ipa-4.11.0-3
- Resolves: RHEL-14428 healthcheck reports nsslapd-accesslog-logbuffering is set to 'off' Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
This commit is contained in:
Florence Blanc-Renaud
parent
80c7b3b6fc
commit
1c59d31bde
|
|
@ -0,0 +1,48 @@
|
|||
From 411107e1d1fa64b15978b7c69522613fbf3aa827 Mon Sep 17 00:00:00 2001
|
||||
From: Florence Blanc-Renaud <flo@redhat.com>
|
||||
Date: Fri, 29 Sep 2023 10:31:00 +0200
|
||||
Subject: [PATCH] ipatests: fix expected output for
|
||||
ipahealthcheck.meta.services
|
||||
|
||||
ipa-healthcheck commit 31be12b introduced a change in the output
|
||||
message when pki-tomcatd is not running.
|
||||
With versions <= 0.12, the service name is displayed as
|
||||
pki_tomcatd (with an underscore), but with 0.13+ it is
|
||||
pki-tomcatd (with a dash).
|
||||
|
||||
Fixes: https://pagure.io/freeipa/issue/9460
|
||||
|
||||
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
|
||||
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
||||
---
|
||||
ipatests/test_integration/test_ipahealthcheck.py | 7 ++++++-
|
||||
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/ipatests/test_integration/test_ipahealthcheck.py b/ipatests/test_integration/test_ipahealthcheck.py
|
||||
index 35fcfe10508589ded021207a4eba4fb0143495b4..5d79f2b529e819a291228776c4cc278463f02e59 100644
|
||||
--- a/ipatests/test_integration/test_ipahealthcheck.py
|
||||
+++ b/ipatests/test_integration/test_ipahealthcheck.py
|
||||
@@ -454,6 +454,11 @@ class TestIpaHealthCheck(IntegrationTest):
|
||||
assert data[0]["result"] == "SUCCESS"
|
||||
assert data[0]["kw"]["status"] is True
|
||||
|
||||
+ version = tasks.get_healthcheck_version(self.master)
|
||||
+ # With healthcheck newer versions, the error msg for PKI tomcat
|
||||
+ # contains the string pki-tomcatd instead of pki_tomcatd
|
||||
+ always_replace = parse_version(version) >= parse_version("0.13")
|
||||
+
|
||||
for service in svc_list:
|
||||
restart_service(self.master, service)
|
||||
returncode, data = run_healthcheck(
|
||||
@@ -466,7 +471,7 @@ class TestIpaHealthCheck(IntegrationTest):
|
||||
for check in data:
|
||||
if check["check"] != service:
|
||||
continue
|
||||
- if service != 'pki_tomcatd':
|
||||
+ if service != 'pki_tomcatd' or always_replace:
|
||||
service = service.replace('_', '-')
|
||||
assert check["result"] == "ERROR"
|
||||
assert check["kw"]["msg"] == "%s: not running" % service
|
||||
--
|
||||
2.41.0
|
||||
|
||||
|
|
@ -0,0 +1,132 @@
|
|||
From 7e76329f76b7605ac6ec255c53b3c15d368a63f7 Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Mon, 13 Nov 2023 09:48:09 -0500
|
||||
Subject: [PATCH] ipatests: ignore nsslapd-accesslog-logbuffering WARN in
|
||||
healthcheck
|
||||
|
||||
Log buffering is disabled in the integration tests so we can have all
|
||||
the logs at the end. This is causing a warning to show in the 389-ds
|
||||
checks and causing tests to fail that expect all SUCCESS.
|
||||
|
||||
Add an exclude for this specific key so tests will pass again.
|
||||
|
||||
We may eventually want a more sophisiticated mechanism to handle
|
||||
excludes, or updating the config in general, but this is fine for now.
|
||||
|
||||
Fixes: https://pagure.io/freeipa/issue/9400
|
||||
|
||||
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
|
||||
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
|
||||
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
|
||||
---
|
||||
.../test_integration/test_ipahealthcheck.py | 28 +++++++++++++++++++
|
||||
.../test_replica_promotion.py | 5 +++-
|
||||
2 files changed, 32 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/ipatests/test_integration/test_ipahealthcheck.py b/ipatests/test_integration/test_ipahealthcheck.py
|
||||
index 5d79f2b529e819a291228776c4cc278463f02e59..278f75abdd772a59178a61e2ab63e3178fef2518 100644
|
||||
--- a/ipatests/test_integration/test_ipahealthcheck.py
|
||||
+++ b/ipatests/test_integration/test_ipahealthcheck.py
|
||||
@@ -10,6 +10,7 @@ from __future__ import absolute_import
|
||||
from configparser import RawConfigParser, NoOptionError
|
||||
from datetime import datetime, timedelta, timezone
|
||||
UTC = timezone.utc
|
||||
+import io
|
||||
import json
|
||||
import os
|
||||
import re
|
||||
@@ -209,6 +210,28 @@ def run_healthcheck(host, source=None, check=None, output_type="json",
|
||||
return result.returncode, data
|
||||
|
||||
|
||||
+def set_excludes(host, option, value,
|
||||
+ config_file='/etc/ipahealthcheck/ipahealthcheck.conf'):
|
||||
+ """Mark checks that should be excluded from the results
|
||||
+
|
||||
+ This will set in the [excludes] section on host:
|
||||
+ option=value
|
||||
+ """
|
||||
+ EXCLUDES = "excludes"
|
||||
+
|
||||
+ conf = host.get_file_contents(config_file, encoding='utf-8')
|
||||
+ cfg = RawConfigParser()
|
||||
+ cfg.read_string(conf)
|
||||
+ if not cfg.has_section(EXCLUDES):
|
||||
+ cfg.add_section(EXCLUDES)
|
||||
+ if not cfg.has_option(EXCLUDES, option):
|
||||
+ cfg.set(EXCLUDES, option, value)
|
||||
+ out = io.StringIO()
|
||||
+ cfg.write(out)
|
||||
+ out.seek(0)
|
||||
+ host.put_file_contents(config_file, out.read())
|
||||
+
|
||||
+
|
||||
@pytest.fixture
|
||||
def restart_service():
|
||||
"""Shut down and restart a service as a fixture"""
|
||||
@@ -266,6 +289,7 @@ class TestIpaHealthCheck(IntegrationTest):
|
||||
setup_dns=True,
|
||||
extra_args=['--no-dnssec-validation']
|
||||
)
|
||||
+ set_excludes(cls.master, "key", "DSCLE0004")
|
||||
|
||||
def test_ipa_healthcheck_install_on_master(self):
|
||||
"""
|
||||
@@ -558,6 +582,7 @@ class TestIpaHealthCheck(IntegrationTest):
|
||||
setup_dns=True,
|
||||
extra_args=['--no-dnssec-validation']
|
||||
)
|
||||
+ set_excludes(self.replicas[0], "key", "DSCLE0004")
|
||||
|
||||
# Init a user on replica to assign a DNA range
|
||||
tasks.kinit_admin(self.replicas[0])
|
||||
@@ -698,6 +723,7 @@ class TestIpaHealthCheck(IntegrationTest):
|
||||
'output_type=human'
|
||||
])
|
||||
)
|
||||
+ set_excludes(self.master, "key", "DSCLE0004", config_file)
|
||||
returncode, output = run_healthcheck(
|
||||
self.master, failures_only=True, config=config_file
|
||||
)
|
||||
@@ -713,6 +739,7 @@ class TestIpaHealthCheck(IntegrationTest):
|
||||
'output_file=%s' % HC_LOG,
|
||||
])
|
||||
)
|
||||
+ set_excludes(self.master, "key", "DSCLE0004")
|
||||
returncode, _unused = run_healthcheck(
|
||||
self.master, config=config_file
|
||||
)
|
||||
@@ -2408,6 +2435,7 @@ class TestIpaHealthCLI(IntegrationTest):
|
||||
cls.master, setup_dns=True, extra_args=['--no-dnssec-validation']
|
||||
)
|
||||
tasks.install_packages(cls.master, HEALTHCHECK_PKG)
|
||||
+ set_excludes(cls.master, "key", "DSCLE0004")
|
||||
|
||||
def test_indent(self):
|
||||
"""
|
||||
diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py
|
||||
index d477c3a20df80f16d47a55c9359ce165049dd907..b71f2d5d7e1517ab73d79b62477a3377839b0b7a 100644
|
||||
--- a/ipatests/test_integration/test_replica_promotion.py
|
||||
+++ b/ipatests/test_integration/test_replica_promotion.py
|
||||
@@ -13,7 +13,7 @@ import pytest
|
||||
|
||||
from ipatests.test_integration.base import IntegrationTest
|
||||
from ipatests.test_integration.test_ipahealthcheck import (
|
||||
- run_healthcheck, HEALTHCHECK_PKG
|
||||
+ run_healthcheck, set_excludes, HEALTHCHECK_PKG
|
||||
)
|
||||
from ipatests.pytest_ipa.integration import tasks
|
||||
from ipatests.pytest_ipa.integration.tasks import (
|
||||
@@ -983,6 +983,9 @@ class TestHiddenReplicaPromotion(IntegrationTest):
|
||||
# manually install KRA to verify that hidden state is synced
|
||||
tasks.install_kra(cls.replicas[0])
|
||||
|
||||
+ set_excludes(cls.master, "key", "DSCLE0004")
|
||||
+ set_excludes(cls.replicas[0], "key", "DSCLE0004")
|
||||
+
|
||||
def _check_dnsrecords(self, hosts_expected, hosts_unexpected=()):
|
||||
domain = DNSName(self.master.domain.name).make_absolute()
|
||||
rset = [
|
||||
--
|
||||
2.41.0
|
||||
|
||||
|
|
@ -0,0 +1,45 @@
|
|||
From faf8be455a6ab4f5b1bed00a611e655535ed31e7 Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Tue, 14 Nov 2023 13:21:30 -0500
|
||||
Subject: [PATCH] ipatests: fix expected output for ipahealthcheck.ipa.host
|
||||
|
||||
ipa-healthcheck commit e69589d5 changed the output when a service
|
||||
keytab is missing to not report the GSSAPI error but to report
|
||||
that the keytab doesn't exist at all. This distinguishes from real
|
||||
Kerberos issues like kvno.
|
||||
|
||||
Fixes: https://pagure.io/freeipa/issue/9482
|
||||
|
||||
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
|
||||
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
|
||||
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
|
||||
---
|
||||
ipatests/test_integration/test_ipahealthcheck.py | 12 +++++++++---
|
||||
1 file changed, 9 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/ipatests/test_integration/test_ipahealthcheck.py b/ipatests/test_integration/test_ipahealthcheck.py
|
||||
index 278f75abdd772a59178a61e2ab63e3178fef2518..785e9abbae3b807f100a3d875e0c0b23f868be83 100644
|
||||
--- a/ipatests/test_integration/test_ipahealthcheck.py
|
||||
+++ b/ipatests/test_integration/test_ipahealthcheck.py
|
||||
@@ -635,9 +635,15 @@ class TestIpaHealthCheck(IntegrationTest):
|
||||
ipahealthcheck.ipa.host when GSSAPI credentials cannot be obtained
|
||||
from host's keytab.
|
||||
"""
|
||||
- msg = (
|
||||
- "Minor (2529639107): No credentials cache found"
|
||||
- )
|
||||
+ version = tasks.get_healthcheck_version(self.master)
|
||||
+ if parse_version(version) >= parse_version("0.15"):
|
||||
+ msg = (
|
||||
+ "Service {service} keytab {path} does not exist."
|
||||
+ )
|
||||
+ else:
|
||||
+ msg = (
|
||||
+ "Minor (2529639107): No credentials cache found"
|
||||
+ )
|
||||
|
||||
with tasks.FileBackup(self.master, paths.KRB5_KEYTAB):
|
||||
self.master.run_command(["rm", "-f", paths.KRB5_KEYTAB])
|
||||
--
|
||||
2.41.0
|
||||
|
||||
|
|
@ -223,7 +223,7 @@
|
|||
|
||||
Name: %{package_name}
|
||||
Version: %{IPA_VERSION}
|
||||
Release: 2%{?rc_version:.%rc_version}%{?dist}
|
||||
Release: 3%{?rc_version:.%rc_version}%{?dist}
|
||||
Summary: The Identity, Policy and Audit system
|
||||
|
||||
License: GPL-3.0-or-later
|
||||
|
|
@ -255,6 +255,9 @@ Patch0005: 0005-Allow-password-policy-minlength-to-be-removed-like-o.patch
|
|||
Patch0006: 0006-ipatests-Skip-the-test-failing-due-to-FIPS-policy.patch
|
||||
Patch0007: 0007-The-PKI-JSON-API-the-revocation-reason-key-may-be-ca.patch
|
||||
Patch0008: 0008-WIP-Get-the-PKI-version-from-the-remote-to-determine.patch
|
||||
Patch0009: 0009-ipatests-fix-expected-output-for-ipahealthcheck.meta.patch
|
||||
Patch0010: 0010-ipatests-ignore-nsslapd-accesslog-logbuffering-WARN-.patch
|
||||
Patch0011: 0011-ipatests-fix-expected-output-for-ipahealthcheck.ipa..patch
|
||||
Patch1001: 1001-Change-branding-to-IPA-and-Identity-Management.patch
|
||||
%endif
|
||||
%endif
|
||||
|
|
@ -1747,6 +1750,9 @@ fi
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Nov 20 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-3
|
||||
- Resolves: RHEL-14428 healthcheck reports nsslapd-accesslog-logbuffering is set to 'off'
|
||||
|
||||
* Mon Nov 6 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-2
|
||||
- Resolves: RHEL-14292 Backport latest test fixes in python3-ipatests
|
||||
- Resolves: RHEL-15443 Server install: failure to install with externally signed CA because of timezone issue
|
||||
|
|
|
|||
Loading…
Reference in New Issue