When the host is down, the preparation of the host fails. This
produces misleading errors, since the test framework reports that
the actual command being executed failed, when in fact (in case
of SSHTransport), the cause of failure was unability to establish
a SSH session.
https://fedorahosted.org/freeipa/ticket/4132
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
Adds test cases for legacy client support with IPA that has estabilish
trust with AD that does not leverage POSIX attributes defined on AD.
https://fedorahosted.org/freeipa/ticket/4134
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
Restoring backup files and restoring their context were two separate commands,
what means that in case we use SSHTrasport, which creates a separate SSH
session for each command, we try to restore the SELinux context of the
changed files in a new session.
This causes problems, if the access to files themselves are necessary
for the creation of the new SSH session.
https://fedorahosted.org/freeipa/ticket/4133
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
All the hosts in the domain have IPA master set as their only
nameserver. However, the IPA master does not create records for
these machines by default. This is not an big issue for clients
or replicas, since those records do get created in other ways,
but external hosts using their internal hostnames will not resolve.
Adds an A record for each host in master's domain.
https://fedorahosted.org/freeipa/ticket/4130
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
The integration test for legacy clients used incorrectly "test group"
instead of "testgroup" as group used on AD for test purposes. This
is inconsistent with the usage of "testuser".
https://fedorahosted.org/freeipa/ticket/4131
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
When legacy client tests fail during IPA installation, the legacy
client test produces an additional misleading error
(the real cause is reported as well). This happens due the fact
that we try to cleanup host that was not yet defined. We need to
check for this attribute being defined before unapplying fixes there.
https://fedorahosted.org/freeipa/ticket/4124
Sudo calls are not necessary since we log in as a root. Additionally,
sudo requires tty in default configuration, which is not acquired
when using OpenSSH transport.
https://fedorahosted.org/freeipa/ticket/4125
The framework had a concept of external hostnames,
which the controller uses to contact the test machines,
but they were not loaded from configuration.
Load external names from configuration.
This makes tests pass in setups where internal and external
hostnames are different, and the internal hostnames are not
initially resolvable from the controller.
Adds support for host definition by a environment variables of the
following form:
ROLE_<keyword>_envX, where X is the number of the environment
for which host referenced by a role <keyword> should be defined.
Adds a required_extra_roles attribute to the IntegrationTest class,
which can test developer use to specify the extra roles that this
particular test requires. If not all required extra roles are
available, the test will be skipped.
All extra (and static) roles are accessible to the IntegrationTests
via the host_by_role method, which returns a host of given role.
Part of: https://fedorahosted.org/freeipa/ticket/3833
The integration tests must wait for replication to happen before checking
results. In some cases, the tests have failed because the checks that
detect completed replication were insufficient.
This fixes the code to:
- Wait for replication to be completed on both servers
- In the case of an error, continue waiting -- it might be the case that
the DS is temporarily unreachable
To differentiate between individual tests in BeakerLib output,
the argument needs to be added to the test name. Since Nose
doesn't provide a way to get the argument in a plugin,
a `test_argument` attribute must be added to the test function
to support this, simlarly to how `description` is used to set
individual "docstrings".
Add test_argument to the generated tests in the CA-less suite.
This adds a transport that uses /usr/bin/ssh calls to communicate
with remote hosts.
This transport is a bit slower and buffers output more than paramiko,
so it is only used if paramiko is not available, or forced with an
environment variable.
https://fedorahosted.org/freeipa/ticket/3890
This will make it possible to use a different mechanism for cases like
- Paramiko is not available
- Hosts without SSH servers (e.g. Windows)
Add BaseHost, Transport & Command base classes that define the interface
and common functionality, and Host, ParamikoTransport & SSHCommand with
specific details.
The {get,put}_file_contents methods are left on Host for convenience;
all other Transport methods must be now accessed through the transport.
Part of the work for https://fedorahosted.org/freeipa/ticket/3890
Differences from the test plan at
http://www.freeipa.org/index.php?title=V3/CA-less_install&oldid=6669 are:
- The following tests are included in all applicable positive
install tests, rather than being standalone test cases:
- Verify CA certificate stored in LDAP
- Verify CA PEM file created by IPA server install
- Verify that IPA server install does not configure certmonger
- Verify CA PEM file created by IPA replica install
- Verify that IPA replica install does not configure certmonger
- Verify CA PEM file created by IPA client install
- PKI setup is done only once for each test class
- Master installation is done once for the IPA command tests, and
once for the certinstall tests
- Certificates are compared after base64 decoding to avoid failures
from formatting mismatches
- Minor changes necessary for automation (e.g. adding --unattended
and --password options, correcting error messages)
- Web UI tests are not included here
https://fedorahosted.org/freeipa/ticket/3830
The integration testing framework used Paramiko SFTP files as
context managers. This feature is only available in Paramiko 1.10+.
Use an explicit context manager so that we don't rely on the feature.
Add ldap_connect() method to Host to allow executing querying LDAP from tests.
Use information in the mapping tree to poll until all replication is finished
(or failing) before checking that entries replicated successfully.
This allows a cluster of replicas and clients to be installed
in a named topology.
Several named topologies are available (star, line, complete, tree,
tree2) and new ones can be defined as a simple function.
Logs from Beaker jobs are normally very brief, with the standard
output/error containing detailed information. Make ipa-run-tests
with BeakerLib plugin follow this convention.
Only include INFO and higher level messages in the Beaker logs.
Downgrade several message levels to DEBUG.
Log to console using Python logging instead of showing the Beaker logs.
Since ipa-run-tests sets up its own logging, Nose's own log
handling just causes duplicate messages. Disable it with --nologcapture.
- Use the external hostname when connecting to remote hosts
- Make it possible to specify working directory for remote commands
- Move kinit calls to installation code
This allows tests where installation is done later
- Log at error level when a remote command fails unexpectedly
- Clean up test directory before testing
- Break infinite recursion in mkdir_recursive if dir can't be created