From Fedora Project Wiki
(fix some command templates) |
(add to server acceptance test case category) |
||
(2 intermediate revisions by the same user not shown) | |||
Line 9: | Line 9: | ||
#: {{command|ipa-replica-install [--setup-dns]}} | #: {{command|ipa-replica-install [--setup-dns]}} | ||
#: or with all options on the command line: | #: or with all options on the command line: | ||
#: {{command|ipa-replica-install [--setup-dns] [--setup-ca] -U --principal admin --admin-password password}} | #: {{command|ipa-replica-install [--setup-dns] [--setup-ca] [--server srv1.ipa.example.org] -U --principal admin --admin-password password}} | ||
#: It's probably best to enable DNS if the first server had it enabled, and to enable CA support so that this server can operate independently of the first server if it goes down. | #: It's probably best to enable DNS if the first server had it enabled, and to enable CA support so that this server can operate independently of the first server if it goes down. {{code|--server}} should not be needed if the first server is acting as a DNS server. | ||
# Verify entries created on srv1 are available on srv2: | # Verify entries created on srv1 are available on srv2: | ||
#: {{command|kinit admin}} | #: {{command|kinit admin}} | ||
Line 25: | Line 25: | ||
#: {{command|for i in freeipa-ldap freeipa-ldaps dns; do firewall-cmd --permanent --add-service $i; done}} | #: {{command|for i in freeipa-ldap freeipa-ldaps dns; do firewall-cmd --permanent --add-service $i; done}} | ||
#: {{command|systemctl restart firewalld.service}} | #: {{command|systemctl restart firewalld.service}} | ||
# If you have extra test systems available, you can now test installing clients via [[QA:Testcase_realmd_join_sssd|the realm CLI]], [[QA:Testcase_realmd_join_kickstart|kickstart]] and/or [[QA:Testcase realmd join cockpit|cockpit]]. Test enrolling clients against both servers, and verify they work as expected whether both servers are up or either one is down. | # If you have extra test systems available, you can now test installing clients via [[QA:Testcase_realmd_join_sssd|the realm CLI]], [[QA:Testcase_realmd_join_kickstart|kickstart]] and/or [[QA:Testcase realmd join cockpit|cockpit]]. Test enrolling clients against both servers, and verify they work as expected whether both servers are up or either one is down. You may also go on to test more advanced replication features in [[QA:Testcase freeipa replication advanced]]. | ||
|results= | |results= | ||
# The enrolment should complete successfully with no errors. | # The enrolment should complete successfully with no errors. | ||
Line 32: | Line 32: | ||
}} | }} | ||
[[Category:FreeIPA_Test_Cases]] | [[Category:FreeIPA_Test_Cases]] | ||
[[Category:Server Acceptance Test Cases]] |
Latest revision as of 23:03, 3 August 2018
Description
Replication testing.
Setup
- You will need at least 2 machines to do replication testing but if you have more that is good too. Start on one server and perform an IPA Installation (see QA:Testcase_freeipa_trust_server_installation). Let's assume that first server was named srv1 (srv1.ipa.example.org), and we will deploy a replica named srv2 (srv2.ipa.example.org).
How to test
- If the first server is acting as the DNS server for the domain, configure the replica system to use it as its DNS server for now
- Install the FreeIPA server package group:
dnf -y groupinstall freeipa-server
- Enrol the system as a replica, interactively:
ipa-replica-install [--setup-dns]
- or with all options on the command line:
ipa-replica-install [--setup-dns] [--setup-ca] [--server srv1.ipa.example.org] -U --principal admin --admin-password password
- It's probably best to enable DNS if the first server had it enabled, and to enable CA support so that this server can operate independently of the first server if it goes down. --server should not be needed if the first server is acting as a DNS server.
- Verify entries created on srv1 are available on srv2:
kinit admin
ipa user-show admin
id admin
getent passwd admin
- Now try the reverse - add some entries on srv2 and they should show up on srv1:
ipa user-add --first=Glen --last=Jones gjones
ipa group-add --desc='Office assistants' assistants
- On srv1 run:
ipa user-show gjones
ipa group-show assistants
- To open all firewall ports typically required for FreeIPA using firewalld, run these commands:
for i in freeipa-ldap freeipa-ldaps dns; do firewall-cmd --permanent --add-service $i; done
systemctl restart firewalld.service
- If you have extra test systems available, you can now test installing clients via the realm CLI, kickstart and/or cockpit. Test enrolling clients against both servers, and verify they work as expected whether both servers are up or either one is down. You may also go on to test more advanced replication features in QA:Testcase freeipa replication advanced.
Expected Results
- The enrolment should complete successfully with no errors.
- The test commands should show expected output indicating the users and groups are present.
- Client tests should succeed (according to their own expected results) as long as either server is available (assuming appropriate DNS configuration).