Skip to content

Setup virtual environment for testing SSSD against LDAP, IPA and Active Directory servers.

Notifications You must be signed in to change notification settings

ChrisKowalczyk/sssd-test-suite

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Virtual Test Suite for SSSD

Virtual Test Suite for SSSD is a set of Vagrant and Ansible scripts that will automatically setup and provision several virtual machines that you can use to test SSSD.

It creates an out of the box working virtual environment with 389 Directory Server, IPA and Active Directory servers. It also creates an SSSD client machine enrolled to those servers, ready to build and debug your code.

Virtual Environment

Vagrant name IP FQDN Description
ipa 192.168.100.10 master.ipa.vm IPA and main DNS server for zones 'vm' and network reverse zone
ldap 192.168.100.20 master.ldap.vm TLS ready 389 Directory Server
client 192.168.100.30 master.client.vm Client machine with configured SSSD
ad 192.168.100.110 root.ad.vm Active Directory Forest root domain
ad-child 192.168.100.120 child.sub.ad.vm Active Directory child domain

Notes on the environment

  • IPA machine also include a DNS server which is used by the client and AD machines, therefore it should be always up.

  • The DNS server is also reachable from your host machine so you can access IPA web-ui directly from your browser at master.ipa.vm. You can import CA certificate from shared-enrollment/ipa/ca.crt

  • Client machine has also some debug-info installed so you can debug SSSD better.

  • AD servers must run two different types of Windows Server since available boxes use fixed machine SID and Active Directory requires different SID for each domain controller.

  • There are two shared folders between Linux guests and host machine:

    • ./shared-enrollment => /shared/enrollment/ -- enrollment data such as certificates and keytabs are stored in this directory.
    • ./shared-data => /shared/data/ -- custom data to share.
  • Additionally, you can mount more folders by defining SSSD_TEST_SUITE_MOUNT environment variable with the following format: host_path:guest_path host_path:guest_path .... For example:

export SSSD_TEST_SUITE_MOUNT=""

SSSD_TEST_SUITE_MOUNT+=" $MY_WORKSPACE:/shared/workspace"
SSSD_TEST_SUITE_MOUNT+=" $MY_USER_HOME/packages:/shared/packages"
  • You can also define SSSD_TEST_SUITE_BASHRC. If this variable is set the file that it points to is automatically sourced from guest .bashrc. For example:
export SSSD_TEST_SUITE_BASHRC="/shared/workspace/my-scripts/vagrant-bashrc.sh"

User Accounts

Machine Username Password Description
Any machine vagrant vagrant Local user
client root vagrant Local user
ad Administrator@ad.vm vagrant Domain user
ad-child Administrator@sub.ad.vm vagrant Domain user
client user-1 123456789 LDAP domain user
client or ipa admin 123456789 IPA domain user

Installation

Prerequisites

This guide is written for Fedora systems. It may require different packages or package tool on other Linux distributions.

Needed resources:

  • Approximately 5.5 GiB of operating memory
  • Approximately 47 GiB of disk space
  1. Install Ansible
# dnf install -y       \
    ansible            \
    libselinux-python  \
    python-dnf         \
    python2-winrm      \
    python3-winrm
  1. Install latest Vagrant (at least 2.0 is needed)
# dnf remove vagrant
# dnf install -y https://releases.hashicorp.com/vagrant/2.0.0/vagrant_2.0.0_x86_64.rpm
  1. Install packages needed for Vagrant's libvirt plugin
# dnf install -y         \
    qemu-kvm               \
    libvirt-daemon-kvm     \
    libvirt-devel          \
    ruby-devel             \
    rubygem-ruby-libvirt
  1. Install libvirt plugin for Vagrant
$ vagrant plugin install vagrant-libvirt
  1. Install winrm plugin for Vagrant
$ vagrant plugin install winrm
$ vagrant plugin install winrm-fs
$ vagrant plugin install winrm-elevated

Preparing machines

Since Vagrant ansible plugin is not yet well suited for a multi-machine provisioning, it needs to be done by a custom shell script instead of vagrant native provisioning tools.

Simply call ./setup.sh and it will prepare your host machine to use internal DNS server (only for zones managed by the server). It will also include polkit rule for libvirt so it does not require root password each time vagrant is used. And at last, it will setup your firewall to allow required services for NFS.

$ ./setup.sh

Note: The provisioning will take a long time (approximately one hour) so be patient.

$ ./setup.sh suse false

Suse means that the boxes will be based on SUSE distributions. False means that the provisioning of Host machine will be skipped , so it will not be configured as DNS server.

Usage

Now you are ready to use Vagrant tool to operate on these machines. For example:

# SSH to IPA server
vagrant ssh ipa

#  RDP into AD server
vagrant rdp ad -- -g 1800x960

# Halt Windows machines to save resources
vagrant halt ad
vagrant halt ad-child

# Restore Windows machines when needed
vagrant up ad
vagrant up ad-child

About

Setup virtual environment for testing SSSD against LDAP, IPA and Active Directory servers.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Shell 98.6%
  • Vim Script 1.4%