Replacing `fedora-30` with `fedora-latest` and `fedora-29` with `fedora-previous` will
reduce the changes required for new releases of Fedora.
Future changes would only require to update the name and version of the template used.
Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
test_smb is now failing in a repeatable way due to CI infrastructure
issues. Temporarily remove it until this is fixed.
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Vagrant retries to provision hosts if something happens, it was introduced
in PR-CI after 380c8b8c78.
This takes time, some jobs are killed during test execution, so this
increases the time-out parameter from 1 hour and 20 minutes to 2 hours.
Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Sometimes the gating tasks (build and jobs) are blocked because of nightly
regression remaining tasks are in progress. The reason is because nightly
regressions are not finished or they are re-triggered during day-time.
Gating tasks are blocked because they have same priority than nightly tasks.
This commit increases gating tasks priority so the testing of pull requests
will not be blocked anymore.
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Add tests for following scenarios:
* running `ipa-client-samba --uninstall` without prior installation
* mount and access Samba share by IPA user
* mount and access Samba share by AD user
* mount samba share by one IPA user and access it by another one
* try mount samba share without kerberos authentication
* uninstall and reinstall ipa-client-samba
Relates: https://pagure.io/freeipa/issue/3999
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>
Update boxes used in nightlies runs and add new ones.
Based on the changes made in freeipa/freeipa-pr-ci#304.
Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Verify that FreeIPA can be installed with an external CA that has a name
constraints extension.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Fixes: https://pagure.io/freeipa/issue/3999
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
The signing key for IPA's CA certificate now uses a 3072 bit RSA key by
default.
According to https://www.keylength.com/, NIST 800-57 Part 1 Rev. 4
recommends 3072 bit RSA keys for keys that are used beyond 2030 for 128 bit
strength.
Fixes: https://pagure.io/freeipa/issue/6790
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Vault and KDC proxy are neither critical subsystems nor are they likely to
fail. They have been pretty stable and don't see any major development.
It's sufficient to run them in nightly tests only.
The removal speed up gating a bit. Especially vault tests are slow and
usually take more than 30 minutes to complete
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Create and execute the server and client smart card advise scripts.
See: See: https://pagure.io/freeipa/issue/7751
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Enable testing (gating and nightly) to use the new F29 template.
Fixes: https://pagure.io/freeipa/issue/7779
Signed-off-by: Diogo Nunes <dnunes@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
Memory requirements for master and replica have been increased
due to OOM issues. This PR updates prci_definitions accordingly.
This PR also roll-back ipaserver mem reqs to the previous value
since the WebUI tests were split into different blocks.
Fixes https://pagure.io/freeipa/issue/7777
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Some tests have been identified as frequently failing on timeouts. While
we are investigating PRCI potential issues, increase the timeouts to
make PRCI usable. The rule is to add 30min if the test involves CA/KRA
installation or 20min otherwise for the most problematic tests.
test_forced_client_enrolment: from 1h to 1h20
test_vault: from 1h15 to 1h45
external_ca_1: from 1h to 1h20
test_sudo: from 1h to 1h20
test_authconfig: from 1h to 1h20
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
Now the test definition of nightly tests will be on freeipa repo. The
definition that's used on every PR (previously as .freeipa-pr-ci.yaml)
is in ipatests/prci_definitions/gating and the .freeipa-pr-ci.yaml file
is just a symlink to the real file.
In the same dir there is also nightly_master and nightly_rawhide, both
to be used in nightly tests.
Divided test_topology.py into 3 subtests.
Bumped vagrant template to version 0.1.6
This PR is the result of discussion on freeipa-devel mailing list [1].
[1] https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/4VAWJ4SFKKBFFICDLQCTXJWRRQHIYJLL/
Reviewed-By: Michal Reznik <mreznik@redhat.com>
