#8987 Nightly test failure in test_integration/test_trust.py/TestTrust/test_extdom_plugin
Closed: fixed 7 months ago by sorlov. Opened 8 months ago by mpolovka.

The nightly test test_extdom_plugin is failing in [testing_ipa-4.6] Nightly PR #1153 with an error

    def test_extdom_plugin(self):
        """Extdom plugin should not return error (32)/'No such object'

            Regression test for https://pagure.io/freeipa/issue/8044

            If there is a timeout during a request to SSSD the extdom plugin
            should not return error 'No such object' and the existing user should
            not be added to negative cache on the client.
        extdom_dn = DN(
            ('cn', 'ipa_extdom_extop'), ('cn', 'plugins'),
            ('cn', 'config')

        client = self.clients[0]
        tasks.backup_file(self.master, paths.SSSD_CONF)
        log_file = '{0}/sssd_{1}.log'.format(paths.VAR_LOG_SSSD_DIR,
        logsize = len(client.get_file_contents(log_file))
        res = self.master.run_command(['pidof', 'sssd_be'])
        pid = res.stdout_text.strip()
        test_id = 'id testuser@%s' % self.ad_domain

        conn = self.master.ldap_connect()
        entry = conn.get_entry(extdom_dn)  # pylint: disable=no-member
        orig_extdom_timeout = entry.single_value.get('ipaextdommaxnsstimeout')

        # set the extdom plugin timeout to 1s (1000)
        entry.single_value['ipaextdommaxnsstimeout'] = 1000
        conn.update_entry(entry)  # pylint: disable=no-member
        self.master.run_command(['ipactl', 'restart'])

        with tasks.remote_sssd_config(self.master) as sssd_conf:
            sssd_conf.edit_domain(self.master.domain, 'timeout', '999999')

        remove_cache = 'sss_cache -E'

            # stop sssd_be, needed to simulate a timeout in the extdom plugin.
            stop_sssdbe = self.master.run_command('kill -STOP %s' % pid)
            error = 'ldap_extended_operation result: No such object(32)'
            sssd_log2 = client.get_file_contents(log_file)[logsize:]
>           assert error.encode() not in sssd_log2
E           assert b'ldap_extended_operation result: No such object(32)' not in b"(Mon Sep  6 14:52:43 2021) [sssd[be[ipa.test]]] [dp_attach_req] (0x0400): DP Request [Subdomains #4]: New request. F...moved.\n(Mon Sep  6 14:53:33 2021) [sssd[be[ipa.test]]] [dp_req_destructor] (0x0400): Number of active DP request: 0\n"
E            +  where b'ldap_extended_operation result: No such object(32)' = <built-in method encode of str object at 0x7f7664cc2780>()
E            +    where <built-in method encode of str object at 0x7f7664cc2780> = 'ldap_extended_operation result: No such object(32)'.encode

test_integration/test_trust.py:301: AssertionError

Full report

Current scenario:

  1. note the log size of /var/log/sssd/sssd_ipa.test.log on the client as starting point
  2. get pid of sssd_be process on master
  3. run "id testuser@ad" on client
  4. save the ipaextdommaxnsstimeout setting from cn=ipa_extdom_extop,cn=plugins,cn=config
  5. modify the above value to 1s
  6. restart ipa on master
  7. modify sssd.conf on master with timeout 999999
  8. remove SSSD cache on master and on client
  9. suspend sssd_be on master
  10. run "id testuser@ad" on client
  11. check log content on client after the starting point

The log starting point is obtained too early IMO, should be probably done just before step 10.

Metadata Update from @sorlov:
- Issue assigned to sorlov

8 months ago

I have a strong feeling that this failure is related to https://github.com/freeipa/freeipa/pull/5991

Need to find out why it is affecting only ipa-4-6.
The code of test_extdom_plugin() is identical in master and ipa-4-6 branches

Some observations:
- test is failing only for ipa-4-6 branch
- Backport for PR5991 was merged into ipa-4-6 on 2.9.2021
- The test passed on 29.08.2021 and started failing since 5.9.2021
- Test fails in 100% of runs (checked with 9 runs)


  • 2a7285c ipatests: check for message in sssd log only during actual test action


  • c82fefd ipatests: check for message in sssd log only during actual test action


  • e600766 ipatests: check for message in sssd log only during actual test action

Metadata Update from @sorlov:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

7 months ago

Login to comment on this ticket.