def uninstall(cls, mh):
# For this test, we need to uninstall DNSSEC master last
# Find which server is DNSSec master
result = cls.master.run_command(["ipa", "config-show"]).stdout_text
matches = list(re.finditer('IPA DNSSec key master: (.*)', result))
if len(matches) == 1:
# Found the DNSSec master
dnssec_master_hostname = matches[0].group(1)
for replica in cls.replicas + [cls.master]:
if replica.hostname == dnssec_master_hostname:
dnssec_master = replica
else:
# By default consider that the master is DNSSEC
dnssec_master = cls.master
for replica in cls.replicas + [cls.master]:
if replica == dnssec_master:
# Skip this one
continue
try:
tasks.run_server_del(dnssec_master,
replica.hostname,
force=True,
ignore_topology_disconnect=True,
ignore_last_of_role=True)
except subprocess.CalledProcessError:
# If the master has already been uninstalled,
# this call may fail
pass
tasks.uninstall_master(replica)
tasks.uninstall_master(dnssec_master)
def check_master_removal(host, hostname_to_remove,
force=False,
ignore_topology_disconnect=False,
ignore_last_of_role=False):
result = tasks.run_server_del(
host,
hostname_to_remove,
force=force,
ignore_topology_disconnect=ignore_topology_disconnect,
ignore_last_of_role=ignore_last_of_role)
assert result.returncode == 0
if force:
assert ("Forcing removal of {hostname}".format(
hostname=hostname_to_remove) in result.stderr_text)
if ignore_topology_disconnect:
assert "Ignoring topology connectivity errors." in result.stderr_text
if ignore_last_of_role:
assert ("Ignoring these warnings and proceeding with removal" in
result.stderr_text)
tasks.assert_error(
host.run_command(
['ipa', 'server-show', hostname_to_remove], raiseonerr=False
),
"{}: server not found".format(hostname_to_remove),
returncode=2
)
def test_removal_of_master_raises_error_about_last_dns(self):
"""
Now server-del should complain about the removal of last DNS server
"""
tasks.assert_error(
tasks.run_server_del(self.replicas[0], self.master.hostname),
"Deleting this server will leave your installation "
"without a DNS.", 1)
def test_removal_of_master_raises_error_about_last_ca(self):
"""
test that removal of master fails on the last
"""
tasks.assert_error(
tasks.run_server_del(self.replicas[0], self.master.hostname),
"Deleting this server is not allowed as it would leave your "
"installation without a CA.", 1)
def test_removal_of_master_raises_error_about_dnssec(self):
tasks.assert_error(
tasks.run_server_del(self.replicas[0], self.master.hostname),
"Replica is active DNSSEC key master. Uninstall "
"could break your DNS system. Please disable or replace "
"DNSSEC key master first.",
1
)
def uninstall(cls, mh):
for replica in cls.replicas:
try:
tasks.run_server_del(cls.master,
replica.hostname,
force=True,
ignore_topology_disconnect=True,
ignore_last_of_role=True)
except subprocess.CalledProcessError:
# If the master has already been uninstalled,
# this call may fail
pass
tasks.uninstall_master(replica)
tasks.uninstall_master(cls.master)
for client in cls.clients:
tasks.uninstall_client(client)
if cls.fips_mode:
cls.disable_fips_mode()
def test_removal_of_nonexistent_master_raises_error(self):
"""
tests that removal of non-existent master raises an error
"""
hostname = u'bogus-master.bogus.domain'
err_message = "{}: server not found".format(hostname)
tasks.assert_error(tasks.run_server_del(self.client, hostname),
err_message,
returncode=2)
def test_removal_of_master_raises_error_about_last_dns(self):
"""
Now server-del should complain about the removal of last DNS server
"""
tasks.assert_error(
tasks.run_server_del(self.replicas[0], self.master.hostname),
"Deleting this server will leave your installation "
"without a DNS.",
1
)
def test_removal_of_master_raises_error_about_last_ca(self):
"""
test that removal of master fails on the last
"""
tasks.assert_error(
tasks.run_server_del(self.replicas[0], self.master.hostname),
"Deleting this server is not allowed as it would leave your "
"installation without a CA.",
1
)
def test_uninstall_with_ignore_last_of_role(self):
"""Test uninstallation of the CRL generation master
When --ignore-last-of-role is provided, uninstall prints a msg but
gets executed.
"""
# Make sure CRL gen is enabled on the master
check_crlgen_enable(self.master)
# call uninstall with --ignore-last-of-role, should be OK
result = self.master.run_command([
'ipa-server-install', '--uninstall', '-U', '--ignore-last-of-role'
])
expected_msg = "Deleting this server will leave your installation " \
"without a CRL generation master"
assert expected_msg in result.stdout_text
tasks.run_server_del(self.replicas[0],
self.master.hostname,
force=True,
ignore_topology_disconnect=True,
ignore_last_of_role=True)
def test_removal_of_nonexistent_master_raises_error(self):
"""
tests that removal of non-existent master raises an error
"""
hostname = u'bogus-master.bogus.domain'
err_message = "{}: server not found".format(hostname)
tasks.assert_error(
tasks.run_server_del(self.client, hostname),
err_message,
returncode=2
)
def test_removal_of_server_raises_error_about_last_kra(self, restart_ipa):
"""
test that removal of server fails on the last KRA
We shut it down to verify that it can be removed if it failed.
"""
tasks.install_kra(self.master)
self.master.run_command(['ipactl', 'stop'])
tasks.assert_error(
tasks.run_server_del(self.replicas[0], self.master.hostname),
"Deleting this server is not allowed as it would leave your "
"installation without a KRA.", 1)
def test_forced_removal_of_nonexistent_master(self):
"""
tests that removal of non-existent master with '--force' does not raise
an error
"""
hostname = u'bogus-master.bogus.domain'
result = tasks.run_server_del(self.client, hostname, force=True)
assert result.returncode == 0
assert ('Deleted IPA server "{}"'.format(hostname) in
result.stdout_text)
assert ("Server has already been deleted" in result.stderr_text)
def test_forced_removal_of_nonexistent_master(self):
"""
tests that removal of non-existent master with '--force' does not raise
an error
"""
hostname = u'bogus-master.bogus.domain'
result = tasks.run_server_del(self.client, hostname, force=True)
assert result.returncode == 0
assert ('Deleted IPA server "{}"'.format(hostname)
in result.stdout_text)
assert ("Server has already been deleted" in result.stderr_text)
def check_master_removal(host,
hostname_to_remove,
force=False,
ignore_topology_disconnect=False,
ignore_last_of_role=False):
result = tasks.run_server_del(
host,
hostname_to_remove,
force=force,
ignore_topology_disconnect=ignore_topology_disconnect,
ignore_last_of_role=ignore_last_of_role)
assert result.returncode == 0
if force:
assert ("Forcing removal of {hostname}".format(
hostname=hostname_to_remove) in result.stderr_text)
if ignore_topology_disconnect:
assert "Ignoring topology connectivity errors." in result.stderr_text
if ignore_last_of_role:
assert ("Ignoring these warnings and proceeding with removal"
in result.stderr_text)
tasks.assert_error(host.run_command(
['ipa', 'server-show', hostname_to_remove], raiseonerr=False),
"{}: server not found".format(hostname_to_remove),
returncode=2)
# Only run the pki command if there is a CA installed on the machine
result = host.run_command(
[
'ipa',
'server-role-find',
'--server',
host.hostname,
'--status',
'enabled',
'--role',
'CA server',
],
raiseonerr=False,
)
if result.returncode == 0:
host.run_command(['pki', 'client', 'init', '--force'])
result = host.run_command(
['pki', 'securitydomain-host-find'],
stdin_text='y\n',
).stdout_text
assert hostname_to_remove not in result
def check_removal_disconnects_topology(
host, hostname_to_remove, affected_suffixes=(DOMAIN_SUFFIX_NAME, )):
result = tasks.run_server_del(host, hostname_to_remove)
assert len(affected_suffixes) <= 2
err_messages_by_suffix = {
CA_SUFFIX_NAME:
REMOVAL_ERR_TEMPLATE.format(hostname=hostname_to_remove,
suffix=CA_SUFFIX_NAME),
DOMAIN_SUFFIX_NAME:
REMOVAL_ERR_TEMPLATE.format(hostname=hostname_to_remove,
suffix=DOMAIN_SUFFIX_NAME)
}
for suffix, err_str in err_messages_by_suffix.items():
if suffix in affected_suffixes:
tasks.assert_error(result, err_str, returncode=1)
else:
assert err_str not in result.stderr_text
def check_removal_disconnects_topology(
host, hostname_to_remove,
affected_suffixes=(DOMAIN_SUFFIX_NAME,)):
result = tasks.run_server_del(host, hostname_to_remove)
assert len(affected_suffixes) <= 2
err_messages_by_suffix = {
CA_SUFFIX_NAME: REMOVAL_ERR_TEMPLATE.format(
hostname=hostname_to_remove,
suffix=CA_SUFFIX_NAME
),
DOMAIN_SUFFIX_NAME: REMOVAL_ERR_TEMPLATE.format(
hostname=hostname_to_remove,
suffix=DOMAIN_SUFFIX_NAME
)
}
for suffix in err_messages_by_suffix:
if suffix in affected_suffixes:
tasks.assert_error(
result, err_messages_by_suffix[suffix], returncode=1)
else:
assert err_messages_by_suffix[suffix] not in result.stderr_text
