def check_replication_error(self, host): status = r'Error \(19\) Replication error acquiring replica: ' \ 'Replica has different database generation ID' tasks.wait_for_replication( host.ldap_connect(), target_status_re=status, raise_on_timeout=True)
def test_replica_install_after_restore(self): master = self.master replica1 = self.replicas[0] replica2 = self.replicas[1] tasks.install_master(master) tasks.install_replica(master, replica1) check_replication(master, replica1, "testuser1") # backup master. backup_path = backup(master) suffix = ipautil.realm_to_suffix(master.domain.realm) suffix = escape_dn_chars(str(suffix)) tf = NamedTemporaryFile() ldif_file = tf.name entry_ldif = ("dn: cn=meTo{hostname},cn=replica," "cn={suffix}," "cn=mapping tree,cn=config\n" "changetype: modify\n" "replace: nsds5ReplicaEnabled\n" "nsds5ReplicaEnabled: off\n\n" "dn: cn=caTo{hostname},cn=replica," "cn=o\\3Dipaca,cn=mapping tree,cn=config\n" "changetype: modify\n" "replace: nsds5ReplicaEnabled\n" "nsds5ReplicaEnabled: off").format( hostname=replica1.hostname, suffix=suffix) master.put_file_contents(ldif_file, entry_ldif) # disable replication agreement arg = [ 'ldapmodify', '-h', master.hostname, '-p', '389', '-D', str(master.config.dirman_dn), # pylint: disable=no-member '-w', master.config.dirman_password, '-f', ldif_file ] master.run_command(arg) # uninstall master. tasks.uninstall_master(master) # master restore. dirman_password = master.config.dirman_password master.run_command(['ipa-restore', backup_path], stdin_text=dirman_password + '\nyes') # re-initialize topology after restore. topo_name = "{}-to-{}".format(master.hostname, replica1.hostname) for topo_suffix in 'domain', 'ca': arg = [ 'ipa', 'topologysegment-reinitialize', topo_suffix, topo_name, '--left' ] replica1.run_command(arg) # wait sometime for re-initialization tasks.wait_for_replication(replica1.ldap_connect()) # install second replica after restore tasks.install_replica(master, replica2) check_replication(master, replica2, "testuser2")
def check_replication_success(self, host): status = r'Error \(0\) Replica acquired successfully: ' \ 'Incremental update succeeded' tasks.wait_for_replication(host.ldap_connect(), target_status_re=status, raise_on_timeout=True)
def test_rolecheck_Trust(self): """ipa-backup rolecheck: add Trust controllers/agents. """ # install AD Trust packages on replica first tasks.install_packages(self.replicas[0], ['*ipa-server-trust-ad']) self._check_rolecheck_backup_success(self.replicas[0]) self._check_rolecheck_backup_success(self.master) tasks.install_packages(self.master, ['*ipa-server-trust-ad']) # make replicas[0] become Trust Controller self.replicas[0].run_command([ 'ipa-adtrust-install', '-U', '--netbios-name', 'IPA', '-a', self.master.config.admin_password, '--add-sids' ]) # wait for replication to propagate the change on # cn=adtrust agents,cn=sysaccounts,cn=etc,dc=ipa,dc=test # as the ipa server-role-find call is using this entry to # build its output tasks.wait_for_replication(self.replicas[0].ldap_connect()) # double-check assert self._ipa_replica_role_check(self.replicas[0].hostname, self.serverroles['ADTC']) # check that master has no AD Trust-related role assert not self._ipa_replica_role_check(self.master.hostname, self.serverroles['ADTA']) self._check_rolecheck_backup_success(self.replicas[0]) self._check_rolecheck_backup_failure(self.master) # make master become Trust Agent cmd_input = ( # admin password: self.master.config.admin_password + '\n' + # WARNING: The smb.conf already exists. Running ipa-adtrust-install # will break your existing samba configuration. # Do you wish to continue? [no]: 'yes\n' # Enable trusted domains support in slapi-nis? [no]: '\n' + # WARNING: 1 IPA masters are not yet able to serve information # about users from trusted forests. # Installer can add them to the list of IPA masters allowed to # access information about trusts. # If you choose to do so, you also need to restart LDAP service on # those masters. # Refer to ipa-adtrust-install(1) man page for details. # IPA master[replica1.testrelm.test]?[no]: 'yes\n') self.replicas[0].run_command(['ipa-adtrust-install', '--add-agents'], stdin_text=cmd_input) # wait for replication to propagate the change on # cn=adtrust agents,cn=sysaccounts,cn=etc,dc=ipa,dc=test # as the ipa server-role-find call is using this entry to # build its output tasks.wait_for_replication(self.replicas[0].ldap_connect()) # check that master is now an AD Trust agent assert self._ipa_replica_role_check(self.master.hostname, self.serverroles['ADTA']) # but not an AD Trust controller assert not self._ipa_replica_role_check(self.master.hostname, self.serverroles['ADTC']) self._check_rolecheck_backup_success(self.replicas[0]) self._check_rolecheck_backup_failure(self.master) # make master become Trust Controller self.master.run_command([ 'ipa-adtrust-install', '-U', '--netbios-name', 'IPA', '-a', self.master.config.admin_password, '--add-sids' ]) # wait for replication to propagate the change on # cn=adtrust agents,cn=sysaccounts,cn=etc,dc=ipa,dc=test # as the ipa server-role-find call is using this entry to # build its output tasks.wait_for_replication(self.master.ldap_connect()) # master and replicas[0] are both AD Trust Controllers now. for hostname in [self.master.hostname, self.replicas[0].hostname]: assert self._ipa_replica_role_check(hostname, self.serverroles['ADTC']) self._check_rolecheck_backup_success(self.master) self._check_rolecheck_backup_success(self.replicas[0]) # switch replicas[0] to hidden self.replicas[0].run_command([ 'ipa', 'server-state', self.replicas[0].hostname, '--state=hidden' ]) self._check_rolecheck_backup_success(self.master) self._check_rolecheck_backup_success(self.replicas[0])