Update PKI tests to run DS in separate container

.github/workflows/pki-ca-test.yml

@@ -27,7 +27,15 @@ jobs:
  - name: Create network
  run: docker network create example
 
- - name: Set up JSS container
+ - name: Set up DS container
+ run: |
+ tests/bin/runner-init.sh \
+ --hostname=ds.example.com \
+ --network=example \
+ --network-alias=ds.example.com \
+ ds
+
+ - name: Set up PKI container
  run: |
  tests/bin/runner-init.sh \
  --hostname=pki.example.com \
@@ -49,20 +57,19 @@ jobs:
 
  - name: Install packages
  run: |
- docker exec pki dnf install -y 389-ds-base
+ docker exec ds dnf install -y 389-ds-base
  docker cp /tmp/RPMS/. pki:/root/RPMS/
  docker exec pki bash -c "dnf localinstall -y /root/RPMS/*"
 
  - name: Install DS
- run: docker exec pki ${SHARED}/tests/bin/ds-create.sh
+ run: docker exec ds ${SHARED}/tests/bin/ds-create.sh
 
  - name: Install CA
  run: |
  docker exec pki pkispawn \
  -f /usr/share/pki/server/examples/installation/ca.cfg \
  -s CA \
- -D pki_cert_id_generator=random \
- -D pki_request_id_generator=random \
+ -D pki_ds_url=ldap://ds.example.com:389 \
  -v
 
  # set buffer size to 0 so that revocation takes effect immediately
@@ -109,22 +116,37 @@ jobs:
  docker exec pki /usr/share/pki/tests/ca/bin/test-ca-auditor-cert.sh
  docker exec pki /usr/share/pki/tests/ca/bin/test-ca-auditor-logs.sh
 
- - name: Gather artifacts
- if: always()
- run: |
- tests/bin/ds-artifacts-save.sh pki
- tests/bin/pki-artifacts-save.sh pki
-
  - name: Remove CA
  run: docker exec pki pkidestroy -i pki-tomcat -s CA -v
 
  - name: Remove DS
- run: docker exec pki ${SHARED}/tests/bin/ds-remove.sh
+ run: docker exec ds ${SHARED}/tests/bin/ds-remove.sh
+
+ - name: Check DS server systemd journal
+ if: always()
+ run: |
+ docker exec ds journalctl -x --no-pager -u [email protected]
+
+ - name: Check PKI server systemd journal
+ if: always()
+ run: |
+ docker exec pki journalctl -x --no-pager -u [email protected]
+
+ - name: Check CA debug log
+ if: always()
+ run: |
+ docker exec pki find /var/log/pki/pki-tomcat/ca -name "debug.*" -exec cat {} \;
+
+ - name: Gather artifacts
+ if: always()
+ run: |
+ tests/bin/ds-artifacts-save.sh ds
+ tests/bin/pki-artifacts-save.sh pki
+ continue-on-error: true
 
  - name: Upload artifacts
  if: always()
  uses: actions/upload-artifact@v4
  with:
  name: pki-ca-test
- path: |
- /tmp/artifacts/pki
+ path: /tmp/artifacts

.github/workflows/pki-tps-test.yml

@@ -24,10 +24,23 @@ jobs:
  - name: Load JSS images
  run: docker load --input jss-images.tar
 
- - name: Set up JSS container
+ - name: Create network
+ run: docker network create example
+
+ - name: Set up DS container
+ run: |
+ tests/bin/runner-init.sh \
+ --hostname=ds.example.com \
+ --network=example \
+ --network-alias=ds.example.com \
+ ds
+
+ - name: Set up PKI container
  run: |
  tests/bin/runner-init.sh \
  --hostname=pki.example.com \
+ --network=example \
+ --network-alias=pki.example.com \
  pki
 
  - name: Import LDAP SDK packages
@@ -44,38 +57,37 @@ jobs:
 
  - name: Install packages
  run: |
- docker exec pki dnf install -y 389-ds-base
+ docker exec ds dnf install -y 389-ds-base
  docker cp /tmp/RPMS/. pki:/root/RPMS/
  docker exec pki bash -c "dnf localinstall -y /root/RPMS/*"
 
  - name: Install DS
- run: docker exec pki ${SHARED}/tests/bin/ds-create.sh
+ run: docker exec ds ${SHARED}/tests/bin/ds-create.sh
 
  - name: Install CA
  run: |
  docker exec pki pkispawn \
  -f /usr/share/pki/server/examples/installation/ca.cfg \
  -s CA \
- -D pki_cert_id_generator=random \
- -D pki_request_id_generator=random \
+ -D pki_ds_url=ldap://ds.example.com:389 \
  -v
 
- docker exec pki pki-server cert-find
-
  - name: Install TKS
  run: |
  docker exec pki pkispawn \
  -f /usr/share/pki/server/examples/installation/tks.cfg \
  -s TKS \
+ -D pki_ds_url=ldap://ds.example.com:389 \
  -v
 
- docker exec pki pki-server cert-find
-
  - name: Install TPS
  run: |
  docker exec pki pkispawn \
  -f /usr/share/pki/server/examples/installation/tps.cfg \
  -s TPS \
+ -D pki_ds_url=ldap://ds.example.com:389 \
+ -D pki_authdb_hostname=ds.example.com \
+ -D pki_authdb_port=389 \
  -v
 
  - name: Check TPS admin
@@ -91,10 +103,12 @@ jobs:
  run: |
  # import sample TPS users
  docker exec pki ldapadd \
+ -H ldap://ds.example.com:389 \
  -D "cn=Directory Manager" \
  -w Secret.123 \
  -f /usr/share/pki/tps/auth/ds/create.ldif
  docker exec pki ldapadd \
+ -H ldap://ds.example.com:389 \
  -D "cn=Directory Manager" \
  -w Secret.123 \
  -f /usr/share/pki/tps/auth/ds/example.ldif
@@ -149,13 +163,6 @@ jobs:
 
  docker exec pki pki -n caadmin tps-cert-find --token $CUID
 
- - name: Gather artifacts
- if: always()
- run: |
- tests/bin/ds-artifacts-save.sh --output=/tmp/artifacts/pki ds
- tests/bin/pki-artifacts-save.sh pki
- continue-on-error: true
-
  - name: Remove TPS
  run: docker exec pki pkidestroy -i pki-tomcat -s TPS -v
 
@@ -165,10 +172,41 @@ jobs:
  - name: Remove CA
  run: docker exec pki pkidestroy -i pki-tomcat -s CA -v
 
+ - name: Check DS server systemd journal
+ if: always()
+ run: |
+ docker exec ds journalctl -x --no-pager -u [email protected]
+
+ - name: Check PKI server systemd journal
+ if: always()
+ run: |
+ docker exec pki journalctl -x --no-pager -u [email protected]
+
+ - name: Check CA debug log
+ if: always()
+ run: |
+ docker exec pki find /var/log/pki/pki-tomcat/ca -name "debug.*" -exec cat {} \;
+
+ - name: Check TKS debug log
+ if: always()
+ run: |
+ docker exec pki find /var/log/pki/pki-tomcat/tks -name "debug.*" -exec cat {} \;
+
+ - name: Check TPS debug log
+ if: always()
+ run: |
+ docker exec pki find /var/log/pki/pki-tomcat/tps -name "debug.*" -exec cat {} \;
+
+ - name: Gather artifacts
+ if: always()
+ run: |
+ tests/bin/ds-artifacts-save.sh ds
+ tests/bin/pki-artifacts-save.sh pki
+ continue-on-error: true
+
  - name: Upload artifacts
  if: always()
  uses: actions/upload-artifact@v4
  with:
  name: pki-tps-test
- path: |
- /tmp/artifacts/pki
+ path: /tmp/artifacts