openSUSE Project Management Tool: Issueshttps://progress.opensuse.org/https://progress.opensuse.org/themes/openSUSE/favicon/favicon.ico?15829177842024-03-15T07:34:18ZopenSUSE Project Management Tool
Redmine openQA Tests - action #157306 (Workable): [security][QU] seahorse_sshkey fails to enable WE exten...https://progress.opensuse.org/issues/1573062024-03-15T07:34:18Ztjyrinki_susetjyrinki+redmine@suse.de
<p>openQA test in scenario sle-15-SP5-Online-QR-x86_64-fips_env_mode_tests_crypt_x11@64bit fails in<br>
<a href="https://openqa.suse.de/tests/13708414/modules/seahorse_sshkey/steps/18" class="external">seahorse_sshkey</a></p>
<p>This was earlier attributed to <a href="https://bugzilla.suse.com/show_bug.cgi?id=1217071" class="external">https://bugzilla.suse.com/show_bug.cgi?id=1217071</a> but it has been reportedly fixed also in 15-SP5 now.</p>
openQA Tests - action #157138 (Workable): [security] SLE Micro 6.0 s390x tests do not start (cont...https://progress.opensuse.org/issues/1571382024-03-13T08:21:13Ztjyrinki_susetjyrinki+redmine@suse.de
<p>openQA test in scenario sle-micro-6.0-Base-qcow-s390x-container_selinux@s390x-kvm fails in<br>
<a href="https://openqa.suse.de/tests/13756851/modules/disk_boot/steps/8" class="external">disk_boot</a></p>
<p>This has not been tried to be executed before. It is likely trying to boot with wrong modules and possibly wrong settings, comparison can be done to <a href="https://openqa.suse.de/tests/13756869" class="external">https://openqa.suse.de/tests/13756869</a> which boots the same image successfully.</p>
openQA Tests - action #156661 (Workable): [security][15-SP6] audit_remote_libvirt fails due to "S...https://progress.opensuse.org/issues/1566612024-03-05T12:50:05Ztjyrinki_susetjyrinki+redmine@suse.de
<p>openQA test in scenario sle-15-SP6-Online-x86_64-cc_audit-remote-libvirt@64bit fails in<br>
<a href="https://openqa.suse.de/tests/13713040/modules/audit_remote_libvirt/steps/13" class="external">audit_remote_libvirt</a></p>
<p>This didn't happen here: <a href="https://openqa.suse.de/tests/12736098#step/audit_remote_libvirt/10" class="external">https://openqa.suse.de/tests/12736098#step/audit_remote_libvirt/10</a> where the fix from ticket <a class="issue tracker-4 status-3 priority-4 priority-default closed" title="action: [security][15-SP6] Update test audit_remote_libvirt for new libvirt behaviour (Resolved)" href="https://progress.opensuse.org/issues/137627">#137627</a> helped the test to finish with just one baseline test comparison failure.</p>
<a name="Acceptance-Criteria"></a>
<h2 >Acceptance Criteria<a href="#Acceptance-Criteria" class="wiki-anchor">¶</a></h2>
<ol>
<li>Make audit_remote_libvirt to pass on 15-SP6 (or, report product bug) without regressing on 15-SP5 (see ticket <a class="issue tracker-4 status-4 priority-4 priority-default" title="action: [security][QU] audit_remote_libvirt fails in 15-SP5 due to new libvirt behavior (Feedback)" href="https://progress.opensuse.org/issues/156658">#156658</a> for its issue).</li>
</ol>
openQA Tests - action #155260 (Resolved): [security][15-SP6] test fails in audit2allow in 15-SP6https://progress.opensuse.org/issues/1552602024-02-09T13:00:08Ztjyrinki_susetjyrinki+redmine@suse.de
<p>openQA test in scenario sle-15-SP6-Online-x86_64-selinux@64bit fails in<br>
<a href="https://openqa.suse.de/tests/13458163/modules/audit2allow/steps/20" class="external">audit2allow</a></p>
<p>Fails since (at least) Build <a href="https://openqa.suse.de/tests/13086176" class="external">45.1</a></p>
<p>Last good: <a href="https://openqa.suse.de/tests/13004542" class="external">44.1</a> (or more recent)</p>
<p>Similar to otherwise unrelated ticket <a class="issue tracker-4 status-12 priority-4 priority-default" title="action: [security][15-SP6] logic of passphrase entering failed in autoyast_stig_remediation (Workable)" href="https://progress.opensuse.org/issues/155248">#155248</a>, this started in build 45.1. This time however older test commit does not help (<a href="https://openqa.suse.de/tests/13458163#comments" class="external">https://openqa.suse.de/tests/13458163#comments</a>), so is it maybe a product change or product bug, or something in our configuration?</p>
openQA Tests - action #155248 (Workable): [security][15-SP6] logic of passphrase entering failed ...https://progress.opensuse.org/issues/1552482024-02-09T10:42:00Ztjyrinki_susetjyrinki+redmine@suse.de
<p>openQA test in scenario sle-15-SP6-Online-x86_64-autoyast_stig_remediation@64bit fails in<br>
<a href="https://openqa.suse.de/tests/13457092/modules/first_boot/steps/3" class="external">first_boot</a></p>
<p>It started in Build <a href="https://openqa.suse.de/tests/13085395" class="external">45.1</a></p>
<p>While it was still working in <a href="https://openqa.suse.de/tests/13003729" class="external">44.1</a> - over there the "boot_encrypt" module entered the passphrase, while now in boot_encrypt module it's still showing the grub authentication and thein fails in first_boot </p>
<p>If looking at the videos, even on 45.1 it does enter the grub passphrase, but then maybe (possibly, not necessarily) due to ticket <a class="issue tracker-4 status-3 priority-4 priority-default closed child" title="action: [security][15-SP6] GRUB now passes through unlocking, test needs to be changed (Resolved)" href="https://progress.opensuse.org/issues/152455">#152455</a> expects that it would be enough, while in this stig case it does not seem the pass-through is working anymore? Not sure why though, the password is the same but maybe it's part of stig logic to not allow pass-through?</p>
<a name="Further-details"></a>
<h2 >Further details<a href="#Further-details" class="wiki-anchor">¶</a></h2>
<p>Always latest result in this scenario: <a href="https://openqa.suse.de/tests/latest?arch=x86_64&distri=sle&flavor=Online&machine=64bit&test=autoyast_stig_remediation&version=15-SP6" class="external">latest</a></p>
<p>Automatic re-runs indicate git commit f69e77d29d96cab7c9a3e18c5cd2cfb73f371ee4 (from the time 44.1 build was done) still works for this test suite (<a href="https://openqa.suse.de/tests/13457092#comments" class="external">https://openqa.suse.de/tests/13457092#comments</a>).</p>
openQA Tests - action #153045 (Workable): [security] seahorse_sshkey test module should not add e...https://progress.opensuse.org/issues/1530452024-01-03T08:15:20Ztjyrinki_susetjyrinki+redmine@suse.de
<p>Adding modules should not be needed in maintenance.</p>
<p><a href="https://github.com/os-autoinst/os-autoinst-distri-opensuse/blob/master/tests/x11/seahorse_sshkey.pm#L20" class="external">https://github.com/os-autoinst/os-autoinst-distri-opensuse/blob/master/tests/x11/seahorse_sshkey.pm#L20</a></p>
<p>It started failing because the we module stopped being supported for 15-SP4, but the module was anyway included already in the HDD image being used when the module was available, so the adding was never needed.</p>
openQA Tests - action #135401 (Closed): [security] fips pattern missing because basesystem reposi...https://progress.opensuse.org/issues/1354012023-09-08T09:02:40Ztjyrinki_susetjyrinki+redmine@suse.de
<p>openQA test in scenario sle-15-SP6-Online-x86_64-fips_env_stunnel_server@64bit fails in<br>
<a href="https://openqa.suse.de/tests/12036081/modules/fips_setup/steps/19" class="external">fips_setup</a></p>
<p>Fails since (at least) Build <a href="https://openqa.suse.de/tests/12036081" class="external">19.1</a> (current job)</p>
<p>Last good: <a href="https://openqa.suse.de/tests/11979771" class="external">16.1</a> (or more recent)</p>
<p>First thought to be a product problem, developer explained that <code><br>
as this you install with the Online medium, you need to enable the Basesystem Pool repository.</code></p>
<p>Comparing a <em>passing</em> run at <a href="https://openqa.suse.de/tests/11979771#settings" class="external">https://openqa.suse.de/tests/11979771#settings</a> to now <em>failing</em> run at <a href="https://openqa.suse.de/tests/12036081#settings" class="external">https://openqa.suse.de/tests/12036081#settings</a> , it seems the <em>failing</em> run is here where there are 50+ repository related settings that did not exist for the passing one.</p>
<p>Looking further back to 15-SP5 - <a href="https://openqa.suse.de/tests/11175701#settings" class="external">https://openqa.suse.de/tests/11175701#settings</a> - it seems the new case of having all of those settings would be the right way, but the question for this ticket is why it does not work?</p>
openQA Tests - action #135269 (Rejected): [security] test fails in system_preparehttps://progress.opensuse.org/issues/1352692023-09-06T18:08:00Ztjyrinki_susetjyrinki+redmine@suse.de
<p>openQA test in scenario sle-15-SP4-Server-DVD-Updates-s390x-mru-install-desktop-with-addons@s390x-kvm-sle12 fails in<br>
<a href="https://openqa.suse.de/tests/11970473/modules/system_prepare/steps/2" class="external">system_prepare</a></p>
<p>Fails since (at least) Build <a href="https://openqa.suse.de/tests/11970473" class="external">20230831-1</a> (current job)<br>
Last good: <a href="https://openqa.suse.de/tests/11942027" class="external">20230829-1</a> (or more recent)</p>
<p>Fails with "ssh: connect to host s390kvm082.suse.de port 22: No route to host".</p>
<p>Likely an infrastructure issue related to the moves, but should be seen if it can be workarounded or if something needs changing due to hardware moves.</p>
openQA Tests - action #134498 (Closed): [security][maintenance] test fails in openvpn_client some...https://progress.opensuse.org/issues/1344982023-08-22T13:46:01Ztjyrinki_susetjyrinki+redmine@suse.de
<p>openQA test in scenario sle-12-SP4-Server-DVD-Updates-x86_64-qam-openvpn-client@64bit fails in<br>
<a href="https://openqa.suse.de/tests/11896426/modules/openvpn_client/steps/29" class="external">openvpn_client</a></p>
<p>Last good: <a href="https://openqa.suse.de/tests/11888185" class="external">20230820-1</a> (or more recent)</p>
<p>It eg passed on 20230820, but only after a rerun, and failed on 20230821.</p>
openQA Project - action #127238 (New): It's not possible to remove own force_result comments, and...https://progress.opensuse.org/issues/1272382023-04-05T06:42:05Ztjyrinki_susetjyrinki+redmine@suse.de
<p>Here is an example:</p>
<p><a href="https://openqa.suse.de/tests/10848924#comments" class="external">https://openqa.suse.de/tests/10848924#comments</a></p>
<p>The soft-fail forcing was done erronously, and would be wanted to be removed. However, when trying to remove the comment Forbidden message is given to the person who made the comment (the person is also Administrator).</p>
<p>This ticket looks like opposite of ticket <a class="issue tracker-4 status-1 priority-3 priority-lowest" title="action: It's possible to delete force_result comments (New)" href="https://progress.opensuse.org/issues/107239">#107239</a>, so I'm not sure what to do. However, in the recent months it feels there has been more related changes - now these un-deletable comments are also carried over automatically to new runs, and those carried over comments are also undeletable. If this kind of comment would happen in maintenance tests and couldn't be corrected (without availability of someone who has more direct rights than even Administrator has), it could mean even accidentally giving green light to an erronous update if the correction would be delayed.</p>
qe-yam - action #91196 (Rejected): Add existing qe-yast Product QE tests to QEMhttps://progress.opensuse.org/issues/911962021-04-15T06:25:12Ztjyrinki_susetjyrinki+redmine@suse.de
<p>After comparing test coverage of SLE 15 SP2 and SP3 in opneQA I identified several tests that are exclusive to either pre-release or post-release testing and could be easily used to increase our coverage just by using what we already have.</p>
<p>It is possible that are some errors and some of the tests from the list are already being used. It is also just my opinion, therefor review from other colleagues is more then welcome.</p>
<p>These are the YaST tests that run only before release and could be used also after the release (product QE -> QEM)</p>
<p>tests/console/yast2_cmdline.pm<br>
tests/console/yast2_dns_server.pm<br>
tests/console/yast2_kdump.pm<br>
tests/console/yast2_lan_hostname.pm<br>
tests/console/yast2_ntpclient.pm<br>
tests/console/yast2_proxy.pm<br>
tests/console/yast2_rmt.pm<br>
tests/console/yast2_samba.pm<br>
tests/console/yast2_settings.pm<br>
tests/console/yast2_snapper_ncurses.pm<br>
tests/console/yast2_vnc.pm<br>
tests/network/wireguard.pm<br>
tests/security/yast2_apparmor/manually_add_profile.pm<br>
tests/security/yast2_apparmor/scan_audit_logs.pm<br>
tests/security/yast2_apparmor/settings_disable_enable_apparmor.pm<br>
tests/security/yast2_apparmor/settings_toggle_profile_mode.pm<br>
tests/security/yast2_users/add_users.pm</p>
qe-yam - action #91175 (Rejected): [qe-yast][qem] Add existing Product QE tests to QEMhttps://progress.opensuse.org/issues/911752021-04-15T06:11:54Ztjyrinki_susetjyrinki+redmine@suse.de
<p>After comparing test coverage of SLE 15 SP2 and SP3 in opneQA I identified several tests that are exclusive to either pre-release or post-release testing and could be easily used to increase our coverage just by using what we already have.</p>
<p>It is possible that are some errors and some of the tests from the list are already being used. It is also just my opinion, therefor review from other colleagues is more then welcome.</p>
<p>These are the YaST tests that run only before release and could be used also after the release (product QE -> QEM)</p>
<p>tests/console/vsftpd.pm<br>
tests/console/yast2_cmdline.pm<br>
tests/console/yast2_dns_server.pm<br>
tests/console/yast2_kdump.pm<br>
tests/console/yast2_lan_hostname.pm<br>
tests/console/yast2_ntpclient.pm<br>
tests/console/yast2_proxy.pm<br>
tests/console/yast2_rmt.pm<br>
tests/console/yast2_samba.pm<br>
tests/console/yast2_settings.pm<br>
tests/console/yast2_snapper_ncurses.pm<br>
tests/console/yast2_vnc.pm<br>
tests/security/yast2_apparmor/manually_add_profile.pm<br>
tests/security/yast2_apparmor/scan_audit_logs.pm<br>
tests/security/yast2_apparmor/settings_disable_enable_apparmor.pm<br>
tests/security/yast2_apparmor/settings_toggle_profile_mode.pm<br>
tests/security/yast2_users/add_users.pm</p>
qe-yam - action #91172 (Rejected): Add existing QEM YaST tests to Product QEhttps://progress.opensuse.org/issues/911722021-04-15T06:10:09Ztjyrinki_susetjyrinki+redmine@suse.de
<p>After comparing test coverage of SLE 15 SP2 and SP3 in opneQA I identified several tests that are exclusive to either pre-release or post-release testing and could be easily used to increase our coverage just by using what we already have.</p>
<p>It is possible that are some errors and some of the tests from the list are already being used. It is also just my opinion, therefor review from other colleagues is more then welcome.</p>
<p>These are the YaST tests that run only after release and could be used also before the release (QEM -> product QE)</p>
<p>tests/console/yast2_registration.pm<br>
tests/yast2_gui/yast2_instserver.pm<br>
tests/yast2_gui/yast2_keyboard.pm<br>
tests/yast2_gui/yast2_storage_ng.pm</p>
openSUSE admin - tickets #80354 (Rejected): ns3.opensuse.org reports wrong IP to meet.opensuse.orghttps://progress.opensuse.org/issues/803542020-11-25T09:58:45Ztjyrinki_susetjyrinki+redmine@suse.de
<p>The new meet.o.o server was put into place, and it's at 195.135.221.174. However, ns3.opensuse.org disagrees and reports 173, which breaks meet.o.o for everyone (unless using direct IP).</p>
<p>Meanwhile, ns2 and ns4 are also down, possibly something to look at as well and verify if they'll eventually agree on the IP of meet.o.o.</p>
<p>-Timo </p>
openQA Project - action #56789 (New): New needles from git repository not working with openqa-clo...https://progress.opensuse.org/issues/567892019-09-11T08:14:09Ztjyrinki_susetjyrinki+redmine@suse.de
<p>Use case:</p>
<p>To be able to test tests in production (openqa.opensuse.org or openqa.suse.de) before merging the needles and tests themselves, since results have proven to vary on those loaded machines compared to local openQA instance or VM.</p>
<p>It is currently working if there are no new needles involved, but this issue describes the problem with custom needles which would be theoretically supported by openqa-clone-custom-git-refspec but not working in practice.</p>
<p>Problem description:</p>
<p>First of all, documentation [1] says "Path to needles subdirectory to use, defaults to "needles" within PRODUCTDIR. Can be a git repository URL, comparable to CASEDIR", and CASEDIR states "for example <a href="mailto:git@github.com">git@github.com</a>:os-autoinst/os-autoinst-distri-opensuse.git#feature/test".</p>
<p>[1] <a href="https://github.com/os-autoinst/os-autoinst/blob/master/doc/backend_vars.asciidoc" class="external">https://github.com/os-autoinst/os-autoinst/blob/master/doc/backend_vars.asciidoc</a></p>
<p>However,</p>
<pre><code>openqa-clone-custom-git-refspec https://github.com/os-autoinst/os-autoinst-distri-opensuse/pull/8332 https://openqa.opensuse.org/tests/xxxxxxxx --apikey=XXX --apisecret=XXX NEEDLES_DIR=git@github.com:tjyrinki/os-autoinst-needles-opensuse.git#poo-12345
</code></pre>
<p>results in:</p>
<pre><code>Could not create directory '/var/lib/empty/.ssh'.
Host key verification failed.
fatal: Could not read from remote repository.
</code></pre>
<p>Using https instead (NEEDLES_DIR=<a href="https://github.com/tjyrinki/os-autoinst-needles-opensuse.git" class="external">https://github.com/tjyrinki/os-autoinst-needles-opensuse.git</a>) gets one further, but openQA complains about wrong needles location:</p>
<pre><code>init needles from /var/lib/openqa/pool/15/os-autoinst-needles-opensuse
Needle /var/lib/openqa/pool/15/os-autoinst-needles-opensuse/ssh-login-ok-20160813.json is not under project directory /var/lib/openqa/cache/xxx at /usr/lib/os-autoinst/needle.pm line 63.
</code></pre>
<p>Oliver Kurz suggested playing around with the PRODUCTDIR to try to workaround the forbidding use of (correctly checked out) needles dir which I did but it didn't get any better with trying to set that to eg pool/... directories, which also changes on every run.</p>