mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
tests: add host zone with overlap
This patch is mainly for test_forced_client_reenrolment suite where when we are not in control of our client DNS we create an overlap zone in order to get the host records updated. This also sets resolv.conf before every ipa-client-install to the ipa master. https://pagure.io/freeipa/issue/7124 Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Milan Kubik <mkubik@redhat.com>
This commit is contained in:
parent
209bb27712
commit
a2a6cf381e
@ -1330,3 +1330,29 @@ def ldappasswd_user_change(user, oldpw, newpw, master):
|
||||
args = [paths.LDAPPASSWD, '-D', userdn, '-w', oldpw, '-a', oldpw,
|
||||
'-s', newpw, '-x']
|
||||
master.run_command(args)
|
||||
|
||||
|
||||
def add_dns_zone(master, zone, skip_overlap_check=False,
|
||||
dynamic_update=False, add_a_record_hosts=None):
|
||||
"""
|
||||
Add DNS zone if it is not already added.
|
||||
"""
|
||||
|
||||
result = master.run_command(
|
||||
['ipa', 'dnszone-show', zone], raiseonerr=False)
|
||||
|
||||
if result.returncode != 0:
|
||||
command = ['ipa', 'dnszone-add', zone]
|
||||
if skip_overlap_check:
|
||||
command.append('--skip-overlap-check')
|
||||
if dynamic_update:
|
||||
command.append('--dynamic-update=True')
|
||||
|
||||
master.run_command(command)
|
||||
|
||||
if add_a_record_hosts:
|
||||
for host in add_a_record_hosts:
|
||||
master.run_command(['ipa', 'dnsrecord-add', zone,
|
||||
host.hostname + ".", '--a-rec', host.ip])
|
||||
else:
|
||||
logger.debug('Zone %s already added.', zone)
|
||||
|
@ -43,6 +43,19 @@ class TestForcedClientReenrollment(IntegrationTest):
|
||||
def install(cls, mh):
|
||||
super(TestForcedClientReenrollment, cls).install(mh)
|
||||
tasks.install_master(cls.master)
|
||||
|
||||
cls.client_dom = cls.clients[0].hostname.split('.', 1)[1]
|
||||
if cls.client_dom != cls.master.domain.name:
|
||||
# In cases where client is managed by upstream DNS server we
|
||||
# overlap its zone so we can save DNS records (e.g. SSHFP) for
|
||||
# comparison.
|
||||
servers = [cls.master] + cls.replicas
|
||||
tasks.add_dns_zone(cls.master, cls.client_dom,
|
||||
skip_overlap_check=True,
|
||||
dynamic_update=True,
|
||||
add_a_record_hosts=servers
|
||||
)
|
||||
|
||||
tasks.install_replica(cls.master, cls.replicas[0], setup_ca=False)
|
||||
cls.BACKUP_KEYTAB = os.path.join(
|
||||
cls.master.config.test_dir,
|
||||
@ -162,13 +175,14 @@ class TestForcedClientReenrollment(IntegrationTest):
|
||||
'-p', 'tcp',
|
||||
'--dport', '22'
|
||||
])
|
||||
client.run_command([
|
||||
'iptables',
|
||||
'-A', 'INPUT',
|
||||
'-j', 'REJECT',
|
||||
'-p', 'all',
|
||||
'--source', self.master.ip
|
||||
])
|
||||
for host in [self.master] + self.replicas:
|
||||
client.run_command([
|
||||
'iptables',
|
||||
'-A', 'INPUT',
|
||||
'-j', 'REJECT',
|
||||
'-p', 'all',
|
||||
'--source', host.ip
|
||||
])
|
||||
self.uninstall_client()
|
||||
client.run_command(['iptables', '-F'])
|
||||
|
||||
@ -246,7 +260,7 @@ class TestForcedClientReenrollment(IntegrationTest):
|
||||
client_host = self.clients[0].hostname.split('.')[0]
|
||||
|
||||
result = self.master.run_command(
|
||||
['ipa', 'dnsrecord-show', self.master.domain.name, client_host]
|
||||
['ipa', 'dnsrecord-show', self.client_dom, client_host]
|
||||
)
|
||||
|
||||
lines = result.stdout_text.splitlines()
|
||||
@ -270,7 +284,8 @@ class TestForcedClientReenrollment(IntegrationTest):
|
||||
contents = self.master.get_file_contents(self.BACKUP_KEYTAB)
|
||||
self.clients[0].put_file_contents(self.BACKUP_KEYTAB, contents)
|
||||
|
||||
def fix_resolv_conf(self, client, server):
|
||||
@classmethod
|
||||
def fix_resolv_conf(cls, client, server):
|
||||
"""
|
||||
Put server's ip address at the top of resolv.conf
|
||||
"""
|
||||
@ -284,6 +299,9 @@ class TestForcedClientReenrollment(IntegrationTest):
|
||||
|
||||
@pytest.fixture()
|
||||
def client(request):
|
||||
# Here we call "fix_resolv_conf" method before every ipa-client-install so
|
||||
# we get the client pointing to ipa master as DNS server.
|
||||
request.cls.fix_resolv_conf(request.cls.clients[0], request.cls.master)
|
||||
tasks.install_client(request.cls.master, request.cls.clients[0])
|
||||
|
||||
def teardown_client():
|
||||
|
Loading…
Reference in New Issue
Block a user