Multihost configuration
The multihost configuration file contains definition of the domains, hosts and their roles that are available to run the tests. It uses the YAML language.
Basic definition
domains:
- id: <domain id>
hosts:
- hostname: <dns host name>
role: <host role>
ssh:
host: <ssh host> (optional, defaults to host name)
port: <ssh port> (optional, defaults to 22)
username: <ssh username> (optional, defaults to "root")
password: <ssh password> (optional, defaults to "Secret123")
config: <additional configuration> (optional, defaults to {})
artifacts: <list of produced artifacts> (optional, defaults to {})
The top level element of the configuration is list of domains. Each domain
has id attribute and defines the list of available hosts.
id: domain identifier which is used in the path insidemhfixture, see Using the mh fixturehosts: list of available hosts and their roleshostname: DNS host name, it may not necessarily be resolvable from the machine that runs pytestrole: host rolessh.host: ssh host to connect to (it may be a resolvable host name or an IP address), defaults to the value ofhostnamessh.port: ssh port, defaults to 22ssh.username: ssh username, defaults torootssh.password: ssh password for the user, defaults toSecret123config: additional configuration, place for custom options, see Customize configurationartifacts: list of artifacts that are automatically downloaded, see Gathering artifacts
Available roles
Currently available roles are:
client: SSSD client enrolled into desired providersldap: 389ds directory serveripa: FreeIPA serverad: Active Directory serversamba: Samba DCnfs: NFS serverkdc: KDC server
client
SSSD client enrolled into the provider that you want to run the tests against. If a keytab is required by the provider it must be present somewhere on the host. The keytab is then specified in the additional configuration of the provider host.
- hostname: client.test
role: client
config:
artifacts:
- /etc/sssd/*
- /var/log/sssd/*
- /var/lib/sss/db/*
Additional configuration (host/config section)
See also
ldap
Fresh installation of 389ds directory server with TLS/SSL enabled and no data present (i.e. no object is present under the default naming context).
- hostname: master.ldap.test
role: ldap
config:
binddn: cn=Directory Manager
bindpw: Secret123
client:
ldap_tls_reqcert: demand
ldap_tls_cacert: /data/certs/ca.crt
dns_discovery_domain: ldap.test
Additional configuration (host/config section)
See also
ipa
Fresh installation of FreeIPA server with no additional data. Trust to single Active Directory and Samba domain is created.
- hostname: master.ipa.test
role: ipa
config:
client:
ipa_domain: ipa.test
krb5_keytab: /enrollment/ipa.keytab
ldap_krb5_keytab: /enrollment/ipa.keytab
Additional configuration (host/config section)
See also
ad
Fresh installation of Active Directory with no additional data. SSH is installed on the host and user’s default shell is set to PowerShell.
The following extra schema must be installed:
- hostname: dc.ad.test
role: ad
username: Administrator@ad.test
password: vagrant
config:
binddn: Administrator@ad.test
bindpw: vagrant
client:
ad_domain: ad.test
krb5_keytab: /enrollment/ad.keytab
ldap_krb5_keytab: /enrollment/ad.keytab
Additional configuration (host/config section)
See also
samba
Fresh installation of Samba DC with no additional data.
The following extra schema must be installed:
- hostname: dc.samba.test
role: samba
config:
binddn: CN=Administrator,CN=Users,DC=samba,DC=test
bindpw: Secret123
client:
ad_domain: samba.test
krb5_keytab: /enrollment/samba.keytab
ldap_krb5_keytab: /enrollment/samba.keytab
Additional configuration (host/config section)
See also
nfs
Fresh installation of NFS server, with the server running and no exported directories.
- hostname: nfs.test
role: nfs
config:
exports_dir: /dev/shm/exports
Additional configuration (host/config section)
exports_dir: Path to the directory that will be used as a parent for all directories that will be created and exported on the NFS server. On containers, this should be/dev/shm/exportsor other writable location that runs ontmpfsfile system.
See also
kdc
Fresh installation of Kerberos KDC server, with the server running and no additional principals.
- hostname: kdc.test
role: kdc
Additional configuration (host/config section)
domain: Default Kerberos domain.realm: Default Kerberos realm.
See also
Additional configuration (host/config section)
Gathering artifacts
The config section of the host definition can be also used to specify which
artifacts should be automatically collected from the host when a test is
finished using the artifacts keyword which contains a list of artifacts. The
values are path to the artifacts with a possible wildcard character. For
example:
- hostname: client.test
role: client
config:
artifacts:
- /etc/sssd/*
- /var/log/sssd/*
- /var/lib/sss/db/*
LDAP configuration
This additional configuration can be used on roles with direct LDAP access.
binddn: Bind DN to authentication with.bindpw: Bind password of the user.
- hostname: master.ldap.test
role: ldap
config:
binddn: cn=Directory Manager
bindpw: Secret123
Provider specific client configuration
client section of the additional configuration can specify SSSD options
required for the client to successfully connect to the provider. It is a list of
key-value pairs that represent options from sssd.conf. These options are
automatically put into the client’s sssd.conf when a domain is imported from
the role using sssd_test_framework.utils.sssd.HostSSSD.import_domain().
- hostname: master.ipa.test
role: ipa
config:
client:
ipa_domain: ipa.test
krb5_keytab: /enrollment/ipa.keytab
ldap_krb5_keytab: /enrollment/ipa.keytab
The example above will add the given options to sssd.conf, these are
required by the client to successfully connect to the IPA server. The keytab
paths are local paths on the client host.