[Freeipa-devel] [freeipa PR#1831][opened] Fixing test_topology tests

felipevolpone via FreeIPA-devel Wed, 18 Apr 2018 11:14:45 -0700

   URL: https://github.com/freeipa/freeipa/pull/1831
Author: felipevolpone
 Title: #1831: Fixing test_topology tests
Action: opened


PR body:
"""
#### Fixing TestCASpecificRUVs::test_replica_uninstall_deletes_ruvs
This test will setup a master and a replica, uninstall replica and check
for the replica RUVs on the master. It was missing the step of running
ipa-replica-manage del <replica hostname> to properly remove the RUVs.

#### Fixing tests on TestReplicaManageDel
This commit fixes the tests on class TestReplicaManageDel:
- test_replica_managed_del_domlevel1
- test_clean_dangling_ruv_multi_ca
- test_replica_managed_del_domlevel0

Given that domain level 0 doest not have autodiscovery, we need to
configure /etc/resolv.conf with the master data (search <domain> and
nameserver <master_ip>) in order to ipa-replica-install succeed.

---
**Atention**: This patch should not be pushed until PR #1748 get merged.
As usual, as soon as we have an ack, I'll rebase the PR and remove the temp 
commit.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1831/head:pr1831
git checkout pr1831

From 1a23d01ecc74760d2affe9527eb56ac81378ebfe Mon Sep 17 00:00:00 2001
From: Felipe Barreto <fbarr...@redhat.com>
Date: Wed, 18 Apr 2018 14:52:25 -0300
Subject: [PATCH 1/4] Fixing
 TestCASpecificRUVs::test_replica_uninstall_deletes_ruvs

This test will setup a master and a replica, uninstall replica and check
for the replica RUVs on the master. It was missing the step of running
ipa-replica-manage del <replica hostname> to properly remove the RUVs.
---
 ipatests/test_integration/test_topology.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ipatests/test_integration/test_topology.py b/ipatests/test_integration/test_topology.py
index 35898c0796..dd24f7b910 100644
--- a/ipatests/test_integration/test_topology.py
+++ b/ipatests/test_integration/test_topology.py
@@ -239,6 +239,9 @@ def test_replica_uninstall_deletes_ruvs(self):
         assert(res1.count(replica.hostname) == 2), (
             "Did not find proper number of replica hostname (%s) occurrencies"
             " in the command output: %s" % (replica.hostname, res1))
+
+        master.run_command(['ipa-replica-manage', 'del', replica.hostname,
+                            '-p', master.config.dirman_password])
         tasks.uninstall_master(replica)
         res2 = master.run_command(['ipa-replica-manage', 'list-ruv', '-p',
                                   master.config.dirman_password]).stdout_text

From e883f18f897715178f8f7297e8038c5ff36eb734 Mon Sep 17 00:00:00 2001
From: Felipe Barreto <fbarr...@redhat.com>
Date: Wed, 18 Apr 2018 14:54:09 -0300
Subject: [PATCH 2/4] Fixing tests on TestReplicaManageDel

This commit fixes the tests on class TestReplicaManageDel:
- test_replica_managed_del_domlevel1
- test_clean_dangling_ruv_multi_ca
- test_replica_managed_del_domlevel0

Given that domain level 0 doest not have autodiscovery, we need to
configure /etc/resolv.conf with the master data (search <domain> and
nameserver <master_ip>) in order to ipa-replica-install succeed.
---
 ipatests/pytest_plugins/integration/tasks.py | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/ipatests/pytest_plugins/integration/tasks.py b/ipatests/pytest_plugins/integration/tasks.py
index 59fb202e35..542f1a98ca 100644
--- a/ipatests/pytest_plugins/integration/tasks.py
+++ b/ipatests/pytest_plugins/integration/tasks.py
@@ -338,10 +338,25 @@ def master_authoritative_for_client_domain(master, client):
                                 raiseonerr=False)
     return result.returncode == 0
 
+
+def _config_replica_resolvconf_with_master_data(master, replica):
+    """
+    Configure replica /etc/resolv.conf to use master as DNS server
+    """
+    content = ('search {domain}\nnameserver {master_ip}'
+               .format(domain=master.domain.name, master_ip=master.ip))
+    replica.put_file_contents(paths.RESOLV_CONF, content)
+
+
 def replica_prepare(master, replica, extra_args=(),
                     raiseonerr=True, stdin_text=None):
     fix_apache_semaphores(replica)
     prepare_reverse_zone(master, replica.ip)
+
+    # in domain level 0 there is no autodiscovery, so it's necessary to
+    # change /etc/resolv.conf to find master DNS server
+    _config_replica_resolvconf_with_master_data(master, replica)
+
     args = ['ipa-replica-prepare',
             '-p', replica.config.dirman_password,
             replica.hostname]

From 11d4e7ff8c3c25ff3bb14db555a816ef11722376 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Tue, 27 Mar 2018 16:59:55 -0400
Subject: [PATCH 3/4] Fix certificate retrieval in ipa-replica-prepare for DL0

The NSSDatabase object doesn't know the format of an NSS database
until the database is created so an explcit call to nssdb.create_db.

https://pagure.io/freeipa/issue/7469

Signed-off-by: Rob Crittenden <rcrit...@redhat.com>
---
 ipaserver/install/certs.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 448ca8cc06..17bbeb73d4 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -567,8 +567,16 @@ def export_pkcs12(self, pkcs12_fname, pkcs12_pwd_fname, nickname=None):
         ])
 
     def create_from_cacert(self):
+        """
+        Ensure that a CA chain is in the NSS database.
+
+        If an NSS database already exists ensure that the CA chain
+        we want to load is in there and if not add it. If there is no
+        database then create an NSS database and load the CA chain.
+        """
         cacert_fname = paths.IPA_CA_CRT
-        if os.path.isfile(self.certdb_fname):
+
+        if self.nssdb.exists():
             # We already have a cert db, see if it is for the same CA.
             # If it is we leave things as they are.
             with open(cacert_fname, "r") as f:

From 5d1b26551b4a1438fe85d85148ab961d5b9fdbe3 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Tue, 27 Mar 2018 17:03:02 -0400
Subject: [PATCH 4/4] Execute test_replica_managed_del_domlevel0 to exercise
 the change

Signed-off-by: Rob Crittenden <rcrit...@redhat.com>
---
 .freeipa-pr-ci.yaml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index c95bef79e2..9be60b2e0c 100644
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -11,6 +11,10 @@ topologies:
     name: master_1repl_1client
     cpu: 4
     memory: 6700
+  master_3repl_1client: &master_3repl_1client
+    name: master_3repl_1client
+    cpu: 6
+    memory: 11500
 
 jobs:
   fedora-27/build:
@@ -182,3 +186,15 @@ jobs:
         template: *ci-master-f27
         timeout: 3600
         topology: *master_1repl
+
+  fedora-27/test_topology:
+    requires: [fedora-27/build]
+    priority: 50
+    job:
+      class: RunPytest
+      args:
+        build_url: '{fedora-27/build_url}'
+        test_suite: test_integration/test_topology.py
+        template: *ci-master-f27
+        timeout: 7200
+        topology: *master_3repl_1client

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1831][opened] Fixing test_topology tests

Reply via email to