#8346 Nightly failure in test_integration/test_sssd.py::TestSSSDWithAdTrust::test_trustdomain_disable_does_not_disable_root_domain
Opened 6 months ago by frenaud. Modified a month ago

The nightly test test_integration/test_sssd.py::TestSSSDWithAdTrust::test_trustdomain_disable_does_not_disable_root_domain is failing in the command ipa trustdomain-disable, claiming that that the child domain is not found.
See PR #222, with logs:

self = <ipatests.test_integration.test_sssd.TestSSSDWithAdTrust object at 0x7f89cac7d460>
user_origin = 'ipa'

    @pytest.mark.parametrize('user_origin', ['ipa', 'ad'])
    def test_trustdomain_disable_does_not_disable_root_domain(self,
                                                              user_origin):
        """Test that disabling trustdomain does not affect other domains."""
        user = self.users[user_origin]['name']
>       with self.disabled_trustdomain():

test_integration/test_sssd.py:387: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
/usr/lib64/python3.8/contextlib.py:113: in __enter__
    return next(self.gen)
test_integration/test_sssd.py:372: in disabled_trustdomain
    self.master.run_command(['ipa', 'trustdomain-disable',
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <ipatests.pytest_ipa.integration.host.Host master.ipa.test (master)>
argv = ['ipa', 'trustdomain-disable', 'ad.test', 'child.ad.test']
set_env = True, stdin_text = None, log_stdout = True, raiseonerr = True
cwd = None, bg = False, encoding = 'utf-8', ok_returncode = 0

    def run_command(self, argv, set_env=True, stdin_text=None,
                    log_stdout=True, raiseonerr=True,
                    cwd=None, bg=False, encoding='utf-8', ok_returncode=0):
        """Wrapper around run_command to log stderr on raiseonerr=True

        :param ok_returncode: return code considered to be correct,
                              you can pass an integer or sequence of integers
        """
        result = super().run_command(
            argv, set_env=set_env, stdin_text=stdin_text,
            log_stdout=log_stdout, raiseonerr=False, cwd=cwd, bg=bg,
            encoding=encoding
        )
        # in FIPS mode SSH may print noise to stderr, remove the string
        # "FIPS mode initialized" + optional newline.
        result.stderr_bytes = FIPS_NOISE_RE.sub(b'', result.stderr_bytes)
        try:
            result_ok = result.returncode in ok_returncode
        except TypeError:
            result_ok = result.returncode == ok_returncode
        if not result_ok and raiseonerr:
            result.log.error('stderr: %s', result.stderr_text)
>           raise subprocess.CalledProcessError(
                result.returncode, argv,
                result.stdout_text, result.stderr_text
            )
E           subprocess.CalledProcessError: Command '['ipa', 'trustdomain-disable', 'ad.test', 'child.ad.test']' returned non-zero exit status 2.

pytest_ipa/integration/host.py:200: CalledProcessError
 ------------------------------Captured stderr call------------------------------ 

[ipatests.pytest_ipa.integration.host.Host.master.cmd586] Exit code: 0
[ipatests.pytest_ipa.integration.host.Host.master.IPAOpenSSHTransport] RUN ['rm', '-f', '/tmp/tmp.nt6hfA8uNq']
[ipatests.pytest_ipa.integration.host.Host.master.cmd587] RUN ['rm', '-f', '/tmp/tmp.nt6hfA8uNq']
[ipatests.pytest_ipa.integration.host.Host.master.cmd587] Exit code: 0
[ipatests.pytest_ipa.integration] Collecting journal from: client0.ipa.test
[ipatests.pytest_ipa.integration.host.Host.client0.IPAOpenSSHTransport] RUN ['journalctl', '--since', '-1h']
[ipatests.pytest_ipa.integration.host.Host.client0.cmd135] RUN ['journalctl', '--since', '-1h']
[ipatests.pytest_ipa.integration.host.Host.client0.cmd135] Exit code: 0
[ipatests.pytest_ipa.integration] Collecting journal from: master.ipa.test
[ipatests.pytest_ipa.integration.host.Host.master.IPAOpenSSHTransport] RUN ['journalctl', '--since', '-1h']
[ipatests.pytest_ipa.integration.host.Host.master.cmd588] RUN ['journalctl', '--since', '-1h']
[ipatests.pytest_ipa.integration.host.Host.master.cmd588] Exit code: 0
[ipatests.pytest_ipa.integration.host.Host.master.IPAOpenSSHTransport] RUN ['ipa', 'trustdomain-disable', 'ad.test', 'child.ad.test']
[ipatests.pytest_ipa.integration.host.Host.master.cmd589] RUN ['ipa', 'trustdomain-disable', 'ad.test', 'child.ad.test']
[ipatests.pytest_ipa.integration.host.Host.master.cmd589] ipa: ERROR: child.ad.test: trust domain not found
[ipatests.pytest_ipa.integration.host.Host.master.cmd589] Exit code: 2
ipa: ERROR: stderr: ipa: ERROR: child.ad.test: trust domain not found


 -------------------------------Captured log call-------------------------------- 
INFO     ipatests.pytest_ipa.integration.host.Host.master.IPAOpenSSHTransport:transport.py:391 RUN ['ipa', 'trustdomain-disable', 'ad.test', 'child.ad.test']
DEBUG    ipatests.pytest_ipa.integration.host.Host.master.cmd589:transport.py:513 RUN ['ipa', 'trustdomain-disable', 'ad.test', 'child.ad.test']
DEBUG    ipatests.pytest_ipa.integration.host.Host.master.cmd589:transport.py:557 ipa: ERROR: child.ad.test: trust domain not found
DEBUG    ipatests.pytest_ipa.integration.host.Host.master.cmd589:transport.py:217 Exit code: 2
ERROR    ipatests.pytest_ipa.integration.host.Host.master.cmd589:host.py:199 stderr: ipa: ERROR: child.ad.test: trust domain not found

We can see in dirsrv logs that the search for child.ad.test does not return any entry:

[04/Jun/2020:06:41:16.615791127 +0000] conn=232 op=3 SRCH base="cn=ad.test,cn=ad,cn=trusts,dc=ipa,dc=test" scope=0 filter="(objectClass=*)" attrs=ALL
[04/Jun/2020:06:41:16.617714611 +0000] conn=232 op=3 RESULT err=0 tag=101 nentries=1 etime=0.002052851
[04/Jun/2020:06:41:16.619621234 +0000] conn=232 op=4 SRCH base="cn=child.ad.test,cn=ad.test,cn=ad,cn=trusts,dc=ipa,dc=test" scope=0 filter="(objectClass=*)" attrs=ALL
[04/Jun/2020:06:41:16.619897097 +0000] conn=232 op=4 RESULT err=32 tag=101 nentries=0 etime=0.000426176

In normal case, ipa trust-add should also check if the ad.test domain defines child domains (using Dbus as the trust is one-way in this test), and add them. There is no ADD operation for any child domain in the access logs.


Also happened in [testing_ipa-4.8_previous], PR #349, report and logs

Another occurrence in PR #485 [testing_master_latest] with fedora 32.

Login to comment on this ticket.

Metadata