Jump to: navigation, search

V4/Server Roles/Test Plan

Name: V4/Server Roles/Test Plan
Target version: 4.4.0
Design: V4/Server_Roles
Reviewer: Incomplete.png missing
Last updated: 2016-08-23 by Akasurde

Overview

The new set of ipa server-* subcommands are introduced to give a user an overview of which ipa components (CA, KRA, DNS, etc.) are installed on which node.

Test Plan

Test case: server-show command shows the list of configured components

Autotest

{{{autotest}}}

Setup

  1. setup ipa master

Actions

  1. Run the command on master:
    ipa server-show %master_fqdn%
  2. Install KRA on master
  3. Repeat step 1
  4. Setup an AD trust on master and repeat step 1

Expected results

  1. The following entities should be displayed:
    1. DNS
    2. CA
  2. The step should succeed
  3. The following entities should be displayed:
    1. DNS
    2. CA
    3. KRA
  4. The following entities should be displayed:
    1. DNS
    2. CA
    3. KRA
    4. ADTRUST_AGENT

Test case: Available 'ipa server-*' commands

Autotest

{{{autotest}}}

Setup

Actions

  1. On master run
    ipa help server

Expected results

  1. The following subcommands should be available:
  • server-find
  • server-show
  • server-del
  • server-mod

Test case: ipa dnsconfig-show, trustconfig-show, vaultconfig-show commands show server role

Autotest

{{{autotest}}}

Setup

  1. Setup an ipa master with domain level 1
  2. kinit admin

Actions

  1. Run the command on the master:
    ipa dnsconfig-show
  2. Run the command on the master:
    ipa trustconfig-show
  3. Run the command on the master:
    ipa vaultconfig-show
  4. Install dnssec master on ipa master host
    ipa-dns-install --dnssec-master=true
  5. Establish a trust with AD machine
  6. Install kra on master
    ipa-kra-install
  7. Repeat step 1
  8. Repeat step 2
  9. Repeat step 3

Expected results

  1. the output must contain:
    IPA DNS servers: %master_fqdn%
    IPA DNSSec key master: None
  2. the output must contain:
    ipa: ERROR: : trust configuration not found
  3. the output must contain:
    ipa: ERROR: KRA service is not enabled
  4. The output should contain
    IPA DNSSec key master: %master_fqdn%
  5. The output should contain
    AD trust controller: %master_fqdn%
  6. The output should contain:
    Transport Certificate: %certificate_text%
    IPA KRA servers: %master_fqdn%

Test case: Renewal Master role can be transferred between servers using API call

Autotest

{{{autotest}}}

Setup

  1. Setup master and replica

Actions

  1. On master run command
    ipa config-show | grep "CA renewal master"
  2. On master run command
    ipa config-mod --set-renewal-master-server %replica_fqdn%
  3. Repeat step 1

Expected results

  1. The result must contain master's FQDN
  2. The step should succeed
  3. The result must contain replica's FQDN

Test case: serverrole-* commands

Autotest

{{{autotest}}}

Setup

  1. Setup master with domain level 1

Actions

  1. On master execute command
    ipa server-role-find
  2. Install replica
  3. Repeat step 1
  4. On replica install KRA
  5. Repeat step 1
  6. On master execute command
    ipa server-role-find --role='AD trust controller'

Expected results

  1. The output should display all available server roles on master in the format
    Server name: %server_fqdn%
    Role name: %role_name%
    Role status: %status%
    The role_name can be one of the following:
    • CA server
    • DNS server
    • KRA server
    • AD trust agent
    • AD trust controller
      Role status can be one of the following:
    • enabled
    • absent
  2. Step should succeed
  3. The output should display server roles for both master and replica. Only "CA server" and "DNS server" roles should be enabled for both nodes
  4. Step should succeed
  5. The output should display enabled "KRA server" role on replica
  6. The output should contain
    2 server roles matched
    , should display this (disabled) role for both master and replica

TBD