def install(cls, mh):
# install packages before client install in case of IPA DNS problems
cls.acme_server = prepare_acme_client(cls.master, cls.clients[0])
tasks.install_master(cls.master, setup_dns=True)
tasks.install_client(cls.master, cls.clients[0])
def test_replica_promotion_with_ntp_options(self):
"""
test to verify that replica promotion with ntp --ntp-server,
--ntp-pool and -N or --no-ntp option would fail
"""
tasks.install_master(self.master, setup_dns=False)
tasks.install_client(self.master, self.replica, nameservers=None)
replica_install = self.replica.run_command(
['ipa-replica-install', '--no-ntp'], raiseonerr=False)
assert replica_install.returncode == 1
assert self.exp_prom_err in replica_install.stderr_text
replica_install = self.replica.run_command(
['ipa-replica-install',
'--ntp-server=%s' % self.ntp_server1],
raiseonerr=False)
assert replica_install.returncode == 1
assert self.exp_prom_err in replica_install.stderr_text
replica_install = self.replica.run_command(
['ipa-replica-install',
'--ntp-pool=%s' % self.ntp_pool],
raiseonerr=False)
assert replica_install.returncode == 1
assert self.exp_prom_err in replica_install.stderr_text
def test_installclient_as_user_admin(self):
"""ipa-client-install should not use hardcoded admin for principal
In ipaclient-install.log it should use the username that was entered
earlier in the install process at the prompt.
Related to : https://pagure.io/freeipa/issue/5406
"""
client = self.clients[0]
tasks.install_master(self.master)
tasks.kinit_admin(self.master)
username = '******'
password = '******'
password_confirmation = "%s\n%s\n" % (password,
password)
self.master.run_command(['ipa', 'user-add', username,
'--first', username,
'--last', username,
'--password'],
stdin_text=password_confirmation)
role_add = ['ipa', 'role-add', 'useradmin']
self.master.run_command(role_add)
self.master.run_command(['ipa', 'privilege-add', 'Add Hosts'])
self.master.run_command(['ipa', 'privilege-add-permission',
'--permissions', 'System: Add Hosts',
'Add Hosts'])
self.master.run_command(['ipa', 'role-add-privilege', 'useradmin',
'--privileges', 'Host Enrollment'])
self.master.run_command(['ipa', 'role-add-privilege', 'useradmin',
'--privileges', 'Add Hosts'])
role_member_add = ['ipa', 'role-add-member', 'useradmin',
'--users={}'.format(username)]
self.master.run_command(role_member_add)
user_kinit = "%s\n%s\n%s\n" % (password, password, password)
self.master.run_command(['kinit', username],
stdin_text=user_kinit)
tasks.install_client(
self.master, client,
extra_args=['--request-cert'],
user=username, password=password
)
msg = "args=['/usr/bin/getent', 'passwd', '%s@%s']" % \
(username, client.domain.name)
install_log = client.get_file_contents(paths.IPACLIENT_INSTALL_LOG,
encoding='utf-8')
assert msg in install_log
# check that user is able to request a host cert, too
result = tasks.run_certutil(client, ['-L'], paths.IPA_NSSDB_DIR)
assert 'Local IPA host' in result.stdout_text
result = tasks.run_certutil(
client,
['-K', '-f', paths.IPA_NSSDB_PWDFILE_TXT],
paths.IPA_NSSDB_DIR
)
assert 'Local IPA host' in result.stdout_text
def install(cls, mh):
# External DNS is only available before install so cache a copy
# of the *ipa-epn-client package so we can experimentally remove
# it later.
#
# Notes:
# - A package can't be downloaded that is already installed so we
# have to remove it first.
# - dnf cleans up previously downloaded locations so make a copy it
# doesn't know about.
# - Adds a class variable, pkg, containing the package name of
# the downloaded *ipa-client-epn rpm.
tasks.uninstall_packages(cls.clients[0], EPN_PKG)
pkgdir = tasks.download_packages(cls.clients[0], EPN_PKG)
pkg = cls.clients[0].run_command(r'ls -1 {}'.format(pkgdir))
cls.pkg = pkg.stdout_text.strip()
cls.clients[0].run_command(
['cp', os.path.join(pkgdir, cls.pkg), '/tmp'])
cls.clients[0].run_command(r'rm -rf {}'.format(pkgdir))
tasks.install_packages(cls.master, EPN_PKG)
tasks.install_packages(cls.master, ["postfix"])
tasks.install_packages(cls.clients[0], EPN_PKG)
tasks.install_packages(cls.clients[0], ["postfix"])
for host in (cls.master, cls.clients[0]):
try:
tasks.install_packages(host, ["cyrus-sasl"])
except Exception:
# the package is likely already installed
pass
tasks.install_master(cls.master, setup_dns=True)
tasks.install_client(cls.master, cls.clients[0])
configure_postfix(cls.master, cls.master.domain.realm)
configure_postfix(cls.clients[0], cls.master.domain.realm)
def test_replica_promotion_with_ntp_options(self):
"""
test to verify that replica promotion with ntp --ntp-server,
--ntp-pool and -N or --no-ntp option would fail
"""
ntp_server = "1.pool.ntp.org"
ntp_pool = "pool.ntp.org"
exp_str = "NTP configuration cannot be updated during promotion"
tasks.install_master(self.master, setup_dns=False)
tasks.install_client(self.master, self.replica)
try:
replica_install = self.replica.run_command(
['ipa-replica-install', '-N'], raiseonerr=False)
assert replica_install.returncode == 1
assert exp_str in replica_install.stderr_text
replica_install = self.replica.run_command(
['ipa-replica-install',
'--ntp-server=%s' % ntp_server],
raiseonerr=False)
assert replica_install.returncode == 1
assert exp_str in replica_install.stderr_text
replica_install = self.replica.run_command(
['ipa-replica-install',
'--ntp-pool=%s' % ntp_pool],
raiseonerr=False)
assert replica_install.returncode == 1
assert exp_str in replica_install.stderr_text
finally:
tasks.uninstall_master(self.replica)
self.cleanup()
def test_replica_promotion_with_ntp_options(self):
"""
test to verify that replica promotion with ntp --ntp-server,
--ntp-pool and -N or --no-ntp option would fail
"""
exp_str = "NTP configuration cannot be updated during promotion"
tasks.install_master(self.master, setup_dns=False)
tasks.install_client(self.master, self.replica)
replica_install = self.replica.run_command(
['ipa-replica-install', '--no-ntp'],
raiseonerr=False)
assert replica_install.returncode == 1
assert exp_str in replica_install.stderr_text
replica_install = self.replica.run_command(
['ipa-replica-install', '--ntp-server=%s' % self.ntp_server1],
raiseonerr=False)
assert replica_install.returncode == 1
assert exp_str in replica_install.stderr_text
replica_install = self.replica.run_command(
['ipa-replica-install', '--ntp-pool=%s' % self.ntp_pool],
raiseonerr=False)
assert replica_install.returncode == 1
assert exp_str in replica_install.stderr_text
def install(cls, mh):
tasks.install_master(cls.master, setup_dns=True)
# use master's DNS so nsupdate adds correct IP address for client
tasks.config_host_resolvconf_with_master_data(
cls.master, cls.clients[0]
)
tasks.install_client(cls.master, cls.clients[0])
def nsswitch_backup_restore(
self,
no_sssd=False,
):
# In order to get a more pure sum, one that ignores the Generated
# header and any white space we have to do a bit of work...
sha256nsswitch_cmd = \
'egrep -v "Generated|^$" /etc/nsswitch.conf | sed "s/\\s//g" ' \
'| sort | sha256sum'
cmd = self.clients[0].run_command(sha256nsswitch_cmd)
orig_sha256 = cmd.stdout_text
grep_automount_command = \
"grep automount /etc/nsswitch.conf | cut -d: -f2"
tasks.install_client(self.master, self.clients[0])
cmd = self.clients[0].run_command(grep_automount_command)
after_ipa_client_install = cmd.stdout_text.split()
if no_sssd:
ipa_client_automount_command = [
"ipa-client-automount", "--no-sssd", "-U"
]
else:
ipa_client_automount_command = ["ipa-client-automount", "-U"]
self.clients[0].run_command(ipa_client_automount_command)
cmd = self.clients[0].run_command(grep_automount_command)
after_ipa_client_automount = cmd.stdout_text.split()
if no_sssd:
assert after_ipa_client_automount == ['files', 'ldap']
else:
assert after_ipa_client_automount == ['sss', 'files']
cmd = self.clients[0].run_command(grep_automount_command)
assert cmd.stdout_text.split() == after_ipa_client_automount
self.clients[0].run_command(
["ipa-client-automount", "--uninstall", "-U"])
if not no_sssd:
# https://pagure.io/freeipa/issue/8190
# check that no ipa_automount_location is left in sssd.conf
# also check for autofs_provider for good measure
grep_automount_in_sssdconf_cmd = \
"egrep ipa_automount_location\\|autofs_provider " \
"/etc/sssd/sssd.conf"
cmd = self.clients[0].run_command(grep_automount_in_sssdconf_cmd,
raiseonerr=False)
assert cmd.returncode == 1, \
"PG8190 regression found: ipa_automount_location still " \
"present in sssd.conf"
cmd = self.clients[0].run_command(grep_automount_command)
assert cmd.stdout_text.split() == after_ipa_client_install
tasks.uninstall_client(self.clients[0])
cmd = self.clients[0].run_command(sha256nsswitch_cmd)
assert cmd.stdout_text == orig_sha256
def install(cls, mh):
tasks.install_master(cls.master, setup_dns=True)
clients = (cls.clients[0], cls.replicas[0], cls.replicas[1])
for client in clients:
cls.fix_resolv_conf(client, cls.master)
tasks.install_client(cls.master, client)
client.run_command(["cat", "/etc/resolv.conf"])
def install(cls, mh):
tasks.install_master(cls.master, setup_dns=True)
clients = (cls.clients[0], cls.replicas[0], cls.replicas[1])
for client in clients:
cls.fix_resolv_conf(client, cls.master)
tasks.install_client(cls.master, client)
client.run_command(["cat", "/etc/resolv.conf"])
def client(request):
tasks.install_client(request.cls.master, request.cls.clients[0])
def teardown_client():
tasks.uninstall_client(request.cls.clients[0])
request.cls.delete_client_host_entry()
request.addfinalizer(teardown_client)
def client(request):
# Here we call "fix_resolv_conf" method before every ipa-client-install so
# we get the client pointing to ipa master as DNS server.
request.cls.fix_resolv_conf(request.cls.clients[0], request.cls.master)
tasks.install_client(request.cls.master, request.cls.clients[0])
def teardown_client():
tasks.uninstall_client(request.cls.clients[0])
request.cls.delete_client_host_entry()
request.addfinalizer(teardown_client)
def install(cls, mh):
tasks.install_master(cls.master, setup_dns=True)
# use master's DNS so nsupdate adds correct IP address for client
tasks.config_host_resolvconf_with_master_data(cls.master,
cls.clients[0])
tasks.install_client(cls.master, cls.clients[0])
# time to look into journal logs in
# test_certmonger_ipa_responder_jsonrpc
cls.since = time.strftime('%H:%M:%S')
def client(request):
# Here we call "fix_resolv_conf" method before every ipa-client-install so
# we get the client pointing to ipa master as DNS server.
request.cls.fix_resolv_conf(request.cls.clients[0], request.cls.master)
tasks.install_client(request.cls.master, request.cls.clients[0])
def teardown_client():
tasks.uninstall_client(request.cls.clients[0])
request.cls.delete_client_host_entry()
request.addfinalizer(teardown_client)
def install(cls, mh):
tasks.install_master(cls.master, setup_dns=True)
tasks.install_adtrust(cls.master)
for client in cls.replicas + cls.clients:
cls.fix_resolv_conf(client, cls.master)
tasks.install_client(cls.master, client,
extra_args=['--mkhomedir'])
cls.replicas[0].collect_log('/var/log/samba/')
cls.master.collect_log('/var/log/samba/')
def test_replica_promotion_by_unprivileged_user(self):
replica = self.replicas[0]
tasks.install_client(self.master, replica)
result2 = replica.run_command([
'ipa-replica-install', '-P', self.username, '-p',
self.new_password, '-n', self.master.domain.name, '-r',
self.master.domain.realm
],
raiseonerr=False)
assert_error(result2, "Insufficient privileges to promote the server",
1)
def install(cls, mh):
tasks.install_packages(cls.master, ["postfix"])
tasks.install_packages(cls.clients[0], ["postfix"])
for host in (cls.master, cls.clients[0]):
try:
tasks.install_packages(host, ["cyrus-sasl"])
except Exception:
# the package is likely already installed
pass
tasks.install_master(cls.master, setup_dns=True)
tasks.install_client(cls.master, cls.clients[0])
configure_postfix(cls.master, cls.master.domain.realm)
configure_postfix(cls.clients[0], cls.master.domain.realm)
def test_replica_promotion_by_unprivileged_user(self):
replica = self.replicas[0]
tasks.install_client(self.master, replica)
# Configure firewall first
Firewall(replica).enable_services(["freeipa-ldap", "freeipa-ldaps"])
result2 = replica.run_command([
'ipa-replica-install', '-P', self.username, '-p',
self.new_password, '-n', self.master.domain.name, '-r',
self.master.domain.realm
],
raiseonerr=False)
assert_error(result2, "Insufficient privileges to promote the server",
1)
def install(cls, mh):
# install packages before client install in case of IPA DNS problems
cls.prepare_acme_client()
tasks.install_master(cls.master, setup_dns=True)
tasks.install_client(cls.master, cls.clients[0])
tasks.config_host_resolvconf_with_master_data(cls.master,
cls.clients[0])
tasks.install_replica(cls.master, cls.replicas[0])
tasks.config_host_resolvconf_with_master_data(cls.master,
cls.replicas[0])
def install(cls, mh):
super(TestACME, cls).install(mh)
# install packages before client install in case of IPA DNS problems
cls.acme_server = prepare_acme_client(cls.master, cls.clients[0])
# Each subclass handles its own server installation procedure
if cls.__name__ != 'TestACME':
return
tasks.install_master(cls.master, setup_dns=True)
tasks.install_client(cls.master, cls.clients[0])
tasks.install_replica(cls.master, cls.replicas[0])
def nsswitch_backup_restore(self):
# In order to get a more pure sum, one that ignores the Generated
# header and any whitespace we have to do a bit of work...
sha256nsswitch_cmd = \
'egrep -v "Generated|^$" /etc/nsswitch.conf | sed "s/\\s//g" ' \
'| sort | sha256sum'
cmd = self.clients[0].run_command(sha256nsswitch_cmd)
orig_sha256 = cmd.stdout_text
grep_automount_command = \
"grep automount /etc/nsswitch.conf | cut -d: -f2"
tasks.install_client(self.master, self.clients[0])
cmd = self.clients[0].run_command(grep_automount_command)
after_ipa_client_install = cmd.stdout_text.split()
ipa_client_automount_command = ["ipa-client-automount", "-U"]
self.clients[0].run_command(ipa_client_automount_command)
cmd = self.clients[0].run_command(grep_automount_command)
after_ipa_client_automount = cmd.stdout_text.split()
# The default order depends on the authselect version
# but we only care about the list of sources, not their order
assert sorted(after_ipa_client_automount) == ['files', 'sss']
cmd = self.clients[0].run_command(grep_automount_command)
assert cmd.stdout_text.split() == after_ipa_client_automount
self.clients[0].run_command(
["ipa-client-automount", "--uninstall", "-U"])
# https://pagure.io/freeipa/issue/8190
# check that no ipa_automount_location is left in sssd.conf
# also check for autofs_provider for good measure
grep_automount_in_sssdconf_cmd = \
"egrep ipa_automount_location\\|autofs_provider " \
"/etc/sssd/sssd.conf"
cmd = self.clients[0].run_command(grep_automount_in_sssdconf_cmd,
raiseonerr=False)
assert cmd.returncode == 1, \
"PG8190 regression found: ipa_automount_location still " \
"present in sssd.conf"
cmd = self.clients[0].run_command(grep_automount_command)
assert cmd.stdout_text.split() == after_ipa_client_install
self.verify_checksum_after_ipaclient_uninstall(
sha256nsswitch_cmd=sha256nsswitch_cmd, orig_sha256=orig_sha256)
def test_client_install_with_ssh_trust_dns(self):
"""no host key verification if ssh-trust-dns option is used
There will be no prompt of host key verificaiton during ssh
to IPA enrolled machines if ssh-trust-dns option is used during
ipa-client-install. This was broken for FIPS env which got fixed.
Test checks for non-existence of param HostKeyAlgorithms in
ssh_config after client-install.
related: https://pagure.io/freeipa/issue/8082
"""
tasks.install_client(self.master, self.clients[0],
extra_args=['--ssh-trust-dns'])
result = self.clients[0].run_command(['cat', '/etc/ssh/ssh_config'])
assert 'HostKeyAlgorithms' not in result.stdout_text
def install(cls, mh):
super(TestACMEwithExternalCA, cls).install(mh)
# install master with external-ca
result = install_server_external_ca_step1(cls.master)
assert result.returncode == 0
root_ca_fname, ipa_ca_fname = tasks.sign_ca_and_transport(
cls.master, paths.ROOT_IPA_CSR, ROOT_CA, IPA_CA)
install_server_external_ca_step2(cls.master, ipa_ca_fname,
root_ca_fname)
tasks.kinit_admin(cls.master)
tasks.install_client(cls.master, cls.clients[0])
tasks.install_replica(cls.master, cls.replicas[0])
def test_interactive_ntp_no_conf(self):
"""
Test to verify that ipa installations without selecting
to configure ntp options interactively (without -U/--nattended)
will be successful
- ipa-server-install
- ipa-client-install
"""
server_input = ("\n" + "\n" "IPA\n" "No\n" "Yes")
client_input = ("Yes\n" "No\n" "Yes")
server_install = tasks.install_master(self.master,
setup_dns=False,
unattended=False,
stdin_text=server_input)
assert server_install.returncode == 0
assert self.exp_records_msg in server_install.stderr_text
assert self.exp_chrony_msg in server_install.stdout_text
client_install = tasks.install_client(self.master,
self.client,
unattended=False,
stdin_text=client_input,
nameservers=None)
assert client_install.returncode == 0
assert self.exp_records_msg in client_install.stderr_text
assert self.exp_chrony_msg in client_install.stdout_text
def test_replica_promotion_without_ntp(self):
"""
test to verify that replica promotion without ntp options
- ipa-client-install with ntp option
- ipa-replica-install without ntp option
will be successful
"""
ntp_args = ['--ntp-pool=%s' % self.ntp_pool]
server_install = tasks.install_master(self.master,
setup_dns=False,
extra_args=ntp_args)
assert self.exp_change_msg in server_install.stderr_text
client_install = tasks.install_client(self.master,
self.replica,
extra_args=ntp_args,
nameservers=None)
assert self.exp_change_msg in client_install.stderr_text
replica_install = tasks.install_replica(self.master,
self.replica,
promote=False,
nameservers=None)
assert "ipa-replica-install command was successful" in \
replica_install.stderr_text
cmd = self.replica.run_command(['cat', paths.CHRONY_CONF])
assert self.ntp_pool in cmd.stdout_text
def test_server_promoted_replica_client_install_with_srv(self):
"""
test to verify that ipa-server, promotion of ipa-replica and
ipa-client install passes with options --ntp-server
"""
args = ['--ntp-server=%s' % self.ntp_server1]
server_install = tasks.install_master(self.master,
setup_dns=False,
extra_args=args)
assert self.exp_change_msg in server_install.stderr_text
cmd = self.master.run_command(['cat', paths.CHRONY_CONF])
assert self.ntp_server1 in cmd.stdout_text
replica_install = tasks.install_replica(self.master,
self.replica,
extra_args=args,
promote=True,
nameservers=None)
# while promoting with tasks expected_msg will not be in output
assert self.exp_change_msg not in replica_install.stderr_text
cmd = self.replica.run_command(['cat', paths.CHRONY_CONF])
assert self.ntp_server1 in cmd.stdout_text
client_install = tasks.install_client(self.master,
self.client,
extra_args=args,
nameservers=None)
assert self.exp_change_msg in client_install.stderr_text
cmd = self.client.run_command(['cat', paths.CHRONY_CONF])
assert self.ntp_server1 in cmd.stdout_text
def test_server_replica_client_install_with_pool_and_srv(self):
"""
test to verify that ipa-server, ipa-replica and ipa-client install
passes with options --ntp-pool and --ntp-server together
"""
args = [
'--ntp-pool=%s' % self.ntp_pool,
'--ntp-server=%s' % self.ntp_server1
]
server_install = tasks.install_master(self.master,
setup_dns=False,
extra_args=args)
assert self.exp_change_msg in server_install.stderr_text
cmd = self.master.run_command(['cat', paths.CHRONY_CONF])
assert self.ntp_pool in cmd.stdout_text
assert self.ntp_server1 in cmd.stdout_text
replica_install = tasks.install_replica(self.master,
self.replica,
extra_args=args,
promote=False)
assert self.exp_change_msg in replica_install.stderr_text
cmd = self.replica.run_command(['cat', paths.CHRONY_CONF])
assert self.ntp_pool in cmd.stdout_text
assert self.ntp_server1 in cmd.stdout_text
client_install = tasks.install_client(self.master,
self.client,
extra_args=args)
assert self.exp_change_msg in client_install.stderr_text
cmd = self.client.run_command(['cat', paths.CHRONY_CONF])
assert self.ntp_pool in cmd.stdout_text
assert self.ntp_server1 in cmd.stdout_text
def test_server_client_install_with_multiple_ntp_srv(self):
"""
test to verify that ipa-server-install passes with multiple
--ntp-server option used
"""
args = [
'--ntp-server=%s' % self.ntp_server1,
'--ntp-server=%s' % self.ntp_server2
]
server_install = tasks.install_master(self.master,
setup_dns=False,
extra_args=args)
assert self.exp_change_msg in server_install.stderr_text
cmd = self.master.run_command(['cat', paths.CHRONY_CONF])
assert self.ntp_server1 in cmd.stdout_text
assert self.ntp_server2 in cmd.stdout_text
client_install = tasks.install_client(self.master,
self.client,
extra_args=args,
nameservers=None)
assert self.exp_change_msg in client_install.stderr_text
cmd = self.client.run_command(['cat', paths.CHRONY_CONF])
assert self.ntp_server1 in cmd.stdout_text
assert self.ntp_server2 in cmd.stdout_text
def test_replica_promotion_without_ntp(self):
"""
test to verify that replica promotion without ntp options
- ipa-client-install with ntp option
- ipa-replica-install without ntp option
will be successful
"""
exp_str = "ipa-replica-install command was successful"
expected_msg = "Configuration of chrony was changed by installer."
ntp_args = ['--ntp-pool=%s' % self.ntp_pool]
server_install = tasks.install_master(self.master,
setup_dns=False,
extra_args=ntp_args)
assert expected_msg in server_install.stderr_text
client_install = tasks.install_client(self.master,
self.replica,
extra_args=ntp_args)
assert expected_msg in client_install.stderr_text
replica_install = tasks.install_replica(self.master,
self.replica,
promote=False)
assert exp_str in replica_install.stderr_text
cmd = self.replica.run_command(['cat', paths.CHRONY_CONF])
assert self.ntp_pool in cmd.stdout_text
def test_server_replica_client_install_with_pool_and_srv(self):
"""
test to verify that ipa-server, ipa-replica and ipa-client install
passes with options --ntp-pool and --ntp-server together
"""
expected_msg = "Configuration of chrony was changed by installer."
args = ['--ntp-pool=%s' % self.ntp_pool,
'--ntp-server=%s' % self.ntp_server1]
server_install = tasks.install_master(self.master, setup_dns=False,
extra_args=args)
assert expected_msg in server_install.stderr_text
cmd = self.master.run_command(['cat', paths.CHRONY_CONF])
assert self.ntp_pool in cmd.stdout_text
assert self.ntp_server1 in cmd.stdout_text
replica_install = tasks.install_replica(self.master, self.replica,
extra_args=args,
promote=False)
assert expected_msg in replica_install.stderr_text
cmd = self.replica.run_command(['cat', paths.CHRONY_CONF])
assert self.ntp_pool in cmd.stdout_text
assert self.ntp_server1 in cmd.stdout_text
client_install = tasks.install_client(self.master, self.client,
extra_args=args)
assert expected_msg in client_install.stderr_text
cmd = self.client.run_command(['cat', paths.CHRONY_CONF])
assert self.ntp_pool in cmd.stdout_text
assert self.ntp_server1 in cmd.stdout_text
def test_replica_promotion_without_ntp(self):
"""
test to verify that replica promotion without ntp options
- ipa-client-install with ntp option
- ipa-replica-install without ntp option
will be successful
"""
exp_str = "ipa-replica-install command was successful"
expected_msg = "Configuration of chrony was changed by installer."
ntp_args = ['--ntp-pool=%s' % self.ntp_pool]
server_install = tasks.install_master(self.master, setup_dns=False,
extra_args=ntp_args)
assert expected_msg in server_install.stderr_text
client_install = tasks.install_client(self.master, self.replica,
extra_args=ntp_args)
assert expected_msg in client_install.stderr_text
replica_install = tasks.install_replica(self.master, self.replica,
promote=False)
assert exp_str in replica_install.stderr_text
cmd = self.replica.run_command(['cat', paths.CHRONY_CONF])
assert self.ntp_pool in cmd.stdout_text
def test_interactive_ntp_no_opt(self):
"""
Test to verify that ipa installations without ntp options passed
interactively (without -U/--nattended) will be successful
- ipa-server-install
- ipa-client-install
Both NTP servers and pool configuration skipped interactively.
"""
server_input = ("No\n" "\n" "Yes\n" "\n" "\n" "Yes")
client_input = ("Yes\n" "Yes\n" "\n" "\n" "Yes")
server_install = tasks.install_master(self.master,
setup_dns=False,
unattended=False,
stdin_text=server_input)
assert server_install.returncode == 0
assert self.exp_records_msg in server_install.stderr_text
assert self.exp_chrony_msg in server_install.stdout_text
client_install = tasks.install_client(self.master,
self.client,
unattended=False,
stdin_text=client_input)
assert client_install.returncode == 0
assert self.exp_records_msg in client_install.stderr_text
assert self.exp_chrony_msg in client_install.stdout_text
def nsswitch_backup_restore(
self,
no_sssd=False,
):
# In order to get a more pure sum, one that ignores the Generated
# header and any white space we have to do a bit of work...
sha256nsswitch_cmd = \
'egrep -v "Generated|^$" /etc/nsswitch.conf | sed "s/\\s//g" ' \
'| sort | sha256sum'
cmd = self.clients[0].run_command(sha256nsswitch_cmd)
orig_sha256 = cmd.stdout_text
grep_automount_command = \
"grep automount /etc/nsswitch.conf | cut -d: -f2"
tasks.install_client(self.master, self.clients[0])
cmd = self.clients[0].run_command(grep_automount_command)
after_ipa_client_install = cmd.stdout_text.split()
if no_sssd:
ipa_client_automount_command = [
"ipa-client-automount", "--no-sssd", "-U"
]
else:
ipa_client_automount_command = ["ipa-client-automount", "-U"]
self.clients[0].run_command(ipa_client_automount_command)
cmd = self.clients[0].run_command(grep_automount_command)
after_ipa_client_automount = cmd.stdout_text.split()
if no_sssd:
assert after_ipa_client_automount == ['files', 'ldap']
else:
assert after_ipa_client_automount == ['sss', 'files']
cmd = self.clients[0].run_command(grep_automount_command)
assert cmd.stdout_text.split() == after_ipa_client_automount
self.clients[0].run_command(
["ipa-client-automount", "--uninstall", "-U"])
cmd = self.clients[0].run_command(grep_automount_command)
assert cmd.stdout_text.split() == after_ipa_client_install
tasks.uninstall_client(self.clients[0])
cmd = self.clients[0].run_command(sha256nsswitch_cmd)
assert cmd.stdout_text == orig_sha256
def test_promotion_disabled(self):
"""
Testcase:
http://www.freeipa.org/page/V4/Replica_Promotion/Test_plan#Test_case:
_Make_sure_the_feature_is_unavailable_under_domain_level_0
"""
client = self.replicas[0]
tasks.install_client(self.master, client)
args = [
'ipa-replica-install', '-U', '-p',
self.master.config.dirman_password, '-w',
self.master.config.admin_password, '--ip-address', client.ip
]
result = client.run_command(args, raiseonerr=False)
assert_error(
result, 'You must provide a file generated by ipa-replica-prepare'
' to create a replica when the domain is at level 0', 1)
def install(cls, mh):
cls.prepare_acme_client()
# install master with external-ca
result = install_server_external_ca_step1(cls.master)
assert result.returncode == 0
root_ca_fname, ipa_ca_fname = tasks.sign_ca_and_transport(
cls.master, paths.ROOT_IPA_CSR, ROOT_CA, IPA_CA)
install_server_external_ca_step2(cls.master, ipa_ca_fname,
root_ca_fname)
tasks.kinit_admin(cls.master)
tasks.install_client(cls.master, cls.clients[0])
tasks.config_host_resolvconf_with_master_data(cls.master,
cls.clients[0])
def install(cls, mh):
tasks.install_master(cls.master, setup_dns=True)
tasks.install_client(cls.master, cls.replicas[0])
content = cls.master.get_file_contents(paths.IPA_DEFAULT_CONF,
encoding='utf-8')
new_content = content + "\noidc_child_debug_level = 10"
cls.master.put_file_contents(paths.IPA_DEFAULT_CONF, new_content)
with tasks.remote_sssd_config(cls.master) as sssd_config:
sssd_config.edit_domain(
cls.master.domain, 'krb5_auth_timeout', 1100)
tasks.clear_sssd_cache(cls.master)
tasks.kinit_admin(cls.master)
cls.master.run_command(["ipa", "config-mod", "--user-auth-type=idp",
"--user-auth-type=password"])
xvfb = ("nohup /usr/bin/Xvfb :99 -ac -noreset -screen 0 1400x1200x8 "
"</dev/null &>/dev/null &")
cls.replicas[0].run_command(xvfb)
def test_uninstall_client_invalid_hostname(self):
# using replica as client just for convenience
client = self.replicas[0]
client_inv_hostname = '{}.nonexistent'.format(client.hostname)
tasks.install_client(self.master, client,
extra_args=['--hostname', client_inv_hostname])
client.run_command(['ipa-client-install', '--uninstall', '-U'])
client_uninstall_log = client.get_file_contents(
paths.IPACLIENT_UNINSTALL_LOG, encoding='utf-8'
)
assert "exception: ScriptError:" not in client_uninstall_log
restore_state_path = os.path.join(paths.IPA_CLIENT_SYSRESTORE,
'sysrestore.state')
result = client.run_command(
['ls', restore_state_path], raiseonerr=False)
assert 'No such file or directory' in result.stderr_text
def test_server_client_install_no_ntp(self):
"""
test to verify that ipa-server and ipa-client install invoked with
option -N uses system defined NTP daemon configuration
"""
expected_msg1 = "Excluded by options:"
expected_msg2 = "Using default chrony configuration."
server_install = tasks.install_master(self.master, setup_dns=False,
extra_args=['-N'])
assert expected_msg1 in server_install.stdout_text
assert expected_msg2 not in server_install.stdout_text
client_install = tasks.install_client(self.master, self.client,
extra_args=['--no-ntp'])
assert expected_msg2 not in client_install.stdout_text
def test_server_client_install_without_options(self):
"""
test to verify that ipa-server and ipa-client install uses
default chrony configuration without any NTP options specified
"""
expected_msg1 = "No SRV records of NTP servers found and " \
"no NTP server or pool address was provided."
expected_msg2 = "Using default chrony configuration."
server_install = tasks.install_master(self.master, setup_dns=False)
assert expected_msg1 in server_install.stderr_text
assert expected_msg2 in server_install.stdout_text
client_install = tasks.install_client(self.master, self.client)
assert expected_msg1 in client_install.stderr_text
assert expected_msg2 in client_install.stdout_text
def test_server_client_install_with_multiple_ntp_srv(self):
"""
test to verify that ipa-server-install passes with multiple
--ntp-server option used
"""
expected_msg = "Configuration of chrony was changed by installer."
args = ['--ntp-server=%s' % self.ntp_server1,
'--ntp-server=%s' % self.ntp_server2]
server_install = tasks.install_master(self.master, setup_dns=False,
extra_args=args)
assert expected_msg in server_install.stderr_text
cmd = self.master.run_command(['cat', paths.CHRONY_CONF])
assert self.ntp_server1 in cmd.stdout_text
assert self.ntp_server2 in cmd.stdout_text
client_install = tasks.install_client(self.master, self.client,
extra_args=args)
assert expected_msg in client_install.stderr_text
cmd = self.client.run_command(['cat', paths.CHRONY_CONF])
assert self.ntp_server1 in cmd.stdout_text
assert self.ntp_server2 in cmd.stdout_text
