Updated the tests according to the new replica installation workflow

As of 4.3 the replica installation is performed without preparing a gpg file on
master, but rather enrolling a future replica as a client with subsequent
promotion of the client. This required the corresponding change in the
integration tests

https://fedorahosted.org/freeipa/ticket/5379

Reviewed-By: Martin Basti <mbasti@redhat.com>

ipatests/test_integration/config.py

@@ -26,6 +26,7 @@ import pytest_multihost.config
 
 from ipapython.dn import DN
 from ipapython.ipa_log_manager import log_mgr
+from ipalib.constants import MAX_DOMAIN_LEVEL
 
 
 class Config(pytest_multihost.config.Config):
@@ -39,6 +40,7 @@ class Config(pytest_multihost.config.Config):
         'ad_admin_name',
         'ad_admin_password',
         'dns_forwarder',
+        'domain_level',
     }
 
     def __init__(self, **kwargs):
@@ -56,10 +58,12 @@ class Config(pytest_multihost.config.Config):
             '%s.pool.ntp.org' % random.randint(0, 3)))
         self.ad_admin_name = kwargs.get('ad_admin_name') or 'Administrator'
         self.ad_admin_password = kwargs.get('ad_admin_password') or 'Secret123'
-
+        self.domain_level = kwargs.get('domain_level', MAX_DOMAIN_LEVEL)
         # 8.8.8.8 is probably the best-known public DNS
         self.dns_forwarder = kwargs.get('dns_forwarder') or '8.8.8.8'
         self.debug = False
+        if self.domain_level is None:
+            self.domain_level = MAX_DOMAIN_LEVEL
 
     def get_domain_class(self):
         return Domain

ipatests/test_integration/tasks.py

@@ -79,6 +79,12 @@ def prepare_host(host):
         host.put_file_contents(env_filename, env_to_script(host.to_env()))
 
 
+def allow_sync_ptr(host):
+    kinit_admin(host)
+    host.run_command(["ipa", "dnsconfig-mod", "--allow-sync-ptr=true"],
+                     raiseonerr=False)
+
+
 def apply_common_fixes(host):
     fix_etc_hosts(host)
     fix_hostname(host)
@@ -260,7 +266,8 @@ def install_master(host, setup_dns=True, setup_kra=False):
         'ipa-server-install', '-U',
         '-r', host.domain.name,
         '-p', host.config.dirman_password,
-        '-a', host.config.admin_password
+        '-a', host.config.admin_password,
+        "--domain-level=%i" % host.config.domain_level
     ]
 
     if setup_dns:
@@ -288,6 +295,18 @@ def get_replica_filename(replica):
     return os.path.join(replica.config.test_dir, 'replica-info.gpg')
 
 
+def domainlevel(host):
+    # Dynamically determines the domainlevel on master. Needed for scenarios
+    # when domainlevel is changed during the test execution.
+    result = host.run_command(['ipa', 'domainlevel-get'], raiseonerr=False)
+    level = 0
+    domlevel_re = re.compile('.*(\d)')
+    if result.returncode == 0:
+        # "domainlevel-get" command doesn't exist on ipa versions prior to 4.3
+        level = int(domlevel_re.findall(result.stdout_text)[0])
+    return level
+
+
 def replica_prepare(master, replica):
     apply_common_fixes(replica)
     fix_apache_semaphores(replica)
@@ -306,15 +325,13 @@ def install_replica(master, replica, setup_ca=True, setup_dns=False,
                     setup_kra=False):
     replica.collect_log(paths.IPAREPLICA_INSTALL_LOG)
     replica.collect_log(paths.IPAREPLICA_CONNCHECK_LOG)
-
+    allow_sync_ptr(master)
-    replica_prepare(master, replica)
+    # Otherwise ipa-client-install would not create a PTR
-
+    # and replica installation would fail
-    replica_filename = get_replica_filename(replica)
     args = ['ipa-replica-install', '-U',
             '-p', replica.config.dirman_password,
             '-w', replica.config.admin_password,
-            '--ip-address', replica.ip,
+            '--ip-address', replica.ip]
-            replica_filename]
     if setup_ca:
         args.append('--setup-ca')
     if setup_dns:
@@ -322,8 +339,18 @@ def install_replica(master, replica, setup_ca=True, setup_dns=False,
             '--setup-dns',
             '--forwarder', replica.config.dns_forwarder
         ])
-    replica.run_command(args)
+    if domainlevel(master) == 0:
+        apply_common_fixes(replica)
+        # prepare the replica file on master and put it to replica, AKA "old way"
+        replica_prepare(master, replica)
+        replica_filename = get_replica_filename(replica)
+        args.append(replica_filename)
+    else:
+        # install client on a replica machine and then promote it to replica
+        install_client(master, replica)
+        fix_apache_semaphores(replica)
 
+    replica.run_command(args)
     enable_replication_debugging(replica)
     setup_sssd_debugging(replica)
 

ipatests/test_integration/test_testconfig.py

@@ -23,6 +23,7 @@ import copy
 from ipatests.test_integration import config
 from ipapython.ipautil import write_tmp_file
 from ipatests.util import assert_deepequal
+from ipalib.constants import MAX_DOMAIN_LEVEL
 
 DEFAULT_OUTPUT_DICT = {
     "nis_domain": "ipatest",
@@ -39,7 +40,8 @@ DEFAULT_OUTPUT_DICT = {
     "dirman_dn": "cn=Directory Manager",
     "dirman_password": "Secret123",
     "ntp_server": "ntp.clock.test",
-    "admin_password": "Secret123"
+    "admin_password": "Secret123",
+    "domain_level": MAX_DOMAIN_LEVEL
 }
 
 DEFAULT_OUTPUT_ENV = {
@@ -57,6 +59,7 @@ DEFAULT_OUTPUT_ENV = {
     "ADADMINPW": "Secret123",
     "IPv6SETUP": "",
     "IPADEBUG": "",
+    "DOMAINLVL": MAX_DOMAIN_LEVEL
 }
 
 DEFAULT_INPUT_ENV = {