We only need to verify installation of replica under domain level 1, otherwise
replica is not installed but only a gpg file is prepared
Reviewed-By: David Kupka <dkupka@redhat.com>
setUp method does not get executed in recent versions of pytest
Replaced with the install method derived from the parent IntegrationTest class
Reviewed-By: David Kupka <dkupka@redhat.com>
Unapply fixes removes the temporary testing folder at ~/ipatests, which
contains some artifacts like root.pem that need to be persistent between tests
in the test_caless testsuite. There has to be the way to skip the deletion of
this testfolder
Reviewed-By: David Kupka <dkupka@redhat.com>
Negative testing was enabled by introducing an optional raiseonerr parameter
with True by default to both master and replica installation methods
Also the methods were updated to support intractive installation
Reviewed-By: David Kupka <dkupka@redhat.com>
Master and replica installation methods were made to utilize corresponding
methods from tasks.py for the sake of DRY
Reviewed-By: David Kupka <dkupka@redhat.com>
The IntegrationTest.install method installs the full topology while in ca-less
tests we need to check server installation, thus the nodes should not have
server or replica installed
Reviewed-By: David Kupka <dkupka@redhat.com>
Upon uninstallation IPA does not remove certs from the system, see
https://fedorahosted.org/freeipa/ticket/4639 for details. This causes
installation failures in several tests. The workaround is to manually remove
certs from all certificate databases used by IPA after each server
uninstallation
Reviewed-By: David Kupka <dkupka@redhat.com>
The installator has changed the question sequence so the stdin used for
interactive server installation has to be changed accordingly
Reviewed-By: David Kupka <dkupka@redhat.com>
The IPA installer refuses to accept certs signed with a CA-signature that does
not have basic constraints enabled (Described in RFC 5280)
Reviewed-By: David Kupka <dkupka@redhat.com>
When the same host is used for numerous server/replica
installations/uninstallations at some point the /etc/openldap/ldap.conf file
gets corruped which results in ldapsearch unaware of the default ldap_uri to
connect. The workaround would be to provide ldap hostname for each ldapsearch.
Attention: please unapply this fix once the original issue is resolved.
https://fedorahosted.org/freeipa/ticket/5880
Reviewed-By: David Kupka <dkupka@redhat.com>
update_from_dict() method is not used anywhere in the project,
it only makes the tests fail. Removed it and its tests.
https://fedorahosted.org/freeipa/ticket/6311
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
The man page and help of ipa-client-install and ipa-replica-conncheck
had an outdated information about what is used as a hostname.
https://fedorahosted.org/freeipa/ticket/5754
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
In test_ipaserver/test_ldap::test_ldap::test_GSSAPI a krb5 ccache is used to
connect to ldap. The test tries to locate this cache in /tmp/krb5cc_$UID file,
which is not there due to default settings in krb5.conf, and hence the whole
test is skipped. Fix the test to use keyring to connect instead of ccache in
/tmp.
https://fedorahosted.org/freeipa/ticket/6323
Reviewed-By: Martin Basti <mbasti@redhat.com>
Fixing discrepancies between returned and checked attributes in ipa-join host
test, that arose after recent changes in behavior.
https://fedorahosted.org/freeipa/ticket/6326
Reviewed-By: Martin Basti <mbasti@redhat.com>
Updating path to ipa-join command to allow execution of
test_xmlrpc/test_host::TestHostFalsePwdChange::test_join_host.
https://fedorahosted.org/freeipa/ticket/6326
Reviewed-By: Martin Basti <mbasti@redhat.com>
krb5kdc.service restart is necessary for proper running of integration trust
related tests.
https://fedorahosted.org/freeipa/ticket/6322
Reviewed-By: Martin Basti <mbasti@redhat.com>
In commit ed4c2d9252, changes to the Plugin
class were made, but the test was updated only partially.
Update the rest to fix the failing test.
https://fedorahosted.org/freeipa/ticket/6313
Reviewed-By: Martin Basti <mbasti@redhat.com>
Removing --force option from tracker base class so it would not be required to
be implemented in every specific tracker, even though it's not necessary.
Modifying existing trackers to reflect this change.
https://fedorahosted.org/freeipa/ticket/6124
Reviewed-By: Martin Basti <mbasti@redhat.com>
SSSD restart has been mistakenly added to integration tests
(test_integration/tasks.py::uninstall_master). When system setup is correct,
this restart has no significance, moreover it makes tests fail, hence its
removal is necessary.
https://fedorahosted.org/freeipa/ticket/6338
Reviewed-By: Oleg Fayans <ofayans@redhat.com>
Hostname is always set, remove the text that says
hostname is set only if it does not match the current
hostname.
https://fedorahosted.org/freeipa/ticket/6330
Reviewed-By: Abhijeet Kasurde <akasurde@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Inform the user where to find additional information
about certificate revocation reasons.
https://fedorahosted.org/freeipa/ticket/6327
Reviewed-By: Abhijeet Kasurde <akasurde@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
The added log messages allow easier debugging of
IP related issues during ipa-client-install.
https://fedorahosted.org/freeipa/ticket/6331
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Abhijeet Kasurde <akasurde@redhat.com>
Re-raise the thrown exception to get an error message
instead of a traceback during ipa-client-install with
invalid IP address.
https://fedorahosted.org/freeipa/ticket/6340
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
User and groups regexp are the same and constant should be used to avoid
any future misconfigurations.
https://fedorahosted.org/freeipa/ticket/5822
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Regexp should not enforce lenght of string, we have different checks for
that. Secondly regexp with length specified produces an incorrect error
message.
https://fedorahosted.org/freeipa/ticket/5822
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Backup and restore trust flags of existing certificates during CA
installation. This prevents marking a previously trusted certificate
as untrusted, as was the case when CA-less was converted to CA-full
with external CA when using the same certificate.
https://fedorahosted.org/freeipa/ticket/5791
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
