def test_automatic_renewal_master_transfer_ondelete(self):
# Test that after replica uninstallation, master overtakes the cert
# renewal master role from replica (which was previously set there)
tasks.uninstall_replica(self.master, self.replicas[0])
result = self.master.run_command(['ipa', 'config-show']).stdout_text
assert ("IPA CA renewal master: %s" % self.master.hostname
in result), (
"Master hostname not found among CA renewal masters")
def test_setup_teardown(self):
tasks.install_master(self.master, setup_dns=True)
tasks.install_replica(self.master, self.replicas[0], setup_ca=False)
yield
tasks.uninstall_replica(self.master, self.replicas[0])
tasks.uninstall_master(self.master)
def test_remove_replica_with_ca(self):
"""Test ipa-ca dns records after removing the replica with CA"""
tasks.uninstall_replica(self.master, self.replicas[1])
self.delete_update_system_records(rnames=IPA_CA_A_REC)
expected_servers = (self.master.ip,)
self._test_A_rec_against_server(self.master.ip, self.domain,
expected_servers)
def test_remove_replica_with_ca(self):
"""Test ipa-ca dns records after removing the replica with CA"""
tasks.uninstall_replica(self.master, self.replicas[1])
self.delete_update_system_records(rnames=IPA_CA_A_REC)
expected_servers = (self.master.ip, )
self._test_A_rec_against_server(self.master.ip, self.domain,
expected_servers)
def test_setup_teardown(self):
tasks.install_master(self.master, setup_dns=True)
tasks.install_replica(self.master, self.replicas[0], setup_ca=False)
tasks.config_host_resolvconf_with_master_data(self.master,
self.replicas[0])
yield
tasks.uninstall_replica(self.master, self.replicas[0])
tasks.uninstall_master(self.master)
def test_install_uninstall_replica(self):
# Test that the sequence install replica / uninstall replica
# properly removes the line
# Include /etc/httpd/conf.d/ipa-rewrite.conf
# from ssl.conf on the replica
tasks.install_replica(self.master, self.replicas[0],
extra_args=['--force-join'])
tasks.uninstall_replica(self.master, self.replicas[0])
errline = b'Include /etc/httpd/conf.d/ipa-rewrite.conf'
ssl_conf = self.replicas[0].get_file_contents(paths.HTTPD_SSL_CONF)
assert errline not in ssl_conf
def test_install_uninstall_replica(self):
# Test that the sequence install replica / uninstall replica
# properly removes the line
# Include /etc/httpd/conf.d/ipa-rewrite.conf
# from ssl.conf on the replica
tasks.install_replica(self.master, self.replicas[0],
extra_args=['--force-join'])
tasks.uninstall_replica(self.master, self.replicas[0])
errline = b'Include /etc/httpd/conf.d/ipa-rewrite.conf'
ssl_conf = self.replicas[0].get_file_contents(paths.HTTPD_SSL_CONF)
assert errline not in ssl_conf
def test_kra_hidden_no_preconfig(self):
"""Test installing KRA on a replica when all KRAs are hidden.
https://pagure.io/freeipa/issue/8240
"""
result = tasks.install_kra(self.replicas[1], raiseonerr=False)
if result.returncode == 0:
# If KRA installation was successful, the only clean-up possible is
# uninstalling the whole replica as hiding the last visible KRA
# member is inhibited by design.
# This step is necessary so that the next test runs with all KRA
# members hidden too.
tasks.uninstall_replica(self.master, self.replicas[1])
assert "Failed to find an active KRA server!" not in result.stderr_text
assert result.returncode == 0
def test_replica_from_hidden(self):
# install a replica from a hidden replica
self._check_server_role(self.replicas[0], 'hidden')
tasks.install_replica(
master=self.replicas[0],
replica=self.replicas[1],
setup_dns=True
)
self._check_server_role(self.replicas[0], 'hidden')
self._check_server_role(
self.replicas[1], 'enabled', kra=False, dns=False
)
self._check_dnsrecords(
[self.master, self.replicas[1]], [self.replicas[0]]
)
# hide the new replica
self.replicas[0].run_command([
'ipa', 'server-state',
self.replicas[1].hostname, '--state=hidden'
])
# and establish replication agreements from master
tasks.connect_replica(
master=self.master,
replica=self.replicas[1],
)
tasks.connect_replica(
master=self.master,
replica=self.replicas[1],
database=CA_SUFFIX_NAME,
)
# remove replication agreements again
tasks.disconnect_replica(
master=self.master,
replica=self.replicas[1],
)
tasks.disconnect_replica(
master=self.master,
replica=self.replicas[1],
database=CA_SUFFIX_NAME,
)
# and uninstall
tasks.uninstall_replica(
master=self.replicas[0],
replica=self.replicas[1],
)
def install(cls, mh):
tasks.uninstall_replica(cls.master, cls.replicas[0])
tasks.uninstall_master(cls.master)
tasks.install_master(cls.master, setup_dns=False)