diff --git a/tests/p_ipa-server/4-addservice.sh b/tests/p_ipa-server/4-addservice.sh index 4e43eaf..b8af8a9 100755 --- a/tests/p_ipa-server/4-addservice.sh +++ b/tests/p_ipa-server/4-addservice.sh @@ -37,12 +37,35 @@ t_Log "Running $0 - getting certificate for service" ipa-getcert request -K testservice/c6test.c6ipa.local -D c6test.c6ipa.local -f /etc/pki/tls/certs/testservice.crt -k /etc/pki/tls/private/testservice.key t_CheckExitStatus $? +while true +do +entry="$(ipa-getcert list -r | sed -n '/Request ID/,/auto-renew: yes/p')" +if [[ $entry =~ "status:" ]] && [[ $entry =~ "CA_REJECTED" ]] +then +t_CheckExitStatus 1 +break +fi +if [[ $entry =~ "" ]] +then +t_CheckExitStatus 0 +break +fi +sleep 1 +done + +#avoiding race condition of certmonger getting the certificates and writing them but not actually on disk yet +while ! stat /etc/pki/tls/certs/testservice.crt &> /dev/null +do +sync +sleep 1 +done + t_Log "Running $0 - verifying keytab" klist -k /tmp/testservice.keytab | grep "testservice/c6test.c6ipa.local" &> /dev/null t_CheckExitStatus $? t_Log "Running $0 - verifying key matches certificate" -diff <(openssl x509 -in /etc/pki/tls/certs/testservice.crt -noout -modulus) <(openssl rsa -in /etc/pki/tls/private/testservice.key -noout -modulus) +diff <(openssl x509 -in /etc/pki/tls/certs/testservice.crt -noout -modulus 2>&1 ) <(openssl rsa -in /etc/pki/tls/private/testservice.key -noout -modulus 2>&1 ) t_CheckExitStatus $? t_Log "Running $0 - verifying certificate against CA" diff --git a/tests/p_ipa-server/5-dnsdetails.sh b/tests/p_ipa-server/5-dnsdetails.sh new file mode 100755 index 0000000..a662970 --- /dev/null +++ b/tests/p_ipa-server/5-dnsdetails.sh @@ -0,0 +1,71 @@ +#!/bin/bash +# Author: James Hogarth +# + +# Need admin credentials +kdestroy &> /dev/null + +klist 2>&1 | grep "No credentials" &> /dev/null + +t_CheckExitStatus $? + +expect -f - &> /dev/null < /dev/null + +t_CheckExitStatus $? + +#Add zone +t_Log "Running $0 - Adding a subdomain 'testzone'" +ipa dnszone-add --name-server=c6test.c6ipa.local. --admin-email=hostmaster.testzone.c6ipa.local. testzone.c6ipa.local +t_CheckExitStatus $? + +#Can get SOA for new zone from DNS + +#Add record to standard zone +t_Log "Running $0 - Adding a testrecord to main domain" +ipa dnsrecord-add c6ipa.local testrecord --cname-hostname=c6test +t_CheckExitStatus $? + +#Can get record from DNS +t_Log "Running $0 - Testing can retrieve record" +dig @localhost -t CNAME testrecord.c6ipa.local | grep "status: NOERROR" &> /dev/null +t_CheckExitStatus $? + +#Add record to new zone +t_Log "Running $0 - Adding a testrecord to subdomain" +ipa dnsrecord-add testzone.c6ipa.local testrecord --cname-hostname=c6test.c6ipa.local. +t_CheckExitStatus $? + +#Can get record from DNS for new zone +t_Log "Running $0 - Testing can retrieve record from subdomain" +dig @localhost -t CNAME testrecord.testzone.c6ipa.local | grep "status: NOERROR" &> /dev/null +t_CheckExitStatus $? + +#Configure global options instead of named.conf for forwarders - note this is looking for an ipv4 adddress ... there is no testing on ipv6 at this point +t_Log "Running $0 - Changing configuration to use LDAP for forwarder configuration" +forwarder="$(sed -n '1,/forwarders/!{ /};/,/forwarders/!s/^//p;}' /etc/named.conf | sed 's/^[ \t]*\([0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\);$/\1/')" +sed -i '/forwarders/{N ; s/\n.*// }' /etc/named.conf +service named restart +t_CheckExitStatus $? +ipa dnsconfig-mod --forwarder=${forwarder} +t_CheckExitStatus $? + +#Regression test of RHBA-2103-0739 +for i in {1..30} +do +service named reload &> /dev/null +service named status &> /dev/null || t_CheckExitStatus $? +sleep 1 +done + +t_CheckExitStatus $? +