URL: https://github.com/freeipa/freeipa/pull/5700 Author: flo-renaud Title: #5700: [Backport][ipa-4-9] ipatests: TestIpaHealthCheck now needs 1 client Action: opened
PR body: """ This is a manual backport of PR #5696 to ipa-4-9 branch. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5700/head:pr5700 git checkout pr5700
From 7f598c8d8306f847c0c9ded165d33b8c6435d759 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= <fc...@redhat.com> Date: Thu, 4 Mar 2021 07:10:13 +0100 Subject: [PATCH 1/9] ipatests: tasks.py: add wait_for_ipa_to_start MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit wait_for_ipa_to_start(host) waits for ipactl to return RUNNING for all IPA services on the specified host. Related: https://pagure.io/freeipa/issue/8534 Signed-off-by: François Cami <fc...@redhat.com> Reviewed-By: Florence Blanc-Renaud <f...@redhat.com> Reviewed-By: Rob Crittenden <rcrit...@redhat.com> Reviewed-By: Mohammad Rizwan Yusuf <myu...@redhat.com> --- ipatests/pytest_ipa/integration/tasks.py | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/ipatests/pytest_ipa/integration/tasks.py b/ipatests/pytest_ipa/integration/tasks.py index 8c4dd955371..3102e47a3fe 100755 --- a/ipatests/pytest_ipa/integration/tasks.py +++ b/ipatests/pytest_ipa/integration/tasks.py @@ -47,6 +47,7 @@ from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import rsa from cryptography.hazmat.backends import default_backend +from datetime import datetime, timedelta from ipapython import certdb from ipapython import ipautil @@ -2587,6 +2588,26 @@ def get_healthcheck_version(host): return healthcheck_version +def wait_for_ipa_to_start(host, timeout=60): + """Wait up to timeout seconds for ipa to start on a given host. + + If DS is restarted, and SSSD must be online, please consider using + wait_for_sssd_domain_status_online(host) in the test after calling + this method. + """ + interval = 1 + end_time = datetime.now() + timedelta(seconds=timeout) + for _i in range(0, timeout, interval): + if datetime.now() > end_time: + raise RuntimeError("Request timed out") + time.sleep(interval) + result = host.run_command( + [paths.IPACTL, "status"], raiseonerr=False + ) + if result.returncode == 0: + break + + def run_ssh_cmd( from_host=None, to_host=None, username=None, cmd=None, auth_method=None, password=None, private_key_path=None, From 18b03506d3f1f85656219699a0e9dda305b6885b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= <fc...@redhat.com> Date: Thu, 4 Mar 2021 08:02:00 +0100 Subject: [PATCH 2/9] ipatests: tasks.py: add dns_update_system_records MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add a frontend to "ipa dns-update-system-records" to tasks.py. Related: https://pagure.io/freeipa/issue/8534 Signed-off-by: François Cami <fc...@redhat.com> Reviewed-By: Florence Blanc-Renaud <f...@redhat.com> Reviewed-By: Rob Crittenden <rcrit...@redhat.com> Reviewed-By: Mohammad Rizwan Yusuf <myu...@redhat.com> --- ipatests/pytest_ipa/integration/tasks.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/ipatests/pytest_ipa/integration/tasks.py b/ipatests/pytest_ipa/integration/tasks.py index 3102e47a3fe..e443aa015e0 100755 --- a/ipatests/pytest_ipa/integration/tasks.py +++ b/ipatests/pytest_ipa/integration/tasks.py @@ -2608,6 +2608,15 @@ def wait_for_ipa_to_start(host, timeout=60): break +def dns_update_system_records(host): + """Runs "ipa dns-update-system-records" on "host". + """ + kinit_admin(host) + host.run_command( + ["ipa", "dns-update-system-records"] + ) + + def run_ssh_cmd( from_host=None, to_host=None, username=None, cmd=None, auth_method=None, password=None, private_key_path=None, From 9ad9c38ee00e46444e54c73b7ec5da16c66d4b93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= <fc...@redhat.com> Date: Thu, 4 Mar 2021 08:54:06 +0100 Subject: [PATCH 3/9] ipatests: hiddenreplica: use wait_for_ipa_to_start after restore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use wait_for_ipa_to_start to wait until the restored replica is online. Related: https://pagure.io/freeipa/issue/8534 Signed-off-by: François Cami <fc...@redhat.com> Reviewed-By: Florence Blanc-Renaud <f...@redhat.com> Reviewed-By: Rob Crittenden <rcrit...@redhat.com> Reviewed-By: Mohammad Rizwan Yusuf <myu...@redhat.com> --- ipatests/test_integration/test_replica_promotion.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py index 846913c8a9b..84c03de157e 100644 --- a/ipatests/test_integration/test_replica_promotion.py +++ b/ipatests/test_integration/test_replica_promotion.py @@ -1030,6 +1030,9 @@ def test_hidden_replica_backup_and_restore(self): stdin_text=dirman_password + '\nyes' ) + # wait for the replica to be available + tasks.wait_for_ipa_to_start(self.replicas[0]) + # give replication some time time.sleep(5) tasks.kinit_admin(self.replicas[0]) From 834adfc2b1cfcdb3486da2eabf0e9a1ee1ad96cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= <fc...@redhat.com> Date: Thu, 4 Mar 2021 10:15:35 +0100 Subject: [PATCH 4/9] ipatests: use wait_for_replication for hidden replica checks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Previously, hidden replica checks were run without waiting for replication to complete, potentially leading to unstable behavior. Use wait_for_replication. Fixes: https://pagure.io/freeipa/issue/8534 Signed-off-by: François Cami <fc...@redhat.com> Reviewed-By: Florence Blanc-Renaud <f...@redhat.com> Reviewed-By: Rob Crittenden <rcrit...@redhat.com> Reviewed-By: Mohammad Rizwan Yusuf <myu...@redhat.com> --- .../test_integration/test_replica_promotion.py | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py index 84c03de157e..80fb2184abb 100644 --- a/ipatests/test_integration/test_replica_promotion.py +++ b/ipatests/test_integration/test_replica_promotion.py @@ -951,8 +951,11 @@ def test_hidden_replica_promote(self): self.replicas[0].hostname, '--state=enabled' ]) self._check_server_role(self.replicas[0], 'enabled') - self._check_dnsrecords([self.master, self.replicas[0]]) + tasks.wait_for_replication( + self.replicas[0].ldap_connect() + ) self._check_config([self.master, self.replicas[0]]) + self._check_dnsrecords([self.master, self.replicas[0]]) result = self.replicas[0].run_command([ 'ipa', 'server-state', @@ -967,6 +970,10 @@ def test_hidden_replica_demote(self): self.replicas[0].hostname, '--state=hidden' ]) self._check_server_role(self.replicas[0], 'hidden') + tasks.wait_for_replication( + self.replicas[0].ldap_connect() + ) + self._check_config([self.master], [self.replicas[0]]) self._check_dnsrecords([self.master], [self.replicas[0]]) def test_replica_from_hidden(self): @@ -1030,14 +1037,11 @@ def test_hidden_replica_backup_and_restore(self): stdin_text=dirman_password + '\nyes' ) - # wait for the replica to be available - tasks.wait_for_ipa_to_start(self.replicas[0]) - - # give replication some time - time.sleep(5) + tasks.kinit_admin(self.master) tasks.kinit_admin(self.replicas[0]) - # FIXME: restore turns hidden replica into enabled replica + # restore turns a hidden replica into an enabled replica + # https://pagure.io/freeipa/issue/7894 self._check_config([self.master, self.replicas[0]]) self._check_server_role(self.replicas[0], 'enabled') From b1fef6b80a2102b2a28ab33e84e1bb827fddeeac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= <fc...@redhat.com> Date: Thu, 4 Mar 2021 10:35:15 +0100 Subject: [PATCH 5/9] ipatests: hidden replica: use dns_update_system_records MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use dns_update_system_records after restoring the replica to force-update the DNS records. Related: https://pagure.io/freeipa/issue/8534 Signed-off-by: François Cami <fc...@redhat.com> Reviewed-By: Florence Blanc-Renaud <f...@redhat.com> Reviewed-By: Rob Crittenden <rcrit...@redhat.com> Reviewed-By: Mohammad Rizwan Yusuf <myu...@redhat.com> --- ipatests/test_integration/test_replica_promotion.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py index 80fb2184abb..e4cbc24e6e6 100644 --- a/ipatests/test_integration/test_replica_promotion.py +++ b/ipatests/test_integration/test_replica_promotion.py @@ -954,6 +954,10 @@ def test_hidden_replica_promote(self): tasks.wait_for_replication( self.replicas[0].ldap_connect() ) + tasks.dns_update_system_records(self.master) + tasks.wait_for_replication( + self.master.ldap_connect() + ) self._check_config([self.master, self.replicas[0]]) self._check_dnsrecords([self.master, self.replicas[0]]) @@ -973,6 +977,10 @@ def test_hidden_replica_demote(self): tasks.wait_for_replication( self.replicas[0].ldap_connect() ) + tasks.dns_update_system_records(self.master) + tasks.wait_for_replication( + self.master.ldap_connect() + ) self._check_config([self.master], [self.replicas[0]]) self._check_dnsrecords([self.master], [self.replicas[0]]) From 45fa10434e1ee4c36ef0e3a0c3f88d447c71ba35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= <fc...@redhat.com> Date: Fri, 5 Mar 2021 08:52:00 +0100 Subject: [PATCH 6/9] ipatests: hidden replica: misc fixes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Rename a test and split a test in two. Related: https://pagure.io/freeipa/issue/8534 Signed-off-by: François Cami <fc...@redhat.com> Reviewed-By: Florence Blanc-Renaud <f...@redhat.com> Reviewed-By: Rob Crittenden <rcrit...@redhat.com> Reviewed-By: Mohammad Rizwan Yusuf <myu...@redhat.com> --- ipatests/test_integration/test_replica_promotion.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py index e4cbc24e6e6..822edefbbe9 100644 --- a/ipatests/test_integration/test_replica_promotion.py +++ b/ipatests/test_integration/test_replica_promotion.py @@ -922,7 +922,7 @@ def test_ipahealthcheck_hidden_replica(self): ) assert returncode == 0 - def test_hide_master_fails(self): + def test_hide_last_visible_server_fails(self): # verify state self._check_config([self.master], [self.replicas[0]]) # nothing to do @@ -961,6 +961,7 @@ def test_hidden_replica_promote(self): self._check_config([self.master, self.replicas[0]]) self._check_dnsrecords([self.master, self.replicas[0]]) + def test_promote_twice_fails(self): result = self.replicas[0].run_command([ 'ipa', 'server-state', self.replicas[0].hostname, '--state=enabled' From 0ffaf29a370d42d62ae4701fe7c1f5f885a7df2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= <fc...@redhat.com> Date: Thu, 11 Mar 2021 10:31:19 +0100 Subject: [PATCH 7/9] ipatests: mark test_ipahealthcheck_hidden_replica as expected failure MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit test_ipahealthcheck_hidden_replica fails due to: https://pagure.io/freeipa/issue/8582 Mark it as expected failure. Related: https://pagure.io/freeipa/issue/8534 Signed-off-by: François Cami <fc...@redhat.com> Reviewed-By: Florence Blanc-Renaud <f...@redhat.com> Reviewed-By: Rob Crittenden <rcrit...@redhat.com> Reviewed-By: Mohammad Rizwan Yusuf <myu...@redhat.com> --- ipatests/test_integration/test_replica_promotion.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py index 822edefbbe9..eb7ba590c5a 100644 --- a/ipatests/test_integration/test_replica_promotion.py +++ b/ipatests/test_integration/test_replica_promotion.py @@ -905,6 +905,9 @@ def test_hidden_replica_install(self): self._check_dnsrecords([self.master], [self.replicas[0]]) self._check_config([self.master], [self.replicas[0]]) + @pytest.mark.xfail( + reason='https://pagure.io/freeipa/issue/8582', strict=True + ) def test_ipahealthcheck_hidden_replica(self): """Ensure that ipa-healthcheck runs successfully on all members of an IPA cluster that includes a hidden replica. From a8c3f5f4374fdcdcca05ece7cdbcd8a769cc7c55 Mon Sep 17 00:00:00 2001 From: Carl George <carl@george.computer> Date: Wed, 31 Mar 2021 16:26:09 -0500 Subject: [PATCH 8/9] Also use uglifyjs on CentOS Stream 8 This conditional was recently changed to match VERSION_ID "8." to only apply to RHEL 8 releases, but it should also match CentOS Stream 8 which has VERSION_ID "8". https://pagure.io/freeipa/c/43f344b931db3f72f50e1620443be9f21623e29a Reviewed-By: Alexander Bokovoy <aboko...@redhat.com> --- install/ui/util/compile.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/ui/util/compile.sh b/install/ui/util/compile.sh index 01a4e6e74de..8f29b89ec85 100755 --- a/install/ui/util/compile.sh +++ b/install/ui/util/compile.sh @@ -112,7 +112,7 @@ fi echo "Minimizing: $RDIR/$RELEASE/$LAYER.js" echo "Target file: $OUTPUT_FILE" if [[ ("$ID" == "rhel" || "$ID_LIKE" =~ "rhel") - && "$VERSION_ID" =~ "8." ]]; + && ("$VERSION_ID" =~ "8." || "$VERSION_ID" == "8") ]]; then echo "Minifier: uglifyjs" uglifyjs < $RDIR/$RELEASE/$LAYER.js > $OUTPUT_FILE From 742703b28c65c5fe230ea377d4b2a32c307d6ce5 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud <f...@redhat.com> Date: Tue, 6 Apr 2021 15:34:38 +0200 Subject: [PATCH 9/9] ipatests: TestIpaHealthCheck now needs 1 client The test TestIpaHealthCheck has been updated with commit e86ff48 and now needs 1 master, 1 replica and 1 client in order to execute. Update the nightly definitions accordingly. Signed-off-by: Florence Blanc-Renaud <f...@redhat.com> --- ipatests/prci_definitions/nightly_ipa-4-9_latest.yaml | 2 +- ipatests/prci_definitions/nightly_ipa-4-9_latest_selinux.yaml | 2 +- ipatests/prci_definitions/nightly_ipa-4-9_previous.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ipatests/prci_definitions/nightly_ipa-4-9_latest.yaml b/ipatests/prci_definitions/nightly_ipa-4-9_latest.yaml index f273df16b82..62038e1b216 100644 --- a/ipatests/prci_definitions/nightly_ipa-4-9_latest.yaml +++ b/ipatests/prci_definitions/nightly_ipa-4-9_latest.yaml @@ -1364,7 +1364,7 @@ jobs: test_suite: test_integration/test_ipahealthcheck.py::TestIpaHealthCheck template: *ci-ipa-4-9-latest timeout: 5400 - topology: *master_1repl + topology: *master_1repl_1client fedora-latest-ipa-4-9/test_ipahealthcheck_nodns_extca_file: requires: [fedora-latest-ipa-4-9/build] diff --git a/ipatests/prci_definitions/nightly_ipa-4-9_latest_selinux.yaml b/ipatests/prci_definitions/nightly_ipa-4-9_latest_selinux.yaml index 8ceb5eab792..0d977914e1d 100644 --- a/ipatests/prci_definitions/nightly_ipa-4-9_latest_selinux.yaml +++ b/ipatests/prci_definitions/nightly_ipa-4-9_latest_selinux.yaml @@ -1471,7 +1471,7 @@ jobs: test_suite: test_integration/test_ipahealthcheck.py::TestIpaHealthCheck template: *ci-ipa-4-9-latest timeout: 5400 - topology: *master_1repl + topology: *master_1repl_1client fedora-latest-ipa-4-9/test_ipahealthcheck_nodns_extca_file: requires: [fedora-latest-ipa-4-9/build] diff --git a/ipatests/prci_definitions/nightly_ipa-4-9_previous.yaml b/ipatests/prci_definitions/nightly_ipa-4-9_previous.yaml index 5d3097d414c..d0132ca9d1c 100644 --- a/ipatests/prci_definitions/nightly_ipa-4-9_previous.yaml +++ b/ipatests/prci_definitions/nightly_ipa-4-9_previous.yaml @@ -1364,7 +1364,7 @@ jobs: test_suite: test_integration/test_ipahealthcheck.py::TestIpaHealthCheck template: *ci-ipa-4-9-previous timeout: 5400 - topology: *master_1repl + topology: *master_1repl_1client fedora-previous-ipa-4-9/test_ipahealthcheck_nodns_extca_file: requires: [fedora-previous-ipa-4-9/build]
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
