[Freeipa-devel] [PATCH 0309-0310] DNSSEC CI: extend DNSSEC CI tests
Oleg Fayans
ofayans at redhat.com
Wed Sep 16 06:26:38 UTC 2015
I ran the tests with these patches included in RHEL and they keep
failing at the same assertions as it was last time. Test stdout is attached
On 09/04/2015 10:28 AM, Martin Basti wrote:
>
>
> On 09/03/2015 07:21 PM, Oleg Fayans wrote:
>> Hi Martin,
>>
>> The two functions
>> test_disable_reenable_signing_master and
>> test_disable_reenable_signing_replica
>> the error message for the laste assertion is different, although the
>> assertions are identical:
>> "RRSIG should be different" and "DNSKEY should be different".
>> Other than that, it's fine
>>
>>
>> On 09/03/2015 05:55 PM, Martin Basti wrote:
>>> Attached patches improve DNSSEC CI tests.
>>>
>>>
>>
>
> Thank you for review.
>
> Updated patches attached.
--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.
-------------- next part --------------
============================= test session starts ==============================
platform linux2 -- Python 2.7.5 -- py-1.4.27 -- pytest-2.7.0
rootdir: /usr/lib/python2.7/site-packages/ipatests, inifile: pytest.ini
plugins: multihost, sourceorder
collected 8 items
test_integration/test_dnssec.py .FFFFFFs
=================================== FAILURES ===================================
_____________ TestInstallDNSSECLast.test_if_zone_is_signed_master ______________
self = <ipatests.test_integration.test_dnssec.TestInstallDNSSECLast object at 0x33f7810>
def test_if_zone_is_signed_master(self):
# add zone with enabled DNSSEC signing on master
args = [
"ipa",
"dnszone-add", test_zone,
"--dnssec", "true",
]
self.master.run_command(args)
# test master
> assert wait_until_record_is_signed(
self.master.ip, test_zone, self.log, timeout=100
), "Zone %s is not signed (master)" % test_zone
E AssertionError: Zone dnssec.test. is not signed (master)
E assert wait_until_record_is_signed('10.40.128.105', 'dnssec.test.', <logging.Logger object at 0x33e0390>, timeout=100)
E + where '10.40.128.105' = <ipatests.test_integration.host.Host ibm-hs22-02.rhts.eng.brq.redhat.com (master)>.ip
E + where <ipatests.test_integration.host.Host ibm-hs22-02.rhts.eng.brq.redhat.com (master)> = <ipatests.test_integration.test_dnssec.TestInstallDNSSECLast object at 0x33f7810>.master
E + and <logging.Logger object at 0x33e0390> = <ipatests.test_integration.test_dnssec.TestInstallDNSSECLast object at 0x33f7810>.log
test_integration/test_dnssec.py:109: AssertionError
_____________ TestInstallDNSSECLast.test_if_zone_is_signed_replica _____________
self = <ipatests.test_integration.test_dnssec.TestInstallDNSSECLast object at 0x33f77d0>
def test_if_zone_is_signed_replica(self):
# add zone with enabled DNSSEC signing on replica
args = [
"ipa",
"dnszone-add", test_zone_repl,
"--dnssec", "true",
]
self.replicas[0].run_command(args)
# test replica
> assert wait_until_record_is_signed(
self.replicas[0].ip, test_zone_repl, self.log, timeout=300
), "Zone %s is not signed (replica)" % test_zone_repl
E AssertionError: Zone dnssec-replica.test. is not signed (replica)
E assert wait_until_record_is_signed('10.40.128.108', 'dnssec-replica.test.', <logging.Logger object at 0x33e0390>, timeout=300)
E + where '10.40.128.108' = <ipatests.test_integration.host.Host ibm-hs22-05.rhts.eng.brq.redhat.com (replica)>.ip
E + and <logging.Logger object at 0x33e0390> = <ipatests.test_integration.test_dnssec.TestInstallDNSSECLast object at 0x33f77d0>.log
test_integration/test_dnssec.py:128: AssertionError
__________ TestInstallDNSSECLast.test_disable_reenable_signing_master __________
self = <ipatests.test_integration.test_dnssec.TestInstallDNSSECLast object at 0x33f1210>
def test_disable_reenable_signing_master(self):
dnskey_old = resolve_with_dnssec(self.master.ip, test_zone,
> self.log, rtype="DNSKEY").rrset
test_integration/test_dnssec.py:142:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
test_integration/test_dnssec.py:32: in resolve_with_dnssec
ans = res.query(query, rtype)
../dns/resolver.py:958: in query
raise_on_no_answer)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <dns.resolver.Answer object at 0x33f7b10>
qname = <DNS name dnssec.test.>, rdtype = 48, rdclass = 1
response = <DNS message, ID 38543>, raise_on_no_answer = True
def __init__(self, qname, rdtype, rdclass, response,
raise_on_no_answer=True):
self.qname = qname
self.rdtype = rdtype
self.rdclass = rdclass
self.response = response
min_ttl = -1
rrset = None
for count in xrange(0, 15):
try:
rrset = response.find_rrset(response.answer, qname,
rdclass, rdtype)
if min_ttl == -1 or rrset.ttl < min_ttl:
min_ttl = rrset.ttl
break
except KeyError:
if rdtype != dns.rdatatype.CNAME:
try:
crrset = response.find_rrset(response.answer,
qname,
rdclass,
dns.rdatatype.CNAME)
if min_ttl == -1 or crrset.ttl < min_ttl:
min_ttl = crrset.ttl
for rd in crrset:
qname = rd.target
break
continue
except KeyError:
if raise_on_no_answer:
> raise NoAnswer(response=response)
E NoAnswer: The DNS response does not contain an answer to the question: dnssec.test. IN DNSKEY
../dns/resolver.py:173: NoAnswer
_________ TestInstallDNSSECLast.test_disable_reenable_signing_replica __________
self = <ipatests.test_integration.test_dnssec.TestInstallDNSSECLast object at 0x345fcd0>
def test_disable_reenable_signing_replica(self):
dnskey_old = resolve_with_dnssec(self.replicas[0].ip, test_zone_repl,
> self.log, rtype="DNSKEY").rrset
test_integration/test_dnssec.py:191:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
test_integration/test_dnssec.py:32: in resolve_with_dnssec
ans = res.query(query, rtype)
../dns/resolver.py:958: in query
raise_on_no_answer)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <dns.resolver.Answer object at 0x345fdd0>
qname = <DNS name dnssec-replica.test.>, rdtype = 48, rdclass = 1
response = <DNS message, ID 13817>, raise_on_no_answer = True
def __init__(self, qname, rdtype, rdclass, response,
raise_on_no_answer=True):
self.qname = qname
self.rdtype = rdtype
self.rdclass = rdclass
self.response = response
min_ttl = -1
rrset = None
for count in xrange(0, 15):
try:
rrset = response.find_rrset(response.answer, qname,
rdclass, rdtype)
if min_ttl == -1 or rrset.ttl < min_ttl:
min_ttl = rrset.ttl
break
except KeyError:
if rdtype != dns.rdatatype.CNAME:
try:
crrset = response.find_rrset(response.answer,
qname,
rdclass,
dns.rdatatype.CNAME)
if min_ttl == -1 or crrset.ttl < min_ttl:
min_ttl = crrset.ttl
for rd in crrset:
qname = rd.target
break
continue
except KeyError:
if raise_on_no_answer:
> raise NoAnswer(response=response)
E NoAnswer: The DNS response does not contain an answer to the question: dnssec-replica.test. IN DNSKEY
../dns/resolver.py:173: NoAnswer
__________________ TestInstallDNSSECFirst.test_sign_root_zone __________________
self = <ipatests.test_integration.test_dnssec.TestInstallDNSSECFirst object at 0x345ff90>
def test_sign_root_zone(self):
args = [
"ipa", "dnszone-add", root_zone, "--dnssec", "true"
]
self.master.run_command(args)
# make BIND happy, and delegate zone which contains A record of master
args = [
"ipa", "dnsrecord-add", root_zone, self.master.domain.name,
"--ns-rec=" + self.master.hostname
]
self.master.run_command(args)
# test master
> assert wait_until_record_is_signed(
self.master.ip, root_zone, self.log, timeout=100
), "Zone %s is not signed (master)" % root_zone
E AssertionError: Zone . is not signed (master)
E assert wait_until_record_is_signed('10.40.128.105', '.', <logging.Logger object at 0x33e0390>, timeout=100)
E + where '10.40.128.105' = <ipatests.test_integration.host.Host ibm-hs22-02.rhts.eng.brq.redhat.com (master)>.ip
E + where <ipatests.test_integration.host.Host ibm-hs22-02.rhts.eng.brq.redhat.com (master)> = <ipatests.test_integration.test_dnssec.TestInstallDNSSECFirst object at 0x345ff90>.master
E + and <logging.Logger object at 0x33e0390> = <ipatests.test_integration.test_dnssec.TestInstallDNSSECFirst object at 0x345ff90>.log
test_integration/test_dnssec.py:285: AssertionError
---------------------------- Captured stdout setup -----------------------------
<ipatests.test_integration.config.Config object at 0x3482950>
__________________ TestInstallDNSSECFirst.test_chain_of_trust __________________
self = <ipatests.test_integration.test_dnssec.TestInstallDNSSECFirst object at 0x3482750>
def test_chain_of_trust(self):
"""
Validate signed DNS records, using our own signed root zone
:return:
"""
# add test zone
args = [
"ipa", "dnszone-add", example_test_zone, "--dnssec", "true"
]
self.master.run_command(args)
# wait until zone is signed
> assert wait_until_record_is_signed(
self.master.ip, example_test_zone, self.log, timeout=100
), "Zone %s is not signed (master)" % example_test_zone
E AssertionError: Zone example.test. is not signed (master)
E assert wait_until_record_is_signed('10.40.128.105', 'example.test.', <logging.Logger object at 0x33e0390>, timeout=100)
E + where '10.40.128.105' = <ipatests.test_integration.host.Host ibm-hs22-02.rhts.eng.brq.redhat.com (master)>.ip
E + where <ipatests.test_integration.host.Host ibm-hs22-02.rhts.eng.brq.redhat.com (master)> = <ipatests.test_integration.test_dnssec.TestInstallDNSSECFirst object at 0x3482750>.master
E + and <logging.Logger object at 0x33e0390> = <ipatests.test_integration.test_dnssec.TestInstallDNSSECFirst object at 0x3482750>.log
test_integration/test_dnssec.py:308: AssertionError
=============== 6 failed, 1 passed, 1 skipped in 2563.38 seconds ===============
More information about the Freeipa-devel
mailing list