From a3c5f97705084a3fe817dea6a6893c346806163f Mon Sep 17 00:00:00 2001 From: Dominik Gedon Date: Fri, 20 Oct 2023 17:20:02 +0200 Subject: [PATCH 1/2] QE: Move Salt high state step to correct place Signed-off-by: Dominik Gedon --- testsuite/.rubocop_todo.yml | 1 + testsuite/features/step_definitions/command_steps.rb | 10 ---------- testsuite/features/step_definitions/salt_steps.rb | 11 +++++++++++ 3 files changed, 12 insertions(+), 10 deletions(-) diff --git a/testsuite/.rubocop_todo.yml b/testsuite/.rubocop_todo.yml index 778958c7ae13..7eda687fb5c2 100644 --- a/testsuite/.rubocop_todo.yml +++ b/testsuite/.rubocop_todo.yml @@ -342,6 +342,7 @@ Style/AndOr: - 'features/step_definitions/common_steps.rb' - 'features/step_definitions/file_management_steps.rb' - 'features/step_definitions/retail_steps.rb' + - 'features/step_definitions/salt_steps.rb' - 'features/step_definitions/setup_steps.rb' # Offense count: 1 diff --git a/testsuite/features/step_definitions/command_steps.rb b/testsuite/features/step_definitions/command_steps.rb index f307b93a3a01..d6bab1d225a4 100644 --- a/testsuite/features/step_definitions/command_steps.rb +++ b/testsuite/features/step_definitions/command_steps.rb @@ -237,16 +237,6 @@ raise 'Vendor change option not found in logs' unless return_code.zero? end -When(/^I apply highstate on "([^"]*)"$/) do |host| - system_name = get_system_name(host) - if host.include? 'ssh_minion' - cmd = 'mgr-salt-ssh' - elsif host.include? 'minion' or host.include? 'build' - cmd = 'salt' - end - get_target('server').run_until_ok("#{cmd} #{system_name} state.highstate") -end - When(/^I wait until "([^"]*)" service is active on "([^"]*)"$/) do |service, host| node = get_target(host) cmd = "systemctl is-active #{service}" diff --git a/testsuite/features/step_definitions/salt_steps.rb b/testsuite/features/step_definitions/salt_steps.rb index 92b5b78df7bb..ae34e88afe6d 100644 --- a/testsuite/features/step_definitions/salt_steps.rb +++ b/testsuite/features/step_definitions/salt_steps.rb @@ -578,3 +578,14 @@ def pillar_get(key, minion) cleanup = %(salt #{system_name} state.apply util.mgr_switch_to_venv_minion pillar='{"mgr_purge_non_venv_salt_files": True, "mgr_purge_non_venv_salt": True}') get_target('server').run(cleanup, check_errors: true, verbose: true) end + +When(/^I apply highstate on "([^"]*)"$/) do |host| + system_name = get_system_name(host) + if host.include? 'ssh_minion' + cmd = 'mgr-salt-ssh' + elsif host.include? 'minion' or host.include? 'build' or host.include? 'proxy' + cmd = 'salt' + end + log "#{cmd} #{system_name} state.highstate" + get_target('server').run_until_ok("#{cmd} #{system_name} state.highstate") +end From acbd8667acf26c08da663ca6ae59adfb3c08fc99 Mon Sep 17 00:00:00 2001 From: Dominik Gedon Date: Fri, 20 Oct 2023 17:20:56 +0200 Subject: [PATCH 2/2] QE: Fix and improve server hostname rename test Signed-off-by: Dominik Gedon --- .../secondary/srv_rename_hostname.feature | 90 +++++++++++++++++++ .../step_definitions/command_steps.rb | 41 +++++++-- testsuite/features/support/commonlib.rb | 19 ++-- 3 files changed, 131 insertions(+), 19 deletions(-) diff --git a/testsuite/features/secondary/srv_rename_hostname.feature b/testsuite/features/secondary/srv_rename_hostname.feature index 08acb7e2575f..607dff122faf 100644 --- a/testsuite/features/secondary/srv_rename_hostname.feature +++ b/testsuite/features/secondary/srv_rename_hostname.feature @@ -21,6 +21,51 @@ Feature: Reconfigure the server's hostname When I change the server's short hostname from hosts and hostname files And I run spacewalk-hostname-rename command on the server +@proxy + Scenario: Copy the new server keys and configure the proxy + When I copy server's keys to the proxy + And I configure the proxy + Then I should see "proxy" via spacecmd + When I restart the "salt-minion" service on "proxy" + Then service "salt-minion" is active on "proxy" + When I restart the "salt-broker" service on "proxy" + Then service "salt-broker" is active on "proxy" + +@proxy + Scenario: Apply high state on the proxy to populate new server CA + When I apply highstate on "proxy" + +@sle_minion + Scenario: Apply high state on the SUSE Minion to populate new server CA + When I apply highstate on "sle_minion" + +@ssh_minion + Scenario: Apply high state on the SUSE SSH Minion to populate new server CA + When I apply highstate on "ssh_minion" + +@rhlike_minion + Scenario: Apply high state on the Red Hat-like Minion to populate new server CA + When I apply highstate on "rhlike_minion" + +@deblike_minion + Scenario: Apply high state on the Debian-like Minion to populate new server CA + When I apply highstate on "deblike_minion" + +@buildhost + Scenario: Apply high state on the build host to populate new server CA + When I apply highstate on "build_host" + +@virthost_kvm + Scenario: Apply high state on the virthost to populate new server CA + When I apply highstate on "kvm_server" + +@pxeboot_minion + Scenario: Apply high state on the PXE boot minion to populate new server CA + When I apply highstate on "pxeboot_minion" + + Scenario: Check all new server certificates on the minions + When I check all certificates after renaming the server hostname + Scenario: Do some minimal smoke test on the renamed server Given I am on the Systems overview page of this "sle_minion" When I follow "Details" in the content area @@ -40,3 +85,48 @@ Feature: Reconfigure the server's hostname Scenario: Change hostname back and reboot server When I change back the server's hostname And I run spacewalk-hostname-rename command on the server + +@proxy + Scenario: Copy the new server keys and configure the proxy + When I copy server's keys to the proxy + And I configure the proxy + Then I should see "proxy" via spacecmd + When I restart the "salt-minion" service on "proxy" + Then service "salt-minion" is active on "proxy" + When I restart the "salt-broker" service on "proxy" + Then service "salt-broker" is active on "proxy" + +@proxy + Scenario: Apply high state on the proxy to populate new server CA + When I apply highstate on "proxy" + +@sle_minion + Scenario: Apply high state on the SUSE Minion to populate new server CA + When I apply highstate on "sle_minion" + +@ssh_minion + Scenario: Apply high state on the SUSE SSH Minion to populate new server CA + When I apply highstate on "ssh_minion" + +@rhlike_minion + Scenario: Apply high state on the Red Hat-like Minion to populate new server CA + When I apply highstate on "rhlike_minion" + +@deblike_minion + Scenario: Apply high state on the Debian-like Minion to populate new server CA + When I apply highstate on "deblike_minion" + +@buildhost + Scenario: Apply high state on the build host to populate new server CA + When I apply highstate on "build_host" + +@virthost_kvm + Scenario: Apply high state on the virthost to populate new server CA + When I apply highstate on "kvm_server" + +@pxeboot_minion + Scenario: Apply high state on the PXE boot minion to populate new server CA + When I apply highstate on "pxeboot_minion" + + Scenario: Check all new server certificates on the minions + When I check all certificates after renaming the server hostname diff --git a/testsuite/features/step_definitions/command_steps.rb b/testsuite/features/step_definitions/command_steps.rb index d6bab1d225a4..9746a87ec09b 100644 --- a/testsuite/features/step_definitions/command_steps.rb +++ b/testsuite/features/step_definitions/command_steps.rb @@ -1459,13 +1459,18 @@ When(/^I change the server's short hostname from hosts and hostname files$/) do server_node = get_target('server') old_hostname = server_node.hostname - new_hostname = old_hostname + '2' + new_hostname = old_hostname + '-renamed' log "Old hostname: #{old_hostname} - New hostname: #{new_hostname}" server_node.run("sed -i 's/#{old_hostname}/#{new_hostname}/g' /etc/hostname && hostname #{new_hostname} && echo '#{server_node.public_ip} #{server_node.full_hostname} #{old_hostname}' >> /etc/hosts && echo '#{server_node.public_ip} #{new_hostname}#{server_node.full_hostname.delete_prefix(server_node.hostname)} #{new_hostname}' >> /etc/hosts") - get_target('server', refresh: true) # This will refresh the attributes of this node + # This will refresh the attributes of this node + get_target('server', refresh: true) + hostname, _result = get_target('server').run('hostname') + hostname.strip! + + raise "Wrong hostname after changing it. Is: #{hostname}, should be: #{new_hostname}" unless hostname == new_hostname # Add the new hostname on controller's /etc/hosts to resolve in smoke tests `echo '#{server_node.public_ip} #{new_hostname}#{server_node.full_hostname.delete_prefix(server_node.hostname)} #{new_hostname}' >> /etc/hosts` @@ -1494,8 +1499,7 @@ end # Update the server CA certificate since it changed, otherwise all API and browser uses will fail - update_ca('controller') - update_ca('proxy') + update_controller_ca # Reset the API client to take the new CA into account reset_api_client @@ -1504,16 +1508,43 @@ raise 'Error in the output logs - see logs above' if out_spacewalk.include? 'No such file or directory' end +When(/^I check all certificates after renaming the server hostname$/) do + # get server certificate serial to compare it with the other minions + command_server = "openssl x509 --noout --text -in /etc/pki/trust/anchors/LOCAL-RHN-ORG-TRUSTED-SSL-CERT | grep -A1 'Serial' | grep -v 'Serial'" + server_cert_serial, result_code = get_target('server').run(command_server) + server_cert_serial.strip! + log "Server certificate serial: #{server_cert_serial}" + + raise 'Error getting server certificate serial!' unless result_code.zero? + + command_minion = "openssl x509 --noout --text -in /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT | grep -A1 'Serial' | grep -v 'Serial'" + targets = %w[proxy sle_minion ssh_minion rhlike_minion deblike_minion build_host kvm_server] + targets.each do |target| + # get all defined minions from the environment variables and check their certificate serial + next unless ENV.key? ENV_VAR_BY_HOST[target] + minion_cert_serial, result_code = get_target(target).run(command_minion) + minion_cert_serial.strip! + log "#{target} certificate serial: #{minion_cert_serial}" + + raise 'Error getting server certificate serial!' unless result_code.zero? + raise "Error comparing #{target} certificate with server!" unless minion_cert_serial == server_cert_serial + end +end + When(/^I change back the server's hostname$/) do server_node = get_target('server') old_hostname = server_node.hostname - new_hostname = old_hostname.delete_suffix('2') + new_hostname = old_hostname.delete_suffix('-renamed') log "Old hostname: #{old_hostname} - New hostname: #{new_hostname}" server_node.run("sed -i 's/#{old_hostname}/#{new_hostname}/g' /etc/hostname && hostname #{new_hostname} && sed -i \'$d\' /etc/hosts && sed -i \'$d\' /etc/hosts") get_target('server', refresh: true) # This will refresh the attributes of this node + hostname, _result = get_target('server').run('hostname') + hostname.strip! + + raise "Wrong hostname after changing it. Is: #{hostname}, should be: #{new_hostname}" unless hostname == new_hostname # Cleanup the temporary entry in /etc/hosts on the controller `sed -i \'$d\' /etc/hosts` diff --git a/testsuite/features/support/commonlib.rb b/testsuite/features/support/commonlib.rb index 06a6a6b87fa5..00e16e17b47b 100644 --- a/testsuite/features/support/commonlib.rb +++ b/testsuite/features/support/commonlib.rb @@ -418,23 +418,14 @@ def file_inject(node, local_file, remote_file) end # This function updates the server certificate on the controller node -def update_ca(node) +def update_controller_ca server_ip = get_target('server').public_ip server_name = get_target('server').full_hostname - case node - when 'proxy' - command = "wget http://#{server_ip}/pub/RHN-ORG-TRUSTED-SSL-CERT -O /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT; " \ - 'update-ca-certificates;' - get_target('proxy').run('rm /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT', verbose: true) - get_target('proxy').run(command, verbose: true) - else - # controller - puts `rm /etc/pki/trust/anchors/*; - wget http://#{server_ip}/pub/RHN-ORG-TRUSTED-SSL-CERT -O /etc/pki/trust/anchors/#{server_name}.cert && - update-ca-certificates && - certutil -d sql:/root/.pki/nssdb -A -t TC -n "susemanager" -i /etc/pki/trust/anchors/#{server_name}.cert` - end + puts `rm /etc/pki/trust/anchors/*; + wget http://#{server_ip}/pub/RHN-ORG-TRUSTED-SSL-CERT -O /etc/pki/trust/anchors/#{server_name}.cert && + update-ca-certificates && + certutil -d sql:/root/.pki/nssdb -A -t TC -n "susemanager" -i /etc/pki/trust/anchors/#{server_name}.cert` end # This functions checks if the channel has been synced