URL: https://github.com/freeipa/freeipa/pull/1568 Author: Rezney Title: #1568: [Backport][ipa-4-5] - ipatest: replica install with existing entry on master Action: opened
PR body: """ replica install might fail because of existing entry for replica like `cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX` etc. The situation may arise due to incorrect uninstall of replica or ipa server-del is not executed on master. related bug : https://pagure.io/freeipa/issue/7174 Fixes: https://pagure.io/freeipa/issue/7276 Signed-off-by: Mohammad Rizwan Yusuf <myu...@redhat.com> Reviewed-By: Christian Heimes <chei...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1568/head:pr1568 git checkout pr1568
From 0725ee9ae0a4bf70fe39a60e0836fa3b1e00418f Mon Sep 17 00:00:00 2001 From: Mohammad Rizwan Yusuf <myu...@redhat.com> Date: Wed, 22 Nov 2017 16:54:33 +0530 Subject: [PATCH] ipatest: replica install with existing entry on master replica install might fail because of existing entry for replica like `cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX` etc. The situation may arise due to incorrect uninstall of replica or ipa server-del is not executed on master. related bug : https://pagure.io/freeipa/issue/7174 Fixes: https://pagure.io/freeipa/issue/7276 Signed-off-by: Mohammad Rizwan Yusuf <myu...@redhat.com> Reviewed-By: Christian Heimes <chei...@redhat.com> --- .../test_integration/test_replica_promotion.py | 44 ++++++++++++++++++++++ .../test_integration/test_replication_layouts.py | 2 +- 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py index bc52566f15..4629d1ff05 100644 --- a/ipatests/test_integration/test_replica_promotion.py +++ b/ipatests/test_integration/test_replica_promotion.py @@ -3,6 +3,8 @@ # import time +from tempfile import NamedTemporaryFile +import textwrap import pytest from ipatests.test_integration.base import IntegrationTest from ipatests.pytest_plugins.integration import tasks @@ -483,3 +485,45 @@ def test_automatic_renewal_master_transfer_ondelete(self): assert("IPA CA renewal master: %s" % self.master.hostname in result), ( "Master hostname not found among CA renewal masters" ) + + +class TestReplicaInstallWithExistingEntry(IntegrationTest): + """replica install might fail because of existing entry for replica like + `cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX` etc. The situation + may arise due to incorrect uninstall of replica. + + https://pagure.io/freeipa/issue/7174""" + + num_replicas = 1 + + def test_replica_install_with_existing_entry(self): + master = self.master + tasks.install_master(master) + replica = self.replicas[0] + tf = NamedTemporaryFile() + ldif_file = tf.name + base_dn = "dc=%s" % (",dc=".join(replica.domain.name.split("."))) + # adding entry for replica on master so that master will have it before + # replica installtion begins and creates a situation for pagure-7174 + entry_ldif = textwrap.dedent(""" + dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,{base_dn} + changetype: modify + add: memberPrincipal + memberPrincipal: HTTP/{hostname}@{realm} + + dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,{base_dn} + changetype: modify + add: memberPrincipal + memberPrincipal: ldap/{hostname}@{realm}""").format( + base_dn=base_dn, hostname=replica.hostname, + realm=replica.domain.name.upper()) + master.put_file_contents(ldif_file, entry_ldif) + arg = ['ldapmodify', + '-h', master.hostname, + '-p', '389', '-D', + str(master.config.dirman_dn), # pylint: disable=no-member + '-w', master.config.dirman_password, + '-f', ldif_file] + master.run_command(arg) + + tasks.install_replica(master, replica) diff --git a/ipatests/test_integration/test_replication_layouts.py b/ipatests/test_integration/test_replication_layouts.py index f1408453b3..d631cad60a 100644 --- a/ipatests/test_integration/test_replication_layouts.py +++ b/ipatests/test_integration/test_replication_layouts.py @@ -1,5 +1,5 @@ # -# Copyright (C) 2015 FreeIPA Contributors see COPYING for license +# Copyright (C) 2017 FreeIPA Contributors see COPYING for license # import time
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org