mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
feae9de73e
Docker utilizes its own way to provide DNS (hostname, hosts, NS). By default, they are almost the same as the host's ones. For instance, below is from AP container: ``` cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.17.0.2 ipa.example.test ipa cat /etc/resolv.conf nameserver 168.63.129.16 search hqdv2iuiph0ufpcrhp4amkgzwf.fx.internal.cloudapp.net ``` As a result FreeIPA uses 168.63.129.16 (AP DNS NS [1]) as a DNS forwarder. It's not desirable to rely on this. Let's clear test environment. [1] https://docs.microsoft.com/en-us/azure/virtual-network/what-is-ip-address-168-63-129-16 Related: https://pagure.io/freeipa/issue/8077 Signed-off-by: Stanislav Levin <slev@altlinux.org> Reviewed-By: Christian Heimes <cheimes@redhat.com>
91 lines
3.1 KiB
Bash
Executable File
91 lines
3.1 KiB
Bash
Executable File
#!/bin/bash -ex
|
|
|
|
# Setup DNS
|
|
echo -e '127.0.0.1 localhost\n::1 localhost\n' > /etc/hosts
|
|
echo 'nameserver 8.8.8.8' > /etc/resolv.conf
|
|
|
|
server_realm=EXAMPLE.TEST
|
|
server_domain=example.test
|
|
server_password=Secret123
|
|
|
|
# Normalize spacing and expand the list afterwards. Remove {} for the single list element case
|
|
tests_to_run=$(eval "echo {$(echo $TESTS_TO_RUN | sed -e 's/[ \t]+*/,/g')}" | tr -d '{}')
|
|
tests_to_ignore=$(eval "echo --ignore\ {$(echo $TESTS_TO_IGNORE | sed -e 's/[ \t]+*/,/g')}" | tr -d '{}')
|
|
tests_to_dedicate=
|
|
[[ -n "$TESTS_TO_DEDICATE" ]] && \
|
|
tests_to_dedicate=$(eval "echo --slice-dedicated={$(echo $TESTS_TO_DEDICATE | sed -e 's/[ \t]+*/,/g')}" | tr -d '{}')
|
|
|
|
systemctl --now enable firewalld
|
|
echo "Installing FreeIPA master for the domain ${server_domain} and realm ${server_realm}"
|
|
ipa-server-install -U --domain ${server_domain} --realm ${server_realm} \
|
|
-p ${server_password} -a ${server_password} \
|
|
--setup-dns --setup-kra --auto-forwarders
|
|
|
|
install_result=$?
|
|
|
|
tests_result=1
|
|
|
|
mkdir -p /freeipa/$CI_RUNNER_LOGS_DIR
|
|
cd /freeipa/$CI_RUNNER_LOGS_DIR
|
|
|
|
if [ "$install_result" -eq 0 ] ; then
|
|
echo "Run IPA tests"
|
|
echo "Installation complete. Performance of individual steps:"
|
|
grep 'service duration:' /var/log/ipaserver-install.log | sed -e 's/DEBUG //g'
|
|
|
|
sed -ri "s/mode = production/mode = development/" /etc/ipa/default.conf
|
|
systemctl restart httpd.service
|
|
firewall-cmd --add-service={freeipa-ldap,freeipa-ldaps,dns}
|
|
|
|
echo ${server_password} | kinit admin && ipa ping
|
|
mkdir -p ~/.ipa
|
|
cp -r /etc/ipa/* ~/.ipa/
|
|
echo ${server_password} > ~/.ipa/.dmpw
|
|
echo 'wait_for_dns=5' >> ~/.ipa/default.conf
|
|
|
|
ipa-test-config --help
|
|
ipa-test-task --help
|
|
ipa-run-tests --help
|
|
|
|
ipa-run-tests ${tests_to_ignore} \
|
|
${tests_to_dedicate} \
|
|
--slices=${SYSTEM_TOTALJOBSINPHASE:-1} \
|
|
--slice-num=${SYSTEM_JOBPOSITIONINPHASE:-1} \
|
|
--verbose --with-xunit '-k not test_dns_soa' ${tests_to_run}
|
|
tests_result=$?
|
|
else
|
|
echo "ipa-server-install failed with code ${save_result}, skip IPA tests"
|
|
fi
|
|
|
|
echo "Potential Python 3 incompatibilities in the IPA framework:"
|
|
grep -n -C5 BytesWarning /var/log/httpd/error_log || echo "Good, none detected"
|
|
|
|
echo "State of the directory server instance, httpd databases, PKI CA database:"
|
|
ls -laZ /etc/dirsrv/slapd-*/ /etc/httpd/alias/ /var/lib/ /etc/pki/pki-tomcat/alias/ || true
|
|
ls -laZ /var/lib/ipa/certs/ /var/lib/ipa/passwds/ /var/lib/ipa/private/ || true
|
|
|
|
echo "Uninstall the server"
|
|
ipa-server-install --uninstall -U
|
|
# second uninstall to verify that --uninstall without installation works
|
|
ipa-server-install --uninstall -U
|
|
|
|
|
|
if [ "$install_result" -eq 0 ] ; then
|
|
firewall-cmd --remove-service={freeipa-ldap,freeipa-ldaps,dns}
|
|
fi
|
|
|
|
echo "Collect the logs"
|
|
journalctl -b --no-pager > systemd_journal.log
|
|
tar --ignore-failed-read -cvf var_log.tar \
|
|
/var/log/dirsrv \
|
|
/var/log/httpd \
|
|
/var/log/ipa* \
|
|
/var/log/krb5kdc.log \
|
|
/var/log/pki \
|
|
/var/log/samba \
|
|
/var/named/data \
|
|
systemd_journal.log
|
|
|
|
# Final result depends on the exit code of the ipa-run-tests
|
|
test "$tests_result" -eq 0 -a "$install_result" -eq 0
|