forked from freeipa/freeipa
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Run tests against task 336509 #48
Open
stanislavlevin
wants to merge
97
commits into
p10-ci
Choose a base branch
from
task_336509
base: p10-ci
Could not load branches
Branch not found: {{ refName }}
Could not load tags
Nothing to show
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
TODO: Send to upstream
This fixes TestIPACommand.test_change_selinuxusermaporder. TODO: send to upstream
ALT Linux doesn't utilize NIS.
Crypto policy is not supported on ALTLinux.
* added automount direct and indirect maps * added automount home directory for IPA users * added mount options check * added nfs idmapping check Signed-off-by: Stanislav Levin <slev@altlinux.org>
This test suite takes a long time. First, let's measure the test duration(limited up to 6 hours).
Install package via apt using query '*package_name' leads to: "E: Regex compilation error - Invalid preceding regular expression". The proper regex is '.*package_name', but in this case results in apt fails to install debuginfo packages for ALT.
The IPA client can be installed without 'mkhomedir' option, thus, an attempt to execute `su - testuser -c true` fails with: ``` /home/testuser not available; exiting ```
keyboard-interactive doesn't work for ALT out of the box. This should be removed on implementation of control policy. See, https://bugzilla.altlinux.org/38977
With `pam_mktemp` a temp directory is `/tmp/.private/$USER`. So, test user is not allowed to read/write root's temp directory.
The usage of `semanage` util (policycoreutils) should be optional since not all the distros are SELinux compatible.
ALTLinux doesn't have systemwide crypto policy.
The changing of time affects the host and all of the containers running on it. So, this test should be skipped in such environments or should be run at standalone mode.
`test_ssh_key_connection` expects the marker for closing the ssh session like: sshd[26903]: pam_unix(sshd:session): session opened for user test-ssh by (uid=0) sshd[26903]: pam_unix(sshd:session): session closed for user test-ssh
Journald may lose _SYSTEMD_UNIT field for short-lived processes: https://bugs.freedesktop.org/show_bug.cgi?id=50184 This field is used for message filtering by option '-u'. More reliable way is using of SYSLOG_IDENTIFIER one. Related: https://pagure.io/freeipa/issue/8682
…ree space Azure Pipelines doesn't provide too many disk resources. Usually, available space is about 19-20%. This makes test_ipa_healthcheck_no_errors flaky.
…tion The number of expected tracked certificates is harcoded to 12, but this depends on kra installation, which either happened or not.
- in case of Azure Pipelines the global DNS is only available after domain joining on clients. - provide ALT specific task for postfix
ALT doesn't support system crypto policy yet.
The available free space on Azure's VM is about 20%(time to time), this makes ipa-healthcheck tests flaky.
Build fails with: ``` + runuser -u gha_user -- gear-rpm -bs --nodeps --define '_allow_undefined_macros 1' --define '_srcrpmdir /__w/freeipa/freeipa' --with wheels --with docs fatal: unsafe repository ('/__w/freeipa/freeipa' is owned by someone else) To add an exception for this directory, call: git config --global --add safe.directory /__w/freeipa/freeipa ``` The failure is related to new git: https://github.blog/2022-04-12-git-security-vulnerability-announced/ Note: the build job is run under unprivileged user within container, just created for this task while files and subdirectories in working directory belong to privileged(container) one and working directory itself belongs to unprivileged host user, like this: ``` /__w/freeipa/freeipa: drwxr-xrwx 24 1001 121 4096 May 6 09:57 . drwxr-xr-x 3 1001 121 4096 May 6 09:56 .. drwxr-xrwx 4 root root 4096 May 6 09:57 .gear drwxr-xrwx 8 root root 4096 May 6 09:57 .git ... ```
Fixes webui tests on gha: ``` Testing test/all_tests.html Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/. Access to XMLHttpRequest at 'file:///__w/freeipa/freeipa/install/ui/test/qunit.js' from origin 'null' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-untrusted, https. Failed to load resource: net::ERR_FAILED Access to XMLHttpRequest at 'file:///__w/freeipa/freeipa/install/ui/test/data/i18n_messages.json' from origin 'null' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-untrusted, https. Failed to load resource: net::ERR_FAILED >> Error: Error: Couldn't receive translations ``` See gruntjs/grunt-contrib-qunit#158 for details.
Based on change for ap 8fa6de9.
Build of docs requires sphinxcontrib.plantuml that in turn, wants plantuml. Plantuml fails in ALT container: [root@d316800ab411 /]# plantuml -v /usr/bin/plantuml: JAVA_HOME is not set and default java installation was not found. JAVA_HOME for system applications can be set in java.conf in /etc/java See https://bugzilla.altlinux.org/43606
Based on change for ap 40ed33b.
This reverts commit a3c02cd. The bug was fixed: https://bugzilla.altlinux.org/42036
2022-08-26T08:57:50.2129732Z Running "qunit:all" (qunit) task 2022-08-26T08:57:50.2130208Z Verifying property qunit.all exists in config...OK 2022-08-26T08:57:50.2155861Z Files: test/all_tests.html -> all 2022-08-26T08:57:50.2157383Z Options: timeout=5000, inject="/__w/1/s/install/ui/node_modules/grunt-contrib-qunit/chrome/bridge.js", urls=[], force=false, console, httpBase=false, summaryOnly=false, puppeteer={"ignoreDefaultArgs":true,"args":["--headless","--disable-web-security"]} 2022-08-26T08:57:50.2304220Z >> There was an error with headless chrome 2022-08-26T08:57:50.2305391Z Fatal error: Failed to launch the browser process! 2022-08-26T08:57:50.2507744Z /__w/1/s/install/ui/node_modules/puppeteer/.local-chromium/linux-869685/chrome-linux/chrome: error while loading shared libraries: libatk-1.0.so.0: cannot open shared object file: No such file or directory 2022-08-26T08:57:50.2511483Z On the other branches libatk is pulled indirectly.
It was an unreadable mess.
automount crashes on Sisyphus for unknown reason.
…healthcheck. Previously the message was: "\n\nIn Directory Server, we offer one hash suitable for this " "(PBKDF2_SHA256) and one hash\nfor \"legacy\" support (SSHA512)." "\n\nYour configuration does not use these for password storage " "or the root password storage\nscheme.\n" but now the message is: \n\nIn Directory Server, we offer one hash suitable for this " "(PBKDF2-SHA512) and one hash\nfor \"legacy\" support (SSHA512)." "\n\nYour configuration does not use these for password storage " "or the root password storage\nscheme.\n" PBKDF2_SHA256 has been replaced with PBKDF2-SHA512 Pagure: https://pagure.io/freeipa/issue/9238 Signed-off-by: Sumedh Sidhaye <ssidhaye@redhat.com>
trust_enable_agent command restart 389-ds service, the recent version(2.2.3) of which may take longer than 25sec (default DBus call timeout). This results in the command fails with timeout. Caught by test_integration/test_adtrust_install.py::TestIpaAdTrustInstall::test_add_agent_on_running_replica_without_compat
Fixes ``` Files: test/all_tests.html -> all Options: timeout=5000, inject="/__w/1/s/install/ui/node_modules/grunt-contrib-qunit/chrome/bridge.js", urls=[], force=false, console, httpBase=false, summaryOnly=false, puppeteer={"ignoreDefaultArgs":true,"args":["--headless","--disable-web-security"]} >> There was an error with headless chrome Fatal error: Failed to launch the browser process! /__w/1/s/install/ui/node_modules/puppeteer/.local-chromium/linux-869685/chrome-linux/chrome: error while loading shared libraries: libdrm.so.2: cannot open shared object file: No such file or directory or /__w/1/s/install/ui/node_modules/puppeteer/.local-chromium/linux-869685/chrome-linux/chrome: error while loading shared libraries: libgbm.so.1: cannot open shared object file: No such file or directory ```
https://peter.sh/experiments/chromium-command-line-switches/#allow-file-access-from-files > By default, file:// URIs cannot read other file:// URIs. This is an override for developers who need the old behavior for testing. Fixes webui tests on CI: ``` Testing test/all_tests.html Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/. Access to XMLHttpRequest at 'file:///__w/freeipa/freeipa/install/ui/test/qunit.js' from origin 'null' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-untrusted, https. Failed to load resource: net::ERR_FAILED Access to XMLHttpRequest at 'file:///__w/freeipa/freeipa/install/ui/test/data/i18n_messages.json' from origin 'null' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-untrusted, https. Failed to load resource: net::ERR_FAILED >> Error: Error: Couldn't receive translations ``` Related: https://pagure.io/freeipa/issue/9329 Signed-off-by: Stanislav Levin <slev@altlinux.org> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
webui unit tests fail with grunt-contrib-qunit: ``` Testing test/all_tests.html >> Error: Error: QUnit has already been defined. >> at exportQUnit (file:///home/test/freeipa/install/ui/js/qunit.js:2475:12) >> at file:///home/test/freeipa/install/ui/js/qunit.js:2946:3 >> at file:///home/test/freeipa/install/ui/js/qunit.js:5061:2 >> Error: TypeError: Cannot set properties of undefined (setting 'reorder') >> at <anonymous>:175:24 >> at runFactory (file:///home/test/freeipa/install/ui/js/dojo/dojo.js:1:17157) >> at execModule (file:///home/test/freeipa/install/ui/js/dojo/dojo.js:1:19541) >> at file:///home/test/freeipa/install/ui/js/dojo/dojo.js:1:20002 >> at guardCheckComplete (file:///home/test/freeipa/install/ui/js/dojo/dojo.js:1:19707) >> at checkComplete (file:///home/test/freeipa/install/ui/js/dojo/dojo.js:1:19854) >> at onLoadCallback (file:///home/test/freeipa/install/ui/js/dojo/dojo.js:1:22296) >> at HTMLScriptElement.onLoad (file:///home/test/freeipa/install/ui/js/dojo/dojo.js:1:26209) ``` Load `qunit` with `dojo.require` that among other useful things helps > Preventing loading Dojo packages twice. dojo.require will simply return if the package is already loaded. See also https://github.com/gruntjs/grunt-contrib-qunit#loading-qunit-with-amd Related: https://pagure.io/freeipa/issue/9329 Signed-off-by: Stanislav Levin <slev@altlinux.org> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
It's helpful for debugging regressions. Related: https://pagure.io/freeipa/issue/9329 Signed-off-by: Stanislav Levin <slev@altlinux.org> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Updated qunit to latest supported version from https://code.jquery.com/qunit. See https://qunitjs.com/intro/#release-channels for details. Related: https://pagure.io/freeipa/issue/9329 Signed-off-by: Stanislav Levin <slev@altlinux.org> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Backported from a576262 (4.9.11).
freeipa-healthcheck prechecks existance of `fips-mode-setup` and reports if it's missing: > "fips": "missing /bin/fips-mode-setup" Fixes: https://pagure.io/freeipa/issue/9315 Signed-off-by: Stanislav Levin <slev@altlinux.org> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
`fastlint` build rule was removed in 4.9.11-alt1.
With 4.9.11-alt1 `lint` build rule is disabled by default. This leads to missing lint dependencies in CI. For example, pylint fails with: ``` ************* Module setup_containers .github/workflows/scripts/setup_containers.py:9: [E0401(import-error), ] Unable to import 'docker') ************* Module ipatests.azure.scripts.setup_containers ipatests/azure/scripts/setup_containers.py:9: [E0401(import-error), ] Unable to import 'docker') ```
With ALT's bind 9.16 the named listens on localhost only by default.
https://git.altlinux.org/tasks/336509: - python3-module-cryptography 41.0.7-alt0.p10.1 - python3-module-urllib3 1.26.17-alt0.p10.1 - python3-module-GitPython 3.1.40-alt0.p10.1 - salt 3006.4-alt0.p10.1 - python3-module-dateutil 2.8.2-alt2 - python3-module-openssl 22.1.0-alt1 - python3-module-botocore 1.31.5-alt1 - None None-None - python3-module-moto 3.0.7-alt0.p10.1 - freeipa 4.9.12-alt0.p10.1
stanislavlevin
force-pushed
the
p10-ci
branch
from
January 29, 2024 08:18
a51b4e0
to
9a01957
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://git.altlinux.org/tasks/336509: