Drop old rolekit code from database and freeipa tests

RIP rolekit

Signed-off-by: Adam Williamson <awilliam@redhat.com>
This commit is contained in:
Adam Williamson 2020-01-10 14:25:45 -08:00
parent fc93309b41
commit fec49f05ec
3 changed files with 71 additions and 180 deletions

View File

@ -10,55 +10,39 @@ sub run {
my $self=shift; my $self=shift;
# use compose repo, disable u-t, etc. # use compose repo, disable u-t, etc.
repo_setup(); repo_setup();
# from here we branch: for F28 and earlier we use rolekit as # deploy postgres directly ourselves. first, install packages...
# always, for F29+ we deploy directly ourselves as rolekit is assert_script_run 'dnf -y install postgresql-server postgresql-contrib', 300;
# deprecated # configure the firewall
my $version = get_var("VERSION"); assert_script_run "firewall-cmd --permanent --add-service postgresql";
# for upgrade tests we need to check CURRREL not VERSION assert_script_run "systemctl restart firewalld.service";
$version = get_var("CURRREL") if (get_var("UPGRADE")); # init the db
if ($version < 29 && $version ne 'Rawhide') { assert_script_run "/usr/bin/postgresql-setup --initdb";
# deploy the database server role # enable and start the systemd service
assert_script_run 'echo \'{"database":"openqa","owner":"openqa","password":"correcthorse"}\' | rolectl deploy databaseserver --settings-stdin', 300; assert_script_run "systemctl enable postgresql.service";
# check the role status, should be 'running' assert_script_run "systemctl start postgresql.service";
validate_script_output 'rolectl status databaseserver/1', sub { $_ =~ m/^running/ }; # create the owner
# check 'settings' output looks vaguely right assert_script_run 'su postgres -c "/usr/bin/createuser openqa"';
validate_script_output 'rolectl settings databaseserver/1', sub {$_ =~ m/owner = openqa/ }; # create the database
} assert_script_run 'su postgres -c "/usr/bin/createdb openqa -O openqa"';
else { # set the password. oh, god, the quotes. THE QUOTES. trying to
# deploy postgres directly ourselves. first, install packages... # get four layers of nested quotes properly escaped through
assert_script_run 'dnf -y install postgresql-server postgresql-contrib', 300; # perl, bash and postgres is futile, so we write the command
# configure the firewall # to a file and call psql on the file
assert_script_run "firewall-cmd --permanent --add-service postgresql"; assert_script_run 'echo "ALTER ROLE openqa WITH PASSWORD \'correcthorse\'" > /tmp/cmd';
assert_script_run "systemctl restart firewalld.service"; assert_script_run 'su postgres -c "psql openqa -f /tmp/cmd"';
# init the db # adjust postgresql.conf to allow network connections; sloppy
assert_script_run "/usr/bin/postgresql-setup --initdb"; # version of how rolekit did it
# enable and start the systemd service assert_script_run 'sed -i -e "s,.*listen_addresses *=.*,listen_addresses=\'*\',g" /var/lib/pgsql/data/postgresql.conf';
assert_script_run "systemctl enable postgresql.service"; # check that worked...
assert_script_run "systemctl start postgresql.service"; upload_logs "/var/lib/pgsql/data/postgresql.conf";
# create the owner # adjust pg_hba.conf to use md5 authentication; sloppy version
assert_script_run 'su postgres -c "/usr/bin/createuser openqa"'; # of how rolekit did it
# create the database assert_script_run 'sed -i -e "s,^host,#host,g" /var/lib/pgsql/data/pg_hba.conf';
assert_script_run 'su postgres -c "/usr/bin/createdb openqa -O openqa"'; assert_script_run 'echo "host all all all md5" >> /var/lib/pgsql/data/pg_hba.conf';
# set the password. oh, god, the quotes. THE QUOTES. trying to # check that worked...
# get four layers of nested quotes properly escaped through upload_logs "/var/lib/pgsql/data/pg_hba.conf";
# perl, bash and postgres is futile, so we write the command # restart the service
# to a file and call psql on the file assert_script_run "systemctl restart postgresql.service";
assert_script_run 'echo "ALTER ROLE openqa WITH PASSWORD \'correcthorse\'" > /tmp/cmd';
assert_script_run 'su postgres -c "psql openqa -f /tmp/cmd"';
# adjust postgresql.conf to allow network connections; sloppy
# version of how rolekit did it
assert_script_run 'sed -i -e "s,.*listen_addresses *=.*,listen_addresses=\'*\',g" /var/lib/pgsql/data/postgresql.conf';
# check that worked...
upload_logs "/var/lib/pgsql/data/postgresql.conf";
# adjust pg_hba.conf to use md5 authentication; sloppy version
# of how rolekit did it
assert_script_run 'sed -i -e "s,^host,#host,g" /var/lib/pgsql/data/pg_hba.conf';
assert_script_run 'echo "host all all all md5" >> /var/lib/pgsql/data/pg_hba.conf';
# check that worked...
upload_logs "/var/lib/pgsql/data/pg_hba.conf";
# restart the service
assert_script_run "systemctl restart postgresql.service";
}
# check we can connect to the database and create a table # check we can connect to the database and create a table
assert_script_run 'su postgres -c "psql openqa -c \'CREATE TABLE test (testcol int);\'"'; assert_script_run 'su postgres -c "psql openqa -c \'CREATE TABLE test (testcol int);\'"';
# check we can add a row to the table # check we can add a row to the table
@ -71,26 +55,14 @@ sub run {
# we're all ready for other jobs to run! # we're all ready for other jobs to run!
mutex_create('db_ready'); mutex_create('db_ready');
wait_for_children; wait_for_children;
if ($version < 29 && $version ne 'Rawhide') { # once child jobs are done, decommission the server a bit
# once child jobs are done, stop the role assert_script_run 'su postgres -c "/usr/bin/dropdb -w --if-exists openqa"';
assert_script_run 'rolectl stop databaseserver/1'; assert_script_run 'su postgres -c "/usr/bin/dropuser -w --if-exists openqa"';
# check role is stopped # stop the server
validate_script_output 'rolectl status databaseserver/1', sub { $_ =~ m/^ready-to-start/ }; assert_script_run 'systemctl stop postgresql.service';
# decommission the role # check server is stopped
assert_script_run 'rolectl decommission databaseserver/1', 120; assert_script_run '! systemctl is-active postgresql.service';
# check role is decommissioned # FIXME check server is decommissioned...how?
validate_script_output 'rolectl list instances', sub { $_ eq "" };
}
else {
# once child jobs are done, decommission the server a bit
assert_script_run 'su postgres -c "/usr/bin/dropdb -w --if-exists openqa"';
assert_script_run 'su postgres -c "/usr/bin/dropuser -w --if-exists openqa"';
# stop the server
assert_script_run 'systemctl stop postgresql.service';
# check server is stopped
assert_script_run '! systemctl is-active postgresql.service';
# FIXME check server is decommissioned...how?
}
} }

View File

@ -33,74 +33,22 @@ sub run {
# read DNS server IPs from host's /etc/resolv.conf for passing to # read DNS server IPs from host's /etc/resolv.conf for passing to
# ipa-server-install / rolectl # ipa-server-install / rolectl
my @forwards = get_host_dns(); my @forwards = get_host_dns();
# from here we branch: for F28 and earlier we use rolekit as # First install the necessary packages
# always, for F29+ we deploy directly ourselves as rolekit is assert_script_run "dnf -y groupinstall freeipa-server", 600;
# deprecated # configure the firewall
my $version = get_var("VERSION"); for my $service (qw(freeipa-ldap freeipa-ldaps dns)) {
# for upgrade tests we need to check CURRREL not VERSION assert_script_run "firewall-cmd --permanent --add-service $service";
$version = get_var("CURRREL") if (get_var("UPGRADE"));
if ($version < 29 && $version ne 'Rawhide') {
# we are now gonna work around a stupid bug in rolekit. we want to
# pass it a list of ipv4 DNS forwarders and have no ipv6 DNS
# forwarders. but it won't allow you to have a dns_forwarders array
# with a "ipv4" list but no "ipv6" list, any values in the "ipv6"
# list must be contactable (so we can't use real IPv6 DNS servers
# as we have no IPv6 connectivity), and if you use an empty list
# as the "ipv6" value you often hit a weird DBus error "unable to
# guess signature from an empty list". Fortunately, rolekit doesn't
# actually check that the values in the lists are really IPv6 /
# IPv4, it just turns all the values in each list into --forwarder
# args for ipa-server-install. So we can just stuff IPv4 values
# into both lists. rolekit bug:
# https://github.com/libre-server/rolekit/issues/64
# it should be fixed relatively soon.
my $fourlist;
my $sixlist;
if (scalar @forwards == 1) {
# we've only got one server, so dupe it, best we can do
$fourlist = '["' . $forwards[0] . '"]';
$sixlist = $fourlist;
}
else {
# put the first value in the 'IPv4' list and all the others in
# the 'IPv6' list
$fourlist = '["' . shift(@forwards) . '"]';
$sixlist = '["' . join('","', @forwards) . '"]';
}
# this is hideous, but we need --allow-zone-overlap for reverse
# DNS stuff to work, and there's no good way to make rolekit do
# that. so we monkeypatch it in!
assert_script_run 'sed -i -e "s/\'ipa-server-install\', \'-U\',/\'ipa-server-install\', \'-U\', \'--allow-zone-overlap\',/" /usr/lib/rolekit/roles/domaincontroller/role.py';
# to check that worked right...
upload_logs "/usr/lib/rolekit/roles/domaincontroller/role.py";
# deploy the domain controller role, specifying an admin password
# and the list of DNS server IPs as JSON via stdin. If we don't do
# this, rolectl defaults to using the root servers as forwarders
# (it does not copy the settings from resolv.conf), which give the
# public results for mirrors.fedoraproject.org, some of which
# things running in phx2 cannot reach; we must make sure the phx2
# deployments use the phx2 nameservers.
assert_script_run 'echo \'{"admin_password":"monkeys123","reverse_zone":["2.0.10.in-addr.arpa"],"dns_forwarders":{"ipv4":' . $fourlist . ',"ipv6":' . $sixlist .'}}\' | rolectl deploy domaincontroller --name=domain.local --settings-stdin', 1200;
} }
else { assert_script_run "systemctl restart firewalld.service";
# this is the other side of the version branch - we're on 29+, # deploy the server
# so no rolekit. First install the necessary packages my $args = "-U --realm=DOMAIN.LOCAL --domain=domain.local --ds-password=monkeys123 --admin-password=monkeys123 --setup-dns --reverse-zone=2.0.10.in-addr.arpa --allow-zone-overlap";
assert_script_run "dnf -y groupinstall freeipa-server", 600; for my $fwd (@forwards) {
# configure the firewall $args .= " --forwarder=$fwd";
for my $service (qw(freeipa-ldap freeipa-ldaps dns)) {
assert_script_run "firewall-cmd --permanent --add-service $service";
}
assert_script_run "systemctl restart firewalld.service";
# deploy the server
my $args = "-U --realm=DOMAIN.LOCAL --domain=domain.local --ds-password=monkeys123 --admin-password=monkeys123 --setup-dns --reverse-zone=2.0.10.in-addr.arpa --allow-zone-overlap";
for my $fwd (@forwards) {
$args .= " --forwarder=$fwd";
}
assert_script_run "ipa-server-install $args", 1200;
# enable and start the systemd service
assert_script_run "systemctl enable ipa.service";
assert_script_run "systemctl start ipa.service", 300;
} }
assert_script_run "ipa-server-install $args", 1200;
# enable and start the systemd service
assert_script_run "systemctl enable ipa.service";
assert_script_run "systemctl start ipa.service", 300;
# kinit as admin # kinit as admin
assert_script_run 'echo "monkeys123" | kinit admin'; assert_script_run 'echo "monkeys123" | kinit admin';

View File

@ -20,51 +20,22 @@ sub run {
} }
# if this is an update, notify clients that we're now up again # if this is an update, notify clients that we're now up again
mutex_create('server_upgraded') if get_var("UPGRADE"); mutex_create('server_upgraded') if get_var("UPGRADE");
# from here we branch: for F28 and earlier we use rolekit as # once child jobs are done, stop the server
# always, for F29+ we decommission directly ourselves as rolekit wait_for_children;
# is deprecated # run post-fail hook to upload logs - even when this test passes
my $version = get_var("VERSION"); # there are often cases where we need to see the logs (e.g. client
if ($version < 29 && $version ne 'Rawhide') { # test failed due to server issue)
# check the role status, should be 'running' $self->post_fail_hook();
validate_script_output 'rolectl status domaincontroller/domain.local', sub { $_ =~ m/^running/ }; assert_script_run 'systemctl stop ipa.service';
# check the admin password is listed in 'settings' # check server is stopped
validate_script_output 'rolectl settings domaincontroller/domain.local', sub {$_ =~m/dm_password = \w{5,}/ }; assert_script_run '! systemctl is-active ipa.service';
# sanitize the settings # decommission the server
assert_script_run 'rolectl sanitize domaincontroller/domain.local'; assert_script_run 'ipa-server-install -U --uninstall', 300;
# check the password now shows as 'None' # try and un-garble the screen that the above sometimes garbles
validate_script_output 'rolectl settings domaincontroller/domain.local', sub {$_ =~ m/dm_password = None/ }; # ...we may be on tty1 or tty3 now, so flip between them
# once child jobs are done, stop the role send_key "ctrl-alt-f1";
wait_for_children; send_key "ctrl-alt-f3";
# run post-fail hook to upload logs - even when this test passes # FIXME check server is decommissioned...how?
# there are often cases where we need to see the logs (e.g. client
# test failed due to server issue)
$self->post_fail_hook();
assert_script_run 'rolectl stop domaincontroller/domain.local';
# check role is stopped
validate_script_output 'rolectl status domaincontroller/domain.local', sub { $_ =~ m/^ready-to-start/ };
# decommission the role
assert_script_run 'rolectl decommission domaincontroller/domain.local', 300;
# check role is decommissioned
validate_script_output 'rolectl list instances', sub { $_ eq "" };
}
else {
# once child jobs are done, stop the server
wait_for_children;
# run post-fail hook to upload logs - even when this test passes
# there are often cases where we need to see the logs (e.g. client
# test failed due to server issue)
$self->post_fail_hook();
assert_script_run 'systemctl stop ipa.service';
# check server is stopped
assert_script_run '! systemctl is-active ipa.service';
# decommission the server
assert_script_run 'ipa-server-install -U --uninstall', 300;
# try and un-garble the screen that the above sometimes garbles
# ...we may be on tty1 or tty3 now, so flip between them
send_key "ctrl-alt-f1";
send_key "ctrl-alt-f3";
# FIXME check server is decommissioned...how?
}
} }