centos / t_functional

Clone
Source Code
GIT

Blame tests/p_ipa-server/5-addservice.sh

master
  1.   dfaa8a804e0b500752e6ab6f6fb1ee73024d494e
  2.   tests
  3.   p_ipa-server
  4.   5-addservice.sh
Blob History Raw
James Hogarth 71dbe1 
#!/bin/bash
James Hogarth 71dbe1 
# Author: James Hogarth <james.hogarth@gmail.com>
James Hogarth 71dbe1 
#
James Hogarth 71dbe1
James Hogarth abe41f 
if (t_GetPkgRel basesystem | grep -qE 'el(6|7)')
James Hogarth acc301 
then
James Hogarth acc301
James Hogarth 71dbe1 
# Need admin credentials
James Hogarth 71dbe1 
kdestroy &> /dev/null
James Hogarth 71dbe1
James Hogarth 71dbe1 
klist 2>&1  | grep "No credentials" &> /dev/null
James Hogarth 71dbe1
James Hogarth 71dbe1 
t_CheckExitStatus $?
James Hogarth 71dbe1
James Hogarth 71dbe1 
expect -f - &> /dev/null <
James Hogarth 71dbe1 
set send_human {.1 .3 1 .05 2}
James Hogarth 71dbe1 
spawn kinit admin
James Hogarth 71dbe1 
sleep 1
James Hogarth 71dbe1 
expect "Password for admin@C6IPA.LOCAL:"
James Hogarth 71dbe1 
send -h "p455w0rd\r"
James Hogarth 71dbe1 
sleep 1
James Hogarth 71dbe1 
close
James Hogarth 71dbe1 
EOF
James Hogarth 71dbe1
James Hogarth 71dbe1 
klist | grep "admin@C6IPA.LOCAL" &> /dev/null
James Hogarth 71dbe1
James Hogarth 71dbe1 
t_CheckExitStatus $?
James Hogarth 71dbe1
James Hogarth 71dbe1
James Hogarth 71dbe1 
t_Log "Running $0 - Adding test service"
James Hogarth 0a8a3f 
ipa service-add	testservice/c6test.c6ipa.local &> /dev/null
James Hogarth 71dbe1
James Hogarth 71dbe1 
t_CheckExitStatus $?
James Hogarth 71dbe1
James Hogarth 71dbe1 
t_Log "Running $0 - getting keytab for service"
James Hogarth 0a8a3f 
ipa-getkeytab -s c6test.c6ipa.local -p testservice/c6test.c6ipa.local -k /tmp/testservice.keytab &> /dev/null
James Hogarth 71dbe1 
t_CheckExitStatus $?
James Hogarth 71dbe1
James Hogarth 71dbe1 
t_Log "Running $0 - getting certificate for service"
James Hogarth 0a8a3f 
ipa-getcert request -K testservice/c6test.c6ipa.local -D c6test.c6ipa.local -f /etc/pki/tls/certs/testservice.crt -k /etc/pki/tls/private/testservice.key &> /dev/null
James Hogarth 71dbe1 
t_CheckExitStatus $?
James Hogarth 71dbe1
James Hogarth 352003 
while true
James Hogarth 352003 
do
James Hogarth 352003 
entry="$(ipa-getcert list -r | sed -n '/Request ID/,/auto-renew: yes/p')"
James Hogarth 352003 
if [[ $entry =~ "status:" ]] && [[ $entry =~ "CA_REJECTED" ]]
James Hogarth 352003 
then
James Hogarth 352003 
t_CheckExitStatus 1
James Hogarth 352003 
break
James Hogarth 352003 
fi
James Hogarth 352003 
if [[ $entry =~ "" ]]
James Hogarth 352003 
then
James Hogarth 352003 
t_CheckExitStatus 0
James Hogarth 352003 
break
James Hogarth 352003 
fi
James Hogarth 352003 
sleep 1
James Hogarth 352003 
done
James Hogarth 352003
James Hogarth 352003 
#avoiding race condition of certmonger getting the certificates and writing them but not actually on disk yet
James Hogarth 352003 
while ! stat /etc/pki/tls/certs/testservice.crt &> /dev/null
James Hogarth 352003 
do
James Hogarth 352003 
sync
James Hogarth 352003 
sleep 1
James Hogarth 352003 
done
James Hogarth 352003
James Hogarth 71dbe1 
t_Log "Running $0 - verifying keytab"
James Hogarth 71dbe1 
klist -k /tmp/testservice.keytab | grep "testservice/c6test.c6ipa.local" &> /dev/null
James Hogarth 71dbe1 
t_CheckExitStatus $?
James Hogarth 71dbe1
James Hogarth 71dbe1 
t_Log "Running $0 - verifying key matches certificate"
James Hogarth 352003 
diff <(openssl x509 -in /etc/pki/tls/certs/testservice.crt -noout -modulus 2>&1 ) <(openssl rsa -in /etc/pki/tls/private/testservice.key -noout -modulus 2>&1 )
James Hogarth 71dbe1 
t_CheckExitStatus $?
James Hogarth 71dbe1
James Hogarth 71dbe1 
t_Log "Running $0 - verifying certificate against CA"
James Hogarth 71dbe1 
openssl verify -CAfile /etc/ipa/ca.crt /etc/pki/tls/certs/testservice.crt | grep "/etc/pki/tls/certs/testservice.crt: OK" &> /dev/null
James Hogarth 71dbe1 
t_CheckExitStatus $?
James Hogarth 71dbe1
James Hogarth acc301 
else
James Hogarth acc301 
    echo "Skipped on CentOS 5"
James Hogarth acc301 
fi
James Hogarth 71dbe1
James Hogarth 71dbe1

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation