Hi Martin,
After extensive discussion with Ludwig, I finally got the clue on how
does this feature work. When we uninstall the replica, the master cleans
the replication agreements with this replica and automatically cleans
all replica's RUVs.
If we clean replica's RUVs on master without uninstalling the replica,
the replica's RUVs get recreated on master (replication works!). So, the
only way to test the clean-ruv subcommand is to turn off the replica, or
block the traffic on it so it gets inaccessible to updates from master.
The testcases were updated, see [1] and [2]
The updated versions of the patches are attached
[1]
http://www.freeipa.org/page/V4/Manage_replication_topology_4_4/Test_Plan#Test_case:_.2A-ruv_subcommands_of_ipa-replica-manage_are_extended_to_handle_CA-specific_RUVs
[2]
http://www.freeipa.org/page/V4/Manage_replication_topology_4_4/Test_Plan#Test_case:_clean-ruv_subcommand
On 08/05/2016 06:36 PM, Martin Basti wrote:
On 03.08.2016 14:45, Oleg Fayans wrote:
Hi Martin,
Thanks for the review! Both patches were updated.
On 07/28/2016 04:11 PM, Martin Basti wrote:
On 08.07.2016 15:41, Oleg Fayans wrote:
Hi Martin,
Thanks for the review!
On 07/08/2016 02:18 PM, Martin Basti wrote:
On 27.06.2016 13:53, Oleg Fayans wrote:
Hi guys,
Is there a chance the patches NN 0047.1 and 0048.1 get reviewed
before
4.4 release? They cover a good part of the Managed Topology 4.4
feature.
On 06/17/2016 11:18 AM, Oleg Fayans wrote:
One more test was added to the patch-0048
On 06/17/2016 09:43 AM, Oleg Fayans wrote:
Fixed a bug in the previous patch, automated 2 more testcases from
http://www.freeipa.org/page/V4/Manage_replication_topology_4_4/Test_Plan
On 06/16/2016 04:46 PM, Oleg Fayans wrote:
IIUC, this will turn off the machine completely, how is cleanup done
then. AFAIK our tests cannot turn on machine again and run
cleanup, so
you will not be able to run more tests on the same topology without
manual cleanup and manual start.
+ replica = self.replicas[0]
+ replica.run_command(['poweroff'])
IMO would be better to just call 'ipactl stop' instead of 'poweroff'
Agreed! Fixed.
Martin^2
*Automated ipa-replica-manage del tests*
1)
+ replica.run_command(['ipactl', 'stop'])
+ time.sleep(3)
Why do you need sleep here?
Removed, it was left from the old "poweroff" approach
2)
+ ruvid_re = re.compile(".*%s:389: (\d+).*" % replica.hostname)
+ replica_ruvs = ruvid_re.findall(result.stdout_text)
+ master.run_command(['ipa-replica-manage', 'clean-ruv', 'f',
+ '-p', master.config.dirman_password,
+ replica_ruvs[0]])
Because you are using re.findall(), without any match you will receive
IndexError here replica_ruvs[0]. IMO it deserves assert before
Implemented the assert which checks that the output contains enough
replica RUVs
3)
assert(replica.hostname in result1.stdout_text)
I think that this is error prone. What if there is just error 'could not
connect to replica <replica hostname>', or something similar. instead of
listing/cleaning/whatever operation was executed. I think that it should
be more specific regexp than just finding a replica name substring (Yes
In IPA we dont always print error so stderr)
I'm not sure, but probably there might be cases when non critical error
happen and exist status is still 0
Agree. Implemented a regex-based search
4)
+ replica.run_command(['poweroff'])
+ time.sleep(3)
There should not be poweroff, probably sleep could be removed too.
Gone
* Automated clean-ruv subcommand test*
1) PEP8, 2 new lines expected
./ipatests/test_integration/test_topology.py:163:1: E302 expected 2
blank lines, found 0
./ipatests/test_integration/test_topology.py:182:80: E501 line too long
(85 > 79 characters)
Fixed
2)
I dont like doing assert just with count of occurences of substring in
STDOUT, would be possible to improve this somehow?
Maybe, but frankly, I don't see how. In this case we are making sure
that both simple and CA-specific RUVs of a replica are displayed. The
format of the output is strict:
Replica Update Vectors:
replica1_hostname:389: RUV_id
replica2_hostname:389: RUV_id
Certificate Server Replica Update Vectors:
replica1_hostname:389: RUV_id
replica2_hostname:389: RUV_id
If we do not see 2 occurrences of the replica hostname than definitely
something went wrong
3)
I'm not sure if clean-ruv is instant operations or there is some magic
happening in background (we have abort-clean-ruv). Maybe some sleep
should be there, but this needs investigation.
+ assert(replica.hostname in result2.stdout_text), (
+ "The wrong RUV was deleted")
+ result3 = master.run_command(['ipa-replica-manage', 'list-ruv',
+ '-p',
master.config.dirman_password])
+ assert(result3.stdout_text.count(replica.hostname) == 1), (
+ "CA RUV of the replica is still displayed")
Based on my discussion with Stanislav Laznicka, I understood that by
default clean-ruv does not return the shell until the operation is
finished. You can force dropping into the shell by pressing CTRL+C, in
which case the background job will still be running, but this is not
the default behavior
Test failed:
result4 = master.run_command(['ipa-replica-manage', 'list-ruv',
'-p', master.config.dirman_password])
assert(replica.hostname not in result4.stdout_text), (
"replica's RUV is still displayed")
E AssertionError: replica's RUV is still displayed
E assert 'replica3.ipa.test' not in 'Replica Update
V...ipa.test:389: 8\n'
E 'replica3.ipa.test' is contained here:
E Replica Update Vectors:
E \tmaster.ipa.test:389: 4
E \treplica3.ipa.test:389: 3
E \treplica2.ipa.test:389: 7
E Certificate Server Replica Update Vectors:
E \tmaster.ipa.test:389: 6
E \treplica2.ipa.test:389: 8
[root@master ~]# ipa topologysegment-find
Suffix name: domain
------------------
2 segments matched
------------------
Segment name: master.ipa.test-to-replica2.ipa.test
Left node: master.ipa.test
Right node: replica2.ipa.test
Connectivity: both
Segment name: master.ipa.test-to-replica3.ipa.test
Left node: master.ipa.test
Right node: replica3.ipa.test
Connectivity: both
----------------------------
Number of entries returned 2
----------------------------
[root@master ~]# ipa-replica-manage list-ruv
Directory Manager password:
Replica Update Vectors:
master.ipa.test:389: 4
replica2.ipa.test:389: 7
replica3.ipa.test:389: 3
Certificate Server Replica Update Vectors:
master.ipa.test:389: 6
replica2.ipa.test:389: 8
[root@master ~]#
Then I tried manually to clean RUV 3, and it behaves somehow odd
[root@master ~]# 'ipa-replica-manage' 'clean-ruv' '3' '-p' 'Secret123' '-f'
Clean the Replication Update Vector for replica3.ipa.test:389
Background task created to clean replication data. This may take a while.
This may be safely interrupted with Ctrl+C
Cleanup task created
[root@master ~]# less /var/log/dirsrv/slapd-IPA-TEST/errors
[root@master ~]# ipa-replica-manage list-ruv
Directory Manager password:
Replica Update Vectors:
master.ipa.test:389: 4
replica2.ipa.test:389: 7
replica3.ipa.test:389: 3
Certificate Server Replica Update Vectors:
master.ipa.test:389: 6
replica2.ipa.test:389: 8
[root@master ~]# 'ipa-replica-manage' 'clean-ruv' '3' '-p' 'Secret123' '-f'
Clean the Replication Update Vector for replica3.ipa.test:389
CLEANALLRUV task for replica id 3 already exists.
This may be safely interrupted with Ctrl+C
Cleanup task created
[root@master ~]# ipa-replica-manage list-clean-ruv -p Secret123
No CLEANALLRUV tasks running
No abort CLEANALLRUV tasks running
[root@master ~]# 'ipa-replica-manage' 'clean-ruv' '3' '-p' 'Secret123' '-f'
Clean the Replication Update Vector for replica3.ipa.test:389
Background task created to clean replication data. This may take a while.
This may be safely interrupted with Ctrl+C
Cleanup task created
[root@master ~]# ipa-replica-manage list-clean-ruv -p Secret123
CLEANALLRUV tasks
RID 3: Successfully cleaned rid(3).
No abort CLEANALLRUV tasks running
[root@master ~]# ipa-replica-manage list-ruv -p Secret123
Replica Update Vectors:
master.ipa.test:389: 4
replica2.ipa.test:389: 7
Certificate Server Replica Update Vectors:
master.ipa.test:389: 6
replica2.ipa.test:389: 8
I'm not sure if this behavior is right, Ludwig may know.
--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.
From 2c84301fd071308c97066dd92945bf48d39ebd89 Mon Sep 17 00:00:00 2001
From: Oleg Fayans <ofay...@redhat.com>
Date: Wed, 12 Oct 2016 13:52:12 +0200
Subject: [PATCH] Automated clean-ruv subcommand tests
https://fedorahosted.org/freeipa/ticket/5964
---
ipatests/test_integration/test_topology.py | 95 ++++++++++++++++++++++++++++++
1 file changed, 95 insertions(+)
diff --git a/ipatests/test_integration/test_topology.py b/ipatests/test_integration/test_topology.py
index c095812c47121b15168ce2ef2db7e06bc9d07e28..dd8891a2ea8b5c2d21566b0f63523612acffc9cf 100644
--- a/ipatests/test_integration/test_topology.py
+++ b/ipatests/test_integration/test_topology.py
@@ -16,6 +16,20 @@ config = get_global_config()
reasoning = "Topology plugin disabled due to domain level 0"
+def iptables_flush(host):
+ def wrapper(func):
+ def wrapped(*args, **kwargs):
+ try:
+ func(*args)
+ finally:
+ evalhost = eval("args[0].%s" % host)
+ evalhost.run_command(['iptables', '-F'])
+ evalhost.run_command(['systemctl', 'enable', 'firewalld.service'])
+ evalhost.run_command(['systemctl', 'start', 'firewalld.service'])
+ return wrapped
+ return wrapper
+
+
def find_segment(master, replica):
result = master.run_command(['ipa', 'topologysegment-find',
DOMAIN_SUFFIX_NAME]).stdout_text
@@ -193,3 +207,84 @@ class TestTopologyOptions(IntegrationTest):
assert err == "", err
returncode, error = tasks.destroy_segment(self.master, "%s-to-%s" % replicas)
assert returncode == 0, error
+
+
+@pytest.mark.skipif(config.domain_level == 0, reason=reasoning)
+class TestCASpecificRUVs(IntegrationTest):
+ num_replicas = 2
+ topology = 'star'
+ username = 'testuser'
+ user_firstname = 'test'
+ user_lastname = 'user'
+
+ @iptables_flush("replicas[0]")
+ def test_delete_ruvs(self):
+ """
+ http://www.freeipa.org/page/V4/Manage_replication_topology_4_4/
+ Test_Plan#Test_case:_clean-ruv_subcommand
+ """
+ replica = self.replicas[0]
+ master = self.master
+ res1 = master.run_command(['ipa-replica-manage', 'list-ruv', '-p',
+ master.config.dirman_password]).stdout_text
+ assert(res1.count(replica.hostname) == 2 and
+ "Certificate Server Replica Update Vectors" in res1), (
+ "CA-specific RUVs are not displayed")
+ ruvid_re = re.compile(".*%s:389: (\d+).*" % replica.hostname)
+ replica_ruvs = ruvid_re.findall(res1)
+ # Find out the number of RUVids
+ assert(len(replica_ruvs) == 2), (
+ "The output should display 2 RUV ids of the selected replica")
+
+ # Block replication to preserve replica-specific RUVs
+ replica.run_command(['systemctl', 'disable', 'firewalld.service'])
+ replica.run_command(['systemctl', 'stop', 'firewalld.service'])
+ replica.run_command([
+ 'iptables',
+ '-A', 'INPUT',
+ '-j', 'ACCEPT',
+ '-p', 'tcp',
+ '--dport', '22'
+ ])
+ replica.run_command([
+ 'iptables',
+ '-A', 'INPUT',
+ '-j', 'REJECT',
+ '-p', 'all',
+ '--source', self.master.ip
+ ])
+ master.run_command(['ipa-replica-manage', 'clean-ruv',
+ replica_ruvs[1], '-p',
+ master.config.dirman_password, '-f'])
+ res2 = master.run_command(['ipa-replica-manage',
+ 'list-ruv', '-p',
+ master.config.dirman_password]).stdout_text
+
+ assert(res2.count(replica.hostname) == 1), (
+ "CA RUV of the replica is still displayed")
+ master.run_command(['ipa-replica-manage', 'clean-ruv',
+ replica_ruvs[0], '-p',
+ master.config.dirman_password, '-f'])
+ res3 = master.run_command(['ipa-replica-manage', 'list-ruv', '-p',
+ master.config.dirman_password]).stdout_text
+ assert(replica.hostname not in res3), (
+ "replica's RUV is still displayed")
+
+ def test_replica_uninstall_deletes_ruvs(self):
+ """
+ http://www.freeipa.org/page/V4/Manage_replication_topology_4_4/Test_Plan
+ #Test_case:_.2A-ruv_subcommands_of_ipa-replica-manage_are_extended
+ _to_handle_CA-specific_RUVs
+ """
+ master = self.master
+ replica = self.replicas[1]
+ res1 = master.run_command(['ipa-replica-manage', 'list-ruv', '-p',
+ master.config.dirman_password]).stdout_text
+ assert(res1.count(replica.hostname) == 2), (
+ "Did not find proper number of replica hostname (%s) occurrencies"
+ " in the command output: %s" % (replica.hostname, res1))
+ tasks.uninstall_master(replica)
+ res2 = master.run_command(['ipa-replica-manage', 'list-ruv', '-p',
+ master.config.dirman_password]).stdout_text
+ assert(replica.hostname not in res2), (
+ "Replica RUVs were not clean during replica uninstallation")
--
2.7.4
From 32e0f721849a7e1af9eb4be8709fac2ab6bb3da1 Mon Sep 17 00:00:00 2001
From: Oleg Fayans <ofay...@redhat.com>
Date: Wed, 12 Oct 2016 13:54:12 +0200
Subject: [PATCH] Automated ipa-replica-manage del tests
---
ipatests/test_integration/test_topology.py | 72 ++++++++++++++++++++++++++++++
1 file changed, 72 insertions(+)
diff --git a/ipatests/test_integration/test_topology.py b/ipatests/test_integration/test_topology.py
index dd8891a2ea8b5c2d21566b0f63523612acffc9cf..f64eec1cf394f1308adc898496972aae3018e122 100644
--- a/ipatests/test_integration/test_topology.py
+++ b/ipatests/test_integration/test_topology.py
@@ -288,3 +288,75 @@ class TestCASpecificRUVs(IntegrationTest):
master.config.dirman_password]).stdout_text
assert(replica.hostname not in res2), (
"Replica RUVs were not clean during replica uninstallation")
+
+
+class TestReplicaManageDel(IntegrationTest):
+ domain_level = 0
+ topology = 'star'
+ num_replicas = 3
+
+ def test_replica_managed_del_domlevel0(self):
+ """
+ http://www.freeipa.org/page/V4/Manage_replication_topology_4_4/
+ Test_Plan#Test_case:_ipa-replica-manage_del_with_turned_off_replica
+ _under_domain_level_0_keeps_ca-related_RUVs
+ """
+ master = self.master
+ replica = self.replicas[0]
+ replica.run_command(['ipactl', 'stop'])
+ master.run_command(['ipa-replica-manage', 'del', '-f', '-p',
+ master.config.dirman_password, replica.hostname])
+ result = master.run_command(['ipa-replica-manage', 'list-ruv',
+ '-p', master.config.dirman_password])
+ num_ruvs = result.stdout_text.count(replica.hostname)
+ assert(num_ruvs == 1), ("Expected to find 1 replica's RUV, found %s" %
+ num_ruvs)
+ ruvid_re = re.compile(".*%s:389: (\d+).*" % replica.hostname)
+ replica_ruvs = ruvid_re.findall(result.stdout_text)
+ master.run_command(['ipa-replica-manage', 'clean-ruv', '-f',
+ '-p', master.config.dirman_password,
+ replica_ruvs[0]])
+ result2 = master.run_command(['ipa-replica-manage', 'list-ruv',
+ '-p', master.config.dirman_password])
+ assert(replica.hostname not in result2.stdout_text), (
+ "Replica's RUV was not properly removed")
+
+ def test_clean_dangling_ruv_multi_ca(self):
+ """
+ http://www.freeipa.org/page/V4/Manage_replication_topology_4_4/
+ Test_Plan#Test_case:_ipa-replica-manage_clean-dangling-ruv_in_a
+ _multi-CA_setup
+ """
+ master = self.master
+ replica = self.replicas[1]
+ replica.run_command(['ipa-server-install', '--uninstall', '-U'])
+ master.run_command(['ipa-replica-manage', 'del', '-f', '-p',
+ master.config.dirman_password, replica.hostname])
+ result1 = master.run_command(['ipa-replica-manage', 'list-ruv', '-p',
+ master.config.dirman_password])
+ ruvid_re = re.compile(".*%s:389: (\d+).*" % replica.hostname)
+ assert(ruvid_re.search(result1.stdout_text)), (
+ "Replica's RUV should not be removed under domain level 0")
+ master.run_command(['ipa-replica-manage', 'clean-dangling-ruv', '-p',
+ master.config.dirman_password], stdin_text="yes\n")
+ result2 = master.run_command(['ipa-replica-manage', 'list-ruv', '-p',
+ master.config.dirman_password])
+ assert(replica.hostname not in result2.stdout_text), (
+ "Replica's RUV was not removed by a clean-dangling-ruv command")
+
+ def test_replica_managed_del_domlevel1(self):
+ """
+ http://www.freeipa.org/page/V4/Manage_replication_topology_4_4/
+ Test_Plan#Test_case:_ipa-replica-manage_del_with_turned_off_replica
+ _under_domain_level_1_removes_ca-related_RUVs
+ """
+ master = self.master
+ replica = self.replicas[2]
+ master.run_command(['ipa', 'domainlevel-set', '1'])
+ replica.run_command(['ipactl', 'stop'])
+ master.run_command(['ipa-replica-manage', 'del', '-f', '-p',
+ master.config.dirman_password, replica.hostname])
+ result = master.run_command(['ipa-replica-manage', 'list-ruv',
+ '-p', master.config.dirman_password])
+ assert(replica.hostname not in result.stdout_text), (
+ "Replica's RUV was not properly removed")
--
2.7.4
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
