Learn more about these different git repos.
Other Git URLs
Issue
Error message changed from: Sorry, user testuser1 may not run sudo on vm-171-135. to: sudo: a password is required
Sorry, user testuser1 may not run sudo on vm-171-135.
sudo: a password is required
_________ TestSudo.test_sudo_rule_restricted_to_one_hostmask_negative __________ self = <ipatests.test_integration.test_sudo.TestSudo object at 0x7fb1069e5080> def test_sudo_rule_restricted_to_one_hostmask_negative(self): result1 = self.list_sudo_commands("testuser1") assert result1.returncode != 0 > assert "Sorry, user testuser1 may not run sudo on {}.".format( self.clientname) in result1.stderr_text E AssertionError: assert 'Sorry, user testuser1 may not run sudo on vm-171-135.' in 'sudo: a password is required\n' E + where 'Sorry, user testuser1 may not run sudo on vm-171-135.' = <built-in method format of str object at 0x7fb106906bd0>('vm-171-135') E + where <built-in method format of str object at 0x7fb106906bd0> = 'Sorry, user testuser1 may not run sudo on {}.'.format E + and 'vm-171-135' = <ipatests.test_integration.test_sudo.TestSudo object at 0x7fb1069e5080>.clientname E + and 'sudo: a password is required\n' = <pytest_multihost.ssh_command.SSHCommand object at 0x7fb1068d20b8>.stderr_text test_integration/test_sudo.py:361: AssertionError
It is originaly connected to https://pagure.io/freeipa/issue/7543
And it could be caused by: https://pagure.io/SSSD/sssd/issue/3733 https://pagure.io/SSSD/sssd/issue/3558
Are there any logs the test left behind?
I've talked to @fbarreto and he gave me the following instructions on how to reproduce the issue. Firstly, we'll need the following patch (f27.patch):
[fidencio@machado ~]$ cat ~/Downloads/f27.patch diff --git a/ipavagrant/constants.py b/ipavagrant/constants.py index ff064b2..3f0361c 100644 --- a/ipavagrant/constants.py +++ b/ipavagrant/constants.py @@ -24,7 +24,7 @@ AUTO_DOMAIN_LEVEL = -1 # please keep ABC order of keys DEFAULT_CONFIG = dict( - box="f26", + box="f27", ci_config_file="ipa-test-config.yaml", domain="ipa.test", ipa_ci_ad_admin_name="Administrator", @@ -132,13 +132,11 @@ box_mapping = { "domain.template": "ipa-Fedora-24-x86_64-developer-brq", }, }, - "f26": { + "f27": { "libvirt": { - "override.vm.box": "f26", + "override.vm.box": "f27", "override.vm.box_url": - "https://download.fedoraproject.org/pub/fedora/linux/releases/" - "26/CloudImages/x86_64/images/Fedora-Cloud-Base-Vagrant-26-1.5" - ".x86_64.vagrant-libvirt.box", + "http://fedora.c3sl.ufpr.br/linux/releases/27/CloudImages/x86_64/images/Fedora-Cloud-Base-Vagrant-27-1.6.x86_64.vagrant-libvirt.box", }, "virtualbox": { "override.vm.box": "box-cutter/fedora26",
And then, just follow:
git clone https://github.com/freeipa/ipa-vagrant-tools/ cd ipa-vagrant-tools git am f27.patch ./ipa-vagrant-ci-topology-create sudo-test --clients 1 --add-package={freeipa-server,freeipa-server-dns,freeipa-tests} --box f27 cd sudo-test; ls rpms/ # put here the rpms you want to install vagrant up vagrant ssh controller $IPATEST_YAML_CONFIG=/vagrant/ipa-test-config.yaml ipa-run-tests test_integration/test_sudo.py::TestSudo::test_sudo_rule_restricted_to_one_hostmask_negative --verbose --logging-level=DEBUG --pdb
He also mentioned that he's not completely sure we can just run the method. In case it fails, we should run the whole tests' class:
$IPATEST_YAML_CONFIG=/vagrant/ipa-test-config.yaml ipa-run-tests test_integration/test_sudo.py::TestSudo --verbose --logging-level=DEBUG --pdb
@fbarreto, thanks a lot, you saved us some nice amount of time! :-)
<img alt="-TestSudo--test_sudo_rule_restricted_to_one_host_negative.zip" src="/SSSD/sssd/issue/raw/files/03863e888cdba37b88f11eade517443f252f2ffbff113376a62fc746ebb21e56--TestSudo--test_sudo_rule_restricted_to_one_host_negative.zip" /> <img alt="-TestSudo--test_sudo_rule_restricted_to_one_host_negative_setup.zip" src="/SSSD/sssd/issue/raw/files/a5be5b2a1f44cbcb2868effca4ba7ddfed80fdd78827bad3e834736819f804cc--TestSudo--test_sudo_rule_restricted_to_one_host_negative_setup.zip" /> <img alt="-TestSudo--test_sudo_rule_restricted_to_one_host_negative_teardown.zip" src="/SSSD/sssd/issue/raw/files/f1a2ab0c367df886ba686d19d82bb61d068d88ef9699e66c1887eac714a7096c--TestSudo--test_sudo_rule_restricted_to_one_host_negative_teardown.zip" />
The test is failing if you run whole test suite in the vagrant machinery. If you choose just proper test, it pass.
{{ sudo IPATEST_YAML_CONFIG=/vagrant/ipa-test-config.yaml ipa-run-tests test_integration/test_sudo.py::TestSudo --verbose --logging-level=DEBUG --pdb }}
Okay, I've bisected SSSD and the faulty patch is 47ad077.
Basically, I will leave up to @pbrezina whether he'd prefer to close this one as a dup of #3733 or not (as, although the regression was not introduced by the same patch, it was introduced by the same series).
@pcech, please, I'd like you to confirm that reverting the patch solves the issue. The easiest way to test is, after cloning the ipa-vagrant-tools and applying the f27 patch, do:
./ipa-vagrant-ci-topology-create sudo-test --clients 1 --add-package={freeipa-server,freeipa-server-dns,freeipa-tests} --box f27 cd sudo-test; cd rpms/ && koji download-task 27162149 && rm sssd-1.16.1-8.fc27.20180524083617.pcech.src.rpm && cd - vagrant up vagrant ssh controller # download freeipa, build it ... and the run IPATEST_YAML_CONFIG=/vagrant/ipa-test-config.yaml ipa-run-tests test_integration/test_sudo.py --verbose --logging-level=DEBUG --pdb
I've just tested here following the steps provided and the test passed.
Metadata Update from @fidencio: - Issue tagged with: regression
Can you point me to the exact test that failed? Or do we have a manual reproducer?
@pbrezina,
test_sudo_rule_restricted_to_one_hostmask_negative is the test failing. However, in order to get a failure there you have to run the whole test suit as per https://pagure.io/SSSD/sssd/issue/3742#comment-513462
test_sudo_rule_restricted_to_one_hostmask_negative
@fidencio , good news to everyone! The tests are green with rpms provided by Fabiano.
I'll revert the change on Fedora and keep this ticket opened in order to investigate it properly.
As discussed with @pbrezina Today, there may be some issue even on the tests themselves.
Metadata Update from @fidencio: - Issue assigned to fidencio
PR: https://github.com/SSSD/sssd/pull/583
Metadata Update from @fidencio: - Issue tagged with: PR
master: 179c7fb
Metadata Update from @fidencio: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.16.2
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4750
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.