URL: https://github.com/freeipa/freeipa/pull/1106
Author: Rezney
Title: #1106: tests: add host zone with overlap
Action: opened
PR body:
"""
This patch is mainly for test_forced_client_reenrolment suite
where when we are not in control of our client DNS we create an
overlap zone in order to get the host records updated. This also
sets resolv.conf before every ipa-client-install to the ipa master.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1106/head:pr1106
git checkout pr1106
From 30a2b7e5ad9c0205c0ab13ef0589e0beb952b15a Mon Sep 17 00:00:00 2001
From: Michal Reznik <mrez...@redhat.com>
Date: Wed, 13 Sep 2017 16:31:41 +0200
Subject: [PATCH] tests: add host zone with overlap
This patch is mainly for test_forced_client_reenrolment suite
where when we are not in control of our client DNS we create an
overlap zone in order to get the host records updated. This also
sets resolv.conf before every ipa-client-install to the ipa master.
---
ipatests/pytest_plugins/integration/tasks.py | 40 +++++++++++++++++++
.../test_forced_client_reenrollment.py | 46 +++++++++++++++-------
2 files changed, 71 insertions(+), 15 deletions(-)
diff --git a/ipatests/pytest_plugins/integration/tasks.py b/ipatests/pytest_plugins/integration/tasks.py
index 9d3955d993..2cd50ecf6b 100644
--- a/ipatests/pytest_plugins/integration/tasks.py
+++ b/ipatests/pytest_plugins/integration/tasks.py
@@ -1322,3 +1322,43 @@ def ldappasswd_user_change(user, oldpw, newpw, master):
args = [paths.LDAPPASSWD, '-D', userdn, '-w', oldpw, '-a', oldpw,
'-s', newpw, '-x']
master.run_command(args)
+
+
+def get_host_zone(host):
+ """
+ Get zone the host belongs to.
+
+ Returns str
+ """
+ domain = host.domain.name
+ result = host.run_command(['dig', domain, 'soa', '+short'])
+ if result.returncode != 0:
+ return None
+ soa = result.stdout_text.split()[0]
+ host_zone = str(soa.split('.', 1)[1])
+ return host_zone
+
+
+def add_host_zone(master, host_zone, skip_overlap_check=False,
+ dynamic_update=False, add_a_record_hosts=None):
+ """
+ Add DNS zone of the host if it differs from the domain in the
+ config and is not already added.
+ """
+
+ result = master.run_command(
+ ['ipa', 'dnszone-show', host_zone], raiseonerr=False)
+
+ if result.returncode != 0:
+ command = ['ipa', 'dnszone-add', host_zone]
+ if skip_overlap_check:
+ command.append('--skip-overlap-check')
+ if dynamic_update:
+ command.append('--dynamic-update=True')
+
+ master.run_command(command)
+
+ if add_a_record_hosts:
+ for host in add_a_record_hosts:
+ master.run_command(['ipa', 'dnsrecord-add', host_zone,
+ host.hostname + ".", '--a-rec', host.ip])
diff --git a/ipatests/test_integration/test_forced_client_reenrollment.py b/ipatests/test_integration/test_forced_client_reenrollment.py
index 9b514e38ea..89173dcf59 100644
--- a/ipatests/test_integration/test_forced_client_reenrollment.py
+++ b/ipatests/test_integration/test_forced_client_reenrollment.py
@@ -22,6 +22,7 @@
import subprocess
from ipaplatform.paths import paths
import pytest
+import time
from ipatests.test_integration.base import IntegrationTest
from ipatests.pytest_plugins.integration import tasks
@@ -43,6 +44,12 @@ class TestForcedClientReenrollment(IntegrationTest):
def install(cls, mh):
super(TestForcedClientReenrollment, cls).install(mh)
tasks.install_master(cls.master)
+ # In cases where client is managed by upstream DNS server we overlap
+ # its zone so we can save DNS records for comparison.
+ host_zone = tasks.get_host_zone(cls.clients[0])
+ servers = [cls.master] + cls.replicas
+ tasks.add_host_zone(cls.master, host_zone, skip_overlap_check=True,
+ dynamic_update=True, add_a_record_hosts=servers)
tasks.install_replica(cls.master, cls.replicas[0], setup_ca=False)
cls.BACKUP_KEYTAB = os.path.join(
cls.master.config.test_dir,
@@ -155,20 +162,22 @@ def uninstall_client(self):
def restore_client(self):
client = self.clients[0]
- client.run_command([
- 'iptables',
- '-A', 'INPUT',
- '-j', 'ACCEPT',
- '-p', 'tcp',
- '--dport', '22'
- ])
- client.run_command([
- 'iptables',
- '-A', 'INPUT',
- '-j', 'REJECT',
- '-p', 'all',
- '--source', self.master.ip
- ])
+ for host in [self.master] + self.replicas:
+
+ client.run_command([
+ 'iptables',
+ '-A', 'INPUT',
+ '-j', 'ACCEPT',
+ '-p', 'tcp',
+ '--dport', '22'
+ ])
+ client.run_command([
+ 'iptables',
+ '-A', 'INPUT',
+ '-j', 'REJECT',
+ '-p', 'all',
+ '--source', host.ip
+ ])
self.uninstall_client()
client.run_command(['iptables', '-F'])
@@ -245,8 +254,11 @@ def get_sshfp_record(self):
sshfp_record = ''
client_host = self.clients[0].hostname.split('.')[0]
+ # Get zone the client belongs to.
+ client_zone = tasks.get_host_zone(self.clients[0])
+
result = self.master.run_command(
- ['ipa', 'dnsrecord-show', self.master.domain.name, client_host]
+ ['ipa', 'dnsrecord-show', client_zone, client_host]
)
lines = result.stdout_text.splitlines()
@@ -270,6 +282,7 @@ def restore_keytab(self):
contents = self.master.get_file_contents(self.BACKUP_KEYTAB)
self.clients[0].put_file_contents(self.BACKUP_KEYTAB, contents)
+ @classmethod
def fix_resolv_conf(self, client, server):
"""
Put server's ip address at the top of resolv.conf
@@ -284,6 +297,9 @@ def fix_resolv_conf(self, client, server):
@pytest.fixture()
def client(request):
+ # Here we call "fix_resolv_conf" method before every ipa-client-install so
+ # we get the client pointing to ipa master as DNS server.
+ request.cls.fix_resolv_conf(request.cls.clients[0], request.cls.master)
tasks.install_client(request.cls.master, request.cls.clients[0])
def teardown_client():
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
