1
0
mirror of https://pagure.io/fedora-qa/os-autoinst-distri-fedora.git synced 2024-11-28 08:33:08 +00:00

Tweak setup_tap_static and FreeIPA tests for resolved

This does some of the things suggested by cheimes in
https://bugzilla.redhat.com/show_bug.cgi?id=1880628#c24 . I'm
not sure if all these changes are safe yet.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
This commit is contained in:
Adam Williamson 2020-10-09 10:49:49 -07:00
parent 92f5bf90c0
commit bffa3d5fcc
3 changed files with 18 additions and 27 deletions

View File

@ -53,8 +53,6 @@ sub setup_tap_static {
assert_script_run "nmcli con up '$connection'"; assert_script_run "nmcli con up '$connection'";
# for debugging # for debugging
assert_script_run "nmcli -t con show '$connection'"; assert_script_run "nmcli -t con show '$connection'";
# the above doesn't seem to reliably set up resolv.conf, so...
clone_host_file "/etc/resolv.conf";
} }
sub get_host_dns { sub get_host_dns {

View File

@ -22,7 +22,6 @@ sub run {
$server_mutex = 'replica_ready'; $server_mutex = 'replica_ready';
} }
bypass_1691487; bypass_1691487;
assert_script_run "printf 'search domain.local\nnameserver ${server_ip}' > /etc/resolv.conf";
# this gets us the name of the first connection in the list, # this gets us the name of the first connection in the list,
# which should be what we want # which should be what we want
my $connection = script_output "nmcli --fields NAME con show | head -2 | tail -1"; my $connection = script_output "nmcli --fields NAME con show | head -2 | tail -1";
@ -43,12 +42,15 @@ sub run {
# here we're enrolling not just as a client, but as a replica # here we're enrolling not just as a client, but as a replica
# disable systemd-resolved, it kinda conflicts with FreeIPA's # disable systemd-resolved, it kinda conflicts with FreeIPA's
# bind: https://bugzilla.redhat.com/show_bug.cgi?id=1880628 # bind: https://bugzilla.redhat.com/show_bug.cgi?id=1880628
my $upd = get_var("ADVISORY_OR_TASK");
unless ($upd eq "FEDORA-2020-e9e815177e") {
unless (script_run "systemctl is-active systemd-resolved.service") { unless (script_run "systemctl is-active systemd-resolved.service") {
script_run "systemctl stop systemd-resolved.service"; script_run "systemctl stop systemd-resolved.service";
script_run "systemctl disable systemd-resolved.service"; script_run "systemctl disable systemd-resolved.service";
script_run "rm -f /etc/resolv.conf"; script_run "rm -f /etc/resolv.conf";
script_run "systemctl restart NetworkManager"; script_run "systemctl restart NetworkManager";
} }
}
# install server packages # install server packages
assert_script_run "dnf -y groupinstall freeipa-server", 600; assert_script_run "dnf -y groupinstall freeipa-server", 600;
@ -58,10 +60,6 @@ sub run {
assert_script_run "dnf -y install haveged", 300; assert_script_run "dnf -y install haveged", 300;
assert_script_run 'systemctl start haveged.service'; assert_script_run 'systemctl start haveged.service';
# read DNS server IPs from host's /etc/resolv.conf for passing to
# ipa-replica-install
my @forwards = get_host_dns();
# configure the firewall # configure the firewall
for my $service (qw(freeipa-ldap freeipa-ldaps dns)) { for my $service (qw(freeipa-ldap freeipa-ldaps dns)) {
assert_script_run "firewall-cmd --permanent --add-service $service"; assert_script_run "firewall-cmd --permanent --add-service $service";
@ -69,10 +67,8 @@ sub run {
assert_script_run "systemctl restart firewalld.service"; assert_script_run "systemctl restart firewalld.service";
# deploy as a replica # deploy as a replica
my $args = "--setup-dns --setup-ca --allow-zone-overlap -U --principal admin --admin-password monkeys123"; my ($ip, $hostname) = split(/ /, get_var("POST_STATIC"));
for my $fwd (@forwards) { my $args = "--ip-address=$ip --setup-dns --auto-forwarders --setup-ca --allow-zone-overlap -U --principal admin --admin-password monkeys123";
$args .= " --forwarder=$fwd";
}
assert_script_run "ipa-replica-install $args", 1500; assert_script_run "ipa-replica-install $args", 1500;
# enable and start the systemd service # enable and start the systemd service

View File

@ -22,11 +22,14 @@ sub run {
# disable systemd-resolved, it kinda conflicts with FreeIPA's # disable systemd-resolved, it kinda conflicts with FreeIPA's
# bind: https://bugzilla.redhat.com/show_bug.cgi?id=1880628 # bind: https://bugzilla.redhat.com/show_bug.cgi?id=1880628
unless (script_run "systemctl is-active systemd-resolved.service") { unless (script_run "systemctl is-active systemd-resolved.service") {
my $upd = get_var("ADVISORY_OR_TASK");
unless ($upd eq "FEDORA-2020-e9e815177e") {
script_run "systemctl stop systemd-resolved.service"; script_run "systemctl stop systemd-resolved.service";
script_run "systemctl disable systemd-resolved.service"; script_run "systemctl disable systemd-resolved.service";
script_run "rm -f /etc/resolv.conf"; script_run "rm -f /etc/resolv.conf";
script_run "systemctl restart NetworkManager"; script_run "systemctl restart NetworkManager";
} }
}
# we need a lot of entropy for this, and we don't care how good # we need a lot of entropy for this, and we don't care how good
# it is, so let's use haveged # it is, so let's use haveged
assert_script_run "dnf ${extraparams} -y install haveged", 300; assert_script_run "dnf ${extraparams} -y install haveged", 300;
@ -38,9 +41,6 @@ sub run {
# per ab, this gets us more debugging for bind # per ab, this gets us more debugging for bind
assert_script_run 'mkdir -p /etc/systemd/system/named-pkcs11.service.d'; assert_script_run 'mkdir -p /etc/systemd/system/named-pkcs11.service.d';
assert_script_run 'printf "[Service]\nEnvironment=OPTIONS=-d5\n" > /etc/systemd/system/named-pkcs11.service.d/debug.conf'; assert_script_run 'printf "[Service]\nEnvironment=OPTIONS=-d5\n" > /etc/systemd/system/named-pkcs11.service.d/debug.conf';
# read DNS server IPs from host's /etc/resolv.conf for passing to
# ipa-server-install / rolectl
my @forwards = get_host_dns();
# First install the necessary packages # First install the necessary packages
assert_script_run "dnf -y groupinstall freeipa-server", 600; assert_script_run "dnf -y groupinstall freeipa-server", 600;
# configure the firewall # configure the firewall
@ -49,10 +49,7 @@ sub run {
} }
assert_script_run "systemctl restart firewalld.service"; assert_script_run "systemctl restart firewalld.service";
# deploy the server # deploy the server
my $args = "-U --realm=DOMAIN.LOCAL --domain=domain.local --ds-password=monkeys123 --admin-password=monkeys123 --setup-dns --reverse-zone=2.16.172.in-addr.arpa --allow-zone-overlap"; my $args = "-U --auto-forwarders --realm=DOMAIN.LOCAL --domain=domain.local --ds-password=monkeys123 --admin-password=monkeys123 --setup-dns --reverse-zone=2.16.172.in-addr.arpa --allow-zone-overlap";
for my $fwd (@forwards) {
$args .= " --forwarder=$fwd";
}
assert_script_run "ipa-server-install $args", 1200; assert_script_run "ipa-server-install $args", 1200;
# enable and start the systemd service # enable and start the systemd service
assert_script_run "systemctl enable ipa.service"; assert_script_run "systemctl enable ipa.service";