os-autoinst-distri-fedora/tests/domain_client.pm

use base "installedtest";
use strict;
use testapi;
use utils;

sub run {
    my $self = shift;
    my $admin = get_var("REALMD_ADMIN_USER", "admin");
    my $tcadmin = ucfirst($admin);
    my $domain = get_var("REALMD_DOMAIN", "test.openqa.fedoraproject.org");
    my $shortdom = uc((split(/\./, $domain))[0]);
    my $udomain = uc($domain);
    my $qdomain = quotemeta($domain);
    my $qudomain = uc($qdomain);
    # switch to tty1 (we're usually there already, but just in case
    # we're carrying on from a failed freeipa_webui that didn't fail
    # at tty1)
    select_console "tty1-console";
    wait_still_screen 1;
    if (get_var("KICKSTART")) {
        # we don't have sssd debugging enabled yet
        assert_script_run 'dnf -y install sssd-tools', 240;
        assert_script_run 'sss_debuglevel 9';
    }
    # check domain is listed in 'realm list'
    validate_script_output 'realm list', sub { $_ =~ m/domain-name: $qdomain.*configured: kerberos-member/s };
    # check we can resolve domain accounts
    if ($domain =~ m/samdom/) {
        # give this two tries, to see if it helps the problem where
        # it sometimes fails for no reason
        if (script_run "getent passwd '$shortdom\\$tcadmin'") {
            assert_script_run "getent passwd '$shortdom\\$tcadmin'";
        }
    }
    else {
        assert_script_run "getent passwd $admin\@$udomain";
    }
    # check keytab entries
    # on AD clients, this isn't automatically installed
    assert_script_run "dnf -y install krb5-workstation", 180;
    my $hostname = script_output 'hostname';
    my $qhost = quotemeta($hostname);
    validate_script_output 'klist -k', sub { $_ =~ m/$qhost\@$qudomain/ };
    # check we can kinit with the host principal
    if ($domain =~ m/samdom/) {
        my $shorthost = uc((split(/\./, $hostname))[0]);
        assert_script_run "kinit -k $shorthost\\\$\@$udomain";
    }
    else {
        assert_script_run "kinit -k host/$hostname\@$udomain";
    }
    # Set a longer timeout for login(1) to workaround RHBZ #1661273
    assert_script_run 'echo "LOGIN_TIMEOUT 180" >> /etc/login.defs';
    # switch to tty2 for login tests
    select_console "tty2-console";
    # try and login as test1, should work
    console_login(user => "test1\@$domain", password => 'batterystaple');
    type_string "exit\n";
    unless ($domain =~ m/samdom/) {
        # try and login as test2, should fail. we cannot use console_login
        # as it takes 10 seconds to complete when login fails, and
        # "permission denied" message doesn't last that long
        sleep 2;
        assert_screen "text_console_login";
        type_string "test2\@$udomain\n";
        assert_screen "console_password_required";
        type_string "batterystaple\n";
        assert_screen "login_permission_denied";
    }
}


sub test_flags {
    return {fatal => 1};
}

1;

# vim: set sw=4 et:
Add Samba AD tests This adds a Samba AD server test, and client enrolment tests via sssd, Cockpit and kickstart. Requires the matching createhdds commit to add the kickstart to the disk_ks image. Signed-off-by: Adam Williamson <awilliam@redhat.com> 2023-07-19 23:41:21 +00:00			`use base "installedtest";`
			`use strict;`
			`use testapi;`
			`use utils;`

			`sub run {`
			`my $self = shift;`
			`my $admin = get_var("REALMD_ADMIN_USER", "admin");`
Fixes for Active Directory client tests abbra told me where I was going wrong with the 'expected' target of the getent command ("AD/" is not a magic string, it's just "(netbiosname)/", and our netbios name is "SAMDOM"...) so this fixes that too, trying to avoid hard-coding stuff. For the kickstart test, it seems like it's a timing issue. We added this 'install sssd-tools and enable debugging' step to try and debug it, and instead it fixed it. So...let's just stick with this, for now, because it's useful to have this debugging anyway. If the problem starts happening again, we can fiddle about with it more. Signed-off-by: Adam Williamson <awilliam@redhat.com> 2023-08-04 12:47:33 +00:00			`my $tcadmin = ucfirst($admin);`
Add Samba AD tests This adds a Samba AD server test, and client enrolment tests via sssd, Cockpit and kickstart. Requires the matching createhdds commit to add the kickstart to the disk_ks image. Signed-off-by: Adam Williamson <awilliam@redhat.com> 2023-07-19 23:41:21 +00:00			`my $domain = get_var("REALMD_DOMAIN", "test.openqa.fedoraproject.org");`
Fixes for Active Directory client tests abbra told me where I was going wrong with the 'expected' target of the getent command ("AD/" is not a magic string, it's just "(netbiosname)/", and our netbios name is "SAMDOM"...) so this fixes that too, trying to avoid hard-coding stuff. For the kickstart test, it seems like it's a timing issue. We added this 'install sssd-tools and enable debugging' step to try and debug it, and instead it fixed it. So...let's just stick with this, for now, because it's useful to have this debugging anyway. If the problem starts happening again, we can fiddle about with it more. Signed-off-by: Adam Williamson <awilliam@redhat.com> 2023-08-04 12:47:33 +00:00			`my $shortdom = uc((split(/\./, $domain))[0]);`
Add Samba AD tests This adds a Samba AD server test, and client enrolment tests via sssd, Cockpit and kickstart. Requires the matching createhdds commit to add the kickstart to the disk_ks image. Signed-off-by: Adam Williamson <awilliam@redhat.com> 2023-07-19 23:41:21 +00:00			`my $udomain = uc($domain);`
			`my $qdomain = quotemeta($domain);`
			`my $qudomain = uc($qdomain);`
			`# switch to tty1 (we're usually there already, but just in case`
			`# we're carrying on from a failed freeipa_webui that didn't fail`
			`# at tty1)`
Run update repo setup steps from a serial console This is a surprisingly large change as we want to go back to the console we were previously on after doing it. To do that we need to know what console we were on, and to know that, we need to port everything that currently uses (ctrl-)alt-fX to switch consoles to use select_console instead. This is primarily intended to make running setup_repos.py faster when it has to download a lot of packages (as typing in hundreds of package names is quite slow). But it actually makes the whole thing faster, even when only downloading one or two packages. Signed-off-by: Adam Williamson <awilliam@redhat.com> 2024-01-09 18:37:57 +00:00			`select_console "tty1-console";`
Add Samba AD tests This adds a Samba AD server test, and client enrolment tests via sssd, Cockpit and kickstart. Requires the matching createhdds commit to add the kickstart to the disk_ks image. Signed-off-by: Adam Williamson <awilliam@redhat.com> 2023-07-19 23:41:21 +00:00			`wait_still_screen 1;`
Fixes for Active Directory client tests abbra told me where I was going wrong with the 'expected' target of the getent command ("AD/" is not a magic string, it's just "(netbiosname)/", and our netbios name is "SAMDOM"...) so this fixes that too, trying to avoid hard-coding stuff. For the kickstart test, it seems like it's a timing issue. We added this 'install sssd-tools and enable debugging' step to try and debug it, and instead it fixed it. So...let's just stick with this, for now, because it's useful to have this debugging anyway. If the problem starts happening again, we can fiddle about with it more. Signed-off-by: Adam Williamson <awilliam@redhat.com> 2023-08-04 12:47:33 +00:00			`if (get_var("KICKSTART")) {`
			`# we don't have sssd debugging enabled yet`
			`assert_script_run 'dnf -y install sssd-tools', 240;`
			`assert_script_run 'sss_debuglevel 9';`
			`}`
Add Samba AD tests This adds a Samba AD server test, and client enrolment tests via sssd, Cockpit and kickstart. Requires the matching createhdds commit to add the kickstart to the disk_ks image. Signed-off-by: Adam Williamson <awilliam@redhat.com> 2023-07-19 23:41:21 +00:00			`# check domain is listed in 'realm list'`
			`validate_script_output 'realm list', sub { $_ =~ m/domain-name: $qdomain.*configured: kerberos-member/s };`
			`# check we can resolve domain accounts`
Fixes for Active Directory client tests abbra told me where I was going wrong with the 'expected' target of the getent command ("AD/" is not a magic string, it's just "(netbiosname)/", and our netbios name is "SAMDOM"...) so this fixes that too, trying to avoid hard-coding stuff. For the kickstart test, it seems like it's a timing issue. We added this 'install sssd-tools and enable debugging' step to try and debug it, and instead it fixed it. So...let's just stick with this, for now, because it's useful to have this debugging anyway. If the problem starts happening again, we can fiddle about with it more. Signed-off-by: Adam Williamson <awilliam@redhat.com> 2023-08-04 12:47:33 +00:00			`if ($domain =~ m/samdom/) {`
			`# give this two tries, to see if it helps the problem where`
			`# it sometimes fails for no reason`
			`if (script_run "getent passwd '$shortdom\\$tcadmin'") {`
			`assert_script_run "getent passwd '$shortdom\\$tcadmin'";`
			`}`
			`}`
			`else {`
			`assert_script_run "getent passwd $admin\@$udomain";`
			`}`
Add Samba AD tests This adds a Samba AD server test, and client enrolment tests via sssd, Cockpit and kickstart. Requires the matching createhdds commit to add the kickstart to the disk_ks image. Signed-off-by: Adam Williamson <awilliam@redhat.com> 2023-07-19 23:41:21 +00:00			`# check keytab entries`
			`# on AD clients, this isn't automatically installed`
			`assert_script_run "dnf -y install krb5-workstation", 180;`
			`my $hostname = script_output 'hostname';`
			`my $qhost = quotemeta($hostname);`
			`validate_script_output 'klist -k', sub { $_ =~ m/$qhost\@$qudomain/ };`
			`# check we can kinit with the host principal`
			`if ($domain =~ m/samdom/) {`
			`my $shorthost = uc((split(/\./, $hostname))[0]);`
			`assert_script_run "kinit -k $shorthost\\\$\@$udomain";`
			`}`
			`else {`
			`assert_script_run "kinit -k host/$hostname\@$udomain";`
			`}`
			`# Set a longer timeout for login(1) to workaround RHBZ #1661273`
			`assert_script_run 'echo "LOGIN_TIMEOUT 180" >> /etc/login.defs';`
			`# switch to tty2 for login tests`
Run update repo setup steps from a serial console This is a surprisingly large change as we want to go back to the console we were previously on after doing it. To do that we need to know what console we were on, and to know that, we need to port everything that currently uses (ctrl-)alt-fX to switch consoles to use select_console instead. This is primarily intended to make running setup_repos.py faster when it has to download a lot of packages (as typing in hundreds of package names is quite slow). But it actually makes the whole thing faster, even when only downloading one or two packages. Signed-off-by: Adam Williamson <awilliam@redhat.com> 2024-01-09 18:37:57 +00:00			`select_console "tty2-console";`
Add Samba AD tests This adds a Samba AD server test, and client enrolment tests via sssd, Cockpit and kickstart. Requires the matching createhdds commit to add the kickstart to the disk_ks image. Signed-off-by: Adam Williamson <awilliam@redhat.com> 2023-07-19 23:41:21 +00:00			`# try and login as test1, should work`
			`console_login(user => "test1\@$domain", password => 'batterystaple');`
			`type_string "exit\n";`
			`unless ($domain =~ m/samdom/) {`
			`# try and login as test2, should fail. we cannot use console_login`
			`# as it takes 10 seconds to complete when login fails, and`
			`# "permission denied" message doesn't last that long`
			`sleep 2;`
			`assert_screen "text_console_login";`
			`type_string "test2\@$udomain\n";`
			`assert_screen "console_password_required";`
			`type_string "batterystaple\n";`
			`assert_screen "login_permission_denied";`
			`}`
			`}`


			`sub test_flags {`
			`return {fatal => 1};`
			`}`

			`1;`

			`# vim: set sw=4 et:`