b70e30d Uninstall without starting the CA in cert expiration test

1 file Authored by rcritten 2 years ago, Committed by frenaud 2 years ago,
    Uninstall without starting the CA in cert expiration test
    
    Some certificates may have started renewal so returning to
    present time can bind the server up with trying to renew.
    
    certmonger fires off helpers when it's time to renew
    certificates. This scenario puts the time within the renewal
    window. If certmonger notices while the test is running it
    will kick off renewal for all 12 certificates.
    
    A lock is used to serialize things. The CA was shut down prior
    to changing time so there is no chance of issuing new certs.
    
    A fixture was used to ensure that things restarted when
    the test was over. This was for chronyd and the CA. By restarting
    the CA we allow the chance that it will be able to do some
    work, versus returning a connection error and letting
    certmonger just error out (CA_UNREACHABLE).
    
    During uninstallation we call certmonger remove_request over
    DBus (the equivalent to stop-tracking). As part of this
    certmonger waits for any child (helper) processes to go away.
    This used to do it via SIGKILL but that caused other problems
    so it was changed to waitpid(). We know that it isn't going to
    return for a while because the CA isn't up. DBus has a
    hardcoded 25 second timeout. So we're guaranteed to get a
    DBus timeout. We *could* try to play with it and change the
    timeout, or retry a bunch of times, but it isn't worth the
    hassle.
    
    This is a contrived scenario that uninstalls immediately after
    tweaking time forward. So rather than trying to make this
    succesful, uninstall at the future time with the CA stopped
    so that helpers won't be hanging around and certmonger can
    remove the certs.
    
    This is the last test so also the last time we need the replica
    so to avoid replication bogging things down remove that prior
    to executing the test. It's one less moving part during the
    uninstall phase.
    
    https://pagure.io/freeipa/issue/8506
    
    Signed-off-by: Rob Crittenden <rcritten@redhat.com>
    Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
    Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>