Commit Graph

46 Commits

Author SHA1 Message Date
Tibor Dudlák
5929d5d872 Use temporary pid file for chronyd -q task
chrony is causing an SELinux denial because of chronyd
was not spawned using systemd and the command creates
a pidfile for unconfined proccess in /var/run with SELinux label:
unconfined_u:object_r:var_run_t:s0
Following chronyd daemon enablement with systemd will fail
due to mismatched SELinux labels on chronyd pidfile.
chronyd pidfile should be labeled with the following label:
system_u:object_r:chronyd_var_run_t:s0
This also changes bindcmdaddress to not touch /var/run/chrony.

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-05-02 16:44:54 -04:00
Stanislav Laznicka
b5bdd07bc5
Add absolute_import future imports
Add absolute_import from __future__ so that pylint
does not fail and to achieve python3 behavior in
python2.

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2018-04-20 09:43:37 +02:00
Tibor Dudlák
692a9931da Fix format string passed to pytest-multihost
Integration trust test suit failed with error trying to
start chronyd because of bad formating of passed string

See: https://pagure.io/python-pytest-multihost/issue/15
Resolves: https://pagure.io/freeipa/issue/7487
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-04-17 16:25:12 +02:00
Tibor Dudlák
ca9c4d70a0 Replace ntpd with chronyd in installation
Completely remove ipaserver/install/ntpinstance.py

This is no longer needed as chrony client configuration
is now handled in ipa-client-install.

Part of ipclient/install/client.py related to ntp configuration
has been refactored a bit to not lookup for srv records
and/or run chrony if not necessary.

Addresses: https://pagure.io/freeipa/issue/7024
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-04-09 11:00:02 -04:00
Ganna Kaihorodova
28acbc6c11
Fix in IPA's multihost fixture
AD related tests, which aren't require all set of AD machines
were skipped with error msg: Not enough resources configured.

Changed hard coded number of AD machines to use.

Reviewed-By: Aleksei Slaikovskii <aslaikov@redhat.com>
2018-04-09 15:15:47 +02:00
Ganna Kaihorodova
b7293a9184
TestBasicADTrust.test_ipauser_authentication
test_ipauser_authentication is failing with error: "Confidentiality required"
Password operation must be performed over a secure connection

To start TLS encryption added -ZZ option, in order to be connection successful

https://pagure.io/freeipa/issue/7470

Reviewed-By: Aleksei Slaikovskii <aslaikov@redhat.com>
2018-04-06 16:00:48 +02:00
Christian Heimes
492e3c9b1e NSSDB: Let certutil decide its default db type
CertDB no longer makes any assumptions about the default db type of a NSS
DB. Instead it let's certutil decide when dbtype is set to 'auto'. This
makes it much easier to support F27 and F28 from a single code base.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2018-02-23 11:04:10 +01:00
Christian Heimes
2391c75e3d Replace hard-coded paths with path constants
Several run() calls used hard-coded paths rather than pre-defined paths
from ipaplatform.paths. The patch fixes all places that I was able to
find with a simple search.

The fix simplifies Darix's port of freeIPA on openSuSE.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-02-08 09:32:12 +01:00
Felipe Barreto
d945583cc7 Make IntegrationTest fail if an error happened during uninstall
Before this change, if the uninstall process fails, the test would not fail, due
to the raiseonerr=False.

It's necessary to remove the uninstall call in CALessBase because in
TestIntegration there is another uninstall call. So, without the
raiseonerr=False, it would make the uninstall process fail, since the master is
already uninstalled.

https://pagure.io/freeipa/issue/7357

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-02-07 13:24:46 +01:00
Felipe Barreto
7b7edd57cd IntegrationTests now collects logs from all test methods
logs_dict should not be cleared. It's filled once per class and it
should not be cleared after running the first test.

https://pagure.io/freeipa/issue/7310
https://pagure.io/freeipa/issue/7335

Reviewed-By: Michal Reznik <mreznik@redhat.com>
2018-02-06 15:53:08 +01:00
Michal Reznik
e55969f7e0 test_caless: add SAN extension to other certs
Currently when testing we are using SAN extension only in
KDC, wildcard certs and not in the other certs.
During replica installation we then see a warning about certs
having no `subjectAltName`.

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-01-17 12:52:16 +01:00
Michal Reznik
3bdac1a84d tests: move CA related modules to pytest_plugins
Till now both create_caless_pki.py and create_external_ca.py were
stored in test_integration folder. However when trying to import
e.g. "from create_external_ca import ExternalCA" from tasks.py
where all other integration test`s support functions lives we get
"AttributeError: module 'pytest' has no attribute 'config' as pytest
was not completely initialized at the moment of the import.

https://pagure.io/freeipa/issue/7302

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2018-01-09 10:17:01 +01:00
Michal Reznik
efe21a1bda test_tasks: add sign_ca_and_transport() function
Add sign_ca_and_transport() function which will sign provided csr
and transport root CA and signed IPA CA to the host.

https://pagure.io/freeipa/issue/7302

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2018-01-09 10:17:01 +01:00
Felipe Barreto
f5c01c5e86 Fixing test_testconfig with proper asserts
When the cls in env_config.py is a WinHost, the __init__ receives different
parameters. Now, it's adapted to all different kinds of hosts.

Also, it's necessary to add the host_type field to most of domains created
in the test classes, because the field is returned by pytest_multihost.Config
in pytest_plugins/integration/config.py::Config::to_dict

https://pagure.io/freeipa/issue/7346

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-01-09 08:03:49 +01:00
Christian Heimes
beb6d74b81 LGTM: unnecessary else in for loop
for/else makes only sense when the for loop uses break, too. If the for
loop simply returns on success, then else is not necessary.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2018-01-09 07:53:28 +01:00
Christian Heimes
73ee9ff40e LGTM: Fix multiple use before assignment
- Move assignment before try/finally block
- Add raise to indicate control flow change
- Add default value

https://pagure.io/freeipa/issue/7344

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2018-01-09 07:53:28 +01:00
Christian Heimes
0071744929 Support sqlite NSSDB
Prepare CertDB and NSSDatabase to support sqlite DB format. NSSDatabase
will automatically detect and use either old DBM or new SQL format. Old
databases are not migrated yet.

https://pagure.io/freeipa/issue/7049

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2017-11-16 12:17:01 +01:00
Abhijeet Kasurde
f6adf4f3a8 Trivial typo fix.
Fix adds correction to word 'enforce'

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2017-11-15 11:14:15 +01:00
Tomas Krizek
c45a989506
ipatests: fix circular import for collect_logs
Move collect_logs function from util to avoid a circular import.

Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2017-11-13 13:49:51 +01:00
Christian Heimes
3ca77456ee
Py3: fix fetching of tar files
pytest_multihost does not support binary stdout stream yet,
https://pagure.io/python-pytest-multihost/issue/7 . Write logs to
temporary file and use host.get_file_content() to fetch them.

https://pagure.io/freeipa/issue/7131

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Michal Reznik <mreznik@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2017-11-10 13:18:47 +01:00
Felipe Barreto
16da7c612e
Fix log capture when running pytests_multihosts commands
The pytests_plugins/integration/config.py::Config class
provides the get_logger method in order to customize the
default log of the plugin.

Previously, before commit 07229c8ff6,
the code was using ipa_log_manager, a custom log solution. After
moving to use the default python way, the log is not configured anymore.

This PR address it changing the level to DEBUG in order to capture
the output of pytest_multihosts commands.

As an example, when running `ipa-server-install`, you will be able
to see an output like this:
```
[[...].Host.master.cmd2] Checking DNS domain ipa.test, please wait ...
[[...].Host.master.cmd2]
[[...].Host.master.cmd2] The log file for this installation can be found in /var/log/ipaserver-install.log
[[...].Host.master.cmd2] ==============================================================================
[[...].Host.master.cmd2] This program will set up the FreeIPA Server.
[[...].Host.master.cmd2]
[[...].Host.master.cmd2] This includes:
[[...].Host.master.cmd2]   * Configure a stand-alone CA (dogtag) for certificate management
[[...].Host.master.cmd2]   * Configure the Network Time Daemon (ntpd)
[[...].Host.master.cmd2]   * Create and configure an instance of Directory Server
[[...].Host.master.cmd2]   * Create and configure a Kerberos Key Distribution Center (KDC)
```

Fixes: https://pagure.io/freeipa/issue/7186
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
2017-11-06 16:22:18 +01:00
Stanislav Laznicka
71a8026496
py3: pass raw entries to LDIFWriter
LDIFWriter.unparse() expects the scalar values of the attributes
of the entries to be bytes as it applies a byte regular expression
to check whether to base64-encode the values or not. Previously,
we were passing the scalar attribute values as strings which
was breaking the LDIFWriter.unparse() exectution.

https://pagure.io/freeipa/issue/7131

Reviewed-By: Felipe Barreto <fbarreto@redhat.com>
2017-10-26 12:43:47 +02:00
Tomas Krizek
be6f1a67cb
ipatests: set default 389-ds log level to 0
During integration tests, the log level of 8192 (replication debugging)
was excessive and made reading 389-ds logs very hard without providing
any useful information.

Part of: https://pagure.io/freeipa/issue/7162
Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2017-10-23 18:13:36 +02:00
Petr Čech
3a0410267f ipatests: Fix on logs collection
If the function `install_kra` or `install_ca` fails
on call `host.run_command(command, raiseonerr=raiseonerr)`
then the logs are not collected.

This situation is not optimal because we need to see what happend
during the debbuging the tests.

So, this patch solves this situation and it adds try--finally
construction.

https://pagure.io/freeipa/issue/7214

Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
2017-10-18 17:01:53 +02:00
Abhijeet Kasurde
c8dbd0cfbe
tests: correct usage of hostname in logger in tasks
This fix adds correct usage of host.hostname in logger.

Fixes: https://pagure.io/freeipa/issue/7190

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2017-10-18 12:13:55 +02:00
David Kupka
53abf0105b
tests: Add LDAP URI to ldappasswd explicitly
Tests should always rely on api.env.* values when possible.
Without this running the tests remotely can result in errors such
as ldap{search,modify,passwd} attempting to connect to the
wrong URI and failing.

https://fedorahosted.org/freeipa/ticket/6622

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2017-10-13 17:03:23 +02:00
Michal Reznik
a2a6cf381e tests: add host zone with overlap
This patch is mainly for test_forced_client_reenrolment suite
where when we are not in control of our client DNS we create an
overlap zone in order to get the host records updated. This also
sets resolv.conf before every ipa-client-install to the ipa master.

https://pagure.io/freeipa/issue/7124

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Milan Kubik <mkubik@redhat.com>
2017-10-11 13:06:57 +02:00
Michal Reznik
3b5e979334 tests_py3: decode get_file_contents() result
When running tests in python3 we get bytes object instead of
bytestring from get_file_contents() and when passing it to
run_command() we later fail on concatenation in shell_quote().

https://pagure.io/freeipa/issue/7131

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2017-10-06 09:22:37 +02:00
Michal Reznik
f2b32759b9 test_caless: add caless to external CA test
Add caless to external CA test as the suite is currently
missing one.

https://pagure.io/freeipa/issue/7155

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2017-10-04 10:18:11 +02:00
Tomas Krizek
4028f1aebb
ipatests: collect log after ipa-ca-install
Make sure logs are collected after calling ipa-ca-install command.

Related: https://pagure.io/freeipa/issue/7060

Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2017-08-31 13:41:27 +02:00
Abhijeet Kasurde
8d3924dc98
Vault testcase improvement
* Collect logs for install KRA

Related: https://pagure.io/freeipa/issue/7098

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
2017-08-11 12:13:21 +02:00
Jan Cholasta
07229c8ff6 logging: do not use ipa_log_manager to create module-level loggers
Replace all `ipa_log_manager.log_mgr.get_logger` calls to create
module-level loggers with `logging.getLogger` calls and deprecate
`ipa_log_manager.log_mgr.get_logger`.

Reviewed-By: Martin Basti <mbasti@redhat.com>
2017-07-14 15:55:59 +02:00
Jan Cholasta
ffadcb0414 logging: remove object-specific loggers
Remove all object-specific loggers, with the exception of `Plugin.log`,
which is now deprecated. Replace affected logger calls with module-level
logger calls.

Deprecate object-specific loggers in `ipa_log_manager.get_logger`.

Reviewed-By: Martin Basti <mbasti@redhat.com>
2017-07-14 15:55:59 +02:00
Tomas Krizek
44e3496bd1 ipatests: do not collect systemd journal when logfile_dir is missing
If logs aren't collected to logfile_dir, skip collection of systemd
journal.

Related https://pagure.io/freeipa/issue/6971

Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2017-06-15 13:52:50 +02:00
Tomas Krizek
48b7e83511 ipatests: add systemd journal collection for multihost tests
Some messages are only logged in journal. Collection of journal
makes debugging failed tests from logs easier.

Fixes: https://pagure.io/freeipa/issue/6971

Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2017-06-01 11:50:44 +02:00
Tomas Krizek
906c4c9459 ipatests: change logdir naming pattern for multihost tests
Remove brackets from the paths in naming pattern of directories
for multihost logs. Brackets in filenames require special handling
in markdown URLs, bash paths etc.

Related: https://pagure.io/freeipa/issue/6971

Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2017-06-01 11:50:44 +02:00
Christian Heimes
af140b0bc1 Silence pytest.yield_fixture deprecation warning
pytest >= 2.10 supports yield based fixtures with pytest.fixture. In
pytest < 2.10 pytest.yield_fixture is required. But that function
also raises a deprecation warning in pytest >= 3.0. FreeIPA has to stay
compatible with pytest < 2.10 for RHEL 7 testing.

https://docs.pytest.org/en/latest/fixture.html#fixture-finalization-executing-teardown-code

https://pagure.io/freeipa/issue/6591

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2017-05-30 12:28:51 +02:00
Michal Reznik
2493f81204 - added krb5kdc.log to pytest logging
KRB5KDC_LOG = '/var/log/krb5kdc.log' added to paths
host.collect_log(paths.KRB5KDC_LOG) added to tasks.py

Signed-off-by: Michal Reznik <mreznik@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
2017-04-12 17:34:32 +02:00
Martin Basti
fd597f83ae collect audit.log for easier selinux investigation
Audit log contains useful information about selinux issues

Reviewed-By: Milan Kubik <mkubik@redhat.com>
2017-04-06 10:08:54 +02:00
Christian Heimes
24161a6190
Move remaining util functions to tasks module
https://pagure.io/freeipa/issue/6798
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Milan Kubik <mkubik@redhat.com>
2017-03-22 13:42:04 +01:00
Christian Heimes
8aadd55c93
Move function run_repeatedly to tasks module
https://pagure.io/freeipa/issue/6798
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Milan Kubik <mkubik@redhat.com>
2017-03-22 13:42:04 +01:00
Christian Heimes
8867412adc
Move hosts module to ipatests.pytest_plugins.integration.hosts
https://pagure.io/freeipa/issue/6798
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Milan Kubik <mkubik@redhat.com>
2017-03-22 13:42:04 +01:00
Christian Heimes
313ae46b57
Move tasks module to ipatests.pytest_plugins.integration.tasks
https://pagure.io/freeipa/issue/6798
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Milan Kubik <mkubik@redhat.com>
2017-03-22 13:42:04 +01:00
Christian Heimes
1406dbc8c2
Move env_config module to ipatests.pytest_plugins.integration.env_config
https://pagure.io/freeipa/issue/6798
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Milan Kubik <mkubik@redhat.com>
2017-03-22 13:42:04 +01:00
Christian Heimes
2895e3931d
Move config module to ipatests.pytest_plugins.integration.config
https://pagure.io/freeipa/issue/6798
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Milan Kubik <mkubik@redhat.com>
2017-03-22 13:42:04 +01:00
Christian Heimes
dde71ec4a9
Move helper code for integration plugin
The changes made to ipa-run-tests script in fd1b4f6 broke the
ipa-test-config and ipa-test-task scripts which are not executed
via pytest.

To fix the issue, all helper code and dependencies of the integration
plugin are moved out of ipatests.test_integration and into the
integration plugin. As first step ipatests.pytest_plugins.integration
is turned into a package.

https://pagure.io/freeipa/issue/6798
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Milan Kubik <mkubik@redhat.com>
2017-03-22 13:42:04 +01:00