Skip to content

Update ACME tests to create DS indexes #4955

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Feb 7, 2025
Merged

Update ACME tests to create DS indexes #4955

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
79 changes: 31 additions & 48 deletions .github/workflows/acme-basic-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,20 +34,18 @@ jobs:
tests/bin/ds-create.sh \
--image=${{ env.DS_IMAGE }} \
--hostname=ds.example.com \
--network=example \
--network-alias=ds.example.com \
--password=Secret.123 \
ds

- name: Connect DS container to network
run: docker network connect example ds --alias ds.example.com

- name: Set up PKI container
run: |
tests/bin/runner-init.sh pki
env:
HOSTNAME: pki.example.com

- name: Connect PKI container to network
run: docker network connect example pki --alias pki.example.com
tests/bin/runner-init.sh \
--hostname=pki.example.com \
--network=example \
--network-alias=pki.example.com \
pki

- name: Install CA in PKI container
run: |
Expand All @@ -59,7 +57,9 @@ jobs:

- name: Install CA admin cert
run: |
docker exec pki pki-server cert-export ca_signing --cert-file ca_signing.crt
docker exec pki pki-server cert-export \
--cert-file ca_signing.crt \
ca_signing

docker exec pki pki nss-cert-import \
--cert ca_signing.crt \
Expand All @@ -69,6 +69,7 @@ jobs:
docker exec pki pki pkcs12-import \
--pkcs12 /root/.dogtag/pki-tomcat/ca_admin_cert.p12 \
--pkcs12-password Secret.123

docker exec pki pki -n caadmin ca-user-show caadmin

- name: Check initial CA certs
Expand All @@ -80,23 +81,31 @@ jobs:
grep "Serial Number:" output | wc -l > actual
diff expected actual

- name: Set up ACME database in DS container
- name: Set up ACME database
run: |
docker exec ds ldapmodify \
docker exec pki ldapmodify \
-H ldap://ds.example.com:3389 \
-D "cn=Directory Manager" \
-w Secret.123 \
-f /usr/share/pki/acme/database/ds/schema.ldif
docker exec pki ldapadd \
-H ldap://ds.example.com:3389 \
-D "cn=Directory Manager" \
-w Secret.123 \
-f $SHARED/base/acme/database/ds/schema.ldif
docker exec ds ldapadd \
-f /usr/share/pki/acme/database/ds/index.ldif
docker exec pki ldapadd \
-H ldap://ds.example.com:3389 \
-D "cn=Directory Manager" \
-w Secret.123 \
-f $SHARED/base/acme/database/ds/create.ldif
docker exec ds ldapadd \
-f /usr/share/pki/acme/database/ds/create.ldif

- name: Set up ACME realm
run: |
docker exec pki ldapadd \
-H ldap://ds.example.com:3389 \
-D "cn=Directory Manager" \
-w Secret.123 \
-f $SHARED/base/acme/realm/ds/create.ldif
-f /usr/share/pki/acme/realm/ds/create.ldif

- name: Install ACME in PKI container
run: |
Expand Down Expand Up @@ -341,12 +350,11 @@ jobs:

- name: Set up client container
run: |
tests/bin/runner-init.sh client
env:
HOSTNAME: client.example.com

- name: Connect client container to network
run: docker network connect example client --alias client.example.com
tests/bin/runner-init.sh \
--hostname=client.example.com \
--network=example \
--network-alias=client.example.com \
client

- name: Install certbot in client container
run: docker exec client dnf install -y certbot
Expand Down Expand Up @@ -793,28 +801,3 @@ jobs:
if: always()
run: |
docker exec client cat /var/log/letsencrypt/letsencrypt.log

- name: Gather artifacts from server containers
if: always()
run: |
tests/bin/ds-artifacts-save.sh --output=/tmp/artifacts/pki ds
tests/bin/pki-artifacts-save.sh pki
continue-on-error: true

- name: Gather artifacts from client container
if: always()
run: |
mkdir -p /tmp/artifacts/client
docker logs client > /tmp/artifacts/client/container.out 2> /tmp/artifacts/client/container.err
mkdir -p /tmp/artifacts/client/etc/letsencrypt
docker cp client:/etc/letsencrypt/live /tmp/artifacts/client/etc/letsencrypt
mkdir -p /tmp/artifacts/client/var/log/letsencrypt
docker cp client:/var/log/letsencrypt/letsencrypt.log /tmp/artifacts/client/var/log/letsencrypt
continue-on-error: true

- name: Upload artifacts
if: always()
uses: actions/upload-artifact@v4
with:
name: acme-basic
path: /tmp/artifacts
31 changes: 1 addition & 30 deletions .github/workflows/acme-container-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ jobs:
tests/bin/runner-init.sh \
--hostname=client.example.com \
--network=example \
--network-alias=client.example.com \
client

- name: Install dependencies in client container
Expand Down Expand Up @@ -269,33 +270,3 @@ jobs:
if: always()
run: |
docker logs client 2>&1

- name: Gather artifacts
if: always()
run: |
mkdir -p /tmp/artifacts/acme
cp -r certs /tmp/artifacts/acme
cp -r metadata /tmp/artifacts/acme
cp -r database /tmp/artifacts/acme
cp -r issuer /tmp/artifacts/acme
cp -r realm /tmp/artifacts/acme
cp -r conf /tmp/artifacts/acme
cp -r logs /tmp/artifacts/acme

docker logs acme > /tmp/artifacts/acme/container.out 2> /tmp/artifacts/acme/container.err

docker exec client ls -la /etc/letsencrypt/live
mkdir -p /tmp/artifacts/client/etc/letsencrypt
docker cp client:/etc/letsencrypt/live /tmp/artifacts/client/etc/letsencrypt

docker exec client ls -la /var/log/letsencrypt
mkdir -p /tmp/artifacts/client/var/log/letsencrypt
docker cp client:/var/log/letsencrypt/letsencrypt.log /tmp/artifacts/client/var/log/letsencrypt
continue-on-error: true

- name: Upload artifacts
if: always()
uses: actions/upload-artifact@v4
with:
name: acme-container
path: /tmp/artifacts
8 changes: 8 additions & 0 deletions .github/workflows/acme-existing-nssdb-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,11 +150,19 @@ jobs:
-D "cn=Directory Manager" \
-w Secret.123 \
-f /usr/share/pki/acme/database/ds/schema.ldif
docker exec acme ldapadd \
-H ldap://acmeds.example.com:3389 \
-D "cn=Directory Manager" \
-w Secret.123 \
-f /usr/share/pki/acme/database/ds/index.ldif
docker exec acme ldapadd \
-H ldap://acmeds.example.com:3389 \
-D "cn=Directory Manager" \
-w Secret.123 \
-f /usr/share/pki/acme/database/ds/create.ldif

- name: Set up ACME realm
run: |
docker exec acme ldapadd \
-H ldap://acmeds.example.com:3389 \
-D "cn=Directory Manager" \
Expand Down
72 changes: 19 additions & 53 deletions .github/workflows/acme-postgresql-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,20 +33,18 @@ jobs:
tests/bin/ds-create.sh \
--image=${{ env.DS_IMAGE }} \
--hostname=ds.example.com \
--network=example \
--network-alias=ds.example.com \
--password=Secret.123 \
ds

- name: Connect DS container to network
run: docker network connect example ds --alias ds.example.com

- name: Set up PKI container
run: |
tests/bin/runner-init.sh pki
env:
HOSTNAME: pki.example.com

- name: Connect PKI container to network
run: docker network connect example pki --alias pki.example.com
tests/bin/runner-init.sh \
--hostname=pki.example.com \
--network=example \
--network-alias=pki.example.com \
pki

- name: Install CA in PKI container
run: |
Expand Down Expand Up @@ -127,17 +125,19 @@ jobs:

- name: Deploy postgresql
run: |
docker run -d --name postgresql \
docker run \
--name postgresql \
--hostname postgresql.example.com \
--network example \
--network-alias postgresql.example.com \
-e POSTGRES_PASSWORD=mysecretpassword \
-e POSTGRES_USER=acme \
postgres-ssl -c ssl=on \
--detach \
postgres-ssl \
-c ssl=on \
-c ssl_cert_file=/var/lib/postgresql/server.crt \
-c ssl_key_file=/var/lib/postgresql/server.key

- name: Connect DB container to network
run: docker network connect example postgresql --alias postgresql.example.com

- name: Set up database drivers
run: |
docker exec pki dnf install -y postgresql-jdbc
Expand Down Expand Up @@ -249,12 +249,11 @@ jobs:

- name: Set up client container
run: |
tests/bin/runner-init.sh client
env:
HOSTNAME: client.example.com

- name: Connect client container to network
run: docker network connect example client --alias client.example.com
tests/bin/runner-init.sh \
--hostname=client.example.com \
--network=example \
--network-alias=client.example.com \
client

- name: Install certbot in client container
run: docker exec client dnf install -y certbot
Expand Down Expand Up @@ -574,36 +573,3 @@ jobs:
if: always()
run: |
docker exec client cat /var/log/letsencrypt/letsencrypt.log

- name: Gather artifacts from server containers
if: always()
run: |
tests/bin/ds-artifacts-save.sh --output=/tmp/artifacts/pki ds
tests/bin/pki-artifacts-save.sh pki
continue-on-error: true

- name: Gather artifacts from client container
if: always()
run: |
mkdir -p /tmp/artifacts/client
docker logs client > /tmp/artifacts/client/container.out 2> /tmp/artifacts/client/container.err
mkdir -p /tmp/artifacts/client/etc/letsencrypt
docker cp client:/etc/letsencrypt/live /tmp/artifacts/client/etc/letsencrypt
mkdir -p /tmp/artifacts/client/var/log/letsencrypt
docker cp client:/var/log/letsencrypt/letsencrypt.log /tmp/artifacts/client/var/log/letsencrypt
continue-on-error: true

- name: Upload artifacts from server containers
if: always()
uses: actions/upload-artifact@v4
with:
name: acme-postgresql-server
path: |
/tmp/artifacts/pki

- name: Upload artifacts from client container
if: always()
uses: actions/upload-artifact@v4
with:
name: acme-postgresql-client
path: /tmp/artifacts/client
35 changes: 8 additions & 27 deletions .github/workflows/acme-separate-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,11 +106,19 @@ jobs:
-D "cn=Directory Manager" \
-w Secret.123 \
-f /usr/share/pki/acme/database/ds/schema.ldif
docker exec acme ldapadd \
-H ldap://acmeds.example.com:3389 \
-D "cn=Directory Manager" \
-w Secret.123 \
-f /usr/share/pki/acme/database/ds/index.ldif
docker exec acme ldapadd \
-H ldap://acmeds.example.com:3389 \
-D "cn=Directory Manager" \
-w Secret.123 \
-f /usr/share/pki/acme/database/ds/create.ldif

- name: Set up ACME realm
run: |
docker exec acme ldapadd \
-H ldap://acmeds.example.com:3389 \
-D "cn=Directory Manager" \
Expand Down Expand Up @@ -843,30 +851,3 @@ jobs:
if: always()
run: |
docker exec client cat /var/log/letsencrypt/letsencrypt.log

- name: Gather artifacts from server containers
if: always()
run: |
tests/bin/ds-artifacts-save.sh cads
tests/bin/pki-artifacts-save.sh ca
tests/bin/ds-artifacts-save.sh acmeds
tests/bin/pki-artifacts-save.sh acme
continue-on-error: true

- name: Gather artifacts from client container
if: always()
run: |
mkdir -p /tmp/artifacts/client
docker logs client > /tmp/artifacts/client/container.out 2> /tmp/artifacts/client/container.err
mkdir -p /tmp/artifacts/client/etc/letsencrypt
docker cp client:/etc/letsencrypt/live /tmp/artifacts/client/etc/letsencrypt
mkdir -p /tmp/artifacts/client/var/log/letsencrypt
docker cp client:/var/log/letsencrypt/letsencrypt.log /tmp/artifacts/client/var/log/letsencrypt
continue-on-error: true

- name: Upload artifacts
if: always()
uses: actions/upload-artifact@v4
with:
name: acme-separate
path: /tmp/artifacts
Loading
Loading