From c19d190a2dc10dbc3264d07f2e1b19291a733192 Mon Sep 17 00:00:00 2001 From: Pierre Equoy Date: Wed, 23 Jun 2021 23:02:40 +0800 Subject: Wenshan: initial jobs, test plans and launcher This includes Active Directory related jobs that hopefully can be made generic and moved to the public Checkbox provider at some point for other projects. Also, the launcher is configured for my own home setup, since we are all stuck at home for the moment... :) --- units/wenshan/category.pxu | 7 + units/wenshan/jobs.pxu | 333 ++++++++++++++++++++++++++++++++++++++++++++ units/wenshan/test-plan.pxu | 46 ++++++ 3 files changed, 386 insertions(+) create mode 100644 units/wenshan/category.pxu create mode 100644 units/wenshan/jobs.pxu create mode 100644 units/wenshan/test-plan.pxu (limited to 'units') diff --git a/units/wenshan/category.pxu b/units/wenshan/category.pxu new file mode 100644 index 0000000..e4c0d64 --- /dev/null +++ b/units/wenshan/category.pxu @@ -0,0 +1,7 @@ +unit: category +id: wenshan +_name: Wenshan test cases + +unit: category +id: active-directory +_name: Active Directory related test cases diff --git a/units/wenshan/jobs.pxu b/units/wenshan/jobs.pxu new file mode 100644 index 0000000..add042e --- /dev/null +++ b/units/wenshan/jobs.pxu @@ -0,0 +1,333 @@ +id: active-directory/fqdn-check +category_id: active-directory +plugin: shell +_summary: Check Fully Qualified Domain Name +estimated_duration: 1s +environ: AD_DOMAIN +command: + hostname -f | grep ${AD_DOMAIN} + +id: active-directory/ntp-config-check +category_id: active-directory +plugin: user-interact +_summary: Check NTP Server Configuration +estimated_duration: 3m +environ: AD_SERVER +_purpose: + Set the NTP server and make sure time is properly synchronized with the + Windows server. +_steps: + 1. Edit the /etc/systemd/timesyncd.conf file to point to the NTP server, and + make sure the Root Distance value is high enough, e.g.: + [Time] + NTP=ad.wenshan.biz + RootDistanceMaxSec=15 + 2. Restart the time sync service: + systemctl restart systemd-timesyncd.service + 3. Start this test. +command: + timedatectl status + echo "" + timedatectl timesync-status + echo "" + if [ -z ${AD_SERVER} ]; then + echo "ERROR: Environment variable AD_SERVER not set." + exit 1 + fi + if timedatectl timesync-status | grep -i -q ${AD_SERVER}; then + echo "Device synchronized with ${AD_SERVER} NTP server." + else + echo "ERROR: Device not synchronized with ${AD_SERVER} NTP server." + exit 1 + fi + +id: active-directory/required-packages +category_id: active-directory +_summary: Check for packages required for Active Directory features +estimated_duration: 1s +flags: simple fail-on-resource +imports: from com.canonical.certification import package +requires: + package.name == 'adsys' + package.name == 'realmd' + package.name == 'sssd' +command: echo "Packages required for Active Directory features found." + +id: active-directory/realm-list +category_id: active-directory +plugin: shell +_summary: Check realm can be found +estimated_duration: 1s +environ: AD_DOMAIN +depends: active-directory/required-packages +command: + realm list --all + echo "" + if [ -z ${AD_DOMAIN} ]; then + echo "ERROR: Environment variable AD_DOMAIN not set." + exit 1 + fi + if realm list --all | grep -i -q ${AD_DOMAIN}; then + echo "${AD_DOMAIN} realm found." + else + echo "ERROR: ${AD_DOMAIN} realm not found." + exit 1 + fi + +id: active-directory/realm-join +category_id: active-directory +plugin: manual +depends: active-directory/realm-list +estimated_duration: 1m +_summary: Join a realm +_purpose: + Check that the device can join the Active Directory realm (e.g. ad.wenshan.biz). +_steps: + 1. Enter the command to join the realm: + $ sudo realm join + 2. Input the Active Directory Administrator password +_verification: + Check that the device joined the realm: + $ realm list + This should return information about the Active Directory realm. + +id: active-directory/sssd-config-check +category_id: active-directory +plugin: shell +_summary: Check SSSD configuration +estimated_duration: 1s +environ: AD_DOMAIN AD_SERVER +depends: active-directory/realm-join +user: root +command: + if grep -i "ad_domain.*${AD_DOMAIN}" /etc/sssd/sssd.conf; then + echo "ad_domain properly configured." + else + echo "ERROR: ad_domain not configured correctly in /etc/sssd/sssd.conf." + exit 1 + fi + if grep -i "ad_server.*${AD_SERVER}" /etc/sssd/sssd.conf; then + echo "ad_server properly configured." + else + echo "ERROR: ad_server not configured correctly in /etc/sssd/sssd.conf." + exit 1 + fi + +id: active-directory/realm-config-check +category_id: active-directory +plugin: shell +_summary: Check realm configuration +estimated_duration: 1s +environ: AD_DOMAIN +depends: active-directory/sssd-config-check +command: + realm list + echo "" + if realm list | grep -i -q "domain-name.*${AD_DOMAIN}"; then + echo "Realm domain-name found." + else + echo "ERROR: Realm domain-name not found." + exit 1 + fi + if realm list | grep -i -q "login-formats.*${AD_DOMAIN}"; then + echo "Realm login-formats properly configured." + else + echo "ERROR: Realm login-formats not configured correctly." + exit 1 + fi + if realm list | grep -i -q "configured: no"; then + echo "ERROR: Realm not configured." + exit 1 + else + echo "Realm correctly configured." + fi + +id: active-directory/ad-user-check +category_id: active-directory +plugin: shell +_summary: Check user from the Active Directory domain can be resolved +estimated_duration: 1s +environ: AD_DOMAIN AD_USER +depends: active-directory/realm-config-check +command: + if getent passwd ${AD_USER}@${AD_DOMAIN}; then + echo "User ${AD_USER} found." + else + echo "ERROR: User ${AD_USER} not found." + exit 1 + fi + +id: active-directory/pam-mkhomedir-check +category_id: active-directory +plugin: shell +_summary: Make sure home directories can be created automatically in the PAM configuration +estimated_duration: 5s +user: root +command: + # TODO: Until LP #1894135 is fixed, we need to call this command. + pam-auth-update --enable mkhomedir + if grep "session.*optional.*pam_mkhomedir.so" /etc/pam.d/common-session; then + echo "Option correctly activated." + else + echo "ERROR: pam_mkhomedir.so is absent from /etc/pam.d/common-session." + exit 1 + fi + +id: active-directory/ubiquity-activation +category_id: active-directory +plugin: manual +estimated_duration: 30m +_summary: Check that entering AD credentials at install time (ubiquity) works +_purpose: + Login using Active Directory credentials at install time should work. +_steps: + 1. Make sure you are connected on the same network as the Active Directory + server. + 2. During the installation, check "Use Active Directory". + 3. Use the credentials of your Active Directory test user (e.g. user1@wenshan.biz) +_verification: + The installation completes and you can log in using your Active Directory + credentials. + +id: active-directory/login-terminal +category_id: active-directory +plugin: manual +depends: active-directory/ad-user-check +estimated_duration: 3m +_summary: Check an Active Directory user can login (terminal) +_purpose: + Login in a terminal using Active Directory credentials time should work. +_steps: + 1. In a terminal, switch to super user, then enter the login command: + $ sudo -i + # login + 2. Enter the AD test user account (e.g. user1@wenshan.biz) + 3. Enter the password of your Active Directory test user (e.g. user1) +_verification: + Check that a home directory is created for user user1@wenshan.biz and user + can type commands on the device (ls, date, etc.). + +id: active-directory/login-gui +category_id: active-directory +plugin: manual +depends: active-directory/ad-user-check +estimated_duration: 3m +_summary: Check an Active Directory user can login (graphical user interface) +_purpose: + Login using the GUI using Active Directory credentials time should work. +_steps: + 1. Select “Log Out” or “Switch User…” from the Power Menu > "Power Off / Log Out" entry + 2. Select “Not listed?” + 3. Enter username (e.g. user1@wenshan.biz) + 4. Enter password and press Enter +_verification: + User can log in and access Ubuntu. + . + When finished, switch back to local user to continue testing. + +id: active-directory/password-policy +category_id: active-directory +plugin: manual +#depends: active-directory/login-terminal +estimated_duration: 5m +_summary: Check password policy from Active Directory server is enforced +_purpose: + Login using the GUI using Active Directory credentials time should work. +_steps: + A. On the Windows Server: + 1. Open "Group Policy Management" + 2. Right click on [AD Domain] > Group Policy Objects > Default Domain Policy + and select "Edit..." to open the Group Policy Management Editor + 3. In Computer Configuration > Policies > Windows Settings > Security Settings + > Account Policies > Password Policy, modify something (e.g. set "Minimum + password length" to a higher value) + 4. Open "Active Directory Users and Computers" + 5. Right click on an existing user (e.g. user1@wenshan.biz), select "Properties...", + and in "Account", check "User must change password at next login" + . + B. On the Ubuntu client (either graphically or in a terminal): + 1. Log in using the user credentials modified in Windows Server (e.g. user1@wenshan.biz) + 2. When prompted for a new password, try to type one that does not match the + requirements set in step A3 + 3. Use a password that matches the requirements set in step A3 +_verification: + 1. You should be prompted to choose a new password + 2. You should see an error message such as: + "Password change failed. Server message: Please make sure the password meets the complexity constraints." + 3. You should be able to set the new password + . + When finished, switch back to local user to continue testing. + +id: active-directory/offline-connection +category_id: active-directory +plugin: manual +estimated_duration: 3m +depends: active-directory/login-gui +_summary: Offline Connection (Credentials Caching) +_purpose: + Check a user can log back in even when device does not have access to the + Active Directory server. +_steps: + 1. Disconnect from the network where the AD server is located + 2. Select “Log Out” or “Switch User…” from the Power Menu > "Power Off / Log Out" entry + 3. Enter username (e.g. user1@wenshan.biz) + 4. Enter password and press Enter +_verification: + User can log in and access Ubuntu. + . + When finished, switch back to local user and connect back to the network to + continue testing. + +id: active-directory/gpo-computer-setting +category_id: active-directory +plugin: manual +estimated_duration: 6m +_summary: Modify a computer setting (login screen background) +_purpose: + Make sure setting or modifying a Computer Group Policy Object (GPO) in AD is + reflected in the Ubuntu client. +_steps: + On the Windows Server: + 1. Open the GPO Management Editor for the GPO your test user is associated to + 2. Select GDM background picture setting in "Computer Configuration > + Policies > Administrative Templates > Ubuntu > Login Screen > Interface > + Picture URI" + 3. Select "Enabled" to enable the modification of the Picture URI field + 4. Enter a valid absolute path to a .png image on the client machine, + e.g. /usr/share/backgrounds/ubuntu-default-greyscale-wallpaper.png + . + On the Ubuntu client: + 1. Refresh the GPO rule on the client by rebooting the machine or running + adsysctl update -m + (You may be prompted to enter your password to check if have enough privileges + to run the command) +_verification: + The new background is set and visible in the login screen (GDM). + +id: active-directory/gpo-user-setting +category_id: active-directory +plugin: manual +estimated_duration: 6m +_summary: Modify a user setting (list of favorite desktop apps) +_purpose: + Make sure setting a User Group Policy Object (GPO) in AD is reflected in + Ubuntu client. +_steps: + On the Windows Server: + 1. Open the GPO Management Editor for the GPO your test user is associated to + 2. Select list of favorite desktop applications setting in "User Configuration > + Policies > Administrative Templates > Ubuntu > Desktop > Shell > + List of desktop file IDs for favorite applications" + 3. Enter a list of valid .desktop file IDs, one per line, like the following: + libreoffice-writer.desktop + snap-store_ubuntu-software.desktop + yelp.desktop + . + On the Ubuntu client: + 1. Refresh the GPO rule applied to the user by logging in or running + `adsysctl update` as your current user or `adsysctl update --all` to refresh + the computer and all active users. +_verification: + The list of applications showing up on the left side for your current Active + Directory user should be updated. + diff --git a/units/wenshan/test-plan.pxu b/units/wenshan/test-plan.pxu new file mode 100644 index 0000000..6678f47 --- /dev/null +++ b/units/wenshan/test-plan.pxu @@ -0,0 +1,46 @@ +id: wenshan-full-focal +_name: Wenshan 20.04 Full Test +unit: test plan +_description: Wenshan 20.04 Full Test Plan +include: +nested_part: + active-directory-full + oem-generic-full-20-04 + +id: active-directory-full +_name: Active Directory Test Plan (Automated + Manual) +unit: test plan +_description: Active Directory Test Plan (Automated + Manual) +include: +nested_part: + active-directory-automated + active-directory-manual + +id: active-directory-automated +_name: Active Directory Test Plan (Automated) +unit: test plan +_description: Active Directory Test Plan (Automated) +include: + active-directory/fqdn-check + active-directory/required-packages + active-directory/realm-list + active-directory/sssd-config-check + active-directory/realm-config-check + active-directory/ad-user-check + active-directory/pam-mkhomedir-check + +id: active-directory-manual +_name: Active Directory Test Plan (Manual) +unit: test plan +_description: Active Directory Test Plan (Manual) +include: + active-directory/ntp-config-check + active-directory/realm-join + active-directory/ubiquity-activation + active-directory/login-terminal + active-directory/login-gui + active-directory/password-policy + active-directory/offline-connection + active-directory/gpo-computer-setting + active-directory/gpo-user-setting + -- cgit v1.2.3