def check_replication(source_host, dest_host, login):
source_host.run_command([
"ipa", "user-add", login,
"--first", "test",
"--last", "user"
])
source_ldap = source_host.ldap_connect()
tasks.wait_for_replication(source_ldap)
ldap = dest_host.ldap_connect()
tasks.wait_for_replication(ldap)
# Check using LDAP
basedn = dest_host.domain.basedn
user_dn = DN(
("uid", login), ("cn", "users"),
("cn", "accounts"), basedn
)
entry = ldap.get_entry(user_dn)
assert entry.dn == user_dn
assert entry["uid"] == [login]
# Check using CLI
result = dest_host.run_command(['ipa', 'user-show', login])
assert "User login: {}".format(login) in result.stdout_text
def install(cls, mh):
tasks.install_master(cls.master, setup_dns=True)
tasks.install_replica(cls.master, cls.replicas[0], setup_dns=True,
setup_ca=False)
tasks.install_replica(cls.master, cls.replicas[1], setup_dns=True,
setup_ca=False)
for host in (cls.master, cls.replicas[0], cls.replicas[1]):
ldap = host.ldap_connect()
tasks.wait_for_replication(ldap)
# give time to named to retrieve new records
time.sleep(20)
def install(cls, mh):
cls.domain = DNSName(cls.master.domain.name).make_absolute()
tasks.install_master(cls.master, setup_dns=True)
tasks.install_replica(cls.master, cls.replicas[0], setup_dns=True,
setup_ca=False)
tasks.install_replica(cls.master, cls.replicas[1], setup_dns=True,
setup_ca=True)
for host in (cls.master, cls.replicas[0], cls.replicas[1]):
ldap = host.ldap_connect()
tasks.wait_for_replication(ldap)
# give time to named to retrieve new records
time.sleep(20)
def install(cls, mh):
cls.domain = DNSName(cls.master.domain.name).make_absolute()
tasks.install_master(cls.master, setup_dns=True)
tasks.install_replica(cls.master, cls.replicas[0], setup_dns=True,
setup_ca=False)
tasks.install_replica(cls.master, cls.replicas[1], setup_dns=True,
setup_ca=True, extra_args=(['--no-ntp']))
for host in (cls.master, cls.replicas[0], cls.replicas[1]):
ldap = host.ldap_connect()
tasks.wait_for_replication(ldap)
# give time to named to retrieve new records
time.sleep(20)
def test_add_remove_segment(self):
"""
Make sure a topology segment can be manually created and deleted
with the influence on the real topology
Testcase http://www.freeipa.org/page/V4/Manage_replication_topology/
Test_plan#Test_case:_Basic_CRUD_test
"""
tasks.kinit_admin(self.master)
# Install the second replica
tasks.install_replica(self.master, self.replicas[1], setup_ca=False,
setup_dns=False)
# turn a star into a ring
segment, err = tasks.create_segment(self.master,
self.replicas[0],
self.replicas[1])
assert err == "", err
# Make sure the new segment is shown by `ipa topologysegment-find`
result1 = self.master.run_command(['ipa', 'topologysegment-find',
DOMAIN_SUFFIX_NAME]).stdout_text
assert(segment['name'] in result1), (
"%s: segment not found" % segment['name'])
# Remove master <-> replica2 segment and make sure that the changes get
# there through replica1
# Since segment name can be one of master-to-replica2 or
# replica2-to-master, we need to determine the segment name dynamically
deleteme = find_segment(self.master, self.replicas[1])
returncode, error = tasks.destroy_segment(self.master, deleteme)
assert returncode == 0, error
# Wait till replication ends and make sure replica1 does not have
# segment that was deleted on master
replica1_ldap = self.replicas[0].ldap_connect()
tasks.wait_for_replication(replica1_ldap)
result3 = self.replicas[0].run_command(['ipa', 'topologysegment-find',
DOMAIN_SUFFIX_NAME]).stdout_text
assert(deleteme not in result3), "%s: segment still exists" % deleteme
# Create test data on master and make sure it gets all the way down to
# replica2 through replica1
self.master.run_command(['ipa', 'user-add', 'someuser',
'--first', 'test',
'--last', 'user'])
dest_ldap = self.replicas[1].ldap_connect()
tasks.wait_for_replication(dest_ldap)
result4 = self.replicas[1].run_command(['ipa', 'user-find'])
assert('someuser' in result4.stdout_text), 'User not found: someuser'
def test_replica_after_domain_upgrade(self):
tasks.kinit_admin(self.master)
tasks.kinit_admin(self.replicas[0])
self.master.run_command(['ipa', 'user-add', self.username,
'--first', 'test',
'--last', 'user'])
tasks.wait_for_replication(self.replicas[0].ldap_connect())
self.master.run_command(['ipa', 'domainlevel-set',
str(DOMAIN_LEVEL_1)])
result = self.replicas[0].run_command(['ipa', 'user-show',
self.username])
assert("User login: %s" % self.username in result.stdout_text), (
"A testuser was not found on replica after domain upgrade")
self.replicas[0].run_command(['ipa', 'user-del', self.username])
tasks.wait_for_replication(self.master.ldap_connect())
result1 = self.master.run_command(['ipa', 'user-show', self.username],
raiseonerr=False)
assert_error(result1, "%s: user not found" % self.username, 2)
def test_replica_after_domain_upgrade(self):
tasks.kinit_admin(self.master)
tasks.kinit_admin(self.replicas[0])
self.master.run_command(['ipa', 'user-add', self.username,
'--first', 'test',
'--last', 'user'])
tasks.wait_for_replication(self.replicas[0].ldap_connect())
self.master.run_command(['ipa', 'domainlevel-set',
str(DOMAIN_LEVEL_1)])
result = self.replicas[0].run_command(['ipa', 'user-show',
self.username])
assert("User login: %s" % self.username in result.stdout_text), (
"A testuser was not found on replica after domain upgrade")
self.replicas[0].run_command(['ipa', 'user-del', self.username])
tasks.wait_for_replication(self.master.ldap_connect())
result1 = self.master.run_command(['ipa', 'user-show', self.username],
raiseonerr=False)
assert_error(result1, "%s: user not found" % self.username, 2)
def check_replication(self, source_host, dest_host, login):
source_host.run_command(
['ipa', 'user-add', login, '--first', 'test', '--last', 'user'])
source_ldap = source_host.ldap_connect()
tasks.wait_for_replication(source_ldap)
ldap = dest_host.ldap_connect()
tasks.wait_for_replication(ldap)
# Check using LDAP
basedn = dest_host.domain.basedn
user_dn = DN(('uid', login), ('cn', 'users'), ('cn', 'accounts'),
basedn)
entry = ldap.get_entry(user_dn)
print(entry)
assert entry.dn == user_dn
assert entry['uid'] == [login]
# Check using CLI
result = dest_host.run_command(['ipa', 'user-show', login])
assert 'User login: %s' % login in result.stdout_text
def check_replication(self, source_host, dest_host, login):
source_host.run_command(['ipa', 'user-add', login,
'--first', 'test',
'--last', 'user'])
source_ldap = source_host.ldap_connect()
tasks.wait_for_replication(source_ldap)
ldap = dest_host.ldap_connect()
tasks.wait_for_replication(ldap)
# Check using LDAP
basedn = dest_host.domain.basedn
user_dn = DN(('uid', login), ('cn', 'users'), ('cn', 'accounts'),
basedn)
entry = ldap.get_entry(user_dn)
print(entry)
assert entry.dn == user_dn
assert entry['uid'] == [login]
# Check using CLI
result = dest_host.run_command(['ipa', 'user-show', login])
assert 'User login: %s' % login in result.stdout_text
def test_replica_install_after_restore(self):
master = self.master
replica1 = self.replicas[0]
replica2 = self.replicas[1]
tasks.install_master(master)
tasks.install_replica(master, replica1)
check_replication(master, replica1, "testuser1")
# backup master.
backup_path = backup(master)
suffix = ipautil.realm_to_suffix(master.domain.realm)
suffix = escape_dn_chars(str(suffix))
tf = NamedTemporaryFile()
ldif_file = tf.name
entry_ldif = ("dn: cn=meTo{hostname},cn=replica,"
"cn={suffix},"
"cn=mapping tree,cn=config\n"
"changetype: modify\n"
"replace: nsds5ReplicaEnabled\n"
"nsds5ReplicaEnabled: off\n\n"
"dn: cn=caTo{hostname},cn=replica,"
"cn=o\\3Dipaca,cn=mapping tree,cn=config\n"
"changetype: modify\n"
"replace: nsds5ReplicaEnabled\n"
"nsds5ReplicaEnabled: off").format(
hostname=replica1.hostname, suffix=suffix)
master.put_file_contents(ldif_file, entry_ldif)
# disable replication agreement
arg = [
'ldapmodify',
'-h',
master.hostname,
'-p',
'389',
'-D',
str(master.config.dirman_dn), # pylint: disable=no-member
'-w',
master.config.dirman_password,
'-f',
ldif_file
]
master.run_command(arg)
# uninstall master.
tasks.uninstall_master(master)
# master restore.
dirman_password = master.config.dirman_password
master.run_command(['ipa-restore', backup_path],
stdin_text=dirman_password + '\nyes')
# re-initialize topology after restore.
topo_name = "{}-to-{}".format(master.hostname, replica1.hostname)
for topo_suffix in 'domain', 'ca':
arg = [
'ipa', 'topologysegment-reinitialize', topo_suffix, topo_name,
'--left'
]
replica1.run_command(arg)
# wait sometime for re-initialization
tasks.wait_for_replication(replica1.ldap_connect())
# install second replica after restore
tasks.install_replica(master, replica2)
check_replication(master, replica2, "testuser2")
def test_replica_install_after_restore(self):
master = self.master
replica1 = self.replicas[0]
replica2 = self.replicas[1]
tasks.install_master(master)
tasks.install_replica(master, replica1)
check_replication(master, replica1, "testuser1")
# backup master.
backup_path = backup(master)
suffix = ipautil.realm_to_suffix(master.domain.realm)
suffix = escape_dn_chars(str(suffix))
tf = NamedTemporaryFile()
ldif_file = tf.name
entry_ldif = (
"dn: cn=meTo{hostname},cn=replica,"
"cn={suffix},"
"cn=mapping tree,cn=config\n"
"changetype: modify\n"
"replace: nsds5ReplicaEnabled\n"
"nsds5ReplicaEnabled: off\n\n"
"dn: cn=caTo{hostname},cn=replica,"
"cn=o\\3Dipaca,cn=mapping tree,cn=config\n"
"changetype: modify\n"
"replace: nsds5ReplicaEnabled\n"
"nsds5ReplicaEnabled: off").format(
hostname=replica1.hostname,
suffix=suffix)
master.put_file_contents(ldif_file, entry_ldif)
# disable replication agreement
arg = ['ldapmodify',
'-h', master.hostname,
'-p', '389', '-D',
str(master.config.dirman_dn), # pylint: disable=no-member
'-w', master.config.dirman_password,
'-f', ldif_file]
master.run_command(arg)
# uninstall master.
tasks.uninstall_master(master)
# master restore.
dirman_password = master.config.dirman_password
master.run_command(['ipa-restore', backup_path],
stdin_text=dirman_password + '\nyes')
# re-initialize topology after restore.
topo_name = "{}-to-{}".format(master.hostname, replica1.hostname)
for topo_suffix in 'domain', 'ca':
arg = ['ipa',
'topologysegment-reinitialize',
topo_suffix,
topo_name,
'--left']
replica1.run_command(arg)
# wait sometime for re-initialization
tasks.wait_for_replication(replica1.ldap_connect())
# install second replica after restore
tasks.install_replica(master, replica2)
check_replication(master, replica2, "testuser2")