URL: https://github.com/freeipa/freeipa/pull/3772 Author: mrizwan93 Title: #3772: [backport][ipa-4-7] Installation of replica against a specific server Action: opened
PR body: """ Test to check replica install against specific server. It uses master and replica1 without CA and having custodia service stopped. Then try to install replica2 from replica1 and expect it to get fail as specified server is not providing all the services. related ticket: https://pagure.io/freeipa/issue/7566 Signed-off-by: Mohammad Rizwan Yusuf <myu...@redhat.com> Reviewed-By: Florence Blanc-Renaud <f...@redhat.com> Reviewed-By: Rob Crittenden <rcrit...@redhat.com> Conflicts: ipatests/test_integration/test_installation.py """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3772/head:pr3772 git checkout pr3772
From c3530fdf8ae5b1747dc5293b2f7a670fad4354b6 Mon Sep 17 00:00:00 2001 From: Mohammad Rizwan Yusuf <myu...@redhat.com> Date: Wed, 5 Sep 2018 21:30:38 +0530 Subject: [PATCH] Installation of replica against a specific server Test to check replica install against specific server. It uses master and replica1 without CA and having custodia service stopped. Then try to install replica2 from replica1 and expect it to get fail as specified server is not providing all the services. related ticket: https://pagure.io/freeipa/issue/7566 Signed-off-by: Mohammad Rizwan Yusuf <myu...@redhat.com> Reviewed-By: Florence Blanc-Renaud <f...@redhat.com> Reviewed-By: Rob Crittenden <rcrit...@redhat.com> Conflicts: ipatests/test_integration/test_installation.py --- .../test_integration/test_installation.py | 165 ++++++++++++++++++ 1 file changed, 165 insertions(+) diff --git a/ipatests/test_integration/test_installation.py b/ipatests/test_integration/test_installation.py index e047bce759..1b488d61c3 100644 --- a/ipatests/test_integration/test_installation.py +++ b/ipatests/test_integration/test_installation.py @@ -735,3 +735,168 @@ def test_files_ownership_and_permission_teardown(self): """ Method to restore the default bashrc contents""" if self.bashrc_file is not None: self.master.put_file_contents('/root/.bashrc', self.bashrc_file) + + +class TestInstallMasterReplica(IntegrationTest): + """https://pagure.io/freeipa/issue/7929 + Problem: + If a replica installation fails before all the services + have been enabled then + it could leave things in a bad state. + + ipa-replica-manage del --cleanup --force + invalid 'PKINIT enabled server': all masters must have + IPA master role enabled + + Root cause was that configuredServices were being + considered when determining what masters provide + what services, so a partially installed master + could cause operations to fail on other masters, + to the point where a broken master couldn't be removed. + """ + num_replicas = 1 + topology = 'star' + + @classmethod + def install(cls, mh): + tasks.install_master(cls.master, setup_kra=True) + # do not install KRA on replica, it is part of test + tasks.install_replica(cls.master, cls.replicas[0], setup_kra=False) + + def test_replicamanage_del(self): + """Test Steps: + 1. Setup server + 2. Setup replica + 3. modify the replica entry on Master: + ldapmodify -D cn="Directory Manager"-w <passwd> + dn: cn=KDC,cn=<replicaFQDN>,cn=masters,cn=ipa,cn=etc,<baseDN> + changetype: modify + delete: ipaconfigstring + ipaconfigstring: enabledService + + dn: cn=KDC,cn=<replicaFQDN>,cn=masters,cn=ipa,cn=etc,<baseDN> + add: ipaconfigstring + ipaconfigstring: configuredService + 4. On master, + run ipa-replica-manage del <replicaFQDN> --cleanup --force + """ + # https://pagure.io/freeipa/issue/7929 + # modify the replica entry on Master + cmd_output = None + dn_entry = 'dn: cn=KDC,cn=%s,cn=masters,cn=ipa,' \ + 'cn=etc,%s' % \ + (self.replicas[0].hostname, + ipautil.realm_to_suffix( + self.replicas[0].domain.realm).ldap_text()) + entry_ldif = textwrap.dedent(""" + {dn} + changetype: modify + delete: ipaconfigstring + ipaconfigstring: enabledService + + {dn} + add: ipaconfigstring + ipaconfigstring: configuredService + """).format(dn=dn_entry) + cmd_output = tasks.ldapmodify_dm(self.master, entry_ldif) + assert 'modifying entry' in cmd_output.stdout_text + + cmd_output = self.master.run_command([ + 'ipa-replica-manage', 'del', + self.replicas[0].hostname, '--cleanup', '--force' + ]) + + assert_text = 'Deleted IPA server "%s"' % self.replicas[0].hostname + assert assert_text in cmd_output.stdout_text + + +class TestInstallReplicaAgainstSpecificServer(IntegrationTest): + """Installation of replica against a specific server + + Test to check replica install against specific server. It uses master and + replica1 without CA and having custodia service stopped. Then try to + install replica2 from replica1 and expect it to get fail as specified + server is not providing all the services. + + related ticket: https://pagure.io/freeipa/issue/7566 + """ + + num_replicas = 2 + + @classmethod + def install(cls, mh): + tasks.install_master(cls.master, setup_kra=True) + + # install replica1 without CA + cmd = tasks.install_replica(cls.master, cls.replicas[0], + setup_ca=False, setup_dns=True, + promote=False) + + # check for warning that CA is not installed on server + warn = 'WARNING: The CA service is only installed on one server' + assert warn in cmd.stderr_text + + def test_replica_install_against_server_without_ca(self): + """Replica install will fail complaining about CA role + and exit code 4""" + + # stop custodia service on replica1 + self.replicas[0].run_command('systemctl stop ipa-custodia.service') + + # check if custodia service is stopped + cmd = self.replicas[0].run_command('ipactl status') + assert 'ipa-custodia Service: STOPPED' in cmd.stdout_text + + try: + # install replica2 against replica1, as CA is not installed on + # replica1, installation on replica2 should fail + cmd = tasks.install_replica(self.replicas[0], self.replicas[1], + promote=False, raiseonerr=False) + assert cmd.returncode == 4 + error = "please provide a server with the CA role" + assert error in cmd.stderr_text + + finally: + tasks.uninstall_master(self.replicas[1], + ignore_topology_disconnect=True, + ignore_last_of_role=True) + + def test_replica_install_against_server_without_kra(self): + """Replica install will fail complaining about KRA role + and exit code 4""" + + # install ca on replica1 + tasks.install_ca(self.replicas[0]) + try: + # install replica2 against replica1, as KRA is not installed on + # replica1(CA installed), installation should fail on replica2 + cmd = tasks.install_replica(self.replicas[0], self.replicas[1], + promote=False, setup_kra=True, + raiseonerr=False) + assert cmd.returncode == 4 + error = "please provide a server with the KRA role" + assert error in cmd.stderr_text + + finally: + tasks.uninstall_master(self.replicas[1], + ignore_topology_disconnect=True, + ignore_last_of_role=True) + + def test_replica_install_against_server(self): + """Replica install should succeed if specified server provide all + the services""" + + tasks.install_replica(self.master, self.replicas[1], + setup_dns=True, promote=False) + + # check if replication agreement stablished between master + # and replica2 only. + cmd = self.replicas[1].run_command(['ipa-replica-manage', 'list', + self.replicas[0].hostname]) + assert self.replicas[0].hostname not in cmd.stdout_text + + dirman_password = self.master.config.dirman_password + cmd = self.replicas[1].run_command(['ipa-csreplica-manage', 'list', + self.replicas[0].hostname], + stdin_text=dirman_password) + assert self.replicas[0].hostname not in cmd.stdout_text
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
