backup CI: test DNS/DNSSEC after backup and restore

Reviewed-By: Milan Kubík <mkubik@redhat.com>
author: Martin Basti <mbasti@redhat.com> 2015-09-08 13:08:31 +0200
committer: Martin Basti <mbasti@redhat.com> 2015-09-16 18:20:18 +0200
commit: 8772fb4c3dc9a5ba11cfc3bca5970eeaabea1d79 (patch)
tree: 8d0213a7cbb07d02c67eec3b2749a9f2c60093cc
parent: 3c33b48655acabdd12de56e78cdfb2f7d17c414f (diff)
download: freeipa-8772fb4c3dc9a5ba11cfc3bca5970eeaabea1d79.tar.gz
freeipa-8772fb4c3dc9a5ba11cfc3bca5970eeaabea1d79.tar.xz
freeipa-8772fb4c3dc9a5ba11cfc3bca5970eeaabea1d79.zip
2 files changed, 155 insertions, 0 deletions
diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py
index 820507022..06049d4ae 100644
--- a/ipatests/test_integration/tasks.py
+++ b/ipatests/test_integration/tasks.py
@@ -26,6 +26,7 @@ import collections
 import itertools
 import time
 import StringIO
+import dns
 
 from ldif import LDIFWriter
 
@@ -801,3 +802,25 @@ def add_a_record(master, host):
                             master.domain.name,
                             host.hostname,
                             '--a-rec', host.ip])
+
+
+def resolve_record(nameserver, query, rtype="SOA", retry=True, timeout=100):
+    """Resolve DNS record
+    :retry: if resolution failed try again until timeout is reached
+    :timeout: max period of time while method will try to resolve query
+     (requires retry=True)
+    """
+    res = dns.resolver.Resolver()
+    res.nameservers = [nameserver]
+    res.lifetime = 10  # wait max 10 seconds for reply
+
+    wait_until = time.time() + timeout
+
+    while time.time() < wait_until:
+        try:
+            ans = res.query(query, rtype)
+            return ans
+        except dns.exception.DNSException:
+            if not retry:
+                raise
+        time.sleep(1)
diff --git a/ipatests/test_integration/test_backup_and_restore.py b/ipatests/test_integration/test_backup_and_restore.py
index 0ce1aaf29..93f5d131c 100644
--- a/ipatests/test_integration/test_backup_and_restore.py
+++ b/ipatests/test_integration/test_backup_and_restore.py
@@ -27,6 +27,7 @@ from ipapython.ipa_log_manager import log_mgr
 from ipapython.dn import DN
 from ipatests.test_integration.base import IntegrationTest
 from ipatests.test_integration import tasks
+from ipatests.test_integration.test_dnssec import wait_until_record_is_signed
 from ipatests.util import assert_deepequal
 
 log = log_mgr.get_logger(__name__)
@@ -206,3 +207,134 @@ class TestBackupAndRestore(IntegrationTest):
         ])
         assert 'httpd_can_network_connect --> on' in result.stdout_text
         assert 'httpd_manage_ipa --> on' in result.stdout_text
+
+
+class BaseBackupAndRestoreWithDNS(IntegrationTest):
+    """
+    Abstract class for DNS restore tests
+    """
+    topology = 'star'
+
+    example_test_zone = "example.test."
+    example2_test_zone = "example2.test."
+
+    @classmethod
+    def install(cls, mh):
+        tasks.install_master(cls.master, setup_dns=True)
+
+    def _full_backup_restore_with_DNS_zone(self, reinstall=False):
+        """backup, uninstall, restore"""
+        with restore_checker(self.master):
+
+            self.master.run_command([
+                'ipa', 'dnszone-add',
+                self.example_test_zone,
+            ])
+
+            tasks.resolve_record(self.master.ip, self.example_test_zone)
+
+            backup_path = backup(self.master)
+
+            self.master.run_command(['ipa-server-install',
+                                     '--uninstall',
+                                     '-U'])
+
+            if reinstall:
+                tasks.install_master(self.master, setup_dns=True)
+
+            dirman_password = self.master.config.dirman_password
+            self.master.run_command(['ipa-restore', backup_path],
+                                    stdin_text=dirman_password + '\nyes')
+
+            tasks.resolve_record(self.master.ip, self.example_test_zone)
+
+            self.master.run_command([
+                'ipa', 'dnszone-add',
+                self.example2_test_zone,
+            ])
+
+            tasks.resolve_record(self.master.ip, self.example2_test_zone)
+
+
+class TestBackupAndRestoreWithDNS(BaseBackupAndRestoreWithDNS):
+    def test_full_backup_and_restore_with_DNS_zone(self):
+        """backup, uninstall, restore"""
+        self._full_backup_restore_with_DNS_zone(reinstall=False)
+
+
+class TestBackupReinstallRestoreWithDNS(BaseBackupAndRestoreWithDNS):
+    def test_full_backup_reinstall_restore_with_DNS_zone(self):
+        """backup, uninstall, reinstall, restore"""
+        self._full_backup_restore_with_DNS_zone(reinstall=True)
+
+
+class BaseBackupAndRestoreWithDNSSEC(IntegrationTest):
+    """
+    Abstract class for DNSSEC restore tests
+    """
+    topology = 'star'
+
+    example_test_zone = "example.test."
+    example2_test_zone = "example2.test."
+
+    @classmethod
+    def install(cls, mh):
+        tasks.install_master(cls.master, setup_dns=True)
+        args = [
+            "ipa-dns-install",
+            "--dnssec-master",
+            "--forwarder", cls.master.config.dns_forwarder,
+            "-p", cls.master.config.dirman_password,
+            "-U",
+        ]
+        cls.master.run_command(args)
+
+    def _full_backup_and_restore_with_DNSSEC_zone(self, reinstall=False):
+        with restore_checker(self.master):
+
+            self.master.run_command([
+                'ipa', 'dnszone-add',
+                self.example_test_zone,
+                '--dnssec', 'true',
+            ])
+
+            assert wait_until_record_is_signed(self.master.ip,
+                self.example_test_zone, self.log), "Zone is not signed"
+
+            backup_path = backup(self.master)
+
+            self.master.run_command(['ipa-server-install',
+                                     '--uninstall',
+                                     '-U'])
+
+            if reinstall:
+                tasks.install_master(self.master, setup_dns=True)
+
+            dirman_password = self.master.config.dirman_password
+            self.master.run_command(['ipa-restore', backup_path],
+                                    stdin_text=dirman_password + '\nyes')
+
+            assert wait_until_record_is_signed(self.master.ip,
+                self.example_test_zone, self.log), ("Zone is not signed after "
+                                                    "restore")
+
+            self.master.run_command([
+                'ipa', 'dnszone-add',
+                self.example2_test_zone,
+                '--dnssec', 'true',
+            ])
+
+            assert wait_until_record_is_signed(self.master.ip,
+                self.example2_test_zone, self.log), "A new zone is not signed"
+
+
+class TestBackupAndRestoreWithDNSSEC(BaseBackupAndRestoreWithDNSSEC):
+    def test_full_backup_and_restore_with_DNSSEC_zone(self):
+        """backup, uninstall, restore"""
+        self._full_backup_and_restore_with_DNSSEC_zone(reinstall=False)
+
+
+class TestBackupReinstallRestoreWithDNSSEC(BaseBackupAndRestoreWithDNSSEC):
+    def test_full_backup_reinstall_restore_with_DNSSEC_zone(self):
+        """backup, uninstall, install, restore"""
+        self._full_backup_and_restore_with_DNSSEC_zone(reinstall=True)
author	Martin Basti <mbasti@redhat.com>	2015-09-08 13:08:31 +0200
committer	Martin Basti <mbasti@redhat.com>	2015-09-16 18:20:18 +0200
commit	8772fb4c3dc9a5ba11cfc3bca5970eeaabea1d79 (patch)
tree	8d0213a7cbb07d02c67eec3b2749a9f2c60093cc
parent	3c33b48655acabdd12de56e78cdfb2f7d17c414f (diff)
download	freeipa-8772fb4c3dc9a5ba11cfc3bca5970eeaabea1d79.tar.gz freeipa-8772fb4c3dc9a5ba11cfc3bca5970eeaabea1d79.tar.xz freeipa-8772fb4c3dc9a5ba11cfc3bca5970eeaabea1d79.zip