def test_ca_install_without_replica_file(self): """ TestCase: http://www.freeipa.org/page/V4/Replica_Promotion/Test_plan#Test_case: _ipa-ca-install_with_replica_file_works_only_on_domain_level_0 """ master = self.master replica1 = self.replicas[0] replica2 = self.replicas[1] for replica in self.replicas: tasks.install_replica(master, replica, setup_ca=False, setup_dns=True) result1 = tasks.install_ca(replica1, domain_level=DOMAIN_LEVEL_1, raiseonerr=False) assert_error( result1, "If you wish to replicate CA to this host," " please re-run 'ipa-ca-install'\nwith a" " replica file generated on an existing CA" " master as argument.", 1) tasks.install_ca(replica1, domain_level=DOMAIN_LEVEL_0) # Now prepare the replica file, copy it to the client and raise # domain level on master to test the reverse situation master.run_command(["ipa", "domainlevel-set", str(DOMAIN_LEVEL_1)]) result2 = tasks.install_ca(replica2, domain_level=DOMAIN_LEVEL_0, raiseonerr=False) assert_error( result2, 'Too many parameters provided.' ' No replica file is required', 1) tasks.install_ca(replica2, domain_level=DOMAIN_LEVEL_1)
def test_ca_install_without_replica_file(self): """ TestCase: http://www.freeipa.org/page/V4/Replica_Promotion/Test_plan#Test_case: _ipa-ca-install_with_replica_file_works_only_on_domain_level_0 """ master = self.master replica1 = self.replicas[0] replica2 = self.replicas[1] for replica in self.replicas: tasks.install_replica(master, replica, setup_ca=False, setup_dns=True) result1 = tasks.install_ca(replica1, domain_level=DOMAIN_LEVEL_1, raiseonerr=False) assert_error(result1, "If you wish to replicate CA to this host," " please re-run 'ipa-ca-install'\nwith a" " replica file generated on an existing CA" " master as argument.", 1) tasks.install_ca(replica1, domain_level=DOMAIN_LEVEL_0) # Now prepare the replica file, copy it to the client and raise # domain level on master to test the reverse situation master.run_command(["ipa", "domainlevel-set", str(DOMAIN_LEVEL_1)]) result2 = tasks.install_ca(replica2, domain_level=DOMAIN_LEVEL_0, raiseonerr=False) assert_error(result2, 'Too many parameters provided.' ' No replica file is required', 1) tasks.install_ca(replica2, domain_level=DOMAIN_LEVEL_1)
def install(cls, mh): super(TestForcedClientReenrollment, cls).install(mh) tasks.install_master(cls.master) tasks.install_replica(cls.master, cls.replicas[0], setup_ca=False) cls.BACKUP_KEYTAB = os.path.join( cls.master.config.test_dir, 'krb5.keytab' )
def install(cls): super(TestForcedClientReenrollment, cls).install() tasks.install_master(cls.master) tasks.install_replica(cls.master, cls.replicas[0], setup_ca=False) cls.BACKUP_KEYTAB = os.path.join( cls.master.config.test_dir, 'krb5.keytab' )
def install(cls, mh): tasks.install_master(cls.master, setup_dns=True) args = [ "ipa-dns-install", "--dnssec-master", "--forwarder", cls.master.config.dns_forwarder, "-U", ] cls.master.run_command(args) tasks.install_replica(cls.master, cls.replicas[0], setup_dns=True)
def install(cls, mh): tasks.install_master(cls.master, setup_dns=True) tasks.install_replica(cls.master, cls.replicas[0], setup_dns=True, setup_ca=False) tasks.install_replica(cls.master, cls.replicas[1], setup_dns=True, setup_ca=False) for host in (cls.master, cls.replicas[0], cls.replicas[1]): ldap = host.ldap_connect() tasks.wait_for_replication(ldap) # give time to named to retrieve new records time.sleep(20)
def test_ignore_topology_disconnect_replica2(self): """ tests that removal of replica2 with '--ignore-topology-disconnect' destroys master for good """ check_master_removal( self.client, self.replica2.hostname, ignore_topology_disconnect=True ) # reinstall the replica tasks.uninstall_master(self.replica2) tasks.install_replica(self.master, self.replica2, setup_ca=True)
def install(cls, mh): tasks.install_master(cls.master, setup_dns=False) args = [ "ipa-dns-install", "--dnssec-master", "--forwarder", cls.master.config.dns_forwarder, "-U", ] cls.master.run_command(args) tasks.install_replica(cls.master, cls.replicas[0], setup_dns=True) # backup trusted key tasks.backup_file(cls.master, paths.DNSSEC_TRUSTED_KEY) tasks.backup_file(cls.replicas[0], paths.DNSSEC_TRUSTED_KEY)
def test_add_remove_segment(self): """ Make sure a topology segment can be manually created and deleted with the influence on the real topology Testcase http://www.freeipa.org/page/V4/Manage_replication_topology/ Test_plan#Test_case:_Basic_CRUD_test """ tasks.kinit_admin(self.master) # Install the second replica tasks.install_replica(self.master, self.replicas[1], setup_ca=False, setup_dns=False) # turn a star into a ring segment, err = tasks.create_segment(self.master, self.replicas[0], self.replicas[1]) assert err == "", err # Make sure the new segment is shown by `ipa topologysegment-find` result1 = self.master.run_command( ['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]).stdout_text assert (segment['name'] in result1), ("%s: segment not found" % segment['name']) # Remove master <-> replica2 segment and make sure that the changes get # there through replica1 # Since segment name can be one of master-to-replica2 or # replica2-to-master, we need to determine the segment name dynamically deleteme = find_segment(self.master, self.replicas[1]) returncode, error = tasks.destroy_segment(self.master, deleteme) assert returncode == 0, error # Wait till replication ends and make sure replica1 does not have # segment that was deleted on master replica1_ldap = self.replicas[0].ldap_connect() tasks.wait_for_replication(replica1_ldap) result3 = self.replicas[0].run_command( ['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]).stdout_text assert (deleteme not in result3), "%s: segment still exists" % deleteme # Create test data on master and make sure it gets all the way down to # replica2 through replica1 self.master.run_command([ 'ipa', 'user-add', 'someuser', '--first', 'test', '--last', 'user' ]) dest_ldap = self.replicas[1].ldap_connect() tasks.wait_for_replication(dest_ldap) result4 = self.replicas[1].run_command(['ipa', 'user-find']) assert ('someuser' in result4.stdout_text), 'User not found: someuser'
def test_kra_install_without_replica_file(self): master = self.master replica1 = self.replicas[0] replica2 = self.replicas[1] tasks.install_kra(master, first_instance=True) tasks.install_replica(master, replica1) result1 = tasks.install_kra(replica1, domain_level=DOMAIN_LEVEL_1, raiseonerr=False) assert_error(result1, "A replica file is required", 1) tasks.install_kra(replica1, domain_level=DOMAIN_LEVEL_0, raiseonerr=True) # Now prepare the replica file, copy it to the client and raise # domain level on master to test the reverse situation tasks.replica_prepare(master, replica2) master.run_command(["ipa", "domainlevel-set", str(DOMAIN_LEVEL_1)]) tasks.install_replica(master, replica2) result2 = tasks.install_kra(replica2, domain_level=DOMAIN_LEVEL_0, raiseonerr=False) assert_error(result2, "No replica file is required", 1) tasks.install_kra(replica2)
def test_backup_restore(self): """ TestCase: http://www.freeipa.org/page/V4/Replica_Promotion/Test_plan#Test_case: _ipa-restore_after_domainlevel_raise_restores_original_domain_level """ command = ["ipa", "topologysegment-find", DOMAIN_SUFFIX_NAME] tasks.install_replica(self.master, self.replicas[0]) backup_file = tasks.ipa_backup(self.master) self.master.run_command(["ipa", "domainlevel-set", "1"]) result = self.master.run_command(command) found1 = result.stdout_text.rfind("1 segment matched") assert(found1 > 0), result.stdout_text tasks.ipa_restore(self.master, backup_file) result2 = self.master.run_command(command, raiseonerr=False) found2 = result2.stdout_text.rfind("0 segments matched") assert(found2 > 0), result2.stdout_text
def test_add_remove_segment(self): """ Make sure a topology segment can be manually created and deleted with the influence on the real topology Testcase http://www.freeipa.org/page/V4/Manage_replication_topology/ Test_plan#Test_case:_Basic_CRUD_test """ tasks.kinit_admin(self.master) # Install the second replica tasks.install_replica(self.master, self.replicas[1], setup_ca=False, setup_dns=False) # turn a star into a ring segment, err = tasks.create_segment(self.master, self.replicas[0], self.replicas[1]) assert err == "", err # Make sure the new segment is shown by `ipa topologysegment-find` result1 = self.master.run_command(['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]).stdout_text assert(segment['name'] in result1), ( "%s: segment not found" % segment['name']) # Remove master <-> replica2 segment and make sure that the changes get # there through replica1 # Since segment name can be one of master-to-replica2 or # replica2-to-master, we need to determine the segment name dynamically deleteme = find_segment(self.master, self.replicas[1]) returncode, error = tasks.destroy_segment(self.master, deleteme) assert returncode == 0, error # Wait till replication ends and make sure replica1 does not have # segment that was deleted on master replica1_ldap = self.replicas[0].ldap_connect() tasks.wait_for_replication(replica1_ldap) result3 = self.replicas[0].run_command(['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]).stdout_text assert(deleteme not in result3), "%s: segment still exists" % deleteme # Create test data on master and make sure it gets all the way down to # replica2 through replica1 self.master.run_command(['ipa', 'user-add', 'someuser', '--first', 'test', '--last', 'user']) dest_ldap = self.replicas[1].ldap_connect() tasks.wait_for_replication(dest_ldap) result4 = self.replicas[1].run_command(['ipa', 'user-find']) assert('someuser' in result4.stdout_text), 'User not found: someuser'
def test_topology_updated_on_replica_install_remove(self): """ Install and remove a replica and make sure topology information is updated on all other replicas Testcase: http://www.freeipa.org/page/V4/Manage_replication_topology/ Test_plan#Test_case: _Replication_topology_should_be_saved_in_the_LDAP_tree """ tasks.kinit_admin(self.master) result1 = self.master.run_command(['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]).stdout_text first_segment_name = "%s-to-%s" % (self.master.hostname, self.replicas[0].hostname) expected_segment = { 'connectivity': 'both', 'leftnode': self.master.hostname, 'name': first_segment_name, 'rightnode': self.replicas[0].hostname} firstsegment = self.tokenize_topologies(result1)[0] assert_deepequal(expected_segment, firstsegment) tasks.install_replica(self.master, self.replicas[1], setup_ca=False, setup_dns=False) # We need to make sure topology information is consistent across all # replicas result2 = self.master.run_command(['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]) result3 = self.replicas[0].run_command(['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]) result4 = self.replicas[1].run_command(['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]) segments = self.tokenize_topologies(result2.stdout_text) assert(len(segments) == 2), "Unexpected number of segments found" assert_deepequal(result2.stdout_text, result3.stdout_text) assert_deepequal(result3.stdout_text, result4.stdout_text) # Now let's check that uninstalling the replica will update the topology # info on the rest of replicas. tasks.uninstall_master(self.replicas[1]) tasks.clean_replication_agreement(self.master, self.replicas[1]) result5 = self.master.run_command(['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]) num_entries = self.noentries_re.search(result5.stdout_text).group(1) assert(num_entries == "1"), "Incorrect number of entries displayed"
def test_backup_restore(self): """ TestCase: http://www.freeipa.org/page/V4/Replica_Promotion/Test_plan#Test_case: _ipa-restore_after_domainlevel_raise_restores_original_domain_level """ command = ["ipa", "topologysegment-find", DOMAIN_SUFFIX_NAME] tasks.install_replica(self.master, self.replicas[0]) backup_file = tasks.ipa_backup(self.master) self.master.run_command( ["ipa", "domainlevel-set", str(DOMAIN_LEVEL_1)]) # We need to give the server time to merge 2 one-way segments into one time.sleep(10) result = self.master.run_command(command) found1 = result.stdout_text.rfind("1 segment matched") assert (found1 > 0), result.stdout_text tasks.ipa_restore(self.master, backup_file) result2 = self.master.run_command(command, raiseonerr=False) found2 = result2.stdout_text.rfind("0 segments matched") assert (found2 > 0), result2.stdout_text
def test_topology_updated_on_replica_install_remove(self): """ Install and remove a replica and make sure topology information is updated on all other replicas Testcase: http://www.freeipa.org/page/V4/Manage_replication_topology/ Test_plan#Test_case: _Replication_topology_should_be_saved_in_the_LDAP_tree """ tasks.kinit_admin(self.master) result1 = self.master.run_command(['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]) first_segment_name = "%s-to-%s" % (self.master.hostname, self.replicas[0].hostname) output1 = result1.stdout_text firstsegment = self.tokenize_topologies(output1)[0] assert(firstsegment['name'] == first_segment_name) assert(self.noentries_re.search(output1).group(1) == "1") assert(firstsegment['leftnode'] == self.master.hostname) assert(firstsegment['rightnode'] == self.replicas[0].hostname) tasks.install_replica(self.master, self.replicas[1], setup_ca=False, setup_dns=False) # We need to make sure topology information is consistent across all # replicas result2 = self.master.run_command(['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]) result3 = self.replicas[0].run_command(['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]) result4 = self.replicas[1].run_command(['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]) segments = self.tokenize_topologies(result2.stdout_text) assert(len(segments) == 2) assert(result2.stdout_text == result3.stdout_text) assert(result3.stdout_text == result4.stdout_text) # Now let's check that uninstalling the replica will update the topology # info on the rest of replicas. tasks.uninstall_master(self.replicas[1]) tasks.clean_replication_agreement(self.master, self.replicas[1]) result5 = self.master.run_command(['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]) assert(self.noentries_re.search(result5.stdout_text).group(1) == "1")
def test_topology_updated_on_replica_install_remove(self): """ Install and remove a replica and make sure topology information is updated on all other replicas Testcase: http://www.freeipa.org/page/V4/Manage_replication_topology/ Test_plan#Test_case: _Replication_topology_should_be_saved_in_the_LDAP_tree """ tasks.kinit_admin(self.master) result1 = self.master.run_command( ['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]).stdout_text segment_name = self.segmentnames_re.findall(result1)[0] assert (self.master.hostname in segment_name), ( "Segment %s does not contain master hostname" % segment_name) assert (self.replicas[0].hostname in segment_name), ( "Segment %s does not contain replica hostname" % segment_name) tasks.install_replica(self.master, self.replicas[1], setup_ca=False, setup_dns=False) # We need to make sure topology information is consistent across all # replicas result2 = self.master.run_command( ['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]) result3 = self.replicas[0].run_command( ['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]) result4 = self.replicas[1].run_command( ['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]) segments = self.tokenize_topologies(result2.stdout_text) assert (len(segments) == 2), "Unexpected number of segments found" assert_deepequal(result2.stdout_text, result3.stdout_text) assert_deepequal(result3.stdout_text, result4.stdout_text) # Now let's check that uninstalling the replica will update the topology # info on the rest of replicas. tasks.uninstall_master(self.replicas[1]) tasks.clean_replication_agreement(self.master, self.replicas[1]) result5 = self.master.run_command( ['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]) num_entries = self.noentries_re.search(result5.stdout_text).group(1) assert (num_entries == "1"), "Incorrect number of entries displayed"
def test_add_remove_segment(self): """ Make sure a topology segment can be manually created and deleted with the influence on the real topology Testcase http://www.freeipa.org/page/V4/Manage_replication_topology/ Test_plan#Test_case:_Basic_CRUD_test """ tasks.kinit_admin(self.master) # Install the second replica tasks.install_replica(self.master, self.replicas[1], setup_ca=False, setup_dns=False) # turn a star into a ring segment, err = tasks.create_segment(self.master, self.replicas[0], self.replicas[1]) assert err == "", err # Make sure the new segment is shown by `ipa topologysegment-find` result1 = self.master.run_command(['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]) assert(result1.stdout_text.find(segment['name']) > 0) # Remove master <-> replica2 segment and make sure that the changes get # there through replica1 deleteme = "%s-to-%s" % (self.master.hostname, self.replicas[1].hostname) returncode, error = tasks.destroy_segment(self.master, deleteme) assert returncode == 0, error # make sure replica1 does not have segment that was deleted on master result3 = self.replicas[0].run_command(['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]) assert(result3.stdout_text.find(deleteme) < 0) # Create test data on master and make sure it gets all the way down to # replica2 through replica1 self.master.run_command(['ipa', 'user-add', 'someuser', '--first', 'test', '--last', 'user']) time.sleep(60) # replication requires some time users_on_replica2 = self.replicas[1].run_command(['ipa', 'user-find']) assert(users_on_replica2.find('someuser') > 0)
def test_migrate_dnssec_master(self): """Both master and replica have DNS installed""" backup_filename = "/var/lib/ipa/ipa-kasp.db.backup" replica_backup_filename = "/tmp/ipa-kasp.db.backup" # add test zone args = [ "ipa", "dnszone-add", example_test_zone, "--dnssec", "true", "--skip-overlap-check", ] self.master.run_command(args) # wait until zone is signed assert wait_until_record_is_signed( self.master.ip, example_test_zone, self.log, timeout=100 ), "Zone %s is not signed (master)" % example_test_zone # wait until zone is signed assert wait_until_record_is_signed( self.replicas[0].ip, example_test_zone, self.log, timeout=200 ), "Zone %s is not signed (replica)" % example_test_zone dnskey_old = resolve_with_dnssec(self.master.ip, example_test_zone, self.log, rtype="DNSKEY").rrset # migrate dnssec master to replica args = [ "ipa-dns-install", "--disable-dnssec-master", "--forwarder", self.master.config.dns_forwarder, "--force", "-U", ] self.master.run_command(args) # move content of "ipa-kasp.db.backup" to replica kasp_db_backup = self.master.get_file_contents(backup_filename) self.replicas[0].put_file_contents(replica_backup_filename, kasp_db_backup) args = [ "ipa-dns-install", "--dnssec-master", "--kasp-db", replica_backup_filename, "--forwarder", self.master.config.dns_forwarder, "-U", ] self.replicas[0].run_command(args) # wait until zone is signed assert wait_until_record_is_signed( self.master.ip, example_test_zone, self.log, timeout=100 ), "Zone %s is not signed after migration (master)" % example_test_zone # wait until zone is signed assert wait_until_record_is_signed( self.replicas[0].ip, example_test_zone, self.log, timeout=200 ), "Zone %s is not signed after migration (replica)" % example_test_zone # test if dnskey are the same dnskey_new = resolve_with_dnssec(self.master.ip, example_test_zone, self.log, rtype="DNSKEY").rrset assert dnskey_old == dnskey_new, "DNSKEY should be the same" # add test zone args = [ "ipa", "dnszone-add", example2_test_zone, "--dnssec", "true", "--skip-overlap-check", ] self.replicas[0].run_command(args) # wait until zone is signed assert wait_until_record_is_signed( self.replicas[0].ip, example2_test_zone, self.log, timeout=100 ), ("Zone %s is not signed after migration (replica - dnssec master)" % example2_test_zone) # wait until zone is signed assert wait_until_record_is_signed( self.master.ip, example2_test_zone, self.log, timeout=200 ), ("Zone %s is not signed after migration (master)" % example2_test_zone) # add new replica tasks.install_replica(self.master, self.replicas[1], setup_dns=True) # test if originial zones are signed on new replica # wait until zone is signed assert wait_until_record_is_signed( self.replicas[1].ip, example_test_zone, self.log, timeout=200 ), ("Zone %s is not signed (new replica)" % example_test_zone) # wait until zone is signed assert wait_until_record_is_signed( self.replicas[1].ip, example2_test_zone, self.log, timeout=200 ), ("Zone %s is not signed (new replica)" % example2_test_zone) # add new zone to new replica args = [ "ipa", "dnszone-add", example3_test_zone, "--dnssec", "true", "--skip-overlap-check", ] self.replicas[1].run_command(args) # wait until zone is signed assert wait_until_record_is_signed( self.replicas[1].ip, example3_test_zone, self.log, timeout=200 ), ("Zone %s is not signed (new replica)" % example3_test_zone) assert wait_until_record_is_signed( self.replicas[0].ip, example3_test_zone, self.log, timeout=200 ), ("Zone %s is not signed (replica)" % example3_test_zone) # wait until zone is signed assert wait_until_record_is_signed( self.master.ip, example3_test_zone, self.log, timeout=200 ), ("Zone %s is not signed (master)" % example3_test_zone)
def test_replica2_with_dns_install(self): tasks.install_replica(self.master, self.replicas[2], setup_ca=False, setup_dns=True)
def test_replica1_with_ca_dns_install(self): tasks.install_replica(self.master, self.replicas[1], setup_ca=True, setup_dns=True)
def test_replica2_with_ca_kra_install(self): tasks.install_replica(self.master, self.replicas[2], setup_ca=True, setup_kra=True)
def test_replica0_ca_less_install(self): tasks.install_replica(self.master, self.replicas[0], setup_ca=False)
def test_customized_ds_install_replica(self): tasks.install_replica( self.master, self.replicas[0], setup_ca=False, extra_args=['--dirsrv-config-file', CONFIG_LDIF_PATH])
def install(cls, mh): tasks.install_master(cls.master, setup_kra=True) # do not install KRA on replica, it is part of test tasks.install_replica(cls.master, cls.replicas[0], setup_kra=False)
def install(cls, mh): tasks.install_master(cls.master, setup_dns=True) tasks.install_replica(cls.master, cls.replicas[0], setup_dns=True)