fix for https://fedorahosted.org/freeipa/ticket/4933 made ipa-dns-install to
use LDAPI and deprecated -p option for directory manager password. This patche
remove the option from calls to ipa-dns-install in CI tests so that
deprecation warning does not clutter the logs.
Reviewed-By: Milan Kubik <mkubik@redhat.com>
As of 4.3 the replica installation is performed without preparing a gpg file on
master, but rather enrolling a future replica as a client with subsequent
promotion of the client. This required the corresponding change in the
integration tests
https://fedorahosted.org/freeipa/ticket/5379
Reviewed-By: Martin Basti <mbasti@redhat.com>
The StringIO class was moved to the io module.
(In Python 2, io.StringIO is available, but is Unicode-only.)
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
In beaker lab the situation when master and replica have ip addresses from
different subnets is quite frequent. When a replica has ip from different
subnet than master's, ipa-replica-prepare looks up a proper reverse zone to
add a pointer record, and if it does not find it, it asks a user for permission
to create it automatically. It breaks the tests adding the unexpected input.
The workaround is to always create a reverse zone for a new replica.
Corresponding ticket is https://fedorahosted.org/freeipa/ticket/5306
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
The patch fixes bug in the construction of ipa-replica-install arguments in
test_integration/tasks.install_replica. Due to this bug the replica
installation during certain integration tests involved CA setup even when
setup_ca was set to False.
Reviewed-By: Milan Kubik <mkubik@redhat.com>
Tests:
* install master, replica, then instal DNSSEC on master
* test if zone is signed (added on master)
* test if zone is signed (added on replica)
* install master with DNSSEC, then install replica
* test if root zone is signed
* add zone, verify signatures using our root zone
https://fedorahosted.org/freeipa/ticket/4657
Reviewed-By: Milan Kubik <mkubik@redhat.com>
The core integration testing functionality was split into a separate
project. Use this project, and configure it for FreeIPA.
The "mh" (multihost) fixture is made available for integration tests.
Configuration based on environment variables is moved into a separate
module, to ease eventual deprecation.
Reviewed-By: Tomas Babej <tbabej@redhat.com>
IPA uses both named and named-pkcs11 service.
If named is masked use named-pkcs11, instead of raising exception
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
If the test backup directory was never created (for example if
there was an early failure, or install was never run),
we don't want the test to fail.
Do not restore if the backup dir is not there.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
When restoring files from backup, we do use an incorrect order of
operations - we first restore SELinux context and then copy the
files from backup, when we need to do the exact opposite.
https://fedorahosted.org/freeipa/ticket/4133
Reviewed-By: Jan Pazdziora <jpazdziora@redhat.com>
In the integration tests, we do not stop the sssd service
before deleting the cache, but rather start it. We need
to stop sssd before deleting the cache.
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
When the host is down, the preparation of the host fails. This
produces misleading errors, since the test framework reports that
the actual command being executed failed, when in fact (in case
of SSHTransport), the cause of failure was unability to establish
a SSH session.
https://fedorahosted.org/freeipa/ticket/4132
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
Restoring backup files and restoring their context were two separate commands,
what means that in case we use SSHTrasport, which creates a separate SSH
session for each command, we try to restore the SELinux context of the
changed files in a new session.
This causes problems, if the access to files themselves are necessary
for the creation of the new SSH session.
https://fedorahosted.org/freeipa/ticket/4133
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
All the hosts in the domain have IPA master set as their only
nameserver. However, the IPA master does not create records for
these machines by default. This is not an big issue for clients
or replicas, since those records do get created in other ways,
but external hosts using their internal hostnames will not resolve.
Adds an A record for each host in master's domain.
https://fedorahosted.org/freeipa/ticket/4130
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Sudo calls are not necessary since we log in as a root. Additionally,
sudo requires tty in default configuration, which is not acquired
when using OpenSSH transport.
https://fedorahosted.org/freeipa/ticket/4125
Adds support for host definition by a environment variables of the
following form:
ROLE_<keyword>_envX, where X is the number of the environment
for which host referenced by a role <keyword> should be defined.
Adds a required_extra_roles attribute to the IntegrationTest class,
which can test developer use to specify the extra roles that this
particular test requires. If not all required extra roles are
available, the test will be skipped.
All extra (and static) roles are accessible to the IntegrationTests
via the host_by_role method, which returns a host of given role.
Part of: https://fedorahosted.org/freeipa/ticket/3833
The integration tests must wait for replication to happen before checking
results. In some cases, the tests have failed because the checks that
detect completed replication were insufficient.
This fixes the code to:
- Wait for replication to be completed on both servers
- In the case of an error, continue waiting -- it might be the case that
the DS is temporarily unreachable
This will make it possible to use a different mechanism for cases like
- Paramiko is not available
- Hosts without SSH servers (e.g. Windows)
Add BaseHost, Transport & Command base classes that define the interface
and common functionality, and Host, ParamikoTransport & SSHCommand with
specific details.
The {get,put}_file_contents methods are left on Host for convenience;
all other Transport methods must be now accessed through the transport.
Part of the work for https://fedorahosted.org/freeipa/ticket/3890
Add ldap_connect() method to Host to allow executing querying LDAP from tests.
Use information in the mapping tree to poll until all replication is finished
(or failing) before checking that entries replicated successfully.
This allows a cluster of replicas and clients to be installed
in a named topology.
Several named topologies are available (star, line, complete, tree,
tree2) and new ones can be defined as a simple function.
Logs from Beaker jobs are normally very brief, with the standard
output/error containing detailed information. Make ipa-run-tests
with BeakerLib plugin follow this convention.
Only include INFO and higher level messages in the Beaker logs.
Downgrade several message levels to DEBUG.
Log to console using Python logging instead of showing the Beaker logs.
Since ipa-run-tests sets up its own logging, Nose's own log
handling just causes duplicate messages. Disable it with --nologcapture.
