add FreeIPA server role deploy and kickstart enrolment tests
ClosedPublic

Authored by adamwill on Apr 28 2016, 6:09 AM.

Details

Summary

These require openQA tap networking to allow the server and
client boxes to communicate, and require masquerading (NAT) so
the server at least can reach a repository (dnf/rolekit really,
really do not want to work without a repo connection).

They use the 'parallel' test support to have the server deploy
run first while the client enrol test waits at the grub menu
until the server is done before it goes ahead.

This is all deployed and working on stg. The really tricky bit
was getting all the openvswitch and firewall config right in
ansible.

We *could* do the server deploy test as a follow-on from the
default install test to save the install, but then we'd have to
teach it to change the hostname and set up static networking
post-install. I'm not sure if it's worth doing that.

This requires the corresponding openqa_fedora_tools commit that
adds the hard disks (containing the kickstarts - it's possible
to get them from remote during install, but we have to set up
name resolution or hard code the IP of the server).

Test Plan

Deploy this and the openqa_fedora_tools commit,
generate the disks, configure the networking (good luck! See
the docs in openqa_fedora_tools) and see if you can run the
tests. If you're using Docker, uh...sorry. You somehow need to
set things up so the workers can use tap interfaces that can
talk to each other and are NATed to the outside world. Have fun.
I can talk you through it on IRC...

Diff Detail

Repository
rOPENQATESTS os-autoinst-distri-fedora
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.
adamwill retitled this revision from to add FreeIPA server role deploy and kickstart enrolment tests.Apr 28 2016, 6:09 AM
adamwill updated this object.
adamwill edited the test plan for this revision. (Show Details)
adamwill added reviewers: jskladan, garretraziel.

There's one or two tweaks I could do here - we should test more stuff in the client and do the sanitize / teardown tests on the server - but I thought I'd put it out there so you guys could see what was going on and try it out. I'll work on it more tomorrow if we're not in hero testing mode (I don't think we will be).

Code looks good in overall, but I still didn't run it yet :-).

lib/fedorabase.pm
164–172

It took me a while to find out why is it written this way. Is it possible to refactor it a little bit? Maybe remove resolv.conf before and then use simple read-write loop?

adamwill added inline comments.Apr 28 2016, 3:09 PM
lib/fedorabase.pm
164–172

oh yeah this bullshit, it was just the first thing I came up with that worked right, goddamn perl. It could be cleaner for sure. I'll tinker with it.

adamwill updated this revision to Diff 2126.Apr 28 2016, 5:58 PM

use disk_ks_2 for all the disk kickstart tests

As noted in the tools diff, we may as well have all three tests
use the same disk image. As we have to bump the imgver, update
the disk name for the existing test.

adamwill updated this revision to Diff 2129.Apr 29 2016, 6:45 AM

make server deploy a post-install test, improve clone_host_resolv

So I was in two minds about doing this, but I think we should, for a
simple reason: we'll want to add tests for the other two enrolment methods
and it doesn't make sense to have *all of those tests* re-doing the
install process. So I figured out how to do static networking on the fly.
Here it is. We add boot params to avoid net device renaming (so it will
hopefully always be eth0), set the hostname, write a static IP config
file, restart NM, and clone the resolv.conf, then go ahead as before.

I do want to factor out the whole bootloader process to fedorabase, but
may want to do that as a later commit / diff; I have related changes coming
also for the post-install desktop tests I'm working on.

Also streamlined the resolv.conf cloning subroutine a bit. Tomorrow I will
work on completing the coverage of the tests and adding the other tests;
Cockpit is going to be fun - test dependencies are per-ISO, so we can't
just spin up a Server guest to run Cockpit and a Workstation live guest
to control it, we'll have to install enough X bits to run Firefox on a
Server install.

Hum. It occurs to me that this approach is pulling all its packages from
public mirrors. Will see if I can figure out a way to make it use phx2...

oh no, scratch that, mirrormanager returns the internal mirror, so it'll be using that. whew. On the '13 down presses' thing - I tested all my systems and it works on all of them. I *think* extra insmod lines would only be present with exotic storage configs, but I may be overlooking something. Can't really think of any other way to do it, anyhow. We don't want to have default_install specify those params (because then it's not a default install any more).

adamwill updated this revision to Diff 2137.May 3 2016, 10:54 PM

refactor bootloader handling in fedorabase, extend tests

This substantially extends the FreeIPA tests such that they
cover (I think) Server_role_deploy, domain_client_authenticate,
FreeIPA_realmd_login and realmd_join_kickstart fully. It also
refactors bootloader handling to be shared between _boot_to_
anaconda and these new tests (and I think improves the code a
bit). I think this is a decent point to merge at, if this looks
good; I can add tests covering the other enrolment test cases
and the web UI as subsequent commits.

adamwill updated this revision to Diff 2140.May 4 2016, 7:00 AM

just update an old comment

adamwill updated this revision to Diff 2141.May 4 2016, 7:26 AM

drop get_kernel_line, no longer needed

This revision is now accepted and ready to land.May 4 2016, 7:26 AM
This revision was automatically updated to reflect the committed changes.