66fc3cc7d4
Summary: This requires a few other changes: * turn clone_host_resolv into clone_host_file, letting you clone any given host file (cloning /etc/hosts seems to make both server deployment and client enrolment faster/more reliable) * allow loading of multiple POSTINSTALL tests (so we can share the freeipa_client_postinstall test). Note this is compatible, existing uses will work fine * move initial password change for the IPA test users into the server deployment test (so the client tests don't conflict over doing that) * add GRUB_POSTINSTALL, for specifying boot parameters for boot of the installed system, and make it work by tweaking _console_wait _login (doesn't work for _graphical_wait_login yet, as I didn't need that) * make the static networking config for tap tests into a library function so the tests can share it * handle ABRT problem dirs showing up in /var/spool/abrt as well as /var/tmp/abrt (because the enrol attempt hits #1330766 and the crash report shows up in /var/spool/abrt, don't ask me why the difference, I just work here) * specify the DNS servers from the worker host's resolv.conf as the forwarders for the FreeIPA server when deploying it; if we don't do this, rolekit defaults to using the root servers as forwarders(!) and thus we get the public, not phx2-appropriate, results for e.g. mirrors.fedoraproject.org, some of which the workers can't reach, so PackageKit package install always fails (boy, was it fun figuring THAT mess out) Even after all that, the test still doesn't actually pass, but I'm reasonably confident this is because it's hitting actual bugs, not because it's broken. It runs into #1330766 nearly every time (I think I saw *one* time the enrolment actually succeeded), and seems to run into a subsequent bug I hadn't seen before when trying to work around that by trying the join again (see https://bugzilla.redhat.com/show_bug.cgi?id=1330766#c37 ). Test Plan: Run the test, see what happens. If you're really lucky, it'll actually pass. But you'll probably run into #1330766#c37, I'm mostly posting for comment. You'll need a tap-capable openQA instance to test this. Reviewers: jskladan, garretraziel Reviewed By: garretraziel Subscribers: tflink Differential Revision: https://phab.qadevel.cloud.fedoraproject.org/D880
45 lines
1.6 KiB
Perl
45 lines
1.6 KiB
Perl
use base "installedtest";
|
|
use strict;
|
|
use testapi;
|
|
|
|
sub run {
|
|
my $self=shift;
|
|
# check domain is listed in 'realm list'
|
|
validate_script_output 'realm list', sub { $_ =~ m/domain-name: domain\.local.*configured: kerberos-member/s };
|
|
# check we can see the admin user in getent
|
|
assert_script_run 'getent passwd admin@DOMAIN.LOCAL';
|
|
# check keytab entries
|
|
my $hostname = script_output 'hostname';
|
|
my $qhost = quotemeta($hostname);
|
|
validate_script_output 'klist -k', sub { $_ =~ m/$qhost\@DOMAIN\.LOCAL/ };
|
|
# check we can kinit with the host principal
|
|
assert_script_run "kinit -k host/$hostname\@DOMAIN.LOCAL";
|
|
# switch to tty3
|
|
send_key "ctrl-alt-f3";
|
|
# try and login as test1, should work
|
|
$self->console_login(user=>'test1@DOMAIN.LOCAL', password=>'batterystaple');
|
|
type_string "exit\n";
|
|
# try and login as test2, should fail. we cannot use console_login
|
|
# as it takes 10 seconds to complete when login fails, and
|
|
# "permission denied" message doesn't last that long
|
|
sleep 2;
|
|
assert_screen "text_console_login";
|
|
type_string "test2\@DOMAIN.LOCAL\n";
|
|
assert_screen "console_password_required";
|
|
type_string "batterystaple\n";
|
|
assert_screen "login_permission_denied";
|
|
}
|
|
|
|
|
|
sub test_flags {
|
|
# without anything - rollback to 'lastgood' snapshot if failed
|
|
# 'fatal' - whole test suite is in danger if this fails
|
|
# 'milestone' - after this test succeeds, update 'lastgood'
|
|
# 'important' - if this fails, set the overall state to 'fail'
|
|
return { fatal => 1 };
|
|
}
|
|
|
|
1;
|
|
|
|
# vim: set sw=4 et:
|