mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
fb58b76a80
Some certificates may have started renewal so returning to present time can bind the server up with trying to renew. certmonger fires off helpers when it's time to renew certificates. This scenario puts the time within the renewal window. If certmonger notices while the test is running it will kick off renewal for all 12 certificates. A lock is used to serialize things. The CA was shut down prior to changing time so there is no chance of issuing new certs. A fixture was used to ensure that things restarted when the test was over. This was for chronyd and the CA. By restarting the CA we allow the chance that it will be able to do some work, versus returning a connection error and letting certmonger just error out (CA_UNREACHABLE). During uninstallation we call certmonger remove_request over DBus (the equivalent to stop-tracking). As part of this certmonger waits for any child (helper) processes to go away. This used to do it via SIGKILL but that caused other problems so it was changed to waitpid(). We know that it isn't going to return for a while because the CA isn't up. DBus has a hardcoded 25 second timeout. So we're guaranteed to get a DBus timeout. We *could* try to play with it and change the timeout, or retry a bunch of times, but it isn't worth the hassle. This is a contrived scenario that uninstalls immediately after tweaking time forward. So rather than trying to make this succesful, uninstall at the future time with the CA stopped so that helpers won't be hanging around and certmonger can remove the certs. This is the last test so also the last time we need the replica so to avoid replication bogging things down remove that prior to executing the test. It's one less moving part during the uninstall phase. https://pagure.io/freeipa/issue/8506 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com> |
||
---|---|---|
.. | ||
__init__.py | ||
base.py | ||
test_acme.py | ||
test_adtrust_install.py | ||
test_advise.py | ||
test_authselect.py | ||
test_automember.py | ||
test_backup_and_restore.py | ||
test_ca_custom_sdn.py | ||
test_caless.py | ||
test_cert.py | ||
test_cli_ipa_not_configured.py | ||
test_commands.py | ||
test_crlgen_manage.py | ||
test_customized_ds_config_install.py | ||
test_dns_locations.py | ||
test_dns.py | ||
test_dnssec.py | ||
test_epn.py | ||
test_external_ca.py | ||
test_fips.py | ||
test_forced_client_reenrollment.py | ||
test_http_kdc_proxy.py | ||
test_idviews.py | ||
test_installation_client.py | ||
test_installation.py | ||
test_ipa_cert_fix.py | ||
test_ipahealthcheck.py | ||
test_kerberos_flags.py | ||
test_krbtpolicy.py | ||
test_legacy_clients.py | ||
test_membermanager.py | ||
test_netgroup.py | ||
test_nfs.py | ||
test_ntp_options.py | ||
test_otp.py | ||
test_pki_config_override.py | ||
test_pkinit_manage.py | ||
test_pwpolicy.py | ||
test_replica_promotion.py | ||
test_replication_layouts.py | ||
test_resolvers_manager.py | ||
test_server_del.py | ||
test_service_permissions.py | ||
test_simple_replication.py | ||
test_smb.py | ||
test_sssd.py | ||
test_sudo.py | ||
test_testconfig.py | ||
test_topologies.py | ||
test_topology.py | ||
test_trust.py | ||
test_uninstallation.py | ||
test_upgrade.py | ||
test_user_permissions.py | ||
test_vault.py | ||
test_winsyncmigrate.py |