IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Test: To check ipa replica-manage del <FQDN> does not fail

Browse Source 
Problem:
If a replica installation fails before all the services have been enabled then
it could leave things in a bad state.

ipa-replica-manage del <replica> --cleanup --force
invalid 'PKINIT enabled server': all masters must have IPA master role enabled

Test Steps:
1. Setup server
2. Setup replica
3. modify the replica entry on Master:
   dn: cn=KDC,cn=<replica hostname>,cn=masters,cn=ipa,cn=etc,dc=<test>,dc=<realm>
   changetype: modify
   delete: ipaconfigstring
   ipaconfigstring: enabledService

   dn: cn=KDC,cn=<replica hostname>,cn=masters,cn=ipa,cn=etc,dc=<test>,dc=<realm>
   add: ipaconfigstring
   ipaconfigstring: configuredService
4. On master,
   run ipa-replica-manage del <replicaFQDN> --cleanup --force

Related Ticket: https://pagure.io/freeipa/issue/7929

Signed-off-by: Sumedh Sidhaye <ssidhaye@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Sumedh Sidhaye
2019-07-16 16:26:29 +05:30
committed by Rob Crittenden
parent 94b4af55b0
commit b52d40b0c1
4 changed files with 115 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
ipatests/prci_definitions/nightly_f29.yaml
View File

@@ -411,6 +411,18 @@ jobs:
timeout: 10800 timeout: 10800
topology: *master_1repl topology: *master_1repl
fedora-29/test_installation_TestInstallMasterReplica:
requires: [fedora-29/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-29/build_url}'
test_suite: test_integration/test_installation.py::TestInstallMasterReplica
template: *ci-master-f29
timeout: 10800
topology: *master_1repl
fedora-29/test_idviews: fedora-29/test_idviews:
requires: [fedora-29/build] requires: [fedora-29/build]
priority: 50 priority: 50

12
ipatests/prci_definitions/nightly_master.yaml
View File

@@ -423,6 +423,18 @@ jobs:
timeout: 10800 timeout: 10800
topology: *master_1repl topology: *master_1repl
fedora-30/test_installation_TestInstallMasterReplica:
requires: [fedora-30/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-30/build_url}'
test_suite: test_integration/test_installation.py::TestInstallMasterReplica
template: *ci-master-f30
timeout: 10800
topology: *master_1repl
fedora-30/test_idviews: fedora-30/test_idviews:
requires: [fedora-30/build] requires: [fedora-30/build]
priority: 50 priority: 50

12
ipatests/prci_definitions/nightly_rawhide.yaml
View File

@@ -411,6 +411,18 @@ jobs:
timeout: 10800 timeout: 10800
topology: *master_1repl topology: *master_1repl
fedora-rawhide/test_installation_TestInstallMasterReplica:
requires: [fedora-rawhide/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-rawhide/build_url}'
test_suite: test_integration/test_installation.py::TestInstallMasterReplica
template: *ci-master-frawhide
timeout: 10800
topology: *master_1repl
fedora-rawhide/test_idviews: fedora-rawhide/test_idviews:
requires: [fedora-rawhide/build] requires: [fedora-rawhide/build]
priority: 50 priority: 50

83
ipatests/test_integration/test_installation.py
View File

@@ -11,22 +11,24 @@ from __future__ import absolute_import
import os import os
import re import re
from datetime import datetime, timedelta import textwrap
import time import time
from datetime import datetime, timedelta
from cryptography.hazmat.primitives import hashes
import pytest import pytest
from cryptography.hazmat.primitives import hashes
from ipalib import x509
from ipalib.constants import DOMAIN_LEVEL_0 from ipalib.constants import DOMAIN_LEVEL_0
from ipaplatform.constants import constants from ipaplatform.constants import constants
from ipaplatform.osinfo import osinfo from ipaplatform.osinfo import osinfo
from ipaplatform.paths import paths from ipaplatform.paths import paths
from ipaplatform.tasks import tasks as platformtasks from ipaplatform.tasks import tasks as platformtasks
from ipapython import ipautil
from ipatests.pytest_ipa.integration import tasks
from ipatests.pytest_ipa.integration.env_config import get_global_config from ipatests.pytest_ipa.integration.env_config import get_global_config
from ipatests.test_integration.base import IntegrationTest from ipatests.test_integration.base import IntegrationTest
from ipatests.pytest_ipa.integration import tasks
from ipatests.test_integration.test_caless import CALessBase, ipa_certs_cleanup from ipatests.test_integration.test_caless import CALessBase, ipa_certs_cleanup
from ipalib import x509
config = get_global_config() config = get_global_config()
@@ -772,3 +774,76 @@ class TestMaskInstall(IntegrationTest):
""" Method to restore the default bashrc contents""" """ Method to restore the default bashrc contents"""
if self.bashrc_file is not None: if self.bashrc_file is not None:
self.master.put_file_contents('/root/.bashrc', self.bashrc_file) self.master.put_file_contents('/root/.bashrc', self.bashrc_file)
class TestInstallMasterReplica(IntegrationTest):
"""https://pagure.io/freeipa/issue/7929
Problem:
If a replica installation fails before all the services
have been enabled then
it could leave things in a bad state.
ipa-replica-manage del --cleanup --force
invalid 'PKINIT enabled server': all masters must have
IPA master role enabled
Root cause was that configuredServices were being
considered when determining what masters provide
what services, so a partially installed master
could cause operations to fail on other masters,
to the point where a broken master couldn't be removed.
"""
num_replicas = 1
topology = 'star'
@classmethod
def install(cls, mh):
tasks.install_master(cls.master, setup_kra=True)
# do not install KRA on replica, it is part of test
tasks.install_replica(cls.master, cls.replicas[0], setup_kra=False)
def test_replicamanage_del(self):
"""Test Steps:
1. Setup server
2. Setup replica
3. modify the replica entry on Master:
ldapmodify -D cn="Directory Manager"-w <passwd>
dn: cn=KDC,cn=<replicaFQDN>,cn=masters,cn=ipa,cn=etc,<baseDN>
changetype: modify
delete: ipaconfigstring
ipaconfigstring: enabledService
dn: cn=KDC,cn=<replicaFQDN>,cn=masters,cn=ipa,cn=etc,<baseDN>
add: ipaconfigstring
ipaconfigstring: configuredService
4. On master,
run ipa-replica-manage del <replicaFQDN> --cleanup --force
"""
# https://pagure.io/freeipa/issue/7929
# modify the replica entry on Master
cmd_output = None
dn_entry = 'dn: cn=KDC,cn=%s,cn=masters,cn=ipa,' \
'cn=etc,%s' % \
(self.replicas[0].hostname,
ipautil.realm_to_suffix(
self.replicas[0].domain.realm).ldap_text())
entry_ldif = textwrap.dedent("""
{dn}
changetype: modify
delete: ipaconfigstring
ipaconfigstring: enabledService
{dn}
add: ipaconfigstring
ipaconfigstring: configuredService
""").format(dn=dn_entry)
cmd_output = tasks.ldapmodify_dm(self.master, entry_ldif)
assert 'modifying entry' in cmd_output.stdout_text
cmd_output = self.master.run_command([
'ipa-replica-manage', 'del',
self.replicas[0].hostname, '--cleanup', '--force'
])
assert_text = 'Deleted IPA server "%s"' % self.replicas[0].hostname
assert assert_text in cmd_output.stdout_text