openSUSE Project Management Tool: Issueshttps://progress.opensuse.org/https://progress.opensuse.org/themes/openSUSE/favicon/favicon.ico?15829177842024-03-15T07:34:18ZopenSUSE Project Management Tool
Redmine openQA Tests - action #157306 (Workable): [security][QU] seahorse_sshkey fails to enable WE exten...https://progress.opensuse.org/issues/1573062024-03-15T07:34:18Ztjyrinki_susetjyrinki+redmine@suse.de
<p>openQA test in scenario sle-15-SP5-Online-QR-x86_64-fips_env_mode_tests_crypt_x11@64bit fails in<br>
<a href="https://openqa.suse.de/tests/13708414/modules/seahorse_sshkey/steps/18" class="external">seahorse_sshkey</a></p>
<p>This was earlier attributed to <a href="https://bugzilla.suse.com/show_bug.cgi?id=1217071" class="external">https://bugzilla.suse.com/show_bug.cgi?id=1217071</a> but it has been reportedly fixed also in 15-SP5 now.</p>
openQA Tests - action #157138 (Workable): [security] SLE Micro 6.0 s390x tests do not start (cont...https://progress.opensuse.org/issues/1571382024-03-13T08:21:13Ztjyrinki_susetjyrinki+redmine@suse.de
<p>openQA test in scenario sle-micro-6.0-Base-qcow-s390x-container_selinux@s390x-kvm fails in<br>
<a href="https://openqa.suse.de/tests/13756851/modules/disk_boot/steps/8" class="external">disk_boot</a></p>
<p>This has not been tried to be executed before. It is likely trying to boot with wrong modules and possibly wrong settings, comparison can be done to <a href="https://openqa.suse.de/tests/13756869" class="external">https://openqa.suse.de/tests/13756869</a> which boots the same image successfully.</p>
openQA Tests - action #156661 (Workable): [security][15-SP6] audit_remote_libvirt fails due to "S...https://progress.opensuse.org/issues/1566612024-03-05T12:50:05Ztjyrinki_susetjyrinki+redmine@suse.de
<p>openQA test in scenario sle-15-SP6-Online-x86_64-cc_audit-remote-libvirt@64bit fails in<br>
<a href="https://openqa.suse.de/tests/13713040/modules/audit_remote_libvirt/steps/13" class="external">audit_remote_libvirt</a></p>
<p>This didn't happen here: <a href="https://openqa.suse.de/tests/12736098#step/audit_remote_libvirt/10" class="external">https://openqa.suse.de/tests/12736098#step/audit_remote_libvirt/10</a> where the fix from ticket <a class="issue tracker-4 status-3 priority-4 priority-default closed" title="action: [security][15-SP6] Update test audit_remote_libvirt for new libvirt behaviour (Resolved)" href="https://progress.opensuse.org/issues/137627">#137627</a> helped the test to finish with just one baseline test comparison failure.</p>
<a name="Acceptance-Criteria"></a>
<h2 >Acceptance Criteria<a href="#Acceptance-Criteria" class="wiki-anchor">¶</a></h2>
<ol>
<li>Make audit_remote_libvirt to pass on 15-SP6 (or, report product bug) without regressing on 15-SP5 (see ticket <a class="issue tracker-4 status-4 priority-4 priority-default" title="action: [security][QU] audit_remote_libvirt fails in 15-SP5 due to new libvirt behavior (Feedback)" href="https://progress.opensuse.org/issues/156658">#156658</a> for its issue).</li>
</ol>
openQA Tests - action #155260 (Resolved): [security][15-SP6] test fails in audit2allow in 15-SP6https://progress.opensuse.org/issues/1552602024-02-09T13:00:08Ztjyrinki_susetjyrinki+redmine@suse.de
<p>openQA test in scenario sle-15-SP6-Online-x86_64-selinux@64bit fails in<br>
<a href="https://openqa.suse.de/tests/13458163/modules/audit2allow/steps/20" class="external">audit2allow</a></p>
<p>Fails since (at least) Build <a href="https://openqa.suse.de/tests/13086176" class="external">45.1</a></p>
<p>Last good: <a href="https://openqa.suse.de/tests/13004542" class="external">44.1</a> (or more recent)</p>
<p>Similar to otherwise unrelated ticket <a class="issue tracker-4 status-12 priority-4 priority-default" title="action: [security][15-SP6] logic of passphrase entering failed in autoyast_stig_remediation (Workable)" href="https://progress.opensuse.org/issues/155248">#155248</a>, this started in build 45.1. This time however older test commit does not help (<a href="https://openqa.suse.de/tests/13458163#comments" class="external">https://openqa.suse.de/tests/13458163#comments</a>), so is it maybe a product change or product bug, or something in our configuration?</p>
openQA Tests - action #155248 (Workable): [security][15-SP6] logic of passphrase entering failed ...https://progress.opensuse.org/issues/1552482024-02-09T10:42:00Ztjyrinki_susetjyrinki+redmine@suse.de
<p>openQA test in scenario sle-15-SP6-Online-x86_64-autoyast_stig_remediation@64bit fails in<br>
<a href="https://openqa.suse.de/tests/13457092/modules/first_boot/steps/3" class="external">first_boot</a></p>
<p>It started in Build <a href="https://openqa.suse.de/tests/13085395" class="external">45.1</a></p>
<p>While it was still working in <a href="https://openqa.suse.de/tests/13003729" class="external">44.1</a> - over there the "boot_encrypt" module entered the passphrase, while now in boot_encrypt module it's still showing the grub authentication and thein fails in first_boot </p>
<p>If looking at the videos, even on 45.1 it does enter the grub passphrase, but then maybe (possibly, not necessarily) due to ticket <a class="issue tracker-4 status-3 priority-4 priority-default closed child" title="action: [security][15-SP6] GRUB now passes through unlocking, test needs to be changed (Resolved)" href="https://progress.opensuse.org/issues/152455">#152455</a> expects that it would be enough, while in this stig case it does not seem the pass-through is working anymore? Not sure why though, the password is the same but maybe it's part of stig logic to not allow pass-through?</p>
<a name="Further-details"></a>
<h2 >Further details<a href="#Further-details" class="wiki-anchor">¶</a></h2>
<p>Always latest result in this scenario: <a href="https://openqa.suse.de/tests/latest?arch=x86_64&distri=sle&flavor=Online&machine=64bit&test=autoyast_stig_remediation&version=15-SP6" class="external">latest</a></p>
<p>Automatic re-runs indicate git commit f69e77d29d96cab7c9a3e18c5cd2cfb73f371ee4 (from the time 44.1 build was done) still works for this test suite (<a href="https://openqa.suse.de/tests/13457092#comments" class="external">https://openqa.suse.de/tests/13457092#comments</a>).</p>
openQA Tests - action #153045 (Workable): [security] seahorse_sshkey test module should not add e...https://progress.opensuse.org/issues/1530452024-01-03T08:15:20Ztjyrinki_susetjyrinki+redmine@suse.de
<p>Adding modules should not be needed in maintenance.</p>
<p><a href="https://github.com/os-autoinst/os-autoinst-distri-opensuse/blob/master/tests/x11/seahorse_sshkey.pm#L20" class="external">https://github.com/os-autoinst/os-autoinst-distri-opensuse/blob/master/tests/x11/seahorse_sshkey.pm#L20</a></p>
<p>It started failing because the we module stopped being supported for 15-SP4, but the module was anyway included already in the HDD image being used when the module was available, so the adding was never needed.</p>
openQA Tests - action #135401 (Closed): [security] fips pattern missing because basesystem reposi...https://progress.opensuse.org/issues/1354012023-09-08T09:02:40Ztjyrinki_susetjyrinki+redmine@suse.de
<p>openQA test in scenario sle-15-SP6-Online-x86_64-fips_env_stunnel_server@64bit fails in<br>
<a href="https://openqa.suse.de/tests/12036081/modules/fips_setup/steps/19" class="external">fips_setup</a></p>
<p>Fails since (at least) Build <a href="https://openqa.suse.de/tests/12036081" class="external">19.1</a> (current job)</p>
<p>Last good: <a href="https://openqa.suse.de/tests/11979771" class="external">16.1</a> (or more recent)</p>
<p>First thought to be a product problem, developer explained that <code><br>
as this you install with the Online medium, you need to enable the Basesystem Pool repository.</code></p>
<p>Comparing a <em>passing</em> run at <a href="https://openqa.suse.de/tests/11979771#settings" class="external">https://openqa.suse.de/tests/11979771#settings</a> to now <em>failing</em> run at <a href="https://openqa.suse.de/tests/12036081#settings" class="external">https://openqa.suse.de/tests/12036081#settings</a> , it seems the <em>failing</em> run is here where there are 50+ repository related settings that did not exist for the passing one.</p>
<p>Looking further back to 15-SP5 - <a href="https://openqa.suse.de/tests/11175701#settings" class="external">https://openqa.suse.de/tests/11175701#settings</a> - it seems the new case of having all of those settings would be the right way, but the question for this ticket is why it does not work?</p>
openQA Tests - action #135269 (Rejected): [security] test fails in system_preparehttps://progress.opensuse.org/issues/1352692023-09-06T18:08:00Ztjyrinki_susetjyrinki+redmine@suse.de
<p>openQA test in scenario sle-15-SP4-Server-DVD-Updates-s390x-mru-install-desktop-with-addons@s390x-kvm-sle12 fails in<br>
<a href="https://openqa.suse.de/tests/11970473/modules/system_prepare/steps/2" class="external">system_prepare</a></p>
<p>Fails since (at least) Build <a href="https://openqa.suse.de/tests/11970473" class="external">20230831-1</a> (current job)<br>
Last good: <a href="https://openqa.suse.de/tests/11942027" class="external">20230829-1</a> (or more recent)</p>
<p>Fails with "ssh: connect to host s390kvm082.suse.de port 22: No route to host".</p>
<p>Likely an infrastructure issue related to the moves, but should be seen if it can be workarounded or if something needs changing due to hardware moves.</p>
openQA Tests - action #134498 (Closed): [security][maintenance] test fails in openvpn_client some...https://progress.opensuse.org/issues/1344982023-08-22T13:46:01Ztjyrinki_susetjyrinki+redmine@suse.de
<p>openQA test in scenario sle-12-SP4-Server-DVD-Updates-x86_64-qam-openvpn-client@64bit fails in<br>
<a href="https://openqa.suse.de/tests/11896426/modules/openvpn_client/steps/29" class="external">openvpn_client</a></p>
<p>Last good: <a href="https://openqa.suse.de/tests/11888185" class="external">20230820-1</a> (or more recent)</p>
<p>It eg passed on 20230820, but only after a rerun, and failed on 20230821.</p>
openQA Tests - action #134237 (Rejected): [security][ALP] Manual Testing for ALP Dolomite Build 5.6https://progress.opensuse.org/issues/1342372023-08-15T08:20:39Ztjyrinki_susetjyrinki+redmine@suse.de
<p>While openQA automated testing was running already, recently everything broke over there and we should likely do manual testing still of the latest ALP Dolomite build 5.6.</p>
<ul>
<li>Download: <a href="https://download.suse.de/ibs/SUSE:/ALP:/Products:/Dolomite:/1.0:/ToTest/images/ALP-Dolomite.x86_64-1.0-Default-encrypted-Build5.6.raw" class="external">https://download.suse.de/ibs/SUSE:/ALP:/Products:/Dolomite:/1.0:/ToTest/images/ALP-Dolomite.x86_64-1.0-Default-encrypted-Build5.6.raw</a></li>
<li>Documentation: <a href="https://documentation.suse.com/alp/dolomite/html/alp-dolomite/concept-alp-deployment.html" class="external">https://documentation.suse.com/alp/dolomite/html/alp-dolomite/concept-alp-deployment.html</a></li>
</ul>
<p>Steps:</p>
<ul>
<li>Raw image setup with TPM</li>
<li>Fallback to password disk decryption when TPM is removed</li>
<li>Check <code>audit.log</code> for AVC deny</li>
</ul>
<p>See previous similar ticket <a class="issue tracker-4 status-3 priority-4 priority-default closed" title="action: [security][ALP] Manual Testing for ALP Dolomite Build 2.1 (Resolved)" href="https://progress.opensuse.org/issues/133265">#133265</a></p>
openQA Tests - action #134015 (Resolved): [security][15-SP6] NVIDIA module missing leading to tes...https://progress.opensuse.org/issues/1340152023-08-09T05:46:22Ztjyrinki_susetjyrinki+redmine@suse.de
<p>openQA test in scenario sle-15-SP6-Online-x86_64-fips_ker_mode_tests_crypt_x11_uefi@uefi fails in<br>
<a href="https://openqa.suse.de/tests/11770346/modules/test_repo_setup/steps/95" class="external">test_repo_setup</a> - always latest result in this scenario: <a href="https://openqa.suse.de/tests/latest?arch=x86_64&distri=sle&flavor=Online&machine=uefi&test=fips_ker_mode_tests_crypt_x11_uefi&version=15-SP6" class="external">latest</a></p>
<p>Check that the test passes once NVIDIA module is available for 15-SP6.</p>
qe-yam - action #91196 (Rejected): Add existing qe-yast Product QE tests to QEMhttps://progress.opensuse.org/issues/911962021-04-15T06:25:12Ztjyrinki_susetjyrinki+redmine@suse.de
<p>After comparing test coverage of SLE 15 SP2 and SP3 in opneQA I identified several tests that are exclusive to either pre-release or post-release testing and could be easily used to increase our coverage just by using what we already have.</p>
<p>It is possible that are some errors and some of the tests from the list are already being used. It is also just my opinion, therefor review from other colleagues is more then welcome.</p>
<p>These are the YaST tests that run only before release and could be used also after the release (product QE -> QEM)</p>
<p>tests/console/yast2_cmdline.pm<br>
tests/console/yast2_dns_server.pm<br>
tests/console/yast2_kdump.pm<br>
tests/console/yast2_lan_hostname.pm<br>
tests/console/yast2_ntpclient.pm<br>
tests/console/yast2_proxy.pm<br>
tests/console/yast2_rmt.pm<br>
tests/console/yast2_samba.pm<br>
tests/console/yast2_settings.pm<br>
tests/console/yast2_snapper_ncurses.pm<br>
tests/console/yast2_vnc.pm<br>
tests/network/wireguard.pm<br>
tests/security/yast2_apparmor/manually_add_profile.pm<br>
tests/security/yast2_apparmor/scan_audit_logs.pm<br>
tests/security/yast2_apparmor/settings_disable_enable_apparmor.pm<br>
tests/security/yast2_apparmor/settings_toggle_profile_mode.pm<br>
tests/security/yast2_users/add_users.pm</p>
qe-yam - action #91175 (Rejected): [qe-yast][qem] Add existing Product QE tests to QEMhttps://progress.opensuse.org/issues/911752021-04-15T06:11:54Ztjyrinki_susetjyrinki+redmine@suse.de
<p>After comparing test coverage of SLE 15 SP2 and SP3 in opneQA I identified several tests that are exclusive to either pre-release or post-release testing and could be easily used to increase our coverage just by using what we already have.</p>
<p>It is possible that are some errors and some of the tests from the list are already being used. It is also just my opinion, therefor review from other colleagues is more then welcome.</p>
<p>These are the YaST tests that run only before release and could be used also after the release (product QE -> QEM)</p>
<p>tests/console/vsftpd.pm<br>
tests/console/yast2_cmdline.pm<br>
tests/console/yast2_dns_server.pm<br>
tests/console/yast2_kdump.pm<br>
tests/console/yast2_lan_hostname.pm<br>
tests/console/yast2_ntpclient.pm<br>
tests/console/yast2_proxy.pm<br>
tests/console/yast2_rmt.pm<br>
tests/console/yast2_samba.pm<br>
tests/console/yast2_settings.pm<br>
tests/console/yast2_snapper_ncurses.pm<br>
tests/console/yast2_vnc.pm<br>
tests/security/yast2_apparmor/manually_add_profile.pm<br>
tests/security/yast2_apparmor/scan_audit_logs.pm<br>
tests/security/yast2_apparmor/settings_disable_enable_apparmor.pm<br>
tests/security/yast2_apparmor/settings_toggle_profile_mode.pm<br>
tests/security/yast2_users/add_users.pm</p>
qe-yam - action #91172 (Rejected): Add existing QEM YaST tests to Product QEhttps://progress.opensuse.org/issues/911722021-04-15T06:10:09Ztjyrinki_susetjyrinki+redmine@suse.de
<p>After comparing test coverage of SLE 15 SP2 and SP3 in opneQA I identified several tests that are exclusive to either pre-release or post-release testing and could be easily used to increase our coverage just by using what we already have.</p>
<p>It is possible that are some errors and some of the tests from the list are already being used. It is also just my opinion, therefor review from other colleagues is more then welcome.</p>
<p>These are the YaST tests that run only after release and could be used also before the release (QEM -> product QE)</p>
<p>tests/console/yast2_registration.pm<br>
tests/yast2_gui/yast2_instserver.pm<br>
tests/yast2_gui/yast2_keyboard.pm<br>
tests/yast2_gui/yast2_storage_ng.pm</p>
openSUSE admin - tickets #80354 (Rejected): ns3.opensuse.org reports wrong IP to meet.opensuse.orghttps://progress.opensuse.org/issues/803542020-11-25T09:58:45Ztjyrinki_susetjyrinki+redmine@suse.de
<p>The new meet.o.o server was put into place, and it's at 195.135.221.174. However, ns3.opensuse.org disagrees and reports 173, which breaks meet.o.o for everyone (unless using direct IP).</p>
<p>Meanwhile, ns2 and ns4 are also down, possibly something to look at as well and verify if they'll eventually agree on the IP of meet.o.o.</p>
<p>-Timo </p>