diff --git a/tests/role_deploy_database_server.pm b/tests/role_deploy_database_server.pm index 967e2538..7d81c3ac 100644 --- a/tests/role_deploy_database_server.pm +++ b/tests/role_deploy_database_server.pm @@ -10,55 +10,39 @@ sub run { my $self=shift; # use compose repo, disable u-t, etc. repo_setup(); - # from here we branch: for F28 and earlier we use rolekit as - # always, for F29+ we deploy directly ourselves as rolekit is - # deprecated - my $version = get_var("VERSION"); - # for upgrade tests we need to check CURRREL not VERSION - $version = get_var("CURRREL") if (get_var("UPGRADE")); - if ($version < 29 && $version ne 'Rawhide') { - # deploy the database server role - assert_script_run 'echo \'{"database":"openqa","owner":"openqa","password":"correcthorse"}\' | rolectl deploy databaseserver --settings-stdin', 300; - # check the role status, should be 'running' - validate_script_output 'rolectl status databaseserver/1', sub { $_ =~ m/^running/ }; - # check 'settings' output looks vaguely right - validate_script_output 'rolectl settings databaseserver/1', sub {$_ =~ m/owner = openqa/ }; - } - else { - # deploy postgres directly ourselves. first, install packages... - assert_script_run 'dnf -y install postgresql-server postgresql-contrib', 300; - # configure the firewall - assert_script_run "firewall-cmd --permanent --add-service postgresql"; - assert_script_run "systemctl restart firewalld.service"; - # init the db - assert_script_run "/usr/bin/postgresql-setup --initdb"; - # enable and start the systemd service - assert_script_run "systemctl enable postgresql.service"; - assert_script_run "systemctl start postgresql.service"; - # create the owner - assert_script_run 'su postgres -c "/usr/bin/createuser openqa"'; - # create the database - assert_script_run 'su postgres -c "/usr/bin/createdb openqa -O openqa"'; - # set the password. oh, god, the quotes. THE QUOTES. trying to - # get four layers of nested quotes properly escaped through - # perl, bash and postgres is futile, so we write the command - # to a file and call psql on the file - assert_script_run 'echo "ALTER ROLE openqa WITH PASSWORD \'correcthorse\'" > /tmp/cmd'; - assert_script_run 'su postgres -c "psql openqa -f /tmp/cmd"'; - # adjust postgresql.conf to allow network connections; sloppy - # version of how rolekit did it - assert_script_run 'sed -i -e "s,.*listen_addresses *=.*,listen_addresses=\'*\',g" /var/lib/pgsql/data/postgresql.conf'; - # check that worked... - upload_logs "/var/lib/pgsql/data/postgresql.conf"; - # adjust pg_hba.conf to use md5 authentication; sloppy version - # of how rolekit did it - assert_script_run 'sed -i -e "s,^host,#host,g" /var/lib/pgsql/data/pg_hba.conf'; - assert_script_run 'echo "host all all all md5" >> /var/lib/pgsql/data/pg_hba.conf'; - # check that worked... - upload_logs "/var/lib/pgsql/data/pg_hba.conf"; - # restart the service - assert_script_run "systemctl restart postgresql.service"; - } + # deploy postgres directly ourselves. first, install packages... + assert_script_run 'dnf -y install postgresql-server postgresql-contrib', 300; + # configure the firewall + assert_script_run "firewall-cmd --permanent --add-service postgresql"; + assert_script_run "systemctl restart firewalld.service"; + # init the db + assert_script_run "/usr/bin/postgresql-setup --initdb"; + # enable and start the systemd service + assert_script_run "systemctl enable postgresql.service"; + assert_script_run "systemctl start postgresql.service"; + # create the owner + assert_script_run 'su postgres -c "/usr/bin/createuser openqa"'; + # create the database + assert_script_run 'su postgres -c "/usr/bin/createdb openqa -O openqa"'; + # set the password. oh, god, the quotes. THE QUOTES. trying to + # get four layers of nested quotes properly escaped through + # perl, bash and postgres is futile, so we write the command + # to a file and call psql on the file + assert_script_run 'echo "ALTER ROLE openqa WITH PASSWORD \'correcthorse\'" > /tmp/cmd'; + assert_script_run 'su postgres -c "psql openqa -f /tmp/cmd"'; + # adjust postgresql.conf to allow network connections; sloppy + # version of how rolekit did it + assert_script_run 'sed -i -e "s,.*listen_addresses *=.*,listen_addresses=\'*\',g" /var/lib/pgsql/data/postgresql.conf'; + # check that worked... + upload_logs "/var/lib/pgsql/data/postgresql.conf"; + # adjust pg_hba.conf to use md5 authentication; sloppy version + # of how rolekit did it + assert_script_run 'sed -i -e "s,^host,#host,g" /var/lib/pgsql/data/pg_hba.conf'; + assert_script_run 'echo "host all all all md5" >> /var/lib/pgsql/data/pg_hba.conf'; + # check that worked... + upload_logs "/var/lib/pgsql/data/pg_hba.conf"; + # restart the service + assert_script_run "systemctl restart postgresql.service"; # check we can connect to the database and create a table assert_script_run 'su postgres -c "psql openqa -c \'CREATE TABLE test (testcol int);\'"'; # check we can add a row to the table @@ -71,26 +55,14 @@ sub run { # we're all ready for other jobs to run! mutex_create('db_ready'); wait_for_children; - if ($version < 29 && $version ne 'Rawhide') { - # once child jobs are done, stop the role - assert_script_run 'rolectl stop databaseserver/1'; - # check role is stopped - validate_script_output 'rolectl status databaseserver/1', sub { $_ =~ m/^ready-to-start/ }; - # decommission the role - assert_script_run 'rolectl decommission databaseserver/1', 120; - # check role is decommissioned - validate_script_output 'rolectl list instances', sub { $_ eq "" }; - } - else { - # once child jobs are done, decommission the server a bit - assert_script_run 'su postgres -c "/usr/bin/dropdb -w --if-exists openqa"'; - assert_script_run 'su postgres -c "/usr/bin/dropuser -w --if-exists openqa"'; - # stop the server - assert_script_run 'systemctl stop postgresql.service'; - # check server is stopped - assert_script_run '! systemctl is-active postgresql.service'; - # FIXME check server is decommissioned...how? - } + # once child jobs are done, decommission the server a bit + assert_script_run 'su postgres -c "/usr/bin/dropdb -w --if-exists openqa"'; + assert_script_run 'su postgres -c "/usr/bin/dropuser -w --if-exists openqa"'; + # stop the server + assert_script_run 'systemctl stop postgresql.service'; + # check server is stopped + assert_script_run '! systemctl is-active postgresql.service'; + # FIXME check server is decommissioned...how? } diff --git a/tests/role_deploy_domain_controller.pm b/tests/role_deploy_domain_controller.pm index f7cde328..21d55ff3 100644 --- a/tests/role_deploy_domain_controller.pm +++ b/tests/role_deploy_domain_controller.pm @@ -33,74 +33,22 @@ sub run { # read DNS server IPs from host's /etc/resolv.conf for passing to # ipa-server-install / rolectl my @forwards = get_host_dns(); - # from here we branch: for F28 and earlier we use rolekit as - # always, for F29+ we deploy directly ourselves as rolekit is - # deprecated - my $version = get_var("VERSION"); - # for upgrade tests we need to check CURRREL not VERSION - $version = get_var("CURRREL") if (get_var("UPGRADE")); - if ($version < 29 && $version ne 'Rawhide') { - # we are now gonna work around a stupid bug in rolekit. we want to - # pass it a list of ipv4 DNS forwarders and have no ipv6 DNS - # forwarders. but it won't allow you to have a dns_forwarders array - # with a "ipv4" list but no "ipv6" list, any values in the "ipv6" - # list must be contactable (so we can't use real IPv6 DNS servers - # as we have no IPv6 connectivity), and if you use an empty list - # as the "ipv6" value you often hit a weird DBus error "unable to - # guess signature from an empty list". Fortunately, rolekit doesn't - # actually check that the values in the lists are really IPv6 / - # IPv4, it just turns all the values in each list into --forwarder - # args for ipa-server-install. So we can just stuff IPv4 values - # into both lists. rolekit bug: - # https://github.com/libre-server/rolekit/issues/64 - # it should be fixed relatively soon. - my $fourlist; - my $sixlist; - if (scalar @forwards == 1) { - # we've only got one server, so dupe it, best we can do - $fourlist = '["' . $forwards[0] . '"]'; - $sixlist = $fourlist; - } - else { - # put the first value in the 'IPv4' list and all the others in - # the 'IPv6' list - $fourlist = '["' . shift(@forwards) . '"]'; - $sixlist = '["' . join('","', @forwards) . '"]'; - } - # this is hideous, but we need --allow-zone-overlap for reverse - # DNS stuff to work, and there's no good way to make rolekit do - # that. so we monkeypatch it in! - assert_script_run 'sed -i -e "s/\'ipa-server-install\', \'-U\',/\'ipa-server-install\', \'-U\', \'--allow-zone-overlap\',/" /usr/lib/rolekit/roles/domaincontroller/role.py'; - # to check that worked right... - upload_logs "/usr/lib/rolekit/roles/domaincontroller/role.py"; - # deploy the domain controller role, specifying an admin password - # and the list of DNS server IPs as JSON via stdin. If we don't do - # this, rolectl defaults to using the root servers as forwarders - # (it does not copy the settings from resolv.conf), which give the - # public results for mirrors.fedoraproject.org, some of which - # things running in phx2 cannot reach; we must make sure the phx2 - # deployments use the phx2 nameservers. - assert_script_run 'echo \'{"admin_password":"monkeys123","reverse_zone":["2.0.10.in-addr.arpa"],"dns_forwarders":{"ipv4":' . $fourlist . ',"ipv6":' . $sixlist .'}}\' | rolectl deploy domaincontroller --name=domain.local --settings-stdin', 1200; + # First install the necessary packages + assert_script_run "dnf -y groupinstall freeipa-server", 600; + # configure the firewall + for my $service (qw(freeipa-ldap freeipa-ldaps dns)) { + assert_script_run "firewall-cmd --permanent --add-service $service"; } - else { - # this is the other side of the version branch - we're on 29+, - # so no rolekit. First install the necessary packages - assert_script_run "dnf -y groupinstall freeipa-server", 600; - # configure the firewall - for my $service (qw(freeipa-ldap freeipa-ldaps dns)) { - assert_script_run "firewall-cmd --permanent --add-service $service"; - } - assert_script_run "systemctl restart firewalld.service"; - # deploy the server - my $args = "-U --realm=DOMAIN.LOCAL --domain=domain.local --ds-password=monkeys123 --admin-password=monkeys123 --setup-dns --reverse-zone=2.0.10.in-addr.arpa --allow-zone-overlap"; - for my $fwd (@forwards) { - $args .= " --forwarder=$fwd"; - } - assert_script_run "ipa-server-install $args", 1200; - # enable and start the systemd service - assert_script_run "systemctl enable ipa.service"; - assert_script_run "systemctl start ipa.service", 300; + assert_script_run "systemctl restart firewalld.service"; + # deploy the server + my $args = "-U --realm=DOMAIN.LOCAL --domain=domain.local --ds-password=monkeys123 --admin-password=monkeys123 --setup-dns --reverse-zone=2.0.10.in-addr.arpa --allow-zone-overlap"; + for my $fwd (@forwards) { + $args .= " --forwarder=$fwd"; } + assert_script_run "ipa-server-install $args", 1200; + # enable and start the systemd service + assert_script_run "systemctl enable ipa.service"; + assert_script_run "systemctl start ipa.service", 300; # kinit as admin assert_script_run 'echo "monkeys123" | kinit admin'; diff --git a/tests/role_deploy_domain_controller_check.pm b/tests/role_deploy_domain_controller_check.pm index deeff101..efdbc2d6 100644 --- a/tests/role_deploy_domain_controller_check.pm +++ b/tests/role_deploy_domain_controller_check.pm @@ -20,51 +20,22 @@ sub run { } # if this is an update, notify clients that we're now up again mutex_create('server_upgraded') if get_var("UPGRADE"); - # from here we branch: for F28 and earlier we use rolekit as - # always, for F29+ we decommission directly ourselves as rolekit - # is deprecated - my $version = get_var("VERSION"); - if ($version < 29 && $version ne 'Rawhide') { - # check the role status, should be 'running' - validate_script_output 'rolectl status domaincontroller/domain.local', sub { $_ =~ m/^running/ }; - # check the admin password is listed in 'settings' - validate_script_output 'rolectl settings domaincontroller/domain.local', sub {$_ =~m/dm_password = \w{5,}/ }; - # sanitize the settings - assert_script_run 'rolectl sanitize domaincontroller/domain.local'; - # check the password now shows as 'None' - validate_script_output 'rolectl settings domaincontroller/domain.local', sub {$_ =~ m/dm_password = None/ }; - # once child jobs are done, stop the role - wait_for_children; - # run post-fail hook to upload logs - even when this test passes - # there are often cases where we need to see the logs (e.g. client - # test failed due to server issue) - $self->post_fail_hook(); - assert_script_run 'rolectl stop domaincontroller/domain.local'; - # check role is stopped - validate_script_output 'rolectl status domaincontroller/domain.local', sub { $_ =~ m/^ready-to-start/ }; - # decommission the role - assert_script_run 'rolectl decommission domaincontroller/domain.local', 300; - # check role is decommissioned - validate_script_output 'rolectl list instances', sub { $_ eq "" }; - } - else { - # once child jobs are done, stop the server - wait_for_children; - # run post-fail hook to upload logs - even when this test passes - # there are often cases where we need to see the logs (e.g. client - # test failed due to server issue) - $self->post_fail_hook(); - assert_script_run 'systemctl stop ipa.service'; - # check server is stopped - assert_script_run '! systemctl is-active ipa.service'; - # decommission the server - assert_script_run 'ipa-server-install -U --uninstall', 300; - # try and un-garble the screen that the above sometimes garbles - # ...we may be on tty1 or tty3 now, so flip between them - send_key "ctrl-alt-f1"; - send_key "ctrl-alt-f3"; - # FIXME check server is decommissioned...how? - } + # once child jobs are done, stop the server + wait_for_children; + # run post-fail hook to upload logs - even when this test passes + # there are often cases where we need to see the logs (e.g. client + # test failed due to server issue) + $self->post_fail_hook(); + assert_script_run 'systemctl stop ipa.service'; + # check server is stopped + assert_script_run '! systemctl is-active ipa.service'; + # decommission the server + assert_script_run 'ipa-server-install -U --uninstall', 300; + # try and un-garble the screen that the above sometimes garbles + # ...we may be on tty1 or tty3 now, so flip between them + send_key "ctrl-alt-f1"; + send_key "ctrl-alt-f3"; + # FIXME check server is decommissioned...how? }