-
Notifications
You must be signed in to change notification settings - Fork 180
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
QE: Fix and improve the server hostname rename test #7700
Conversation
@sle_minion | ||
Scenario: Apply high state on the SUSE Minion to populate new server CA | ||
When I apply highstate on "sle_minion" | ||
|
||
@ssh_minion | ||
Scenario: Apply high state on the SUSE SSH Minion to populate new server CA | ||
When I apply highstate on "ssh_minion" | ||
|
||
@rhlike_minion | ||
Scenario: Apply high state on the Red Hat-like Minion to populate new server CA | ||
When I apply highstate on "rhlike_minion" | ||
|
||
@deblike_minion | ||
Scenario: Apply high state on the Debian-like Minion to populate new server CA | ||
When I apply highstate on "deblike_minion" | ||
|
||
@buildhost | ||
Scenario: Apply high state on the build host to populate new server CA | ||
When I apply highstate on "build_host" | ||
|
||
@virthost_kvm | ||
Scenario: Apply high state on the virthost to populate new server CA | ||
When I apply highstate on "kvm_server" | ||
|
||
@pxeboot_minion | ||
Scenario: Apply high state on the PXE boot minion to populate new server CA | ||
When I apply highstate on "pxeboot_minion" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would use SSM to apply high state to all the registered systems at the same time.
That way if we add any other system in our CI test suite later, we don't need to go here and maintain this part.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good idea. I still have issues with high state for the proxy when doing it with Salt:
@proxy
Scenario: Apply high state on the proxy to populate new server CA # features/secondary/srv_rename_hostname.feature:67
This scenario ran at: 2023-10-18 09:37:30 +0200
Given the Salt master can reach "proxy" # features/step_definitions/salt_steps.rb:11
It took 1 seconds to contact the minion
And I apply highstate on "proxy" # features/step_definitions/command_steps.rb:241
Timeout after 250 seconds (repeat_until_timeout), last result was: bash: dominik-pxy.mgr.suse.de: command not found
(RuntimeError)
./features/support/commonlib.rb:117:in `block in repeat_until_timeout'
./features/support/commonlib.rb:100:in `repeat_until_timeout'
./features/support/lavanda.rb:193:in `run_until_ok'
./features/step_definitions/command_steps.rb:248:in `/^I apply highstate on "([^"]*)"$/'
features/secondary/srv_rename_hostname.feature:69:in `I apply highstate on "proxy"'
which uses
When(/^I apply highstate on "([^"]*)"$/) do |host|
system_name = get_system_name(host)
if host.include? 'ssh_minion'
cmd = 'mgr-salt-ssh'
elsif host.include? 'minion' or host.include? 'build'
cmd = 'salt'
end
get_target('server').run_until_ok("#{cmd} #{system_name} state.highstate")
end
And running salt dominik-pxy.mgr.suse.de state.highstate
manually from the server works.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After wondering about SSM, I think we do not yet have a step to select all systems from the systems list and add them to the SSM.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here a new proposal scenario that will apply high-state in all registered systems:
Scenario: Apply high-state to all systems registered
When I follow the left menu "System > System List > All"
And I click on "Select All"
And I follow the left menu "Systems > System Set Manager > Overview"
And I click on "Apply"
And I click on "Apply Highstate"
And I click on the clear SSM button
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the suggestion. I will do some test run with this code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Scenario: Apply high-state to all systems registered # features/secondary/srv_rename_hostname.feature:34
This scenario ran at: 2023-10-20 16:35:03 +0200
When I follow the left menu "System > System List > All" # features/step_definitions/navigation_steps.rb:363
WARN: Step ends with an ajax transition not finished, let's wait a bit!
And I click on "Select All" # features/step_definitions/navigation_steps.rb:282
And I follow the left menu "Systems > System Set Manager" # features/step_definitions/navigation_steps.rb:363
WARN: Step ends with an ajax transition not finished, let's wait a bit!
And I click on "Apply" # features/step_definitions/navigation_steps.rb:282
Unable to find button "Apply" that is not disabled (Capybara::ElementNotFound)
./features/support/commonlib.rb:146:in `click_button_and_wait'
./features/step_definitions/navigation_steps.rb:283:in `/^I click on "([^"]*)"$/'
features/secondary/srv_rename_hostname.feature:38:in `I click on "Apply"'
And I click on "Apply Highstate" # features/step_definitions/navigation_steps.rb:282
Then I should see a "Applying the highstate has been scheduled" text # features/step_definitions/navigation_steps.rb:599
And I click on the clear SSM button # features/step_definitions/navigation_steps.rb:799
=> /var/log/rhn/rhn_web_ui.log
It seems no systems were selected before. This is the screen when no systems are currently selected:
57ac40a
to
c1b95a5
Compare
I implemented some basic certificate and hostname checks which did work: (...)
Scenario: Check all new server certificates on the minions # features/secondary/srv_rename_hostname.feature:131
This scenario ran at: 2023-10-19 14:42:12 +0200
When I check all certificates after renaming the server hostname # features/step_definitions/command_steps.rb:1626
Server certificate serial: 0a:cb:26:d4:e6:56:6a:0d:24:a9:52:d1:01:af:ab:a6:ce:36:81:f5
proxy certificate serial: 0a:cb:26:d4:e6:56:6a:0d:24:a9:52:d1:01:af:ab:a6:ce:36:81:f5
sle_minion certificate serial: 0a:cb:26:d4:e6:56:6a:0d:24:a9:52:d1:01:af:ab:a6:ce:36:81:f5
ssh_minion certificate serial: 0a:cb:26:d4:e6:56:6a:0d:24:a9:52:d1:01:af:ab:a6:ce:36:81:f5
This scenario took: 1 seconds
24 scenarios (10 skipped, 14 passed)
47 steps (10 skipped, 37 passed)
5m42.736s |
95aa7d9
to
11139ed
Compare
I will squash my commits before merging. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM but I could not go into all tiny details.
Nice you have moved the highstate step to salt steps! 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM but I could not get into all implied logic, as I did not follow the issue closely.
See nitpick (maybe just a matter of tastes)
hostname, _result = get_target('server').run("hostname") | ||
hostname.strip! | ||
|
||
raise "Wrong hostname after changing it. Is: #{hostname}, should be: #{new_hostname}" unless hostname == new_hostname |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe such basic checks would deserve a Then
step of their own. It would make more explicit / readable that we do them.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, we could do that. However, my main issue with this is, that our hostname rename and then changing the hostname back step, has a hardcoded new hostname variable in it. We do not define this new hostname in the step itself. Which is good, since across all our CIs and PR tests, the prefix of the hostname is different. Those are the reasons why I did not implement a new step of its own to check for the new hostname.
11139ed
to
6521d86
Compare
👋 Hello! Thanks for contributing to our project 😄 |
👋 Hello! Thanks for contributing to our project 😄 |
targets = %w[proxy sle_minion ssh_minion rhlike_minion deblike_minion build_host kvm_server] | ||
targets.each do |target| | ||
# get all defined minions from the environment variables and check their certificate serial | ||
next unless ENV.key? ENV_VAR_BY_HOST[target] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can either do this or:
next if $node_by_host[target].nil?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But at a higher level, I think you can also do:
$host_by_node.each do |node, _host|
minion_cert_serial, result_code = node.run(command_minion)
minion_cert_serial.strip!
log "#{target} certificate serial: #{minion_cert_serial}"
raise 'Error getting server certificate serial!' unless result_code.zero?
raise "Error comparing #{target} certificate with server!" unless minion_cert_serial == server_cert_serial
end
Bearing in mind that if you use this suggested loop, you will be iterating over all initialized twopences, so not only some particular targets.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the suggestion. I will do some test run with this code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This broke the code somehow.
Scenario: Check all new server certificates on the minions # features/secondary/srv_rename_hostname.feature:134
This scenario ran at: 2023-10-20 16:53:27 +0200
When I check all certificates after renaming the server hostname # features/step_definitions/command_steps.rb:1550
Server certificate serial: 35:a1:54:c6:5e:c3:f5:f5:c6:d8:52:e6:f9:73:20:a2:d1:c5:75:83
FAIL: openssl x509 --noout --text -in /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT | grep -A1 'Serial' | grep -v 'Serial' returned status code = 1.
Output:
Can't open /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT for reading, No such file or directory
139797779679040:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('/etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT','r')
139797779679040:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76:
unable to load certificate
(RuntimeError)
./features/support/lavanda.rb:177:in `run_local'
./features/support/lavanda.rb:155:in `run'
./features/step_definitions/command_steps.rb:1561:in `block (2 levels) in <top (required)>'
./features/step_definitions/command_steps.rb:1560:in `each'
./features/step_definitions/command_steps.rb:1560:in `/^I check all certificates after renaming the server hostname$/'
features/secondary/srv_rename_hostname.feature:135:in `I check all certificates after renaming the server hostname'
=> /var/log/rhn/rhn_web_ui.log
05fc200
to
de1750e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Few suggestions to improve this code, but if it urge to be merged, go ahead.
👋 Hello! Thanks for contributing to our project 😄 |
de1750e
to
00c87fb
Compare
👋 Hello! Thanks for contributing to our project. Happy hacking! |
Signed-off-by: Dominik Gedon <dominik.gedon@suse.com>
Signed-off-by: Dominik Gedon <dominik.gedon@suse.com>
00c87fb
to
acbd866
Compare
👋 Hello! Thanks for contributing to our project. Happy hacking! |
Rebase and squashing commits done. The tests already passed (see screenshot above), so I merge without waiting for them again. |
What does this PR change?
This
When(/^I apply highstate on "([^"]*)"$/) do |host|
tosalt_steps.rb
since it belongs thereupdate_ca
method to its original form because we only need it on the controllerFixed test
Improvements
I implemented some basic certificate and hostname checks which did work:
GUI diff
No difference.
Documentation
No documentation needed: only internal and user invisible changes
DONE
Test coverage
Cucumber tests were added
DONE
Links
Changelogs
Make sure the changelogs entries you are adding are compliant with https://github.com/uyuni-project/uyuni/wiki/Contributing#changelogs and https://github.com/uyuni-project/uyuni/wiki/Contributing#uyuni-projectuyuni-repository
If you don't need a changelog check, please mark this checkbox:
If you uncheck the checkbox after the PR is created, you will need to re-run
changelog_test
(see below)Re-run a test
If you need to re-run a test, please mark the related checkbox, it will be unchecked automatically once it has re-run: