def _full_backup_restore_with_DNS_zone(self, reinstall=False): """backup, uninstall, restore""" with restore_checker(self.master): self.master.run_command([ 'ipa', 'dnszone-add', self.example_test_zone, ]) tasks.resolve_record(self.master.ip, self.example_test_zone) backup_path = backup(self.master) self.master.run_command(['ipa-server-install', '--uninstall', '-U']) if reinstall: tasks.install_master(self.master, setup_dns=True) dirman_password = self.master.config.dirman_password self.master.run_command(['ipa-restore', backup_path], stdin_text=dirman_password + '\nyes') tasks.resolve_record(self.master.ip, self.example_test_zone) tasks.kinit_admin(self.master) self.master.run_command([ 'ipa', 'dnszone-add', self.example2_test_zone, ]) tasks.resolve_record(self.master.ip, self.example2_test_zone)
def test_installclient_as_user_admin(self): """ipa-client-install should not use hardcoded admin for principal In ipaclient-install.log it should use the username that was entered earlier in the install process at the prompt. Related to : https://pagure.io/freeipa/issue/5406 """ client = self.clients[0] tasks.install_master(self.master) tasks.kinit_admin(self.master) username = '******' password = '******' password_confirmation = "%s\n%s\n" % (password, password) self.master.run_command(['ipa', 'user-add', username, '--first', username, '--last', username, '--password'], stdin_text=password_confirmation) role_add = ['ipa', 'role-add', 'useradmin'] self.master.run_command(role_add) self.master.run_command(['ipa', 'privilege-add', 'Add Hosts']) self.master.run_command(['ipa', 'privilege-add-permission', '--permissions', 'System: Add Hosts', 'Add Hosts']) self.master.run_command(['ipa', 'role-add-privilege', 'useradmin', '--privileges', 'Host Enrollment']) self.master.run_command(['ipa', 'role-add-privilege', 'useradmin', '--privileges', 'Add Hosts']) role_member_add = ['ipa', 'role-add-member', 'useradmin', '--users={}'.format(username)] self.master.run_command(role_member_add) user_kinit = "%s\n%s\n%s\n" % (password, password, password) self.master.run_command(['kinit', username], stdin_text=user_kinit) tasks.install_client( self.master, client, extra_args=['--request-cert'], user=username, password=password ) msg = "args=['/usr/bin/getent', 'passwd', '%s@%s']" % \ (username, client.domain.name) install_log = client.get_file_contents(paths.IPACLIENT_INSTALL_LOG, encoding='utf-8') assert msg in install_log # check that user is able to request a host cert, too result = tasks.run_certutil(client, ['-L'], paths.IPA_NSSDB_DIR) assert 'Local IPA host' in result.stdout_text result = tasks.run_certutil( client, ['-K', '-f', paths.IPA_NSSDB_PWDFILE_TXT], paths.IPA_NSSDB_DIR ) assert 'Local IPA host' in result.stdout_text
def test_replica_promotion_with_ntp_options(self): """ test to verify that replica promotion with ntp --ntp-server, --ntp-pool and -N or --no-ntp option would fail """ exp_str = "NTP configuration cannot be updated during promotion" tasks.install_master(self.master, setup_dns=False) tasks.install_client(self.master, self.replica) replica_install = self.replica.run_command( ['ipa-replica-install', '--no-ntp'], raiseonerr=False) assert replica_install.returncode == 1 assert exp_str in replica_install.stderr_text replica_install = self.replica.run_command( ['ipa-replica-install', '--ntp-server=%s' % self.ntp_server1], raiseonerr=False) assert replica_install.returncode == 1 assert exp_str in replica_install.stderr_text replica_install = self.replica.run_command( ['ipa-replica-install', '--ntp-pool=%s' % self.ntp_pool], raiseonerr=False) assert replica_install.returncode == 1 assert exp_str in replica_install.stderr_text
def install(cls, mh): tasks.install_master(cls.master, setup_dns=True) clients = (cls.clients[0], cls.replicas[0], cls.replicas[1]) for client in clients: cls.fix_resolv_conf(client, cls.master) tasks.install_client(cls.master, client) client.run_command(["cat", "/etc/resolv.conf"])
def install(cls, mh): pki_ini = tasks.upload_temp_contents(cls.master, KEY_OVERRIDE) extra_args = [ '--pki-config-override', pki_ini, ] tasks.install_master( cls.master, setup_dns=False, extra_args=extra_args ) cls.master.run_command(['rm', '-f', pki_ini])
def install(cls, mh): tasks.install_master(cls.master, setup_dns=True) args = [ "ipa-dns-install", "--dnssec-master", "--forwarder", cls.master.config.dns_forwarder, "-U", ] cls.master.run_command(args)
def test_replica_install_after_restore(self): master = self.master replica1 = self.replicas[0] replica2 = self.replicas[1] tasks.install_master(master) tasks.install_replica(master, replica1) check_replication(master, replica1, "testuser1") # backup master. backup_path = backup(master) suffix = ipautil.realm_to_suffix(master.domain.realm) suffix = escape_dn_chars(str(suffix)) entry_ldif = ( "dn: cn=meTo{hostname},cn=replica," "cn={suffix}," "cn=mapping tree,cn=config\n" "changetype: modify\n" "replace: nsds5ReplicaEnabled\n" "nsds5ReplicaEnabled: off\n\n" "dn: cn=caTo{hostname},cn=replica," "cn=o\\3Dipaca,cn=mapping tree,cn=config\n" "changetype: modify\n" "replace: nsds5ReplicaEnabled\n" "nsds5ReplicaEnabled: off").format( hostname=replica1.hostname, suffix=suffix) # disable replication agreement tasks.ldapmodify_dm(master, entry_ldif) # uninstall master. tasks.uninstall_master(master, clean=False) # master restore. dirman_password = master.config.dirman_password master.run_command(['ipa-restore', backup_path], stdin_text=dirman_password + '\nyes') # re-initialize topology after restore. topo_name = "{}-to-{}".format(master.hostname, replica1.hostname) for topo_suffix in 'domain', 'ca': arg = ['ipa', 'topologysegment-reinitialize', topo_suffix, topo_name, '--left'] replica1.run_command(arg) # wait sometime for re-initialization tasks.wait_for_replication(replica1.ldap_connect()) # install second replica after restore tasks.install_replica(master, replica2) check_replication(master, replica2, "testuser2")
def test_install(self): """ Test server installation when a different profile was present before server configuration """ # Configure a profile winbind with feature with-fingerprint apply_authselect_profile( self.master, preconfigured_profile, preconfigured_options) tasks.install_master(self.master, setup_dns=False) check_authselect_profile(self.master, default_profile, ('with-sudo',))
def test_userroot_ldif_files_ownership_and_permission(self): """backup, uninstall, restore, backup""" tasks.install_master(self.master) backup_path = backup(self.master) self.master.run_command(['ipa-server-install', '--uninstall', '-U']) # set umask to 077 just to check if restore success. self.master.run_command('echo "umask 0077" >> /root/.bashrc') result = self.master.run_command(['umask']) assert '0077' in result.stdout_text dirman_password = self.master.config.dirman_password result = self.master.run_command(['ipa-restore', backup_path], stdin_text=dirman_password + '\nyes') assert 'Temporary setting umask to 022' in result.stderr_text # check if umask reset to 077 after restore. result = self.master.run_command(['umask']) assert '0077' in result.stdout_text # check if files have proper owner and group. dashed_domain = self.master.domain.realm.replace(".", '-') arg = ['stat', '-c', '%U:%G', '{}/ldif/'.format( paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE % dashed_domain)] cmd = self.master.run_command(arg) expected = '{}:{}'.format(constants.DS_USER, constants.DS_GROUP) assert expected in cmd.stdout_text # also check of access rights are set to 644. arg = ['stat', '-c', '%U:%G:%a', '{}/ldif/{}-ipaca.ldif'.format( paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE % dashed_domain, dashed_domain)] cmd = self.master.run_command(arg) assert '{}:644'.format(expected) in cmd.stdout_text arg = ['stat', '-c', '%U:%G:%a', '{}/ldif/{}-userRoot.ldif'.format( paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE % dashed_domain, dashed_domain)] cmd = self.master.run_command(arg) assert '{}:644'.format(expected) in cmd.stdout_text cmd = self.master.run_command(['ipa-backup', '-d']) unexp_str = "CRITICAL: db2ldif failed:" assert cmd.returncode == 0 assert unexp_str not in cmd.stdout_text
def install(cls, mh): tasks.install_master(cls.master, setup_dns=True) args = [ "ipa-dns-install", "--dnssec-master", "--forwarder", cls.master.config.dns_forwarder, "-U", ] cls.master.run_command(args) # No need to enable dns service in the firewall as master has been # installed with dns support enabled # Firewall(cls.master).enable_services(["dns"]) tasks.install_replica(cls.master, cls.replicas[0], setup_dns=True)
def install(cls, mh): cls.domain = DNSName(cls.master.domain.name).make_absolute() tasks.install_master(cls.master, setup_dns=True) tasks.install_replica(cls.master, cls.replicas[0], setup_dns=True, setup_ca=False) tasks.install_replica(cls.master, cls.replicas[1], setup_dns=True, setup_ca=True) for host in (cls.master, cls.replicas[0], cls.replicas[1]): ldap = host.ldap_connect() tasks.wait_for_replication(ldap) # give time to named to retrieve new records time.sleep(20)
def test_KRA_install_after_cert_renew(self): tasks.install_master(self.master) # get ca-agent cert and load as pem dm_pass = self.master.config.dirman_password admin_pass = self.master.config.admin_password args = [paths.OPENSSL, "pkcs12", "-in", paths.DOGTAG_ADMIN_P12, "-nodes", "-passin", "pass:{}".format(dm_pass)] cmd = self.master.run_command(args) certs = x509.load_certificate_list(cmd.stdout_text.encode('utf-8')) # get expiry date of agent cert cert_expiry = certs[0].not_valid_after # move date to grace period so that certs get renewed self.master.run_command(['systemctl', 'stop', 'chronyd']) grace_date = cert_expiry - timedelta(days=10) grace_date = datetime.strftime(grace_date, "%Y-%m-%d %H:%M:%S") self.master.run_command(['date', '-s', grace_date]) # get the count of certs track by certmonger cmd = self.master.run_command(['getcert', 'list']) cert_count = cmd.stdout_text.count('Request ID') timeout = 600 count = 0 start = time.time() # wait sometime for cert renewal while time.time() - start < timeout: cmd = self.master.run_command(['getcert', 'list']) count = cmd.stdout_text.count('status: MONITORING') if count == cert_count: break time.sleep(100) else: # timeout raise AssertionError('TimeOut: Failed to renew all the certs') # move date after 3 days of actual expiry cert_expiry = cert_expiry + timedelta(days=3) cert_expiry = datetime.strftime(cert_expiry, "%Y-%m-%d %H:%M:%S") self.master.run_command(['date', '-s', cert_expiry]) passwd = "{passwd}\n{passwd}\n{passwd}".format(passwd=admin_pass) self.master.run_command(['kinit', 'admin'], stdin_text=passwd) cmd = self.master.run_command(['ipa-kra-install', '-p', dm_pass, '-U']) self.master.run_command(['systemctl', 'start', 'chronyd'])
def test_replica_promotion_without_ntp(self): """ test to verify that replica promotion without ntp options - ipa-client-install with ntp option - ipa-replica-install without ntp option will be successful """ exp_str = "ipa-replica-install command was successful" expected_msg = "Configuration of chrony was changed by installer." ntp_args = ['--ntp-pool=%s' % self.ntp_pool] server_install = tasks.install_master(self.master, setup_dns=False, extra_args=ntp_args) assert expected_msg in server_install.stderr_text client_install = tasks.install_client(self.master, self.replica, extra_args=ntp_args) assert expected_msg in client_install.stderr_text replica_install = tasks.install_replica(self.master, self.replica, promote=False) assert exp_str in replica_install.stderr_text cmd = self.replica.run_command(['cat', paths.CHRONY_CONF]) assert self.ntp_pool in cmd.stdout_text
def test_server_replica_client_install_with_pool_and_srv(self): """ test to verify that ipa-server, ipa-replica and ipa-client install passes with options --ntp-pool and --ntp-server together """ expected_msg = "Configuration of chrony was changed by installer." args = ['--ntp-pool=%s' % self.ntp_pool, '--ntp-server=%s' % self.ntp_server1] server_install = tasks.install_master(self.master, setup_dns=False, extra_args=args) assert expected_msg in server_install.stderr_text cmd = self.master.run_command(['cat', paths.CHRONY_CONF]) assert self.ntp_pool in cmd.stdout_text assert self.ntp_server1 in cmd.stdout_text replica_install = tasks.install_replica(self.master, self.replica, extra_args=args, promote=False) assert expected_msg in replica_install.stderr_text cmd = self.replica.run_command(['cat', paths.CHRONY_CONF]) assert self.ntp_pool in cmd.stdout_text assert self.ntp_server1 in cmd.stdout_text client_install = tasks.install_client(self.master, self.client, extra_args=args) assert expected_msg in client_install.stderr_text cmd = self.client.run_command(['cat', paths.CHRONY_CONF]) assert self.ntp_pool in cmd.stdout_text assert self.ntp_server1 in cmd.stdout_text
def _full_backup_restore_with_vault(self, reinstall=False): with restore_checker(self.master): # create vault self.master.run_command([ "ipa", "vault-add", self.vault_name, "--password", self.vault_password, "--type", "symmetric", ]) # archive secret self.master.run_command([ "ipa", "vault-archive", self.vault_name, "--password", self.vault_password, "--data", self.vault_data, ]) # retrieve secret self.master.run_command([ "ipa", "vault-retrieve", self.vault_name, "--password", self.vault_password, ]) backup_path = backup(self.master) self.master.run_command(['ipa-server-install', '--uninstall', '-U']) if reinstall: tasks.install_master(self.master, setup_dns=True) dirman_password = self.master.config.dirman_password self.master.run_command(['ipa-restore', backup_path], stdin_text=dirman_password + '\nyes') tasks.kinit_admin(self.master) # retrieve secret after restore self.master.run_command([ "ipa", "vault-retrieve", self.vault_name, "--password", self.vault_password, ])
def install(cls, mh): tasks.install_master(cls.master, setup_dns=False) args = [ "ipa-dns-install", "--dnssec-master", "--forwarder", cls.master.config.dns_forwarder, "-U", ] cls.master.run_command(args) # Enable dns service on master as it has been installed without dns # support before Firewall(cls.master).enable_services(["dns"]) tasks.install_replica(cls.master, cls.replicas[0], setup_dns=True) # backup trusted key tasks.backup_file(cls.master, paths.DNSSEC_TRUSTED_KEY) tasks.backup_file(cls.replicas[0], paths.DNSSEC_TRUSTED_KEY)
def test_install_master(self): self.master.run_command('echo "umask 0027" >> /root/.bashrc') result = self.master.run_command(['umask']) assert '0027' in result.stdout_text cmd = tasks.install_master( self.master, setup_dns=False, raiseonerr=False ) exp_str = ("Unexpected system mask") assert (exp_str in cmd.stderr_text and cmd.returncode != 0)
def _full_backup_and_restore_with_DNSSEC_zone(self, reinstall=False): with restore_checker(self.master): self.master.run_command([ 'ipa', 'dnszone-add', self.example_test_zone, '--dnssec', 'true', ]) assert ( wait_until_record_is_signed( self.master.ip, self.example_test_zone) ), "Zone is not signed" backup_path = backup(self.master) self.master.run_command(['ipa-server-install', '--uninstall', '-U']) if reinstall: tasks.install_master(self.master, setup_dns=True) dirman_password = self.master.config.dirman_password self.master.run_command(['ipa-restore', backup_path], stdin_text=dirman_password + '\nyes') assert ( wait_until_record_is_signed( self.master.ip, self.example_test_zone) ), "Zone is not signed after restore" tasks.kinit_admin(self.master) self.master.run_command([ 'ipa', 'dnszone-add', self.example2_test_zone, '--dnssec', 'true', ]) assert ( wait_until_record_is_signed( self.master.ip, self.example2_test_zone) ), "A new zone is not signed"
def install(cls, mh): super(TestForcedClientReenrollment, cls).install(mh) tasks.install_master(cls.master) cls.client_dom = cls.clients[0].hostname.split('.', 1)[1] if cls.client_dom != cls.master.domain.name: # In cases where client is managed by upstream DNS server we # overlap its zone so we can save DNS records (e.g. SSHFP) for # comparison. servers = [cls.master] + cls.replicas tasks.add_dns_zone(cls.master, cls.client_dom, skip_overlap_check=True, dynamic_update=True, add_a_record_hosts=servers ) tasks.install_replica(cls.master, cls.replicas[0], setup_ca=False) cls.BACKUP_KEYTAB = os.path.join( cls.master.config.test_dir, 'krb5.keytab' )
def test_server_client_install_no_ntp(self): """ test to verify that ipa-server and ipa-client install invoked with option -N uses system defined NTP daemon configuration """ expected_msg1 = "Excluded by options:" expected_msg2 = "Using default chrony configuration." server_install = tasks.install_master(self.master, setup_dns=False, extra_args=['-N']) assert expected_msg1 in server_install.stdout_text assert expected_msg2 not in server_install.stdout_text client_install = tasks.install_client(self.master, self.client, extra_args=['--no-ntp']) assert expected_msg2 not in client_install.stdout_text
def test_server_client_install_without_options(self): """ test to verify that ipa-server and ipa-client install uses default chrony configuration without any NTP options specified """ expected_msg1 = "No SRV records of NTP servers found and " \ "no NTP server or pool address was provided." expected_msg2 = "Using default chrony configuration." server_install = tasks.install_master(self.master, setup_dns=False) assert expected_msg1 in server_install.stderr_text assert expected_msg2 in server_install.stdout_text client_install = tasks.install_client(self.master, self.client) assert expected_msg1 in client_install.stderr_text assert expected_msg2 in client_install.stdout_text
def test_server_client_install_with_multiple_ntp_srv(self): """ test to verify that ipa-server-install passes with multiple --ntp-server option used """ expected_msg = "Configuration of chrony was changed by installer." args = ['--ntp-server=%s' % self.ntp_server1, '--ntp-server=%s' % self.ntp_server2] server_install = tasks.install_master(self.master, setup_dns=False, extra_args=args) assert expected_msg in server_install.stderr_text cmd = self.master.run_command(['cat', paths.CHRONY_CONF]) assert self.ntp_server1 in cmd.stdout_text assert self.ntp_server2 in cmd.stdout_text client_install = tasks.install_client(self.master, self.client, extra_args=args) assert expected_msg in client_install.stderr_text cmd = self.client.run_command(['cat', paths.CHRONY_CONF]) assert self.ntp_server1 in cmd.stdout_text assert self.ntp_server2 in cmd.stdout_text
def test_install_master(self): # step 1 install ipa-server tasks.install_master(self.master)
def test_install_master(self): result = tasks.install_master(self.master) assert result.returncode == 0
def install(cls, mh): # Install the master with PKINIT disabled tasks.install_master(cls.master, extra_args=['--no-pkinit']) check_pkinit(cls.master, enabled=False)
def _full_backup_restore_with_vault(self, reinstall=False): with restore_checker(self.master): # create vault self.master.run_command([ "ipa", "vault-add", self.vault_name, "--password", self.vault_password, "--type", "symmetric", ]) # archive secret self.master.run_command([ "ipa", "vault-archive", self.vault_name, "--password", self.vault_password, "--data", self.vault_data, ]) # retrieve secret self.master.run_command([ "ipa", "vault-retrieve", self.vault_name, "--password", self.vault_password, ]) backup_path = tasks.get_backup_dir(self.master) # check that no error message in uninstall log for KRA instance cmd = self.master.run_command( ['ipa-server-install', '--uninstall', '-U']) assert "failed to uninstall KRA" not in cmd.stderr_text if reinstall: tasks.install_master(self.master, setup_dns=True) dirman_password = self.master.config.dirman_password self.master.run_command(['ipa-restore', backup_path], stdin_text=dirman_password + '\nyes') if reinstall: # If the server was reinstalled, reinstall may have changed # the uid and restore reverts to the original value. # clear the cache to make sure we get up-to-date values tasks.clear_sssd_cache(self.master) tasks.kinit_admin(self.master) # retrieve secret after restore self.master.run_command([ "ipa", "vault-retrieve", self.vault_name, "--password", self.vault_password, ])
def install(cls, mh): tasks.install_master(cls.master, setup_kra=True) # do not install KRA on replica, it is part of test tasks.install_replica(cls.master, cls.replicas[0], setup_kra=False)
def test_interactive_ntp_set_opt(self): """ Test to verify that ipa installations with ntp options passed interactively (without -U/--nattended) will be successful - ipa-server-install - ipa-client-install Both NTP servers and pool passed interactively to options. """ server_input = ( # Do you want to configure integrated DNS (BIND)? [no]: "No\n" # Server host name [hostname]: "\n" # Do you want to configure chrony with NTP server # or pool address? [no]: "Yes\n" # Enter NTP source server addresses separated by comma, # or press Enter to skip: "{},{}\n".format(self.ntp_server2, self.ntp_server1) + # Enter a NTP source pool address, or press Enter to skip: "{}\n".format(self.ntp_pool) + # Continue to configure the system with these values? [no]: "Yes" ) client_input = ( # Proceed with fixed values and no DNS discovery? [no]: "Yes\n" # Do you want to configure chrony with NTP server # or pool address? [no]: "Yes\n" # Enter NTP source server addresses separated by comma, # or press Enter to skip: "{},{}\n".format(self.ntp_server2, self.ntp_server1) + # Enter a NTP source pool address, or press Enter to skip: "{}\n".format(self.ntp_pool) + # Continue to configure the system with these values? [no]: "Yes" ) server_install = tasks.install_master(self.master, setup_dns=False, unattended=False, stdin_text=server_input) assert server_install.returncode == 0 assert self.ntp_pool in server_install.stdout_text assert self.ntp_server1 in server_install.stdout_text assert self.ntp_server2 in server_install.stdout_text cmd = self.master.run_command(self.print_chrony_conf) assert self.ntp_pool in cmd.stdout_text assert self.ntp_server1 in cmd.stdout_text assert self.ntp_server2 in cmd.stdout_text client_install = tasks.install_client(self.master, self.client, unattended=False, stdin_text=client_input, nameservers=None) assert client_install.returncode == 0 cmd = self.client.run_command(self.print_chrony_conf) assert self.ntp_pool in cmd.stdout_text assert self.ntp_server1 in cmd.stdout_text assert self.ntp_server2 in cmd.stdout_text
def install(cls, mh): tasks.install_master(cls.master) tasks.install_replica(cls.master, cls.replicas[0])
def install(cls, mh): tasks.install_master(cls.master, setup_dns=False) cls.client = cls.clients[0]
def install(cls, mh): tasks.install_master(cls.master) tasks.create_active_user(cls.master, USER1, PASSWORD) tasks.create_active_user(cls.master, USER2, PASSWORD)
def install_server_external_ca_step1(host, extra_args=()): """Step 1 to install the ipa server with external ca""" return tasks.install_master( host, external_ca=True, extra_args=extra_args )
def test_install_master(self): tasks.install_master( self.master, setup_dns=True, extra_args=['--zonemgr', '*****@*****.**'], )
def install(cls, mh): tasks.install_master(cls.master, setup_dns=True, setup_kra=True, setup_adtrust=True)
def test_customized_ds_install_master(self): tasks.install_master( self.master, setup_dns=False, extra_args=['--dirsrv-config-file', CONFIG_LDIF_PATH])
def install(cls, mh): tasks.install_master(cls.master, setup_kra=True) # do not install KRA on replica, it is part of test tasks.install_replica(cls.master, cls.replicas[0], setup_kra=False)
def install(cls, mh): # Install the master tasks.install_master(cls.master)
def test_install_master_releatedly(self): cmd = tasks.install_master(self.master, setup_dns=True, raiseonerr=False) exp_str = ("already exists in DNS") assert (exp_str not in cmd.stderr_text and cmd.returncode != 2)
def test_installclient_as_user_admin(self): """ipa-client-install should not use hardcoded admin for principal In ipaclient-install.log it should use the username that was entered earlier in the install process at the prompt. Related to : https://pagure.io/freeipa/issue/5406 """ client = self.clients[0] tasks.install_master(self.master) tasks.kinit_admin(self.master) username = '******' password = '******' password_confirmation = "%s\n%s\n" % (password, password) self.master.run_command([ 'ipa', 'user-add', username, '--first', username, '--last', username, '--password' ], stdin_text=password_confirmation) role_add = ['ipa', 'role-add', 'useradmin'] self.master.run_command(role_add) self.master.run_command(['ipa', 'privilege-add', 'Add Hosts']) self.master.run_command([ 'ipa', 'privilege-add-permission', '--permissions', 'System: Add Hosts', 'Add Hosts' ]) self.master.run_command([ 'ipa', 'role-add-privilege', 'useradmin', '--privileges', 'Host Enrollment' ]) self.master.run_command([ 'ipa', 'role-add-privilege', 'useradmin', '--privileges', 'Add Hosts' ]) role_member_add = [ 'ipa', 'role-add-member', 'useradmin', '--users={}'.format(username) ] self.master.run_command(role_member_add) user_kinit = "%s\n%s\n%s\n" % (password, password, password) self.master.run_command(['kinit', username], stdin_text=user_kinit) tasks.install_client(self.master, client, extra_args=['--request-cert'], user=username, password=password) msg = "args=['/usr/bin/getent', 'passwd', '%s@%s']" % \ (username, client.domain.name) install_log = client.get_file_contents(paths.IPACLIENT_INSTALL_LOG, encoding='utf-8') assert msg in install_log # check that user is able to request a host cert, too result = tasks.run_certutil(client, ['-L'], paths.IPA_NSSDB_DIR) assert 'Local IPA host' in result.stdout_text result = tasks.run_certutil(client, ['-K', '-f', paths.IPA_NSSDB_PWDFILE_TXT], paths.IPA_NSSDB_DIR) assert 'Local IPA host' in result.stdout_text
def test_install_master(self): tasks.install_master( self.master, setup_dns=True, extra_args=['--zonemgr', '*****@*****.**'], )
def install(cls, mh): tasks.install_master(cls.master, setup_dns=False)
def install(cls, mh): tasks.install_master(cls.master, domain_level=cls.domain_level)
def install(cls, mh): tasks.install_master(cls.master, setup_dns=True) tasks.install_replica(cls.master, cls.replicas[0], setup_dns=True)
def test_replica_install_after_restore(self): master = self.master replica1 = self.replicas[0] replica2 = self.replicas[1] tasks.install_master(master) tasks.install_replica(master, replica1) check_replication(master, replica1, "testuser1") # backup master. backup_path = backup(master) suffix = ipautil.realm_to_suffix(master.domain.realm) suffix = escape_dn_chars(str(suffix)) tf = NamedTemporaryFile() ldif_file = tf.name entry_ldif = ("dn: cn=meTo{hostname},cn=replica," "cn={suffix}," "cn=mapping tree,cn=config\n" "changetype: modify\n" "replace: nsds5ReplicaEnabled\n" "nsds5ReplicaEnabled: off\n\n" "dn: cn=caTo{hostname},cn=replica," "cn=o\\3Dipaca,cn=mapping tree,cn=config\n" "changetype: modify\n" "replace: nsds5ReplicaEnabled\n" "nsds5ReplicaEnabled: off").format( hostname=replica1.hostname, suffix=suffix) master.put_file_contents(ldif_file, entry_ldif) # disable replication agreement arg = [ 'ldapmodify', '-h', master.hostname, '-p', '389', '-D', str(master.config.dirman_dn), # pylint: disable=no-member '-w', master.config.dirman_password, '-f', ldif_file ] master.run_command(arg) # uninstall master. tasks.uninstall_master(master, clean=False) # master restore. dirman_password = master.config.dirman_password master.run_command(['ipa-restore', backup_path], stdin_text=dirman_password + '\nyes') # re-initialize topology after restore. topo_name = "{}-to-{}".format(master.hostname, replica1.hostname) for topo_suffix in 'domain', 'ca': arg = [ 'ipa', 'topologysegment-reinitialize', topo_suffix, topo_name, '--left' ] replica1.run_command(arg) # wait sometime for re-initialization tasks.wait_for_replication(replica1.ldap_connect()) # install second replica after restore tasks.install_replica(master, replica2) check_replication(master, replica2, "testuser2")
def test_install_master(self): tasks.install_master(self.master, setup_dns=False, setup_kra=True)
def install(cls, mh): tasks.uninstall_replica(cls.master, cls.replicas[0]) tasks.uninstall_master(cls.master) tasks.install_master(cls.master, setup_dns=False)
def install(cls, mh): tasks.install_master(cls.master, setup_dns=True, setup_kra=True, setup_adtrust=True)
def test_install_master(self): tasks.install_master(self.master, setup_dns=False, setup_kra=True)
def install(cls, mh): tasks.install_master(cls.master, setup_dns=False)
def install(cls, mh): tasks.install_master(cls.master) tasks.install_client(cls.master, cls.clients[0])