Run tests against task 336990 #45
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
TODO: Send to upstream
This fixes TestIPACommand.test_change_selinuxusermaporder. TODO: send to upstream
ALT Linux doesn't utilize NIS.
Crypto policy is not supported on ALTLinux.
* added automount direct and indirect maps * added automount home directory for IPA users * added mount options check * added nfs idmapping check Signed-off-by: Stanislav Levin <slev@altlinux.org>
This test suite takes a long time. First, let's measure the test duration(limited up to 6 hours).
Install package via apt using query '*package_name' leads to: "E: Regex compilation error - Invalid preceding regular expression". The proper regex is '.*package_name', but in this case results in apt fails to install debuginfo packages for ALT.
IPA client is installed without 'mkhomedir' option by default that means there will be no user's home directory by default. `tasks.run_command_as_user` utilizes `su -l USER` under the hood. Fedora's su is built from util-linux project and it allows missing working directory: ```console [root@778019601c21 /]# su -l test su: warning: cannot change directory to /home/test: No such file or directory [test@778019601c21 /]$ ``` while ALTLinux' su is built from SimplePAMApps (https://mirrors.edge.kernel.org/pub/linux/libs/pam/pre/applications/) and it doesn't allow missing working directory: ```console [root@dc /]# su -l test /home/test not available; exiting [root@dc /]# ```
keyboard-interactive doesn't work for ALT out of the box. This should be removed on implementation of control policy. See, https://bugzilla.altlinux.org/38977
With `pam_mktemp` a temp directory is `/tmp/.private/$USER`. So, test user is not allowed to read/write root's temp directory.
The usage of `semanage` util (policycoreutils) should be optional since not all the distros are SELinux compatible.
ALTLinux doesn't have systemwide crypto policy.
The changing of time affects the host and all of the containers running on it. So, this test should be skipped in such environments or should be run at standalone mode.
`test_ssh_key_connection` expects the marker for closing the ssh session like: sshd[26903]: pam_unix(sshd:session): session opened for user test-ssh by (uid=0) sshd[26903]: pam_unix(sshd:session): session closed for user test-ssh
Journald may lose _SYSTEMD_UNIT field for short-lived processes: https://bugs.freedesktop.org/show_bug.cgi?id=50184 This field is used for message filtering by option '-u'. More reliable way is using of SYSLOG_IDENTIFIER one. Related: https://pagure.io/freeipa/issue/8682
…ree space Azure Pipelines doesn't provide too many disk resources. Usually, available space is about 19-20%. This makes test_ipa_healthcheck_no_errors flaky.
…tion The number of expected tracked certificates is harcoded to 12, but this depends on kra installation, which either happened or not.
- in case of Azure Pipelines the global DNS is only available after domain joining on clients. - provide ALT specific task for postfix
ALT doesn't support system crypto policy yet.
The available free space on Azure's VM is about 20%(time to time), this makes ipa-healthcheck tests flaky.
Based on change for ap 8fa6de9.
Build of docs requires sphinxcontrib.plantuml that in turn, wants plantuml. Plantuml fails in ALT container: [root@d316800ab411 /]# plantuml -v /usr/bin/plantuml: JAVA_HOME is not set and default java installation was not found. JAVA_HOME for system applications can be set in java.conf in /etc/java See https://bugzilla.altlinux.org/43606
Based on change for ap 40ed33b.
This reverts commit a3c02cd. The bug was fixed: https://bugzilla.altlinux.org/42036
It was an unreadable mess.
trust_enable_agent command restart 389-ds service, the recent version(2.2.3) of which may take longer than 25sec (default DBus call timeout). This results in the command fails with timeout. Caught by test_integration/test_adtrust_install.py::TestIpaAdTrustInstall::test_add_agent_on_running_replica_without_compat
With ALT's bind 9.16 the named listens on localhost only by default.
Bind 9.16 validates answers by default while DNSSEC is not world wide applied yet. For example, ALT's mirrors are not DNSSEC aware.
Fixes
```
Files: test/all_tests.html -> all
Options: timeout=5000, inject="/__w/1/s/install/ui/node_modules/grunt-contrib-qunit/chrome/bridge.js", urls=[], force=false, console, httpBase=false, summaryOnly=false, puppeteer={"ignoreDefaultArgs":true,"args":["--headless","--disable-web-security"]}
>> There was an error with headless chrome
Fatal error: Failed to launch the browser process!
/__w/1/s/install/ui/node_modules/puppeteer/.local-chromium/linux-869685/chrome-linux/chrome: error while loading shared libraries: libdrm.so.2: cannot open shared object file: No such file or directory
or
/__w/1/s/install/ui/node_modules/puppeteer/.local-chromium/linux-869685/chrome-linux/chrome: error while loading shared libraries: libgbm.so.1: cannot open shared object file: No such file or directory
```
It needs to update for ipahealthcheck 0.12: https://pagure.io/freeipa/issue/9291
This reverts commit 93fa624. sos-4.4 has landed in sisyphus: https://bugzilla.altlinux.org/40681
Backported from a576262 (4.9.11).
`fastlint` build rule was removed in 4.9.11-alt1.
With 4.9.11-alt1 `lint` build rule is disabled by default. This leads to missing lint dependencies in CI. For example, pylint fails with: ``` ************* Module setup_containers .github/workflows/scripts/setup_containers.py:9: [E0401(import-error), ] Unable to import 'docker') ************* Module ipatests.azure.scripts.setup_containers ipatests/azure/scripts/setup_containers.py:9: [E0401(import-error), ] Unable to import 'docker') ```
…eck" This reverts commit 4a7a3de. The issue has been fixed: https://pagure.io/freeipa/issue/9291
Order of installation/querying `ipa-healthcheck` in `TestIpaHealthCheckWithoutDNS::test_ipa_dns_systemrecords_check` test can lead to failures: - querying the version of `ipa-healthcheck` fails because of the missing corresponding package. There is no explicit installation of the package before this test, though `ipa-healthcheck` may be pulled indirectly or may be pre-installed. - expected message depends on `ipa-healtchcheck` version and it's calculated before updating the package. The assumption will be wrong on updating 0.11 -> 0.12 for example. Related: https://pagure.io/freeipa/issue/9291
Test test_adtrust_install_with_incorrect_admin_password assumes
KCM ccache type, while it can be any one.
sssd-kcm is optional package.
Fixes:
def test_adtrust_install_with_incorrect_admin_password(self):
"""
Test to check ipa-adtrust-install with incorrect admin
password
"""
password = "wrong_pwd"
msg = (
"Must have Kerberos credentials to setup AD trusts on server: "
"Major (458752): No credentials were supplied, or the credentials "
"were unavailable or inaccessible, Minor (2529639053): "
"No Kerberos credentials available (default cache: KCM:)\n"
)
self.master.run_command(["kdestroy", "-A"])
result = self.master.run_command(
["ipa-adtrust-install", "-A", "admin", "-a",
password, "-U"], raiseonerr=False
)
> assert msg in result.stderr_text
E AssertionError: assert 'Must have Kerberos credentials to setup AD trusts on server: Major (458752): No credentials were supplied, or the credentials were unavailable or inaccessible, Minor (2529639053): No Kerberos credentials available (default cache: KCM:)\n' in 'Must have Kerberos credentials to setup AD trusts on server: Major (458752): No credentials were supplied, or the credentials were unavailable or inaccessible, Minor (2529639053): No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_0)\n'
[2023-06-07 17:09:45] E + where 'Must have Kerberos credentials to setup AD trusts on server: Major (458752): No credentials were supplied, or the credentials were unavailable or inaccessible, Minor (2529639053): No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_0)\n' = <pytest_multihost.transport.SSHCommand object at 0x7fc7b821ce50>.stderr_text
`test_user_connects_smb_share_if_locked_specific_group` utilized chcon to change file SELinux security context. This leads to error on non-SELinux machines: [] RUN ['chcon', '-t', 'samba_share_t', '/freeipa4234'] [] chcon: can't apply partial context to unlabeled file '/freeipa4234' [] Exit code: 1 [] stderr: chcon: can't apply partial context to unlabeled file '/freeipa4234'
`ipa-adtrust-install` is shipped on `/usr/sbin` in ALTLinux and `su` don't put it on user's PATH. Fixes: [] RUN ['su', '-l', 'ipauser2', '-c', 'ipa-adtrust-install'] [] -bash: ipa-adtrust-install: command not found [] Exit code: 127 [] stderr: -bash: ipa-adtrust-install: command not found
The available free space on Azure's VM is about 20%(time to time), this makes ipa-healthcheck tests flaky.
With recent node 18 release in ALTLinux the nodejs package is provided by 2 packages and apt fails to resolve it. See https://bugzilla.altlinux.org/47092 for details.
This reverts commit d07fd7b7c4ccf10c65f946ed0cc393d0349ab62b. https://bugzilla.altlinux.org/47092 has been fixed.
https://git.altlinux.org/tasks/336990: - gssproxy 0.9.2-alt1
stanislavlevin
force-pushed
the
sisyphus-ci
branch
from
1584302
to
7dde055
Compare
stanislavlevin
force-pushed
the
sisyphus-ci
branch
from
402c2a0
to
042e318
Compare
stanislavlevin
force-pushed
the
sisyphus-ci
branch
from
8229d10
to
906d599
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://git.altlinux.org/tasks/336990: