Running tests
Installing requirements
The tests are written in Python using the pytest framework and additional Python packages. The list of all required packages is stored in requirements.txt. It is recommended to install the requirements inside Python virtual environment.
# Install python-ldap dependencies
sudo dnf install -y gcc python3-devel openldap-devel
# Install test dependencies
python3 -m venv .venv
source .venv/bin/activate
pip3 install -r ./requirements.txt
Important pytest plugins
The tests requires several pytest plugins that are very important and worth mentioning here.
pytest-mh: Adds support for multihost testing. This is the core plugin that is fundamental for writing and running the tests.
pytest-ticket: Adds
@pytest.mark.ticket(...)
and--ticket
command line option. It is used to run only tests related to particular tickets.pytest-tier: Adds
@pytest.mark.tier(...)
and--tier
command line option. It is used to run only tests from given tier.
Setting up multihost environment
Even though our tests are run locally with pytest
, they actually run
commands on remote machines to make the setup more flexible and avoid changing
anything on your host. The SSSD upstream tests use sssd-ci-containers project
that provides set of needed containers (client, LDAP, IPA, Samba, NFS, KDC, …)
and Active Directory vagrant box and this documentation uses this project in all
listed examples.
Note
You can also provide set of your own hosts. However, you will need to modify the multihost configuration.
Starting up the containers
Clone the sssd-ci-containers repository
Switch to the directory
Start the containers
Start the Active Directory vagrant box
git clone https://github.com/SSSD/sssd-ci-containers.git
cd sssd-ci-containers
Start the containers
This code snippet will install required dependencies (podman and docker-compose bridge for podman), installs certificates, setup dns and start the containers.
sudo dnf install -y podman podman-docker docker-compose
sudo systemctl enable --now podman.socket
sudo setsebool -P container_manage_cgroup true
cp env.example .env
sudo make trust-ca
sudo make setup-dns
sudo make up
Warning
make setup-dns
disables systemd-resolved and configures NetworkManager
to resolve related domains through dnsmasq and a DNS server running in one
of the containers. See the script and dnsmasq configuration for more
details.
If you see Could not determine IP address
error when running tests, it
means that the DNS server is not reachable. Make sure that the DNS server is
running by starting the container with sudo make up
and then run sudo
make setup-dns
again.
If you don’t want to modify your system so extensively, you can run sudo
make setup-dns-files
instead. This will only append records to your
/etc/hosts
file to make the host names resolvable. SRV or PTR lookups
will not work, but that is not required to run the tests.
Start Active directory vagrant box
The sssd-ci-containers project also provides an Active Directory virtual machine (vagrant box), because it can not be put in a container. A Samba container can be used to mimic Active Directory for most test cases, but you need to start the virtual machine in order to test SSSD against real Active Directory.
It is recommended (but not necessary) to use vagrant from
quay.io/sssd/vagrant:latest
container to avoid issues with vagrant plugin
installation.
# Install dependencies
sudo dnf remove -y vagrant
sudo dnf install -y libvirt qemu-kvm
sudo systemctl start libvirtd
# Add the following to ~/.bashrc and ‘source ~/.bashrc’
function vagrant {
dir="${VAGRANT_HOME:-$HOME/.vagrant.d}"
mkdir -p "$dir/"{boxes,data,tmp}
podman run -it --rm \
-e LIBVIRT_DEFAULT_URI \
-v /var/run/libvirt/:/var/run/libvirt/ \
-v "$dir/boxes:/vagrant/boxes" \
-v "$dir/data:/vagrant/data" \
-v "$dir/tmp:/vagrant/tmp" \
-v $(realpath "${PWD}"):${PWD} \
-w $(realpath "${PWD}") \
--network host \
--security-opt label=disable \
quay.io/sssd/vagrant:latest \
vagrant $@
}
# Start and provision Active Directory virtual machine
cd sssd-ci-containers/src
vagrant up ad
# Enroll client into the Active Directory domain
sudo podman exec client bash -c "echo vagrant | realm join ad.test"
sudo podman exec client cp /etc/krb5.keytab /enrollment/ad.keytab
sudo podman exec client rm /etc/krb5.keytab
Note
It is not required to have the Active Directory machine running in order to
run the tests. If you run the tests with --mh-lazy-ssh -k "not ad"
and the AD host is not running, pytest will simply skip the tests
that require Active Directory.
Multihost configuration
Multihost configuration defines the domains and hosts that will be used for
testing SSSD. It describes what domains
are available. Each domain defines
how many hosts
are in the domain and each host provides or implements a
given role
.
The multihost configuration bundled within the SSSD source code is designed to work with the sssd-ci-containers project out of the box. If you chose to create your own hosts, you need to alter the configuration to make it work with your environment.
See also
More information about the multihost configuration can be found in Multihost configuration.
Running tests
Now, if you have setup the environment, you can run the tests with pytest
.
cd src/tests/system
pytest --mh-config=mhc.yaml --mh-lazy-ssh -v
Note
You can use -k
parameter to filter tests.
See also
The pytest-mh plugin also provides several additional command line options for pytest, see its documentation for more information.
You will find at least --mh-log-path
and --mh-topology
very useful.
--mh-log-path=mh.log
: Logs multihost messages intomh.log
file--mh-log-path=/dev/stderr
: Logs multihost messages to standard error output--mh-topology=ldap
: Only run ldap tests (you can also useipa
,ad
,samba
,client
)