From 05acc9c1f5b39c2fae27f53a2b1d1e3dca72b29b Mon Sep 17 00:00:00 2001 From: Mohammad Rizwan Yusuf Date: Dec 11 2017 08:56:04 +0000 Subject: ipatest: replica install with existing entry on master replica install might fail because of existing entry for replica like `cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX` etc. The situation may arise due to incorrect uninstall of replica or ipa server-del is not executed on master. related bug : https://pagure.io/freeipa/issue/7174 Fixes: https://pagure.io/freeipa/issue/7276 Signed-off-by: Mohammad Rizwan Yusuf Reviewed-By: Christian Heimes --- diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py index bc52566..4629d1f 100644 --- a/ipatests/test_integration/test_replica_promotion.py +++ b/ipatests/test_integration/test_replica_promotion.py @@ -3,6 +3,8 @@ # import time +from tempfile import NamedTemporaryFile +import textwrap import pytest from ipatests.test_integration.base import IntegrationTest from ipatests.pytest_plugins.integration import tasks @@ -483,3 +485,45 @@ class TestRenewalMaster(IntegrationTest): assert("IPA CA renewal master: %s" % self.master.hostname in result), ( "Master hostname not found among CA renewal masters" ) + + +class TestReplicaInstallWithExistingEntry(IntegrationTest): + """replica install might fail because of existing entry for replica like + `cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX` etc. The situation + may arise due to incorrect uninstall of replica. + + https://pagure.io/freeipa/issue/7174""" + + num_replicas = 1 + + def test_replica_install_with_existing_entry(self): + master = self.master + tasks.install_master(master) + replica = self.replicas[0] + tf = NamedTemporaryFile() + ldif_file = tf.name + base_dn = "dc=%s" % (",dc=".join(replica.domain.name.split("."))) + # adding entry for replica on master so that master will have it before + # replica installtion begins and creates a situation for pagure-7174 + entry_ldif = textwrap.dedent(""" + dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,{base_dn} + changetype: modify + add: memberPrincipal + memberPrincipal: HTTP/{hostname}@{realm} + + dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,{base_dn} + changetype: modify + add: memberPrincipal + memberPrincipal: ldap/{hostname}@{realm}""").format( + base_dn=base_dn, hostname=replica.hostname, + realm=replica.domain.name.upper()) + master.put_file_contents(ldif_file, entry_ldif) + arg = ['ldapmodify', + '-h', master.hostname, + '-p', '389', '-D', + str(master.config.dirman_dn), # pylint: disable=no-member + '-w', master.config.dirman_password, + '-f', ldif_file] + master.run_command(arg) + + tasks.install_replica(master, replica) diff --git a/ipatests/test_integration/test_replication_layouts.py b/ipatests/test_integration/test_replication_layouts.py index f140845..d631cad 100644 --- a/ipatests/test_integration/test_replication_layouts.py +++ b/ipatests/test_integration/test_replication_layouts.py @@ -1,5 +1,5 @@ # -# Copyright (C) 2015 FreeIPA Contributors see COPYING for license +# Copyright (C) 2017 FreeIPA Contributors see COPYING for license # import time