def test_replica_uninstall_deletes_ruvs(self): """ http://www.freeipa.org/page/V4/Manage_replication_topology_4_4/Test_Plan #Test_case:_.2A-ruv_subcommands_of_ipa-replica-manage_are_extended _to_handle_CA-specific_RUVs """ master = self.master replica = self.replicas[1] res1 = master.run_command([ 'ipa-replica-manage', 'list-ruv', '-p', master.config.dirman_password ]).stdout_text assert (res1.count(replica.hostname) == 2), ( "Did not find proper number of replica hostname (%s) occurrencies" " in the command output: %s" % (replica.hostname, res1)) master.run_command([ 'ipa-replica-manage', 'del', replica.hostname, '-p', master.config.dirman_password ]) tasks.uninstall_master(replica) res2 = master.run_command([ 'ipa-replica-manage', 'list-ruv', '-p', master.config.dirman_password ]).stdout_text assert (replica.hostname not in res2), ( "Replica RUVs were not clean during replica uninstallation")
def test_full_backup_and_restore_with_selinux_booleans_off(self): """regression test for https://fedorahosted.org/freeipa/ticket/4157""" tasks.uninstall_master(self.master) tasks.install_master(self.master) with restore_checker(self.master): backup_path = backup(self.master) logger.info('Backup path for %s is %s', self.master, backup_path) self.master.run_command( ['ipa-server-install', '--uninstall', '-U']) self.master.run_command([ 'setsebool', '-P', 'httpd_can_network_connect=off', 'httpd_manage_ipa=off', ]) dirman_password = self.master.config.dirman_password self.master.run_command(['ipa-restore', backup_path], stdin_text=dirman_password + '\nyes') result = self.master.run_command([ 'getsebool', 'httpd_can_network_connect', 'httpd_manage_ipa', ]) assert 'httpd_can_network_connect --> on' in result.stdout_text assert 'httpd_manage_ipa --> on' in result.stdout_text
def test_automatic_renewal_master_transfer_ondelete(self): # Test that after master uninstallation, replica overtakes the cert # renewal master role tasks.uninstall_master(self.replicas[0]) result = self.master.run_command(['ipa', 'config-show']).stdout_text assert("IPA CA renewal master: %s" % self.master.hostname in result), ( "Master hostname not found among CA renewal masters" )
def test_automatic_renewal_master_transfer_ondelete(self): # Test that after master uninstallation, replica overtakes the cert # renewal master role tasks.uninstall_master(self.replicas[0]) result = self.master.run_command(['ipa', 'config-show']).stdout_text assert ("IPA CA renewal master: %s" % self.master.hostname in result), ( "Master hostname not found among CA renewal masters")
def test_uninstall(self): """ Test server uninstallation when a different profile was present before server installation """ # uninstall must revert to the preconfigured profile tasks.uninstall_master(self.master) check_authselect_profile( self.master, preconfigured_profile, preconfigured_options)
def test_uninstall(self): """ Test server uninstallation when a different profile was present before server installation """ # uninstall must revert to the preconfigured profile tasks.uninstall_master(self.master) check_authselect_profile( self.master, preconfigured_profile, preconfigured_options)
def wrapped(*args): master = args[0].master create_broken_resolv_conf(master) try: func(*args) finally: tasks.uninstall_master(master, clean=False) restore_resolv_conf(master) ipa_certs_cleanup(master)
def test_ignore_topology_disconnect_replica2(self): """ tests that removal of replica2 with '--ignore-topology-disconnect' destroys master for good """ check_master_removal(self.client, self.replica2.hostname, ignore_topology_disconnect=True) # reinstall the replica tasks.uninstall_master(self.replica2) tasks.install_replica(self.master, self.replica2, setup_ca=True)
def test_ignore_topology_disconnect_replica2(self): """ tests that removal of replica2 with '--ignore-topology-disconnect' destroys master for good """ check_master_removal( self.client, self.replica2.hostname, ignore_topology_disconnect=True ) # reinstall the replica tasks.uninstall_master(self.replica2) tasks.install_replica(self.master, self.replica2, setup_ca=True)
def test_replica_uninstall_deletes_ruvs(self): """ http://www.freeipa.org/page/V4/Manage_replication_topology_4_4/Test_Plan #Test_case:_.2A-ruv_subcommands_of_ipa-replica-manage_are_extended _to_handle_CA-specific_RUVs """ master = self.master replica = self.replicas[1] res1 = master.run_command(['ipa-replica-manage', 'list-ruv', '-p', master.config.dirman_password]).stdout_text assert(res1.count(replica.hostname) == 2), ( "Did not find proper number of replica hostname (%s) occurrencies" " in the command output: %s" % (replica.hostname, res1)) tasks.uninstall_master(replica) res2 = master.run_command(['ipa-replica-manage', 'list-ruv', '-p', master.config.dirman_password]).stdout_text assert(replica.hostname not in res2), ( "Replica RUVs were not clean during replica uninstallation")
def test_topology_updated_on_replica_install_remove(self): """ Install and remove a replica and make sure topology information is updated on all other replicas Testcase: http://www.freeipa.org/page/V4/Manage_replication_topology/ Test_plan#Test_case: _Replication_topology_should_be_saved_in_the_LDAP_tree """ tasks.kinit_admin(self.master) result1 = self.master.run_command( ['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]).stdout_text segment_name = self.segmentnames_re.findall(result1)[0] assert (self.master.hostname in segment_name), ( "Segment %s does not contain master hostname" % segment_name) assert (self.replicas[0].hostname in segment_name), ( "Segment %s does not contain replica hostname" % segment_name) tasks.install_replica(self.master, self.replicas[1], setup_ca=False, setup_dns=False) # We need to make sure topology information is consistent across all # replicas result2 = self.master.run_command( ['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]) result3 = self.replicas[0].run_command( ['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]) result4 = self.replicas[1].run_command( ['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]) segments = self.tokenize_topologies(result2.stdout_text) assert (len(segments) == 2), "Unexpected number of segments found" assert_deepequal(result2.stdout_text, result3.stdout_text) assert_deepequal(result3.stdout_text, result4.stdout_text) # Now let's check that uninstalling the replica will update the topology # info on the rest of replicas. # first step of uninstallation is removal of the replica on other # master, then it can be uninstalled. Doing it the other way is also # possible, but not reliable - some data might not be replicated. tasks.clean_replication_agreement(self.master, self.replicas[1]) tasks.uninstall_master(self.replicas[1]) result5 = self.master.run_command( ['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]) num_entries = self.noentries_re.search(result5.stdout_text).group(1) assert (num_entries == "1"), "Incorrect number of entries displayed"
def test_topology_updated_on_replica_install_remove(self): """ Install and remove a replica and make sure topology information is updated on all other replicas Testcase: http://www.freeipa.org/page/V4/Manage_replication_topology/ Test_plan#Test_case: _Replication_topology_should_be_saved_in_the_LDAP_tree """ tasks.kinit_admin(self.master) result1 = self.master.run_command(['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]).stdout_text segment_name = self.segmentnames_re.findall(result1)[0] assert(self.master.hostname in segment_name), ( "Segment %s does not contain master hostname" % segment_name) assert(self.replicas[0].hostname in segment_name), ( "Segment %s does not contain replica hostname" % segment_name) tasks.install_replica(self.master, self.replicas[1], setup_ca=False, setup_dns=False) # We need to make sure topology information is consistent across all # replicas result2 = self.master.run_command(['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]) result3 = self.replicas[0].run_command(['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]) result4 = self.replicas[1].run_command(['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]) segments = self.tokenize_topologies(result2.stdout_text) assert(len(segments) == 2), "Unexpected number of segments found" assert_deepequal(result2.stdout_text, result3.stdout_text) assert_deepequal(result3.stdout_text, result4.stdout_text) # Now let's check that uninstalling the replica will update the topology # info on the rest of replicas. # first step of uninstallation is removal of the replica on other # master, then it can be uninstalled. Doing it the other way is also # possible, but not reliable - some data might not be replicated. tasks.clean_replication_agreement(self.master, self.replicas[1]) tasks.uninstall_master(self.replicas[1]) result5 = self.master.run_command(['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]) num_entries = self.noentries_re.search(result5.stdout_text).group(1) assert(num_entries == "1"), "Incorrect number of entries displayed"
def test_full_backup_and_restore_with_removed_users(self): """regression test for https://fedorahosted.org/freeipa/ticket/3866""" tasks.uninstall_master(self.master) tasks.install_master(self.master) with restore_checker(self.master): backup_path = backup(self.master) logger.info('Backup path for %s is %s', self.master, backup_path) self.master.run_command( ['ipa-server-install', '--uninstall', '-U']) homedir = os.path.join(self.master.config.test_dir, 'testuser_homedir') self.master.run_command( ['useradd', 'ipatest_user1', '--system', '-d', homedir]) try: dirman_password = self.master.config.dirman_password self.master.run_command(['ipa-restore', backup_path], stdin_text=dirman_password + '\nyes') finally: self.master.run_command(['userdel', 'ipatest_user1'])
def test_replica_install_after_restore(self): master = self.master replica1 = self.replicas[0] replica2 = self.replicas[1] tasks.install_master(master) tasks.install_replica(master, replica1) check_replication(master, replica1, "testuser1") # backup master. backup_path = backup(master) suffix = ipautil.realm_to_suffix(master.domain.realm) suffix = escape_dn_chars(str(suffix)) tf = NamedTemporaryFile() ldif_file = tf.name entry_ldif = ( "dn: cn=meTo{hostname},cn=replica," "cn={suffix}," "cn=mapping tree,cn=config\n" "changetype: modify\n" "replace: nsds5ReplicaEnabled\n" "nsds5ReplicaEnabled: off\n\n" "dn: cn=caTo{hostname},cn=replica," "cn=o\\3Dipaca,cn=mapping tree,cn=config\n" "changetype: modify\n" "replace: nsds5ReplicaEnabled\n" "nsds5ReplicaEnabled: off").format( hostname=replica1.hostname, suffix=suffix) master.put_file_contents(ldif_file, entry_ldif) # disable replication agreement arg = ['ldapmodify', '-h', master.hostname, '-p', '389', '-D', str(master.config.dirman_dn), # pylint: disable=no-member '-w', master.config.dirman_password, '-f', ldif_file] master.run_command(arg) # uninstall master. tasks.uninstall_master(master) # master restore. dirman_password = master.config.dirman_password master.run_command(['ipa-restore', backup_path], stdin_text=dirman_password + '\nyes') # re-initialize topology after restore. topo_name = "{}-to-{}".format(master.hostname, replica1.hostname) for topo_suffix in 'domain', 'ca': arg = ['ipa', 'topologysegment-reinitialize', topo_suffix, topo_name, '--left'] replica1.run_command(arg) # wait sometime for re-initialization tasks.wait_for_replication(replica1.ldap_connect()) # install second replica after restore tasks.install_replica(master, replica2) check_replication(master, replica2, "testuser2")
def uninstall(cls, mh): tasks.uninstall_master(cls.master) for replica in cls.replicas: tasks.uninstall_master(replica) for client in cls.clients: tasks.uninstall_client(client)
def test_replica_install_after_restore(self): master = self.master replica1 = self.replicas[0] replica2 = self.replicas[1] tasks.install_master(master) tasks.install_replica(master, replica1) check_replication(master, replica1, "testuser1") # backup master. backup_path = backup(master) suffix = ipautil.realm_to_suffix(master.domain.realm) suffix = escape_dn_chars(str(suffix)) tf = NamedTemporaryFile() ldif_file = tf.name entry_ldif = ("dn: cn=meTo{hostname},cn=replica," "cn={suffix}," "cn=mapping tree,cn=config\n" "changetype: modify\n" "replace: nsds5ReplicaEnabled\n" "nsds5ReplicaEnabled: off\n\n" "dn: cn=caTo{hostname},cn=replica," "cn=o\\3Dipaca,cn=mapping tree,cn=config\n" "changetype: modify\n" "replace: nsds5ReplicaEnabled\n" "nsds5ReplicaEnabled: off").format( hostname=replica1.hostname, suffix=suffix) master.put_file_contents(ldif_file, entry_ldif) # disable replication agreement arg = [ 'ldapmodify', '-h', master.hostname, '-p', '389', '-D', str(master.config.dirman_dn), # pylint: disable=no-member '-w', master.config.dirman_password, '-f', ldif_file ] master.run_command(arg) # uninstall master. tasks.uninstall_master(master) # master restore. dirman_password = master.config.dirman_password master.run_command(['ipa-restore', backup_path], stdin_text=dirman_password + '\nyes') # re-initialize topology after restore. topo_name = "{}-to-{}".format(master.hostname, replica1.hostname) for topo_suffix in 'domain', 'ca': arg = [ 'ipa', 'topologysegment-reinitialize', topo_suffix, topo_name, '--left' ] replica1.run_command(arg) # wait sometime for re-initialization tasks.wait_for_replication(replica1.ldap_connect()) # install second replica after restore tasks.install_replica(master, replica2) check_replication(master, replica2, "testuser2")
def uninstall(cls, mh): tasks.uninstall_master(cls.master) for replica in cls.replicas: tasks.uninstall_master(replica) for client in cls.clients: tasks.uninstall_client(client)