From f59343403a85204c73b106e90bfb1ea16c9633ec Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Wed, 4 May 2016 11:53:11 -0700
Subject: [PATCH] add FreeIPA server role deploy and kickstart enrolment tests

Summary:
These require openQA tap networking to allow the server and
client boxes to communicate, and require masquerading (NAT) so
the server at least can reach a repository (dnf/rolekit really,
really do not want to work without a repo connection).

They use the 'parallel' test support to have the server deploy
run first while the client enrol test waits at the grub menu
until the server is done before it goes ahead.

This is all deployed and working on stg. The really tricky bit
was getting all the openvswitch and firewall config right in
ansible.

We *could* do the server deploy test as a follow-on from the
default install test to save the install, but then we'd have to
teach it to change the hostname and set up static networking
post-install. I'm not sure if it's worth doing that.

This requires the corresponding openqa_fedora_tools commit that
adds the hard disks (containing the kickstarts - it's possible
to get them from remote during install, but we have to set up
name resolution or hard code the IP of the server).

Test Plan:
Deploy this and the openqa_fedora_tools commit,
generate the disks, configure the networking (good luck! See
the docs in openqa_fedora_tools) and see if you can run the
tests. If you're using Docker, uh...sorry. You somehow need to
set things up so the workers can use tap interfaces that can
talk to each other and are NATed to the outside world. Have fun.
I can talk you through it on IRC...

Reviewers: jskladan, garretraziel

Reviewed By: garretraziel

Subscribers: tflink

Differential Revision: https://phab.qadevel.cloud.fedoraproject.org/D831
---
 README.md                              |   1 +
 lib/fedorabase.pm                      |  75 ++++++++++++++++++++++++
 needles/bootloader_bios_installed.json |  15 +++++
 needles/bootloader_bios_installed.png  | Bin 0 -> 6828 bytes
 needles/login_permission_denied.json   |  15 +++++
 needles/login_permission_denied.png    | Bin 0 -> 5465 bytes
 needles/text_console_login.json        |  34 +++++------
 needles/user_logged_in-noprofile.json  |  16 +++++
 needles/user_logged_in-noprofile.png   | Bin 0 -> 5921 bytes
 templates                              |  50 +++++++++++++++-
 tests/_boot_to_anaconda.pm             |  77 +++++++------------------
 tests/freeipa_client_postinstall.pm    |  45 +++++++++++++++
 tests/role_deploy_domain_controller.pm |  77 +++++++++++++++++++++++++
 13 files changed, 332 insertions(+), 73 deletions(-)
 create mode 100644 needles/bootloader_bios_installed.json
 create mode 100644 needles/bootloader_bios_installed.png
 create mode 100644 needles/login_permission_denied.json
 create mode 100644 needles/login_permission_denied.png
 create mode 100644 needles/user_logged_in-noprofile.json
 create mode 100644 needles/user_logged_in-noprofile.png
 create mode 100644 tests/freeipa_client_postinstall.pm
 create mode 100644 tests/role_deploy_domain_controller.pm

diff --git a/README.md b/README.md
index f62e6390..3e458d4a 100644
--- a/README.md
+++ b/README.md
@@ -84,6 +84,7 @@ these functions:
        long still screen should be displayed until openQA decides that system is booted and third is timeout how long
        it should wait for still screen to appear. Example usage: `$self->boot_to_login_screen("graphical_login", 30);`
        will wait until screen is not moving for 30 seconds and then checks, whether `graphical_login` needle is displayed.
+    - `clone_host_resolv()` copies the contents of the host's `/etc/resolv.conf` into the guest, overwriting any existing contents. This is mainly intended for use by openvswitch guests which need external connectivity.
 - `anacondatest` should be used in tests where Anaconda is running. It uploads Anaconda logs (for example
 `anaconda.log` or `packaging.log`) in `post_fail_hook()`. It also provides these convenient methods for Anaconda:
     - `root_console()` tries to login is as a root. It decides to what TTY to switch into and then calls `console_login()`
diff --git a/lib/fedorabase.pm b/lib/fedorabase.pm
index ce905097..42d2a75b 100644
--- a/lib/fedorabase.pm
+++ b/lib/fedorabase.pm
@@ -1,5 +1,6 @@
 package fedorabase;
 use base 'basetest';
+use lockapi;
 
 # base class for all Fedora tests
 
@@ -75,6 +76,64 @@ sub console_login {
     $args{check} && die "Failed to reach console!"
 }
 
+sub do_bootloader {
+    # Handle bootloader screen. 'bootloader' is syslinux or grub.
+    # 'uefi' is whether this is a UEFI install, will get_var UEFI if
+    # not explicitly set. 'postinstall' is whether we're on an
+    # installed system or at the installer (this matters for how many
+    # times we press 'down' to find the kernel line when typing args).
+    # 'args' is a string of extra kernel args, if desired. 'mutex' is
+    # a parallel test mutex lock to wait for before proceeding, if
+    # desired. 'first' is whether to hit 'up' a couple of times to
+    # make sure we boot the first menu entry.
+    my ($self, $postinstall, $args, $mutex, $first, $bootloader, $uefi) = @_;
+    $uefi //= get_var("UEFI");
+    $postinstall //= 0;
+    # if not postinstall and not UEFI, syslinux
+    $bootloader //= ($uefi || $postinstall) ? "grub" : "syslinux";
+    $args //= "";
+    $mutex //= "";
+    $first //= 1;
+    if ($uefi) {
+        # we don't just tag all screens with 'bootloader' because we
+        # want to be sure we actually did a UEFI boot
+        assert_screen "bootloader_uefi", 30;
+    } else {
+        assert_screen "bootloader", 30;
+    }
+    if ($mutex) {
+        # cancel countdown
+        send_key "left";
+        mutex_lock $mutex;
+        mutex_unlock $mutex;
+    }
+    if ($first) {
+        # press up a couple of times to make sure we're at first entry
+        send_key "up";
+        send_key "up";
+    }
+    if ($args) {
+        if ($bootloader eq "syslinux") {
+            send_key "tab";
+        }
+        else {
+            send_key "e";
+            # ternary: 13 'downs' to reach the kernel line for installed
+            # system, 2 for UEFI installer
+            my $presses = $postinstall ? 13 : 2;
+            foreach my $i (1..$presses) {
+                send_key "down";
+            }
+            send_key "end";
+        }
+        type_string " $args";
+    }
+    # ctrl-X boots from grub editor mode
+    send_key "ctrl-x";
+    # return boots all other cases
+    send_key "ret";
+}
+
 sub boot_to_login_screen {
     my $self = shift;
     my $boot_done_screen = shift; # what to expect when system is booted (e. g. GDM), can be ""
@@ -94,6 +153,22 @@ sub get_milestone {
     return '';
 }
 
+sub clone_host_resolv {
+    # this is pretty crazy, but SUSE do almost the same thing...
+    # it's for openvswitch jobs to clone the host's resolv.conf, so
+    # we don't have to hard code 8.8.8.8 or have the templates pass
+    # in an address or something
+    my $self = shift;
+    my $resolv = '';
+    open(FH, '<', "/etc/resolv.conf");
+    while (<FH>) {
+        $resolv .= $_;
+    }
+    assert_script_run "printf '$resolv' > /etc/resolv.conf";
+    # for debugging...
+    assert_script_run "cat /etc/resolv.conf";
+}
+
 1;
 
 # vim: set sw=4 et:
diff --git a/needles/bootloader_bios_installed.json b/needles/bootloader_bios_installed.json
new file mode 100644
index 00000000..83769e6c
--- /dev/null
+++ b/needles/bootloader_bios_installed.json
@@ -0,0 +1,15 @@
+{
+    "area": [
+        {
+            "height": 15,
+            "type": "match",
+            "width": 160,
+            "xpos": 50,
+            "ypos": 335
+        }
+    ],
+    "tags": [
+        "bootloader",
+        "ENV-DISTRI-fedora"
+    ]
+}
diff --git a/needles/bootloader_bios_installed.png b/needles/bootloader_bios_installed.png
new file mode 100644
index 0000000000000000000000000000000000000000..d5ecca37ec09f1f996a1195dfd49a40862995321
GIT binary patch
literal 6828
zcmeHKdsLF?)_=W>R+icERAYIY{LE8cDoh(KFHI(6sg+rZs8ot*idt$0B+%HTm1(Au
zm0~9|O+``?5<{(~C^ZQ$km5D-9^Md45jeoCZ>`p;)71L@Ip12rdiT56exJR6``OR)
z?7g20`#r(SmaJI<0KhW0UtPQaKwZwN0gE)`FFJkYGWkp6*j}&;AXEHrF$y!}lEu-#
zLSg_wOIPuz05@`elnXUu-8^<{_Np7Go9f`KCS?Gy#?H-Ur}ya&epf)nouXA5`%B&~
z1tn!uO0o7UP>g$#M-q#|cen2HX}^eH0-F~gAOxHi0O$z8D*>MwpOtc(c=;ojD5<J~
zIxE>lN~)ru#!6P<^v5h-DgBb(=S}<vy}yM1MDI(`#!BauF8`_b5&MbWj6i^`ZIe4-
z(J+l>c&kQ3#}(>$%@0*$sr&+3WxT_gGQpmB&jkX8+?Wn`<;J*f=V!qg{(MmWyk~4}
z#b`O$ftFbi?0^vy4{SnIKBEaENY!BR?9ZAtf#l4%-JBM2_V9_OlvdP?zSCYw<7;hT
z(woLm>y0@wg{?iPvBpQgG}B!Q9Sf0|VWR!%wRr=+<ah;u4e~WT^;Z<Sr{;|pOOF>m
zvdfYm9Rh9K99G|b>Qq<fR7d8@)J9*;NQwraQdgisUN1|izq!IClhc59UIPgUHnO<x
z%xb>tfD=Y`%@U|P@+}vR-H2b7U9Jsn$kaQTR&4YW0Oa%!ZP-4K5%+VD72w43{GIh|
zw4>%Eh87#rbu!TYUiMKPQKrh#2e`IQFCzP{Nz{hgUAXb~RSxy-=+ukvaj{UgeF|}t
zNgB4*FtJj25QDr()Y@BS=2L0}7;{a=fuHF%w0E|H9l}ysWH^+~yNL1d^W)6UA<o;%
zEE)oNyPxE8UdFmQ>D%m-Q6)mU(>1%|q0*Xi8j<qkLdiMP>qAAu?_{CSbZB2%>V;u+
zYRByd*or20K^&A0^C8PodK4)0KUf9n9JYSE(Xt^q`p(Sn{utewbe0yGR!O`v^N)RD
zJ>ev7C@uoo!a5lxxk|H{5>rW~)Z|jLpdP5143Sj`UgS+7v1%yVDWJ5u?Xa6Wrd5DN
zfW0T3wI<j=a{NuqB&L#AjmfgCXwt(yGhpAX?0c5NY;NPdJ<ja3cP@soUI_ZSn!*79
zDlJyc?$OhI@uFX=<5<nf%g4$27pi!5W4z_^BepqO=hU^czJtA(lE6J<CGiqh4s1RJ
z6a4lX1IFm_h@O!l5>%%)WPIqBpvlWb#Hn!uuLuJ(%*3kUfFz$CNom-y0ryP>v6|{Y
zif~ARl~s?qV8gGR**e*QDLXwz9d4!tg6lKlv`)>Kp2xs1)i~JGai&p^th#19Hf?XU
zqR?Ov$^CZ{O%igAMBE%y2>0@9VW!r%_E*gi99vIXL{)l->^4p}*AYa;cC)UWgUy@v
z%zJvkE{gJoYq){Xrc$E}T$%0p&NaJAHaIKJiz<NMASqHk!r4iHEmBdWkxu+#M*v9a
zH^s|8PXagsd`er+{bTJeHUHG@at`QKi4<$&8Hh{awP*Du7QE891LAhuj?vSxFo*d}
zznAnhQORIS6eP}DpvTNlFu#{~HK_0uv>+kBlCe&l#a;ywAF3u2q%9poCUC2EG9hN)
zV0lJd_m1OZjp5#D;qyagYcb?PaPCYEHY+DFb-s7ysOAw@#mN(#lc5=2R)Ei=WS8}_
zJYj!9M3vgDW@)9grMa6uLE(;bX-K{VgEYESS{MsWk1C+G#tc$x_&(tnq$TbFtR0zN
z4r2>l%=9sE$Kt2&6Vh^Y{a9TPrsrVgNXm&P?%dzZ1CsVK{UCjd098ECvlr|xrD$AT
zFB4S8kKL(;PZC!?%5uK~egJWEphcR~VFkPqlxMQ1DoA8*-Dw%HkADiIzuIzWJe}F(
zo*}DF2@5HG$^qq~{MB|m4sulcfT{L<j?819Wpj|1O=<sZ!cG-;kpmkdB)@Rc)u$Wk
zFz=9)ki^OKqx(hJwi&KrMrJy%IJYRx5uB3qMs(v*;K)Kwd!VTV6>JA3SEWlfC6t<=
zyX@v?hx;*>X}2>u`}n@*=%s`d6TeZju}-b%-DwZidWR1`Z{|6Mb0{`HNo<XOOxP<G
zOUk-EgKH}y*BYYsqS7AEu&G#H9~9Htd3Wuc@IhSdZ2bcAI%8+(yEk?n<Y6l4X>LAr
z#M+Ernb;P^Jn+iyXo;mCap0ByIhv!B;fNC^&ezW=-Oc?@Pg>3bYn9i7z?l3DSw3=i
z<nK=QI578MbKyE+Mx22KiPtQtFV1^EW?a{{<E=J6A7%lv^0UbpY_4ehTTTRj*T~+M
zno9Q2rG#~HM9JHdjs#X&LtH@cggB7F6%CMtE`$wyX!_77jViSCZ(r*|ZQVCW^~1Tb
z&OrR#9ANNi`8ucDTinZIRJ0Lw(XB8f&hXG(PI%-U%j0Dp6j%>9wK8Pcl^O|SyNW#h
zzOr(6F!R!bZ=5SQ=F;_`JJp|F!#c}JKBd=g<~qA2F?+h7gn+Tm<n%6)AP6sIjUgKa
z2OuG}Cb!~in;zQc#wFD5F@Q<@fM`?PAr(qMcGp!+E_^eI0cx-r^^1<}I)N;Xa*`Oy
z^M~YFuhr_={C)e8%PL&`7jcD;q!U*Ww<&=-w#8j(BE~5P1TE}vt}9Uhn`n6<x=A9E
z@53m0J_vJI7^*@Ho0w1bzsboMU%}*ZwoGP*x2!aik%awwRqAvl5W+xDfY~%O@nXJK
zTetO7DC;bt#`I?|B9X->5W-^}5S9mdfh4uuW+dEFH!PzAnOg-*#~yCJiy3Pu9x~)@
zw5t)VH#cRWxY!H*MY7=cKCjTO#HSSAR&ke30YB@+tK>|FX`5>)qKl8V-XG}nia}m1
zH52c^&9vpDNOk2os@#i(MQ=W@p(xgMYR_K-*ZNl|62>RR`%6v6mx}%;dMXO@#tNeB
z&j7rV{XCvCa7)q7IV*>JV(Ig+pSJ{j9`^Gl{sZ3UO?(OOD_#B*Pu>`P^;GeSvHvxT
zr10gxW2(jqSN?imeY_jKWmTP(=D%{PU)mVPN<;s?`|wKXSL%J<guFYD|C|-%<0bh@
zmp{_`i2XQP|L*dicwgx<UhdR4u8tDV_*?Y8X{w)()|c@9Z&PiVlV5chJri(w>KCH<
z(k=*GeE59N^ku7l3*ps(<(A^O!_b-WAfE`PIY*E+n-JS>k`PCY`8!Z|s7kH(kH^9e
zy+j^s`h6Dij-JMx4>2^9i7;&NiJ(E|Hv)J7&lB5zur<~U5uh0h^UHxNy+b1_Cy`I8
z4MSZC8@fE-5jZ3`s9rE9d(a(NZN)l_f|0p>{AbphI+(Pq2tID+KxTS^MTso4%*>D2
zA*D!Zlra>QnjHo;jq{CZdSl;Bob+7+)DfK;Di*2*e_*5DW>va}SM6E9#i1K{W$p~0
z?P5kZ(u3ERUTeOvP?}&74z+pgdM6-Uybqb%-RC>bX5Qw%rjv%H)J!u!SNz2-Tk8gP
z%xmL&cFqm$En1g2cL08AX)<C76s@jFIq!B|3~OGFa3UU;B4c4Syz(>8QKhjC>pSFq
zFn;70Jmc(WgxZ_-?l-kkI6o{Q)Z6LNP3w7<LD~R&Xp1fyz=u!&t!@AZ+dN=;dN$j;
ztTys>b6NiUd2F&&O&+f!uU)p-pN`Dk-$W;F_c*r>$2Cze3cJ*S{TbTx@R-x1r{!mU
z7x;2O^IHJto4gwJ=y1Sa5c0m1hQL94y0uyyWmaO3!Jhhzsg?L)EdeO-M{Z0lh<7X;
zwB@!3Ml^JF8-qs0gvn4H<vCRoY%(agEoKBNh1Tn$7T;Q}uKGhzsQh%j-WI*nKux~u
ziuw$IBgfE}&~ZFl0C*px2`tT?#DV6F4su8J@J-6W%5y#Vzg2p(d7h4X4l{=d0DBfX
zQAg%35B(<Q%()9OGpKSFTvVT134@MZ$P_GLwkKC0sJmUOz#^k@ZXP=%o<67=y-eAn
z-~NDRNGHUsnYHI$z0qvyCNqToC}3N~`|Al2-c`9#W%1fEq-gDvuYTxl!g@azY8E5N
z%-$7}r0u!PK=QT4tK<d!p#X@Tuzm8Pu(N{j@<yx+wXJ{kH0kkaP7Ro=tM};I0~G&%
z@<SY~Tl?I3_2WSf<D*4<CsT2a6ix?!(6MB(?F7e%%0uT|Ir}&WOG?^f681-a30Qo{
zD~ZHB84QK=pSx<Gl36J1P_K*WnzzOmsO7OPMFs;I4EMAnL9NC|qa=`l3uQw*<6@Bk
zkdG~B98QA7`O-=GFOeK7Xx`VY=S2j!17ze84N4nowr?zDQdmLhFGbgdEo+=Z0%}F`
zM?GMd4aXeP2CgFEDY~hnW)+dTvU`fINRYf8ShxB`K0KA!Cr!{2PM~Wfd*U86CIj!v
z9ybMO?6#C_rb|Pe^rxhW@7?$-#jba-oQzbxRKE3S`4CysE-^9RnsZOvL^2tAy_D>j
z!`8H>ZtE{!iU)exRI5qwYANeN8)rHlUgqdrJN8Gvr`V96L~%bi-o34?J5Qo|9p)6D
z@KaxaXm6foZ@skmx6Yl9*>%rXFMhZOHgH4Ng1=b4op1FUV<bI2>kp^H$3a`}lTh4)
zyyaj5>K%yU(d5y)T9~ix7IBcjtgZtIQ}vzpDrCT^>%j=@54S>On8-1nEdo`t&`n|3
z@biRc(64TGBNmo8&s^??Fn14f?JEKeIh01|Ci^krvHQ)NKsi%}87p8;MT}L!oPCF3
zuNIcn1v;gO+FoGckFuj;^H}x-N>dVKNL`!xT2UvSTfa^kGuoCKB)_yq1*$HJR$IRm
z0Q41i)!q}FiID?_0I|+Qp6mBJp4WJ&AFs&zcm?^|M#oq=SY1K!O7=_1`Wx%SA%($j
zDHnh3fw98mpUuigEM6h}bjC{Qck(>~-y`rn0^cL>|04nx@+Mic!Ob<(_RjChd#2lN
LPnWV^j{Np7ns-K1

literal 0
HcmV?d00001

diff --git a/needles/login_permission_denied.json b/needles/login_permission_denied.json
new file mode 100644
index 00000000..5029273b
--- /dev/null
+++ b/needles/login_permission_denied.json
@@ -0,0 +1,15 @@
+{
+    "area": [
+        {
+            "height": 13,
+            "type": "match",
+            "width": 136,
+            "xpos": 0,
+            "ypos": 144
+        }
+    ],
+    "tags": [
+        "login_permission_denied",
+        "ENV-DISTRI-fedora"
+    ]
+}
diff --git a/needles/login_permission_denied.png b/needles/login_permission_denied.png
new file mode 100644
index 0000000000000000000000000000000000000000..5dc454e506ee54d14e39bdae54929aa59bfd4b73
GIT binary patch
literal 5465
zcmeH}eLT~9|HnT_x~0<Hk*ss6{G?58L$Z_-J4Q;FW;vRLY}jmbw~?#Ut@Lw5<fe07
zp^PbF7?yLC5OX+7Zf3F~wl#Az?1pPyf1Tg&asIfj|NH#&{oK6X@Av2Ne1ATl@B5|?
z(tYDPqjdm)jUK1nd;wUc>FR(r+M18u`>Uw0BjRz7b8FVD8T#Nosu}JeoeUtkWAWJ7
z5E3DF&v|StF`R%0Rxlfwbs8y*t&tr1Dsdx3g@ohx`1yIb0jz_S<0UJ*L(m^X?Hr)C
z_90m4kB6+opmw&l_I3^qHr7_y!{B9pn#OkbSKHI^(b!mWI8o!@&({OQV58!kEG;dG
z@kA0fYPTD?P9rq>zx!~Fjt1oLSQ0cU1RsLK#xf>TXEiFwpSFSwiNXRBmPo>cM~7gD
znh4lf%%MY8ks?<t09zeA++5F5^Cf(K-ai_)0G|d9?G&W9)Op93-+J~wRc+cTslk`%
zJ@;LELw7ZLyT<o_->5%TD%FLsCO)2rV|rf+jK7603uk9+8=M`ez@*c4c@n=tSaD0e
zKsrz;*AKfVv2))7MhS}G+tovocYaTf)|Uk#+U>Y#^ZbfCLE84OIX9-{Q-d(vf~>=I
zEto!>EM2A#+^&%=wYN;IB-c<vMpqF!79I2esLLvn&`qjcQ6;UHMD=1t<kJGA*8me9
z&39^|(jRvuIVTqw7?SM2_$Nf1@vL-m@ncKwm*l~?`ZV*2-d_Wkbij1dii_5p?kDZY
zo9)3amK7KUduwCaIW=pc{!-W8AY;~o1yXr2AN}%*VKGyZy{h_V?>u7(lQgvz0E4fl
z!LHIW>(Ju7DnzuING|;_n<{ZU)_H&aigjvWO!lS3<hPIa1Av^5T<0Tqk`2qN{J*f7
z@p}DbxNR-$$zxEfUAqdl;Vx>D70~-I#Zn};7-r|fe?yfZy09G^0g#})K^U*C+W0Mw
zTAP4ivlG`=@m9)Z`88*{hnmOtYk><Ll@RUDk^YA+4NbQXKWP6McJP(pReMKvX>qtB
z{Zp8nHfDR8z^Q7vF1+;Hm&X);J@oq8<F)r+%RHnTkSpu|BIVP#WJ$B`OuJy{fm*-g
zHSU%7Q(DyJd2?P?L$f_;p`2-XAnF1qZ>1%DSF4nNSEhi-KmC%kn<Z8ZL0;kmP4?!N
zC_;j^gONY_x6m?_hIjm+yi((XKN-<;_MqW+ZG3uIs?*02%b^n}sI2slg6f&Zyw1Bp
zPZiu#m%VFZ;Ho?6>j7bEg12_gQQCha(IPW-U6{ktyzxbcqS@Dy#|PxXCh~AM<5z|i
z<OoqYu@<}}agYE-`;I~hY-niQiaR#g>JfI|omaFR<*z>Z;RV09)DY^Z*HutTQIaJ^
z=`mMbMe5ecD&h831G?p~g`c@#`tGuqR>F-5ra0m%Uz{ZtRF|xp>n=Eb`xn!*rYMy8
zwnv?*%jb)NcXLx6&1Cjn^26wn-b!1fR9-<QUX0W?;0N6a%A0yW^ZF?sT>$|1Os@9U
z3una%D}`}(B+60iH{TZw4_k}&JlI*VvAKd;E6c!SMdd35cGnZtY@^xV3!)6eud&k4
zqJq7S9Kol@cUwnJs3L{iKTCFi=^s{*po&NwvdA=N*qw5iT=%27IN$`=GNEcIBRxns
z+2-c`zB#a^SfNG74TF@0`6e~D-1_tGE@&alR}HyStKt=eJc!W&Oewp$qw3(w%KxlT
z6RXG0nfmX#<?paKrxmJ&;6`L*GwTZxs!xW$Y7uPlybaeE7}?vlL(YPih?DSDwTY(Q
zJ60R^Fk))G+fP}TAKeE%c$M5YU+stJPtGm&aW&+z52U@NWSpNR7_)j0l`PntQwH@`
zp;5<QEzONIviBNN8^#)cuhVt3<hYv#2M-o8Dk(fT0FA6!mjNA6qD+X>PAc(r{5(Yv
z?{4dgO9oU+BuK$G&F1{YIsFf(76ULM%z{!)W*0{eOBdQ81MUdXVWzR(WCZ2bNH_A1
z@tqYL_eTf#%|q!m$xmK19$xm{*%T-%x<{{>%pPru@0Rp?xCrCUI0Y9pB)6?HuMro8
zy1(hIzU#(t*=NF9yyt7Al3&>+Y>PkNR<SQP!x<0S)D-PakQ?j>h0qKPtvQP{`zeTy
z`q+DdE2Wjst<GI$X~NJZ>#N7$-><wb3Hlpr!jXk3RXpfF8NMT`U7kC{kQpbw8|6w6
zLdO$`ARW<$$3}#{J=Y`paAJP~X&C4$f@AdxO!2It@+o@!^%HN^G`P!UZ=bH}xz7!a
zjE6dGSNr8wN?z})#w*i-OF1SH@f5m*HorY_KBf(`!>`n&)pLm=f$J!71Q+&YJ;n-?
zJY>q15ImH6Yq;$=COmdH#bCPnXpb{;PWq7h4nf#}plX?-tAdXQC=4QG?)O|(VnxeL
z=Eyw56L&$<$yN*%`ZgvlZhbE6y7JEabF?Zg#~C5(^CD-CETVA-d2wY*T<A+yBKpPY
zNI`1ST`64VNcLAfUsuy4_v$ZNbV^vVkooSYEle5)urZ6E7M$R$P+`6peP~y8mQU#B
z^S5%l>ap>N6VN5S+G3B;_u?7ma;=$tkAjI|nC2)vOS8hKpC2z{brfaN!`&qvaAnpN
zzpb{L%P~{O@BPrzwT~6_TAd*1KdJi1W#>lQLZ6xmj3+x``iGy}$A@cTa%L8@oOqeI
z&_13Dv9y7MOj{gKlOOS)$Gra}|0rA?y&IlE@9j@g{RrE=nJJVj`|hN<7vD^Fo?LVo
z76`8qrkh<v&=BRg`g17iG~Zx&n-fEkA*`fVYO!Ys-%Y$uu%OD2f=gx<0u%YZ%G-4=
zOnoJu?m&B%-e)odr-VM-mT|(K*3;%&SZv2=OOJ2~Paooav5%GiLS=h9HaGRh=uq=C
zF9BI<TNIK^N9jWzjEvRU_Xy6e7f|964sn~tM6HHi=5?hw>a_}bP5-Naznh8e{i!W@
z;tfWxg%|}H&1>5@y0#fpaE$-I#LW3E-SKAjkx?<auJk@<zm?9V;*n=ebqAX&cB;H>
zCEGV4rp=TIGs&3F7@f<cdczdHa&G#0T%vJ4RX<w(fwm}VWN~ok99xLh*msCivEo23
z7v958N4?`LvKNCmFrz-<RhMubb&GKIrYC|`jUU5QxRn4Jr+&2+qwV${WTJ|yCdCuj
z=qkU{wUgq#zh@^k%rq{nH2W$}1@J!)%(E<3&3aYK()N$F*Ay=nJDZIcxfm@l_8#eW
z&1cT1Nk%fcTfS_7x{fTwJ^#ZVZ$4`?V{j>BA|1W6d*Y3Q?f5`1384xULK+ESrf(C9
z%Ek>f7dY{Cj82Mc5$VjjFj)ggIhFHJTT><GPl$MHdrB#{bXB^+JO0Dh<u7EGvo*_c
z96=7Yo{#_Sxyk19kxzPOQpx>3?lZ=hDF>IcM#J-|&RSs4^ihi*lsCK_;n~UJMl8Ty
z;R&2UVXJU00MCo&D<}HjRaRU`R3^&JR;LFSY9bLN9K#e+L>Ee$Z88WQKHw)GsJCeI
z)+sxi@h<ohWDwRar#R&L{<GMb)tTnN`vic`7QW6ibY_KJwS^dI;Mti*4jm|KIM;S~
zzu>)q95d}($Qya(1;8<$ck+F==q{I_FM6FTc`uY1R)NwvNyB%jc>{2)@{3{0ob?j&
z=>fkA*frMxu9l~T_{p*s*l8~bN-=S%Q(z+JY+lfdGo~OQ#dLoWcy`t)Dj<j8zouKO
zECzr_ujq%haMB)$np`lVsaKFUGWvFR+H5pw&5bpjo=MF5Y4!&p$&0NGQuHCjxTR1h
zO}Va@EZ(~3q~`bVxY^U-99<$(xIFrEz4A<9v<U0&_v8c{0&sb*Df@Q`{FD+kMFU``
z+!3QQl?c}YkEYD1<#Tp<XwKz_%a6Y_><xw=;kn;50Kh#7`spgI20BL3RWpMtVVHFj
z+rkYe`_dk0aNMRBfvl<J0(W&XM*tBK2;aYfL27S5`m6_1gtrzzxh@4otn3#eh}0^a
zekgIST9Y&ox|*O3OUCxB=Xk#Hda0q$OV)l?QO&BMg)b?}`49kJ&Z-sPKNG)D7DwCQ
z73I|U1cR7q=rQ!tU!0@=da6evqH(0#`FNHMD#4cIyjboKqY`?}jXN^X0IW%>{4_2h
zC#nhxx2Vi3%Q!qW0M0GkK2)CHXfxs$6)avGOqaTu0d|IVZIQt+p2g3)FQ)hZ&EW`V
z-!6E-$hOif+(G4J+c6b$IeSnSq)awvqf(Utb!usCgO_Nu;L6`eIkE^z%vBDe%5g&*
z<jt&jXcqvZ0y8ksU{hyZfaZM4y2u_^)99@OBe(9MX|;8Wg>lzh(*LOeJDPi70i0Xk
zXL?_R5=qChvN=5%cB&Rg@t#)?jw3KfKU&<>INMNR21NUo0&BJY&GqD4qwAAjuMCu?
z-t-=S)iatH-9Sq)i<CEi*jK-~HhC!^f8=3`@Z&CF#(aOWCM)0CHv-=Xd?WCUz&8Tl
f2>gEn)A7rC=g-?xY7RzNd|mT6iF9Kgzj*auUzWi4

literal 0
HcmV?d00001

diff --git a/needles/text_console_login.json b/needles/text_console_login.json
index a9a351fc..928208df 100644
--- a/needles/text_console_login.json
+++ b/needles/text_console_login.json
@@ -1,17 +1,17 @@
-{
-  "tags": [
-    "text_console_login",
-    "ENV-DISTRI-fedora",
-    "ENV-FLAVOR-develop"
-  ],
-  "properties": [],
-  "area": [
-    {
-      "width": 128,
-      "xpos": 0,
-      "type": "match",
-      "ypos": 49,
-      "height": 30
-    }
-  ]
-}
+{
+    "area": [
+        {
+            "height": 30,
+            "type": "match",
+            "width": 56,
+            "xpos": 72,
+            "ypos": 49
+        }
+    ],
+    "properties": [],
+    "tags": [
+        "text_console_login",
+        "ENV-DISTRI-fedora",
+        "ENV-FLAVOR-develop"
+    ]
+}
\ No newline at end of file
diff --git a/needles/user_logged_in-noprofile.json b/needles/user_logged_in-noprofile.json
new file mode 100644
index 00000000..45b96854
--- /dev/null
+++ b/needles/user_logged_in-noprofile.json
@@ -0,0 +1,16 @@
+{
+    "area": [
+        {
+            "height": 16,
+            "type": "match",
+            "width": 65,
+            "xpos": 0,
+            "ypos": 143
+        }
+    ],
+    "tags": [
+        "user_logged_in",
+        "user_console",
+        "ENV-DISTRI-fedora"
+    ]
+}
diff --git a/needles/user_logged_in-noprofile.png b/needles/user_logged_in-noprofile.png
new file mode 100644
index 0000000000000000000000000000000000000000..b53455c362a68e06d127754ecbb3145cc56a9322
GIT binary patch
literal 5921
zcmeHKc{rO}x8H_V2SZz0rGgGR8LKs`;pl`zRFA4DD5~Zm5wmEud_Aq|;LsLvt~S&d
zR0I)2DQ!8l(TE6%7BwYQiIDN8-+i9@oclcIkMI89{m;AC+P}5det+-UYp?f?i}QK8
zZK~S<0CM&h&bR^~EuKn&Et2Ag(a25D9}@f*``@-~*+Tmaoe+!4h_hD^=Yt}HV*L?O
zv6`2IV&NfCk>G^hNj<|1#5IB#V(<fUCMv=|BvRAO&HfAsGCg4yc*4j)_iBKVsqQIb
z{~+C~28P#kjZU31HZnCmX?P;Y1auT;h;1Q1Y%e562gM>o;9~!7uJ#}%C?d{WUtb@d
z2uB1(K+YhW#6Z>myARvwXn+ifMd(KONBRc`#a7PUSP`Q%{<alo|A-)f2!bPgL!$kC
z;o=BEvAzZdC&CtNg8<kA?9bT#mQctVAAeTTvJ1Ghw5OfZAeC7v5BLuqD(CM|V&Ni7
zW$KPfUfm?6vt8`_|356dD1tO-89fp|Z$U9>?6-WQM@BT~sEn>q|MJa7Z6dSWM)fc~
z&5R|g5i6o!lNQ!^2y`%3iF<<awCYNi<XAU+-lH%y!PV4D1uq?b54DrbBIA4pV7=P-
z|3UIZLD1nI!Q%|Fh!^U6`-VI{ckQDL08P2YER_0lThGkyz=dWeKdih+-ibP39Zfes
zorrqzKBYAkqM%q6-U<t$l;py2sTD|?wv$m2I)d*yfVuPPy9}7v5b`!@T9h2NICMCf
z+j<H$x8(Y*!j;Wv8_)_nO#RZ7O8nBG&_mtSuUFC#N;uYey#yf)6)J0(Zvq`%sCE!I
z_-DM^(>hlts#epZI36b&<wujbZuSc8bl5<9;88d>N9B_==qOK<lX#Clf+n;wpYm$p
z^v>pakF(z*O<f%Odu|W>e$wD106KGLJM!b!R2IkI7W?aVVZItpZ3gMcYDl^Vds#<j
zMMb@uUOzUDlcvt2E+-F+9-WEs4R{QI-ZUknqn^Sp#YSSk$esKCLeX(KKBm5YIwa&t
zT0rwtBHC1rM1WBzx?<}6<4Kj38E)Gfe?cD0W<7?f6bhC9;hRqka!1EEeSgP^=%;7Y
zFZ(QeRp8~S+c3{uDG_$@OY<!kLnirTzCz@fX4(?+-i)ZWAPd$wUcVBhkv?vC`huYo
zyQ@(Lw3cJFT61`c_uO>Jcr~3&)ndm70~)<5M`yj%AANWvy5d`@CCqJsUq-vbsYq=%
z5p@fz+;}moxGqLw!b#9-e#2_!baoT|fXYk1%*Vbw(6v!Wi9F&~r?G@%Az`~=*&8EI
zX(%WFr9864^+dzP#Rf!N(y@Vb#Lgp6-PGMQ1hg9Nna_x3jPDW8SouBiXgZ6ALmBsM
zRjuYIm-RJz?Fdw^H6K4%EHMEQm`Km=S0~h0Zbd%7RF4`|-Sxo&c|bSwzHIh&4~KH#
zBVQH8W|7y__QH2X4KcZ;Ltew$*+YcX%1X0ZqpX5O-BDeqxbUP&7kmu{fWeC@l1hb_
zm|P(`&KMDIW%zbKWNgfEUUTo>BDuEegvRBZ;@k)|F2g7@SwK)-sWYdYeX*Nv>>QG0
z#0n=EeKqT=Dq6wfy#9<Qg7jc6R_XzyfChW`>(lBJukC|(IQsYQS>=};DG*&D7$L0>
zC%s<#YnwA!VcmkY8MI=TSg31%*e+d<Tt+;c7x^_zV;5z+8uo$cR0i84FK9yq-RR9X
z(RMb9jk8^rm0?)<>G;k0us)K^C~e)oi#y~Ko+B%-nYQ}k`fJypN&?vNq#YxRcP)$d
z%GzLisBK#Ns$Z<;HPmj&D;OxQ_H3!?)49EE&qZQ|;oB5WsFA1#scjUHblNU1)zP!j
z(eb5eG5v0QejtFl7n+3PHD{*d!@7qYd2seh4Oa%FbC7iXWYB@|#X6@C{&rlZNRUko
zAednlz|vV6Fgt9Kw)G$K^gmOj=df|YxOPSq-pjmKkcQ$vOvRl-P4>q;sF`;DNT^pl
zD8mx<?|JEfUqS{%_#Ss!%5GQkjJnJ}GUe-oaQsHMoT;JMTTQ|*n!}1(QhTM3;h4n%
z=iibD_s>+eX+`4KAGn6{*TVNr_9kAYRck%Xv5W-0f(6hm^QGpQFhRy|pT9%=)r2|d
zUGJp1jY<veRNGRKt~iWu(o)qr^lf|0N8N|Cl|llnjQeEpY>0BiyS1mZ%DSA>mCG|V
zjseC0733kcBKtx$YDhC{zGQF&OP_6$P+KKV$(x@ai^O}7Mc?JKp6~=|tsl{UJ`0{B
z$0boh<(ZqQ>x%6m4o6n%JA<cvlgg)Q0vwO*#U%GaMBcv@CGF6jX5d7!%wpmOvjkEl
zB;?W56BoI84WjgKg(+XT2Ycn#fi+F)ujkKE41Obwd-cj|#l3U6Y^B#El*?VzP1!HO
zGYX~os{_7n^D#K+k|$#=_sd+DPj`?0D-WL!pVwueiFsej3Ydq8%Y-Bya$*H9IG_X1
z^KQ5h#<-Dkf5|#VgP<+Ea(fiUD_w!|)rkDZ3FV4jP^(Cwy!=P?#4AR5j6jKR`Xt-K
z;bq+x?Kk~j#|()<wz?ZKjTrlY5$0+QI|3T+H%DN5Ld?kS^RA_xz1zy^$59SK3<Rew
zVtUoPU9A0=pOAE1`ki!T^Axf#fk@}TccPA}D(GiJD%SXpA?^z35JPGq!FbU%vY6z6
zo1!+&h6*t$nbu{td}f+O?N}XhWO{9Ca&t7qItN7>OyT?ML3Y+muJI`MGR|Y}EF_SY
zV-iwxl-oKv+$!uXRz4>HGW5%Q+C;?%4>C#(B}kSV`2*!>VKVI1nHA4HY!M<{tJUA|
z?q<i}sPVk6<&22JwGm-+7_F)aQoo!Lr!(#G>{Zg(%dd}zn|%7l&keLGMRAVx;yLD#
z0J?&es^yh#$S!b(V%IxX_w?d!uutQ@rRHOAUD~(b3TpW=_hxcZruzujo#%b;Y{KhE
z_-zHIaaPlD;_Di=L`~utKu_?<TR%bO9#@q`4=jvS;oj_)UMTol&h;J8XJ^K-+}qv+
zP&T~p-GQ0~a~``x@^v^kHIwvn`3r#AR+g1hO`DwPw(6i}@jhc$=<L(a-*2TC=)QuH
z9tA8Vr3r7)BR(05-n74AaN!@Hs4K79@0(RnH%Ye<9GK8D`C`rM{m$z%`j^LPm~_nO
zWbaDZP;x#^%j<TaauMXv=p(2*nj@Ui#`xYMXQPWy7Ip^oQ~Rv1oUv?bRBF$i>E;i)
zPqL4{YlQD83lsVg@KdjDS=c!~;0U~RaM@n(`S<uz)XBuj<FYgG7ZBBza1Vqd--D%*
z5_RohKNnr`RZ;qwF6Z9lW{_bu_d==v3tR$Z>zPPz0l;*SQmObSbZN)-_3bHo|5<(c
zClu^!m|!8TUB54uFrFE3`aspN3uaEL&&Lk(4(`_+uv{js|HjM$1%MTaQ)Lr&np^99
z%!$!fIZpUQATE&i1z%19K=`bfjh&$kW2>(wQ#j_qV{Re<WO)>c3t7We?8rIHcz1Qr
z%J7_mWI%;o&M@w6TSL(!AI9fEhwZx4%|+_nPsx!0@NGXD0opO@3WKVG9M2%F`Zd>u
zyZKa1?t2{N%|OO{b48PJca<doaI<E6?CNZu32)Z;RTM@dqZ-~NVX!yVLHeb*ct9GO
zvcT-R970f1^=C=tUIQTAqjY@J?B|S15$>F|-P#^|ai2UsB@ZkxkzMAg7Iq(GOmRF3
zaksa;bYOzHyM-7}nM>Vq1!<E~xOfE}@=bFf_ilPVqxw`~uw!9Hq9o|B)_@Oh1Y8z(
z?DE`^{Wia+0dOJp57<j9)&kecZ};Dr_G7b=oZMfd?uze)Q(RczY<%M0>J|+EGE)a4
zY{of?092&iq&VO|GLuRoxEIFb94t}DmpQw{ko)VN?>7lTy}FmSaeaueqBbS&?zsab
zyvzv+kiJJGkaVfw#jCS9;=7{1op?*rB6URXX2}mjZJ1Q;p0SX>i0B;s?9cDk)Ovbm
zgT<jhk1R~uyCvwu_9(5X1AYL!oL>at3(SaW-)C)YVH|O{`YokhT{;hfY**6jaboO-
zLb3bh7bQRaq42kt`roOyH)7w16C57#^uXdr37LEgEobBK(BYe;hGJya5GlgTi|*FK
z2}^!S`W-J*PCwVEUF_k&L-A&=hKv7Je(-TuTz4q^CD*b32+XGyjoijzhL1v&e2blz
zR7}#!otdb?z#7*9Rzchkg9ct=oaE5z<z&{8(fF0Boc#q0@8ak-F_wA$>|ap<Rs>Vb
z1_R^h@qKYa3Q&~efWz~Q3Ojvy`K#qtA*QLjqRn%!7k!>M`kYCq&pB6PwX@m1QShoS
z$(d}ra0_ANyyQ?+*UnzF#t5v@!bhwvfFE;F#?Py$>fn>1*VD_cYh($`y6tkq)WCb|
z((oa=+-s{i18C!%ByD#;@>)wx)$CtLd{cAGHG$!!-xZm$y2$~x*1bHaF_DR;KCypB
zHWufOPIWt|Lf(Eje<*C?RHC?u>{UXv=F}zkb+*0lhKr(7odsJ{t--|LaU^i)+MDO3
z;g?90TnO(i(7G;yV#HlY!p$Xwt7G$q1pcT8&!DiPuBcLrr*~hRGJgGSQZCix#<(jV
zWL#j@-i?rJT1e8iwM?R?MgI5luZg(b62NNEy>WEJZH*ch9e)x_3cDgjy$f+%&Y0dD
zQ|eu$HbW&_QQywBFl#p7KQEnK?e325j4kWly4KaB>F7V?{)XqZB)l{#8k&1Gst6`l
z%p6-tO2wT>X@EWqm+LSpf8g5FiP}ut2@*=N?ngfCw~(K~p0JuaIdcEsd9yX(1^|8|
zG;b-fs76VZv!VD{y;@=sodWwJY<^_+L1l@Y@rD<5Gqu~>2*-pY*>tfs>xi60s0I#2
z825aigs~PEnDwo&O8MqFRnn!T(FKE4vA0<_HAyAeW~%(x@-+#PNu$yt)k{d&EMAf4
zdd5z|za$ZV8w#Eb9OU9Di@IiFeRf)2tcu_$gXYL$TGH-RAOT3Iet))OL91CGwKm)*
zJ~QbGE=&-v(Ucsj;l~MNOxU(_#fH%?t7_@Yvv?}3^IIH|x<y@D9EPvRKO<i2Mz3lb
z05GwwWWP;R^{V!b8+PKgpfqvm`Z<0w@RNa`4E$u^Cj&nj_%{Oymqbz(#gkXH**3Hv
O3j4FpXKH@&yZPU~8o${9

literal 0
HcmV?d00001

diff --git a/templates b/templates
index d12c5b2b..2e033e24 100755
--- a/templates
+++ b/templates
@@ -259,6 +259,28 @@
                                     },
                       test_suite => { name => "install_package_set_minimal" },
                     },
+                    {
+                      machine    => { name => "64bit" },
+                      prio       => 40,
+                      product    => {
+                                      arch    => "x86_64",
+                                      distri  => "fedora",
+                                      flavor  => "Server-dvd-iso",
+                                      version => "*",
+                                    },
+                      test_suite => { name => "server_role_deploy_domain_controller" },
+                    },
+                    {
+                      machine    => { name => "64bit" },
+                      prio       => 40,
+                      product    => {
+                                      arch    => "x86_64",
+                                      distri  => "fedora",
+                                      flavor  => "Server-dvd-iso",
+                                      version => "*",
+                                    },
+                      test_suite => { name => "server_realmd_join_kickstart" },
+                    },
                     {
                       machine    => { name => "64bit" },
                       prio       => 20,
@@ -1261,7 +1283,7 @@
                         { key => "KICKSTART", value => "1" },
                         { key => "GRUB", value => "inst.ks=hd:vdb1:/root-user-crypted-net.ks" },
                         { key => "NUMDISKS", value => "2" },
-                        { key => "HDD_2", value => "disk_ks.img" },
+                        { key => "HDD_2", value => "disk_ks_2.img" },
                         { key => "ROOT_PASSWORD", value => "111111" },
                         { key => "USER_LOGIN", value => "test" },
                         { key => "USER_PASSWORD", value => "test" },
@@ -1458,5 +1480,31 @@
                         { key => "USER_LOGIN", value => "false" },
                       ],
                     },
+                    {
+                      name => "server_role_deploy_domain_controller",
+                      settings => [
+                        { key => "ENTRYPOINT", value => "role_deploy_domain_controller" },
+                        { key => "START_AFTER_TEST", value => "install_default_upload" },
+                        { key => "BOOTFROM", value => "c" },
+                        { key => "HDD_1", value => "disk_%FLAVOR%_%MACHINE%.qcow2" },
+                        { key => "GRUB", value => "net.ifnames=0 biosdevname=0" },
+                        { key => "NICTYPE", value => "tap" },
+                      ],
+                    },
+                    {
+                      name => "server_realmd_join_kickstart",
+                      settings => [
+                        { key => "KICKSTART", value => "1" },
+                        { key => "GRUB", value => "inst.ks=hd:vdb1:/freeipaclient.ks" },
+                        { key => "NUMDISKS", value => "2" },
+                        { key => "HDD_2", value => "disk_ks_2.img" },
+                        { key => "POSTINSTALL", value => "freeipa_client" },
+                        { key => "USER_LOGIN", value => "false" },
+                        { key => "ROOT_PASSWORD", value => "anaconda" },
+                        { key => "PARALLEL_WITH", value => "server_role_deploy_domain_controller" },
+                        { key => "INSTALL_UNLOCK", value => "freeipa_ready" },
+                        { key => "NICTYPE", value => "tap" },
+                      ],
+                    },
                   ],
 }
diff --git a/tests/_boot_to_anaconda.pm b/tests/_boot_to_anaconda.pm
index 0423fcd7..199885d0 100644
--- a/tests/_boot_to_anaconda.pm
+++ b/tests/_boot_to_anaconda.pm
@@ -2,66 +2,33 @@ use base "anacondatest";
 use strict;
 use testapi;
 
-# get_kernel_line switches to menu edit screen and sets the cursor to the end of kernel line
-sub get_kernel_line {
-    if( get_var("UEFI")){
-        send_key "e";
-        send_key "down";
-        send_key "down";
-        send_key "end";
-    } else {
-        send_key "tab";
-    }
-}
-
 sub run {
-    # Wait for bootloader to appear
-    if( get_var("UEFI")){
-        assert_screen "bootloader_uefi", 30;
-    } else {
-        assert_screen "bootloader", 30;
+    my $self = shift;
+    # construct the kernel args. the trick here is to wind up with
+    # spaced args if GRUB or GRUBADD is set, and just spaces if not,
+    # then check if we got all spaces. We wind up with a harmless
+    # extra space if GRUBADD is set but GRUB is not.
+    my $args = "";
+    $args .= get_var("GRUB", "") . " ";
+    $args .= get_var("GRUBADD", "") . " ";
+    # Construct inst.repo arg for REPOSITORY_VARIATION
+    my $repourl = get_var("REPOSITORY_VARIATION");
+    if ($repourl) {
+        my $version = lc(get_var("VERSION", ""));
+        my $arch = get_var("ARCH", "");
+        $repourl .= "/$version/Everything/$arch/os";
+        $args .= "inst.repo=$repourl";
     }
+    # ternary: set $args to "" if it contains only spaces
+    $args = $args =~ /^\s+$/ ? "" : $args;
 
-    # Make sure we skip media check if it's selected by default. Standard
-    # 'boot installer' menu entry is always first.
-    send_key "up";
-    send_key "up";
+    # set mutex wait if necessary
+    my $mutex = get_var("INSTALL_UNLOCK");
 
-    # if variable GRUB is set, add its value into kernel line in grub
-    if( get_var("GRUB")){
-        get_kernel_line;
-        type_string " ".get_var("GRUB");
-
-    }
-
-    # if GRUBADD is set, add that to kernel line too. this is for doing
-    # stuff like running the tests with an updates.img to test some
-    # anaconda change
-    if (get_var("GRUBADD")) {
-        # unless GRUB was also set, we need to get to the kernel line now
-        get_kernel_line unless (get_var("GRUB"));
-        type_string " ".get_var("GRUBADD");
-    }
-
-    # if variable REPOSITORY_VARIATION is set, construct inst.repo url and add it to kernel line
-    if (get_var("REPOSITORY_VARIATION")){
-        unless (get_var("GRUB") || get_var("GRUBADD")) {
-            get_kernel_line;
-        }
-        my $repourl = "";
-
-        # REPOSITORY_VARIATION should be set to repository URL without version and architecture
-        # appended (it will be appended automatically)
-        $repourl = get_var("REPOSITORY_VARIATION")."/".lc(get_var("VERSION"))."/Everything/".get_var("ARCH")."/os";
-        type_string " inst.repo=".$repourl;
-    }
-
-    # now we are on the correct "boot" menu item
-    # hit Ctrl+x for the case when the uefi kernel line was edited
-    send_key "ctrl-x";
-    # Return starts boot in all other cases
-    send_key "ret";
+    # call do_bootloader with postinstall=0, the args, and the mutex
+    $self->do_bootloader(0, $args, $mutex);
 
+    # proceed to installer
     unless (get_var("KICKSTART"))
     {
         # on lives, we have to explicitly launch anaconda
diff --git a/tests/freeipa_client_postinstall.pm b/tests/freeipa_client_postinstall.pm
new file mode 100644
index 00000000..e4ef0c3e
--- /dev/null
+++ b/tests/freeipa_client_postinstall.pm
@@ -0,0 +1,45 @@
+use base "installedtest";
+use strict;
+use testapi;
+
+sub run {
+    my $self=shift;
+    # check domain is listed in 'realm list'
+    validate_script_output 'realm list', sub { $_ =~ m/domain-name: domain\.local.*configured: kerberos-member/s };
+    # check we can see the admin user in getent
+    assert_script_run 'getent passwd admin@DOMAIN.LOCAL';
+    # check keytab entries
+    validate_script_output 'klist -k', sub { $_ =~ m/client001\.domain\.local\@DOMAIN.LOCAL/ };
+    # check we can kinit with the host principal
+    assert_script_run 'kinit -k host/client001.domain.local@DOMAIN.LOCAL';
+    # kinit as each user and set a new password
+    assert_script_run 'printf "correcthorse\nbatterystaple\nbatterystaple" | kinit test1@DOMAIN.LOCAL';
+    assert_script_run 'printf "correcthorse\nbatterystaple\nbatterystaple" | kinit test2@DOMAIN.LOCAL';
+    # switch to tty3
+    send_key "ctrl-alt-f3";
+    # try and login as test1, should work
+    $self->console_login(user=>'test1@DOMAIN.LOCAL', password=>'batterystaple');
+    type_string "exit\n";
+    # try and login as test2, should fail. we cannot use console_login
+    # as it takes 10 seconds to complete when login fails, and
+    # "permission denied" message doesn't last that long
+    sleep 2;
+    assert_screen "text_console_login";
+    type_string "test2\@DOMAIN.LOCAL\n";
+    assert_screen "console_password_required";
+    type_string "batterystaple\n";
+    assert_screen "login_permission_denied";
+}
+
+
+sub test_flags {
+    # without anything - rollback to 'lastgood' snapshot if failed
+    # 'fatal' - whole test suite is in danger if this fails
+    # 'milestone' - after this test succeeds, update 'lastgood'
+    # 'important' - if this fails, set the overall state to 'fail'
+    return { fatal => 1 };
+}
+
+1;
+
+# vim: set sw=4 et:
diff --git a/tests/role_deploy_domain_controller.pm b/tests/role_deploy_domain_controller.pm
new file mode 100644
index 00000000..771550f0
--- /dev/null
+++ b/tests/role_deploy_domain_controller.pm
@@ -0,0 +1,77 @@
+use base "installedtest";
+use strict;
+use testapi;
+use lockapi;
+use mmapi;
+
+sub run {
+    my $self=shift;
+    # boot with kernel params to ensure interface is 'eth0' and not whatever
+    # systemd feels like calling it today
+    $self->do_bootloader(1, "net.ifnames=0 biosdevname=0");
+    $self->boot_to_login_screen("text_console_login", 5, 60);
+    # login
+    $self->root_console();
+    # set hostname
+    assert_script_run 'hostnamectl set-hostname ipa001.domain.local';
+    # add entry to /etc/hosts
+    assert_script_run 'echo "10.0.2.100 ipa001.domain.local ipa001" >> /etc/hosts';
+    # bring up network. DEFROUTE is *vital* here
+    assert_script_run 'printf "DEVICE=eth0\nBOOTPROTO=none\nIPADDR=10.0.2.100\nGATEWAY=10.0.2.2\nPREFIX=24\nDEFROUTE=yes" > /etc/sysconfig/network-scripts/ifcfg-eth0';
+    script_run "systemctl restart NetworkManager.service";
+    # clone host's resolv.conf to get name resolution
+    $self->clone_host_resolv();
+    # we don't want updates-testing for validation purposes
+    assert_script_run 'dnf config-manager --set-disabled updates-testing';
+    # we need a lot of entropy for this, and we don't care how good
+    # it is, so let's use haveged
+    assert_script_run 'dnf -y install haveged', 120;
+    assert_script_run 'systemctl start haveged.service';
+    # deploy the domain controller role
+    assert_script_run 'echo \'{"admin_password":"monkeys123"}\' | rolectl deploy domaincontroller --name=domain.local --settings-stdin', 1200;
+    # check the role status, should be 'running'
+    validate_script_output 'rolectl status domaincontroller/domain.local', sub { $_ =~ m/^running/ };
+    # check the admin password is listed in 'settings'
+    validate_script_output 'rolectl settings domaincontroller/domain.local', sub {$_ =~m/dm_password = \w{5,}/ };
+    # sanitize the settings
+    assert_script_run 'rolectl sanitize domaincontroller/domain.local';
+    # check the password now shows as 'None'
+    validate_script_output 'rolectl settings domaincontroller/domain.local', sub {$_ =~ m/dm_password = None/ };
+    # kinit as admin
+    assert_script_run 'echo "monkeys123" | kinit admin';
+    # set up an OTP for client001 enrolment (it will enrol with a kickstart)
+    assert_script_run 'ipa host-add client001.domain.local --password=monkeys --force';
+    # create two user accounts, test1 and test2
+    assert_script_run 'echo "correcthorse" | ipa user-add test1 --first test --last one --password';
+    assert_script_run 'echo "correcthorse" | ipa user-add test2 --first test --last two --password';
+    # add a rule allowing access to all hosts and services
+    assert_script_run 'ipa hbacrule-add testrule --servicecat=all --hostcat=all';
+    # add test1 (but not test2) to the rule
+    assert_script_run 'ipa hbacrule-add-user testrule --users=test1';
+    # disable the default 'everyone everywhere' rule
+    assert_script_run 'ipa hbacrule-disable allow_all';
+    # we're all ready for other jobs to run!
+    mutex_create('freeipa_ready');
+    wait_for_children;
+    # once child jobs are done, stop the role
+    assert_script_run 'rolectl stop domaincontroller/domain.local';
+    # check role is stopped
+    validate_script_output 'rolectl status domaincontroller/domain.local', sub { $_ =~ m/^ready-to-start/ };
+    # decommission the role
+    assert_script_run 'rolectl decommission domaincontroller/domain.local', 120;
+    # check role is decommissioned
+    validate_script_output 'rolectl list instances', sub { $_ eq "" };
+}
+
+
+sub test_flags {
+    # without anything - rollback to 'lastgood' snapshot if failed
+    # 'fatal' - whole test suite is in danger if this fails
+    # 'milestone' - after this test succeeds, update 'lastgood'
+    # 'important' - if this fails, set the overall state to 'fail'
+    return { fatal => 1 };
+}
+
+1;
+
+# vim: set sw=4 et: