Fix Provisioning Tests

tests/foreman/api/test_provisioning.py

@@ -138,20 +138,32 @@ def test_rhel_pxe_provisioning(
     # Host is not blank anymore
     provisioning_host.blank = False
 
+    provisioning_host.key_filename = None
     # Wait for the host to be rebooted and SSH daemon to be started.
     provisioning_host.wait_for_connection()
 
+    # For RHEL9 since root login is disabled
+    disable_ssh_cmd = (
+        'echo -e "\nPermitRootLogin yes" >> /etc/ssh/sshd_config; systemctl restart sshd'
+    )
+    # Run a command on the host using REX to verify that Satellite's SSH key is present on the host
+    template_id = (
+        sat.api.JobTemplate().search(query={'search': 'name="Run Command - Script Default"'})[0].id
+    )
+    job = sat.api.JobInvocation().run(
+        data={
+            'job_template_id': template_id,
+            'inputs': {'command': disable_ssh_cmd},
+            'search_query': f"name = {host.name}",
+            'targeting_type': 'static_query',
+        },
+    )
+    assert job['result'] == 'success', 'Job invocation failed'
+
     # Perform version check and check if root password is properly updated
     host_os = host.operatingsystem.read()
     expected_rhel_version = f'{host_os.major}.{host_os.minor}'
 
-    if int(host_os.major) >= 9:
-        assert (
-            provisioning_host.execute(
-                'echo -e "\nPermitRootLogin yes" >> /etc/ssh/sshd_config; systemctl restart sshd'
-            ).status
-            == 0
-        )
     host_ssh_os = sat.execute(
         f'sshpass -p {settings.provisioning.host_root_password} '
         'ssh -o StrictHostKeyChecking=no -o PubkeyAuthentication=no -o PasswordAuthentication=yes '
@@ -166,22 +178,6 @@ def test_rhel_pxe_provisioning(
     assert provisioning_host.execute('test -s /root/install.post.log').status == 0
     assert provisioning_host.execute('test -s /mnt/sysimage/root/install.post.log').status == 1
 
-    # Run a command on the host using REX to verify that Satellite's SSH key is present on the host
-    template_id = (
-        sat.api.JobTemplate().search(query={'search': 'name="Run Command - Script Default"'})[0].id
-    )
-    job = sat.api.JobInvocation().run(
-        data={
-            'job_template_id': template_id,
-            'inputs': {
-                'command': f'subscription-manager config | grep "hostname = {sat.hostname}"'
-            },
-            'search_query': f"name = {host.name}",
-            'targeting_type': 'static_query',
-        },
-    )
-    assert job['result'] == 'success', 'Job invocation failed'
-
     # check if katello-ca-consumer is not used while host registration
     assert provisioning_host.execute('rpm -qa |grep katello-ca-consumer').status == 1
     assert (
@@ -277,46 +273,42 @@ def test_rhel_ipxe_provisioning(
     # Host is not blank anymore
     provisioning_host.blank = False
 
+    provisioning_host.key_filename = None
     # Wait for the host to be rebooted and SSH daemon to be started.
     provisioning_host.wait_for_connection()
 
-    # Perform version check and check if root password is properly updated
-    host_os = host.operatingsystem.read()
-    expected_rhel_version = f'{host_os.major}.{host_os.minor}'
-
-    if int(host_os.major) >= 9:
-        assert (
-            provisioning_host.execute(
-                'echo -e "\nPermitRootLogin yes" >> /etc/ssh/sshd_config; systemctl restart sshd'
-            ).status
-            == 0
-        )
-    host_ssh_os = sat.execute(
-        f'sshpass -p {settings.provisioning.host_root_password} '
-        'ssh -o StrictHostKeyChecking=no -o PubkeyAuthentication=no -o PasswordAuthentication=yes '
-        f'-o UserKnownHostsFile=/dev/null root@{provisioning_host.hostname} cat /etc/redhat-release'
+    # For RHEL9 since root login is disabled
+    disable_ssh_cmd = (
+        'echo -e "\nPermitRootLogin yes" >> /etc/ssh/sshd_config; systemctl restart sshd'
     )
-    assert host_ssh_os.status == 0
-    assert (
-        expected_rhel_version in host_ssh_os.stdout
-    ), f'The installed OS version differs from the expected version {expected_rhel_version}'
-
     # Run a command on the host using REX to verify that Satellite's SSH key is present on the host
     template_id = (
         sat.api.JobTemplate().search(query={'search': 'name="Run Command - Script Default"'})[0].id
     )
     job = sat.api.JobInvocation().run(
         data={
             'job_template_id': template_id,
-            'inputs': {
-                'command': f'subscription-manager config | grep "hostname = {sat.hostname}"'
-            },
+            'inputs': {'command': disable_ssh_cmd},
             'search_query': f"name = {host.name}",
             'targeting_type': 'static_query',
         },
     )
     assert job['result'] == 'success', 'Job invocation failed'
 
+    # Perform version check and check if root password is properly updated
+    host_os = host.operatingsystem.read()
+    expected_rhel_version = f'{host_os.major}.{host_os.minor}'
+
+    host_ssh_os = sat.execute(
+        f'sshpass -p {settings.provisioning.host_root_password} '
+        'ssh -o StrictHostKeyChecking=no -o PubkeyAuthentication=no -o PasswordAuthentication=yes '
+        f'-o UserKnownHostsFile=/dev/null root@{provisioning_host.hostname} cat /etc/redhat-release'
+    )
+    assert host_ssh_os.status == 0
+    assert (
+        expected_rhel_version in host_ssh_os.stdout
+    ), f'The installed OS version differs from the expected version {expected_rhel_version}'
+
     # assert that the host is subscribed and consumes
     # subsctiption provided by the activation key
     assert provisioning_host.subscribed, 'Host is not subscribed'
@@ -405,46 +397,42 @@ def test_rhel_httpboot_provisioning(
     # Host is not blank anymore
     provisioning_host.blank = False
 
+    provisioning_host.key_filename = None
     # Wait for the host to be rebooted and SSH daemon to be started.
     provisioning_host.wait_for_connection()
 
-    # Perform version check and check if root password is properly updated
-    host_os = host.operatingsystem.read()
-    expected_rhel_version = f'{host_os.major}.{host_os.minor}'
-
-    if int(host_os.major) >= 9:
-        assert (
-            provisioning_host.execute(
-                'echo -e "\nPermitRootLogin yes" >> /etc/ssh/sshd_config; systemctl restart sshd'
-            ).status
-            == 0
-        )
-    host_ssh_os = sat.execute(
-        f'sshpass -p {settings.provisioning.host_root_password} '
-        'ssh -o StrictHostKeyChecking=no -o PubkeyAuthentication=no -o PasswordAuthentication=yes '
-        f'-o UserKnownHostsFile=/dev/null root@{provisioning_host.hostname} cat /etc/redhat-release'
+    # For RHEL9 since root login is disabled
+    disable_ssh_cmd = (
+        'echo -e "\nPermitRootLogin yes" >> /etc/ssh/sshd_config; systemctl restart sshd'
     )
-    assert host_ssh_os.status == 0
-    assert (
-        expected_rhel_version in host_ssh_os.stdout
-    ), f'The installed OS version differs from the expected version {expected_rhel_version}'
-
     # Run a command on the host using REX to verify that Satellite's SSH key is present on the host
     template_id = (
         sat.api.JobTemplate().search(query={'search': 'name="Run Command - Script Default"'})[0].id
     )
     job = sat.api.JobInvocation().run(
         data={
             'job_template_id': template_id,
-            'inputs': {
-                'command': f'subscription-manager config | grep "hostname = {sat.hostname}"'
-            },
+            'inputs': {'command': disable_ssh_cmd},
             'search_query': f"name = {host.name}",
             'targeting_type': 'static_query',
         },
     )
     assert job['result'] == 'success', 'Job invocation failed'
 
+    # Perform version check and check if root password is properly updated
+    host_os = host.operatingsystem.read()
+    expected_rhel_version = f'{host_os.major}.{host_os.minor}'
+
+    host_ssh_os = sat.execute(
+        f'sshpass -p {settings.provisioning.host_root_password} '
+        'ssh -o StrictHostKeyChecking=no -o PubkeyAuthentication=no -o PasswordAuthentication=yes '
+        f'-o UserKnownHostsFile=/dev/null root@{provisioning_host.hostname} cat /etc/redhat-release'
+    )
+    assert host_ssh_os.status == 0
+    assert (
+        expected_rhel_version in host_ssh_os.stdout
+    ), f'The installed OS version differs from the expected version {expected_rhel_version}'
+
     # assert that the host is subscribed and consumes
     # subsctiption provided by the activation key
     assert provisioning_host.subscribed, 'Host is not subscribed'
@@ -534,20 +522,32 @@ def test_rhel_pxe_provisioning_fips_enabled(
     # Host is not blank anymore
     provisioning_host.blank = False
 
+    provisioning_host.key_filename = None
     # Wait for the host to be rebooted and SSH daemon to be started.
     provisioning_host.wait_for_connection()
 
+    # For RHEL9 since root login is disabled
+    disable_ssh_cmd = (
+        'echo -e "\nPermitRootLogin yes" >> /etc/ssh/sshd_config; systemctl restart sshd'
+    )
+    # Run a command on the host using REX to verify that Satellite's SSH key is present on the host
+    template_id = (
+        sat.api.JobTemplate().search(query={'search': 'name="Run Command - Script Default"'})[0].id
+    )
+    job = sat.api.JobInvocation().run(
+        data={
+            'job_template_id': template_id,
+            'inputs': {'command': disable_ssh_cmd},
+            'search_query': f"name = {host.name}",
+            'targeting_type': 'static_query',
+        },
+    )
+    assert job['result'] == 'success', 'Job invocation failed'
+
     # Perform version check and check if root password is properly updated
     host_os = host.operatingsystem.read()
     expected_rhel_version = f'{host_os.major}.{host_os.minor}'
 
-    if int(host_os.major) >= 9:
-        assert (
-            provisioning_host.execute(
-                'echo -e "\nPermitRootLogin yes" >> /etc/ssh/sshd_config; systemctl restart sshd'
-            ).status
-            == 0
-        )
     host_ssh_os = sat.execute(
         f'sshpass -p {settings.provisioning.host_root_password} '
         'ssh -o StrictHostKeyChecking=no -o PubkeyAuthentication=no -o PasswordAuthentication=yes '
@@ -567,22 +567,6 @@ def test_rhel_pxe_provisioning_fips_enabled(
         result = provisioning_host.execute('cat /proc/sys/crypto/fips_enabled')
         assert (0 if is_open('BZ:2240076') else 1) == int(result.stdout)
 
-    # Run a command on the host using REX to verify that Satellite's SSH key is present on the host
-    template_id = (
-        sat.api.JobTemplate().search(query={'search': 'name="Run Command - Script Default"'})[0].id
-    )
-    job = sat.api.JobInvocation().run(
-        data={
-            'job_template_id': template_id,
-            'inputs': {
-                'command': f'subscription-manager config | grep "hostname = {sat.hostname}"'
-            },
-            'search_query': f"name = {host.name}",
-            'targeting_type': 'static_query',
-        },
-    )
-    assert job['result'] == 'success', 'Job invocation failed'
-
     # assert that the host is subscribed and consumes
     # subsctiption provided by the activation key
     assert provisioning_host.subscribed, 'Host is not subscribed'
@@ -626,7 +610,6 @@ def test_capsule_pxe_provisioning(
     """
     host_mac_addr = provisioning_host._broker_args['provisioning_nic_mac_addr']
     sat = capsule_provisioning_sat.sat
-    cap = module_capsule_configured
     host = sat.api.Host(
         hostgroup=capsule_provisioning_hostgroup,
         organization=module_sca_manifest_org,
@@ -670,46 +653,42 @@ def test_capsule_pxe_provisioning(
     # Host is not blank anymore
     provisioning_host.blank = False
 
+    provisioning_host.key_filename = None
     # Wait for the host to be rebooted and SSH daemon to be started.
     provisioning_host.wait_for_connection()
 
-    # Perform version check and check if root password is properly updated
-    host_os = host.operatingsystem.read()
-    expected_rhel_version = f'{host_os.major}.{host_os.minor}'
-
-    if int(host_os.major) >= 9:
-        assert (
-            provisioning_host.execute(
-                'echo -e "\nPermitRootLogin yes" >> /etc/ssh/sshd_config; systemctl restart sshd'
-            ).status
-            == 0
-        )
-    host_ssh_os = sat.execute(
-        f'sshpass -p {settings.provisioning.host_root_password} '
-        'ssh -o StrictHostKeyChecking=no -o PubkeyAuthentication=no -o PasswordAuthentication=yes '
-        f'-o UserKnownHostsFile=/dev/null root@{provisioning_host.hostname} cat /etc/redhat-release'
+    # For RHEL9 since root login is disabled
+    disable_ssh_cmd = (
+        'echo -e "\nPermitRootLogin yes" >> /etc/ssh/sshd_config; systemctl restart sshd'
     )
-    assert host_ssh_os.status == 0
-    assert (
-        expected_rhel_version in host_ssh_os.stdout
-    ), f'The installed OS version differs from the expected version {expected_rhel_version}'
-
     # Run a command on the host using REX to verify that Satellite's SSH key is present on the host
     template_id = (
         sat.api.JobTemplate().search(query={'search': 'name="Run Command - Script Default"'})[0].id
     )
     job = sat.api.JobInvocation().run(
         data={
             'job_template_id': template_id,
-            'inputs': {
-                'command': f'subscription-manager config | grep "hostname = {cap.hostname}"'
-            },
+            'inputs': {'command': disable_ssh_cmd},
             'search_query': f"name = {host.name}",
             'targeting_type': 'static_query',
         },
     )
     assert job['result'] == 'success', 'Job invocation failed'
 
+    # Perform version check and check if root password is properly updated
+    host_os = host.operatingsystem.read()
+    expected_rhel_version = f'{host_os.major}.{host_os.minor}'
+
+    host_ssh_os = sat.execute(
+        f'sshpass -p {settings.provisioning.host_root_password} '
+        'ssh -o StrictHostKeyChecking=no -o PubkeyAuthentication=no -o PasswordAuthentication=yes '
+        f'-o UserKnownHostsFile=/dev/null root@{provisioning_host.hostname} cat /etc/redhat-release'
+    )
+    assert host_ssh_os.status == 0
+    assert (
+        expected_rhel_version in host_ssh_os.stdout
+    ), f'The installed OS version differs from the expected version {expected_rhel_version}'
+
     # assert that the host is subscribed and consumes
     # subsctiption provided by the activation key
     assert provisioning_host.subscribed, 'Host is not subscribed'

tests/foreman/api/test_provisioning_puppet.py

@@ -180,9 +180,27 @@ def test_host_provisioning_with_external_puppetserver(
     # Host is not blank anymore
     provisioning_host.blank = False
 
+    provisioning_host.key_filename = None
     # Wait for the host to be rebooted and SSH daemon to be started.
     provisioning_host.wait_for_connection()
 
+    # For RHEL9 since root login is disabled
+    disable_ssh_cmd = (
+        'echo -e "\nPermitRootLogin yes" >> /etc/ssh/sshd_config; systemctl restart sshd'
+    )
+    # Run a command on the host using REX to verify that Satellite's SSH key is present on the host
+    template_id = (
+        sat.api.JobTemplate().search(query={'search': 'name="Run Command - Script Default"'})[0].id
+    )
+    job = sat.api.JobInvocation().run(
+        data={
+            'job_template_id': template_id,
+            'inputs': {'command': disable_ssh_cmd},
+            'search_query': f"name = {host.name}",
+            'targeting_type': 'static_query',
+        },
+    )
+    assert job['result'] == 'success', 'Job invocation failed'
     # Perform version check
     host_os = host.operatingsystem.read()
     expected_rhel_version = Version(f'{host_os.major}.{host_os.minor}')