1
0
mirror of https://pagure.io/fedora-qa/os-autoinst-distri-fedora.git synced 2024-11-04 23:24:21 +00:00
os-autoinst-distri-fedora/tests/domain_client.pm
Adam Williamson ae7d5011df Fixes for Active Directory client tests
abbra told me where I was going wrong with the 'expected' target
of the getent command ("AD/" is not a magic string, it's just
"(netbiosname)/", and our netbios name is "SAMDOM"...) so this
fixes that too, trying to avoid hard-coding stuff.

For the kickstart test, it seems like it's a timing issue. We
added this 'install sssd-tools and enable debugging' step to try
and debug it, and instead it fixed it. So...let's just stick
with this, for now, because it's useful to have this debugging
anyway. If the problem starts happening again, we can fiddle
about with it more.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2023-08-05 11:22:37 +01:00

80 lines
2.8 KiB
Perl

use base "installedtest";
use strict;
use testapi;
use utils;
sub run {
my $self = shift;
my $admin = get_var("REALMD_ADMIN_USER", "admin");
my $tcadmin = ucfirst($admin);
my $domain = get_var("REALMD_DOMAIN", "test.openqa.fedoraproject.org");
my $shortdom = uc((split(/\./, $domain))[0]);
my $udomain = uc($domain);
my $qdomain = quotemeta($domain);
my $qudomain = uc($qdomain);
# switch to tty1 (we're usually there already, but just in case
# we're carrying on from a failed freeipa_webui that didn't fail
# at tty1)
send_key "ctrl-alt-f1";
wait_still_screen 1;
if (get_var("KICKSTART")) {
# we don't have sssd debugging enabled yet
assert_script_run 'dnf -y install sssd-tools', 240;
assert_script_run 'sss_debuglevel 9';
}
# check domain is listed in 'realm list'
validate_script_output 'realm list', sub { $_ =~ m/domain-name: $qdomain.*configured: kerberos-member/s };
# check we can resolve domain accounts
if ($domain =~ m/samdom/) {
# give this two tries, to see if it helps the problem where
# it sometimes fails for no reason
if (script_run "getent passwd '$shortdom\\$tcadmin'") {
assert_script_run "getent passwd '$shortdom\\$tcadmin'";
}
}
else {
assert_script_run "getent passwd $admin\@$udomain";
}
# check keytab entries
# on AD clients, this isn't automatically installed
assert_script_run "dnf -y install krb5-workstation", 180;
my $hostname = script_output 'hostname';
my $qhost = quotemeta($hostname);
validate_script_output 'klist -k', sub { $_ =~ m/$qhost\@$qudomain/ };
# check we can kinit with the host principal
if ($domain =~ m/samdom/) {
my $shorthost = uc((split(/\./, $hostname))[0]);
assert_script_run "kinit -k $shorthost\\\$\@$udomain";
}
else {
assert_script_run "kinit -k host/$hostname\@$udomain";
}
# Set a longer timeout for login(1) to workaround RHBZ #1661273
assert_script_run 'echo "LOGIN_TIMEOUT 180" >> /etc/login.defs';
# switch to tty2 for login tests
send_key "ctrl-alt-f2";
# try and login as test1, should work
console_login(user => "test1\@$domain", password => 'batterystaple');
type_string "exit\n";
unless ($domain =~ m/samdom/) {
# try and login as test2, should fail. we cannot use console_login
# as it takes 10 seconds to complete when login fails, and
# "permission denied" message doesn't last that long
sleep 2;
assert_screen "text_console_login";
type_string "test2\@$udomain\n";
assert_screen "console_password_required";
type_string "batterystaple\n";
assert_screen "login_permission_denied";
}
}
sub test_flags {
return {fatal => 1};
}
1;
# vim: set sw=4 et: