From Fedora Project Wiki
(Created page with "{{QA/Test_Case |description=This test case ensures the successful installation and basic functionality of an IPA server with HSM on Fedora. |setup=Install the pre-release version of Fedora to be tested on a bare metal system using the default Anaconda settings, except to reclaim all disk space in the process. |setup=Install the pre-release version of Fedora that is to be tested on a bare metal system using the default Anaconda settings except to reclaim all disk space in...") |
No edit summary |
||
| Line 17: | Line 17: | ||
ipa_token:caSigningCert cert-pki-ca CTu,Cu,Cu | ipa_token:caSigningCert cert-pki-ca CTu,Cu,Cu | ||
|results= | |results= | ||
# All installation steps complete without errors. | # All installation steps complete without errors. | ||
# The hostname is successfully renamed and resolved. | # The hostname is successfully renamed and resolved. | ||
| Line 30: | Line 25: | ||
# Certificates are stored correctly with the HSM token. | # Certificates are stored correctly with the HSM token. | ||
# Basic IPA functionality tests (adding and managing users) work as expected. | # Basic IPA functionality tests (adding and managing users) work as expected. | ||
# Test that basic things within IPA work by running the following | |||
kinit admin | |||
ipa user-add --first tim --last user --password tuser | |||
id tuser | |||
kinit tuser (and reset password) | |||
ipa user-show tuser | |||
}} | }} | ||
Latest revision as of 04:59, 1 July 2024
Description
This test case ensures the successful installation and basic functionality of an IPA server with HSM on Fedora.
Setup
Install the pre-release version of Fedora that is to be tested on a bare metal system using the default Anaconda settings except to reclaim all disk space in the process.
How to test
- Install the freeipa packages:
dnf install freeipa-server freeipa-server-dns softhsm -y - Rename the hostname with the domain to be used with ipa :
# hostnamectl hostname ipa.example.test
# echo “<ip-address> ipa.example.test ” >> /etc/hosts
- Create softhsm token :
runuser -u pkiuser -- /usr/bin/softhsm2-util --init-token --free --pin $TOKEN_PASSWORD --so-pin $TOKEN_PASSWORD --label ipa_token - Install the IPA server :
ipa-server-install -a $ADMIN_PASSWORD -p $DM_PASSWORD -r EXAMPLE.TEST -U --random-serial-numbers --token-name=ipa_token --token-library-path=/usr/lib64/pkcs11/libsofthsm2.so --token-password=$TOKEN_PASSWORD - Ensure that certificate stored with the hsm token
certutil -L -d /etc/pki/pki-tomcat/alias -h ipa_token
ipa_token:ocspSigningCert cert-pki-ca u,u,u ipa_token:subsystemCert cert-pki-ca u,u,u ipa_token:auditSigningCert cert-pki-ca u,u,Pu ipa_token:caSigningCert cert-pki-ca CTu,Cu,Cu
Expected Results
- All installation steps complete without errors.
- The hostname is successfully renamed and resolved.
- The softhsm token is created and initialized correctly.
- The IPA server installs without issues and recognizes the HSM token.
- Certificates are stored correctly with the HSM token.
- Basic IPA functionality tests (adding and managing users) work as expected.
- Test that basic things within IPA work by running the following
kinit admin ipa user-add --first tim --last user --password tuser id tuser kinit tuser (and reset password) ipa user-show tuser