78 lines
3.7 KiB
Perl
78 lines
3.7 KiB
Perl
use base "installedtest";
|
|
use strict;
|
|
use testapi;
|
|
use lockapi;
|
|
use mmapi;
|
|
|
|
sub run {
|
|
my $self=shift;
|
|
# boot with kernel params to ensure interface is 'eth0' and not whatever
|
|
# systemd feels like calling it today
|
|
$self->do_bootloader(1, "net.ifnames=0 biosdevname=0");
|
|
$self->boot_to_login_screen("text_console_login", 5, 60);
|
|
# login
|
|
$self->root_console();
|
|
# set hostname
|
|
assert_script_run 'hostnamectl set-hostname ipa001.domain.local';
|
|
# add entry to /etc/hosts
|
|
assert_script_run 'echo "10.0.2.100 ipa001.domain.local ipa001" >> /etc/hosts';
|
|
# bring up network. DEFROUTE is *vital* here
|
|
assert_script_run 'printf "DEVICE=eth0\nBOOTPROTO=none\nIPADDR=10.0.2.100\nGATEWAY=10.0.2.2\nPREFIX=24\nDEFROUTE=yes" > /etc/sysconfig/network-scripts/ifcfg-eth0';
|
|
script_run "systemctl restart NetworkManager.service";
|
|
# clone host's resolv.conf to get name resolution
|
|
$self->clone_host_resolv();
|
|
# we don't want updates-testing for validation purposes
|
|
assert_script_run 'dnf config-manager --set-disabled updates-testing';
|
|
# we need a lot of entropy for this, and we don't care how good
|
|
# it is, so let's use haveged
|
|
assert_script_run 'dnf -y install haveged', 120;
|
|
assert_script_run 'systemctl start haveged.service';
|
|
# deploy the domain controller role
|
|
assert_script_run 'echo \'{"admin_password":"monkeys123"}\' | rolectl deploy domaincontroller --name=domain.local --settings-stdin', 1200;
|
|
# check the role status, should be 'running'
|
|
validate_script_output 'rolectl status domaincontroller/domain.local', sub { $_ =~ m/^running/ };
|
|
# check the admin password is listed in 'settings'
|
|
validate_script_output 'rolectl settings domaincontroller/domain.local', sub {$_ =~m/dm_password = \w{5,}/ };
|
|
# sanitize the settings
|
|
assert_script_run 'rolectl sanitize domaincontroller/domain.local';
|
|
# check the password now shows as 'None'
|
|
validate_script_output 'rolectl settings domaincontroller/domain.local', sub {$_ =~ m/dm_password = None/ };
|
|
# kinit as admin
|
|
assert_script_run 'echo "monkeys123" | kinit admin';
|
|
# set up an OTP for client001 enrolment (it will enrol with a kickstart)
|
|
assert_script_run 'ipa host-add client001.domain.local --password=monkeys --force';
|
|
# create two user accounts, test1 and test2
|
|
assert_script_run 'echo "correcthorse" | ipa user-add test1 --first test --last one --password';
|
|
assert_script_run 'echo "correcthorse" | ipa user-add test2 --first test --last two --password';
|
|
# add a rule allowing access to all hosts and services
|
|
assert_script_run 'ipa hbacrule-add testrule --servicecat=all --hostcat=all';
|
|
# add test1 (but not test2) to the rule
|
|
assert_script_run 'ipa hbacrule-add-user testrule --users=test1';
|
|
# disable the default 'everyone everywhere' rule
|
|
assert_script_run 'ipa hbacrule-disable allow_all';
|
|
# we're all ready for other jobs to run!
|
|
mutex_create('freeipa_ready');
|
|
wait_for_children;
|
|
# once child jobs are done, stop the role
|
|
assert_script_run 'rolectl stop domaincontroller/domain.local';
|
|
# check role is stopped
|
|
validate_script_output 'rolectl status domaincontroller/domain.local', sub { $_ =~ m/^ready-to-start/ };
|
|
# decommission the role
|
|
assert_script_run 'rolectl decommission domaincontroller/domain.local', 120;
|
|
# check role is decommissioned
|
|
validate_script_output 'rolectl list instances', sub { $_ eq "" };
|
|
}
|
|
|
|
|
|
sub test_flags {
|
|
# without anything - rollback to 'lastgood' snapshot if failed
|
|
# 'fatal' - whole test suite is in danger if this fails
|
|
# 'milestone' - after this test succeeds, update 'lastgood'
|
|
# 'important' - if this fails, set the overall state to 'fail'
|
|
return { fatal => 1 };
|
|
}
|
|
|
|
1;
|
|
|
|
# vim: set sw=4 et:
|