Smoke test with FreeIPA

Travis CI is configured to build dogtag RPMs, test CA and KRA and
finally do a smoke test with stable FreeIPA. Smoke test runs cert
related tests:
- test_caacl_plugin
- test_caacl_profile_enforcement
- test_cert_plugin
- test_certprofile_plugin
- test_vault_plugin

https://pagure.io/dogtagpki/issue/2743

Change-Id: I894133f585772673932d1e8d8420c5c4c5ed6b7e

3 files changed, 179 insertions, 5 deletions

diff --git a/.test_runner_config.yaml b/.test_runner_config.yaml
new file mode 100644
index 000000000..1ca5a72c2
--- /dev/null
+++ b/.test_runner_config.yaml
@@ -0,0 +1,84 @@
+# Authors:
+#     Dinesh Prasanth M K <dmoluguw@redhat.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2017 Red Hat, Inc.
+# All rights reserved.
+#
+
+container:
+  detach: true
+  hostname: master.ipa.test
+  working_dir: /freeipa
+host:
+  binds:
+  - /sys/fs/cgroup:/sys/fs/cgroup:ro
+  - /dev/urandom:/dev/random:ro
+  privileged: true
+  security_opt:
+  - label:disable
+  tmpfs:
+  - /tmp
+  - /run
+server:
+  domain: ipa.test
+  password: Secret.123
+  realm: IPA.TEST
+steps:
+  build:
+  - echo "Skipping Build. Nothing to do..."
+  builddep:
+  - rm -rf /var/cache/dnf/*
+  - "dnf makecache fast || :"
+  cleanup:
+  - chown -R ${uid}:${gid} ${container_working_dir}
+  - journalctl -b --no-pager > systemd_journal.log
+  - >
+      tar --ignore-failed-read -cvf ${container_working_dir}/var_log.tar
+      /var/log/dirsrv
+      /var/log/httpd
+      /var/log/ipa*
+      /var/log/krb5kdc.log
+      /var/log/pki
+      systemd_journal.log
+  - chown ${uid}:${gid} ${container_working_dir}/var_log.tar
+  configure:
+  - dnf repolist
+  install_packages:
+  - echo "Installing recently built dogtag RPMs..."
+  - find /freeipa/dogtag_rpms/ -name '*.rpm' -and -not -name '*debuginfo*'   | xargs dnf install -y --best --allowerasing
+  - rpm -qa freeipa-*
+  - rpm -qa pki-*
+  install_server:
+  - echo "Installing ipa-server..."
+  - ipa-server-install -U --domain ${server_domain} --realm ${server_realm} -p ${server_password}
+    -a ${server_password} --setup-dns --setup-kra --auto-forwarders
+  - systemctl restart httpd.service
+  lint:
+  - echo "Skipping lint. Nothing to do here..."
+  prepare_tests:
+  - echo ${server_password} | kinit admin && ipa ping
+  - cp -r /etc/ipa/* ~/.ipa/
+  - echo ${server_password} > ~/.ipa/.dmpw
+  - echo 'wait_for_dns=5' >> ~/.ipa/default.conf
+  run_tests:
+  - ipa-run-tests ${tests_ignore} -k-test_dns_soa ${tests_verbose} ${path}
+  - ipa-server-install --uninstall -U
+tests:
+  ignore:
+  - test_integration
+  - test_webui
+  - test_ipapython/test_keyring.py
+  verbose: true
diff --git a/.travis.yml b/.travis.yml
index 54ae88431..4399c67e0 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -3,11 +3,16 @@ language: python
 
 services:
   - docker
-
+cache: pip
 env:
   global:
     - CONTAINER=pkitest
     - SCRIPTDIR=/tmp/workdir/pki/.travis
+    - DOGTAG_PKI_RPMS=${TRAVIS_BUILD_DIR}/dogtag_rpms
+    - RPMS_LOCATION=/tmp/workdir/packages/RPMS
+    - PKI_LOG=pki_log.log
+    - CI_RESULTS_LOG="ci_results_${TRAVIS_BRANCH}.log"
+    - IPA_TEST_RUNNER_IMAGE="dogtagpki/dogtag-freeipa-ci-containers:f25_ipa_4-5"
   matrix:
     - IMAGE=dogtagpki/pki-ci-containers:f25_104
     # F26 repo is unstable
@@ -17,6 +22,7 @@ env:
 
 before_install:
   - docker pull ${IMAGE}
+  - docker pull ${IPA_TEST_RUNNER_IMAGE}
   - >
     docker run
     --detach
@@ -33,15 +39,30 @@ before_install:
     -e TRAVIS_JOB_NUMBER=${TRAVIS_JOB_NUMBER}
     -ti
     ${IMAGE}
-  - docker ps -a
 
 install:
+  - docker exec -ti ${CONTAINER} /bin/ls -la /tmp/workdir
+
   - docker exec -ti ${CONTAINER} ${SCRIPTDIR}/00-init
   - docker exec -ti ${CONTAINER} ${SCRIPTDIR}/10-compose-rpms
+
+  # Copy the built RPMS to host machine
+  - mkdir -p ${DOGTAG_PKI_RPMS}
+  - docker cp ${CONTAINER}:${RPMS_LOCATION}/. ${DOGTAG_PKI_RPMS}
+  - ls ${DOGTAG_PKI_RPMS}
+
   - docker exec -ti ${CONTAINER} ${SCRIPTDIR}/20-install-rpms
   - docker exec -ti ${CONTAINER} ${SCRIPTDIR}/30-setup-389ds
 
+  # IPA related installs
+  - pip install --upgrade pip
+  - pip3 install --upgrade pip
+  - pip install pep8
+  - >
+    pip3 install
+    git+https://github.com/freeipa/ipa-docker-test-runner@release-0-2-1
 script:
+  # Test whether pki subsystem works correctly
   - docker exec -ti ${CONTAINER} ${SCRIPTDIR}/40-spawn-ca
   - docker exec -ti ${CONTAINER} ${SCRIPTDIR}/50-spawn-kra
   - docker exec -ti ${CONTAINER} ${SCRIPTDIR}/99-destroy
@@ -51,10 +72,14 @@ script:
   - docker exec -ti ${CONTAINER} ${SCRIPTDIR}/40-spawn-ca
   - docker exec -ti ${CONTAINER} ${SCRIPTDIR}/50-spawn-kra
   - docker exec -ti ${CONTAINER} ${SCRIPTDIR}/99-destroy
-
+  # It is time to run FreeIPA tests with new Dogtag RPMS built
+  - travis_wait 20 ./.travis_run_ipa_task.sh
 after_script:
   - docker kill ${CONTAINER}
   - docker rm ${CONTAINER}
-
+# The errors can be in either dogtag container or freeipa container
 after_failure:
-  - docker exec -ti ${CONTAINER} journalctl -l
+  - docker exec ${CONTAINER} journalctl  -l > ${PKI_LOG}
+  - echo "Uploading CI Logs to transfer.sh ..."
+  - curl --upload-file ./${PKI_LOG} https://transfer.sh/dogtag_build_logs.txt
+  - curl --upload-file ./${CI_RESULTS_LOG} https://transfer.sh/freeipa-integration.txt
diff --git a/.travis_run_ipa_task.sh b/.travis_run_ipa_task.sh
new file mode 100755
index 000000000..9fb647295
--- /dev/null
+++ b/.travis_run_ipa_task.sh
@@ -0,0 +1,65 @@
+#!/bin/bash
+#
+# Authors:
+#     Dinesh Prasanth M K <dmoluguw@redhat.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2017 Red Hat, Inc.
+# All rights reserved.
+#
+
+PYTHON="/usr/bin/python${TRAVIS_PYTHON_VERSION}"
+TEST_RUNNER_CONFIG=".test_runner_config.yaml"
+TASK_TO_RUN=run-tests
+
+test_set="test_caacl_plugin.py test_caacl_profile_enforcement.py test_cert_plugin.py test_certprofile_plugin.py test_vault_plugin.py"
+developer_mode_opt="--developer-mode"
+cert_test_file_loc=""
+
+
+function truncate_log_to_test_failures() {
+    # chop off everything in the CI_RESULTS_LOG preceding pytest error output
+    # if there are pytest errors in the log
+    error_fail_regexp='\(=== ERRORS ===\)\|\(=== FAILURES ===\)'
+
+    if grep -e "$error_fail_regexp" $CI_RESULTS_LOG > /dev/null
+    then
+        sed -i "/$error_fail_regexp/,\$!d" $CI_RESULTS_LOG
+    fi
+}
+
+for test_files in ${test_set}; do
+    cert_test_file_loc="${cert_test_file_loc} test_xmlrpc/${test_files}"
+done
+
+echo ${cert_test_file_loc}
+
+ipa-docker-test-runner -l ${CI_RESULTS_LOG} \
+    -c ${TEST_RUNNER_CONFIG} \
+    $developer_mode_opt \
+    --container-environment "PYTHON=$PYTHON" \
+    --container-image ${IPA_TEST_RUNNER_IMAGE} \
+    --git-repo ${TRAVIS_BUILD_DIR} \
+    ${TASK_TO_RUN} ${cert_test_file_loc}
+
+
+exit_status="$?"
+
+if [[ "$exit_status" -ne 0 ]]
+then
+    truncate_log_to_test_failures
+fi
+
+exit $exit_status
\ No newline at end of file