mirror of
https://pagure.io/fedora-qa/os-autoinst-distri-fedora.git
synced 2024-09-16 21:07:22 +00:00
aab6935707
ipa-replica-install already changes the DNS config to use the local bind instance, we don't need to do this and it's actually wrong (as it bypasses the local BIND we should use and uses the VM host's DNS servers instead). Signed-off-by: Adam Williamson <awilliam@redhat.com>
103 lines
3.6 KiB
Perl
103 lines
3.6 KiB
Perl
use base "installedtest";
|
|
use strict;
|
|
use testapi;
|
|
use lockapi;
|
|
use mmapi;
|
|
use tapnet;
|
|
use utils;
|
|
|
|
sub run {
|
|
my $self=shift;
|
|
# use FreeIPA server or replica as DNS server
|
|
my $server = 'ipa001.domain.local';
|
|
my $server_ip = '172.16.2.100';
|
|
my $server_mutex = 'freeipa_ready';
|
|
if (get_var("FREEIPA_REPLICA")) {
|
|
$server = 'ipa002.domain.local';
|
|
$server_ip = '172.16.2.106';
|
|
}
|
|
if (get_var("FREEIPA_REPLICA_CLIENT")) {
|
|
$server = 'ipa003.domain.local';
|
|
$server_ip = '172.16.2.107';
|
|
$server_mutex = 'replica_ready';
|
|
}
|
|
bypass_1691487;
|
|
assert_script_run "printf 'search domain.local\nnameserver ${server_ip}' > /etc/resolv.conf";
|
|
# this gets us the name of the first connection in the list,
|
|
# which should be what we want
|
|
my $connection = script_output "nmcli --fields NAME con show | head -2 | tail -1";
|
|
assert_script_run "nmcli con mod '$connection' ipv4.dns '$server_ip'";
|
|
assert_script_run "nmcli con down '$connection'";
|
|
assert_script_run "nmcli con up '$connection'";
|
|
|
|
# wait for the server or replica to be ready (do it now just to be
|
|
# sure name resolution is working before we proceed)
|
|
mutex_lock $server_mutex;
|
|
mutex_unlock $server_mutex;
|
|
# use compose repo, disable u-t, etc. unless this is an upgrade
|
|
# test (in which case we're on the 'old' release at this point;
|
|
# one of the upgrade test modules does repo_setup later)
|
|
repo_setup() unless get_var("UPGRADE");
|
|
# do the enrolment
|
|
if (get_var("FREEIPA_REPLICA")) {
|
|
# here we're enrolling not just as a client, but as a replica
|
|
# install server packages
|
|
assert_script_run "dnf -y groupinstall freeipa-server", 600;
|
|
|
|
# we need a lot of entropy for this, and we don't care how good
|
|
# it is, so let's use haveged
|
|
assert_script_run "dnf -y install haveged", 300;
|
|
assert_script_run 'systemctl start haveged.service';
|
|
|
|
# read DNS server IPs from host's /etc/resolv.conf for passing to
|
|
# ipa-replica-install
|
|
my @forwards = get_host_dns();
|
|
|
|
# configure the firewall
|
|
for my $service (qw(freeipa-ldap freeipa-ldaps dns)) {
|
|
assert_script_run "firewall-cmd --permanent --add-service $service";
|
|
}
|
|
assert_script_run "systemctl restart firewalld.service";
|
|
|
|
# deploy as a replica
|
|
my $args = "--setup-dns --setup-ca --allow-zone-overlap -U --principal admin --admin-password monkeys123";
|
|
for my $fwd (@forwards) {
|
|
$args .= " --forwarder=$fwd";
|
|
}
|
|
assert_script_run "ipa-replica-install $args", 1500;
|
|
|
|
# enable and start the systemd service
|
|
assert_script_run "systemctl enable ipa.service";
|
|
assert_script_run "systemctl start ipa.service", 300;
|
|
|
|
# report that we're ready to go
|
|
mutex_create('replica_ready');
|
|
|
|
# wait for the client test
|
|
wait_for_children;
|
|
}
|
|
else {
|
|
assert_script_run "echo 'monkeys123' | realm join --user=admin ${server}", 300;
|
|
}
|
|
# set sssd debugging level higher (useful for debugging failures)
|
|
# optional as it's not really part of the test
|
|
script_run "dnf -y install sssd-tools", 220;
|
|
script_run "sss_debuglevel 9";
|
|
# if upgrade test, report that we're enrolled
|
|
mutex_create('client_enrolled') if get_var("UPGRADE");
|
|
# if this is an upgrade test, wait for server to be upgraded before
|
|
# continuing, as we rely on it for name resolution
|
|
if (get_var("UPGRADE")) {
|
|
mutex_lock "server_upgraded";
|
|
mutex_unlock "server_upgraded";
|
|
}
|
|
}
|
|
|
|
sub test_flags {
|
|
return { fatal => 1 };
|
|
}
|
|
|
|
1;
|
|
|
|
# vim: set sw=4 et:
|