Hi Martin,

The updated version of the patch is attached. Please, see my comments below

On 10/26/2015 06:48 PM, Martin Basti wrote:

On 26.10.2015 08:59, Oleg Fayans wrote:

On 10/23/2015 03:10 PM, Martin Basti wrote:

On 23.10.2015 15:00, Oleg Fayans wrote:
Hi Martin,

Here comes the updated version.

On 10/22/2015 05:38 PM, Martin Basti wrote:

On 22.10.2015 15:23, Martin Basti wrote:

On 22.10.2015 14:13, Oleg Fayans wrote:


thank you for the patch.

please remove the added empty lines, they are unrelated to this


-def install_master(host, setup_dns=True, setup_kra=False):
+def install_master(host, setup_dns=True, setup_kra=False,

I suggest to use default domainlevel=None, which will use the default
domain level (specified in build)


+    domain_level = domainlevel(master)
I do not think that this meets expectations.

We have to test, both domain level 0 and 1 for IPA 4.3, respectively
new IPA must support all older domain levels, domain level is
independent on IPA version, only admin can raise it up.

So you have to find out way how to pass the domain level for which
test will be running, we were talking about using config files, but
feel free to find something new and better

Fixed. Now, we declare domain level in config.yaml with the directive

Did you resolve the pytest fixtures which specifies which tests
can be
run under which domain level?

In fact, we do not seem to have any tests yet that would require it.
All the existing tests just use install_replica
 method, no matter how is it done.
How about topology CI test? This can be executed only with domain level

That's right. The topology test was updated. Patch is attached
together with a proper version of 11-th patch (not a swap file, sorry
about that).

1, right?

+                        '--ip-address', client.ip,

why this change to client install?

Right, it found to be unnecessary.


************* Module ipatests.test_integration.tasks
ipatests/test_integration/tasks.py:85: [E1123(unexpected-keyword-arg),
allow_sync_ptr] Unexpected keyword argument 'raiseonerr' in function


+    if not host.config.domain_level == None:
+        args.append("--domain-level=%i" % host.config.domain_level)

always use: variable *is not None*

Why there is specified level 1 as default? IIRC we agreed that the
default level is the one which is default in tested package.
These should be None and "":
+    "domain_level": "1"

+    "DOMAINLVL": "1",

However, as I read the patch 12, and I'm right, the pytest.fixture needs
to know the value of domain level before we can do any dynamic detection
on master.

So we should use the constants  MAX_DOMAIN_LEVEL as default, for 2)

Also I'm not sure if the values are inherited from the
DEFAULT_OUTPUT_DICT to code, I think it is not, so for this part you
need default value, or the fixture will not work as expected.
+        self.domain_level = kwargs.get('domain_level', MAX_DOMAIN_LEVEL)

This won't work in cases when domainlevel is explicitly set to 0 in config.yaml. This default value will always override the explicit one.

freeipa-tests depends on freeipa-python so the constants should be
available in tests.

So then you also need update this line

+    if not host.config.domain_level != MAX_DOMAIN_LEVEL:
+        args.append("--domain-level=%i" % host.config.domain_level)

This would not work if domainlevel is not set in config.yaml, in which case the host.config.domain_level is None.

Please add comment to function +def domainlevel(host): that it is useful
for test where domain level will be raised dynamically, otherwise it may
be lost after test refactoring as somebody may consider it as unneeded
and replace it with config dict.

So summary is the 1) and 2) are replaced by 3) :)


Oleg Fayans
Quality Engineer
FreeIPA team
From 385ad3ca9c564e3d08a0a3256dfc65ab07374a04 Mon Sep 17 00:00:00 2001
From: Oleg Fayans <ofay...@redhat.com>
Date: Tue, 27 Oct 2015 09:43:33 +0100
Subject: [PATCH] Updated the tests according to the new replica installation

As of 4.3 the replica installation is performed without preparing a gpg file on
master, but rather enrolling a future replica as a client with subsequent
promotion of the client. This required the corresponding change in the
integration tests

 ipatests/test_integration/config.py          |  3 +-
 ipatests/test_integration/tasks.py           | 41 ++++++++++++++++++++++++----
 ipatests/test_integration/test_testconfig.py |  5 +++-
 3 files changed, 41 insertions(+), 8 deletions(-)

diff --git a/ipatests/test_integration/config.py b/ipatests/test_integration/config.py
index 785a9bb8c420f99980c098887e0bd31422119564..60a4bd700afe3027dfcbdf203d02373f8a7aa9f9 100644
--- a/ipatests/test_integration/config.py
+++ b/ipatests/test_integration/config.py
@@ -39,6 +39,7 @@ class Config(pytest_multihost.config.Config):
+        'domain_level',
     def __init__(self, **kwargs):
@@ -56,7 +57,7 @@ class Config(pytest_multihost.config.Config):
             '%s.pool.ntp.org' % random.randint(0, 3)))
         self.ad_admin_name = kwargs.get('ad_admin_name') or 'Administrator'
         self.ad_admin_password = kwargs.get('ad_admin_password') or 'Secret123'
+        self.domain_level = kwargs.get('domain_level')
         # is probably the best-known public DNS
         self.dns_forwarder = kwargs.get('dns_forwarder') or ''
         self.debug = False
diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py
index e241454a984aac97eb2d0955f55bb83d85bf9d4c..9703506ea58bda68ba7acbdd6d396c87a106b9ae 100644
--- a/ipatests/test_integration/tasks.py
+++ b/ipatests/test_integration/tasks.py
@@ -79,6 +79,12 @@ def prepare_host(host):
         host.put_file_contents(env_filename, env_to_script(host.to_env()))
+def allow_sync_ptr(host):
+    kinit_admin(host)
+    host.run_command(["ipa", "dnsconfig-mod", "--allow-sync-ptr=true"],
+                     raiseonerr=False)
 def apply_common_fixes(host):
@@ -262,6 +268,8 @@ def install_master(host, setup_dns=True, setup_kra=False):
         '-p', host.config.dirman_password,
         '-a', host.config.admin_password
+    if host.config.domain_level is not None:
+        args.append("--domain-level=%i" % host.config.domain_level)
     if setup_dns:
@@ -288,6 +296,18 @@ def get_replica_filename(replica):
     return os.path.join(replica.config.test_dir, 'replica-info.gpg')
+def domainlevel(host):
+    # Dynamically determines the domainlevel on master. Needed for scenarios
+    # when domainlevel is changed during the test execution.
+    result = host.run_command(['ipa', 'domainlevel-get'], raiseonerr=False)
+    level = 0
+    domlevel_re = re.compile('.*(\d)')
+    if result.returncode == 0:
+        # "domainlevel-get" command doesn't exist on ipa versions prior to 4.3
+        level = int(domlevel_re.findall(result.stdout_text)[0])
+    return level
 def replica_prepare(master, replica):
@@ -306,15 +326,24 @@ def install_replica(master, replica, setup_ca=True, setup_dns=False,
-    replica_prepare(master, replica)
-    replica_filename = get_replica_filename(replica)
+    allow_sync_ptr(master)
+    # Otherwise ipa-client-install would not create a PTR
+    # and replica installation would fail
+    apply_common_fixes(replica)
+    fix_apache_semaphores(replica)
     args = ['ipa-replica-install', '-U',
             '-p', replica.config.dirman_password,
             '-w', replica.config.admin_password,
-            '--ip-address', replica.ip,
-            replica_filename]
+            '--ip-address', replica.ip]
+    if domainlevel(master) == 0:
+        # prepare the replica file on master and put it to replica, AKA "old way"
+	replica_prepare(master, replica)
+        replica_filename = get_replica_filename(replica)
+        args.append(replica_filename)
+    else:
+        # install client on a replica machine and then promote it to replica
+        install_client(master, replica)
     if setup_ca:
     if setup_dns:
diff --git a/ipatests/test_integration/test_testconfig.py b/ipatests/test_integration/test_testconfig.py
index 8d146fcff0dd9729393a30bf45e37c581b528e68..5c40522ed6bf0e4715e3b7ad160fbf7fbfdca9bc 100644
--- a/ipatests/test_integration/test_testconfig.py
+++ b/ipatests/test_integration/test_testconfig.py
@@ -23,6 +23,7 @@ import copy
 from ipatests.test_integration import config
 from ipapython.ipautil import write_tmp_file
 from ipatests.util import assert_deepequal
+from ipalib.constants import MAX_DOMAIN_LEVEL
     "nis_domain": "ipatest",
@@ -39,7 +40,8 @@ DEFAULT_OUTPUT_DICT = {
     "dirman_dn": "cn=Directory Manager",
     "dirman_password": "Secret123",
     "ntp_server": "ntp.clock.test",
-    "admin_password": "Secret123"
+    "admin_password": "Secret123",
+    "domain_level": MAX_DOMAIN_LEVEL
@@ -57,6 +59,7 @@ DEFAULT_OUTPUT_ENV = {
     "ADADMINPW": "Secret123",
     "IPv6SETUP": "",
     "IPADEBUG": "",

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to