Overview#
Travis CI is a hosted, distributed continuous integration service used to build and test software projects hosted at GitHub.
The Travis CI project for Dogtag PKI is located at https://travis-ci.org/dogtagpki/pki.
The Travis CI currently does the following jobs:
Build the dogtag rpms
Run CA tests
Run KRA tests
Upgrade FreeIPA-4-5 with new dogtag version
Run Cert Related test for IPA
Architecture#
Following picture gives an overall idea of how Travis CI is currently functioning to do a smoke test with FreeIPA.
There are 2 jobs that kick off simultaneously:
For building and running dogtag unit test cases.
For building dogtag rpms and running smoke test with FreeIPA.
Test Procedure#
PKI Test Procedure#
Note: Before you start, you need to set these variables:
CONTAINER=pkitest
SCRIPTDIR=<path to cloned pki directory>/.travis
RPMS_LOCATION=<path to ../cloned pki directory>/packages/RPMS # The packages folder is present one level above pki directory
The detailed steps in container #1 include:
Pull the Docker image from f25_104 Build:
$ docker pull dogtagpki/pki-ci:f25_104
Run the docker container from the image pulled:
$ sudo docker run \
--detach \
--name=${CONTAINER} \
--hostname='pki.test' \
--privileged \
--tmpfs /tmp \
--tmpfs /run \
-v /sys/fs/cgroup:/sys/fs/cgroup:ro \
-v $(pwd):/tmp/workdir/pki \
-e BUILDUSER_UID=$(id -u) \
-e BUILDUSER_GID=$(id -g) \
-ti \
dogtagpki/pki-ci:f25_104
Clone the Github repo:
$ git clone https://github.com/dogtagpki/pki.git
Initialize build environment using the init script
$ docker exec -ti ${CONTAINER} ${SCRIPTDIR}/00-init
Build RPMs from the cloned repo using compose script
$ docker exec -ti ${CONTAINER} ${SCRIPTDIR}/10-compose-rpms
Copy the built rpms to a temp directory which we will be using in Container #2 (Occurs only in Job #2)
$ mkdir -p dogtag_rpms
$ docker cp ${CONTAINER}:${RPMS_LOCATION}/. ${DOGTAG_PKI_RPMS}
The following steps occur only in Job #1:
Install RPMs from previous step using install script
$ docker exec -ti ${CONTAINER} ${SCRIPTDIR}/20-install-rpms
Setup Directory Server (DS) using setupDS script
$ docker exec -ti ${CONTAINER} ${SCRIPTDIR}/30-setup-389ds
$ docker exec -ti ${CONTAINER} ${SCRIPTDIR}/40-spawn-ca
$ docker exec -ti ${CONTAINER} ${SCRIPTDIR}/50-spawn-kra
Destroy all dogtag components using destroy script
$ docker exec -ti ${CONTAINER} ${SCRIPTDIR}/99-destroy
Once all these steps are successful, .travis_run_ipa_task.sh is triggered.
$ ./.travis_run_ipa_task.sh
‘’’Note: ‘’’ The travis_wait command is being used as the logs produced for each step in executing this script isn’t necessary. In case of failure, the logs are uploaded to transfer.sh (More about logging)
IPA Test Procedure#
The container #2 kicks in when .travis_run_ipa_task.sh is run. The detailed steps in container #2 include:
Pull the Docker image from dogtag-freeipa-integration
$ docker pull dogtagpki/dogtag-freeipa-ci-containers:f25_ipa_4-5
Run the ipa-docker-test-runner tool and supply the config (.test_runner_config.yaml), the location of the repo ($TRAVIS_BUILD_DIR), temp file name to log (optional) and image downloaded from previous step as arguments
$ ipa-docker-test-runner -c .test_runner_config.yaml \
--developer-mode \
--container-image dogtagpki/dogtag-freeipa-ci-containers:f25_ipa_4-5 \
--git-repo <path to cloned pki directory> \
run-tests <cert related test names> # Check below for the list of tests being specified
Following steps are specified inside the config file:
Install latest dogtag rpms built in Container #1
# find /freeipa/dogtag_rpms/ -name '*.rpm' -and -not -name '*debuginfo*' \
| xargs dnf install -y --best --allowerasing
‘’Note: ‘’ Here /freeipa is a mount point that is specified in the docker image. dogtag_rpms refers to the folder that you created and copied the RPMs that you built in Container #1. The location of the pki directory you specified using –git-repo will contain the dogtag_rpms folder.
Install IPA server and setup DNS and KRA
# ipa-server-install -U --domain ipa.test --realm IPA.TEST -p Secret.123 \
-a Secret.123 --setup-dns --setup-kra --auto-forwarders
Run cert related tests using ipa-run-tests
# ipa-run-tests <cert related tests> # Look below for the names of different cert related tests
Once everything succeeds, uninstall all elements and delete the container
# ipa-server-install --uninstall -U
In case of failure, the logs are uploaded to transfer.sh (More about logging)
Configuration#
The Travis CI configuration is stored in .travis.yml.
Dogtag scripts are stored in .travis folder.
FreeIPA related script is stored in .travis_run_ipa_task.sh
FreeIPA test configuration is stored in .test_runner_config.yaml
Docker image for Container #2 is obtained from DockerImage with tag f25_ipa_4-5
Logging#
The logs of both containers are transferred to transfer.sh under the names “dogtag_build_logs.txt” and “freeipa-integration.txt”. The link to these files can be obtained from Travis build log of particular build (only if the build fails).
Test Containers#
The Dockerfiles for the PKI Test Container and IPA Test Container are in the pki-ci.
The corresponding container images are hosted on Docker Hub. The project is set up as automated builds. New images are build whenever a change is pushed to the GitHub repository. A manual build can be triggered, too. Ideally images should be rebuild every couple of weeks.
All test containers are set up as systemd containers with all build dependencies pre-installed. Although this makes the containers rather large, it also speeds up each test run a lot.
PKI Test Container#
The Dockerimage runs dnf update and has the following things installed and configured:
Base Dependencies#
dnf-plugins-core
make python3-tox
python3-pyldap
rpm-build
sudo
389-ds-base
systemd
Dogtag PKI Build Dependencies#
pki-core
slf4j
python2-cryptography
python3-cryptography
Volumes Mounted#
/sys/fs/cgroup
/tmp
/run
IPA Test Container#
The Dockerimage runs dnf update and has the following things installed and configured:
Dependencies#
python-srpm-macros
@buildsys-build
@development-tools
Volumes Mounted#
/freeipa
/run
/tmp