From 52054d31a023521995e1f3c1003f94d434879cbb Mon Sep 17 00:00:00 2001 From: Daniel Diblik <8378124+danmyway@users.noreply.github.com> Date: Wed, 10 Jul 2024 15:39:02 +0200 Subject: [PATCH] [RHELC-1629] hotfix/Fix provisioning of CentOS images (#1290) * Fix provisioning of CentOS images * TF probably made some changes in the repofiles, so the provisioning now fails with duplicate baseurl entry * additionally extras repo is left unchanged causing the yum calls to fail * comment out all baseurl and mirrorlist options, leave just valid vault baseurl uncommented * fix the failing cve test * fix the extras repo for centos 7 playbook * Remove add-extras-repo role * the extras repo is defined already in the repofiles on the systems we use * Mitigate repo url changed to default * in rare cases the repofiles might get restored to its original state pointing the url back to mirrorlist * add an autouse fixture pointing back to vault Signed-off-by: Daniel Diblik --------- Signed-off-by: Daniel Diblik --- .packit.yaml | 2 +- plans/stream.fmf | 3 --- plans/tier0.fmf | 3 --- tests/integration/conftest.py | 16 ++++++++++++++++ .../add-extras-repo/enable_centos7_extras.yml | 10 ---------- .../add-extras-repo/enable_centos8_extras.yml | 10 ---------- .../yum-distro-sync/add-extras-repo/main.yml | 8 -------- .../test_basic_sanity_checks.py | 7 ++----- .../cve-2022-1662/test_cve-2022-1662.py | 13 +++++++++---- .../non-destructive/kernel/test_custom_kernel.py | 2 +- 10 files changed, 29 insertions(+), 45 deletions(-) delete mode 100644 tests/integration/tier0/destructive/yum-distro-sync/add-extras-repo/enable_centos7_extras.yml delete mode 100644 tests/integration/tier0/destructive/yum-distro-sync/add-extras-repo/enable_centos8_extras.yml delete mode 100644 tests/integration/tier0/destructive/yum-distro-sync/add-extras-repo/main.yml diff --git a/.packit.yaml b/.packit.yaml index 96765658fe..29de901006 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -98,7 +98,7 @@ jobs: # For some targets we use official AWS marketplace images, those do not support root ssh login as default, # therefore we need to pass post-install-script to enable root login on the host # Additionally we rewrite the URLs in the repofiles to point to the vault, given CentOS(Stream) 8 is EOL - tf_post_install_script: '#!/bin/bash\nsudo sed -i "s/^.*ssh-rsa/ssh-rsa/" /root/.ssh/authorized_keys; sed -i -e "s|^\(mirrorlist=.*\)|#\1|" -e "s|^#baseurl=http://mirror\(.*\)|baseurl=http://vault\1|" /etc/yum.repos.d/CentOS-Linux-*.repo' + tf_post_install_script: '#!/bin/bash\nsudo sed -i "s/^.*ssh-rsa/ssh-rsa/" /root/.ssh/authorized_keys; sed -i -e "s|^\(mirrorlist=.*\)|#\1|" -e "s|^baseurl=\(.*\)|#baseurl=\1|" -e "s|^#baseurl=http://mirror\(.*\)|baseurl=http://vault\1|" /etc/yum.repos.d/CentOS-*' tf_extra_params: environments: - settings: diff --git a/plans/stream.fmf b/plans/stream.fmf index eebb7bcd26..a053bc3b96 100644 --- a/plans/stream.fmf +++ b/plans/stream.fmf @@ -102,9 +102,6 @@ adjust+: script: pytest --setup-show -svv tests/integration/*/destructive/single-yum-transaction/install_multilib_packages.py /yum_distro_sync: prepare+: - - name: enable CentOS' extras repo - how: ansible - playbook: tests/integration/tier0/destructive/yum-distro-sync/add-extras-repo/main.yml - name: Install problematic package how: shell script: pytest --setup-show -svv tests/integration/*/destructive/yum-distro-sync/install_problematic_package.py diff --git a/plans/tier0.fmf b/plans/tier0.fmf index c376ae45d1..38e22a214c 100644 --- a/plans/tier0.fmf +++ b/plans/tier0.fmf @@ -175,9 +175,6 @@ adjust+: /yum_distro_sync: prepare+: - - name: enable CentOS' extras repo - how: ansible - playbook: tests/integration/tier0/destructive/yum-distro-sync/add-extras-repo/main.yml - name: Install problematic package how: shell script: pytest --setup-show -svv tests/integration/*/destructive/yum-distro-sync/install_problematic_package.py diff --git a/tests/integration/conftest.py b/tests/integration/conftest.py index 4e91b70ef7..e06b064f60 100644 --- a/tests/integration/conftest.py +++ b/tests/integration/conftest.py @@ -472,6 +472,7 @@ def missing_os_release_package_workaround(shell): # Since we try to mitigate any damage caused by the incomplete rollback # try to update the system, in case anything got downgraded + print("TESTS >>> Updating the system.") shell("yum update -y", silent=True) @@ -944,3 +945,18 @@ def workaround_remove_uek(): subprocess.run(["yum", "remove", "-y", "kernel-uek"], check=False) yield + + +@pytest.fixture(autouse=True) +def keep_centos_pointed_to_vault(shell): + """ + Fixture. + In some rare cases we (re)install the centos-release package. + This overwrites the repofiles to its default state using mirrorlist instead of vault + which won't work since the EOL. + Make sure the repositories are pointed to the vault to keep the system usable. + """ + if "C2R_TESTS_NONDESTRUCTIVE" in os.environ and "centos" in SystemInformationRelease.distribution: + sed_repos_to_vault = 'sed -i -e "s|^\(mirrorlist=.*\)|#\1|" -e "s|^#baseurl=http://mirror\(.*\)|baseurl=http://vault\1|" /etc/yum.repos.d/CentOS-*' + print("TESTS >>> Resetting the repos to vault") + shell(sed_repos_to_vault, silent=True) diff --git a/tests/integration/tier0/destructive/yum-distro-sync/add-extras-repo/enable_centos7_extras.yml b/tests/integration/tier0/destructive/yum-distro-sync/add-extras-repo/enable_centos7_extras.yml deleted file mode 100644 index f3e142c5a5..0000000000 --- a/tests/integration/tier0/destructive/yum-distro-sync/add-extras-repo/enable_centos7_extras.yml +++ /dev/null @@ -1,10 +0,0 @@ -- hosts: all - tasks: - - name: Add CentOS extras repo - yum_repository: - name: centos7-extras - description: CentOS extras for $basearch - baseurl: http://mirror.centos.org/centos-7/7/extras/$basearch/ - gpgcheck: no - enabled: yes - file: centos7-extras diff --git a/tests/integration/tier0/destructive/yum-distro-sync/add-extras-repo/enable_centos8_extras.yml b/tests/integration/tier0/destructive/yum-distro-sync/add-extras-repo/enable_centos8_extras.yml deleted file mode 100644 index ebe6237b3d..0000000000 --- a/tests/integration/tier0/destructive/yum-distro-sync/add-extras-repo/enable_centos8_extras.yml +++ /dev/null @@ -1,10 +0,0 @@ -- hosts: all - tasks: - - name: Add CentOS extras repo - yum_repository: - name: centos8-extras - description: CentOS extras for $basearch - baseurl: https://vault.centos.org/centos/8/extras/$basearch/os/ - gpgcheck: no - enabled: yes - file: centos8-extras diff --git a/tests/integration/tier0/destructive/yum-distro-sync/add-extras-repo/main.yml b/tests/integration/tier0/destructive/yum-distro-sync/add-extras-repo/main.yml deleted file mode 100644 index 19f7f93c4b..0000000000 --- a/tests/integration/tier0/destructive/yum-distro-sync/add-extras-repo/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- hosts: all - gather_facts: yes - become: false -- import_playbook: enable_centos7_extras.yml - when: ansible_facts['distribution_major_version'] == "7" -- import_playbook: enable_centos8_extras.yml - when: ansible_facts['distribution_major_version'] == "8" diff --git a/tests/integration/tier0/non-destructive/basic-sanity-checks/test_basic_sanity_checks.py b/tests/integration/tier0/non-destructive/basic-sanity-checks/test_basic_sanity_checks.py index f47341e31a..a1e8a41c72 100644 --- a/tests/integration/tier0/non-destructive/basic-sanity-checks/test_basic_sanity_checks.py +++ b/tests/integration/tier0/non-destructive/basic-sanity-checks/test_basic_sanity_checks.py @@ -218,11 +218,8 @@ def test_rhsm_error_logged(convert2rhel): # We just need to make sure the file does not exist. pass - # Now trigger a rollback, so we can see if it handles the missing - # certificate - c2r.sendcontrol("c") - - assert c2r.exitstatus == 1 + # Let the conversion fail on the subscription-manager register call + assert c2r.exitstatus == 2 # Verify the error message is not present in the log file with open("/var/log/convert2rhel/convert2rhel.log", "r") as logfile: diff --git a/tests/integration/tier0/non-destructive/cve-2022-1662/test_cve-2022-1662.py b/tests/integration/tier0/non-destructive/cve-2022-1662/test_cve-2022-1662.py index 4cb5c5630a..995bcf28e7 100644 --- a/tests/integration/tier0/non-destructive/cve-2022-1662/test_cve-2022-1662.py +++ b/tests/integration/tier0/non-destructive/cve-2022-1662/test_cve-2022-1662.py @@ -10,10 +10,15 @@ def watchdog(): """ while True: for process in psutil.process_iter(): - # For some reason the psutil catches subscription-manager in process.name() - # as 'subscription-ma', thus using 'subscription' to catch it - if "subscription" in process.name(): - return process.cmdline() + try: + # For some reason the psutil catches subscription-manager in process.name() + # as 'subscription-ma', thus using 'subscription' to catch it + if "subscription" in process.name(): + return process.cmdline() + # psutil might raise an exception when trying to reach an already exited process + # continue the loop when this happens + except psutil.NoSuchProcess: + continue @pytest.mark.test_passing_password_to_submgr diff --git a/tests/integration/tier0/non-destructive/kernel/test_custom_kernel.py b/tests/integration/tier0/non-destructive/kernel/test_custom_kernel.py index 6962c1fccd..202e2d50f6 100644 --- a/tests/integration/tier0/non-destructive/kernel/test_custom_kernel.py +++ b/tests/integration/tier0/non-destructive/kernel/test_custom_kernel.py @@ -22,7 +22,7 @@ }, "oracle-7": { "original_kernel": ORIGINAL_KERNEL, - "custom_kernel": "http://mirror.centos.org/centos/7/os/x86_64/Packages/kernel-3.10.0-1160.el7.x86_64.rpm", + "custom_kernel": "http://vault.centos.org/centos/7/os/x86_64/Packages/kernel-3.10.0-1160.el7.x86_64.rpm", "grub_substring": "Oracle Linux Server 7.9, with Linux 3.10.0-1160.el7.x86_64", }, # Install CentOS 8.5 kernel