#49516 Python 3 support for replication suite
Closed: wontfix 6 years ago Opened 6 years ago by firstyear.

Issue Description

Improve support for the replication test suite to use python 3.

This is important to allow continued testing of an important feature of the server on python 3.

Additionally, this cleans a number of old replication types and adds improvements for the new cli/admin tools.

However, add replication is a large component, this update touches many parts of the lib389 code,


62 passed, 15 skipped in 2429.54 seconds

Metadata Update from @firstyear:
- Custom field component adjusted to None
- Custom field origin adjusted to None
- Custom field reviewstatus adjusted to None
- Custom field type adjusted to None
- Custom field version adjusted to None

6 years ago

Metadata Update from @firstyear:
- Custom field reviewstatus adjusted to review (was: None)

6 years ago

@spichugi I even did docstrings for you :)

Ok, for now, I've encountered just these things my testing machine:

  • Probably, you forgot to add the module to the patch:

    dirsrvtests/tests/suites/replication/tombstone_test.py:14: in <module>
        from lib389.tombstone import Tombstones
    E   ModuleNotFoundError: No module named 'lib389.tombstone'
    
  • Two lines in allocate() were not changed to ds_paths.prefix.

    /opt/rh/rh-python36/root/usr/lib/python3.6/site-packages/lib389/topologies.py:77: in create_topology
        instance.allocate(args_instance)
    /opt/rh/rh-python36/root/usr/lib/python3.6/site-packages/lib389/__init__.py:558: in allocate
        if args.get(SER_DEPLOYED_DIR, self.prefix) is not None:
    
    self = <lib389.DirSrv object at 0x7fa595edba20>, name = 'prefix'
    
        def __getattr__(self,name):
          if name in self.CLASSATTR_OPTION_MAPPING:
            return self.get_option(self.CLASSATTR_OPTION_MAPPING[name])
          elif name in self.__dict__:
            return self.__dict__[name]
          else:
            raise AttributeError('%s has no attribute %s' % (
    >         self.__class__.__name__,repr(name)
            ))
    E       AttributeError: DirSrv has no attribute 'prefix'
    
  • We will have this failure on old builds. Probably, we need to work it out for compatibility.

            try:
    >         result = func(*args,**kwargs)
    E         ldap.OBJECT_CLASS_VIOLATION: {'desc': 'Object class violation', 'info': 'unknown object class "nsChangelogConfig"\n'}
    

I haven't checked everything yet though. These are the things that block me from running the tests. I'll continue checking the code.

My environment:

RHEL 7.5
platform linux -- Python 3.6.3, pytest-3.3.1, py-1.5.2, pluggy-0.6.0 -- /opt/rh/rh-python36/root/usr/bin/python3
cachedir: .cache
metadata: {'Python': '3.6.3', 'Platform': 'Linux-3.10.0-823.el7.x86_64-x86_64-with-redhat-7.5-Maipo', 'Packages': {'pytest': '3.3.1', 'py': '1.5.2', 'pluggy': '0.6.0'}, 'Plugins': {'metadata': '1.5.1', 'html': '1.16.1'}}
389-ds-base: 1.3.7.5-11.el7
nss: 3.34.0-1.el7
nspr: 4.17.0-1.el7
openldap: 2.4.44-10.el7
svrcore: 4.1.3-2.el7

It helped! 18 tests pass now. But others - dont.

There is another objectClass violation.
E ldap.OBJECT_CLASS_VIOLATION: {'desc': 'Object class violation', 'info': 'attribute "nsds5replicabinddngroup" not allowed\n'}

Besides that, I continue to review the code.

Ahhh yes, I know what would cause this also. Let me update the patch (once more ...) for you :)

Because we really need the code for test automation for BZ verification and the tests mostly pass, I think (and as William proposed) we can one more time try to figure out the issues and push it after this.
The issues:

The first failure:
dirsrvtests/tests/suites/replication/cleanallruv_test.py::test_abort_restart
More logs in the email.
Error log:

[16/Jan/2018:14:22:45.353737044 -0500] - ERR - NSMMReplicationPlugin - acquire_replica - agmt="cn=4" (qeos-9:39004): Unable to acquire replica: permission denied. The bind dn "cn=qeos-9.lab.eng.rdu2.redhat.com:63701,ou=Services,dc=example,dc=com" does not have permission to supply replication updates to the replica. Will retry later.
[16/Jan/2018:14:22:45.611238310 -0500] - INFO - NSMMReplicationPlugin - repl5_tot_run - Beginning total update of replica "agmt="cn=temp_4" (qeos-9:39004)".
[16/Jan/2018:14:22:48.241704138 -0500] - INFO - NSMMReplicationPlugin - repl5_tot_run - Finished total update of replica "agmt="cn=temp_4" (qeos-9:39004)". Sent 16 entries.
[16/Jan/2018:14:22:48.250341645 -0500] - ERR - NSMMReplicationPlugin - acquire_replica - agmt="cn=4" (qeos-9:39004): Unable to acquire replica: permission denied. The bind dn "cn=qeos-9.lab.eng.rdu2.redhat.com:63701,ou=Services,dc=example,dc=com" does not have permission to supply replication updates to the replica. Will retry later.

The second failure is a timing issue:
dirsrvtests/tests/suites/replication/regression_test.py::test_
password_repl_error
We can add some timout loop for checking if the password was replicated (at least 10 turns for the loop). Our testing machines are pretty slow...

The third failure is about SSL error and the fact that replication doesn't happen:
dirsrvtests/tests/suites/replication/tls_client_auth_repl_test.py::test_tls_client_auth
More logs in the email.
Error log for master1:

[16/Jan/2018:15:44:28.195871179 -0500] - WARN - Security Initialization - SSL alert: SSL cert file ((null)) for client authentication does not exist. Using Internal (Software) Token:Server-Cert
[16/Jan/2018:15:44:28.213586262 -0500] - ERR - slapi_ldap_bind - Could not send bind request for id [(anon)] authentication mechanism [EXTERNAL]: error -1 (Can't contact LDAP server), system error 0 (no error), network error 0 (Unknown error, host "qeos-9.lab.eng.rdu2.redhat.com:63702")
[16/Jan/2018:15:45:16.222875959 -0500] - WARN - Security Initialization - SSL alert: Sending pin request to SVRCore. You may need to run systemd-tty-ask-password-agent to provide the password.
[16/Jan/2018:15:45:16.224010533 -0500] - WARN - Security Initialization - SSL alert: SSL key file ((null)) for client authentication does not exist. Using Server-Key
[16/Jan/2018:15:45:16.224556754 -0500] - WARN - Security Initialization - SSL alert: SSL cert file ((null)) for client authentication does not exist. Using Internal (Software) Token:Server-Cert
[16/Jan/2018:15:45:16.241940816 -0500] - ERR - slapi_ldap_bind - Could not send bind request for id [(anon)] authentication mechanism [EXTERNAL]: error -1 (Can't contact LDAP server), system error 0 (no error), network error 0 (Unknown error, host "qeos-9.lab.eng.rdu2.redhat.com:63702")
[16/Jan/2018:15:46:52.254812468 -0500] - WARN - Security Initialization - SSL alert: Sending pin request to SVRCore. You may need to run systemd-tty-ask-password-agent to provide the password.
[16/Jan/2018:15:46:52.256447624 -0500] - WARN - Security Initialization - SSL alert: SSL key file ((null)) for client authentication does not exist. Using Server-Key
[16/Jan/2018:15:46:52.257031597 -0500] - WARN - Security Initialization - SSL alert: SSL cert file ((null)) for client authentication does not exist. Using Internal (Software) Token:Server-Cert
[16/Jan/2018:15:46:52.275598816 -0500] - ERR - slapi_ldap_bind - Could not send bind request for id [(anon)] authentication mechanism [EXTERNAL]: error -1 (Can't contact LDAP server), system error 0 (no error), network error 0 (Unknown error, host "qeos-9.lab.eng.rdu2.redhat.com:63702")

Error log for master2:

[16/Jan/2018:15:43:41.786503871 -0500] - NOTICE - ldbm_back_start - cache autosizing: userRoot entry cache (1 total): 131072k
[16/Jan/2018:15:43:41.787434451 -0500] - NOTICE - ldbm_back_start - cache autosizing: userRoot dn cache (1 total): 65536k
[16/Jan/2018:15:43:41.788327632 -0500] - NOTICE - ldbm_back_start - total cache size: 239887892 B;
[16/Jan/2018:15:43:41.789481715 -0500] - INFO - dblayer_start - Resizing db cache size: 16777216 -> 38561300
[16/Jan/2018:15:43:41.804328156 -0500] - ERR - attrcrypt_cipher_init - No symmetric key found for cipher AES in backend userRoot, attempting to create one...
[16/Jan/2018:15:43:41.808200560 -0500] - INFO - attrcrypt_cipher_init - Key for cipher AES successfully generated and stored
[16/Jan/2018:15:43:41.809018204 -0500] - ERR - attrcrypt_cipher_init - No symmetric key found for cipher 3DES in backend userRoot, attempting to create one...
[16/Jan/2018:15:43:41.811647084 -0500] - INFO - attrcrypt_cipher_init - Key for cipher 3DES successfully generated and stored
[16/Jan/2018:15:43:41.885279867 -0500] - INFO - slapd_daemon - slapd started.  Listening on All Interfaces port 39002 for LDAP requests
[16/Jan/2018:15:43:41.894848040 -0500] - INFO - slapd_daemon - Listening on All Interfaces port 63702 for LDAPS requests

Ok, I've investigated a bit more. There is my update:

dirsrvtests/tests/suites/replication/cleanallruv_test.py::test_abort_restart
We need to use 'certify=True' (replica-certify-all: yes) parameter in abort task during this test. It was failing because of that.

dirsrvtests/tests/suites/replication/regression_test.py::test_password_repl_error
Its a timing issue.

dirsrvtests/tests/suites/replication/tls_client_auth_repl_test.py::test_tls_client_auth
I think, it is not a timing issue.
Probably one of the reasons why it works on your setup is that you have some already existing certs on your machine. You can see a lot of SSL alerts in the logs for master1 I've sent you in the email.

Also, it is a new test, could you please change the date on copyright?

I think we can push the code after fixing first two failures. The third could be more complicated and it's probably just test related. We need the rest of the replica code you've written. :)

Thank you, William!

I think I know the cause of the third failure but can't really discuss. Will email,

OKay, the first failure is NOT from certify as the current test doesn't have that, but possibly from a lack of waiting on the abort task, looking at the original code, there is no verification, so I think this because I structure the test to do a PROPRE reset which exposes an issue in the lack of abort.

Testing now,

Metadata Update from @spichugi:
- Custom field reviewstatus adjusted to ack (was: review)

6 years ago

As per William's request I've checked it once again and have made sure it PASSes.
I've pushed it also by his request. Thank you, William, great patch!

commit e163c44
Author: William Brown firstyear@redhat.com
Date: Fri Dec 8 16:28:17 2017 +0100

Thanks @spichugi I really appreciate your time to review this,

Metadata Update from @firstyear:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

6 years ago

It breaks changelog encryption for1.4 because the schema entry for the objectclass nsChangelogConfig is missing the nsslapd-encryptionalgorithm and nsslapd-symmetrickey attributes

It breaks changelog encryption for1.4 because the schema entry for the objectclass nsChangelogConfig is missing the nsslapd-encryptionalgorithm and nsslapd-symmetrickey attributes

the second attr is nsSymmetricKey. it is defiend later in 50-nsdirectory.ldif file, but allowed in the OC.

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/2575

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: fixed)

3 years ago

Login to comment on this ticket.