URL: https://github.com/freeipa/freeipa/pull/5021 Author: flo-renaud Title: #5021: [Backport][ipa-4-8] ipatests: fix TestIpaHealthCheckWithoutDNS failure Action: opened
PR body: """ This PR was opened automatically because PR #5007 was pushed to master and backport to ipa-4-8 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5021/head:pr5021 git checkout pr5021
From a2cf46cacf22dfdbd61ea7a31239628682af890a Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud <f...@redhat.com> Date: Thu, 6 Aug 2020 18:53:35 +0200 Subject: [PATCH] ipatests: fix TestIpaHealthCheckWithoutDNS failure TestIpaHealthCheckWithoutDNS is launched after TestIpaHealthCheck::test_ipa_healthcheck_expiring that is playing with the date. At the end of test_ipa_healthcheck_expiring, the date is reset using systemctl start chronyd but the date may need time to adjust and the subsequent tests may be launched with a system date set in the future. When this happens, dnf install fails because the certificate for the package repo is seen as expired, and TestIpaHealthCheckWithoutDNS fails. In order to avoid this issue, reset the date to the value saved at the beginning of the test. Fixes: https://pagure.io/freeipa/issue/8447 --- .../test_integration/test_ipahealthcheck.py | 31 ++++++++++++------- 1 file changed, 20 insertions(+), 11 deletions(-) diff --git a/ipatests/test_integration/test_ipahealthcheck.py b/ipatests/test_integration/test_ipahealthcheck.py index cf406f56c0..7d8d853e18 100644 --- a/ipatests/test_integration/test_ipahealthcheck.py +++ b/ipatests/test_integration/test_ipahealthcheck.py @@ -860,22 +860,31 @@ def execute_expiring_check(check): else: assert check["kw"]["days"] == 10 + # Store the current date to restore at the end of the test + now = datetime.utcnow() + now_str = datetime.strftime(now, "%Y-%m-%d %H:%M:%S Z") + # Pick a cert to find the upcoming expiration certfile = self.master.get_file_contents(paths.RA_AGENT_PEM) cert = x509.load_certificate_list(certfile) cert_expiry = cert[0].not_valid_after - # move date to the grace period - self.master.run_command(['systemctl', 'stop', 'chronyd']) - grace_date = cert_expiry - timedelta(days=10) - grace_date = datetime.strftime(grace_date, "%Y-%m-%d 00:00:01 Z") - self.master.run_command(['date', '-s', grace_date]) - - for check in ("IPACertmongerExpirationCheck", - "IPACertfileExpirationCheck",): - execute_expiring_check(check) - - self.master.run_command(['systemctl', 'start', 'chronyd']) + try: + # move date to the grace period + self.master.run_command(['systemctl', 'stop', 'chronyd']) + grace_date = cert_expiry - timedelta(days=10) + grace_date = datetime.strftime(grace_date, "%Y-%m-%d 00:00:01 Z") + self.master.run_command(['date', '-s', grace_date]) + + for check in ("IPACertmongerExpirationCheck", + "IPACertfileExpirationCheck",): + execute_expiring_check(check) + + finally: + # After restarting chronyd, the date may need some time to get + # synced. Help chrony by resetting the date + self.master.run_command(['date', '-s', now_str]) + self.master.run_command(['systemctl', 'start', 'chronyd']) def test_ipa_healthcheck_remove(self): """
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
