testing/os-autoinst-distri-rocky
11
0
Fork 0
mirror of https://github.com/rocky-linux/os-autoinst-distri-rocky.git synced 2024-11-08 14:31:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
cc4c1c73cf
os-autoinst-distri-rocky/tests/realmd_join_sssd.pm

122 lines
4.4 KiB
Perl
Raw Normal View History

add a realmd_join_sssd test, and use DHCP for it and cockpit Summary: This is a pretty straightforward IPA joining test. Since I figured out how to set up a DHCP server for support_server, let's do the same for the domain controller so we can simplify these enrolment tests a bit. We also extend the timeout on installing haveged on the server a bit (2 minutes is a bit low when it hits a slow metadata download), and drop an unnecessary clone_host_file from the cockpit join test (it was only there for testing and the next operation immediately overwrites it). Test Plan: Do a full server DVD test run, check the new test works and none of the others broke. Reviewers: garretraziel Reviewed By: garretraziel Subscribers: tflink Differential Revision: https://phab.qadevel.cloud.fedoraproject.org/D894
2016-06-28 19:00:13 +00:00
use base "installedtest";
use strict;
use testapi;
use lockapi;
Add a FreeIPA replication job set This adds a set of jobs to test FreeIPA replication. We deploy a server, deploy a replica of that server, then enrol a client against the replica and run the client tests. At first I was planning to add the replica testing into the main set of FreeIPA tests, but the test ordering/blocking (via mutexes and barriers and what-have-you) just turns into a big nightmare that way. This way seems rather simpler to deal with. Signed-off-by: Adam Williamson <awilliam@redhat.com>
2018-07-18 22:53:54 +00:00
use mmapi;
Move all remaining utility functions into exporter modules Summary: This adds a couple of new exporter modules, renames main_common to utils (this is a better name: openSUSE's main_common is functions used in main.pm, utils is what they call their module full of miscellaneous commonly-used functions), and moves a bunch of utility functions that were previously needlessly implemented as instance methods in base classes into the exporter modules. That means we can get rid of all the annoying $self-> syntax for calling them. We get rid of `fedorabase` entirely, as it's no longer useful for anything. Other base classes keep the 'standard' methods (like `post_fail_hook`) and methods which actually need to be methods (like `root_console`, whose behaviour is different in anacondatest and installedtest). Test Plan: Do a full test suite run and check everything lines up. There should be no functional differences from before at all, this is just a re-org. Reviewers: jskladan, garretraziel_but_actually_jsedlak_who_uses_stupid_nicknames Reviewed By: garretraziel_but_actually_jsedlak_who_uses_stupid_nicknames Subscribers: tflink Differential Revision: https://phab.qa.fedoraproject.org/D1080
2017-01-18 07:15:44 +00:00
use tapnet;
use utils;
add a realmd_join_sssd test, and use DHCP for it and cockpit Summary: This is a pretty straightforward IPA joining test. Since I figured out how to set up a DHCP server for support_server, let's do the same for the domain controller so we can simplify these enrolment tests a bit. We also extend the timeout on installing haveged on the server a bit (2 minutes is a bit low when it hits a slow metadata download), and drop an unnecessary clone_host_file from the cockpit join test (it was only there for testing and the next operation immediately overwrites it). Test Plan: Do a full server DVD test run, check the new test works and none of the others broke. Reviewers: garretraziel Reviewed By: garretraziel Subscribers: tflink Differential Revision: https://phab.qadevel.cloud.fedoraproject.org/D894
2016-06-28 19:00:13 +00:00
Update FreeIPA tests Updating freeipa tests to: * Make it more consistent with Rocky Linux * Use of rockylinux.org domain instead of fedoraproject.org * Ensure fedora-only elements are removed or changed to work in EL
2023-05-17 21:03:44 +00:00
# Adapted from Fedora's OpenQA tests, with some modifications. This will need
# to be maintained per major version as necessary.
# label@rockylinux.org
use feature "switch";
add a realmd_join_sssd test, and use DHCP for it and cockpit Summary: This is a pretty straightforward IPA joining test. Since I figured out how to set up a DHCP server for support_server, let's do the same for the domain controller so we can simplify these enrolment tests a bit. We also extend the timeout on installing haveged on the server a bit (2 minutes is a bit low when it hits a slow metadata download), and drop an unnecessary clone_host_file from the cockpit join test (it was only there for testing and the next operation immediately overwrites it). Test Plan: Do a full server DVD test run, check the new test works and none of the others broke. Reviewers: garretraziel Reviewed By: garretraziel Subscribers: tflink Differential Revision: https://phab.qadevel.cloud.fedoraproject.org/D894
2016-06-28 19:00:13 +00:00
sub run {
enforce standard coding on all Perl files
2023-02-12 22:59:37 +00:00
my $self = shift;
Add a FreeIPA replication job set This adds a set of jobs to test FreeIPA replication. We deploy a server, deploy a replica of that server, then enrol a client against the replica and run the client tests. At first I was planning to add the replica testing into the main set of FreeIPA tests, but the test ordering/blocking (via mutexes and barriers and what-have-you) just turns into a big nightmare that way. This way seems rather simpler to deal with. Signed-off-by: Adam Williamson <awilliam@redhat.com>
2018-07-18 22:53:54 +00:00
# use FreeIPA server or replica as DNS server
Update FreeIPA tests Updating freeipa tests to: * Make it more consistent with Rocky Linux * Use of rockylinux.org domain instead of fedoraproject.org * Ensure fedora-only elements are removed or changed to work in EL
2023-05-17 21:03:44 +00:00
my $version_major = get_version_major;
my $relnum = get_release_number;
my $ipa_admin_password = 'b1U3OnyX!';
replace fedoraproject.org with rockylinux.org - refs in templates.fif.json and code changed (typically hostnames in multi-worker tests) - refs in documentation left for historical / context purposes
2023-03-17 17:04:54 +00:00
my $server = 'ipa001.test.openqa.rockylinux.org';
Use qemu host IP 172.16.2.2 not 10.0.2.2 This is to make the infra folks happy, apparently using 10.0.x.x and 10.1.x.x is causing conflicts since our actual infra network uses those ranges too. Signed-off-by: Adam Williamson <awilliam@redhat.com>
2020-07-17 20:42:48 +00:00
my $server_ip = '172.16.2.100';
Add a FreeIPA replication job set This adds a set of jobs to test FreeIPA replication. We deploy a server, deploy a replica of that server, then enrol a client against the replica and run the client tests. At first I was planning to add the replica testing into the main set of FreeIPA tests, but the test ordering/blocking (via mutexes and barriers and what-have-you) just turns into a big nightmare that way. This way seems rather simpler to deal with. Signed-off-by: Adam Williamson <awilliam@redhat.com>
2018-07-18 22:53:54 +00:00
my $server_mutex = 'freeipa_ready';
Update FreeIPA tests Updating freeipa tests to: * Make it more consistent with Rocky Linux * Use of rockylinux.org domain instead of fedoraproject.org * Ensure fedora-only elements are removed or changed to work in EL
2023-05-17 21:03:44 +00:00
my $ipa_install_cmd;
my @ipa_firewall_services;
given ($version_major) {
when ('8') {
$ipa_install_cmd = 'dnf --assumeyes module install idm:DL1/{dns,client,server,common}';
@ipa_firewall_services = qw(http https kerberos kpasswd ldap ldaps dns);
}
when ('9') {
$ipa_install_cmd = 'dnf --assumeyes install ipa-server ipa-client ipa-server-dns sssd sssd-ipa';
@ipa_firewall_services = qw(freeipa-4 dns);
}
default {
$ipa_install_cmd = 'dnf --assumeyes install ipa-server ipa-client ipa-server-dns sssd sssd-ipa';
@ipa_firewall_services = qw(freeipa-4 dns);
}
}
Add a FreeIPA replication job set This adds a set of jobs to test FreeIPA replication. We deploy a server, deploy a replica of that server, then enrol a client against the replica and run the client tests. At first I was planning to add the replica testing into the main set of FreeIPA tests, but the test ordering/blocking (via mutexes and barriers and what-have-you) just turns into a big nightmare that way. This way seems rather simpler to deal with. Signed-off-by: Adam Williamson <awilliam@redhat.com>
2018-07-18 22:53:54 +00:00
if (get_var("FREEIPA_REPLICA")) {
replace fedoraproject.org with rockylinux.org - refs in templates.fif.json and code changed (typically hostnames in multi-worker tests) - refs in documentation left for historical / context purposes
2023-03-17 17:04:54 +00:00
$server = 'ipa002.test.openqa.rockylinux.org';
Use qemu host IP 172.16.2.2 not 10.0.2.2 This is to make the infra folks happy, apparently using 10.0.x.x and 10.1.x.x is causing conflicts since our actual infra network uses those ranges too. Signed-off-by: Adam Williamson <awilliam@redhat.com>
2020-07-17 20:42:48 +00:00
$server_ip = '172.16.2.106';
Add a FreeIPA replication job set This adds a set of jobs to test FreeIPA replication. We deploy a server, deploy a replica of that server, then enrol a client against the replica and run the client tests. At first I was planning to add the replica testing into the main set of FreeIPA tests, but the test ordering/blocking (via mutexes and barriers and what-have-you) just turns into a big nightmare that way. This way seems rather simpler to deal with. Signed-off-by: Adam Williamson <awilliam@redhat.com>
2018-07-18 22:53:54 +00:00
}
if (get_var("FREEIPA_REPLICA_CLIENT")) {
replace fedoraproject.org with rockylinux.org - refs in templates.fif.json and code changed (typically hostnames in multi-worker tests) - refs in documentation left for historical / context purposes
2023-03-17 17:04:54 +00:00
$server = 'ipa003.test.openqa.rockylinux.org';
Use qemu host IP 172.16.2.2 not 10.0.2.2 This is to make the infra folks happy, apparently using 10.0.x.x and 10.1.x.x is causing conflicts since our actual infra network uses those ranges too. Signed-off-by: Adam Williamson <awilliam@redhat.com>
2020-07-17 20:42:48 +00:00
$server_ip = '172.16.2.107';
Add a FreeIPA replication job set This adds a set of jobs to test FreeIPA replication. We deploy a server, deploy a replica of that server, then enrol a client against the replica and run the client tests. At first I was planning to add the replica testing into the main set of FreeIPA tests, but the test ordering/blocking (via mutexes and barriers and what-have-you) just turns into a big nightmare that way. This way seems rather simpler to deal with. Signed-off-by: Adam Williamson <awilliam@redhat.com>
2018-07-18 22:53:54 +00:00
$server_mutex = 'replica_ready';
}
Use nmcli for static network stuff, not ifcfg files This should work even if the ifcfg plugin is not present (hi, CoreOS) or 'predictable' (har) network names are on. Signed-off-by: Adam Williamson <awilliam@redhat.com>
2020-08-21 22:56:44 +00:00
# this gets us the name of the first connection in the list,
# which should be what we want
my $connection = script_output "nmcli --fields NAME con show | head -2 | tail -1";
assert_script_run "nmcli con mod '$connection' ipv4.dns '$server_ip'";
Fix DNS config in realmd_join_sssd and realmd_join_cockpit Seems what they had before worked until systemd-resolved became the default; now we need to make sure we do nmcli mod and then bring the connection down and up, as we do in tapnet.pm. Writing to resolv.conf is kinda "wrong" for resolved but I don't think it really breaks anything so I think I'll just leave those bits in until F32 goes EOL just in case they're still somehow needed on F31 or F32. Signed-off-by: Adam Williamson <awilliam@redhat.com>
2020-09-17 23:01:15 +00:00
assert_script_run "nmcli con down '$connection'";
assert_script_run "nmcli con up '$connection'";
Add a FreeIPA replication job set This adds a set of jobs to test FreeIPA replication. We deploy a server, deploy a replica of that server, then enrol a client against the replica and run the client tests. At first I was planning to add the replica testing into the main set of FreeIPA tests, but the test ordering/blocking (via mutexes and barriers and what-have-you) just turns into a big nightmare that way. This way seems rather simpler to deal with. Signed-off-by: Adam Williamson <awilliam@redhat.com>
2018-07-18 22:53:54 +00:00
# wait for the server or replica to be ready (do it now just to be
# sure name resolution is working before we proceed)
mutex_lock $server_mutex;
mutex_unlock $server_mutex;
Test upgrade of FreeIPA server and client deployment Summary: This adds an upgrade variant of the FreeIPA tests, with only the simplest client enrolment (sssd) for now. The server test starts from the N-1 release and deploys the domain controller role. The client test similarly starts from the N-1 release and, when the server is deployed, enrols as a domain client. Then the server upgrades itself, while the client waits (as the server is its name server). Then the client upgrades itself, while the server does some self-checks. The server then waits for the client to do its checks before decommissioning itself, as usual. So, summary: *deployment* of both server and client occurs on N-1, then both are upgraded, then the actual *checks* occur on N. In my testing, this all more or less works, except the role decommission step fails. This failure seems to be a genuine one so far as I can tell; I intend to file a bug for it soon. Test Plan: Run the new tests, check they work. Run the existing FreeIPA tests (both the compose and the update variants), check they both behave the same. Reviewers: jsedlak, jskladan Reviewed By: jsedlak Subscribers: tflink Differential Revision: https://phab.qa.fedoraproject.org/D1204
2017-05-17 19:39:45 +00:00
# use compose repo, disable u-t, etc. unless this is an upgrade
# test (in which case we're on the 'old' release at this point;
# one of the upgrade test modules does repo_setup later)
repo_setup() unless get_var("UPGRADE");
add a realmd_join_sssd test, and use DHCP for it and cockpit Summary: This is a pretty straightforward IPA joining test. Since I figured out how to set up a DHCP server for support_server, let's do the same for the domain controller so we can simplify these enrolment tests a bit. We also extend the timeout on installing haveged on the server a bit (2 minutes is a bit low when it hits a slow metadata download), and drop an unnecessary clone_host_file from the cockpit join test (it was only there for testing and the next operation immediately overwrites it). Test Plan: Do a full server DVD test run, check the new test works and none of the others broke. Reviewers: garretraziel Reviewed By: garretraziel Subscribers: tflink Differential Revision: https://phab.qadevel.cloud.fedoraproject.org/D894
2016-06-28 19:00:13 +00:00
# do the enrolment
Add a FreeIPA replication job set This adds a set of jobs to test FreeIPA replication. We deploy a server, deploy a replica of that server, then enrol a client against the replica and run the client tests. At first I was planning to add the replica testing into the main set of FreeIPA tests, but the test ordering/blocking (via mutexes and barriers and what-have-you) just turns into a big nightmare that way. This way seems rather simpler to deal with. Signed-off-by: Adam Williamson <awilliam@redhat.com>
2018-07-18 22:53:54 +00:00
if (get_var("FREEIPA_REPLICA")) {
# here we're enrolling not just as a client, but as a replica
# install server packages
Update FreeIPA tests Updating freeipa tests to: * Make it more consistent with Rocky Linux * Use of rockylinux.org domain instead of fedoraproject.org * Ensure fedora-only elements are removed or changed to work in EL
2023-05-17 21:03:44 +00:00
assert_script_run "$ipa_install_cmd", 600;
Add a FreeIPA replication job set This adds a set of jobs to test FreeIPA replication. We deploy a server, deploy a replica of that server, then enrol a client against the replica and run the client tests. At first I was planning to add the replica testing into the main set of FreeIPA tests, but the test ordering/blocking (via mutexes and barriers and what-have-you) just turns into a big nightmare that way. This way seems rather simpler to deal with. Signed-off-by: Adam Williamson <awilliam@redhat.com>
2018-07-18 22:53:54 +00:00
# we need a lot of entropy for this, and we don't care how good
# it is, so let's use haveged
Update FreeIPA tests Updating freeipa tests to: * Make it more consistent with Rocky Linux * Use of rockylinux.org domain instead of fedoraproject.org * Ensure fedora-only elements are removed or changed to work in EL
2023-05-17 21:03:44 +00:00
assert_script_run "dnf --assumeyes install rng-tools", 300;
assert_script_run 'systemctl start rngd.service';
Add a FreeIPA replication job set This adds a set of jobs to test FreeIPA replication. We deploy a server, deploy a replica of that server, then enrol a client against the replica and run the client tests. At first I was planning to add the replica testing into the main set of FreeIPA tests, but the test ordering/blocking (via mutexes and barriers and what-have-you) just turns into a big nightmare that way. This way seems rather simpler to deal with. Signed-off-by: Adam Williamson <awilliam@redhat.com>
2018-07-18 22:53:54 +00:00
# configure the firewall
Update FreeIPA tests Updating freeipa tests to: * Make it more consistent with Rocky Linux * Use of rockylinux.org domain instead of fedoraproject.org * Ensure fedora-only elements are removed or changed to work in EL
2023-05-17 21:03:44 +00:00
for my $service (@ipa_firewall_services) {
Add a FreeIPA replication job set This adds a set of jobs to test FreeIPA replication. We deploy a server, deploy a replica of that server, then enrol a client against the replica and run the client tests. At first I was planning to add the replica testing into the main set of FreeIPA tests, but the test ordering/blocking (via mutexes and barriers and what-have-you) just turns into a big nightmare that way. This way seems rather simpler to deal with. Signed-off-by: Adam Williamson <awilliam@redhat.com>
2018-07-18 22:53:54 +00:00
assert_script_run "firewall-cmd --permanent --add-service $service";
}
assert_script_run "systemctl restart firewalld.service";
# deploy as a replica
Tweak setup_tap_static and FreeIPA tests for resolved This does some of the things suggested by cheimes in https://bugzilla.redhat.com/show_bug.cgi?id=1880628#c24 . It seems to make the replica tests work with resolved, still work with pre-F33 resolving, and not break anything. Also remove the workaround to disable resolved if it's running, as we can now work with it. Signed-off-by: Adam Williamson <awilliam@redhat.com>
2020-10-09 17:49:49 +00:00
my ($ip, $hostname) = split(/ /, get_var("POST_STATIC"));
quote to prevent bash history expansion
2023-09-29 02:48:56 +00:00
my $args = "--ip-address=$ip --setup-dns --auto-forwarders --setup-ca --allow-zone-overlap -U --principal admin --admin-password '$ipa_admin_password'";
Bump ipa-replica-install timeout a bit (it takes a long time) I'm going to figure out if it's a bug that it takes so long, but for now let's just bump the timeout. Signed-off-by: Adam Williamson <awilliam@redhat.com>
2018-09-07 22:56:11 +00:00
assert_script_run "ipa-replica-install $args", 1500;
Add a FreeIPA replication job set This adds a set of jobs to test FreeIPA replication. We deploy a server, deploy a replica of that server, then enrol a client against the replica and run the client tests. At first I was planning to add the replica testing into the main set of FreeIPA tests, but the test ordering/blocking (via mutexes and barriers and what-have-you) just turns into a big nightmare that way. This way seems rather simpler to deal with. Signed-off-by: Adam Williamson <awilliam@redhat.com>
2018-07-18 22:53:54 +00:00
# enable and start the systemd service
assert_script_run "systemctl enable ipa.service";
assert_script_run "systemctl start ipa.service", 300;
# report that we're ready to go
mutex_create('replica_ready');
# wait for the client test
wait_for_children;
}
else {
Update FreeIPA tests Updating freeipa tests to: * Make it more consistent with Rocky Linux * Use of rockylinux.org domain instead of fedoraproject.org * Ensure fedora-only elements are removed or changed to work in EL
2023-05-17 21:03:44 +00:00
assert_script_run "echo '$ipa_admin_password' | realm join --user=admin ${server}", 300;
Add a FreeIPA replication job set This adds a set of jobs to test FreeIPA replication. We deploy a server, deploy a replica of that server, then enrol a client against the replica and run the client tests. At first I was planning to add the replica testing into the main set of FreeIPA tests, but the test ordering/blocking (via mutexes and barriers and what-have-you) just turns into a big nightmare that way. This way seems rather simpler to deal with. Signed-off-by: Adam Williamson <awilliam@redhat.com>
2018-07-18 22:53:54 +00:00
}
Improve FreeIPA debug logging a bit Committing without review as this is pretty trivial and I've had it on staging for the last few days without issue. Just gets us somewhat better info for debugging FreeIPA issues.
2017-03-16 19:36:33 +00:00
# set sssd debugging level higher (useful for debugging failures)
# optional as it's not really part of the test
Bump up some more DNF timeouts due to #1516990 All of these seem vulnerable. Signed-off-by: Adam Williamson <awilliam@redhat.com>
2017-11-24 00:01:58 +00:00
script_run "dnf -y install sssd-tools", 220;
Crank sss debuglevel up to 9, and also do it for cockpit test Signed-off-by: Adam Williamson <awilliam@redhat.com>
2018-11-30 22:58:53 +00:00
script_run "sss_debuglevel 9";
Test upgrade of FreeIPA server and client deployment Summary: This adds an upgrade variant of the FreeIPA tests, with only the simplest client enrolment (sssd) for now. The server test starts from the N-1 release and deploys the domain controller role. The client test similarly starts from the N-1 release and, when the server is deployed, enrols as a domain client. Then the server upgrades itself, while the client waits (as the server is its name server). Then the client upgrades itself, while the server does some self-checks. The server then waits for the client to do its checks before decommissioning itself, as usual. So, summary: *deployment* of both server and client occurs on N-1, then both are upgraded, then the actual *checks* occur on N. In my testing, this all more or less works, except the role decommission step fails. This failure seems to be a genuine one so far as I can tell; I intend to file a bug for it soon. Test Plan: Run the new tests, check they work. Run the existing FreeIPA tests (both the compose and the update variants), check they both behave the same. Reviewers: jsedlak, jskladan Reviewed By: jsedlak Subscribers: tflink Differential Revision: https://phab.qa.fedoraproject.org/D1204
2017-05-17 19:39:45 +00:00
# if upgrade test, report that we're enrolled
mutex_create('client_enrolled') if get_var("UPGRADE");
# if this is an upgrade test, wait for server to be upgraded before
# continuing, as we rely on it for name resolution
if (get_var("UPGRADE")) {
mutex_lock "server_upgraded";
mutex_unlock "server_upgraded";
}
add a realmd_join_sssd test, and use DHCP for it and cockpit Summary: This is a pretty straightforward IPA joining test. Since I figured out how to set up a DHCP server for support_server, let's do the same for the domain controller so we can simplify these enrolment tests a bit. We also extend the timeout on installing haveged on the server a bit (2 minutes is a bit low when it hits a slow metadata download), and drop an unnecessary clone_host_file from the cockpit join test (it was only there for testing and the next operation immediately overwrites it). Test Plan: Do a full server DVD test run, check the new test works and none of the others broke. Reviewers: garretraziel Reviewed By: garretraziel Subscribers: tflink Differential Revision: https://phab.qadevel.cloud.fedoraproject.org/D894
2016-06-28 19:00:13 +00:00
}
sub test_flags {
enforce standard coding on all Perl files
2023-02-12 22:59:37 +00:00
return {fatal => 1};
add a realmd_join_sssd test, and use DHCP for it and cockpit Summary: This is a pretty straightforward IPA joining test. Since I figured out how to set up a DHCP server for support_server, let's do the same for the domain controller so we can simplify these enrolment tests a bit. We also extend the timeout on installing haveged on the server a bit (2 minutes is a bit low when it hits a slow metadata download), and drop an unnecessary clone_host_file from the cockpit join test (it was only there for testing and the next operation immediately overwrites it). Test Plan: Do a full server DVD test run, check the new test works and none of the others broke. Reviewers: garretraziel Reviewed By: garretraziel Subscribers: tflink Differential Revision: https://phab.qadevel.cloud.fedoraproject.org/D894
2016-06-28 19:00:13 +00:00
}
1;
# vim: set sw=4 et:
Reference in New Issue Copy Permalink