[Freeipa-devel] [freeipa PR#5040][opened] ipatests: stop certmonger during healthcheck expiration test

[rcritten via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/5040
Author: rcritten
 Title: #5040: ipatests: stop certmonger during healthcheck expiration test
Action: opened

PR body:
"""
ipatests: stop certmonger during healthcheck expiration test
    
Time is moved during the test to ensure that ipa-healthcheck
finds expired certificates. It's possible that certmonger will also
wake up and renew the certificates before ipa-healthcheck can 
execute so shut down certmonger during the test.
    
https://pagure.io/freeipa/issue/8463
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5040/head:pr5040
git checkout pr5040

From 909e1e60cbb1f062d340508e45e70845d7a31043 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Mon, 17 Aug 2020 14:03:36 -0400
Subject: [PATCH 1/2] ipatests: stop certmonger during healthcheck expiration
 test

Time is moved during the test to ensure that ipa-healthcheck
finds expired certificates. It's possible that certmonger will also
wake up and renew the certificates before ipa-healthcheck can
execute so shut down certmonger during the test.

https://pagure.io/freeipa/issue/8463
---
 ipatests/test_integration/test_ipahealthcheck.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/ipatests/test_integration/test_ipahealthcheck.py b/ipatests/test_integration/test_ipahealthcheck.py
index 8f9dface15..8cc72c38cd 100644
--- a/ipatests/test_integration/test_ipahealthcheck.py
+++ b/ipatests/test_integration/test_ipahealthcheck.py
@@ -830,7 +830,7 @@ def test_ipacertnsstrust_check(self, modify_cert_trust_attr):
                 assert check["kw"]["dbdir"] == paths.PKI_TOMCAT_ALIAS_DIR
                 assert check["kw"]["msg"] == error_msg
 
-    def test_ipa_healthcheck_expiring(self):
+    def test_ipa_healthcheck_expiring(self, restart_service):
         """
         There are two overlapping tests for expiring certs, check both.
         """
@@ -879,9 +879,11 @@ def execute_expiring_check(check):
         cert = x509.load_certificate_list(certfile)
         cert_expiry = cert[0].not_valid_after
 
+        for service in ('chronyd', 'certmonger',):
+            restart_service(self.master, service)
+
         try:
             # move date to the grace period
-            self.master.run_command(['systemctl', 'stop', 'chronyd'])
             grace_date = cert_expiry - timedelta(days=10)
             grace_date = datetime.strftime(grace_date, "%Y-%m-%d 00:00:01 Z")
             self.master.run_command(['date', '-s', grace_date])
@@ -894,7 +896,6 @@ def execute_expiring_check(check):
             # After restarting chronyd, the date may need some time to get
             # synced. Help chrony by resetting the date
             self.master.run_command(['date', '-s', now_str])
-            self.master.run_command(['systemctl', 'start', 'chronyd'])
 
     def test_ipa_healthcheck_remove(self):
         """

From 642204b304a741b188dead4f9b862c822173ad36 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Mon, 17 Aug 2020 14:06:06 -0400
Subject: [PATCH 2/2] Temp commit

---
 .freeipa-pr-ci.yaml                        | 2 +-
 ipatests/prci_definitions/temp_commit.yaml | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index abcf8c5b63..8065669008 120000
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -1 +1 @@
-ipatests/prci_definitions/gating.yaml
\ No newline at end of file
+ipatests/prci_definitions/temp_commit.yaml
\ No newline at end of file
diff --git a/ipatests/prci_definitions/temp_commit.yaml b/ipatests/prci_definitions/temp_commit.yaml
index e337068145..8a648080c1 100644
--- a/ipatests/prci_definitions/temp_commit.yaml
+++ b/ipatests/prci_definitions/temp_commit.yaml
@@ -68,7 +68,7 @@ jobs:
       class: RunPytest
       args:
         build_url: '{fedora-latest/build_url}'
-        test_suite: test_integration/test_REPLACEME.py
+        test_suite: test_integration/test_ipahealthcheck.py::TestIpaHealthCheck
         template: *ci-master-latest
-        timeout: 3600
+        timeout: 4800
         topology: *master_1repl_1client

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org