mirror of
https://pagure.io/fedora-qa/os-autoinst-distri-fedora.git
synced 2024-12-22 02:13:08 +00:00
Drop old rolekit code from database and freeipa tests
RIP rolekit Signed-off-by: Adam Williamson <awilliam@redhat.com>
This commit is contained in:
parent
fc93309b41
commit
fec49f05ec
@ -10,55 +10,39 @@ sub run {
|
||||
my $self=shift;
|
||||
# use compose repo, disable u-t, etc.
|
||||
repo_setup();
|
||||
# from here we branch: for F28 and earlier we use rolekit as
|
||||
# always, for F29+ we deploy directly ourselves as rolekit is
|
||||
# deprecated
|
||||
my $version = get_var("VERSION");
|
||||
# for upgrade tests we need to check CURRREL not VERSION
|
||||
$version = get_var("CURRREL") if (get_var("UPGRADE"));
|
||||
if ($version < 29 && $version ne 'Rawhide') {
|
||||
# deploy the database server role
|
||||
assert_script_run 'echo \'{"database":"openqa","owner":"openqa","password":"correcthorse"}\' | rolectl deploy databaseserver --settings-stdin', 300;
|
||||
# check the role status, should be 'running'
|
||||
validate_script_output 'rolectl status databaseserver/1', sub { $_ =~ m/^running/ };
|
||||
# check 'settings' output looks vaguely right
|
||||
validate_script_output 'rolectl settings databaseserver/1', sub {$_ =~ m/owner = openqa/ };
|
||||
}
|
||||
else {
|
||||
# deploy postgres directly ourselves. first, install packages...
|
||||
assert_script_run 'dnf -y install postgresql-server postgresql-contrib', 300;
|
||||
# configure the firewall
|
||||
assert_script_run "firewall-cmd --permanent --add-service postgresql";
|
||||
assert_script_run "systemctl restart firewalld.service";
|
||||
# init the db
|
||||
assert_script_run "/usr/bin/postgresql-setup --initdb";
|
||||
# enable and start the systemd service
|
||||
assert_script_run "systemctl enable postgresql.service";
|
||||
assert_script_run "systemctl start postgresql.service";
|
||||
# create the owner
|
||||
assert_script_run 'su postgres -c "/usr/bin/createuser openqa"';
|
||||
# create the database
|
||||
assert_script_run 'su postgres -c "/usr/bin/createdb openqa -O openqa"';
|
||||
# set the password. oh, god, the quotes. THE QUOTES. trying to
|
||||
# get four layers of nested quotes properly escaped through
|
||||
# perl, bash and postgres is futile, so we write the command
|
||||
# to a file and call psql on the file
|
||||
assert_script_run 'echo "ALTER ROLE openqa WITH PASSWORD \'correcthorse\'" > /tmp/cmd';
|
||||
assert_script_run 'su postgres -c "psql openqa -f /tmp/cmd"';
|
||||
# adjust postgresql.conf to allow network connections; sloppy
|
||||
# version of how rolekit did it
|
||||
assert_script_run 'sed -i -e "s,.*listen_addresses *=.*,listen_addresses=\'*\',g" /var/lib/pgsql/data/postgresql.conf';
|
||||
# check that worked...
|
||||
upload_logs "/var/lib/pgsql/data/postgresql.conf";
|
||||
# adjust pg_hba.conf to use md5 authentication; sloppy version
|
||||
# of how rolekit did it
|
||||
assert_script_run 'sed -i -e "s,^host,#host,g" /var/lib/pgsql/data/pg_hba.conf';
|
||||
assert_script_run 'echo "host all all all md5" >> /var/lib/pgsql/data/pg_hba.conf';
|
||||
# check that worked...
|
||||
upload_logs "/var/lib/pgsql/data/pg_hba.conf";
|
||||
# restart the service
|
||||
assert_script_run "systemctl restart postgresql.service";
|
||||
}
|
||||
# deploy postgres directly ourselves. first, install packages...
|
||||
assert_script_run 'dnf -y install postgresql-server postgresql-contrib', 300;
|
||||
# configure the firewall
|
||||
assert_script_run "firewall-cmd --permanent --add-service postgresql";
|
||||
assert_script_run "systemctl restart firewalld.service";
|
||||
# init the db
|
||||
assert_script_run "/usr/bin/postgresql-setup --initdb";
|
||||
# enable and start the systemd service
|
||||
assert_script_run "systemctl enable postgresql.service";
|
||||
assert_script_run "systemctl start postgresql.service";
|
||||
# create the owner
|
||||
assert_script_run 'su postgres -c "/usr/bin/createuser openqa"';
|
||||
# create the database
|
||||
assert_script_run 'su postgres -c "/usr/bin/createdb openqa -O openqa"';
|
||||
# set the password. oh, god, the quotes. THE QUOTES. trying to
|
||||
# get four layers of nested quotes properly escaped through
|
||||
# perl, bash and postgres is futile, so we write the command
|
||||
# to a file and call psql on the file
|
||||
assert_script_run 'echo "ALTER ROLE openqa WITH PASSWORD \'correcthorse\'" > /tmp/cmd';
|
||||
assert_script_run 'su postgres -c "psql openqa -f /tmp/cmd"';
|
||||
# adjust postgresql.conf to allow network connections; sloppy
|
||||
# version of how rolekit did it
|
||||
assert_script_run 'sed -i -e "s,.*listen_addresses *=.*,listen_addresses=\'*\',g" /var/lib/pgsql/data/postgresql.conf';
|
||||
# check that worked...
|
||||
upload_logs "/var/lib/pgsql/data/postgresql.conf";
|
||||
# adjust pg_hba.conf to use md5 authentication; sloppy version
|
||||
# of how rolekit did it
|
||||
assert_script_run 'sed -i -e "s,^host,#host,g" /var/lib/pgsql/data/pg_hba.conf';
|
||||
assert_script_run 'echo "host all all all md5" >> /var/lib/pgsql/data/pg_hba.conf';
|
||||
# check that worked...
|
||||
upload_logs "/var/lib/pgsql/data/pg_hba.conf";
|
||||
# restart the service
|
||||
assert_script_run "systemctl restart postgresql.service";
|
||||
# check we can connect to the database and create a table
|
||||
assert_script_run 'su postgres -c "psql openqa -c \'CREATE TABLE test (testcol int);\'"';
|
||||
# check we can add a row to the table
|
||||
@ -71,26 +55,14 @@ sub run {
|
||||
# we're all ready for other jobs to run!
|
||||
mutex_create('db_ready');
|
||||
wait_for_children;
|
||||
if ($version < 29 && $version ne 'Rawhide') {
|
||||
# once child jobs are done, stop the role
|
||||
assert_script_run 'rolectl stop databaseserver/1';
|
||||
# check role is stopped
|
||||
validate_script_output 'rolectl status databaseserver/1', sub { $_ =~ m/^ready-to-start/ };
|
||||
# decommission the role
|
||||
assert_script_run 'rolectl decommission databaseserver/1', 120;
|
||||
# check role is decommissioned
|
||||
validate_script_output 'rolectl list instances', sub { $_ eq "" };
|
||||
}
|
||||
else {
|
||||
# once child jobs are done, decommission the server a bit
|
||||
assert_script_run 'su postgres -c "/usr/bin/dropdb -w --if-exists openqa"';
|
||||
assert_script_run 'su postgres -c "/usr/bin/dropuser -w --if-exists openqa"';
|
||||
# stop the server
|
||||
assert_script_run 'systemctl stop postgresql.service';
|
||||
# check server is stopped
|
||||
assert_script_run '! systemctl is-active postgresql.service';
|
||||
# FIXME check server is decommissioned...how?
|
||||
}
|
||||
# once child jobs are done, decommission the server a bit
|
||||
assert_script_run 'su postgres -c "/usr/bin/dropdb -w --if-exists openqa"';
|
||||
assert_script_run 'su postgres -c "/usr/bin/dropuser -w --if-exists openqa"';
|
||||
# stop the server
|
||||
assert_script_run 'systemctl stop postgresql.service';
|
||||
# check server is stopped
|
||||
assert_script_run '! systemctl is-active postgresql.service';
|
||||
# FIXME check server is decommissioned...how?
|
||||
}
|
||||
|
||||
|
||||
|
@ -33,74 +33,22 @@ sub run {
|
||||
# read DNS server IPs from host's /etc/resolv.conf for passing to
|
||||
# ipa-server-install / rolectl
|
||||
my @forwards = get_host_dns();
|
||||
# from here we branch: for F28 and earlier we use rolekit as
|
||||
# always, for F29+ we deploy directly ourselves as rolekit is
|
||||
# deprecated
|
||||
my $version = get_var("VERSION");
|
||||
# for upgrade tests we need to check CURRREL not VERSION
|
||||
$version = get_var("CURRREL") if (get_var("UPGRADE"));
|
||||
if ($version < 29 && $version ne 'Rawhide') {
|
||||
# we are now gonna work around a stupid bug in rolekit. we want to
|
||||
# pass it a list of ipv4 DNS forwarders and have no ipv6 DNS
|
||||
# forwarders. but it won't allow you to have a dns_forwarders array
|
||||
# with a "ipv4" list but no "ipv6" list, any values in the "ipv6"
|
||||
# list must be contactable (so we can't use real IPv6 DNS servers
|
||||
# as we have no IPv6 connectivity), and if you use an empty list
|
||||
# as the "ipv6" value you often hit a weird DBus error "unable to
|
||||
# guess signature from an empty list". Fortunately, rolekit doesn't
|
||||
# actually check that the values in the lists are really IPv6 /
|
||||
# IPv4, it just turns all the values in each list into --forwarder
|
||||
# args for ipa-server-install. So we can just stuff IPv4 values
|
||||
# into both lists. rolekit bug:
|
||||
# https://github.com/libre-server/rolekit/issues/64
|
||||
# it should be fixed relatively soon.
|
||||
my $fourlist;
|
||||
my $sixlist;
|
||||
if (scalar @forwards == 1) {
|
||||
# we've only got one server, so dupe it, best we can do
|
||||
$fourlist = '["' . $forwards[0] . '"]';
|
||||
$sixlist = $fourlist;
|
||||
}
|
||||
else {
|
||||
# put the first value in the 'IPv4' list and all the others in
|
||||
# the 'IPv6' list
|
||||
$fourlist = '["' . shift(@forwards) . '"]';
|
||||
$sixlist = '["' . join('","', @forwards) . '"]';
|
||||
}
|
||||
# this is hideous, but we need --allow-zone-overlap for reverse
|
||||
# DNS stuff to work, and there's no good way to make rolekit do
|
||||
# that. so we monkeypatch it in!
|
||||
assert_script_run 'sed -i -e "s/\'ipa-server-install\', \'-U\',/\'ipa-server-install\', \'-U\', \'--allow-zone-overlap\',/" /usr/lib/rolekit/roles/domaincontroller/role.py';
|
||||
# to check that worked right...
|
||||
upload_logs "/usr/lib/rolekit/roles/domaincontroller/role.py";
|
||||
# deploy the domain controller role, specifying an admin password
|
||||
# and the list of DNS server IPs as JSON via stdin. If we don't do
|
||||
# this, rolectl defaults to using the root servers as forwarders
|
||||
# (it does not copy the settings from resolv.conf), which give the
|
||||
# public results for mirrors.fedoraproject.org, some of which
|
||||
# things running in phx2 cannot reach; we must make sure the phx2
|
||||
# deployments use the phx2 nameservers.
|
||||
assert_script_run 'echo \'{"admin_password":"monkeys123","reverse_zone":["2.0.10.in-addr.arpa"],"dns_forwarders":{"ipv4":' . $fourlist . ',"ipv6":' . $sixlist .'}}\' | rolectl deploy domaincontroller --name=domain.local --settings-stdin', 1200;
|
||||
# First install the necessary packages
|
||||
assert_script_run "dnf -y groupinstall freeipa-server", 600;
|
||||
# configure the firewall
|
||||
for my $service (qw(freeipa-ldap freeipa-ldaps dns)) {
|
||||
assert_script_run "firewall-cmd --permanent --add-service $service";
|
||||
}
|
||||
else {
|
||||
# this is the other side of the version branch - we're on 29+,
|
||||
# so no rolekit. First install the necessary packages
|
||||
assert_script_run "dnf -y groupinstall freeipa-server", 600;
|
||||
# configure the firewall
|
||||
for my $service (qw(freeipa-ldap freeipa-ldaps dns)) {
|
||||
assert_script_run "firewall-cmd --permanent --add-service $service";
|
||||
}
|
||||
assert_script_run "systemctl restart firewalld.service";
|
||||
# deploy the server
|
||||
my $args = "-U --realm=DOMAIN.LOCAL --domain=domain.local --ds-password=monkeys123 --admin-password=monkeys123 --setup-dns --reverse-zone=2.0.10.in-addr.arpa --allow-zone-overlap";
|
||||
for my $fwd (@forwards) {
|
||||
$args .= " --forwarder=$fwd";
|
||||
}
|
||||
assert_script_run "ipa-server-install $args", 1200;
|
||||
# enable and start the systemd service
|
||||
assert_script_run "systemctl enable ipa.service";
|
||||
assert_script_run "systemctl start ipa.service", 300;
|
||||
assert_script_run "systemctl restart firewalld.service";
|
||||
# deploy the server
|
||||
my $args = "-U --realm=DOMAIN.LOCAL --domain=domain.local --ds-password=monkeys123 --admin-password=monkeys123 --setup-dns --reverse-zone=2.0.10.in-addr.arpa --allow-zone-overlap";
|
||||
for my $fwd (@forwards) {
|
||||
$args .= " --forwarder=$fwd";
|
||||
}
|
||||
assert_script_run "ipa-server-install $args", 1200;
|
||||
# enable and start the systemd service
|
||||
assert_script_run "systemctl enable ipa.service";
|
||||
assert_script_run "systemctl start ipa.service", 300;
|
||||
|
||||
# kinit as admin
|
||||
assert_script_run 'echo "monkeys123" | kinit admin';
|
||||
|
@ -20,51 +20,22 @@ sub run {
|
||||
}
|
||||
# if this is an update, notify clients that we're now up again
|
||||
mutex_create('server_upgraded') if get_var("UPGRADE");
|
||||
# from here we branch: for F28 and earlier we use rolekit as
|
||||
# always, for F29+ we decommission directly ourselves as rolekit
|
||||
# is deprecated
|
||||
my $version = get_var("VERSION");
|
||||
if ($version < 29 && $version ne 'Rawhide') {
|
||||
# check the role status, should be 'running'
|
||||
validate_script_output 'rolectl status domaincontroller/domain.local', sub { $_ =~ m/^running/ };
|
||||
# check the admin password is listed in 'settings'
|
||||
validate_script_output 'rolectl settings domaincontroller/domain.local', sub {$_ =~m/dm_password = \w{5,}/ };
|
||||
# sanitize the settings
|
||||
assert_script_run 'rolectl sanitize domaincontroller/domain.local';
|
||||
# check the password now shows as 'None'
|
||||
validate_script_output 'rolectl settings domaincontroller/domain.local', sub {$_ =~ m/dm_password = None/ };
|
||||
# once child jobs are done, stop the role
|
||||
wait_for_children;
|
||||
# run post-fail hook to upload logs - even when this test passes
|
||||
# there are often cases where we need to see the logs (e.g. client
|
||||
# test failed due to server issue)
|
||||
$self->post_fail_hook();
|
||||
assert_script_run 'rolectl stop domaincontroller/domain.local';
|
||||
# check role is stopped
|
||||
validate_script_output 'rolectl status domaincontroller/domain.local', sub { $_ =~ m/^ready-to-start/ };
|
||||
# decommission the role
|
||||
assert_script_run 'rolectl decommission domaincontroller/domain.local', 300;
|
||||
# check role is decommissioned
|
||||
validate_script_output 'rolectl list instances', sub { $_ eq "" };
|
||||
}
|
||||
else {
|
||||
# once child jobs are done, stop the server
|
||||
wait_for_children;
|
||||
# run post-fail hook to upload logs - even when this test passes
|
||||
# there are often cases where we need to see the logs (e.g. client
|
||||
# test failed due to server issue)
|
||||
$self->post_fail_hook();
|
||||
assert_script_run 'systemctl stop ipa.service';
|
||||
# check server is stopped
|
||||
assert_script_run '! systemctl is-active ipa.service';
|
||||
# decommission the server
|
||||
assert_script_run 'ipa-server-install -U --uninstall', 300;
|
||||
# try and un-garble the screen that the above sometimes garbles
|
||||
# ...we may be on tty1 or tty3 now, so flip between them
|
||||
send_key "ctrl-alt-f1";
|
||||
send_key "ctrl-alt-f3";
|
||||
# FIXME check server is decommissioned...how?
|
||||
}
|
||||
# once child jobs are done, stop the server
|
||||
wait_for_children;
|
||||
# run post-fail hook to upload logs - even when this test passes
|
||||
# there are often cases where we need to see the logs (e.g. client
|
||||
# test failed due to server issue)
|
||||
$self->post_fail_hook();
|
||||
assert_script_run 'systemctl stop ipa.service';
|
||||
# check server is stopped
|
||||
assert_script_run '! systemctl is-active ipa.service';
|
||||
# decommission the server
|
||||
assert_script_run 'ipa-server-install -U --uninstall', 300;
|
||||
# try and un-garble the screen that the above sometimes garbles
|
||||
# ...we may be on tty1 or tty3 now, so flip between them
|
||||
send_key "ctrl-alt-f1";
|
||||
send_key "ctrl-alt-f3";
|
||||
# FIXME check server is decommissioned...how?
|
||||
}
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user