URL: https://github.com/freeipa/freeipa/pull/1984 Author: mrizwan93 Title: #1984: Test to check second replica installation after master restore Action: opened
PR body: """ When master is restored from backup and replica1 is re-initialize, second replica installation was failing. The issue was with ipa-backup tool which was not backing up the /etc/ipa/custodia/custodia.conf and /etc/ipa/custodia/server.keys. related ticket: https://pagure.io/freeipa/issue/7247 Signed-off-by: Mohammad Rizwan Yusuf <myu...@redhat.com> Reviewed-By: Florence Blanc-Renaud <fren...@redhat.com> Reviewed-By: Christian Heimes <chei...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1984/head:pr1984 git checkout pr1984
From e0d280d854838c6c3bbadd0a9db91e5fef5711c1 Mon Sep 17 00:00:00 2001 From: Mohammad Rizwan Yusuf <myu...@redhat.com> Date: Fri, 2 Feb 2018 16:32:15 +0530 Subject: [PATCH] Test to check second replica installation after master restore When master is restored from backup and replica1 is re-initialize, second replica installation was failing. The issue was with ipa-backup tool which was not backing up the /etc/ipa/custodia/custodia.conf and /etc/ipa/custodia/server.keys. related ticket: https://pagure.io/freeipa/issue/7247 Signed-off-by: Mohammad Rizwan Yusuf <myu...@redhat.com> Reviewed-By: Florence Blanc-Renaud <fren...@redhat.com> Reviewed-By: Christian Heimes <chei...@redhat.com> --- .../test_integration/test_backup_and_restore.py | 118 ++++++++++++++++++++- 1 file changed, 117 insertions(+), 1 deletion(-) diff --git a/ipatests/test_integration/test_backup_and_restore.py b/ipatests/test_integration/test_backup_and_restore.py index 6e566c2b7b..6c159e7efc 100644 --- a/ipatests/test_integration/test_backup_and_restore.py +++ b/ipatests/test_integration/test_backup_and_restore.py @@ -23,14 +23,16 @@ import os import re import contextlib +from tempfile import NamedTemporaryFile from ipapython.dn import DN +from ipapython import ipautil from ipatests.test_integration.base import IntegrationTest from ipatests.pytest_plugins.integration import tasks from ipatests.test_integration.test_dnssec import wait_until_record_is_signed from ipatests.test_integration.test_simple_replication import check_replication from ipatests.util import assert_deepequal - +from ldap.dn import escape_dn_chars logger = logging.getLogger(__name__) @@ -534,3 +536,117 @@ def test_userroot_ldif_files_ownership(self): unexp_str = "CRITICAL: db2ldif failed:" assert cmd.returncode == 0 assert unexp_str not in cmd.stdout_text + + +class TestBackupAndRestoreDMPassword(IntegrationTest): + """Negative tests for incorrect DM password""" + topology = 'star' + + def test_restore_bad_dm_password(self): + """backup, uninstall, restore, wrong DM password (expect failure)""" + with restore_checker(self.master): + backup_path = backup(self.master) + + # No uninstall, just pure restore, the only case where + # prompting for the DM password matters. + result = self.master.run_command(['ipa-restore', backup_path], + stdin_text='badpass\nyes', + raiseonerr=False) + assert result.returncode == 1 + + def test_restore_dirsrv_not_running(self): + """backup, restore, dirsrv not running (expect failure)""" + + # Flying blind without the restore_checker so we can have + # an error thrown when dirsrv is down. + backup_path = backup(self.master) + + self.master.run_command(['ipactl', 'stop']) + + dirman_password = self.master.config.dirman_password + result = self.master.run_command( + ['ipa-restore', backup_path], + stdin_text=dirman_password + '\nyes', + raiseonerr=False) + assert result.returncode == 1 + + +class TestReplicaInstallAfterRestore(IntegrationTest): + """Test to check second replica installation after master restore + + When master is restored from backup and replica1 is re-initialize, + second replica installation was failing. The issue was with ipa-backup + tool which was not backing up the /etc/ipa/custodia/custodia.conf and + /etc/ipa/custodia/server.keys. + + related ticket: https://pagure.io/freeipa/issue/7247 + """ + + num_replicas = 2 + + def test_replica_install_after_restore(self): + master = self.master + replica1 = self.replicas[0] + replica2 = self.replicas[1] + + tasks.install_master(master) + tasks.install_replica(master, replica1) + check_replication(master, replica1, "testuser1") + + # backup master. + backup_path = backup(master) + + suffix = ipautil.realm_to_suffix(master.domain.realm) + suffix = escape_dn_chars(str(suffix)) + tf = NamedTemporaryFile() + ldif_file = tf.name + entry_ldif = ( + "dn: cn=meTo{hostname},cn=replica," + "cn={suffix}," + "cn=mapping tree,cn=config\n" + "changetype: modify\n" + "replace: nsds5ReplicaEnabled\n" + "nsds5ReplicaEnabled: off\n\n" + + "dn: cn=caTo{hostname},cn=replica," + "cn=o\\3Dipaca,cn=mapping tree,cn=config\n" + "changetype: modify\n" + "replace: nsds5ReplicaEnabled\n" + "nsds5ReplicaEnabled: off").format( + hostname=replica1.hostname, + suffix=suffix) + master.put_file_contents(ldif_file, entry_ldif) + + # disable replication agreement + arg = ['ldapmodify', + '-h', master.hostname, + '-p', '389', '-D', + str(master.config.dirman_dn), # pylint: disable=no-member + '-w', master.config.dirman_password, + '-f', ldif_file] + master.run_command(arg) + + # uninstall master. + tasks.uninstall_master(master) + + # master restore. + dirman_password = master.config.dirman_password + master.run_command(['ipa-restore', backup_path], + stdin_text=dirman_password + '\nyes') + + # re-initialize topology after restore. + topo_name = "{}-to-{}".format(master.hostname, replica1.hostname) + for topo_suffix in 'domain', 'ca': + arg = ['ipa', + 'topologysegment-reinitialize', + topo_suffix, + topo_name, + '--left'] + replica1.run_command(arg) + + # wait sometime for re-initialization + tasks.wait_for_replication(replica1.ldap_connect()) + + # install second replica after restore + tasks.install_replica(master, replica2) + check_replication(master, replica2, "testuser2")
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/SSKI3QEDJ352LJ2BVVH56BK6IATMIOQK/