action #120390
closed[qe-core][functional]test fails in sssd_389ds_functional, the registry may not be ready before public beta
Added by zluo about 2 years ago. Updated about 2 years ago.
0%
Description
Observation¶
openQA test in scenario sle-15-SP5-Online-aarch64-extra_tests_textmode_phub@aarch64 fails in
sssd_389ds_functional
Test suite description¶
Maintainer: slindomansilla. Extra tests about CLI software in package hub
Reproducible¶
Fails since (at least) Build 15.2
Expected result¶
Last good: (unknown) (or more recent)
this is blocking further tests
Further details¶
Always latest result in this scenario: latest
Updated by rfan1 about 2 years ago
- Subject changed from [qe-core][functional] test fails in sssd_389ds_functional to [qe-core][security] test fails in sssd_389ds_functional, the registry may not be ready before public beta
- Status changed from New to Workable
- Assignee deleted (
rfan1)
The registry registry.suse.de/suse/sle-15-sp5/ga/publish/images/suse/sle15:15.5 will not be available until public beta phase, please
refer to :
https://suse.slack.com/archives/C02CSAZLAR4/p1669280564330029
https://suse.slack.com/archives/C02CSAZLAR4/p1669281763782389
So, we have alternative options right now:
- Skip the tests before public BETA phase [but how can we achieve this via setting?】
- use new registry for sle15sp5 test instead
registry.suse.de/suse/sle-15-sp5/ga/images/suse/sle15:15.5, however we may still need to disable repoSLE-BEIfor the container img before public beta phase.
Modify the Dockerfile as below:
RUN zypper rr SLE_BCI
RUN zypper --gpg-auto-import-keys ref -s
===============================================================
Before moving on forward, I would like to ping you to confirm if we can move the test to security job group as well. because for same test is running in security QEM job group https://openqa.suse.de/tests/10025788
Updated by tjyrinki_suse about 2 years ago
I think the non-FIPS variant is not security specific and could be run only in Functional or Core's maintenance job group.
We do not currently have a FIPS enabled run of it, but we have a ticket about it.
The history of this was if I remember correctly that QE Core planned to be creating such a test, but QE Security did it first even though they/us couldn't enable the FIPS variant of it - which is what they really needed - and which is still blocked by a bug.
Updated by tjyrinki_suse about 2 years ago
- Related to action #88473: [sle][security][sle15sp3] Implement "389ds + sssd" test in FIPS mode added
Updated by rfan1 about 2 years ago
- Subject changed from [qe-core][security] test fails in sssd_389ds_functional, the registry may not be ready before public beta to [qe-core][functional]test fails in sssd_389ds_functional, the registry may not be ready before public beta
- Status changed from Workable to In Progress
- Assignee set to rfan1
Updated by rfan1 about 2 years ago
tjyrinki_suse wrote:
I think the non-FIPS variant is not security specific and could be run only in Functional or Core's maintenance job group.
We do not currently have a FIPS enabled run of it, but we have a ticket about it.
The history of this was if I remember correctly that QE Core planned to be creating such a test, but QE Security did it first even though they/us couldn't enable the FIPS variant of it - which is what they really needed - and which is still blocked by a bug.
Thanks Timo,
Then I will keep the tests in functional job group.
Updated by szarate about 2 years ago
tjyrinki_suse wrote:
I think the non-FIPS variant is not security specific and could be run only in Functional or Core's maintenance job group.
We do not currently have a FIPS enabled run of it, but we have a ticket about it.
The history of this was if I remember correctly that QE Core planned to be creating such a test, but QE Security did it first even though they/us couldn't enable the FIPS variant of it - which is what they really needed - and which is still blocked by a bug.
Actually it was a feature request for us to test 389-sd and in the meantime we were having some unmantained sssd tests (https://progress.opensuse.org/issues/89479).
Timo, before unscheduling the tests from security team, do triple check that you also have sssd tests enabled too (with and without openssl/tls) as sssd is an important security component (afaik).
We can cover the functionality of ldap/389-ds without the sssd part
Updated by rfan1 about 2 years ago
Updated by tjyrinki_suse about 2 years ago
Correct, actually our 389-ds tests are already those newer sssd ones, we do have also older sssd tests, and you can cover the non-sssd testing of ldap/389-ds.
edit: to try to list them all:
QE Security runs these:
tls_389ds_server.pm
tls_389ds_sssd_client.pm
- ticket about enabling FIPS testing of those when possible
QE Migration runs these:
openldap_to_389ds.yaml
tls_389ds_sssd.yaml
QE Core has developed this:
sssd_389ds_functional.pm
(but not sure if it you continue to run it or not)
Updated by rfan1 about 2 years ago
- Status changed from In Progress to Feedback
Updated by szarate about 2 years ago
tjyrinki_suse wrote:
Correct, actually our 389-ds tests are already those newer sssd ones, we do have also older sssd tests, and you can cover the non-sssd testing of ldap/389-ds.
edit: to try to list them all:
QE Security runs these:
tls_389ds_server.pm
tls_389ds_sssd_client.pm
- ticket about enabling FIPS testing of those when possible
QE Migration runs these:
openldap_to_389ds.yaml
tls_389ds_sssd.yamlQE Core has developed this:
sssd_389ds_functional.pm
(but not sure if it you continue to run it or not)
We do for now, but I think we can drop it, as the functionality of SSD-389-ds is already covered, I'll follow up to test 389-ds specifically on another ticket.