Beispiel #1
0
def reduce_metrics_collection_threshold(appliance):
    f_name = scripts_path.join(
        'openshift/change_metrics_collection_threshold.rb').strpath
    appliance.ssh_client.put_file(f_name, "/var/www/miq/vmdb")
    appliance.ssh_client.run_rails_command(
        "change_metrics_collection_threshold.rb {threshold}.minutes".format(
            threshold=SET_METRICS_CAPTURE_THRESHOLD_IN_MINUTES))
def reduce_metrics_collection_threshold(appliance):
    f_name = scripts_path.join('openshift/change_metrics_collection_threshold.rb').strpath
    appliance.ssh_client.put_file(f_name,
                                  "/var/www/miq/vmdb")
    appliance.ssh_client.run_rails_command(
        "change_metrics_collection_threshold.rb {threshold}.minutes".format(
            threshold=SET_METRICS_CAPTURE_THRESHOLD_IN_MINUTES))
def main():
    parser = argparse.ArgumentParser(epilog=__doc__,
                                     formatter_class=argparse.RawDescriptionHelpFormatter)
    parser.add_argument('hostname', nargs='?', default=None,
                        help='hostname or ip address of target appliance')
    parser.add_argument('username', nargs='?', default=credentials['ssh']['username'],
                        help='SSH username for target appliance')
    parser.add_argument('password', nargs='?', default=credentials['ssh']['password'],
                        help='SSH password for target appliance')
    parser.add_argument('-q', '--quiet', action='store_true', default=False,
                        help='Do not print output of SSH commnads')

    args = parser.parse_args()

    ssh_kwargs = {
        'username': args.username,
        'password': args.password
    }
    if args.hostname is not None:
        ssh_kwargs['hostname'] = args.hostname
        appliance = IPAppliance(args.hostname)
        if appliance.version < '5.9':
            # Running evm:db:reset on CFME 5.8 sometimes leaves it in a state
            # where it is unable to start again
            print('EXITING: This script does not work reliably for CFME 5.8')
            return 1

    with SSHClient(stream_output=not args.quiet, **ssh_kwargs) as ssh_client:
        # Graceful stop is done here even though it is slower than killing ruby processes.
        # Problem with killing ruby is that evm_watchdog gets spawned right after being killed
        # and then prevents you from destroying the DB.
        # Graceful stop makes sure there are no active connections to the DB left.
        print('Stopping evmserverd...')
        ssh_client.run_command('systemctl stop evmserverd')

        @wait_for_decorator(num_sec=60, delay=5)
        def check_no_db_connections():
            psql_cmd = '/opt/rh/rh-postgresql95/root/usr/bin/psql'
            query = 'SELECT numbackends FROM pg_stat_database WHERE datname = \'vmdb_production\''
            db = 'postgres'
            response = ssh_client.run_command('{} -c "{}" -d "{}" -t'.format(psql_cmd, query, db))
            db_connections = int(response.output.strip())
            return db_connections == 0

        ssh_client.run_rake_command('evm:db:reset', disable_db_check=True)
        ssh_client.run_command('systemctl start evmserverd')

        # SSHClient has the smarts to get our hostname if none was provided
        # Soon, utils.appliance.Appliance will be able to do all of this
        # and this will be made good
        hostname = ssh_client._connect_kwargs['hostname']

    print('Waiting for appliance UI...')
    args = [scripts_path.join('wait_for_appliance_ui.py').strpath, 'http://{}'.format(hostname)]
    return subprocess.call(args)
Beispiel #4
0
    def scap_failures(self):
        """Return applied scap rules failure list."""
        rules_failures = []

        self.appliance.ssh_client.put_file(scripts_path.join('scap.rb'),
                                           '/tmp/scap.rb')

        if self.appliance.version >= "5.8":
            rules = '/var/www/miq/vmdb/productization/appliance_console/config/scap_rules.yml'
        else:
            rules = '/var/www/miq/vmdb/gems/pending/appliance_console/config/scap_rules.yml'

        ssg_path = VersionPicker({
            Version.lowest():
            "/usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml",
            '5.11':
            "/usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml"
        }).pick(self.appliance.version)

        assert self.appliance.ssh_client.run_command(
            'gem install optimist').success
        assert self.appliance.ssh_client.run_command(
            f'cd /tmp/ && ruby scap.rb --rulesfile={rules} --ssg-path={ssg_path}'
        )
        self.appliance.ssh_client.get_file('/tmp/scap-results.xccdf.xml',
                                           '/tmp/scap-results.xccdf.xml')
        self.appliance.ssh_client.get_file(
            f'{rules}', '/tmp/scap_rules.yml')  # Get the scap rules

        with open('/tmp/scap_rules.yml') as f:
            yml = yaml.safe_load(f.read())
            rules = yml['rules']

        tree = lxml.etree.parse('/tmp/scap-results.xccdf.xml')
        root = tree.getroot()
        for rule in rules:
            elements = root.findall(
                f'.//{{http://checklists.nist.gov/xccdf/1.1}}rule-result[@idref="{rule}"]'
            )
            if elements:
                result = elements[0].findall(
                    './{http://checklists.nist.gov/xccdf/1.1}result')
                if result:
                    if result[0].text != 'pass':
                        rules_failures.append(rule)
                    logger.info("{}: {}".format(rule, result[0].text))
                else:
                    logger.info(f"{rule}: no result")
            else:
                logger.info(f"{rule}: rule not found")
        return rules_failures
def main():
    parser = argparse.ArgumentParser(
        epilog=__doc__, formatter_class=argparse.RawDescriptionHelpFormatter)
    parser.add_argument('hostname',
                        nargs='?',
                        default=None,
                        help='hostname or ip address of target appliance')
    parser.add_argument('username',
                        nargs='?',
                        default=credentials['ssh']['username'],
                        help='SSH username for target appliance')
    parser.add_argument('password',
                        nargs='?',
                        default=credentials['ssh']['password'],
                        help='SSH password for target appliance')

    args = parser.parse_args()

    ssh_kwargs = {'username': args.username, 'password': args.password}
    if args.hostname is not None:
        ssh_kwargs['hostname'] = args.hostname

    with SSHClient(stream_output=True, **ssh_kwargs) as ssh_client:
        # Graceful stop is done here even though it is slower than killing ruby processes.
        # Problem with killing ruby is that evm_watchdog gets spawned right after being killed
        # and then prevents you from destroying the DB.
        # Graceful stop makes sure there are no active connections to the DB left.
        print('Stopping evmserverd...')
        ssh_client.run_command('systemctl stop evmserverd')
        ssh_client.run_rake_command('evm:db:reset', disable_db_check=True)
        ssh_client.run_command('systemctl start evmserverd')

        # SSHClient has the smarts to get our hostname if none was provided
        # Soon, utils.appliance.Appliance will be able to do all of this
        # and this will be made good
        hostname = ssh_client._connect_kwargs['hostname']

    print('Waiting for appliance UI...')
    args = [
        scripts_path.join('wait_for_appliance_ui.py').strpath,
        'http://{}'.format(hostname)
    ]
    return subprocess.call(args)
Beispiel #6
0
def main():
    parser = argparse.ArgumentParser(
        epilog=__doc__, formatter_class=argparse.RawDescriptionHelpFormatter)
    parser.add_argument('hostname',
                        nargs='?',
                        default=None,
                        help='hostname or ip address of target appliance')
    parser.add_argument('username',
                        nargs='?',
                        default=credentials['ssh']['username'],
                        help='SSH username for target appliance')
    parser.add_argument('password',
                        nargs='?',
                        default=credentials['ssh']['password'],
                        help='SSH password for target appliance')

    args = parser.parse_args()

    ssh_kwargs = {'username': args.username, 'password': args.password}
    if args.hostname is not None:
        ssh_kwargs['hostname'] = args.hostname

    with SSHClient(stream_output=True, **ssh_kwargs) as ssh_client:

        # `systemctl stop evmserverd` is a little slow, and we're destroying the
        # db, so rudely killing ruby speeds things up significantly
        print('Stopping ruby processes...')
        ssh_client.run_command('killall ruby')
        ssh_client.run_rake_command('evm:db:reset')
        ssh_client.run_command('systemctl start evmserverd')

        # SSHClient has the smarts to get our hostname if none was provided
        # Soon, utils.appliance.Appliance will be able to do all of this
        # and this will be made good
        hostname = ssh_client._connect_kwargs['hostname']

    print('Waiting for appliance UI...')
    args = [
        scripts_path.join('wait_for_appliance_ui.py').strpath,
        'http://{}'.format(hostname)
    ]
    return subprocess.call(args)
Beispiel #7
0
def main():
    parser = argparse.ArgumentParser(epilog=__doc__,
                                     formatter_class=argparse.RawDescriptionHelpFormatter)
    parser.add_argument('hostname', nargs='?', default=None,
                        help='hostname or ip address of target appliance')
    parser.add_argument('username', nargs='?', default=credentials['ssh']['username'],
                        help='SSH username for target appliance')
    parser.add_argument('password', nargs='?', default=credentials['ssh']['password'],
                        help='SSH password for target appliance')

    args = parser.parse_args()

    ssh_kwargs = {
        'username': args.username,
        'password': args.password
    }
    if args.hostname is not None:
        ssh_kwargs['hostname'] = args.hostname

    with SSHClient(stream_output=True, **ssh_kwargs) as ssh_client:

        # `systemctl stop evmserverd` is a little slow, and we're destroying the
        # db, so rudely killing ruby speeds things up significantly
        print('Stopping ruby processes...')
        ssh_client.run_command('killall ruby')
        ssh_client.run_rake_command('evm:db:reset')
        ssh_client.run_command('systemctl start evmserverd')

        # SSHClient has the smarts to get our hostname if none was provided
        # Soon, utils.appliance.Appliance will be able to do all of this
        # and this will be made good
        hostname = ssh_client._connect_kwargs['hostname']

    print('Waiting for appliance UI...')
    args = [scripts_path.join('wait_for_appliance_ui.py').strpath, 'http://{}'.format(hostname)]
    return subprocess.call(args)
Beispiel #8
0
def smtp_test(request, appliance):
    """Fixture, which prepares the appliance for e-mail capturing tests

    Returns: :py:class:`util.smtp_collector_client.SMTPCollectorClient` instance.
    """
    logger.info("Preparing start for e-mail collector")
    ports = env.get("mail_collector", {}).get("ports", {})
    mail_server_port = ports.get("smtp", False) or os.getenv(
        'SMTP', False) or random_port()
    mail_query_port = ports.get("json", False) or os.getenv(
        'JSON', False) or random_port()
    my_ip = my_ip_address()
    logger.info("Mind that it needs ports %s and %s open", mail_query_port,
                mail_server_port)
    appliance.server.settings.update_smtp_server({
        'host': my_ip,
        'port': str(mail_server_port),
        'auth': "none"
    })
    server_filename = scripts_path.join('smtp_collector.py').strpath
    server_command = server_filename + " --smtp-port {} --query-port {}".format(
        mail_server_port, mail_query_port)
    logger.info("Starting mail collector %s", server_command)
    collector = None

    def _finalize():
        if collector is None:
            return
        logger.info("Sending KeyboardInterrupt to collector")
        try:
            collector.send_signal(signal.SIGINT)
        except OSError as e:
            # TODO: Better logging.
            logger.exception(e)
            logger.error("Something happened to the e-mail collector!")
            return
        time.sleep(2)
        if collector.poll() is None:
            logger.info("Sending SIGTERM to collector")
            collector.send_signal(signal.SIGTERM)
            time.sleep(5)
            if collector.poll() is None:
                logger.info("Sending SIGKILL to collector")
                collector.send_signal(signal.SIGKILL)
        collector.wait()
        logger.info("Collector finished")
        logger.info("Cleaning up smtp setup in CFME")

    collector = subprocess.Popen(server_command, shell=True)
    request.addfinalizer(_finalize)
    logger.info("Collector pid %s", collector.pid)
    logger.info("Waiting for collector to become alive.")
    time.sleep(3)
    assert collector.poll(
    ) is None, "Collector has died. Something must be blocking selected ports"
    logger.info("Collector alive")
    query_port_open = net_check_remote(mail_query_port, my_ip, force=True)
    server_port_open = net_check_remote(mail_server_port, my_ip, force=True)
    assert query_port_open and server_port_open,\
        'Ports {} and {} on the machine executing the tests are closed.\n'\
        'The ports are randomly chosen -> turn firewall off.'\
        .format(mail_query_port, mail_server_port)
    client = SMTPCollectorClient(my_ip, mail_query_port)
    client.set_test_name(request.node.name)
    client.clear_database()
    return client
Beispiel #9
0
def main():
    parser = argparse.ArgumentParser(
        epilog=__doc__, formatter_class=argparse.RawDescriptionHelpFormatter)
    parser.add_argument('hostname',
                        nargs='?',
                        default=None,
                        help='hostname or ip address of target appliance')
    parser.add_argument('username',
                        nargs='?',
                        default=credentials['ssh']['username'],
                        help='SSH username for target appliance')
    parser.add_argument('password',
                        nargs='?',
                        default=credentials['ssh']['password'],
                        help='SSH password for target appliance')
    parser.add_argument('-q',
                        '--quiet',
                        action='store_true',
                        default=False,
                        help='Do not print output of SSH commnads')

    args = parser.parse_args()

    ssh_kwargs = {'username': args.username, 'password': args.password}
    if args.hostname is not None:
        ssh_kwargs['hostname'] = args.hostname
        appliance = IPAppliance(args.hostname)
        if appliance.version < '5.9':
            # Running evm:db:reset on CFME 5.8 sometimes leaves it in a state
            # where it is unable to start again
            print('EXITING: This script does not work reliably for CFME 5.8')
            return 1

    with SSHClient(stream_output=not args.quiet, **ssh_kwargs) as ssh_client:
        # Graceful stop is done here even though it is slower than killing ruby processes.
        # Problem with killing ruby is that evm_watchdog gets spawned right after being killed
        # and then prevents you from destroying the DB.
        # Graceful stop makes sure there are no active connections to the DB left.
        print('Stopping evmserverd...')
        ssh_client.run_command('systemctl stop evmserverd')

        @wait_for_decorator(num_sec=60, delay=5)
        def check_no_db_connections():
            psql_cmd = '/opt/rh/rh-postgresql95/root/usr/bin/psql'
            query = 'SELECT numbackends FROM pg_stat_database WHERE datname = \'vmdb_production\''
            db = 'postgres'
            response = ssh_client.run_command(
                f'{psql_cmd} -c "{query}" -d "{db}" -t')
            db_connections = int(response.output.strip())
            return db_connections == 0

        ssh_client.run_rake_command(
            'evm:db:reset',
            rake_cmd_prefix='DISABLE_DATABASE_ENVIRONMENT_CHECK=1')
        ssh_client.run_command('systemctl start evmserverd')

        # SSHClient has the smarts to get our hostname if none was provided
        # Soon, utils.appliance.Appliance will be able to do all of this
        # and this will be made good
        hostname = ssh_client._connect_kwargs['hostname']

    print('Waiting for appliance UI...')
    args = [
        scripts_path.join('wait_for_appliance_ui.py').strpath,
        f'http://{hostname}'
    ]
    return subprocess.call(args)
Beispiel #10
0
def smtp_test(request, appliance):
    """Fixture, which prepares the appliance for e-mail capturing tests

    Returns: :py:class:`util.smtp_collector_client.SMTPCollectorClient` instance.
    """
    logger.info("Preparing start for e-mail collector")
    ports = env.get("mail_collector", {}).get("ports", {})
    mail_server_port = ports.get("smtp", False) or os.getenv('SMTP', False) or random_port()
    mail_query_port = ports.get("json", False) or os.getenv('JSON', False) or random_port()
    my_ip = my_ip_address()
    logger.info("Mind that it needs ports %s and %s open", mail_query_port, mail_server_port)
    appliance.server.settings.update_smtp_server({
        'host': my_ip,
        'port': str(mail_server_port),
        'auth': "none"
    })
    server_filename = scripts_path.join('smtp_collector.py').strpath
    server_command = server_filename + " --smtp-port {} --query-port {}".format(
        mail_server_port,
        mail_query_port
    )
    logger.info("Starting mail collector %s", server_command)
    collector = None

    def _finalize():
        if collector is None:
            return
        logger.info("Sending KeyboardInterrupt to collector")
        try:
            collector.send_signal(signal.SIGINT)
        except OSError as e:
            # TODO: Better logging.
            logger.exception(e)
            logger.error("Something happened to the e-mail collector!")
            return
        time.sleep(2)
        if collector.poll() is None:
            logger.info("Sending SIGTERM to collector")
            collector.send_signal(signal.SIGTERM)
            time.sleep(5)
            if collector.poll() is None:
                logger.info("Sending SIGKILL to collector")
                collector.send_signal(signal.SIGKILL)
        collector.wait()
        logger.info("Collector finished")
        logger.info("Cleaning up smtp setup in CFME")
    collector = subprocess.Popen(server_command, shell=True)
    request.addfinalizer(_finalize)
    logger.info("Collector pid %s", collector.pid)
    logger.info("Waiting for collector to become alive.")
    time.sleep(3)
    assert collector.poll() is None, "Collector has died. Something must be blocking selected ports"
    logger.info("Collector alive")
    query_port_open = net_check_remote(mail_query_port, my_ip, force=True)
    server_port_open = net_check_remote(mail_server_port, my_ip, force=True)
    assert query_port_open and server_port_open,\
        'Ports {} and {} on the machine executing the tests are closed.\n'\
        'The ports are randomly chosen -> turn firewall off.'\
        .format(mail_query_port, mail_server_port)
    client = SMTPCollectorClient(
        my_ip,
        mail_query_port
    )
    client.set_test_name(request.node.name)
    client.clear_database()
    return client