selftest: Add new 2-DC testenv for live schema upgrade

This adds a new 2-DC testenv that:
1. Provisions an AD DC with 2008R2 schema
2. Joins another AD DC with 2008R2 schema
3. Starts Samba
4. Performs a live schema upgrade on the PDC
Testenv targetting in tests.py files for this testenv required that we
extend the environment dependencies system to include optional post-startup
dependencies specified in ENV_DEPS_POST maps.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

4 files changed, 128 insertions, 0 deletions

diff --git a/selftest/target/README b/selftest/target/README
index 69d70217bdf..acdbb421d27 100644
--- a/selftest/target/README
+++ b/selftest/target/README
@@ -128,3 +128,10 @@ Used to test process limits on the standard model. It sets the number of
 allowed processes artificially low, to test that new connections are refused
 correctly.  Due to the limited number of connections accepted, it's not
 recommended to use this testenv for anything else.
+
+schemaupgrade_dc
+----------------
+This is a 2-DC testenv setup (schemaupgrade_dc and schemaupgrade_pair_dc).
+We provision the first DC, and join the second, using an older version of the
+schema (2008R2), then start-up Samba. Then, we run a schema upgrade (i.e.
+'samba-tool domain schemaupgrade') on the PDC.
diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm
index 6f28a017b17..38b38669dac 100644
--- a/selftest/target/Samba.pm
+++ b/selftest/target/Samba.pm
@@ -25,6 +25,9 @@ sub new($$$$$) {
 %Samba::ENV_DEPS = (%Samba3::ENV_DEPS, %Samba4::ENV_DEPS);
 our %ENV_DEPS;
 
+%Samba::ENV_DEPS_POST = (%Samba3::ENV_DEPS_POST, %Samba4::ENV_DEPS_POST);
+our %ENV_DEPS_POST;
+
 %Samba::ENV_TARGETS = (
 	(map { $_ => "Samba3" } keys %Samba3::ENV_DEPS),
 	(map { $_ => "Samba4" } keys %Samba4::ENV_DEPS),
@@ -59,6 +62,8 @@ sub setup_env($$$)
 		return $target->{vars}->{$envname};
 	}
 
+	$target->{vars}->{$envname} = "";
+
 	my @dep_vars;
 	foreach(@{$ENV_DEPS{$envname}}) {
 		my $vars = $self->setup_env($_, $path);
@@ -87,6 +92,13 @@ sub setup_env($$$)
 	$target->{vars}->{$envname} = $env;
 	$target->{vars}->{$envname}->{target} = $target;
 
+	foreach(@{$ENV_DEPS_POST{$envname}}) {
+		my $vars = $self->setup_env($_, $path);
+		if (not defined($vars)) {
+			return undef;
+		}
+	}
+
 	return $env;
 }
 
@@ -401,6 +413,7 @@ sub realm_to_ip_mappings
 		'backupdom.samba.example.com'     => 'backupfromdc',
 		'renamedom.samba.example.com'     => 'renamedc',
 		'labdom.samba.example.com'        => 'labdc',
+		'schema.samba.example.com'        => 'liveupgrade1dc',
 		'samba.example.com'               => 'localdc',
 	);
 
@@ -473,9 +486,13 @@ sub get_interface($)
 		customdc          => 45,
 		prockilldc        => 46,
 		proclimitdc       => 47,
+		liveupgrade1dc    => 48,
+		liveupgrade2dc    => 49,
 
 		rootdnsforwarder  => 64,
 
+		# Note: that you also need to update dns_hub.py when adding a new
+		# multi-DC testenv
 		# update lib/socket_wrapper/socket_wrapper.c
 		#  #define MAX_WRAPPED_INTERFACES 64
 		# if you wish to have more than 64 interfaces
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 647a3b50dfc..b8a734adbe8 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -187,6 +187,8 @@ sub check_env($$)
 	ad_member_idmap_ad  => ["ad_dc"],
 );
 
+%Samba3::ENV_DEPS_POST = ();
+
 sub setup_nt4_dc
 {
 	my ($self, $path) = @_;
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index bc5f885ddd5..7c1671d4007 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -2267,9 +2267,16 @@ sub check_env($$)
 	ad_dc_slowtests      => ["ad_dc_ntvfs"],
 	ad_dc_backup         => ["ad_dc"],
 
+	schemaupgrade_dc      => ["dns_hub"],
+	schemaupgrade_pair_dc => ["schemaupgrade_dc"],
+
 	none                 => [],
 );
 
+%Samba4::ENV_DEPS_POST = (
+	schemaupgrade_dc => ["schemaupgrade_pair_dc"],
+);
+
 sub return_alias_env
 {
 	my ($self, $path, $env) = @_;
@@ -2783,6 +2790,101 @@ sub setup_proclimitdc
 	return $env;
 }
 
+# Used to test a live upgrade of the schema on a 2 DC network.
+sub setup_schemaupgrade_dc
+{
+	my ($self, $path) = @_;
+
+	# provision the PDC using an older base schema
+	my $provision_args = ["--base-schema=2008_R2", "--backend-store=mdb"];
+
+	my $env = $self->provision_ad_dc($path, "liveupgrade1dc", "SCHEMADOMAIN",
+					 "schema.samba.example.com",
+					 "drs: max link sync = 2",
+					 $provision_args);
+	unless ($env) {
+		return undef;
+	}
+
+	if (not defined($self->check_or_start($env, "prefork"))) {
+	    return undef;
+	}
+
+	my $upn_array = ["$env->{REALM}.upn"];
+	my $spn_array = ["$env->{REALM}.spn"];
+
+	$self->setup_namespaces($env, $upn_array, $spn_array);
+
+	return $env;
+}
+
+# the second DC in the live schema upgrade pair
+sub setup_schemaupgrade_pair_dc
+{
+	# note: dcvars contains the env info for the dependent testenv ('schemaupgrade_dc')
+	my ($self, $prefix, $dcvars) = @_;
+	print "Preparing SCHEMA UPGRADE PAIR DC...\n";
+
+	my ($env, $ctx) = $self->prepare_dc_testenv($prefix, "liveupgrade2dc",
+						    $dcvars->{DOMAIN},
+						    $dcvars->{REALM},
+						    $dcvars->{PASSWORD},
+						    "");
+
+	my $samba_tool =  Samba::bindir_path($self, "samba-tool");
+	my $cmd_vars = "NSS_WRAPPER_HOSTS='$env->{NSS_WRAPPER_HOSTS}' ";
+	$cmd_vars .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
+	if (defined($env->{RESOLV_WRAPPER_CONF})) {
+		$cmd_vars .= "RESOLV_WRAPPER_CONF=\"$env->{RESOLV_WRAPPER_CONF}\" ";
+	} else {
+		$cmd_vars .= "RESOLV_WRAPPER_HOSTS=\"$env->{RESOLV_WRAPPER_HOSTS}\" ";
+	}
+	$cmd_vars .= "KRB5_CONFIG=\"$env->{KRB5_CONFIG}\" ";
+	$cmd_vars .= "KRB5CCNAME=\"$env->{KRB5_CCACHE}\" ";
+	$cmd_vars .= "RESOLV_CONF=\"$env->{RESOLV_CONF}\" ";
+
+	my $join_cmd = $cmd_vars;
+	$join_cmd .= "$samba_tool domain join $env->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}";
+	$join_cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD} ";
+	$join_cmd .= " --backend-store=mdb";
+
+	my $upgrade_cmd = $cmd_vars;
+	$upgrade_cmd .= "$samba_tool domain schemaupgrade $dcvars->{CONFIGURATION}";
+	$upgrade_cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}";
+
+	my $repl_cmd = $cmd_vars;
+	$repl_cmd .= "$samba_tool drs replicate $env->{SERVER} $dcvars->{SERVER}";
+        $repl_cmd .= " CN=Schema,CN=Configuration,DC=schema,DC=samba,DC=example,DC=com";
+	$repl_cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
+
+	unless (system($join_cmd) == 0) {
+		warn("Join failed\n$join_cmd");
+		return undef;
+	}
+
+	$env->{DC_SERVER} = $dcvars->{SERVER};
+	$env->{DC_SERVER_IP} = $dcvars->{SERVER_IP};
+	$env->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6};
+	$env->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
+
+	# start samba for the new DC
+	if (not defined($self->check_or_start($env, "standard"))) {
+	    return undef;
+	}
+
+	unless (system($upgrade_cmd) == 0) {
+		warn("Schema upgrade failed\n$upgrade_cmd");
+		return undef;
+	}
+
+	unless (system($repl_cmd) == 0) {
+		warn("Post-update schema replication failed\n$repl_cmd");
+		return undef;
+	}
+
+	return $env;
+}
+
 # Sets up a DC that's solely used to do a domain backup from. We then use the
 # backupfrom-DC to create the restore-DC - this proves that the backup/restore
 # process will create a Samba DC that will actually start up.