def uninstall(cls, mh): # For this test, we need to uninstall DNSSEC master last # Find which server is DNSSec master result = cls.master.run_command(["ipa", "config-show"]).stdout_text matches = list(re.finditer('IPA DNSSec key master: (.*)', result)) if len(matches) == 1: # Found the DNSSec master dnssec_master_hostname = matches[0].group(1) for replica in cls.replicas + [cls.master]: if replica.hostname == dnssec_master_hostname: dnssec_master = replica else: # By default consider that the master is DNSSEC dnssec_master = cls.master for replica in cls.replicas + [cls.master]: if replica == dnssec_master: # Skip this one continue try: tasks.run_server_del(dnssec_master, replica.hostname, force=True, ignore_topology_disconnect=True, ignore_last_of_role=True) except subprocess.CalledProcessError: # If the master has already been uninstalled, # this call may fail pass tasks.uninstall_master(replica) tasks.uninstall_master(dnssec_master)
def check_master_removal(host, hostname_to_remove, force=False, ignore_topology_disconnect=False, ignore_last_of_role=False): result = tasks.run_server_del( host, hostname_to_remove, force=force, ignore_topology_disconnect=ignore_topology_disconnect, ignore_last_of_role=ignore_last_of_role) assert result.returncode == 0 if force: assert ("Forcing removal of {hostname}".format( hostname=hostname_to_remove) in result.stderr_text) if ignore_topology_disconnect: assert "Ignoring topology connectivity errors." in result.stderr_text if ignore_last_of_role: assert ("Ignoring these warnings and proceeding with removal" in result.stderr_text) tasks.assert_error( host.run_command( ['ipa', 'server-show', hostname_to_remove], raiseonerr=False ), "{}: server not found".format(hostname_to_remove), returncode=2 )
def test_removal_of_master_raises_error_about_last_dns(self): """ Now server-del should complain about the removal of last DNS server """ tasks.assert_error( tasks.run_server_del(self.replicas[0], self.master.hostname), "Deleting this server will leave your installation " "without a DNS.", 1)
def test_removal_of_master_raises_error_about_last_ca(self): """ test that removal of master fails on the last """ tasks.assert_error( tasks.run_server_del(self.replicas[0], self.master.hostname), "Deleting this server is not allowed as it would leave your " "installation without a CA.", 1)
def test_removal_of_master_raises_error_about_dnssec(self): tasks.assert_error( tasks.run_server_del(self.replicas[0], self.master.hostname), "Replica is active DNSSEC key master. Uninstall " "could break your DNS system. Please disable or replace " "DNSSEC key master first.", 1 )
def uninstall(cls, mh): for replica in cls.replicas: try: tasks.run_server_del(cls.master, replica.hostname, force=True, ignore_topology_disconnect=True, ignore_last_of_role=True) except subprocess.CalledProcessError: # If the master has already been uninstalled, # this call may fail pass tasks.uninstall_master(replica) tasks.uninstall_master(cls.master) for client in cls.clients: tasks.uninstall_client(client) if cls.fips_mode: cls.disable_fips_mode()
def test_removal_of_nonexistent_master_raises_error(self): """ tests that removal of non-existent master raises an error """ hostname = u'bogus-master.bogus.domain' err_message = "{}: server not found".format(hostname) tasks.assert_error(tasks.run_server_del(self.client, hostname), err_message, returncode=2)
def test_removal_of_master_raises_error_about_last_dns(self): """ Now server-del should complain about the removal of last DNS server """ tasks.assert_error( tasks.run_server_del(self.replicas[0], self.master.hostname), "Deleting this server will leave your installation " "without a DNS.", 1 )
def test_removal_of_master_raises_error_about_last_ca(self): """ test that removal of master fails on the last """ tasks.assert_error( tasks.run_server_del(self.replicas[0], self.master.hostname), "Deleting this server is not allowed as it would leave your " "installation without a CA.", 1 )
def test_uninstall_with_ignore_last_of_role(self): """Test uninstallation of the CRL generation master When --ignore-last-of-role is provided, uninstall prints a msg but gets executed. """ # Make sure CRL gen is enabled on the master check_crlgen_enable(self.master) # call uninstall with --ignore-last-of-role, should be OK result = self.master.run_command([ 'ipa-server-install', '--uninstall', '-U', '--ignore-last-of-role' ]) expected_msg = "Deleting this server will leave your installation " \ "without a CRL generation master" assert expected_msg in result.stdout_text tasks.run_server_del(self.replicas[0], self.master.hostname, force=True, ignore_topology_disconnect=True, ignore_last_of_role=True)
def test_removal_of_nonexistent_master_raises_error(self): """ tests that removal of non-existent master raises an error """ hostname = u'bogus-master.bogus.domain' err_message = "{}: server not found".format(hostname) tasks.assert_error( tasks.run_server_del(self.client, hostname), err_message, returncode=2 )
def test_removal_of_server_raises_error_about_last_kra(self, restart_ipa): """ test that removal of server fails on the last KRA We shut it down to verify that it can be removed if it failed. """ tasks.install_kra(self.master) self.master.run_command(['ipactl', 'stop']) tasks.assert_error( tasks.run_server_del(self.replicas[0], self.master.hostname), "Deleting this server is not allowed as it would leave your " "installation without a KRA.", 1)
def test_forced_removal_of_nonexistent_master(self): """ tests that removal of non-existent master with '--force' does not raise an error """ hostname = u'bogus-master.bogus.domain' result = tasks.run_server_del(self.client, hostname, force=True) assert result.returncode == 0 assert ('Deleted IPA server "{}"'.format(hostname) in result.stdout_text) assert ("Server has already been deleted" in result.stderr_text)
def test_forced_removal_of_nonexistent_master(self): """ tests that removal of non-existent master with '--force' does not raise an error """ hostname = u'bogus-master.bogus.domain' result = tasks.run_server_del(self.client, hostname, force=True) assert result.returncode == 0 assert ('Deleted IPA server "{}"'.format(hostname) in result.stdout_text) assert ("Server has already been deleted" in result.stderr_text)
def check_master_removal(host, hostname_to_remove, force=False, ignore_topology_disconnect=False, ignore_last_of_role=False): result = tasks.run_server_del( host, hostname_to_remove, force=force, ignore_topology_disconnect=ignore_topology_disconnect, ignore_last_of_role=ignore_last_of_role) assert result.returncode == 0 if force: assert ("Forcing removal of {hostname}".format( hostname=hostname_to_remove) in result.stderr_text) if ignore_topology_disconnect: assert "Ignoring topology connectivity errors." in result.stderr_text if ignore_last_of_role: assert ("Ignoring these warnings and proceeding with removal" in result.stderr_text) tasks.assert_error(host.run_command( ['ipa', 'server-show', hostname_to_remove], raiseonerr=False), "{}: server not found".format(hostname_to_remove), returncode=2) # Only run the pki command if there is a CA installed on the machine result = host.run_command( [ 'ipa', 'server-role-find', '--server', host.hostname, '--status', 'enabled', '--role', 'CA server', ], raiseonerr=False, ) if result.returncode == 0: host.run_command(['pki', 'client', 'init', '--force']) result = host.run_command( ['pki', 'securitydomain-host-find'], stdin_text='y\n', ).stdout_text assert hostname_to_remove not in result
def check_removal_disconnects_topology( host, hostname_to_remove, affected_suffixes=(DOMAIN_SUFFIX_NAME, )): result = tasks.run_server_del(host, hostname_to_remove) assert len(affected_suffixes) <= 2 err_messages_by_suffix = { CA_SUFFIX_NAME: REMOVAL_ERR_TEMPLATE.format(hostname=hostname_to_remove, suffix=CA_SUFFIX_NAME), DOMAIN_SUFFIX_NAME: REMOVAL_ERR_TEMPLATE.format(hostname=hostname_to_remove, suffix=DOMAIN_SUFFIX_NAME) } for suffix, err_str in err_messages_by_suffix.items(): if suffix in affected_suffixes: tasks.assert_error(result, err_str, returncode=1) else: assert err_str not in result.stderr_text
def check_removal_disconnects_topology( host, hostname_to_remove, affected_suffixes=(DOMAIN_SUFFIX_NAME,)): result = tasks.run_server_del(host, hostname_to_remove) assert len(affected_suffixes) <= 2 err_messages_by_suffix = { CA_SUFFIX_NAME: REMOVAL_ERR_TEMPLATE.format( hostname=hostname_to_remove, suffix=CA_SUFFIX_NAME ), DOMAIN_SUFFIX_NAME: REMOVAL_ERR_TEMPLATE.format( hostname=hostname_to_remove, suffix=DOMAIN_SUFFIX_NAME ) } for suffix in err_messages_by_suffix: if suffix in affected_suffixes: tasks.assert_error( result, err_messages_by_suffix[suffix], returncode=1) else: assert err_messages_by_suffix[suffix] not in result.stderr_text