URL: https://github.com/freeipa/freeipa/pull/1106 Author: Rezney Title: #1106: tests: add host zone with overlap Action: opened
PR body: """ This patch is mainly for test_forced_client_reenrolment suite where when we are not in control of our client DNS we create an overlap zone in order to get the host records updated. This also sets resolv.conf before every ipa-client-install to the ipa master. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1106/head:pr1106 git checkout pr1106
From 30a2b7e5ad9c0205c0ab13ef0589e0beb952b15a Mon Sep 17 00:00:00 2001 From: Michal Reznik <mrez...@redhat.com> Date: Wed, 13 Sep 2017 16:31:41 +0200 Subject: [PATCH] tests: add host zone with overlap This patch is mainly for test_forced_client_reenrolment suite where when we are not in control of our client DNS we create an overlap zone in order to get the host records updated. This also sets resolv.conf before every ipa-client-install to the ipa master. --- ipatests/pytest_plugins/integration/tasks.py | 40 +++++++++++++++++++ .../test_forced_client_reenrollment.py | 46 +++++++++++++++------- 2 files changed, 71 insertions(+), 15 deletions(-) diff --git a/ipatests/pytest_plugins/integration/tasks.py b/ipatests/pytest_plugins/integration/tasks.py index 9d3955d993..2cd50ecf6b 100644 --- a/ipatests/pytest_plugins/integration/tasks.py +++ b/ipatests/pytest_plugins/integration/tasks.py @@ -1322,3 +1322,43 @@ def ldappasswd_user_change(user, oldpw, newpw, master): args = [paths.LDAPPASSWD, '-D', userdn, '-w', oldpw, '-a', oldpw, '-s', newpw, '-x'] master.run_command(args) + + +def get_host_zone(host): + """ + Get zone the host belongs to. + + Returns str + """ + domain = host.domain.name + result = host.run_command(['dig', domain, 'soa', '+short']) + if result.returncode != 0: + return None + soa = result.stdout_text.split()[0] + host_zone = str(soa.split('.', 1)[1]) + return host_zone + + +def add_host_zone(master, host_zone, skip_overlap_check=False, + dynamic_update=False, add_a_record_hosts=None): + """ + Add DNS zone of the host if it differs from the domain in the + config and is not already added. + """ + + result = master.run_command( + ['ipa', 'dnszone-show', host_zone], raiseonerr=False) + + if result.returncode != 0: + command = ['ipa', 'dnszone-add', host_zone] + if skip_overlap_check: + command.append('--skip-overlap-check') + if dynamic_update: + command.append('--dynamic-update=True') + + master.run_command(command) + + if add_a_record_hosts: + for host in add_a_record_hosts: + master.run_command(['ipa', 'dnsrecord-add', host_zone, + host.hostname + ".", '--a-rec', host.ip]) diff --git a/ipatests/test_integration/test_forced_client_reenrollment.py b/ipatests/test_integration/test_forced_client_reenrollment.py index 9b514e38ea..89173dcf59 100644 --- a/ipatests/test_integration/test_forced_client_reenrollment.py +++ b/ipatests/test_integration/test_forced_client_reenrollment.py @@ -22,6 +22,7 @@ import subprocess from ipaplatform.paths import paths import pytest +import time from ipatests.test_integration.base import IntegrationTest from ipatests.pytest_plugins.integration import tasks @@ -43,6 +44,12 @@ class TestForcedClientReenrollment(IntegrationTest): def install(cls, mh): super(TestForcedClientReenrollment, cls).install(mh) tasks.install_master(cls.master) + # In cases where client is managed by upstream DNS server we overlap + # its zone so we can save DNS records for comparison. + host_zone = tasks.get_host_zone(cls.clients[0]) + servers = [cls.master] + cls.replicas + tasks.add_host_zone(cls.master, host_zone, skip_overlap_check=True, + dynamic_update=True, add_a_record_hosts=servers) tasks.install_replica(cls.master, cls.replicas[0], setup_ca=False) cls.BACKUP_KEYTAB = os.path.join( cls.master.config.test_dir, @@ -155,20 +162,22 @@ def uninstall_client(self): def restore_client(self): client = self.clients[0] - client.run_command([ - 'iptables', - '-A', 'INPUT', - '-j', 'ACCEPT', - '-p', 'tcp', - '--dport', '22' - ]) - client.run_command([ - 'iptables', - '-A', 'INPUT', - '-j', 'REJECT', - '-p', 'all', - '--source', self.master.ip - ]) + for host in [self.master] + self.replicas: + + client.run_command([ + 'iptables', + '-A', 'INPUT', + '-j', 'ACCEPT', + '-p', 'tcp', + '--dport', '22' + ]) + client.run_command([ + 'iptables', + '-A', 'INPUT', + '-j', 'REJECT', + '-p', 'all', + '--source', host.ip + ]) self.uninstall_client() client.run_command(['iptables', '-F']) @@ -245,8 +254,11 @@ def get_sshfp_record(self): sshfp_record = '' client_host = self.clients[0].hostname.split('.')[0] + # Get zone the client belongs to. + client_zone = tasks.get_host_zone(self.clients[0]) + result = self.master.run_command( - ['ipa', 'dnsrecord-show', self.master.domain.name, client_host] + ['ipa', 'dnsrecord-show', client_zone, client_host] ) lines = result.stdout_text.splitlines() @@ -270,6 +282,7 @@ def restore_keytab(self): contents = self.master.get_file_contents(self.BACKUP_KEYTAB) self.clients[0].put_file_contents(self.BACKUP_KEYTAB, contents) + @classmethod def fix_resolv_conf(self, client, server): """ Put server's ip address at the top of resolv.conf @@ -284,6 +297,9 @@ def fix_resolv_conf(self, client, server): @pytest.fixture() def client(request): + # Here we call "fix_resolv_conf" method before every ipa-client-install so + # we get the client pointing to ipa master as DNS server. + request.cls.fix_resolv_conf(request.cls.clients[0], request.cls.master) tasks.install_client(request.cls.master, request.cls.clients[0]) def teardown_client():
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org