user-add test2 --first test --last two --password';
@ -61,13 +108,24 @@ sub run {
assert_script_run 'ipa pwpolicy-mod --minlife=0';
# magic voodoo crap to allow reverse DNS client sync to work
# https://docs.pagure.org/bind-dyndb-ldap/BIND9/SyncPTR.html
assert_script_run 'ipa dnszone-mod test.openqa.rockylinux.org. --allow-sync-ptr=TRUE';
assert_script_run "ipa dnszone-mod $ipa_domain. --allow-sync-ptr=TRUE";
# kinit as each user and set a new password
assert_script_run 'printf "correcthorse\nbatterystaple\nbatterystaple" | kinit test1@TEST.OPENQA.ROCKYLINUX.ORG';
assert_script_run 'printf "correcthorse\nbatterystaple\nbatterystaple" | kinit test2@TEST.OPENQA.ROCKYLINUX.ORG';
# we're ready for children to enrol, now
assert_script_run "printf 'correcthorse\nbatterystaple\nbatterystaple' | kinit test1\@$ipa_realm";
assert_script_run "printf 'correcthorse\nbatterystaple\nbatterystaple' | kinit test2\@$ipa_realm";
# add a sudo rule
assert_script_run 'ipa sudorule-add testrule --desc="Test rule in IPA" --hostcat=all --cmdcat=all --runasusercat=all --runasgroupcat=all';
assert_script_run 'ipa sudorule-add-user testrule --users="test1"';
validate_script_output 'ipa sudorule-show testrule', sub { $_ =~ m/Rule name: testrule/ };
validate_script_output 'ipa sudorule-show testrule', sub { $_ =~ m/Users: test1/ };
# This may fail - Invalidate sudo cache and check test1's sudo perms
assert_script_run 'sss_cache -R';
validate_script_output 'sudo -l -U test1', sub { $_ =~ m/test1 may run the following commands/ };
# we're ready for children to enroll, now
mutex_create("freeipa_ready");
# if upgrade test, wait for children to enrol before upgrade
# This generally applies to Fedora upgrades. We don't perform upgrades in EL
# but we will leave this here.
if (get_var("UPGRADE")) {
my $children = get_children();
my $child_id = (keys %$children)[0];

View file

@ -1,65 +0,0 @@
use base "installedtest";
use strict;
use testapi;
use utils;
sub slurm_setup {
# install HPC repository
my $version = get_var("SLURM_VERSION");
assert_script_run "dnf -y install rocky-release-hpc", 120;
# Set up munge
assert_script_run "dnf -y install munge", 120;
assert_script_run "dd if=/dev/urandom bs=1 count=1024 >/etc/munge/munge.key";
assert_script_run "chmod 400 /etc/munge/munge.key";
assert_script_run "chown munge.munge /etc/munge/munge.key";
assert_script_run "systemctl enable --now munge.service";
# install slurm
if (get_var("CURRREL") eq '8') {
assert_script_run "dnf config-manager --set-enabled powertools";
}
assert_script_run "dnf install -y slurm$version-slurmdbd slurm$version-slurmrestd slurm$version-slurmctld slurm$version-slurmd";
# Since this is a single node system, we don't have to modify the conf files. We will for larger multi-node tests.
# start services
assert_script_run "systemctl enable --now slurmctld slurmdbd slurmrestd slurmd";
}
sub run {
my $self = shift;
# do all the install stuff
slurm_setup();
# if everything is configured right, sinfo should show the following output
# $ sinfo
# PARTITION AVAIL TIMELIMIT NODES STATE NODELIST
# debug* up infinite 1 idle localhost
validate_script_output "sinfo", sub { m/debug.*localhost/ };
# write a boring job script
assert_script_run "echo '#!/bin/bash\n#SBATCH --job-name=antarctica_time\nsleep 120\nTZ=NZST date' > job.sh";
## schedule a job and run it to completion
assert_script_run "sbatch job.sh";
validate_script_output "squeue", sub { m/antar/ };
sleep 121;
# after 121 seconds, job should have completed and no longer exist in the queue
validate_script_output "squeue", sub { $_ !~ m/antar/ };
## cancel a job
assert_script_run "sbatch job.sh";
validate_script_output "squeue", sub { m/antar/ };
assert_script_run "scancel 2";
# job should no longer be in the queue
validate_script_output "squeue", sub { $_ !~ m/antar/ };
}
sub test_flags {
return {fatal => 1};
}
1;
# vim: set sw=4 et: