URL: https://github.com/freeipa/freeipa/pull/973 Author: tomaskrizek Title: #973: test_dnssec: re-add named-pkcs11 workarounds Action: opened
PR body: """ DNSSEC tests starrted to fail again, probably due to a bug in some underlaying component. This reverts commit 8bc677512296a7e94c29edd0c1a96aa7273f352a and makes the xfail test check less strict - it will no longer mark the test suite red if it passes. Related https://pagure.io/freeipa/issue/5348 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/973/head:pr973 git checkout pr973
From 07340e0cc62e42cdfd85c3e3b2e5d1be8c7834ad Mon Sep 17 00:00:00 2001 From: Tomas Krizek <tkri...@redhat.com> Date: Tue, 15 Aug 2017 10:27:03 +0200 Subject: [PATCH] test_dnssec: re-add named-pkcs11 workarounds DNSSEC tests starrted to fail again, probably due to a bug in some underlaying component. This reverts commit 8bc677512296a7e94c29edd0c1a96aa7273f352a and makes the xfail test check less strict - it will no longer mark the test suite red if it passes. Related https://pagure.io/freeipa/issue/5348 --- ipatests/test_integration/test_dnssec.py | 82 ++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) diff --git a/ipatests/test_integration/test_dnssec.py b/ipatests/test_integration/test_dnssec.py index 11c76e48b2..3129562d35 100644 --- a/ipatests/test_integration/test_dnssec.py +++ b/ipatests/test_integration/test_dnssec.py @@ -8,6 +8,7 @@ import dns.resolver import dns.name import time +import pytest from ipatests.test_integration.base import IntegrationTest from ipatests.pytest_plugins.integration import tasks @@ -110,6 +111,7 @@ def test_if_zone_is_signed_master(self): ] self.master.run_command(args) + tasks.restart_named(self.master, self.replicas[0]) # test master assert wait_until_record_is_signed( self.master.ip, test_zone, timeout=100 @@ -130,6 +132,7 @@ def test_if_zone_is_signed_replica(self): ] self.replicas[0].run_command(args) + tasks.restart_named(self.replicas[0]) # test replica assert wait_until_record_is_signed( self.replicas[0].ip, test_zone_repl, timeout=300 @@ -175,6 +178,7 @@ def test_disable_reenable_signing_master(self): ] self.master.run_command(args) + tasks.restart_named(self.master) # test master assert wait_until_record_is_signed( self.master.ip, test_zone, timeout=100 @@ -222,6 +226,8 @@ def test_disable_reenable_signing_replica(self): ] self.master.run_command(args) + tasks.restart_named(self.master, self.replicas[0]) + # test master assert wait_until_record_is_signed( self.master.ip, test_zone_repl, timeout=100 @@ -237,6 +243,77 @@ def test_disable_reenable_signing_replica(self): assert dnskey_old != dnskey_new, "DNSKEY should be different" +class TestZoneSigningWithoutNamedRestart(IntegrationTest): + """Test whether https://fedorahosted.org/freeipa/ticket/5348 is already + fixed. If the issue is not fixed, the test will expectedly fail. When + fixed, it will pass + """ + num_replicas = 1 + topology = 'star' + + @classmethod + def install(cls, mh): + tasks.install_master(cls.master, setup_dns=False) + args = [ + "ipa-dns-install", + "--dnssec-master", + "--forwarder", cls.master.config.dns_forwarder, + "-U", + ] + cls.master.run_command(args) + + tasks.install_replica(cls.master, cls.replicas[0], setup_dns=True) + + # backup trusted key + tasks.backup_file(cls.master, paths.DNSSEC_TRUSTED_KEY) + tasks.backup_file(cls.replicas[0], paths.DNSSEC_TRUSTED_KEY) + + @classmethod + def uninstall(cls, mh): + # restore trusted key + tasks.restore_files(cls.master) + tasks.restore_files(cls.replicas[0]) + + super(TestZoneSigningWithoutNamedRestart, cls).uninstall(mh) + + @pytest.mark.xfail() + def test_sign_root_zone_no_named_restart(self): + args = [ + "ipa", "dnszone-add", root_zone, "--dnssec", "true", + "--skip-overlap-check", + ] + self.master.run_command(args) + + # make BIND happy: add the glue record and delegate zone + args = [ + "ipa", "dnsrecord-add", root_zone, self.master.hostname, + "--a-rec=" + self.master.ip + ] + self.master.run_command(args) + args = [ + "ipa", "dnsrecord-add", root_zone, self.replicas[0].hostname, + "--a-rec=" + self.replicas[0].ip + ] + self.master.run_command(args) + + time.sleep(10) # sleep a bit until data are provided by bind-dyndb-ldap + + args = [ + "ipa", "dnsrecord-add", root_zone, self.master.domain.name, + "--ns-rec=" + self.master.hostname + ] + self.master.run_command(args) + # test master + assert wait_until_record_is_signed( + self.master.ip, root_zone, self.log, timeout=100 + ), "Zone %s is not signed (master)" % root_zone + + # test replica + assert wait_until_record_is_signed( + self.replicas[0].ip, root_zone, self.log, timeout=300 + ), "Zone %s is not signed (replica)" % root_zone + + class TestInstallDNSSECFirst(IntegrationTest): """Simple DNSSEC test @@ -295,6 +372,7 @@ def test_sign_root_zone(self): "--ns-rec=" + self.master.hostname ] self.master.run_command(args) + tasks.restart_named(self.master, self.replicas[0]) # test master assert wait_until_record_is_signed( self.master.ip, root_zone, timeout=100 @@ -325,6 +403,7 @@ def test_chain_of_trust(self): "--ns-rec=" + self.master.hostname ] self.master.run_command(args) + tasks.restart_named(self.master, self.replicas[0]) # wait until zone is signed assert wait_until_record_is_signed( self.master.ip, example_test_zone, timeout=100 @@ -462,6 +541,7 @@ def test_migrate_dnssec_master(self): self.master.run_command(args) + tasks.restart_named(self.master, self.replicas[0]) # wait until zone is signed assert wait_until_record_is_signed( self.master.ip, example_test_zone, timeout=100 @@ -518,6 +598,7 @@ def test_migrate_dnssec_master(self): "--skip-overlap-check", ] self.replicas[0].run_command(args) + tasks.restart_named(self.master, self.replicas[0]) # wait until zone is signed assert wait_until_record_is_signed( self.replicas[0].ip, example2_test_zone, timeout=100 @@ -550,6 +631,7 @@ def test_migrate_dnssec_master(self): "--skip-overlap-check", ] self.replicas[1].run_command(args) + tasks.restart_named(self.replicas[0], self.replicas[1]) # wait until zone is signed assert wait_until_record_is_signed( self.replicas[1].ip, example3_test_zone, timeout=200
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org