Re: [Freeipa-devel] CI DNS locations: basic test for SRV records

[Martin Basti]

On 18.07.2016 13:18, Petr Spacek wrote:

On 8.7.2016 14:01, Martin Basti wrote:

See commit message for details. Patch attached.


This test does not cover:

* NTP service records

* ipa-ca A/ records

* ADTrust records

Should I open tickets to cover cases above?

ACK


Pushed to master: 72b2c8a54de09d6e5c1cc82c951d5bfd06938e88

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] CI DNS locations: basic test for SRV records

[Petr Spacek]

On 8.7.2016 14:01, Martin Basti wrote:
> See commit message for details. Patch attached.
> 
> 
> This test does not cover:
> 
> * NTP service records
> 
> * ipa-ca A/ records
> 
> * ADTrust records
> 
> Should I open tickets to cover cases above?

ACK

-- 
Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] CI DNS locations: basic test for SRV records

[Martin Basti]

See commit message for details. Patch attached.


This test does not cover:

* NTP service records

* ipa-ca A/ records

* ADTrust records

Should I open tickets to cover cases above?

From 63335082b23a8ecc4195bece9944b74d4ca3f795 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Mon, 4 Jul 2016 14:20:03 +0200
Subject: [PATCH] CI: DNS locations

This test is testing default IPA system records in locations, if
priority and weight were properly set per service, per server, per
location.
---
 ipatests/test_integration/tasks.py  |   7 +
 ipatests/test_integration/test_dns_locations.py | 261 
 ipatests/test_integration/test_dnssec.py|  26 +--
 3 files changed, 277 insertions(+), 17 deletions(-)
 create mode 100644 ipatests/test_integration/test_dns_locations.py

diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py
index 5be7cdae3ac777bbf0fc52e6c511969e9fabcd72..5ce2595c078e093adc3af024d41ddb5fb6892776 100644
--- a/ipatests/test_integration/tasks.py
+++ b/ipatests/test_integration/tasks.py
@@ -1173,3 +1173,10 @@ def assert_error(result, stderr_text, returncode=None):
 assert result.returncode == returncode
 else:
 assert result.returncode > 0
+
+
+def restart_named(*args):
+time.sleep(20)  # give a time to DNSSEC daemons to provide keys for named
+for host in args:
+host.run_command(["systemctl", "restart", "named-pkcs11.service"])
+time.sleep(20)  # give a time to named to be ready (zone loading)
diff --git a/ipatests/test_integration/test_dns_locations.py b/ipatests/test_integration/test_dns_locations.py
new file mode 100644
index ..e37e1dde35831a3087a4fd5cdd3c77cb887d0c51
--- /dev/null
+++ b/ipatests/test_integration/test_dns_locations.py
@@ -0,0 +1,261 @@
+#
+# Copyright (C) 2016  FreeIPA Contributors see COPYING for license
+#
+import time
+import dns.resolver
+import dns.rrset
+import dns.rdatatype
+import dns.rdataclass
+
+from ipatests.test_integration.base import IntegrationTest
+from ipatests.test_integration import tasks
+from ipapython.dnsutil import DNSName
+
+IPA_DEFAULT_MASTER_SRV_REC = (
+# srv record name, port
+(DNSName(u'_ldap._tcp'), 389),
+(DNSName(u'_kerberos._tcp'), 88),
+(DNSName(u'_kerberos._udp'), 88),
+(DNSName(u'_kerberos-master._tcp'), 88),
+(DNSName(u'_kerberos-master._udp'), 88),
+(DNSName(u'_kpasswd._tcp'), 464),
+(DNSName(u'_kpasswd._udp'), 464),
+)
+
+
+def resolve_records_from_server(rname, rtype, nameserver, logger):
+res = dns.resolver.Resolver()
+res.nameservers = [nameserver]
+res.lifetime = 10
+logger.debug("Query: %s %s, nameserver %s", rname, rtype, nameserver)
+ans = res.query(rname, rtype)
+logger.debug("Answer: %s", ans.rrset)
+return ans.rrset
+
+
+def _gen_expected_srv_rrset(rname, port, servers, ttl=86400):
+rdata_list = [
+"{prio} {weight} {port} {servername}".format(
+prio=prio,
+weight=weight,
+port=port,
+servername=servername.make_absolute()
+)
+for prio, weight, servername in servers
+]
+return dns.rrset.from_text_list(
+rname, ttl, dns.rdataclass.IN, dns.rdatatype.SRV, rdata_list
+)
+
+
+class TestDNSLocations(IntegrationTest):
+"""Simple test if SRV DNS records for IPA locations are generated properly
+
+Topology:
+* 3 servers (replica0 --- master --- replica1)
+* 2 locations (prague, paris)
+"""
+num_replicas = 2
+topology = 'star'
+
+LOC_PRAGUE = u'prague'
+LOC_PARIS = u'paris'
+
+PRIO_HIGH = 0
+PRIO_LOW = 50
+WEIGHT = 100
+
+@classmethod
+def install(cls, mh):
+tasks.install_master(cls.master, setup_dns=True)
+tasks.install_replica(cls.master, cls.replicas[0], setup_dns=True,
+  setup_ca=False)
+tasks.install_replica(cls.master, cls.replicas[1], setup_dns=True,
+  setup_ca=False)
+
+for host in (cls.master, cls.replicas[0], cls.replicas[1]):
+ldap = host.ldap_connect()
+tasks.wait_for_replication(ldap)
+
+# give time to named to retrieve new records
+time.sleep(20)
+
+def _test_against_server(self, server_ip, domain, expected_servers):
+for rname, port in IPA_DEFAULT_MASTER_SRV_REC:
+name_abs = rname.derelativize(domain)
+expected = _gen_expected_srv_rrset(
+name_abs, port, expected_servers)
+query = resolve_records_from_server(
+name_abs, 'SRV', server_ip, self.log)
+assert expected == query, (
+"Expected and received DNS data do not match on server "
+"with IP: '{}' for name '{}' (expected:\n{}\ngot:\n{})".format(
+server_ip, name_abs, expected, query))
+
+def