From bffa3d5fcc6f6f8c570b04bb4a56143788349f0e Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Fri, 9 Oct 2020 10:49:49 -0700 Subject: [PATCH] Tweak setup_tap_static and FreeIPA tests for resolved This does some of the things suggested by cheimes in https://bugzilla.redhat.com/show_bug.cgi?id=1880628#c24 . I'm not sure if all these changes are safe yet. Signed-off-by: Adam Williamson --- lib/tapnet.pm | 2 -- tests/realmd_join_sssd.pm | 24 ++++++++++-------------- tests/role_deploy_domain_controller.pm | 19 ++++++++----------- 3 files changed, 18 insertions(+), 27 deletions(-) diff --git a/lib/tapnet.pm b/lib/tapnet.pm index 7bfc013e..379fe462 100644 --- a/lib/tapnet.pm +++ b/lib/tapnet.pm @@ -53,8 +53,6 @@ sub setup_tap_static { assert_script_run "nmcli con up '$connection'"; # for debugging assert_script_run "nmcli -t con show '$connection'"; - # the above doesn't seem to reliably set up resolv.conf, so... - clone_host_file "/etc/resolv.conf"; } sub get_host_dns { diff --git a/tests/realmd_join_sssd.pm b/tests/realmd_join_sssd.pm index e4fe03de..b0647f78 100644 --- a/tests/realmd_join_sssd.pm +++ b/tests/realmd_join_sssd.pm @@ -22,7 +22,6 @@ sub run { $server_mutex = 'replica_ready'; } bypass_1691487; - assert_script_run "printf 'search domain.local\nnameserver ${server_ip}' > /etc/resolv.conf"; # this gets us the name of the first connection in the list, # which should be what we want my $connection = script_output "nmcli --fields NAME con show | head -2 | tail -1"; @@ -43,11 +42,14 @@ sub run { # here we're enrolling not just as a client, but as a replica # disable systemd-resolved, it kinda conflicts with FreeIPA's # bind: https://bugzilla.redhat.com/show_bug.cgi?id=1880628 - unless (script_run "systemctl is-active systemd-resolved.service") { - script_run "systemctl stop systemd-resolved.service"; - script_run "systemctl disable systemd-resolved.service"; - script_run "rm -f /etc/resolv.conf"; - script_run "systemctl restart NetworkManager"; + my $upd = get_var("ADVISORY_OR_TASK"); + unless ($upd eq "FEDORA-2020-e9e815177e") { + unless (script_run "systemctl is-active systemd-resolved.service") { + script_run "systemctl stop systemd-resolved.service"; + script_run "systemctl disable systemd-resolved.service"; + script_run "rm -f /etc/resolv.conf"; + script_run "systemctl restart NetworkManager"; + } } # install server packages @@ -58,10 +60,6 @@ sub run { assert_script_run "dnf -y install haveged", 300; assert_script_run 'systemctl start haveged.service'; - # read DNS server IPs from host's /etc/resolv.conf for passing to - # ipa-replica-install - my @forwards = get_host_dns(); - # configure the firewall for my $service (qw(freeipa-ldap freeipa-ldaps dns)) { assert_script_run "firewall-cmd --permanent --add-service $service"; @@ -69,10 +67,8 @@ sub run { assert_script_run "systemctl restart firewalld.service"; # deploy as a replica - my $args = "--setup-dns --setup-ca --allow-zone-overlap -U --principal admin --admin-password monkeys123"; - for my $fwd (@forwards) { - $args .= " --forwarder=$fwd"; - } + my ($ip, $hostname) = split(/ /, get_var("POST_STATIC")); + my $args = "--ip-address=$ip --setup-dns --auto-forwarders --setup-ca --allow-zone-overlap -U --principal admin --admin-password monkeys123"; assert_script_run "ipa-replica-install $args", 1500; # enable and start the systemd service diff --git a/tests/role_deploy_domain_controller.pm b/tests/role_deploy_domain_controller.pm index d17f4cea..9c415566 100644 --- a/tests/role_deploy_domain_controller.pm +++ b/tests/role_deploy_domain_controller.pm @@ -22,10 +22,13 @@ sub run { # disable systemd-resolved, it kinda conflicts with FreeIPA's # bind: https://bugzilla.redhat.com/show_bug.cgi?id=1880628 unless (script_run "systemctl is-active systemd-resolved.service") { - script_run "systemctl stop systemd-resolved.service"; - script_run "systemctl disable systemd-resolved.service"; - script_run "rm -f /etc/resolv.conf"; - script_run "systemctl restart NetworkManager"; + my $upd = get_var("ADVISORY_OR_TASK"); + unless ($upd eq "FEDORA-2020-e9e815177e") { + script_run "systemctl stop systemd-resolved.service"; + script_run "systemctl disable systemd-resolved.service"; + script_run "rm -f /etc/resolv.conf"; + script_run "systemctl restart NetworkManager"; + } } # we need a lot of entropy for this, and we don't care how good # it is, so let's use haveged @@ -38,9 +41,6 @@ sub run { # per ab, this gets us more debugging for bind assert_script_run 'mkdir -p /etc/systemd/system/named-pkcs11.service.d'; assert_script_run 'printf "[Service]\nEnvironment=OPTIONS=-d5\n" > /etc/systemd/system/named-pkcs11.service.d/debug.conf'; - # read DNS server IPs from host's /etc/resolv.conf for passing to - # ipa-server-install / rolectl - my @forwards = get_host_dns(); # First install the necessary packages assert_script_run "dnf -y groupinstall freeipa-server", 600; # configure the firewall @@ -49,10 +49,7 @@ sub run { } assert_script_run "systemctl restart firewalld.service"; # deploy the server - my $args = "-U --realm=DOMAIN.LOCAL --domain=domain.local --ds-password=monkeys123 --admin-password=monkeys123 --setup-dns --reverse-zone=2.16.172.in-addr.arpa --allow-zone-overlap"; - for my $fwd (@forwards) { - $args .= " --forwarder=$fwd"; - } + my $args = "-U --auto-forwarders --realm=DOMAIN.LOCAL --domain=domain.local --ds-password=monkeys123 --admin-password=monkeys123 --setup-dns --reverse-zone=2.16.172.in-addr.arpa --allow-zone-overlap"; assert_script_run "ipa-server-install $args", 1200; # enable and start the systemd service assert_script_run "systemctl enable ipa.service";