def expire_cert_critical(): """ Fixture to expire the certs by moving the system date using date -s command and revert it back """ hosts = dict() def _expire_cert_critical(host, setup_kra=False): hosts['host'] = host # Do not install NTP as the test plays with the date tasks.install_master(host, setup_dns=False, extra_args=['--no-ntp']) if setup_kra: tasks.install_kra(host) # move date to expire certs tasks.move_date(host, 'stop', '+3Years+1day') yield _expire_cert_critical host = hosts.pop('host') # Prior to uninstall remove all the cert tracking to prevent # errors from certmonger trying to check the status of certs # that don't matter because we are uninstalling. host.run_command(['systemctl', 'stop', 'certmonger']) host.run_command(['rm', '-f', paths.CERTMONGER_REQUESTS_DIR + '/*']) tasks.uninstall_master(host) tasks.move_date(host, 'start', '-3Years-1day')
def _expire_cert_critical(host, setup_kra=False): hosts['host'] = host # Do not install NTP as the test plays with the date tasks.install_master(host, setup_dns=False, extra_args=['--no-ntp']) if setup_kra: tasks.install_kra(host) # move date to expire certs tasks.move_date(host, 'stop', '+3Years+1day')
def expire_ca_cert(self): tasks.install_master(self.master, setup_dns=False, extra_args=['--no-ntp']) tasks.move_date(self.master, 'stop', '+20Years+1day') yield tasks.uninstall_master(self.master) tasks.move_date(self.master, 'start', '-20Years-1day')
def expire_certs(self): # move system date to expire certs for host in self.master, self.replicas[0]: tasks.move_date(host, 'stop', '+3years+1days') yield # move date back on replica and master for host in self.master, self.replicas[0]: tasks.move_date(host, 'start', '-3years-1days')
def issue_and_expire_cert(self): """Fixture to expire cert by moving date past expiry of acme cert""" # enable the ACME service on master self.master.run_command(['ipa-acme-manage', 'enable']) # register the account with certbot certbot_register(self.clients[0], self.acme_server) # request a standalone acme cert certbot_standalone_cert(self.clients[0], self.acme_server) # move system date to expire acme cert for host in self.clients[0], self.master: tasks.kdestroy_all(host) tasks.move_date(host, 'stop', '+90days') tasks.get_kdcinfo(host) # Note raiseonerr=False: # the assert is located after kdcinfo retrieval. result = host.run_command( "KRB5_TRACE=/dev/stdout kinit %s" % 'admin', stdin_text='{0}\n{0}\n{0}\n'.format( self.clients[0].config.admin_password ), raiseonerr=False ) # Retrieve kdc.$REALM after the password change, just in case SSSD # domain status flipped to online during the password change. tasks.get_kdcinfo(host) assert result.returncode == 0 yield # move back date for host in self.clients[0], self.master: tasks.kdestroy_all(host) tasks.move_date(host, 'start', '-90days') tasks.kinit_admin(host)
def expire_cert_critical(): """ Fixture to expire the certs by moving the system date using date -s command and revert it back """ hosts = dict() def _expire_cert_critical(host, setup_kra=False): hosts['host'] = host # Do not install NTP as the test plays with the date tasks.install_master(host, setup_dns=False, extra_args=['--no-ntp']) if setup_kra: tasks.install_kra(host) # move date to expire certs tasks.move_date(host, 'stop', '+3Years+1day') yield _expire_cert_critical host = hosts.pop('host') tasks.uninstall_master(host) tasks.move_date(host, 'start', '-3Years-1day')