diff --git a/tests/p_ipa-server/0-install_freeipa.sh b/tests/p_ipa-server/0-install_freeipa.sh deleted file mode 100755 index d20fb5a..0000000 --- a/tests/p_ipa-server/0-install_freeipa.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -# Author: James Hogarth -# - -if (t_GetPkgRel basesystem | grep -q el6) -then -t_Log "Running $0 - Installing packages" -t_InstallPackage ipa-server bind-dyndb-ldap -else - echo "Skipped on CentOS 5" -fi - - diff --git a/tests/p_ipa-server/0-preclean.sh b/tests/p_ipa-server/0-preclean.sh new file mode 100755 index 0000000..f0ff32f --- /dev/null +++ b/tests/p_ipa-server/0-preclean.sh @@ -0,0 +1,46 @@ +#!/bin/bash +# Author: James Hogarth +# + +if (t_GetPkgRel basesystem | grep -q el6) +then + +t_Log "Running $0 - Stopping and removing httpd if present" +if /sbin/service httpd status | grep 'is running...' &> /dev/null +then +/sbin/service httpd stop &> /dev/null +fi +if rpm -q httpd &> /dev/null +then +/usr/bin/yum -y remove httpd &> /dev/null +rm -rf /etc/httpd +fi + +t_Log "Running $0 - Stopping and removing bind if present" +if /sbin/service named status | grep 'is running...' &> /dev/null +then +/sbin/service named stop &> /dev/null +fi +if rpm -q bind &> /dev/null +then +/usr/bin/yum -y remove bind &> /dev/null +rm -rf /etc/named /var/named +fi + + +t_Log "Running $0 - Backing up resolv.conf" +cp /etc/resolv.conf /tmp/resolv.conf.ipa-tests + +t_Log "Running $0 - Backing up nsswitch.conf" +cp /etc/nsswitch.conf /tmp/nsswitch.conf.ipa-tests + +t_Log "Running $0 - Backing up hosts file" +cp /etc/hosts /tmp/hosts.ipa-tests + +t_Log "Running $0 - Backing up saving yum history id" +/usr/bin/yum history list | awk 'NR == 4 {print $1}' > /tmp/yum-rollback-id.ipa-tests + +else + echo "Skipped on CentOS 5" +fi + diff --git a/tests/p_ipa-server/1-configure_freeipa.sh b/tests/p_ipa-server/1-configure_freeipa.sh deleted file mode 100755 index 799d6b4..0000000 --- a/tests/p_ipa-server/1-configure_freeipa.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -# Author: James Hogarth -# -if (t_GetPkgRel basesystem | grep -q el6) -then - -t_Log "Configuring IPA server" - -ipa-server-install -U --hostname=c6test.c6ipa.local --ip-address=$(ip a s dev eth0 | awk '$0 ~ /scope global eth0/ {print $2}' | cut -d'/' -f 1) -r C6IPA.LOCAL -n c6ipa.local -p p455w0rd -a p455w0rd --ssh-trust-dns --setup-dns --forwarder=$(awk '$0 ~ /nameserver/ {print $2}' /etc/resolv.conf | head -n 1) - -t_CheckExitStatus $? - -else - echo "Skipped on CentOS 5" -fi - diff --git a/tests/p_ipa-server/1-install_freeipa.sh b/tests/p_ipa-server/1-install_freeipa.sh new file mode 100755 index 0000000..d20fb5a --- /dev/null +++ b/tests/p_ipa-server/1-install_freeipa.sh @@ -0,0 +1,13 @@ +#!/bin/bash +# Author: James Hogarth +# + +if (t_GetPkgRel basesystem | grep -q el6) +then +t_Log "Running $0 - Installing packages" +t_InstallPackage ipa-server bind-dyndb-ldap +else + echo "Skipped on CentOS 5" +fi + + diff --git a/tests/p_ipa-server/2-configure_freeipa.sh b/tests/p_ipa-server/2-configure_freeipa.sh new file mode 100755 index 0000000..799d6b4 --- /dev/null +++ b/tests/p_ipa-server/2-configure_freeipa.sh @@ -0,0 +1,16 @@ +#!/bin/bash +# Author: James Hogarth +# +if (t_GetPkgRel basesystem | grep -q el6) +then + +t_Log "Configuring IPA server" + +ipa-server-install -U --hostname=c6test.c6ipa.local --ip-address=$(ip a s dev eth0 | awk '$0 ~ /scope global eth0/ {print $2}' | cut -d'/' -f 1) -r C6IPA.LOCAL -n c6ipa.local -p p455w0rd -a p455w0rd --ssh-trust-dns --setup-dns --forwarder=$(awk '$0 ~ /nameserver/ {print $2}' /etc/resolv.conf | head -n 1) + +t_CheckExitStatus $? + +else + echo "Skipped on CentOS 5" +fi + diff --git a/tests/p_ipa-server/2-verify_kerberos_tickets.sh b/tests/p_ipa-server/2-verify_kerberos_tickets.sh deleted file mode 100755 index 94444fd..0000000 --- a/tests/p_ipa-server/2-verify_kerberos_tickets.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -# Author: James Hogarth -# - -if (t_GetPkgRel basesystem | grep -q el6) -then - -# kinit cannot take password from stdin so use expect - -t_InstallPackage expect - -t_Log "Running $0 - testing host kerberos principal -klist -k /etc/krb5.keytab | grep "host/c6test.c6ipa.local" &> /dev/null - -t_CheckExitStatus $? - -t_Log "Running $0 - testing admin user kerberos principal - -kdestroy &> /dev/null - -klist 2>&1 | grep "No credentials" &> /dev/null - -t_CheckExitStatus $? - -expect -f - &> /dev/null < /dev/null - -t_CheckExitStatus $? - -else - echo "Skipped on CentOS 5" -fi - diff --git a/tests/p_ipa-server/3-adduser.sh b/tests/p_ipa-server/3-adduser.sh deleted file mode 100755 index 78b6e02..0000000 --- a/tests/p_ipa-server/3-adduser.sh +++ /dev/null @@ -1,84 +0,0 @@ -#!/bin/bash -# Author: James Hogarth -# - -if (t_GetPkgRel basesystem | grep -q el6) -then - -# Need admin credentials -kdestroy &> /dev/null - -klist 2>&1 | grep "No credentials" &> /dev/null - -t_CheckExitStatus $? - -expect -f - &> /dev/null < /dev/null - -t_CheckExitStatus $? - - - -t_Log "Running $0 - test adding user" -userdetails="$(ipa user-add --first=test --last=user --random testuser)" -echo "$userdetails" | grep 'Added user "testuser"' &> /dev/null - -t_CheckExitStatus $? - -t_Log "Running $0 - verify details of user" - -echo "$userdetails" | grep ' First name: test' &> /dev/null - -t_CheckExitStatus $? - -echo "$userdetails" | grep 'Last name: user' &> /dev/null - -t_CheckExitStatus $? - -echo "$userdetails" | grep 'Full name: test user' &> /dev/null - -t_CheckExitStatus $? - -echo "$userdetails" | grep 'Home directory: /home/testuser' &> /dev/null - -t_CheckExitStatus $? - -t_Log "Running $0 - testing initial password change of user" -kdestroy &> /dev/null - -expect -f - &> /dev/null < /dev/null - -t_CheckExitStatus $? - -kdestroy &> /dev/null - -else - echo "Skipped on CentOS 5" -fi - - diff --git a/tests/p_ipa-server/3-verify_kerberos_tickets.sh b/tests/p_ipa-server/3-verify_kerberos_tickets.sh new file mode 100755 index 0000000..94444fd --- /dev/null +++ b/tests/p_ipa-server/3-verify_kerberos_tickets.sh @@ -0,0 +1,42 @@ +#!/bin/bash +# Author: James Hogarth +# + +if (t_GetPkgRel basesystem | grep -q el6) +then + +# kinit cannot take password from stdin so use expect + +t_InstallPackage expect + +t_Log "Running $0 - testing host kerberos principal +klist -k /etc/krb5.keytab | grep "host/c6test.c6ipa.local" &> /dev/null + +t_CheckExitStatus $? + +t_Log "Running $0 - testing admin user kerberos principal + +kdestroy &> /dev/null + +klist 2>&1 | grep "No credentials" &> /dev/null + +t_CheckExitStatus $? + +expect -f - &> /dev/null < /dev/null + +t_CheckExitStatus $? + +else + echo "Skipped on CentOS 5" +fi + diff --git a/tests/p_ipa-server/4-addservice.sh b/tests/p_ipa-server/4-addservice.sh deleted file mode 100755 index f539627..0000000 --- a/tests/p_ipa-server/4-addservice.sh +++ /dev/null @@ -1,82 +0,0 @@ -#!/bin/bash -# Author: James Hogarth -# - -if (t_GetPkgRel basesystem | grep -q el6) -then - -# Need admin credentials -kdestroy &> /dev/null - -klist 2>&1 | grep "No credentials" &> /dev/null - -t_CheckExitStatus $? - -expect -f - &> /dev/null < /dev/null - -t_CheckExitStatus $? - - -t_Log "Running $0 - Adding test service" -ipa service-add testservice/c6test.c6ipa.local - -t_CheckExitStatus $? - -t_Log "Running $0 - getting keytab for service" -ipa-getkeytab -s c6test.c6ipa.local -p testservice/c6test.c6ipa.local -k /tmp/testservice.keytab -t_CheckExitStatus $? - -t_Log "Running $0 - getting certificate for service" -ipa-getcert request -K testservice/c6test.c6ipa.local -D c6test.c6ipa.local -f /etc/pki/tls/certs/testservice.crt -k /etc/pki/tls/private/testservice.key -t_CheckExitStatus $? - -while true -do -entry="$(ipa-getcert list -r | sed -n '/Request ID/,/auto-renew: yes/p')" -if [[ $entry =~ "status:" ]] && [[ $entry =~ "CA_REJECTED" ]] -then -t_CheckExitStatus 1 -break -fi -if [[ $entry =~ "" ]] -then -t_CheckExitStatus 0 -break -fi -sleep 1 -done - -#avoiding race condition of certmonger getting the certificates and writing them but not actually on disk yet -while ! stat /etc/pki/tls/certs/testservice.crt &> /dev/null -do -sync -sleep 1 -done - -t_Log "Running $0 - verifying keytab" -klist -k /tmp/testservice.keytab | grep "testservice/c6test.c6ipa.local" &> /dev/null -t_CheckExitStatus $? - -t_Log "Running $0 - verifying key matches certificate" -diff <(openssl x509 -in /etc/pki/tls/certs/testservice.crt -noout -modulus 2>&1 ) <(openssl rsa -in /etc/pki/tls/private/testservice.key -noout -modulus 2>&1 ) -t_CheckExitStatus $? - -t_Log "Running $0 - verifying certificate against CA" -openssl verify -CAfile /etc/ipa/ca.crt /etc/pki/tls/certs/testservice.crt | grep "/etc/pki/tls/certs/testservice.crt: OK" &> /dev/null -t_CheckExitStatus $? - -else - echo "Skipped on CentOS 5" -fi - - diff --git a/tests/p_ipa-server/4-adduser.sh b/tests/p_ipa-server/4-adduser.sh new file mode 100755 index 0000000..78b6e02 --- /dev/null +++ b/tests/p_ipa-server/4-adduser.sh @@ -0,0 +1,84 @@ +#!/bin/bash +# Author: James Hogarth +# + +if (t_GetPkgRel basesystem | grep -q el6) +then + +# Need admin credentials +kdestroy &> /dev/null + +klist 2>&1 | grep "No credentials" &> /dev/null + +t_CheckExitStatus $? + +expect -f - &> /dev/null < /dev/null + +t_CheckExitStatus $? + + + +t_Log "Running $0 - test adding user" +userdetails="$(ipa user-add --first=test --last=user --random testuser)" +echo "$userdetails" | grep 'Added user "testuser"' &> /dev/null + +t_CheckExitStatus $? + +t_Log "Running $0 - verify details of user" + +echo "$userdetails" | grep ' First name: test' &> /dev/null + +t_CheckExitStatus $? + +echo "$userdetails" | grep 'Last name: user' &> /dev/null + +t_CheckExitStatus $? + +echo "$userdetails" | grep 'Full name: test user' &> /dev/null + +t_CheckExitStatus $? + +echo "$userdetails" | grep 'Home directory: /home/testuser' &> /dev/null + +t_CheckExitStatus $? + +t_Log "Running $0 - testing initial password change of user" +kdestroy &> /dev/null + +expect -f - &> /dev/null < /dev/null + +t_CheckExitStatus $? + +kdestroy &> /dev/null + +else + echo "Skipped on CentOS 5" +fi + + diff --git a/tests/p_ipa-server/5-addservice.sh b/tests/p_ipa-server/5-addservice.sh new file mode 100755 index 0000000..f539627 --- /dev/null +++ b/tests/p_ipa-server/5-addservice.sh @@ -0,0 +1,82 @@ +#!/bin/bash +# Author: James Hogarth +# + +if (t_GetPkgRel basesystem | grep -q el6) +then + +# Need admin credentials +kdestroy &> /dev/null + +klist 2>&1 | grep "No credentials" &> /dev/null + +t_CheckExitStatus $? + +expect -f - &> /dev/null < /dev/null + +t_CheckExitStatus $? + + +t_Log "Running $0 - Adding test service" +ipa service-add testservice/c6test.c6ipa.local + +t_CheckExitStatus $? + +t_Log "Running $0 - getting keytab for service" +ipa-getkeytab -s c6test.c6ipa.local -p testservice/c6test.c6ipa.local -k /tmp/testservice.keytab +t_CheckExitStatus $? + +t_Log "Running $0 - getting certificate for service" +ipa-getcert request -K testservice/c6test.c6ipa.local -D c6test.c6ipa.local -f /etc/pki/tls/certs/testservice.crt -k /etc/pki/tls/private/testservice.key +t_CheckExitStatus $? + +while true +do +entry="$(ipa-getcert list -r | sed -n '/Request ID/,/auto-renew: yes/p')" +if [[ $entry =~ "status:" ]] && [[ $entry =~ "CA_REJECTED" ]] +then +t_CheckExitStatus 1 +break +fi +if [[ $entry =~ "" ]] +then +t_CheckExitStatus 0 +break +fi +sleep 1 +done + +#avoiding race condition of certmonger getting the certificates and writing them but not actually on disk yet +while ! stat /etc/pki/tls/certs/testservice.crt &> /dev/null +do +sync +sleep 1 +done + +t_Log "Running $0 - verifying keytab" +klist -k /tmp/testservice.keytab | grep "testservice/c6test.c6ipa.local" &> /dev/null +t_CheckExitStatus $? + +t_Log "Running $0 - verifying key matches certificate" +diff <(openssl x509 -in /etc/pki/tls/certs/testservice.crt -noout -modulus 2>&1 ) <(openssl rsa -in /etc/pki/tls/private/testservice.key -noout -modulus 2>&1 ) +t_CheckExitStatus $? + +t_Log "Running $0 - verifying certificate against CA" +openssl verify -CAfile /etc/ipa/ca.crt /etc/pki/tls/certs/testservice.crt | grep "/etc/pki/tls/certs/testservice.crt: OK" &> /dev/null +t_CheckExitStatus $? + +else + echo "Skipped on CentOS 5" +fi + + diff --git a/tests/p_ipa-server/5-dnsdetails.sh b/tests/p_ipa-server/5-dnsdetails.sh deleted file mode 100755 index b8ed6f3..0000000 --- a/tests/p_ipa-server/5-dnsdetails.sh +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/bash -# Author: James Hogarth -# - -if (t_GetPkgRel basesystem | grep -q el6) -then - -# Need admin credentials -kdestroy &> /dev/null - -klist 2>&1 | grep "No credentials" &> /dev/null - -t_CheckExitStatus $? - -expect -f - &> /dev/null < /dev/null - -t_CheckExitStatus $? - -#Add zone -t_Log "Running $0 - Adding a subdomain 'testzone'" -ipa dnszone-add --name-server=c6test.c6ipa.local. --admin-email=hostmaster.testzone.c6ipa.local. testzone.c6ipa.local -t_CheckExitStatus $? - -#Can get SOA for new zone from DNS - -#Add record to standard zone -t_Log "Running $0 - Adding a testrecord to main domain" -ipa dnsrecord-add c6ipa.local testrecord --cname-hostname=c6test -t_CheckExitStatus $? - -#Can get record from DNS -t_Log "Running $0 - Testing can retrieve record" -dig @localhost -t CNAME testrecord.c6ipa.local | grep "status: NOERROR" &> /dev/null -t_CheckExitStatus $? - -#Add record to new zone -t_Log "Running $0 - Adding a testrecord to subdomain" -ipa dnsrecord-add testzone.c6ipa.local testrecord --cname-hostname=c6test.c6ipa.local. -t_CheckExitStatus $? - -#Can get record from DNS for new zone -t_Log "Running $0 - Testing can retrieve record from subdomain" -dig @localhost -t CNAME testrecord.testzone.c6ipa.local | grep "status: NOERROR" &> /dev/null -t_CheckExitStatus $? - -#Configure global options instead of named.conf for forwarders - note this is looking for an ipv4 adddress ... there is no testing on ipv6 at this point -t_Log "Running $0 - Changing configuration to use LDAP for forwarder configuration" -forwarder="$(sed -n '1,/forwarders/!{ /};/,/forwarders/!s/^//p;}' /etc/named.conf | sed 's/^[ \t]*\([0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\);$/\1/')" -sed -i '/forwarders/{N ; s/\n.*// }' /etc/named.conf -service named restart -t_CheckExitStatus $? -ipa dnsconfig-mod --forwarder=${forwarder} -t_CheckExitStatus $? - -#Regression test of RHBA-2103-0739 -for i in {1..30} -do -service named reload &> /dev/null -service named status &> /dev/null || t_CheckExitStatus $? -sleep 1 -done - -t_CheckExitStatus $? - -else - echo "Skipped on CentOS 5" -fi - diff --git a/tests/p_ipa-server/6-dnsdetails.sh b/tests/p_ipa-server/6-dnsdetails.sh new file mode 100755 index 0000000..b8ed6f3 --- /dev/null +++ b/tests/p_ipa-server/6-dnsdetails.sh @@ -0,0 +1,78 @@ +#!/bin/bash +# Author: James Hogarth +# + +if (t_GetPkgRel basesystem | grep -q el6) +then + +# Need admin credentials +kdestroy &> /dev/null + +klist 2>&1 | grep "No credentials" &> /dev/null + +t_CheckExitStatus $? + +expect -f - &> /dev/null < /dev/null + +t_CheckExitStatus $? + +#Add zone +t_Log "Running $0 - Adding a subdomain 'testzone'" +ipa dnszone-add --name-server=c6test.c6ipa.local. --admin-email=hostmaster.testzone.c6ipa.local. testzone.c6ipa.local +t_CheckExitStatus $? + +#Can get SOA for new zone from DNS + +#Add record to standard zone +t_Log "Running $0 - Adding a testrecord to main domain" +ipa dnsrecord-add c6ipa.local testrecord --cname-hostname=c6test +t_CheckExitStatus $? + +#Can get record from DNS +t_Log "Running $0 - Testing can retrieve record" +dig @localhost -t CNAME testrecord.c6ipa.local | grep "status: NOERROR" &> /dev/null +t_CheckExitStatus $? + +#Add record to new zone +t_Log "Running $0 - Adding a testrecord to subdomain" +ipa dnsrecord-add testzone.c6ipa.local testrecord --cname-hostname=c6test.c6ipa.local. +t_CheckExitStatus $? + +#Can get record from DNS for new zone +t_Log "Running $0 - Testing can retrieve record from subdomain" +dig @localhost -t CNAME testrecord.testzone.c6ipa.local | grep "status: NOERROR" &> /dev/null +t_CheckExitStatus $? + +#Configure global options instead of named.conf for forwarders - note this is looking for an ipv4 adddress ... there is no testing on ipv6 at this point +t_Log "Running $0 - Changing configuration to use LDAP for forwarder configuration" +forwarder="$(sed -n '1,/forwarders/!{ /};/,/forwarders/!s/^//p;}' /etc/named.conf | sed 's/^[ \t]*\([0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\);$/\1/')" +sed -i '/forwarders/{N ; s/\n.*// }' /etc/named.conf +service named restart +t_CheckExitStatus $? +ipa dnsconfig-mod --forwarder=${forwarder} +t_CheckExitStatus $? + +#Regression test of RHBA-2103-0739 +for i in {1..30} +do +service named reload &> /dev/null +service named status &> /dev/null || t_CheckExitStatus $? +sleep 1 +done + +t_CheckExitStatus $? + +else + echo "Skipped on CentOS 5" +fi + diff --git a/tests/p_ipa-server/7-addsudo.sh b/tests/p_ipa-server/7-addsudo.sh new file mode 100755 index 0000000..d5ae082 --- /dev/null +++ b/tests/p_ipa-server/7-addsudo.sh @@ -0,0 +1,44 @@ +#!/bin/bash +# Author: James Hogarth +# + +if (t_GetPkgRel basesystem | grep -q el6) +then + +# Need admin credentials +kdestroy &> /dev/null + +klist 2>&1 | grep "No credentials" &> /dev/null + +t_CheckExitStatus $? + +expect -f - &> /dev/null < /dev/null + +t_CheckExitStatus $? + + + +t_Log "Running $0 - test adding sudo command" +## add sudo command here to ipa + +t_Log "Running $0 - test adding sudo configuration" +## configure sssd and nsswitch for sudo here + +t_Log "Running $0 - test sudo works" +## do a sudo -l as a user here to verify it works + + +else + echo "Skipped on CentOS 5" +fi + diff --git a/tests/p_ipa-server/99-postclean.sh b/tests/p_ipa-server/99-postclean.sh new file mode 100755 index 0000000..3c77d63 --- /dev/null +++ b/tests/p_ipa-server/99-postclean.sh @@ -0,0 +1,25 @@ +#!/bin/bash +# Author: James Hogarth +# + +if (t_GetPkgRel basesystem | grep -q el6) +then + +t_Log "Running $0 - Restoring up resolv.conf" +cp /tmp/resolv.conf.ipa-tests /etc/resolv.conf + +t_Log "Running $0 - Restoring nsswitch.conf" +cp /tmp/nsswitch.conf.ipa-tests /etc/nsswitch.conf + +t_Log "Running $0 - Backing up hosts file" +cp /tmp/hosts.ipa-tests /etc/hosts + +t_Log "Running $0 - Backing up saving yum history id" +/usr/bin/yum -y history rollback $(cat /tmp/yum-rollback-id.ipa-tests) &> /dev/null + +rm -f /tmp/*.ipa-test + +else + echo "Skipped on CentOS 5" +fi +