QE: Fix and improve server hostname rename test

Signed-off-by: Dominik Gedon <dominik.gedon@suse.com>
nodeg · Oct 20, 2023 · 77df6c1 · 77df6c1
1 parent 693e63a
commit 77df6c1
Show file tree

Hide file tree

Showing 3 changed files with 131 additions and 19 deletions.
diff --git a/testsuite/features/secondary/srv_rename_hostname.feature b/testsuite/features/secondary/srv_rename_hostname.feature
@@ -21,6 +21,51 @@ Feature: Reconfigure the server's hostname
     When I change the server's short hostname from hosts and hostname files
     And I run spacewalk-hostname-rename command on the server
 
+@proxy
+  Scenario: Copy the new server keys and configure the proxy
+    When I copy server's keys to the proxy
+    And I configure the proxy
+    Then I should see "proxy" via spacecmd
+    When I restart the "salt-minion" service on "proxy"
+    Then service "salt-minion" is active on "proxy"
+    When I restart the "salt-broker" service on "proxy"
+    Then service "salt-broker" is active on "proxy"
+
+@proxy
+  Scenario: Apply high state on the proxy to populate new server CA
+    When I apply highstate on "proxy"
+
+@sle_minion
+  Scenario: Apply high state on the SUSE Minion to populate new server CA
+    When I apply highstate on "sle_minion"
+
+@ssh_minion
+  Scenario: Apply high state on the SUSE SSH Minion to populate new server CA
+    When I apply highstate on "ssh_minion"
+
+@rhlike_minion
+  Scenario: Apply high state on the Red Hat-like Minion to populate new server CA
+    When I apply highstate on "rhlike_minion"
+
+@deblike_minion
+  Scenario: Apply high state on the Debian-like Minion to populate new server CA
+    When I apply highstate on "deblike_minion"
+
+@buildhost
+  Scenario: Apply high state on the build host to populate new server CA
+    When I apply highstate on "build_host"
+
+@virthost_kvm
+  Scenario: Apply high state on the virthost to populate new server CA
+    When I apply highstate on "kvm_server"
+
+@pxeboot_minion
+  Scenario: Apply high state on the PXE boot minion to populate new server CA
+    When I apply highstate on "pxeboot_minion"
+
+  Scenario: Check all new server certificates on the minions
+    When I check all certificates after renaming the server hostname
+
   Scenario: Do some minimal smoke test on the renamed server
     Given I am on the Systems overview page of this "sle_minion"
     When I follow "Details" in the content area
@@ -40,3 +85,48 @@ Feature: Reconfigure the server's hostname
   Scenario: Change hostname back and reboot server
     When I change back the server's hostname
     And I run spacewalk-hostname-rename command on the server
+
+@proxy
+  Scenario: Copy the new server keys and configure the proxy
+    When I copy server's keys to the proxy
+    And I configure the proxy
+    Then I should see "proxy" via spacecmd
+    When I restart the "salt-minion" service on "proxy"
+    Then service "salt-minion" is active on "proxy"
+    When I restart the "salt-broker" service on "proxy"
+    Then service "salt-broker" is active on "proxy"
+
+@proxy
+  Scenario: Apply high state on the proxy to populate new server CA
+    When I apply highstate on "proxy"
+
+@sle_minion
+  Scenario: Apply high state on the SUSE Minion to populate new server CA
+    When I apply highstate on "sle_minion"
+
+@ssh_minion
+  Scenario: Apply high state on the SUSE SSH Minion to populate new server CA
+    When I apply highstate on "ssh_minion"
+
+@rhlike_minion
+  Scenario: Apply high state on the Red Hat-like Minion to populate new server CA
+    When I apply highstate on "rhlike_minion"
+
+@deblike_minion
+  Scenario: Apply high state on the Debian-like Minion to populate new server CA
+    When I apply highstate on "deblike_minion"
+
+@buildhost
+  Scenario: Apply high state on the build host to populate new server CA
+    When I apply highstate on "build_host"
+
+@virthost_kvm
+  Scenario: Apply high state on the virthost to populate new server CA
+    When I apply highstate on "kvm_server"
+
+@pxeboot_minion
+  Scenario: Apply high state on the PXE boot minion to populate new server CA
+    When I apply highstate on "pxeboot_minion"
+
+  Scenario: Check all new server certificates on the minions
+    When I check all certificates after renaming the server hostname
diff --git a/testsuite/features/step_definitions/command_steps.rb b/testsuite/features/step_definitions/command_steps.rb
@@ -1459,13 +1459,18 @@
 When(/^I change the server's short hostname from hosts and hostname files$/) do
   server_node = get_target('server')
   old_hostname = server_node.hostname
-  new_hostname = old_hostname + '2'
+  new_hostname = old_hostname + '-renamed'
   log "Old hostname: #{old_hostname} - New hostname: #{new_hostname}"
   server_node.run("sed -i 's/#{old_hostname}/#{new_hostname}/g' /etc/hostname &&
                    hostname #{new_hostname} &&
                    echo '#{server_node.public_ip} #{server_node.full_hostname} #{old_hostname}' >> /etc/hosts &&
                    echo '#{server_node.public_ip} #{new_hostname}#{server_node.full_hostname.delete_prefix(server_node.hostname)} #{new_hostname}' >> /etc/hosts")
-  get_target('server', refresh: true) # This will refresh the attributes of this node
+  # This will refresh the attributes of this node
+  get_target('server', refresh: true)
+  hostname, _result = get_target('server').run('hostname')
+  hostname.strip!
+
+  raise "Wrong hostname after changing it. Is: #{hostname}, should be: #{new_hostname}" unless hostname == new_hostname
 
   # Add the new hostname on controller's /etc/hosts to resolve in smoke tests
   `echo '#{server_node.public_ip} #{new_hostname}#{server_node.full_hostname.delete_prefix(server_node.hostname)} #{new_hostname}' >> /etc/hosts`
@@ -1494,8 +1499,7 @@
   end
 
   # Update the server CA certificate since it changed, otherwise all API and browser uses will fail
-  update_ca('controller')
-  update_ca('proxy')
+  update_controller_ca
 
   # Reset the API client to take the new CA into account
   reset_api_client
@@ -1504,16 +1508,43 @@
   raise 'Error in the output logs - see logs above' if out_spacewalk.include? 'No such file or directory'
 end
 
+When(/^I check all certificates after renaming the server hostname$/) do
+  # get server certificate serial to compare it with the other minions
+  command_server = "openssl x509 --noout --text -in /etc/pki/trust/anchors/LOCAL-RHN-ORG-TRUSTED-SSL-CERT | grep -A1 'Serial' | grep -v 'Serial'"
+  server_cert_serial, result_code = get_target('server').run(command_server)
+  server_cert_serial.strip!
+  log "Server certificate serial: #{server_cert_serial}"
+
+  raise 'Error getting server certificate serial!' unless result_code.zero?
+
+  command_minion = "openssl x509 --noout --text -in /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT | grep -A1 'Serial' | grep -v 'Serial'"
+  targets = %w[proxy sle_minion ssh_minion rhlike_minion deblike_minion build_host kvm_server]
+  targets.each do |target|
+    # get all defined minions from the environment variables and check their certificate serial
+    next unless ENV.key? ENV_VAR_BY_HOST[target]
+    minion_cert_serial, result_code = get_target(target).run(command_minion)
+    minion_cert_serial.strip!
+    log "#{target} certificate serial: #{minion_cert_serial}"
+
+    raise 'Error getting server certificate serial!' unless result_code.zero?
+    raise "Error comparing #{target} certificate with server!" unless minion_cert_serial == server_cert_serial
+  end
+end
+
 When(/^I change back the server's hostname$/) do
   server_node = get_target('server')
   old_hostname = server_node.hostname
-  new_hostname = old_hostname.delete_suffix('2')
+  new_hostname = old_hostname.delete_suffix('-renamed')
   log "Old hostname: #{old_hostname} - New hostname: #{new_hostname}"
   server_node.run("sed -i 's/#{old_hostname}/#{new_hostname}/g' /etc/hostname &&
                    hostname #{new_hostname} &&
                    sed -i \'$d\' /etc/hosts &&
                    sed -i \'$d\' /etc/hosts")
   get_target('server', refresh: true) # This will refresh the attributes of this node
+  hostname, _result = get_target('server').run('hostname')
+  hostname.strip!
+
+  raise "Wrong hostname after changing it. Is: #{hostname}, should be: #{new_hostname}" unless hostname == new_hostname
 
   # Cleanup the temporary entry in /etc/hosts on the controller
   `sed -i \'$d\' /etc/hosts`

diff --git a/testsuite/features/support/commonlib.rb b/testsuite/features/support/commonlib.rb
@@ -418,23 +418,14 @@ def file_inject(node, local_file, remote_file)
 end
 
 # This function updates the server certificate on the controller node
-def update_ca(node)
+def update_controller_ca
   server_ip = get_target('server').public_ip
   server_name = get_target('server').full_hostname
 
-  case node
-  when 'proxy'
-    command = "wget http://#{server_ip}/pub/RHN-ORG-TRUSTED-SSL-CERT -O /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT; " \
-      'update-ca-certificates;'
-    get_target('proxy').run('rm /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT', verbose: true)
-    get_target('proxy').run(command, verbose: true)
-  else
-    # controller
-    puts `rm /etc/pki/trust/anchors/*;
-    wget http://#{server_ip}/pub/RHN-ORG-TRUSTED-SSL-CERT -O /etc/pki/trust/anchors/#{server_name}.cert &&
-    update-ca-certificates &&
-    certutil -d sql:/root/.pki/nssdb -A -t TC -n "susemanager" -i  /etc/pki/trust/anchors/#{server_name}.cert`
-  end
+  puts `rm /etc/pki/trust/anchors/*;
+  wget http://#{server_ip}/pub/RHN-ORG-TRUSTED-SSL-CERT -O /etc/pki/trust/anchors/#{server_name}.cert &&
+  update-ca-certificates &&
+  certutil -d sql:/root/.pki/nssdb -A -t TC -n "susemanager" -i  /etc/pki/trust/anchors/#{server_name}.cert`
 end
 
 # This functions checks if the channel has been synced