df2c3cd906
Summary: This adds an upgrade variant of the FreeIPA tests, with only the simplest client enrolment (sssd) for now. The server test starts from the N-1 release and deploys the domain controller role. The client test similarly starts from the N-1 release and, when the server is deployed, enrols as a domain client. Then the server upgrades itself, while the client waits (as the server is its name server). Then the client upgrades itself, while the server does some self-checks. The server then waits for the client to do its checks before decommissioning itself, as usual. So, summary: *deployment* of both server and client occurs on N-1, then both are upgraded, then the actual *checks* occur on N. In my testing, this all more or less works, except the role decommission step fails. This failure seems to be a genuine one so far as I can tell; I intend to file a bug for it soon. Test Plan: Run the new tests, check they work. Run the existing FreeIPA tests (both the compose and the update variants), check they both behave the same. Reviewers: jsedlak, jskladan Reviewed By: jsedlak Subscribers: tflink Differential Revision: https://phab.qa.fedoraproject.org/D1204
44 lines
1.6 KiB
Perl
44 lines
1.6 KiB
Perl
use base "installedtest";
|
|
use strict;
|
|
use testapi;
|
|
use lockapi;
|
|
use tapnet;
|
|
use utils;
|
|
|
|
sub run {
|
|
my $self=shift;
|
|
# use FreeIPA server as DNS server
|
|
assert_script_run "printf 'search domain.local\nnameserver 10.0.2.100' > /etc/resolv.conf";
|
|
assert_script_run "sed -i -e '/^DNS.*/d' /etc/sysconfig/network-scripts/ifcfg-eth0";
|
|
assert_script_run "printf '\nDNS1=10.0.2.100\n' >> /etc/sysconfig/network-scripts/ifcfg-eth0";
|
|
# wait for the server to be ready (do it now just to make sure name
|
|
# resolution is working before we proceed)
|
|
mutex_lock "freeipa_ready";
|
|
mutex_unlock "freeipa_ready";
|
|
# use compose repo, disable u-t, etc. unless this is an upgrade
|
|
# test (in which case we're on the 'old' release at this point;
|
|
# one of the upgrade test modules does repo_setup later)
|
|
repo_setup() unless get_var("UPGRADE");
|
|
# do the enrolment
|
|
assert_script_run "echo 'monkeys123' | realm join --user=admin ipa001.domain.local", 300;
|
|
# set sssd debugging level higher (useful for debugging failures)
|
|
# optional as it's not really part of the test
|
|
script_run "dnf -y install sssd-tools", 180;
|
|
script_run "sss_debuglevel 6";
|
|
# if upgrade test, report that we're enrolled
|
|
mutex_create('client_enrolled') if get_var("UPGRADE");
|
|
# if this is an upgrade test, wait for server to be upgraded before
|
|
# continuing, as we rely on it for name resolution
|
|
if (get_var("UPGRADE")) {
|
|
mutex_lock "server_upgraded";
|
|
mutex_unlock "server_upgraded";
|
|
}
|
|
}
|
|
|
|
sub test_flags {
|
|
return { fatal => 1 };
|
|
}
|
|
|
|
1;
|
|
|
|
# vim: set sw=4 et:
|