diff --git a/pytest_fixtures/core/sat_cap_factory.py b/pytest_fixtures/core/sat_cap_factory.py index 436d8b6d443..5ced39e6c25 100644 --- a/pytest_fixtures/core/sat_cap_factory.py +++ b/pytest_fixtures/core/sat_cap_factory.py @@ -277,7 +277,7 @@ def module_sat_ready_rhels(request): @pytest.fixture def cap_ready_rhel(): - rhel_version = Version(settings.capsule.version.release) + rhel_version = Version(settings.capsule.version.rhel_version) deploy_args = { 'deploy_rhel_version': rhel_version.base_version, 'deploy_flavor': settings.flavors.default, diff --git a/robottelo/hosts.py b/robottelo/hosts.py index b4e4fdcc0cd..0abe5f93b12 100644 --- a/robottelo/hosts.py +++ b/robottelo/hosts.py @@ -108,7 +108,9 @@ def get_sat_rhel_version(): return Version(rhel_version) -def setup_capsule(satellite, capsule, org, registration_args=None, installation_args=None): +def setup_capsule( + satellite, capsule, org, registration_args=None, installation_args=None, enable_fapolicyd=False +): """Given satellite and capsule instances, run the commands needed to set up the capsule Note: This does not perform content setup actions on the Satellite @@ -152,6 +154,9 @@ def setup_capsule(satellite, capsule, org, registration_args=None, installation_ ) capsule.install_katello_ca(satellite) capsule.register_contenthost(**registration_args) + if enable_fapolicyd: + capsule.execute('dnf -y install fapolicyd && systemctl enable --now fapolicyd').status == 0 + capsule.execute('rpm -q foreman-proxy-fapolicyd').status == 0 return capsule.install(cmd_args) diff --git a/tests/foreman/installer/test_installer.py b/tests/foreman/installer/test_installer.py index c8268fd3882..9cbb6f3b7bb 100644 --- a/tests/foreman/installer/test_installer.py +++ b/tests/foreman/installer/test_installer.py @@ -1343,11 +1343,14 @@ def common_sat_install_assertions(satellite): result = satellite.execute(r'grep -iR "error" /var/log/candlepin/*') assert len(result.stdout) == 0 + httpd_log = satellite.execute('journalctl --unit=httpd') + assert "WARNING" not in httpd_log.stdout + result = satellite.cli.Health.check() assert 'FAIL' not in result.stdout -def install_satellite(satellite, installer_args): +def install_satellite(satellite, installer_args, enable_fapolicyd=False): # Register for RHEL8 repos, get Ohsnap repofile, and enable and download satellite satellite.register_to_cdn() satellite.download_repofile( @@ -1355,6 +1358,12 @@ def install_satellite(satellite, installer_args): release=settings.server.version.release, snap=settings.server.version.snap, ) + if enable_fapolicyd: + satellite.execute( + 'dnf -y install fapolicyd && systemctl enable --now fapolicyd' + ).status == 0 + satellite.execute('rpm -q foreman-fapolicyd').status == 0 + satellite.execute('rpm -q foreman-proxy-fapolicyd').status == 0 satellite.execute('dnf -y module enable satellite:el8 && dnf -y install satellite') # Configure Satellite firewall to open communication satellite.execute( @@ -1368,36 +1377,48 @@ def install_satellite(satellite, installer_args): @pytest.fixture(scope='module') -def sat_default_install(module_sat_ready_rhels): +def sat_default_install(request, module_sat_ready_rhels): """Install Satellite with default options""" + enable_fapolicyd = False + if hasattr(request, 'param'): + enable_fapolicyd = request.param installer_args = [ 'scenario satellite', f'foreman-initial-admin-password {settings.server.admin_password}', ] - install_satellite(module_sat_ready_rhels[0], installer_args) - yield module_sat_ready_rhels[0] + install_satellite(module_sat_ready_rhels[0], installer_args, enable_fapolicyd=enable_fapolicyd) + yield {'sat': module_sat_ready_rhels[0], 'enable_fapolicyd': enable_fapolicyd} common_sat_install_assertions(module_sat_ready_rhels[0]) @pytest.fixture(scope='module') -def sat_non_default_install(module_sat_ready_rhels): +def sat_non_default_install(request, module_sat_ready_rhels): """Install Satellite with various options""" + enable_fapolicyd = False + if hasattr(request, 'param'): + enable_fapolicyd = request.param installer_args = [ 'scenario satellite', f'foreman-initial-admin-password {settings.server.admin_password}', 'foreman-rails-cache-store type:file', 'foreman-proxy-content-pulpcore-hide-guarded-distributions false', ] - install_satellite(module_sat_ready_rhels[1], installer_args) - yield module_sat_ready_rhels[1] + install_satellite(module_sat_ready_rhels[1], installer_args, enable_fapolicyd=enable_fapolicyd) + yield {'sat': module_sat_ready_rhels[0], 'enable_fapolicyd': enable_fapolicyd} common_sat_install_assertions(module_sat_ready_rhels[1]) @pytest.mark.e2e @pytest.mark.tier1 @pytest.mark.pit_client +@pytest.mark.parametrize( + "sat_default_install", + [True, False], + indirect=True, + ids=['fapolicyd_enabled', 'fapolicyd_disabled'], +) def test_capsule_installation(sat_default_install, cap_ready_rhel, default_org): - """Run a basic Capsule installation + """Run a basic Capsule installation w/ and w/o fapolicyd :id: 64fa85b6-96e6-4fea-bea4-a30539d59e65 @@ -1425,13 +1446,22 @@ def test_capsule_installation(sat_default_install, cap_ready_rhel, default_org): 'dnf -y module enable satellite-capsule:el8 && dnf -y install satellite-capsule' ) # Setup Capsule - org = sat_default_install.api.Organization().search(query={'search': f'name="{DEFAULT_ORG}"'})[ - 0 - ] - setup_capsule(sat_default_install, cap_ready_rhel, org) - assert sat_default_install.api.Capsule().search( - query={'search': f'name={cap_ready_rhel.hostname}'} - )[0] + org = ( + sat_non_default_install['sat'] + .api.Organization() + .search(query={'search': f'name="{DEFAULT_ORG}"'})[0] + ) + setup_capsule( + sat_non_default_install['sat'], + cap_ready_rhel, + org, + enable_fapolicyd=sat_non_default_install['enable_fapolicyd'], + ) + assert ( + sat_non_default_install['sat'] + .api.Capsule() + .search(query={'search': f'name={cap_ready_rhel.hostname}'})[0] + ) # no errors/failures in journald result = cap_ready_rhel.execute( @@ -1455,14 +1485,23 @@ def test_capsule_installation(sat_default_install, cap_ready_rhel, default_org): result = cap_ready_rhel.execute(r'grep -iR "error" /var/log/foreman-proxy/*') assert len(result.stdout) == 0 + httpd_log = cap_ready_rhel.execute('journalctl --unit=httpd') + assert "WARNING" not in httpd_log.stdout + result = cap_ready_rhel.cli.Health.check() assert 'FAIL' not in result.stdout @pytest.mark.e2e @pytest.mark.tier1 +@pytest.mark.parametrize( + "sat_non_default_install", + [True, False], + indirect=True, + ids=['fapolicyd_enabled', 'fapolicyd_disabled'], +) def test_foreman_rails_cache_store(sat_non_default_install): - """Test foreman-rails-cache-store option + """Test foreman-rails-cache-store option. Also tests installation w/ and w/o fapolicyd. :id: 379a2fe8-1085-4a7f-8ac3-24c421412f12 @@ -1475,11 +1514,11 @@ def test_foreman_rails_cache_store(sat_non_default_install): :customerscenario: true - :BZ: 2063717, 2165092 + :BZ: 2063717, 2165092, 2244370 """ # Verify foreman-rails-cache-store option works - assert sat_non_default_install.execute('rpm -q foreman-redis').status == 1 - settings_file = sat_non_default_install.load_remote_yaml_file(FOREMAN_SETTINGS_YML) + assert sat_non_default_install['sat'].execute('rpm -q foreman-redis').status == 1 + settings_file = sat_non_default_install['sat'].load_remote_yaml_file(FOREMAN_SETTINGS_YML) assert settings_file.rails_cache_store.type == 'file' @@ -1508,18 +1547,24 @@ def test_content_guarded_distributions_option( :BZ: 2063717, 2088559 """ # Verify that no content is listed on https://sat-fqdn/pulp/content/. - result = requests.get(f'https://{sat_default_install.hostname}/pulp/content/', verify=False) + result = requests.get( + f'https://{sat_non_default_install["sat"].hostname}/pulp/content/', verify=False + ) assert 'Default_Organization' not in result.text # Verify that content is not downloadable when content guard setting is disabled. - org = sat_non_default_install.api.Organization().create() - sat_non_default_install.upload_manifest(org.id, module_sca_manifest.content) + org = sat_non_default_install['sat'].api.Organization().create() + sat_non_default_install['sat'].upload_manifest(org.id, module_sca_manifest.content) # sync ansible repo - product = sat_non_default_install.api.Product(name=PRDS['rhae'], organization=org.id).search()[ - 0 - ] - r_set = sat_non_default_install.api.RepositorySet( - name=REPOSET['rhae2.9_el8'], product=product - ).search()[0] + product = ( + sat_non_default_install['sat'] + .api.Product(name=PRDS['rhae'], organization=org.id) + .search()[0] + ) + r_set = ( + sat_non_default_install['sat'] + .api.RepositorySet(name=REPOSET['rhae2.9_el8'], product=product) + .search()[0] + ) r_set.enable( data={ 'basearch': 'x86_64', @@ -1529,16 +1574,20 @@ def test_content_guarded_distributions_option( 'releasever': '8', } ) - rh_repo = sat_non_default_install.api.Repository(name=REPOS['rhae2.9_el8']['name']).search( - query={'organization_id': org.id} - )[0] + rh_repo = ( + sat_non_default_install['sat'] + .api.Repository(name=REPOS['rhae2.9_el8']['name']) + .search(query={'organization_id': org.id})[0] + ) rh_repo.sync() assert ( "403: [('PEM routines', 'get_name', 'no start line')]" - in sat_non_default_install.execute( - f'curl https://{sat_non_default_install.hostname}/pulp/content/{org.label}' + in sat_non_default_install['sat'] + .execute( + f'curl https://{sat_non_default_install["sat"].hostname}/pulp/content/{org.label}' f'/Library/content/dist/layered/rhel8/x86_64/ansible/2.9/os/' - ).stdout + ) + .stdout )