def install(cls, mh): # install packages before client install in case of IPA DNS problems cls.acme_server = prepare_acme_client(cls.master, cls.clients[0]) tasks.install_master(cls.master, setup_dns=True) tasks.install_client(cls.master, cls.clients[0])
def test_replica_promotion_with_ntp_options(self): """ test to verify that replica promotion with ntp --ntp-server, --ntp-pool and -N or --no-ntp option would fail """ tasks.install_master(self.master, setup_dns=False) tasks.install_client(self.master, self.replica, nameservers=None) replica_install = self.replica.run_command( ['ipa-replica-install', '--no-ntp'], raiseonerr=False) assert replica_install.returncode == 1 assert self.exp_prom_err in replica_install.stderr_text replica_install = self.replica.run_command( ['ipa-replica-install', '--ntp-server=%s' % self.ntp_server1], raiseonerr=False) assert replica_install.returncode == 1 assert self.exp_prom_err in replica_install.stderr_text replica_install = self.replica.run_command( ['ipa-replica-install', '--ntp-pool=%s' % self.ntp_pool], raiseonerr=False) assert replica_install.returncode == 1 assert self.exp_prom_err in replica_install.stderr_text
def test_installclient_as_user_admin(self): """ipa-client-install should not use hardcoded admin for principal In ipaclient-install.log it should use the username that was entered earlier in the install process at the prompt. Related to : https://pagure.io/freeipa/issue/5406 """ client = self.clients[0] tasks.install_master(self.master) tasks.kinit_admin(self.master) username = '******' password = '******' password_confirmation = "%s\n%s\n" % (password, password) self.master.run_command(['ipa', 'user-add', username, '--first', username, '--last', username, '--password'], stdin_text=password_confirmation) role_add = ['ipa', 'role-add', 'useradmin'] self.master.run_command(role_add) self.master.run_command(['ipa', 'privilege-add', 'Add Hosts']) self.master.run_command(['ipa', 'privilege-add-permission', '--permissions', 'System: Add Hosts', 'Add Hosts']) self.master.run_command(['ipa', 'role-add-privilege', 'useradmin', '--privileges', 'Host Enrollment']) self.master.run_command(['ipa', 'role-add-privilege', 'useradmin', '--privileges', 'Add Hosts']) role_member_add = ['ipa', 'role-add-member', 'useradmin', '--users={}'.format(username)] self.master.run_command(role_member_add) user_kinit = "%s\n%s\n%s\n" % (password, password, password) self.master.run_command(['kinit', username], stdin_text=user_kinit) tasks.install_client( self.master, client, extra_args=['--request-cert'], user=username, password=password ) msg = "args=['/usr/bin/getent', 'passwd', '%s@%s']" % \ (username, client.domain.name) install_log = client.get_file_contents(paths.IPACLIENT_INSTALL_LOG, encoding='utf-8') assert msg in install_log # check that user is able to request a host cert, too result = tasks.run_certutil(client, ['-L'], paths.IPA_NSSDB_DIR) assert 'Local IPA host' in result.stdout_text result = tasks.run_certutil( client, ['-K', '-f', paths.IPA_NSSDB_PWDFILE_TXT], paths.IPA_NSSDB_DIR ) assert 'Local IPA host' in result.stdout_text
def install(cls, mh): # External DNS is only available before install so cache a copy # of the *ipa-epn-client package so we can experimentally remove # it later. # # Notes: # - A package can't be downloaded that is already installed so we # have to remove it first. # - dnf cleans up previously downloaded locations so make a copy it # doesn't know about. # - Adds a class variable, pkg, containing the package name of # the downloaded *ipa-client-epn rpm. tasks.uninstall_packages(cls.clients[0], EPN_PKG) pkgdir = tasks.download_packages(cls.clients[0], EPN_PKG) pkg = cls.clients[0].run_command(r'ls -1 {}'.format(pkgdir)) cls.pkg = pkg.stdout_text.strip() cls.clients[0].run_command( ['cp', os.path.join(pkgdir, cls.pkg), '/tmp']) cls.clients[0].run_command(r'rm -rf {}'.format(pkgdir)) tasks.install_packages(cls.master, EPN_PKG) tasks.install_packages(cls.master, ["postfix"]) tasks.install_packages(cls.clients[0], EPN_PKG) tasks.install_packages(cls.clients[0], ["postfix"]) for host in (cls.master, cls.clients[0]): try: tasks.install_packages(host, ["cyrus-sasl"]) except Exception: # the package is likely already installed pass tasks.install_master(cls.master, setup_dns=True) tasks.install_client(cls.master, cls.clients[0]) configure_postfix(cls.master, cls.master.domain.realm) configure_postfix(cls.clients[0], cls.master.domain.realm)
def test_replica_promotion_with_ntp_options(self): """ test to verify that replica promotion with ntp --ntp-server, --ntp-pool and -N or --no-ntp option would fail """ ntp_server = "1.pool.ntp.org" ntp_pool = "pool.ntp.org" exp_str = "NTP configuration cannot be updated during promotion" tasks.install_master(self.master, setup_dns=False) tasks.install_client(self.master, self.replica) try: replica_install = self.replica.run_command( ['ipa-replica-install', '-N'], raiseonerr=False) assert replica_install.returncode == 1 assert exp_str in replica_install.stderr_text replica_install = self.replica.run_command( ['ipa-replica-install', '--ntp-server=%s' % ntp_server], raiseonerr=False) assert replica_install.returncode == 1 assert exp_str in replica_install.stderr_text replica_install = self.replica.run_command( ['ipa-replica-install', '--ntp-pool=%s' % ntp_pool], raiseonerr=False) assert replica_install.returncode == 1 assert exp_str in replica_install.stderr_text finally: tasks.uninstall_master(self.replica) self.cleanup()
def test_replica_promotion_with_ntp_options(self): """ test to verify that replica promotion with ntp --ntp-server, --ntp-pool and -N or --no-ntp option would fail """ exp_str = "NTP configuration cannot be updated during promotion" tasks.install_master(self.master, setup_dns=False) tasks.install_client(self.master, self.replica) replica_install = self.replica.run_command( ['ipa-replica-install', '--no-ntp'], raiseonerr=False) assert replica_install.returncode == 1 assert exp_str in replica_install.stderr_text replica_install = self.replica.run_command( ['ipa-replica-install', '--ntp-server=%s' % self.ntp_server1], raiseonerr=False) assert replica_install.returncode == 1 assert exp_str in replica_install.stderr_text replica_install = self.replica.run_command( ['ipa-replica-install', '--ntp-pool=%s' % self.ntp_pool], raiseonerr=False) assert replica_install.returncode == 1 assert exp_str in replica_install.stderr_text
def install(cls, mh): tasks.install_master(cls.master, setup_dns=True) # use master's DNS so nsupdate adds correct IP address for client tasks.config_host_resolvconf_with_master_data( cls.master, cls.clients[0] ) tasks.install_client(cls.master, cls.clients[0])
def nsswitch_backup_restore( self, no_sssd=False, ): # In order to get a more pure sum, one that ignores the Generated # header and any white space we have to do a bit of work... sha256nsswitch_cmd = \ 'egrep -v "Generated|^$" /etc/nsswitch.conf | sed "s/\\s//g" ' \ '| sort | sha256sum' cmd = self.clients[0].run_command(sha256nsswitch_cmd) orig_sha256 = cmd.stdout_text grep_automount_command = \ "grep automount /etc/nsswitch.conf | cut -d: -f2" tasks.install_client(self.master, self.clients[0]) cmd = self.clients[0].run_command(grep_automount_command) after_ipa_client_install = cmd.stdout_text.split() if no_sssd: ipa_client_automount_command = [ "ipa-client-automount", "--no-sssd", "-U" ] else: ipa_client_automount_command = ["ipa-client-automount", "-U"] self.clients[0].run_command(ipa_client_automount_command) cmd = self.clients[0].run_command(grep_automount_command) after_ipa_client_automount = cmd.stdout_text.split() if no_sssd: assert after_ipa_client_automount == ['files', 'ldap'] else: assert after_ipa_client_automount == ['sss', 'files'] cmd = self.clients[0].run_command(grep_automount_command) assert cmd.stdout_text.split() == after_ipa_client_automount self.clients[0].run_command( ["ipa-client-automount", "--uninstall", "-U"]) if not no_sssd: # https://pagure.io/freeipa/issue/8190 # check that no ipa_automount_location is left in sssd.conf # also check for autofs_provider for good measure grep_automount_in_sssdconf_cmd = \ "egrep ipa_automount_location\\|autofs_provider " \ "/etc/sssd/sssd.conf" cmd = self.clients[0].run_command(grep_automount_in_sssdconf_cmd, raiseonerr=False) assert cmd.returncode == 1, \ "PG8190 regression found: ipa_automount_location still " \ "present in sssd.conf" cmd = self.clients[0].run_command(grep_automount_command) assert cmd.stdout_text.split() == after_ipa_client_install tasks.uninstall_client(self.clients[0]) cmd = self.clients[0].run_command(sha256nsswitch_cmd) assert cmd.stdout_text == orig_sha256
def install(cls, mh): tasks.install_master(cls.master, setup_dns=True) clients = (cls.clients[0], cls.replicas[0], cls.replicas[1]) for client in clients: cls.fix_resolv_conf(client, cls.master) tasks.install_client(cls.master, client) client.run_command(["cat", "/etc/resolv.conf"])
def install(cls, mh): tasks.install_master(cls.master, setup_dns=True) clients = (cls.clients[0], cls.replicas[0], cls.replicas[1]) for client in clients: cls.fix_resolv_conf(client, cls.master) tasks.install_client(cls.master, client) client.run_command(["cat", "/etc/resolv.conf"])
def client(request): tasks.install_client(request.cls.master, request.cls.clients[0]) def teardown_client(): tasks.uninstall_client(request.cls.clients[0]) request.cls.delete_client_host_entry() request.addfinalizer(teardown_client)
def client(request): # Here we call "fix_resolv_conf" method before every ipa-client-install so # we get the client pointing to ipa master as DNS server. request.cls.fix_resolv_conf(request.cls.clients[0], request.cls.master) tasks.install_client(request.cls.master, request.cls.clients[0]) def teardown_client(): tasks.uninstall_client(request.cls.clients[0]) request.cls.delete_client_host_entry() request.addfinalizer(teardown_client)
def install(cls, mh): tasks.install_master(cls.master, setup_dns=True) # use master's DNS so nsupdate adds correct IP address for client tasks.config_host_resolvconf_with_master_data(cls.master, cls.clients[0]) tasks.install_client(cls.master, cls.clients[0]) # time to look into journal logs in # test_certmonger_ipa_responder_jsonrpc cls.since = time.strftime('%H:%M:%S')
def client(request): # Here we call "fix_resolv_conf" method before every ipa-client-install so # we get the client pointing to ipa master as DNS server. request.cls.fix_resolv_conf(request.cls.clients[0], request.cls.master) tasks.install_client(request.cls.master, request.cls.clients[0]) def teardown_client(): tasks.uninstall_client(request.cls.clients[0]) request.cls.delete_client_host_entry() request.addfinalizer(teardown_client)
def install(cls, mh): tasks.install_master(cls.master, setup_dns=True) tasks.install_adtrust(cls.master) for client in cls.replicas + cls.clients: cls.fix_resolv_conf(client, cls.master) tasks.install_client(cls.master, client, extra_args=['--mkhomedir']) cls.replicas[0].collect_log('/var/log/samba/') cls.master.collect_log('/var/log/samba/')
def test_replica_promotion_by_unprivileged_user(self): replica = self.replicas[0] tasks.install_client(self.master, replica) result2 = replica.run_command([ 'ipa-replica-install', '-P', self.username, '-p', self.new_password, '-n', self.master.domain.name, '-r', self.master.domain.realm ], raiseonerr=False) assert_error(result2, "Insufficient privileges to promote the server", 1)
def install(cls, mh): tasks.install_packages(cls.master, ["postfix"]) tasks.install_packages(cls.clients[0], ["postfix"]) for host in (cls.master, cls.clients[0]): try: tasks.install_packages(host, ["cyrus-sasl"]) except Exception: # the package is likely already installed pass tasks.install_master(cls.master, setup_dns=True) tasks.install_client(cls.master, cls.clients[0]) configure_postfix(cls.master, cls.master.domain.realm) configure_postfix(cls.clients[0], cls.master.domain.realm)
def test_replica_promotion_by_unprivileged_user(self): replica = self.replicas[0] tasks.install_client(self.master, replica) # Configure firewall first Firewall(replica).enable_services(["freeipa-ldap", "freeipa-ldaps"]) result2 = replica.run_command([ 'ipa-replica-install', '-P', self.username, '-p', self.new_password, '-n', self.master.domain.name, '-r', self.master.domain.realm ], raiseonerr=False) assert_error(result2, "Insufficient privileges to promote the server", 1)
def install(cls, mh): # install packages before client install in case of IPA DNS problems cls.prepare_acme_client() tasks.install_master(cls.master, setup_dns=True) tasks.install_client(cls.master, cls.clients[0]) tasks.config_host_resolvconf_with_master_data(cls.master, cls.clients[0]) tasks.install_replica(cls.master, cls.replicas[0]) tasks.config_host_resolvconf_with_master_data(cls.master, cls.replicas[0])
def install(cls, mh): super(TestACME, cls).install(mh) # install packages before client install in case of IPA DNS problems cls.acme_server = prepare_acme_client(cls.master, cls.clients[0]) # Each subclass handles its own server installation procedure if cls.__name__ != 'TestACME': return tasks.install_master(cls.master, setup_dns=True) tasks.install_client(cls.master, cls.clients[0]) tasks.install_replica(cls.master, cls.replicas[0])
def nsswitch_backup_restore(self): # In order to get a more pure sum, one that ignores the Generated # header and any whitespace we have to do a bit of work... sha256nsswitch_cmd = \ 'egrep -v "Generated|^$" /etc/nsswitch.conf | sed "s/\\s//g" ' \ '| sort | sha256sum' cmd = self.clients[0].run_command(sha256nsswitch_cmd) orig_sha256 = cmd.stdout_text grep_automount_command = \ "grep automount /etc/nsswitch.conf | cut -d: -f2" tasks.install_client(self.master, self.clients[0]) cmd = self.clients[0].run_command(grep_automount_command) after_ipa_client_install = cmd.stdout_text.split() ipa_client_automount_command = ["ipa-client-automount", "-U"] self.clients[0].run_command(ipa_client_automount_command) cmd = self.clients[0].run_command(grep_automount_command) after_ipa_client_automount = cmd.stdout_text.split() # The default order depends on the authselect version # but we only care about the list of sources, not their order assert sorted(after_ipa_client_automount) == ['files', 'sss'] cmd = self.clients[0].run_command(grep_automount_command) assert cmd.stdout_text.split() == after_ipa_client_automount self.clients[0].run_command( ["ipa-client-automount", "--uninstall", "-U"]) # https://pagure.io/freeipa/issue/8190 # check that no ipa_automount_location is left in sssd.conf # also check for autofs_provider for good measure grep_automount_in_sssdconf_cmd = \ "egrep ipa_automount_location\\|autofs_provider " \ "/etc/sssd/sssd.conf" cmd = self.clients[0].run_command(grep_automount_in_sssdconf_cmd, raiseonerr=False) assert cmd.returncode == 1, \ "PG8190 regression found: ipa_automount_location still " \ "present in sssd.conf" cmd = self.clients[0].run_command(grep_automount_command) assert cmd.stdout_text.split() == after_ipa_client_install self.verify_checksum_after_ipaclient_uninstall( sha256nsswitch_cmd=sha256nsswitch_cmd, orig_sha256=orig_sha256)
def test_client_install_with_ssh_trust_dns(self): """no host key verification if ssh-trust-dns option is used There will be no prompt of host key verificaiton during ssh to IPA enrolled machines if ssh-trust-dns option is used during ipa-client-install. This was broken for FIPS env which got fixed. Test checks for non-existence of param HostKeyAlgorithms in ssh_config after client-install. related: https://pagure.io/freeipa/issue/8082 """ tasks.install_client(self.master, self.clients[0], extra_args=['--ssh-trust-dns']) result = self.clients[0].run_command(['cat', '/etc/ssh/ssh_config']) assert 'HostKeyAlgorithms' not in result.stdout_text
def install(cls, mh): super(TestACMEwithExternalCA, cls).install(mh) # install master with external-ca result = install_server_external_ca_step1(cls.master) assert result.returncode == 0 root_ca_fname, ipa_ca_fname = tasks.sign_ca_and_transport( cls.master, paths.ROOT_IPA_CSR, ROOT_CA, IPA_CA) install_server_external_ca_step2(cls.master, ipa_ca_fname, root_ca_fname) tasks.kinit_admin(cls.master) tasks.install_client(cls.master, cls.clients[0]) tasks.install_replica(cls.master, cls.replicas[0])
def test_interactive_ntp_no_conf(self): """ Test to verify that ipa installations without selecting to configure ntp options interactively (without -U/--nattended) will be successful - ipa-server-install - ipa-client-install """ server_input = ("\n" + "\n" "IPA\n" "No\n" "Yes") client_input = ("Yes\n" "No\n" "Yes") server_install = tasks.install_master(self.master, setup_dns=False, unattended=False, stdin_text=server_input) assert server_install.returncode == 0 assert self.exp_records_msg in server_install.stderr_text assert self.exp_chrony_msg in server_install.stdout_text client_install = tasks.install_client(self.master, self.client, unattended=False, stdin_text=client_input, nameservers=None) assert client_install.returncode == 0 assert self.exp_records_msg in client_install.stderr_text assert self.exp_chrony_msg in client_install.stdout_text
def test_replica_promotion_without_ntp(self): """ test to verify that replica promotion without ntp options - ipa-client-install with ntp option - ipa-replica-install without ntp option will be successful """ ntp_args = ['--ntp-pool=%s' % self.ntp_pool] server_install = tasks.install_master(self.master, setup_dns=False, extra_args=ntp_args) assert self.exp_change_msg in server_install.stderr_text client_install = tasks.install_client(self.master, self.replica, extra_args=ntp_args, nameservers=None) assert self.exp_change_msg in client_install.stderr_text replica_install = tasks.install_replica(self.master, self.replica, promote=False, nameservers=None) assert "ipa-replica-install command was successful" in \ replica_install.stderr_text cmd = self.replica.run_command(['cat', paths.CHRONY_CONF]) assert self.ntp_pool in cmd.stdout_text
def test_server_promoted_replica_client_install_with_srv(self): """ test to verify that ipa-server, promotion of ipa-replica and ipa-client install passes with options --ntp-server """ args = ['--ntp-server=%s' % self.ntp_server1] server_install = tasks.install_master(self.master, setup_dns=False, extra_args=args) assert self.exp_change_msg in server_install.stderr_text cmd = self.master.run_command(['cat', paths.CHRONY_CONF]) assert self.ntp_server1 in cmd.stdout_text replica_install = tasks.install_replica(self.master, self.replica, extra_args=args, promote=True, nameservers=None) # while promoting with tasks expected_msg will not be in output assert self.exp_change_msg not in replica_install.stderr_text cmd = self.replica.run_command(['cat', paths.CHRONY_CONF]) assert self.ntp_server1 in cmd.stdout_text client_install = tasks.install_client(self.master, self.client, extra_args=args, nameservers=None) assert self.exp_change_msg in client_install.stderr_text cmd = self.client.run_command(['cat', paths.CHRONY_CONF]) assert self.ntp_server1 in cmd.stdout_text
def test_server_replica_client_install_with_pool_and_srv(self): """ test to verify that ipa-server, ipa-replica and ipa-client install passes with options --ntp-pool and --ntp-server together """ args = [ '--ntp-pool=%s' % self.ntp_pool, '--ntp-server=%s' % self.ntp_server1 ] server_install = tasks.install_master(self.master, setup_dns=False, extra_args=args) assert self.exp_change_msg in server_install.stderr_text cmd = self.master.run_command(['cat', paths.CHRONY_CONF]) assert self.ntp_pool in cmd.stdout_text assert self.ntp_server1 in cmd.stdout_text replica_install = tasks.install_replica(self.master, self.replica, extra_args=args, promote=False) assert self.exp_change_msg in replica_install.stderr_text cmd = self.replica.run_command(['cat', paths.CHRONY_CONF]) assert self.ntp_pool in cmd.stdout_text assert self.ntp_server1 in cmd.stdout_text client_install = tasks.install_client(self.master, self.client, extra_args=args) assert self.exp_change_msg in client_install.stderr_text cmd = self.client.run_command(['cat', paths.CHRONY_CONF]) assert self.ntp_pool in cmd.stdout_text assert self.ntp_server1 in cmd.stdout_text
def test_server_client_install_with_multiple_ntp_srv(self): """ test to verify that ipa-server-install passes with multiple --ntp-server option used """ args = [ '--ntp-server=%s' % self.ntp_server1, '--ntp-server=%s' % self.ntp_server2 ] server_install = tasks.install_master(self.master, setup_dns=False, extra_args=args) assert self.exp_change_msg in server_install.stderr_text cmd = self.master.run_command(['cat', paths.CHRONY_CONF]) assert self.ntp_server1 in cmd.stdout_text assert self.ntp_server2 in cmd.stdout_text client_install = tasks.install_client(self.master, self.client, extra_args=args, nameservers=None) assert self.exp_change_msg in client_install.stderr_text cmd = self.client.run_command(['cat', paths.CHRONY_CONF]) assert self.ntp_server1 in cmd.stdout_text assert self.ntp_server2 in cmd.stdout_text
def test_replica_promotion_without_ntp(self): """ test to verify that replica promotion without ntp options - ipa-client-install with ntp option - ipa-replica-install without ntp option will be successful """ exp_str = "ipa-replica-install command was successful" expected_msg = "Configuration of chrony was changed by installer." ntp_args = ['--ntp-pool=%s' % self.ntp_pool] server_install = tasks.install_master(self.master, setup_dns=False, extra_args=ntp_args) assert expected_msg in server_install.stderr_text client_install = tasks.install_client(self.master, self.replica, extra_args=ntp_args) assert expected_msg in client_install.stderr_text replica_install = tasks.install_replica(self.master, self.replica, promote=False) assert exp_str in replica_install.stderr_text cmd = self.replica.run_command(['cat', paths.CHRONY_CONF]) assert self.ntp_pool in cmd.stdout_text
def test_server_replica_client_install_with_pool_and_srv(self): """ test to verify that ipa-server, ipa-replica and ipa-client install passes with options --ntp-pool and --ntp-server together """ expected_msg = "Configuration of chrony was changed by installer." args = ['--ntp-pool=%s' % self.ntp_pool, '--ntp-server=%s' % self.ntp_server1] server_install = tasks.install_master(self.master, setup_dns=False, extra_args=args) assert expected_msg in server_install.stderr_text cmd = self.master.run_command(['cat', paths.CHRONY_CONF]) assert self.ntp_pool in cmd.stdout_text assert self.ntp_server1 in cmd.stdout_text replica_install = tasks.install_replica(self.master, self.replica, extra_args=args, promote=False) assert expected_msg in replica_install.stderr_text cmd = self.replica.run_command(['cat', paths.CHRONY_CONF]) assert self.ntp_pool in cmd.stdout_text assert self.ntp_server1 in cmd.stdout_text client_install = tasks.install_client(self.master, self.client, extra_args=args) assert expected_msg in client_install.stderr_text cmd = self.client.run_command(['cat', paths.CHRONY_CONF]) assert self.ntp_pool in cmd.stdout_text assert self.ntp_server1 in cmd.stdout_text
def test_replica_promotion_without_ntp(self): """ test to verify that replica promotion without ntp options - ipa-client-install with ntp option - ipa-replica-install without ntp option will be successful """ exp_str = "ipa-replica-install command was successful" expected_msg = "Configuration of chrony was changed by installer." ntp_args = ['--ntp-pool=%s' % self.ntp_pool] server_install = tasks.install_master(self.master, setup_dns=False, extra_args=ntp_args) assert expected_msg in server_install.stderr_text client_install = tasks.install_client(self.master, self.replica, extra_args=ntp_args) assert expected_msg in client_install.stderr_text replica_install = tasks.install_replica(self.master, self.replica, promote=False) assert exp_str in replica_install.stderr_text cmd = self.replica.run_command(['cat', paths.CHRONY_CONF]) assert self.ntp_pool in cmd.stdout_text
def test_interactive_ntp_no_opt(self): """ Test to verify that ipa installations without ntp options passed interactively (without -U/--nattended) will be successful - ipa-server-install - ipa-client-install Both NTP servers and pool configuration skipped interactively. """ server_input = ("No\n" "\n" "Yes\n" "\n" "\n" "Yes") client_input = ("Yes\n" "Yes\n" "\n" "\n" "Yes") server_install = tasks.install_master(self.master, setup_dns=False, unattended=False, stdin_text=server_input) assert server_install.returncode == 0 assert self.exp_records_msg in server_install.stderr_text assert self.exp_chrony_msg in server_install.stdout_text client_install = tasks.install_client(self.master, self.client, unattended=False, stdin_text=client_input) assert client_install.returncode == 0 assert self.exp_records_msg in client_install.stderr_text assert self.exp_chrony_msg in client_install.stdout_text
def nsswitch_backup_restore( self, no_sssd=False, ): # In order to get a more pure sum, one that ignores the Generated # header and any white space we have to do a bit of work... sha256nsswitch_cmd = \ 'egrep -v "Generated|^$" /etc/nsswitch.conf | sed "s/\\s//g" ' \ '| sort | sha256sum' cmd = self.clients[0].run_command(sha256nsswitch_cmd) orig_sha256 = cmd.stdout_text grep_automount_command = \ "grep automount /etc/nsswitch.conf | cut -d: -f2" tasks.install_client(self.master, self.clients[0]) cmd = self.clients[0].run_command(grep_automount_command) after_ipa_client_install = cmd.stdout_text.split() if no_sssd: ipa_client_automount_command = [ "ipa-client-automount", "--no-sssd", "-U" ] else: ipa_client_automount_command = ["ipa-client-automount", "-U"] self.clients[0].run_command(ipa_client_automount_command) cmd = self.clients[0].run_command(grep_automount_command) after_ipa_client_automount = cmd.stdout_text.split() if no_sssd: assert after_ipa_client_automount == ['files', 'ldap'] else: assert after_ipa_client_automount == ['sss', 'files'] cmd = self.clients[0].run_command(grep_automount_command) assert cmd.stdout_text.split() == after_ipa_client_automount self.clients[0].run_command( ["ipa-client-automount", "--uninstall", "-U"]) cmd = self.clients[0].run_command(grep_automount_command) assert cmd.stdout_text.split() == after_ipa_client_install tasks.uninstall_client(self.clients[0]) cmd = self.clients[0].run_command(sha256nsswitch_cmd) assert cmd.stdout_text == orig_sha256
def test_promotion_disabled(self): """ Testcase: http://www.freeipa.org/page/V4/Replica_Promotion/Test_plan#Test_case: _Make_sure_the_feature_is_unavailable_under_domain_level_0 """ client = self.replicas[0] tasks.install_client(self.master, client) args = [ 'ipa-replica-install', '-U', '-p', self.master.config.dirman_password, '-w', self.master.config.admin_password, '--ip-address', client.ip ] result = client.run_command(args, raiseonerr=False) assert_error( result, 'You must provide a file generated by ipa-replica-prepare' ' to create a replica when the domain is at level 0', 1)
def install(cls, mh): cls.prepare_acme_client() # install master with external-ca result = install_server_external_ca_step1(cls.master) assert result.returncode == 0 root_ca_fname, ipa_ca_fname = tasks.sign_ca_and_transport( cls.master, paths.ROOT_IPA_CSR, ROOT_CA, IPA_CA) install_server_external_ca_step2(cls.master, ipa_ca_fname, root_ca_fname) tasks.kinit_admin(cls.master) tasks.install_client(cls.master, cls.clients[0]) tasks.config_host_resolvconf_with_master_data(cls.master, cls.clients[0])
def install(cls, mh): tasks.install_master(cls.master, setup_dns=True) tasks.install_client(cls.master, cls.replicas[0]) content = cls.master.get_file_contents(paths.IPA_DEFAULT_CONF, encoding='utf-8') new_content = content + "\noidc_child_debug_level = 10" cls.master.put_file_contents(paths.IPA_DEFAULT_CONF, new_content) with tasks.remote_sssd_config(cls.master) as sssd_config: sssd_config.edit_domain( cls.master.domain, 'krb5_auth_timeout', 1100) tasks.clear_sssd_cache(cls.master) tasks.kinit_admin(cls.master) cls.master.run_command(["ipa", "config-mod", "--user-auth-type=idp", "--user-auth-type=password"]) xvfb = ("nohup /usr/bin/Xvfb :99 -ac -noreset -screen 0 1400x1200x8 " "</dev/null &>/dev/null &") cls.replicas[0].run_command(xvfb)
def test_uninstall_client_invalid_hostname(self): # using replica as client just for convenience client = self.replicas[0] client_inv_hostname = '{}.nonexistent'.format(client.hostname) tasks.install_client(self.master, client, extra_args=['--hostname', client_inv_hostname]) client.run_command(['ipa-client-install', '--uninstall', '-U']) client_uninstall_log = client.get_file_contents( paths.IPACLIENT_UNINSTALL_LOG, encoding='utf-8' ) assert "exception: ScriptError:" not in client_uninstall_log restore_state_path = os.path.join(paths.IPA_CLIENT_SYSRESTORE, 'sysrestore.state') result = client.run_command( ['ls', restore_state_path], raiseonerr=False) assert 'No such file or directory' in result.stderr_text
def test_server_client_install_no_ntp(self): """ test to verify that ipa-server and ipa-client install invoked with option -N uses system defined NTP daemon configuration """ expected_msg1 = "Excluded by options:" expected_msg2 = "Using default chrony configuration." server_install = tasks.install_master(self.master, setup_dns=False, extra_args=['-N']) assert expected_msg1 in server_install.stdout_text assert expected_msg2 not in server_install.stdout_text client_install = tasks.install_client(self.master, self.client, extra_args=['--no-ntp']) assert expected_msg2 not in client_install.stdout_text
def test_server_client_install_without_options(self): """ test to verify that ipa-server and ipa-client install uses default chrony configuration without any NTP options specified """ expected_msg1 = "No SRV records of NTP servers found and " \ "no NTP server or pool address was provided." expected_msg2 = "Using default chrony configuration." server_install = tasks.install_master(self.master, setup_dns=False) assert expected_msg1 in server_install.stderr_text assert expected_msg2 in server_install.stdout_text client_install = tasks.install_client(self.master, self.client) assert expected_msg1 in client_install.stderr_text assert expected_msg2 in client_install.stdout_text
def test_server_client_install_with_multiple_ntp_srv(self): """ test to verify that ipa-server-install passes with multiple --ntp-server option used """ expected_msg = "Configuration of chrony was changed by installer." args = ['--ntp-server=%s' % self.ntp_server1, '--ntp-server=%s' % self.ntp_server2] server_install = tasks.install_master(self.master, setup_dns=False, extra_args=args) assert expected_msg in server_install.stderr_text cmd = self.master.run_command(['cat', paths.CHRONY_CONF]) assert self.ntp_server1 in cmd.stdout_text assert self.ntp_server2 in cmd.stdout_text client_install = tasks.install_client(self.master, self.client, extra_args=args) assert expected_msg in client_install.stderr_text cmd = self.client.run_command(['cat', paths.CHRONY_CONF]) assert self.ntp_server1 in cmd.stdout_text assert self.ntp_server2 in cmd.stdout_text