Tests are finally stable:

============================= test session starts
==============================
platform linux2 -- Python 2.7.11 -- py-1.4.30 -- pytest-2.7.3
rootdir: /usr/lib/python2.7/site-packages/ipatests, inifile: pytest.ini
plugins: multihost, sourceorder
collected 8 items

test_integration/test_dnssec.py ........

========================= 8 passed in 5561.48 seconds
==========================



-- 
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.
From c716ef162166758795f30f9ee79124ad7cd0f752 Mon Sep 17 00:00:00 2001
From: Oleg Fayans <ofay...@redhat.com>
Date: Fri, 6 May 2016 08:56:46 +0200
Subject: [PATCH] A workaround for ticket N 5348

A freshly created dnssec-enabled zone does not always display the signature
until you restart named-pkcs11. Added restarting of this service after each
dnssec-enabled zone.

https://fedorahosted.org/freeipa/ticket/5348
---
 ipatests/test_integration/test_dnssec.py | 67 ++++++++++++++++++++++++++++----
 1 file changed, 60 insertions(+), 7 deletions(-)

diff --git a/ipatests/test_integration/test_dnssec.py b/ipatests/test_integration/test_dnssec.py
index e90fb1f477ab50050f619399ee168c0e4b248ac2..6f80f3443af97fe0e950a53e8efce435477de478 100644
--- a/ipatests/test_integration/test_dnssec.py
+++ b/ipatests/test_integration/test_dnssec.py
@@ -104,7 +104,14 @@ class TestInstallDNSSECLast(IntegrationTest):
             "--dnssec", "true",
         ]
         self.master.run_command(args)
+        time.sleep(10)  # sleep a bit until LDAP changes are applied to DNS
 
+        # A workaround for ticket N 5348
+        self.master.run_command(["systemctl", "restart",
+                                 "named-pkcs11.service"])
+        self.replicas[0].run_command(["systemctl", "restart",
+                                      "named-pkcs11.service"])
+        # End of workaround
         # test master
         assert wait_until_record_is_signed(
             self.master.ip, test_zone, self.log, timeout=100
@@ -124,8 +131,12 @@ class TestInstallDNSSECLast(IntegrationTest):
             "--dnssec", "true",
         ]
         self.replicas[0].run_command(args)
-
+        time.sleep(10)  # sleep a bit until LDAP changes are applied to DNS
         # test replica
+        # A workaround for ticket N 5348
+        self.replicas[0].run_command(["systemctl", "restart",
+                                      "named-pkcs11.service"])
+        # End of workaround
         assert wait_until_record_is_signed(
             self.replicas[0].ip, test_zone_repl, self.log, timeout=300
         ), "Zone %s is not signed (replica)" % test_zone_repl
@@ -169,8 +180,12 @@ class TestInstallDNSSECLast(IntegrationTest):
             "--dnssec", "true",
         ]
         self.master.run_command(args)
+        time.sleep(10)  # sleep a bit until LDAP changes are applied to DNS
 
-        time.sleep(20)  # sleep a bit until LDAP changes are applied to DNS
+        # A workaround for ticket N 5348
+        self.master.run_command(["systemctl", "restart",
+                                 "named-pkcs11.service"])
+        # End of workaround
 
         # test master
         assert wait_until_record_is_signed(
@@ -199,7 +214,7 @@ class TestInstallDNSSECLast(IntegrationTest):
         ]
         self.master.run_command(args)
 
-        time.sleep(20)  # sleep a bit until LDAP changes are applied to DNS
+        time.sleep(10)  # sleep a bit until LDAP changes are applied to DNS
 
         # test master
         assert not is_record_signed(
@@ -219,7 +234,13 @@ class TestInstallDNSSECLast(IntegrationTest):
         ]
         self.master.run_command(args)
 
-        time.sleep(20)  # sleep a bit until LDAP changes are applied to DNS
+        time.sleep(10)  # sleep a bit until LDAP changes are applied to DNS
+        # A workaround for ticket N 5348
+        self.master.run_command(["systemctl", "restart",
+                                 "named-pkcs11.service"])
+        self.replicas[0].run_command(["systemctl", "restart",
+                                      "named-pkcs11.service"])
+        # End of workaround
 
         # test master
         assert wait_until_record_is_signed(
@@ -281,13 +302,19 @@ class TestInstallDNSSECFirst(IntegrationTest):
             "--a-rec=" + self.master.ip
         ]
         self.master.run_command(args)
-        time.sleep(10)  # sleep a bit until data are provided by bind-dyndb-ldap
 
         args = [
             "ipa", "dnsrecord-add", root_zone, self.master.domain.name,
             "--ns-rec=" + self.master.hostname
         ]
         self.master.run_command(args)
+        time.sleep(10)  # sleep a bit until data are provided by bind-dyndb-ldap
+        # A workaround for ticket N 5348
+        self.master.run_command(["systemctl", "restart",
+                                 "named-pkcs11.service"])
+        self.replicas[0].run_command(["systemctl", "restart",
+                                      "named-pkcs11.service"])
+        # End of workaround
 
         # test master
         assert wait_until_record_is_signed(
@@ -320,7 +347,14 @@ class TestInstallDNSSECFirst(IntegrationTest):
         ]
         self.master.run_command(args)
 
+        time.sleep(10)  # sleep a bit until LDAP changes are applied to DNS
         # wait until zone is signed
+        # A workaround for ticket N 5348
+        self.master.run_command(["systemctl", "restart",
+                                 "named-pkcs11.service"])
+        self.replicas[0].run_command(["systemctl", "restart",
+                                      "named-pkcs11.service"])
+        # End of workaround
         assert wait_until_record_is_signed(
             self.master.ip, example_test_zone, self.log, timeout=100
         ), "Zone %s is not signed (master)" % example_test_zone
@@ -457,7 +491,13 @@ class TestMigrateDNSSECMaster(IntegrationTest):
 
         self.master.run_command(args)
 
-        # wait until zone is signed
+        time.sleep(10)  # sleep a bit until LDAP changes are applied to DNS
+        # A workaround for ticket N 5348
+        self.master.run_command(["systemctl", "restart",
+                                 "named-pkcs11.service"])
+        self.replicas[0].run_command(["systemctl", "restart",
+                                      "named-pkcs11.service"])
+        # End of workaround
         assert wait_until_record_is_signed(
             self.master.ip, example_test_zone, self.log, timeout=100
         ), "Zone %s is not signed (master)" % example_test_zone
@@ -514,6 +554,13 @@ class TestMigrateDNSSECMaster(IntegrationTest):
         ]
         self.replicas[0].run_command(args)
 
+        time.sleep(10)  # sleep a bit until LDAP changes are applied to DNS
+        # A workaround for ticket N 5348
+        self.replicas[0].run_command(["systemctl", "restart",
+                                      "named-pkcs11.service"])
+        self.replicas[0].run_command(["systemctl", "restart",
+                                      "named-pkcs11.service"])
+        # End of workaround
         # wait until zone is signed
         assert wait_until_record_is_signed(
             self.replicas[0].ip, example2_test_zone, self.log, timeout=100
@@ -546,8 +593,14 @@ class TestMigrateDNSSECMaster(IntegrationTest):
             "--skip-overlap-check",
         ]
         self.replicas[1].run_command(args)
+        time.sleep(10)  # sleep a bit until LDAP changes are applied to DNS
 
-        # wait until zone is signed
+        # A workaround for ticket N 5348
+        self.replicas[0].run_command(["systemctl", "restart",
+                                      "named-pkcs11.service"])
+        self.replicas[1].run_command(["systemctl", "restart",
+                                      "named-pkcs11.service"])
+        # End of workaround
         assert wait_until_record_is_signed(
             self.replicas[1].ip, example3_test_zone, self.log, timeout=200
         ), ("Zone %s is not signed (new replica)"
-- 
1.8.3.1

From eca6059ab6573345b6e20448ca45a3ebe9939f86 Mon Sep 17 00:00:00 2001
From: Oleg Fayans <ofay...@redhat.com>
Date: Fri, 6 May 2016 09:32:19 +0200
Subject: [PATCH] Added necessary A record for the replica to root zone

A master can only be delegated a zone authority, if this zone contains A
records of the master and ALL replicas

https://fedorahosted.org/freeipa/ticket/5848
---
 ipatests/test_integration/test_dnssec.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ipatests/test_integration/test_dnssec.py b/ipatests/test_integration/test_dnssec.py
index 6f80f3443af97fe0e950a53e8efce435477de478..8abb0cdefeb423d26ce0c10ef1cc0c073f1a09fe 100644
--- a/ipatests/test_integration/test_dnssec.py
+++ b/ipatests/test_integration/test_dnssec.py
@@ -302,6 +302,11 @@ class TestInstallDNSSECFirst(IntegrationTest):
             "--a-rec=" + self.master.ip
         ]
         self.master.run_command(args)
+        args = [
+            "ipa", "dnsrecord-add", root_zone, self.replicas[0].hostname,
+            "--a-rec=" + self.replicas[0].ip
+        ]
+        self.master.run_command(args)
 
         args = [
             "ipa", "dnsrecord-add", root_zone, self.master.domain.name,
-- 
1.8.3.1

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to