From 0e7b77902a24f7be083e448ffd9aaea7cb3d3666 Mon Sep 17 00:00:00 2001 From: Stanislav Levin Date: Mon, 16 Nov 2020 11:57:18 +0300 Subject: [PATCH 1/2] ipatests: Raise log level of 389-ds replication - change log level for replication debugging According to the docs: ``` default level of logging(16384) used for critical errors and other messages that are always written to the error log. Messages at this level are always included in the error log, regardless of the log level setting. ``` - always flush the access logs to filesystem During the testing access logs may be written with delay, this results in logs are not collected by this test node, but for example, the next one. - as of now, the changes on `cn=config` are made after the installation of server or replica. If an error occurs during these stages, then the actual log level will be the default and not as expected. Signed-off-by: Stanislav Levin --- ipatests/pytest_ipa/integration/tasks.py | 52 ++++++++++++++++++------ 1 file changed, 39 insertions(+), 13 deletions(-) diff --git a/ipatests/pytest_ipa/integration/tasks.py b/ipatests/pytest_ipa/integration/tasks.py index cfd8b1512c1..a3623e912b1 100755 --- a/ipatests/pytest_ipa/integration/tasks.py +++ b/ipatests/pytest_ipa/integration/tasks.py @@ -148,6 +148,29 @@ def apply_common_fixes(host): rpcbind_kadmin_workaround(host) +def prepare_dse_changes(host): + """Put custom changes for dse.ldif on the host + """ + ipatests_dse_path = os.path.join(host.config.test_dir, "ipatests_dse.ldif") + ldif = textwrap.dedent( + """\ + # replication debugging + dn: cn=config + changetype: modify + replace: nsslapd-errorlog-level + nsslapd-errorlog-level: 8192 + + # server writes all access log entries directly to disk + dn: cn=config + changetype: modify + replace: nsslapd-accesslog-logbuffering + nsslapd-accesslog-logbuffering: off + """ + ) + host.put_file_contents(ipatests_dse_path, ldif) + return ipatests_dse_path + + def allow_sync_ptr(host): kinit_admin(host) host.run_command(["ipa", "dnsconfig-mod", "--allow-sync-ptr=true"], @@ -249,17 +272,6 @@ def restore_hostname(host): host.run_command(['rm', backupname]) -def enable_replication_debugging(host, log_level=0): - logger.info('Set LDAP debug level') - logging_ldif = textwrap.dedent(""" - dn: cn=config - changetype: modify - replace: nsslapd-errorlog-level - nsslapd-errorlog-level: {log_level} - """.format(log_level=log_level)) - ldapmodify_dm(host, logging_ldif) - - def enable_ds_audit_log(host, enabled='on'): """Enable 389-ds audit log and auditfail log @@ -298,6 +310,10 @@ def install_master(host, setup_dns=True, setup_kra=False, setup_adtrust=False, domain_level = host.config.domain_level check_domain_level(domain_level) apply_common_fixes(host) + if "--dirsrv-config-file" not in extra_args: + ipatests_dse = prepare_dse_changes(host) + else: + ipatests_dse = None fix_apache_semaphores(host) fw = Firewall(host) fw_services = ["freeipa-ldap", "freeipa-ldaps"] @@ -310,6 +326,9 @@ def install_master(host, setup_dns=True, setup_kra=False, setup_adtrust=False, '-a', host.config.admin_password, "--domain-level=%i" % domain_level, ] + if ipatests_dse: + args.extend(["--dirsrv-config-file", ipatests_dse]) + if unattended: args.append('-U') @@ -335,7 +354,6 @@ def install_master(host, setup_dns=True, setup_kra=False, setup_adtrust=False, fw.enable_services(fw_services) if result.returncode == 0 and not external_ca: # external CA step 1 doesn't have DS and KDC fully configured, yet - enable_replication_debugging(host) enable_ds_audit_log(host, 'on') setup_sssd_debugging(host) kinit_admin(host) @@ -408,6 +426,12 @@ def install_replica(master, replica, setup_ca=True, setup_dns=False, domain_level = domainlevel(master) check_domain_level(domain_level) apply_common_fixes(replica) + + if "--dirsrv-config-file" not in extra_args: + ipatests_dse = prepare_dse_changes(replica) + else: + ipatests_dse = None + allow_sync_ptr(master) fw = Firewall(replica) fw_services = ["freeipa-ldap", "freeipa-ldaps"] @@ -457,12 +481,14 @@ def install_replica(master, replica, setup_ca=True, setup_dns=False, fix_apache_semaphores(replica) args.extend(['--realm', replica.domain.realm, '--domain', replica.domain.name]) + if ipatests_dse: + args.extend(["--dirsrv-config-file", ipatests_dse]) + fw.enable_services(fw_services) result = replica.run_command(args, raiseonerr=raiseonerr, stdin_text=stdin_text) if result.returncode == 0: - enable_replication_debugging(replica) enable_ds_audit_log(replica, 'on') setup_sssd_debugging(replica) kinit_admin(replica) From d6a4c4acc27aca782650c98bef16fd09c9f17a8e Mon Sep 17 00:00:00 2001 From: Stanislav Levin Date: Mon, 16 Nov 2020 15:17:54 +0300 Subject: [PATCH 2/2] temp commit: check log settings Signed-off-by: Stanislav Levin --- ipatests/test_integration/test_installation.py | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ipatests/test_integration/test_installation.py b/ipatests/test_integration/test_installation.py index 1e0b3182a4e..e95e44db751 100644 --- a/ipatests/test_integration/test_installation.py +++ b/ipatests/test_integration/test_installation.py @@ -972,6 +972,24 @@ def test_ds_disable_upgrade_hash(self): ) assert "nsslapd-enable-upgrade-hash: off" in result.stdout_text + def test_ds_loglevel(self): + result = tasks.ldapsearch_dm( + self.master, + "cn=config", + ldap_args=["nsslapd-errorlog-level"], + scope="base" + ) + assert "nsslapd-errorlog-level: 8192" in result.stdout_text + + def test_ds_flush_logs(self): + result = tasks.ldapsearch_dm( + self.master, + "cn=config", + ldap_args=["nsslapd-accesslog-logbuffering"], + scope="base" + ) + assert "nsslapd-accesslog-logbuffering: off" in result.stdout_text + def test_ldbm_tuning(self): # check db-locks in new cn=bdb subentry (1.4.3+) result = tasks.ldapsearch_dm(