def test_zones_referenced_in_placement_constraints():
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
sdk_install.install(
config.PACKAGE_NAME,
config.SERVICE_NAME,
config.DEFAULT_TASK_COUNT,
additional_options={
"master_nodes": {
"placement": "[[\"@zone\", \"GROUP_BY\"]]"
},
"data_nodes": {
"placement": "[[\"@zone\", \"GROUP_BY\"]]"
},
"ingest_nodes": {
"placement": "[[\"@zone\", \"GROUP_BY\"]]"
},
"coordinator_nodes": {
"placement": "[[\"@zone\", \"GROUP_BY\"]]"
}
})
nodes_info = config.get_elasticsearch_nodes_info(
service_name=config.SERVICE_NAME)
for node_uid, node in nodes_info["nodes"].items():
assert "zone" == sdk_utils.get_in([
"settings", "cluster", "routing", "allocation", "awareness",
"attributes"
], node)
assert sdk_fault_domain.is_valid_zone(
sdk_utils.get_in(["attributes", "zone"], node))
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def kafka_server(kerberos):
"""
A pytest fixture that installs a Kerberized kafka service.
On teardown, the service is uninstalled.
"""
service_kerberos_options = {
"service": {
"name": config.SERVICE_NAME,
"security": {
"kerberos": {
"enabled": True,
"kdc": {
"hostname": kerberos.get_host(),
"port": int(kerberos.get_port())
},
"realm": kerberos.get_realm(),
"keytab_secret": kerberos.get_keytab_path(),
}
}
}
}
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
try:
sdk_install.install(
config.PACKAGE_NAME,
config.SERVICE_NAME,
config.DEFAULT_BROKER_COUNT,
additional_options=service_kerberos_options,
timeout_seconds=30 * 60)
yield {**service_kerberos_options, **{"package_name": config.PACKAGE_NAME}}
finally:
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def kafka_server(service_account):
"""
A pytest fixture that installs a non-kerberized kafka service.
On teardown, the service is uninstalled.
"""
service_options = {
"service": {
"name": config.SERVICE_NAME,
# Note that since we wish to toggle TLS which *REQUIRES* a service account,
# we need to install Kafka with a service account to start with.
"service_account": service_account["name"],
"service_account_secret": service_account["secret"],
}
}
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
try:
sdk_install.install(
config.PACKAGE_NAME,
config.SERVICE_NAME,
config.DEFAULT_BROKER_COUNT,
additional_options=service_options,
timeout_seconds=30 * 60)
yield {**service_options, **{"package_name": config.PACKAGE_NAME}}
finally:
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def setup_constraint_switch():
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
agents = sdk_agents.get_private_agents()
some_agent = agents[0]["hostname"]
other_agent = agents[1]["hostname"]
log.info("Agents: %s %s", some_agent, other_agent)
assert some_agent != other_agent
options = _escape_placement_for_1_9(
{
"service": {"yaml": "marathon_constraint"},
"hello": {
"count": 1,
# First, we stick the pod to some_agent
"placement": '[["hostname", "LIKE", "{}"]]'.format(some_agent),
},
"world": {"count": 0},
}
)
sdk_install.install(config.PACKAGE_NAME, config.SERVICE_NAME, 1, additional_options=options)
sdk_tasks.check_running(config.SERVICE_NAME, 1)
hello_ids = sdk_tasks.get_task_ids(config.SERVICE_NAME, "hello")
# Now, stick it to other_agent
marathon_config = sdk_marathon.get_config(config.SERVICE_NAME)
marathon_config["env"]["HELLO_PLACEMENT"] = '[["hostname", "LIKE", "{}"]]'.format(other_agent)
sdk_marathon.update_app(marathon_config)
# Wait for the scheduler to be up and settled before advancing.
sdk_plan.wait_for_completed_deployment(config.SERVICE_NAME)
return some_agent, other_agent, hello_ids
def test_hostname_unique():
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
options = _escape_placement_for_1_9(
{
"service": {"yaml": "marathon_constraint"},
"hello": {"count": get_num_private_agents(), "placement": '[["hostname", "UNIQUE"]]'},
"world": {"count": get_num_private_agents(), "placement": '[["hostname", "UNIQUE"]]'},
}
)
sdk_install.install(
config.PACKAGE_NAME,
config.SERVICE_NAME,
get_num_private_agents() * 2,
additional_options=options,
)
# hello deploys first. One "world" task should end up placed with each "hello" task.
# ensure "hello" task can still be placed with "world" task
old_ids = sdk_tasks.get_task_ids(config.SERVICE_NAME, "hello-0")
sdk_cmd.svc_cli(config.PACKAGE_NAME, config.SERVICE_NAME, "pod replace hello-0")
sdk_tasks.check_tasks_updated(config.SERVICE_NAME, "hello-0", old_ids)
sdk_plan.wait_for_completed_recovery(config.SERVICE_NAME)
sdk_tasks.check_running(
config.SERVICE_NAME, get_num_private_agents() * 2 - 1, timeout_seconds=10
)
sdk_tasks.check_running(config.SERVICE_NAME, get_num_private_agents() * 2)
ensure_count_per_agent(hello_count=1, world_count=1)
def configure_package(configure_security):
test_jobs = []
try:
test_jobs = config.get_all_jobs()
# destroy any leftover jobs first, so that they don't touch the newly installed service:
for job in test_jobs:
sdk_jobs.remove_job(job)
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
sdk_install.install(
config.PACKAGE_NAME,
config.SERVICE_NAME,
config.DEFAULT_TASK_COUNT,
additional_options=sdk_networks.ENABLE_VIRTUAL_NETWORKS_OPTIONS)
tmp_dir = tempfile.mkdtemp(prefix='cassandra-test')
for job in test_jobs:
sdk_jobs.install_job(job, tmp_dir=tmp_dir)
yield # let the test session execute
finally:
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
for job in test_jobs:
sdk_jobs.remove_job(job)
def configure_package(configure_security):
test_jobs = []
try:
test_jobs = config.get_all_jobs(node_address=config.get_foldered_node_address())
# destroy/reinstall any prior leftover jobs, so that they don't touch the newly installed service:
for job in test_jobs:
sdk_jobs.install_job(job)
sdk_install.uninstall(config.PACKAGE_NAME, config.get_foldered_service_name())
# user=root because Azure CLI needs to run in root...
# We don't run the Azure tests in strict however, so don't set it then.
if os.environ.get("SECURITY") == "strict":
additional_options={"service": { "name": config.get_foldered_service_name() } }
else:
additional_options={"service": { "name": config.get_foldered_service_name(), "user": "******" } }
sdk_install.install(
config.PACKAGE_NAME,
config.get_foldered_service_name(),
config.DEFAULT_TASK_COUNT,
additional_options=additional_options)
yield # let the test session execute
finally:
sdk_install.uninstall(config.PACKAGE_NAME, config.get_foldered_service_name())
# remove job definitions from metronome
for job in test_jobs:
sdk_jobs.remove_job(job)
def cassandra_service(service_account: Dict[str, Any]) -> Iterator[Dict[str, Any]]:
"""
A pytest fixture that installs the cassandra service.
On teardown, the service is uninstalled.
"""
options = {
"service": {
"name": config.SERVICE_NAME,
# Note that since we wish to toggle TLS which *REQUIRES* a service account,
# we need to install Cassandra with a service account to start with.
"service_account": service_account["name"],
"service_account_secret": service_account["secret"],
}
}
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
try:
sdk_install.install(
config.PACKAGE_NAME,
config.SERVICE_NAME,
config.DEFAULT_TASK_COUNT,
additional_options=options,
wait_for_deployment=True,
)
yield {**options, **{"package_name": config.PACKAGE_NAME}}
finally:
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def test_secrets_basic():
# 1) create Secrets
# 2) install examples/secrets.yml
# 3) if secret file is not created, tasks will fail
# 4) wait till deployment finishes
# 5) do replace operation
# 6) ensure all tasks are running
# 7) delete Secrets
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
create_secrets("{}/".format(config.SERVICE_NAME))
sdk_install.install(config.PACKAGE_NAME, config.SERVICE_NAME, NUM_HELLO + NUM_WORLD, additional_options=secret_options)
hello_tasks_0 = sdk_tasks.get_task_ids(config.SERVICE_NAME, "hello-0-server")
world_tasks_0 = sdk_tasks.get_task_ids(config.SERVICE_NAME, "word-0-server")
# ensure that secrets work after replace
sdk_cmd.svc_cli(config.PACKAGE_NAME, config.SERVICE_NAME, 'pod replace hello-0')
sdk_cmd.svc_cli(config.PACKAGE_NAME, config.SERVICE_NAME, 'pod replace world-0')
sdk_tasks.check_tasks_updated(config.SERVICE_NAME, "hello-0-server", hello_tasks_0)
sdk_tasks.check_tasks_updated(config.SERVICE_NAME, 'world-0-server', world_tasks_0)
# tasks will fail if secret files are not created by mesos module
sdk_tasks.check_running(config.SERVICE_NAME, NUM_HELLO + NUM_WORLD)
# clean up and delete secrets
delete_secrets("{}/".format(config.SERVICE_NAME))
def update_or_upgrade_or_downgrade(
package_name: str,
service_name: str,
to_version: Optional[str],
to_options: Dict[str, Any],
expected_running_tasks: int,
wait_for_deployment: bool = True,
timeout_seconds: int = TIMEOUT_SECONDS,
) -> bool:
initial_config = get_config(package_name, service_name)
task_ids = sdk_tasks.get_task_ids(service_name, "")
if (to_version and not is_cli_supports_service_version_upgrade()) or (
to_options and not is_cli_supports_service_options_update()
):
log.info("Using marathon flow to upgrade %s to version [%s]", service_name, to_version)
sdk_marathon.destroy_app(service_name)
sdk_install.install(
package_name,
service_name,
expected_running_tasks,
additional_options=to_options,
package_version=to_version,
timeout_seconds=timeout_seconds,
wait_for_deployment=wait_for_deployment,
)
else:
_update_service_with_cli(package_name, service_name, to_version, to_options)
if wait_for_deployment:
_wait_for_deployment(package_name, service_name, initial_config, task_ids, timeout_seconds)
return not wait_for_deployment
def dynamic_port_config():
install.install(PACKAGE_NAME,
DEFAULT_BROKER_COUNT,
service_name=SERVICE_NAME,
additional_options=DYNAMIC_PORT_OPTIONS_DICT)
yield
install.uninstall(SERVICE_NAME, PACKAGE_NAME)
def test_pods_restart_graceful_shutdown():
options = {
"world": {
"kill_grace_period": 30
}
}
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
sdk_install.install(config.PACKAGE_NAME, config.SERVICE_NAME, config.DEFAULT_TASK_COUNT,
additional_options=options)
world_ids = sdk_tasks.get_task_ids(config.SERVICE_NAME, 'world-0')
jsonobj = sdk_cmd.svc_cli(config.PACKAGE_NAME, config.SERVICE_NAME, 'pod restart world-0', json=True)
assert len(jsonobj) == 2
assert jsonobj['pod'] == 'world-0'
assert len(jsonobj['tasks']) == 1
assert jsonobj['tasks'][0] == 'world-0-server'
sdk_tasks.check_tasks_updated(config.SERVICE_NAME, 'world-0', world_ids)
config.check_running()
# ensure the SIGTERM was sent via the "all clean" message in the world
# service's signal trap/handler, BUT not the shell command, indicated
# by "echo".
stdout = sdk_cmd.run_cli(
"task log --completed --lines=1000 {}".format(world_ids[0]))
clean_msg = None
for s in stdout.split('\n'):
if s.find('echo') < 0 and s.find('all clean') >= 0:
clean_msg = s
assert clean_msg is not None
def hdfs_server(kerberos):
"""
A pytest fixture that installs a Kerberized HDFS service.
On teardown, the service is uninstalled.
"""
service_options = {
"service": {
"name": config.SERVICE_NAME,
"security": {
"kerberos": {
"enabled": True,
"kdc": {"hostname": kerberos.get_host(), "port": int(kerberos.get_port())},
"realm": kerberos.get_realm(),
"keytab_secret": kerberos.get_keytab_path(),
}
},
},
"hdfs": {"security_auth_to_local": auth.get_principal_to_user_mapping()},
}
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
try:
sdk_install.install(
config.PACKAGE_NAME,
config.SERVICE_NAME,
config.DEFAULT_TASK_COUNT,
additional_options=service_options,
timeout_seconds=30 * 60,
)
yield {**service_options, **{"package_name": config.PACKAGE_NAME}}
finally:
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def test_install_without_additional_principal_to_user_mapping(kerberos, service_account):
try:
service_options = {
"service": {
"name": config.SERVICE_NAME,
"service_account": service_account["name"],
"service_account_secret": service_account["secret"],
"security": {
"kerberos": {
"enabled": True,
"debug": True,
"kdc": {"hostname": kerberos.get_host(), "port": int(kerberos.get_port())},
"realm": kerberos.get_realm(),
"keytab_secret": kerberos.get_keytab_path(),
}
},
}
}
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
sdk_install.install(
config.PACKAGE_NAME,
config.SERVICE_NAME,
config.DEFAULT_TASK_COUNT,
additional_options=service_options,
timeout_seconds=30 * 60,
)
finally:
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def configure_package(configure_security):
try:
sdk_install.uninstall(config.PACKAGE_NAME, foldered_name)
if sdk_utils.dcos_version_less_than("1.9"):
# HDFS upgrade in 1.8 is not supported.
sdk_install.install(
config.PACKAGE_NAME,
foldered_name,
config.DEFAULT_TASK_COUNT,
additional_options={"service": {"name": foldered_name}},
timeout_seconds=30 * 60,
)
else:
sdk_upgrade.test_upgrade(
config.PACKAGE_NAME,
foldered_name,
config.DEFAULT_TASK_COUNT,
from_options={"service": {"name": foldered_name}},
timeout_seconds=30 * 60,
)
yield # let the test session execute
finally:
sdk_install.uninstall(config.PACKAGE_NAME, foldered_name)
def hdfs_service_tls(service_account):
try:
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
sdk_install.install(
config.PACKAGE_NAME,
service_name=config.SERVICE_NAME,
expected_running_tasks=config.DEFAULT_TASK_COUNT,
additional_options={
"service": {
"service_account": service_account["name"],
"service_account_secret": service_account["secret"],
"security": {
"transport_encryption": {
"enabled": True
}
}
}
},
timeout_seconds=30 * 60)
sdk_plan.wait_for_completed_deployment(config.SERVICE_NAME)
yield service_account
finally:
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def cassandra_service_tls(service_account):
sdk_install.uninstall(package_name=config.PACKAGE_NAME, service_name=config.SERVICE_NAME)
sdk_install.install(
config.PACKAGE_NAME,
config.SERVICE_NAME,
config.DEFAULT_TASK_COUNT,
additional_options={
"service": {
"service_account": service_account["name"],
"service_account_secret": service_account["secret"],
"security": {
"transport_encryption": {
"enabled": True
}
}
}
}
)
sdk_plan.wait_for_completed_deployment(config.SERVICE_NAME)
# Wait for service health check to pass
shakedown.service_healthy(config.SERVICE_NAME)
yield
sdk_install.uninstall(package_name=config.PACKAGE_NAME, service_name=config.SERVICE_NAME)
def test_zones_not_referenced_in_placement_constraints():
foldered_name = sdk_utils.get_foldered_name(config.SERVICE_NAME)
sdk_install.uninstall(config.PACKAGE_NAME, foldered_name)
sdk_install.install(
config.PACKAGE_NAME,
foldered_name,
config.DEFAULT_BROKER_COUNT,
additional_options={
"service": {
"name": foldered_name
}
})
test_utils.broker_count_check(
config.DEFAULT_BROKER_COUNT, service_name=foldered_name)
broker_ids = sdk_cmd.svc_cli(
config.PACKAGE_NAME, foldered_name, 'broker list', json=True)
for broker_id in broker_ids:
broker_info = sdk_cmd.svc_cli(
config.PACKAGE_NAME,
foldered_name,
'broker get {}'.format(broker_id),
json=True)
assert broker_info.get('rack') == None
sdk_install.uninstall(config.PACKAGE_NAME, foldered_name)
def zookeeper_server(kerberos):
service_kerberos_options = {
"service": {
"name": config.ZOOKEEPER_SERVICE_NAME,
"security": {
"kerberos": {
"enabled": True,
"kdc": {
"hostname": kerberos.get_host(),
"port": int(kerberos.get_port())
},
"realm": kerberos.get_realm(),
"keytab_secret": kerberos.get_keytab_path(),
}
}
}
}
try:
sdk_install.uninstall(config.ZOOKEEPER_PACKAGE_NAME, config.ZOOKEEPER_SERVICE_NAME)
sdk_install.install(
config.ZOOKEEPER_PACKAGE_NAME,
config.ZOOKEEPER_SERVICE_NAME,
config.ZOOKEEPER_TASK_COUNT,
additional_options=service_kerberos_options,
timeout_seconds=30 * 60)
yield {**service_kerberos_options, **{"package_name": config.ZOOKEEPER_PACKAGE_NAME}}
finally:
sdk_install.uninstall(config.ZOOKEEPER_PACKAGE_NAME, config.ZOOKEEPER_SERVICE_NAME)
def test_zones_referenced_in_placement_constraints():
foldered_name = sdk_utils.get_foldered_name(config.SERVICE_NAME)
sdk_install.uninstall(config.PACKAGE_NAME, foldered_name)
sdk_install.install(
config.PACKAGE_NAME,
foldered_name,
config.DEFAULT_BROKER_COUNT,
additional_options={
"service": {
"name": foldered_name,
"placement_constraint": "[[\"@zone\", \"GROUP_BY\"]]"
}
})
test_utils.broker_count_check(
config.DEFAULT_BROKER_COUNT, service_name=foldered_name)
broker_ids = sdk_cmd.svc_cli(
config.PACKAGE_NAME, foldered_name, 'broker list', json=True)
for broker_id in broker_ids:
broker_info = sdk_cmd.svc_cli(
config.PACKAGE_NAME,
foldered_name,
'broker get {}'.format(broker_id),
json=True)
assert sdk_fault_domain.is_valid_zone(broker_info.get('rack'))
sdk_install.uninstall(config.PACKAGE_NAME, foldered_name)
def setup_constraint_switch():
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
agents = shakedown.get_private_agents()
some_agent = agents[0]
other_agent = agents[1]
log.info('Agents: %s %s', some_agent, other_agent)
assert some_agent != other_agent
options = _escape_placement_for_1_9({
"service": {
"yaml": "marathon_constraint"
},
"hello": {
"count": 1,
# First, we stick the pod to some_agent
"placement": "[[\"hostname\", \"LIKE\", \"{}\"]]".format(some_agent)
},
"world": {
"count": 0
}
})
sdk_install.install(config.PACKAGE_NAME, config.SERVICE_NAME, 1, additional_options=options)
sdk_tasks.check_running(config.SERVICE_NAME, 1)
hello_ids = sdk_tasks.get_task_ids(config.SERVICE_NAME, 'hello')
# Now, stick it to other_agent
marathon_config = sdk_marathon.get_config(config.SERVICE_NAME)
marathon_config['env']['HELLO_PLACEMENT'] = "[[\"hostname\", \"LIKE\", \"{}\"]]".format(other_agent)
sdk_marathon.update_app(config.SERVICE_NAME, marathon_config)
# Wait for the scheduler to be up and settled before advancing.
sdk_plan.wait_for_completed_deployment(config.SERVICE_NAME)
return some_agent, other_agent, hello_ids
def test_secrets_dcos_space():
# 1) create secrets in hello-world/somePath, i.e. hello-world/somePath/secret1 ...
# 2) Tasks with DCOS_SPACE hello-world/somePath
# or some DCOS_SPACE path under hello-world/somePath
# (for example hello-world/somePath/anotherPath/)
# can access these Secrets
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
# cannot access these secrets because of DCOS_SPACE authorization
create_secrets("{}/somePath/".format(config.SERVICE_NAME))
try:
sdk_install.install(
config.PACKAGE_NAME,
config.SERVICE_NAME,
NUM_HELLO + NUM_WORLD,
additional_options=options_dcos_space_test,
timeout_seconds=5 * 60) # Wait for 5 minutes. We don't need to wait 15 minutes for hello-world to fail an install
assert False, "Should have failed to install"
except AssertionError as arg:
raise arg
except:
pass # expected to fail
# clean up and delete secrets
delete_secrets("{}/somePath/".format(config.SERVICE_NAME))
def elastic_service_tls(service_account):
try:
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
sdk_install.install(
config.PACKAGE_NAME,
service_name=config.SERVICE_NAME,
expected_running_tasks=config.DEFAULT_TASK_COUNT,
additional_options={
"service": {
"service_account": service_account["name"],
"service_account_secret": service_account["secret"],
"security": {
"transport_encryption": {
"enabled": True
}
}
},
"elasticsearch": {
"xpack_enabled": True,
}
})
yield
finally:
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def configure_package(configure_security: None) -> Iterator[None]:
test_jobs: List[Dict[str, Any]] = []
try:
test_jobs = config.get_all_jobs(auth=True)
# destroy/reinstall any prior leftover jobs, so that they don't touch the newly installed service:
for job in test_jobs:
sdk_jobs.install_job(job)
create_secret(
secret_value=config.SECRET_VALUE, secret_path=config.PACKAGE_NAME + '/' + config.SECRET_VALUE
)
service_options = {
"service": {
"name": config.SERVICE_NAME,
"security": {"authentication": {"enabled": True}, "authorization": {"enabled": True}},
}
}
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
sdk_install.install(
config.PACKAGE_NAME,
config.SERVICE_NAME,
config.DEFAULT_TASK_COUNT,
additional_options=service_options,
)
yield # let the test session execute
finally:
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
delete_secret(secret=config.PACKAGE_NAME + '/' + config.SECRET_VALUE)
# remove job definitions from metronome
for job in test_jobs:
sdk_jobs.remove_job(job)
def configure_package(configure_security):
try:
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
sdk_install.install(config.PACKAGE_NAME, config.SERVICE_NAME, config.DEFAULT_TASK_COUNT)
yield # let the test session execute
finally:
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def test_launch_task_with_multiple_ports():
sdk_install.install(
config.PACKAGE_NAME,
config.SERVICE_NAME,
0,
additional_options={"service": {"yaml": "multiport"}},
)
assert sdk_tasks.get_summary(with_completed=True, task_name="multiport-0-server"), "Unable to find matching completed task"
def test_static_port_comes_online():
sdk_install.install(
config.PACKAGE_NAME,
config.SERVICE_NAME,
config.DEFAULT_BROKER_COUNT,
additional_options=STATIC_PORT_OPTIONS_DICT)
sdk_tasks.check_running(config.SERVICE_NAME, config.DEFAULT_BROKER_COUNT)
def upgrade_or_downgrade(package_name, running_task_count):
task_ids = tasks.get_task_ids(package_name, '')
marathon.destroy_app(package_name)
install.install(package_name, running_task_count)
print('Waiting for upgrade / downgrade deployment to complete')
spin.time_wait_noisy(lambda: (
plan.get_deployment_plan(package_name).json()['status'] == 'COMPLETE'))
print('Checking that all tasks have restarted')
tasks.check_tasks_updated(package_name, '', task_ids)
def setup_module(module):
install.uninstall(SERVICE_NAME, PACKAGE_NAME)
utils.gc_frameworks()
options = {
"service": {
"name": SERVICE_NAME
}
}
install.install(PACKAGE_NAME, DEFAULT_TASK_COUNT, SERVICE_NAME, additional_options=options)
def configure_package(configure_security):
try:
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
options = {"service": {"yaml": "host-volume"}}
sdk_install.install(config.PACKAGE_NAME, config.SERVICE_NAME, 2, additional_options=options)
yield # let the test session execute
finally:
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def hdfs_with_kerberos(configure_security_hdfs):
try:
# To do: remove the following as soon as HDFS with kerberos is released
log.warning(
'Temporarily using HDFS stub universe until kerberos is released')
sdk_cmd.run_cli('package repo add --index=0 {} {}'.format(
'hdfs-aws',
'https://universe-converter.mesosphere.com/transform?url=https://infinity-artifacts.s3.amazonaws.com/permanent/beta-hdfs/20171122-112028-Vl2QaSERix2q6Dhk/stub-universe-beta-hdfs.json'
))
primaries = ["hdfs", "HTTP"]
fqdn = "{service_name}.{host_suffix}".format(
service_name=HDFS_SERVICE_NAME,
host_suffix=sdk_hosts.AUTOIP_HOST_SUFFIX)
instances = [
"name-0-node",
"name-0-zkfc",
"name-1-node",
"name-1-zkfc",
"journal-0-node",
"journal-1-node",
"journal-2-node",
"data-0-node",
"data-1-node",
"data-2-node",
]
principals = []
for (instance, primary) in itertools.product(instances, primaries):
principals.append("{primary}/{instance}.{fqdn}@{REALM}".format(
primary=primary,
instance=instance,
fqdn=fqdn,
REALM=sdk_auth.REALM))
principals.append(GENERIC_HDFS_USER_PRINCIPAL)
kerberos_env = sdk_auth.KerberosEnvironment()
kerberos_env.add_principals(principals)
kerberos_env.finalize()
service_kerberos_options = {
"service": {
"kerberos": {
"enabled": True,
"kdc_host_name": kerberos_env.get_host(),
"kdc_host_port": kerberos_env.get_port(),
"keytab_secret": kerberos_env.get_keytab_path(),
"primary": primaries[0],
"primary_http": primaries[1],
"realm": sdk_auth.REALM
}
}
}
sdk_install.uninstall(HDFS_PACKAGE_NAME, HDFS_SERVICE_NAME)
sdk_install.install(HDFS_PACKAGE_NAME,
HDFS_SERVICE_NAME,
DEFAULT_HDFS_TASK_COUNT,
additional_options=service_kerberos_options,
timeout_seconds=30 * 60)
yield kerberos_env
finally:
sdk_install.uninstall(HDFS_PACKAGE_NAME, HDFS_SERVICE_NAME)
sdk_cmd.run_cli('package repo remove hdfs-aws')
if kerberos_env:
kerberos_env.cleanup()
def succeed_placement(options):
"""
This assumes that the DC/OS cluster is reporting that all agents are in a single zone.
"""
sdk_install.install(config.PACKAGE_NAME, config.SERVICE_NAME, 0, additional_options=options)
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def setup_module(module):
install.uninstall(PACKAGE_NAME)
utils.gc_frameworks()
install.install(PACKAGE_NAME, DEFAULT_TASK_COUNT,
additional_options=OVERLAY_OPTIONS)
def setup_module(module):
install.uninstall(PACKAGE_NAME)
sdk_utils.gc_frameworks()
install.install(PACKAGE_NAME, DEFAULT_TASK_COUNT)
def setup_module(module):
install.uninstall(PACKAGE_NAME)
sdk_utils.gc_frameworks()
# check_suppression=False due to https://jira.mesosphere.com/browse/CASSANDRA-568
install.install(PACKAGE_NAME, DEFAULT_TASK_COUNT, check_suppression=False)
def static_port_config():
install.install(PACKAGE_NAME,
DEFAULT_BROKER_COUNT,
service_name=SERVICE_NAME,
additional_options=STATIC_PORT_OPTIONS_DICT)
def test_upgrade(
package_name,
service_name,
expected_running_tasks,
additional_options={},
test_version_additional_options=None,
timeout_seconds=TIMEOUT_SECONDS,
wait_for_deployment=True,
):
# allow providing different options dicts to the universe version vs the test version:
if test_version_additional_options is None:
test_version_additional_options = additional_options
sdk_install.uninstall(package_name, service_name)
test_version = _get_pkg_version(package_name)
log.info("Found test version: {}".format(test_version))
universe_url = _get_universe_url()
universe_version = None
try:
# Move the Universe repo to the top of the repo list so that we can first install the release version.
sdk_repository.remove_repo("Universe")
assert sdk_repository.add_repo("Universe", universe_url, 0)
log.info(
"Waiting for Universe release version of {} to appear: version != {}"
.format(package_name, test_version))
universe_version = _wait_for_new_package_version(
package_name, test_version)
log.info("Installing Universe version: {}={}".format(
package_name, universe_version))
sdk_install.install(
package_name,
service_name,
expected_running_tasks,
package_version=universe_version,
additional_options=additional_options,
timeout_seconds=timeout_seconds,
wait_for_deployment=wait_for_deployment,
)
finally:
if universe_version:
# Return the Universe repo back to the bottom of the repo list so that we can upgrade to the build version.
sdk_repository.remove_repo("Universe")
assert sdk_repository.add_repo("Universe", universe_url)
log.info(
"Waiting for test build version of {} to appear: version != {}"
.format(package_name, universe_version))
_wait_for_new_package_version(package_name, universe_version)
log.info("Upgrading {}: {} => {}".format(package_name, universe_version,
test_version))
update_or_upgrade_or_downgrade(
package_name,
service_name,
test_version,
test_version_additional_options,
expected_running_tasks,
wait_for_deployment,
timeout_seconds,
)
def setup_module(module):
install.uninstall(PACKAGE_NAME)
install.install(PACKAGE_NAME)
def test_upgrade_from_xpack_enabled_to_xpack_security_enabled():
# Since this test uninstalls the Elastic service that is shared between all previous tests,
# reset the number of expected tasks to the default value. This is checked before all tests
# by the `pre_test_setup` fixture.
global current_expected_task_count
current_expected_task_count = config.DEFAULT_TASK_COUNT
# This test needs to run some code in between the Universe version installation and the stub Universe
# upgrade, so it cannot use `sdk_upgrade.test_upgrade`.
log.info("Updating from X-Pack 'enabled' to X-Pack security 'enabled'")
http_user = config.DEFAULT_ELASTICSEARCH_USER
http_password = config.DEFAULT_ELASTICSEARCH_PASSWORD
package_name = config.PACKAGE_NAME
sdk_install.uninstall(package_name, foldered_name)
# Move Universe repo to the top of the repo list so that we can first install the Universe
# version.
_, universe_version = sdk_repository.move_universe_repo(package_name, universe_repo_index=0)
sdk_install.install(
package_name,
foldered_name,
expected_running_tasks=current_expected_task_count,
additional_options={"elasticsearch": {"xpack_enabled": True}},
package_version=universe_version,
)
document_es_5_id = 1
document_es_5_fields = {"name": "Elasticsearch 5: X-Pack enabled", "role": "search engine"}
config.create_document(
config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
document_es_5_id,
document_es_5_fields,
service_name=foldered_name,
http_user=http_user,
http_password=http_password,
)
# This is the first crucial step when upgrading from "X-Pack enabled" on ES5 to "X-Pack security
# enabled" on ES6. The default "changeme" password doesn't work anymore on ES6, so passwords
# *must* be *explicitly* set, otherwise nodes won't authenticate requests, leaving the cluster
# unavailable. Users will have to do this manually when upgrading.
config._curl_query(
foldered_name,
"POST",
"_xpack/security/user/{}/_password".format(http_user),
json_body={"password": http_password},
http_user=http_user,
http_password=http_password,
)
# Move Universe repo back to the bottom of the repo list so that we can upgrade to the version
# under test.
_, test_version = sdk_repository.move_universe_repo(package_name)
# First we upgrade to "X-Pack security enabled" set to false on ES6, so that we can use the
# X-Pack migration assistance and upgrade APIs.
sdk_upgrade.update_or_upgrade_or_downgrade(
package_name,
foldered_name,
test_version,
{
"service": {"update_strategy": "parallel"},
"elasticsearch": {"xpack_security_enabled": False},
},
current_expected_task_count,
)
# Get list of indices to upgrade from here. The response looks something like:
# {
# "indices" : {
# ".security" : {
# "action_required" : "upgrade"
# },
# ".watches" : {
# "action_required" : "upgrade"
# }
# }
# }
response = config._curl_query(foldered_name, "GET", "_xpack/migration/assistance?pretty")
# This is the second crucial step when upgrading from "X-Pack enabled" on ES5 to "X-Pack
# security enabled" on ES6. The ".security" index (along with any others returned by the
# "assistance" API) needs to be upgraded.
for index in response["indices"]:
config._curl_query(
foldered_name,
"POST",
"_xpack/migration/upgrade/{}?pretty".format(index),
http_user=http_user,
http_password=http_password,
)
document_es_6_security_disabled_id = 2
document_es_6_security_disabled_fields = {
"name": "Elasticsearch 6: X-Pack security disabled",
"role": "search engine",
}
config.create_document(
config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
document_es_6_security_disabled_id,
document_es_6_security_disabled_fields,
service_name=foldered_name,
http_user=http_user,
http_password=http_password,
)
# After upgrading the indices, we're now safe to enable X-Pack security.
sdk_service.update_configuration(
package_name,
foldered_name,
{"elasticsearch": {"xpack_security_enabled": True}},
current_expected_task_count,
)
document_es_6_security_enabled_id = 3
document_es_6_security_enabled_fields = {
"name": "Elasticsearch 6: X-Pack security enabled",
"role": "search engine",
}
config.create_document(
config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
document_es_6_security_enabled_id,
document_es_6_security_enabled_fields,
service_name=foldered_name,
http_user=http_user,
http_password=http_password,
)
# Make sure that documents were created and are accessible.
config.verify_document(
foldered_name,
document_es_5_id,
document_es_5_fields,
http_user=http_user,
http_password=http_password,
)
config.verify_document(
foldered_name,
document_es_6_security_disabled_id,
document_es_6_security_disabled_fields,
http_user=http_user,
http_password=http_password,
)
config.verify_document(
foldered_name,
document_es_6_security_enabled_id,
document_es_6_security_enabled_fields,
http_user=http_user,
http_password=http_password,
)
def test_security_toggle_with_kibana(default_populated_index):
# Verify that commercial APIs are disabled by default in Elasticsearch.
config.verify_commercial_api_status(False, service_name=foldered_name)
# Write some data with security disabled, enabled security, and afterwards verify that we can
# still read what we wrote.
document_security_disabled_id = 1
document_security_disabled_fields = {"name": "Elasticsearch", "role": "search engine"}
config.create_document(
config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
document_security_disabled_id,
document_security_disabled_fields,
service_name=foldered_name,
)
# Verify that basic license is enabled by default.
config.verify_xpack_license("basic", service_name=foldered_name)
# Install Kibana.
elasticsearch_url = "http://" + sdk_hosts.vip_host(foldered_name, "coordinator", 9200)
sdk_install.install(
config.KIBANA_PACKAGE_NAME,
config.KIBANA_PACKAGE_NAME,
0,
{"kibana": {"elasticsearch_url": elasticsearch_url}},
timeout_seconds=config.KIBANA_DEFAULT_TIMEOUT,
wait_for_deployment=False,
insert_strict_options=False,
)
# Verify that it works.
config.check_kibana_adminrouter_integration("service/{}/".format(config.KIBANA_PACKAGE_NAME))
# Uninstall it.
sdk_install.uninstall(config.KIBANA_PACKAGE_NAME, config.KIBANA_PACKAGE_NAME)
# Enable Elasticsearch security.
sdk_service.update_configuration(
config.PACKAGE_NAME,
foldered_name,
{
"elasticsearch": {"xpack_security_enabled": True},
"service": {"update_strategy": "parallel"},
},
current_expected_task_count,
)
# This should still be disabled.
config.verify_commercial_api_status(False, service_name=foldered_name)
# Start trial license.
config.start_trial_license(service_name=foldered_name)
# Set up passwords. Basic HTTP credentials will have to be used in HTTP requests to
# Elasticsearch from now on.
passwords = config.setup_passwords(foldered_name)
# Verify trial license is working.
config.verify_xpack_license(
"trial",
service_name=foldered_name,
http_user=config.DEFAULT_ELASTICSEARCH_USER,
http_password=passwords["elastic"],
)
config.verify_commercial_api_status(
True,
service_name=foldered_name,
http_user=config.DEFAULT_ELASTICSEARCH_USER,
http_password=passwords["elastic"],
)
# Write some data with security enabled, disable security, and afterwards verify that we can
# still read what we wrote.
document_security_enabled_id = 2
document_security_enabled_fields = {"name": "X-Pack", "role": "commercial plugin"}
config.create_document(
config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
document_security_enabled_id,
document_security_enabled_fields,
service_name=foldered_name,
http_user=config.DEFAULT_ELASTICSEARCH_USER,
http_password=passwords["elastic"],
)
# Install Kibana with security enabled.
sdk_install.install(
config.KIBANA_PACKAGE_NAME,
config.KIBANA_PACKAGE_NAME,
0,
{
"kibana": {
"elasticsearch_url": elasticsearch_url,
"elasticsearch_xpack_security_enabled": True,
"user": config.DEFAULT_KIBANA_USER,
"password": passwords["kibana"],
}
},
timeout_seconds=config.KIBANA_DEFAULT_TIMEOUT,
wait_for_deployment=False,
insert_strict_options=False,
)
# Verify that it works. Notice that with security enabled, one has to access
# /service/kibana/login instead of /service/kibana.
config.check_kibana_adminrouter_integration(
"service/{}/login".format(config.KIBANA_PACKAGE_NAME)
)
# Uninstall it.
sdk_install.uninstall(config.KIBANA_PACKAGE_NAME, config.KIBANA_PACKAGE_NAME)
# Disable Elastic security.
sdk_service.update_configuration(
config.PACKAGE_NAME,
foldered_name,
{
"elasticsearch": {"xpack_security_enabled": False},
"service": {"update_strategy": "parallel"},
},
current_expected_task_count,
)
# Verify we can read what was written before toggling security, without basic HTTP credentials.
document_security_disabled = config.get_document(
config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
document_security_disabled_id,
service_name=foldered_name,
)
assert (
document_security_disabled["_source"]["name"] == document_security_disabled_fields["name"]
)
# Verify we can read what was written when security was enabled, without basic HTTP credentials.
document_security_enabled = config.get_document(
config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
document_security_enabled_id,
service_name=foldered_name,
)
assert document_security_enabled["_source"]["name"] == document_security_enabled_fields["name"]
# Set update_strategy back to serial.
sdk_service.update_configuration(
config.PACKAGE_NAME,
foldered_name,
{"service": {"update_strategy": "serial"}},
current_expected_task_count,
)
def test_marathon_volume_collission():
# This test validates that a service registered in a sub-role of
# slave_public will _not_ unreserve Marathon volumes RESERVED
# in the `slave_public` role.
# Uninstall HW first
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
# Install the marathon app
marathon_app_name = "persistent-test"
persistent_app = {
"id": marathon_app_name,
"mem": 128,
"user": "******",
"cmd": "echo 'this is a test' > persistent-volume/test && sleep 10000",
"container": {
"type":
"MESOS",
"volumes": [{
"persistent": {
"type": "root",
"size": 500,
"constraints": []
},
"mode": "RW",
"containerPath": "persistent-volume"
}]
}
}
try:
sdk_marathon.install_app(persistent_app)
# Get its persistent Volume
host = sdk_marathon.get_scheduler_host(marathon_app_name)
ok, pv_name = shakedown.run_command_on_agent(
host, "ls /var/lib/mesos/slave/volumes/roles/slave_public")
assert ok
pv_name = pv_name.strip()
@retrying.retry(wait_fixed=1000, stop_max_delay=60 * 1000)
def check_content():
ok, pv_content = shakedown.run_command_on_agent(
host,
"cat /var/lib/mesos/slave/volumes/roles/slave_public/{}/test".
format(pv_name))
assert pv_content.strip() == "this is a test"
check_content()
# Scale down the Marathon app
app_config = sdk_marathon.get_config(marathon_app_name)
app_config['instances'] = 0
sdk_marathon.update_app(marathon_app_name, app_config)
# Install Hello World
sdk_install.install(config.PACKAGE_NAME,
config.SERVICE_NAME,
config.DEFAULT_TASK_COUNT,
additional_options=pre_reserved_options)
# Make sure the persistent volume is still there
check_content()
# Uninstall Hello World
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
# Make sure the persistent volume is still there
check_content()
# Scale back up the marathon app
app_config = sdk_marathon.get_config(marathon_app_name)
app_config['instances'] = 1
sdk_marathon.update_app(marathon_app_name, app_config)
# Make sure the persistent volume is still there
check_content()
finally:
# Reinstall hello world
sdk_install.install(config.PACKAGE_NAME,
config.SERVICE_NAME,
config.DEFAULT_TASK_COUNT,
additional_options=pre_reserved_options)
sdk_marathon.destroy_app(marathon_app_name)
def test_secrets_update():
# 1) create Secrets
# 2) install examples/secrets.yml
# 3) update Secrets
# 4) restart task
# 5) verify Secrets content (updated after restart)
# 6) delete Secrets
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
create_secrets("{}/".format(config.SERVICE_NAME))
sdk_install.install(config.PACKAGE_NAME,
config.SERVICE_NAME,
NUM_HELLO + NUM_WORLD,
additional_options=secret_options)
# tasks will fail if secret file is not created
sdk_tasks.check_running(config.SERVICE_NAME, NUM_HELLO + NUM_WORLD)
sdk_cmd.run_cli("security secrets update --value={} {}/secret1".format(
secret_content_alternative, config.SERVICE_NAME))
sdk_cmd.run_cli("security secrets update --value={} {}/secret2".format(
secret_content_alternative, config.SERVICE_NAME))
sdk_cmd.run_cli("security secrets update --value={} {}/secret3".format(
secret_content_alternative, config.SERVICE_NAME))
# Verify with hello-0 and world-0, just check with one of the pods
hello_tasks_old = sdk_tasks.get_task_ids(config.SERVICE_NAME, "hello-0")
world_tasks_old = sdk_tasks.get_task_ids(config.SERVICE_NAME, "world-0")
# restart pods to retrieve new secret's content
sdk_cmd.svc_cli(config.PACKAGE_NAME, config.SERVICE_NAME,
'pod restart hello-0')
sdk_cmd.svc_cli(config.PACKAGE_NAME, config.SERVICE_NAME,
'pod restart world-0')
# wait pod restart to complete
sdk_tasks.check_tasks_updated(config.SERVICE_NAME, "hello-0",
hello_tasks_old)
sdk_tasks.check_tasks_updated(config.SERVICE_NAME, 'world-0',
world_tasks_old)
# wait till it is running
sdk_tasks.check_running(config.SERVICE_NAME, NUM_HELLO + NUM_WORLD)
# make sure content is changed
assert secret_content_alternative == read_secret(
"world-0", "bash -c 'echo $WORLD_SECRET1_ENV'")
assert secret_content_alternative == read_secret("world-0",
"cat WORLD_SECRET2_FILE")
assert secret_content_alternative == read_secret(
"world-0", "cat {}/secret3".format(config.SERVICE_NAME))
# make sure content is changed
assert secret_content_alternative == read_secret(
"hello-0", "bash -c 'echo $HELLO_SECRET1_ENV'")
assert secret_content_alternative == read_secret("hello-0",
"cat HELLO_SECRET1_FILE")
assert secret_content_alternative == read_secret("hello-0",
"cat HELLO_SECRET2_FILE")
# clean up and delete secrets
delete_secrets("{}/".format(config.SERVICE_NAME))
def test_backup_and_restore_to_s3_compatible_storage() -> None:
try:
sdk_install.install(
"minio",
"minio",
expected_running_tasks=0,
package_version="0.0.13-RELEASE.2018-10-06T00-15-16Z",
wait_for_deployment=False,
)
temp_key_id = os.getenv("AWS_ACCESS_KEY_ID")
if not temp_key_id:
assert (
False
), 'AWS credentials are required for this test. Disable test with e.g. TEST_TYPES="sanity and not aws"'
temp_secret_access_key = os.getenv("AWS_SECRET_ACCESS_KEY")
options = ""
if sdk_utils.is_strict_mode():
sdk_security.create_service_account(
service_account_name="marathon-lb-sa",
service_account_secret="marathon-lb/service-account-secret",
)
sdk_cmd.run_cli(
"security org users grant marathon-lb-sa dcos:service:marathon:marathon:services:/ read"
)
sdk_cmd.run_cli(
'security org users grant marathon-lb-sa dcos:service:marathon:marathon:admin:events read --description "Allows access to Marathon events"'
)
options = {
"marathon-lb": {
"secret_name": "marathon-lb/service-account-secret",
"marathon-uri": "https://marathon.mesos:8443",
}
}
sdk_install.install(
"marathon-lb",
"marathon-lb",
expected_running_tasks=0,
additional_options=options,
package_version="1.14.0",
wait_for_deployment=False,
)
host = sdk_marathon.get_scheduler_host("marathon-lb")
_, public_node_ip, _ = sdk_cmd.agent_ssh(host, "curl -s ifconfig.co")
minio_endpoint_url = "http://" + public_node_ip + ":9000"
os.environ["AWS_ACCESS_KEY_ID"] = config.MINIO_AWS_ACCESS_KEY_ID
os.environ["AWS_SECRET_ACCESS_KEY"] = config.MINIO_AWS_SECRET_ACCESS_KEY
subprocess.run(
[
"aws",
"s3",
"mb",
"s3://" + config.MINIO_BUCKET_NAME,
"--endpoint",
minio_endpoint_url,
]
)
plan_parameters = {
"AWS_ACCESS_KEY_ID": os.getenv("AWS_ACCESS_KEY_ID"),
"AWS_SECRET_ACCESS_KEY": os.getenv("AWS_SECRET_ACCESS_KEY"),
"AWS_REGION": os.getenv("AWS_REGION", "us-west-2"),
"S3_BUCKET_NAME": config.MINIO_BUCKET_NAME,
"SNAPSHOT_NAME": str(uuid.uuid1()),
"CASSANDRA_KEYSPACES": '"testspace1 testspace2"',
"S3_ENDPOINT_URL": minio_endpoint_url,
}
config.run_backup_and_restore(
config.get_foldered_service_name(),
"backup-s3",
"restore-s3",
plan_parameters,
config.get_foldered_node_address(),
)
finally:
sdk_install.uninstall("minio", "minio")
sdk_install.uninstall("marathon-lb", "marathon-lb")
os.environ["AWS_ACCESS_KEY_ID"] = temp_key_id
os.environ["AWS_SECRET_ACCESS_KEY"] = temp_secret_access_key
def install_jmx_configured_cassandra(self_signed_trust_store: bool = True,
authentication: bool = True):
foldered_name = config.get_foldered_service_name()
test_jobs: List[Dict[str, Any]] = []
if authentication:
test_jobs = config.get_all_jobs(
node_address=config.get_foldered_node_address(), auth=True)
else:
test_jobs = config.get_all_jobs(
node_address=config.get_foldered_node_address())
# destroy/reinstall any prior leftover jobs, so that they don't touch the newly installed service:
for job in test_jobs:
sdk_jobs.install_job(job)
sdk_install.uninstall(config.PACKAGE_NAME, foldered_name)
install_jmx_secrets()
service_options = {
"service": {
"name": foldered_name,
"jmx": {
"enabled": True,
"rmi_port": 31198,
"password_file": PASSWORD_FILE,
"access_file": ACCESS_FILE,
"key_store": KEY_STORE,
"key_store_password_file": KEY_STORE_PASS,
},
}
}
if self_signed_trust_store:
service_options = sdk_utils.merge_dictionaries(
{
"service": {
"jmx": {
"add_trust_store": True,
"trust_store": TRUST_STORE,
"trust_store_password_file": TRUST_STORE_PASS,
}
}
},
service_options,
)
if authentication:
secret_path = foldered_name + "/" + config.SECRET_VALUE
create_secret(secret_value=config.SECRET_VALUE,
secret_path=secret_path)
service_options = sdk_utils.merge_dictionaries(
{
"service": {
"security": {
"authentication": {
"enabled": True,
"superuser": {
"password_secret_path": secret_path
},
},
"authorization": {
"enabled": True
},
}
}
},
service_options,
)
sdk_install.install(
config.PACKAGE_NAME,
foldered_name,
config.DEFAULT_TASK_COUNT,
additional_options=service_options,
)
def test_xpack_toggle_with_kibana(default_populated_index):
log.info("\n***** Verify X-Pack disabled by default in elasticsearch")
config.verify_commercial_api_status(False, service_name=foldered_name)
log.info("\n***** Test kibana with X-Pack disabled...")
elasticsearch_url = "http://" + sdk_hosts.vip_host(foldered_name,
"coordinator", 9200)
# It can take several minutes for kibana's health check to start passing once it's running.
# Therefore we use a 30m timeout instead of the 15m default.
sdk_install.install(
config.KIBANA_PACKAGE_NAME,
config.KIBANA_PACKAGE_NAME,
0,
{"kibana": {
"elasticsearch_url": elasticsearch_url
}},
timeout_seconds=config.KIBANA_DEFAULT_TIMEOUT,
wait_for_deployment=False,
insert_strict_options=False,
)
config.check_kibana_adminrouter_integration("service/{}/".format(
config.KIBANA_PACKAGE_NAME))
log.info("Uninstall kibana with X-Pack disabled")
sdk_install.uninstall(config.KIBANA_PACKAGE_NAME,
config.KIBANA_PACKAGE_NAME)
log.info(
"\n***** Set/verify X-Pack enabled in elasticsearch. Requires parallel upgrade strategy for full restart."
)
config.set_xpack(True, service_name=foldered_name)
config.check_elasticsearch_plugin_installed(config.XPACK_PLUGIN_NAME,
service_name=foldered_name)
config.verify_commercial_api_status(True, service_name=foldered_name)
config.verify_xpack_license(service_name=foldered_name)
log.info(
"\n***** Write some data while enabled, disable X-Pack, and verify we can still read what we wrote."
)
config.create_document(
config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
2,
{
"name": "X-Pack",
"role": "commercial plugin"
},
service_name=foldered_name,
)
log.info("\n***** Test kibana with X-Pack enabled...")
log.info(
"\n***** Installing Kibana w/X-Pack can exceed default 15 minutes for Marathon "
"deployment to complete due to a configured HTTP health check. (typical: 12 minutes)"
)
sdk_install.install(
config.KIBANA_PACKAGE_NAME,
config.KIBANA_PACKAGE_NAME,
0,
{
"kibana": {
"elasticsearch_url": elasticsearch_url,
"xpack_enabled": True
}
},
timeout_seconds=config.KIBANA_DEFAULT_TIMEOUT,
wait_for_deployment=False,
insert_strict_options=False,
)
config.check_kibana_plugin_installed(
config.XPACK_PLUGIN_NAME, service_name=config.KIBANA_PACKAGE_NAME)
config.check_kibana_adminrouter_integration("service/{}/login".format(
config.KIBANA_PACKAGE_NAME))
log.info("\n***** Uninstall kibana with X-Pack enabled")
sdk_install.uninstall(config.KIBANA_PACKAGE_NAME,
config.KIBANA_PACKAGE_NAME)
log.info("\n***** Disable X-Pack in elasticsearch.")
config.set_xpack(False, service_name=foldered_name)
log.info(
"\n***** Verify we can still read what we wrote when X-Pack was enabled."
)
config.verify_commercial_api_status(False, service_name=foldered_name)
doc = config.get_document(config.DEFAULT_INDEX_NAME,
config.DEFAULT_INDEX_TYPE,
2,
service_name=foldered_name)
assert doc["_source"]["name"] == "X-Pack"
# reset upgrade strategy to serial
config.update_app(foldered_name, {"UPDATE_STRATEGY": "serial"},
current_expected_task_count)
sdk_plan.wait_for_completed_deployment(foldered_name)
sdk_plan.wait_for_completed_recovery(foldered_name)
def setup_module(module):
install.uninstall(PACKAGE_NAME)
options = {"service": {"spec_file": "examples/sidecar.yml"}}
# this yml has 2 hello's + 0 world's:
install.install(PACKAGE_NAME, 2, additional_options=options)
def zookeeper_server(kerberos):
service_options = {
"service": {
"name": config.ZOOKEEPER_SERVICE_NAME,
"security": {
"kerberos": {
"enabled": True,
"kdc": {
"hostname": kerberos.get_host(),
"port": int(kerberos.get_port())
},
"realm": kerberos.get_realm(),
"keytab_secret": kerberos.get_keytab_path(),
}
},
}
}
zk_account = "kafka-zookeeper-service-account"
zk_secret = "kakfa-zookeeper-secret"
if sdk_utils.is_strict_mode():
service_options = sdk_utils.merge_dictionaries(
{
"service": {
"service_account": zk_account,
"service_account_secret": zk_secret
}
},
service_options,
)
try:
sdk_install.uninstall(config.ZOOKEEPER_PACKAGE_NAME,
config.ZOOKEEPER_SERVICE_NAME)
service_account_info = sdk_security.setup_security(
config.ZOOKEEPER_SERVICE_NAME,
linux_user="******",
service_account=zk_account,
service_account_secret=zk_secret,
)
sdk_install.install(
config.ZOOKEEPER_PACKAGE_NAME,
config.ZOOKEEPER_SERVICE_NAME,
config.ZOOKEEPER_TASK_COUNT,
additional_options=service_options,
timeout_seconds=30 * 60,
insert_strict_options=False,
)
yield {
**service_options,
**{
"package_name": config.ZOOKEEPER_PACKAGE_NAME
}
}
finally:
sdk_install.uninstall(config.ZOOKEEPER_PACKAGE_NAME,
config.ZOOKEEPER_SERVICE_NAME)
sdk_security.cleanup_security(config.ZOOKEEPER_SERVICE_NAME,
service_account_info)
def setup_module(module):
install.uninstall(PACKAGE_NAME)
utils.gc_frameworks()
options = {"service": {"spec_file": "examples/cni.yml"}}
install.install(PACKAGE_NAME, 1, additional_options=options)
def test_secrets_config_update():
# 1) install examples/secrets.yml
# 2) create new Secrets, delete old Secrets
# 2) update configuration with new Secrets
# 4) verify secret content (using new Secrets after config update)
install.uninstall(PACKAGE_NAME)
create_secrets("{}/".format(PACKAGE_NAME))
install.install(PACKAGE_NAME,
NUM_HELLO + NUM_WORLD,
additional_options=secret_options)
# launch will fail if secrets are not available or not accessible
plan.wait_for_completed_deployment(PACKAGE_NAME)
# tasks will fail if secret file is not created
tasks.check_running(PACKAGE_NAME, NUM_HELLO + NUM_WORLD)
# Verify secret content, one from each pod type
# get tasks ids - only first pods
hello_tasks = tasks.get_task_ids(PACKAGE_NAME, "hello-0")
world_tasks = tasks.get_task_ids(PACKAGE_NAME, "world-0")
# make sure it has the default value
assert secret_content_default == task_exec(
world_tasks[0], "bash -c 'echo $WORLD_SECRET1_ENV'")
assert secret_content_default == task_exec(world_tasks[0],
"cat WORLD_SECRET2_FILE")
assert secret_content_default == task_exec(
world_tasks[0], "cat {}/secret3".format(PACKAGE_NAME))
# hello tasks has container image
assert secret_content_default == task_exec(
hello_tasks[0], "bash -c 'echo $HELLO_SECRET1_ENV'")
assert secret_content_default == task_exec(hello_tasks[0],
"cat HELLO_SECRET1_FILE")
assert secret_content_default == task_exec(hello_tasks[0],
"cat HELLO_SECRET2_FILE")
# clean up and delete secrets (defaults)
delete_secrets("{}/".format(PACKAGE_NAME))
# create new secrets with new content -- New Value
create_secrets(secret_content_arg=secret_content_alternative)
config = marathon.get_config(PACKAGE_NAME)
config['env']['HELLO_SECRET1'] = 'secret1'
config['env']['HELLO_SECRET2'] = 'secret2'
config['env']['WORLD_SECRET1'] = 'secret1'
config['env']['WORLD_SECRET2'] = 'secret2'
config['env']['WORLD_SECRET3'] = 'secret3'
# config update
marathon.update_app(PACKAGE_NAME, config)
# wait till plan is complete - pods are supposed to restart
plan.wait_for_completed_deployment(PACKAGE_NAME)
# all tasks are running
tasks.check_running(PACKAGE_NAME, NUM_HELLO + NUM_WORLD)
# Verify secret content is changed
# get task ids - only first pod
hello_tasks = tasks.get_task_ids(PACKAGE_NAME, "hello-0")
world_tasks = tasks.get_task_ids(PACKAGE_NAME, "world-0")
assert secret_content_alternative == task_exec(
world_tasks[0], "bash -c 'echo $WORLD_SECRET1_ENV'")
assert secret_content_alternative == task_exec(world_tasks[0],
"cat WORLD_SECRET2_FILE")
assert secret_content_alternative == task_exec(world_tasks[0],
"cat secret3")
assert secret_content_alternative == task_exec(
hello_tasks[0], "bash -c 'echo $HELLO_SECRET1_ENV'")
assert secret_content_alternative == task_exec(hello_tasks[0],
"cat HELLO_SECRET1_FILE")
assert secret_content_alternative == task_exec(hello_tasks[0],
"cat HELLO_SECRET2_FILE")
# clean up and delete secrets
delete_secrets()
def test_secrets_update():
# 1) create Secrets
# 2) install examples/secrets.yml
# 3) update Secrets
# 4) restart task
# 5) verify Secrets content (updated after restart)
# 6) delete Secrets
install.uninstall(PACKAGE_NAME)
create_secrets("{}/".format(PACKAGE_NAME))
install.install(PACKAGE_NAME,
NUM_HELLO + NUM_WORLD,
additional_options=secret_options)
# launch will fail if secrets are not available or not accessible
plan.wait_for_completed_deployment(PACKAGE_NAME)
# tasks will fail if secret file is not created
tasks.check_running(PACKAGE_NAME, NUM_HELLO + NUM_WORLD)
cmd.run_cli("security secrets update --value={} {}/secret1".format(
secret_content_alternative, PACKAGE_NAME))
cmd.run_cli("security secrets update --value={} {}/secret2".format(
secret_content_alternative, PACKAGE_NAME))
cmd.run_cli("security secrets update --value={} {}/secret3".format(
secret_content_alternative, PACKAGE_NAME))
# Verify with hello-0 and world-0, just check with one of the pods
hello_tasks_old = tasks.get_task_ids(PACKAGE_NAME, "hello-0")
world_tasks_old = tasks.get_task_ids(PACKAGE_NAME, "world-0")
# restart pods to retrieve new secret's content
cmd.run_cli('hello-world pods restart hello-0')
cmd.run_cli('hello-world pods restart world-0')
# wait pod restart to complete
tasks.check_tasks_updated(PACKAGE_NAME, "hello-0", hello_tasks_old)
tasks.check_tasks_updated(PACKAGE_NAME, 'world-0', world_tasks_old)
# wait till it is running
tasks.check_running(PACKAGE_NAME, NUM_HELLO + NUM_WORLD)
# get new task ids - only first pod
hello_tasks = tasks.get_task_ids(PACKAGE_NAME, "hello-0")
world_tasks = tasks.get_task_ids(PACKAGE_NAME, "world-0")
# make sure content is changed
assert secret_content_alternative == task_exec(
world_tasks[0], "bash -c 'echo $WORLD_SECRET1_ENV'")
assert secret_content_alternative == task_exec(world_tasks[0],
"cat WORLD_SECRET2_FILE")
assert secret_content_alternative == task_exec(
world_tasks[0], "cat {}/secret3".format(PACKAGE_NAME))
# make sure content is changed
assert secret_content_alternative == task_exec(
hello_tasks[0], "bash -c 'echo $HELLO_SECRET1_ENV'")
assert secret_content_alternative == task_exec(hello_tasks[0],
"cat HELLO_SECRET1_FILE")
assert secret_content_alternative == task_exec(hello_tasks[0],
"cat HELLO_SECRET2_FILE")
# clean up and delete secrets
delete_secrets("{}/".format(PACKAGE_NAME))
def setup_module(module):
install.uninstall(PACKAGE_NAME)
install.install(PACKAGE_NAME, DEFAULT_TASK_COUNT)
def test_secrets_config_update():
# 1) install examples/secrets.yml
# 2) create new Secrets, delete old Secrets
# 2) update configuration with new Secrets
# 4) verify secret content (using new Secrets after config update)
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
create_secrets("{}/".format(config.SERVICE_NAME))
sdk_install.install(config.PACKAGE_NAME,
config.SERVICE_NAME,
NUM_HELLO + NUM_WORLD,
additional_options=secret_options)
# tasks will fail if secret file is not created
sdk_tasks.check_running(config.SERVICE_NAME, NUM_HELLO + NUM_WORLD)
# Verify secret content, one from each pod type
# make sure it has the default value
assert secret_content_default == read_secret(
"world-0", "bash -c 'echo $WORLD_SECRET1_ENV'")
assert secret_content_default == read_secret("world-0",
"cat WORLD_SECRET2_FILE")
assert secret_content_default == read_secret(
"world-0", "cat {}/secret3".format(config.SERVICE_NAME))
# hello tasks has container image
assert secret_content_default == read_secret(
"hello-0", "bash -c 'echo $HELLO_SECRET1_ENV'")
assert secret_content_default == read_secret("hello-0",
"cat HELLO_SECRET1_FILE")
assert secret_content_default == read_secret("hello-0",
"cat HELLO_SECRET2_FILE")
# clean up and delete secrets (defaults)
delete_secrets("{}/".format(config.SERVICE_NAME))
# create new secrets with new content -- New Value
create_secrets(secret_content_arg=secret_content_alternative)
marathon_config = sdk_marathon.get_config(config.SERVICE_NAME)
marathon_config['env']['HELLO_SECRET1'] = 'secret1'
marathon_config['env']['HELLO_SECRET2'] = 'secret2'
marathon_config['env']['WORLD_SECRET1'] = 'secret1'
marathon_config['env']['WORLD_SECRET2'] = 'secret2'
marathon_config['env']['WORLD_SECRET3'] = 'secret3'
# config update
sdk_marathon.update_app(config.SERVICE_NAME, marathon_config)
# wait till plan is complete - pods are supposed to restart
sdk_plan.wait_for_completed_deployment(config.SERVICE_NAME)
# all tasks are running
sdk_tasks.check_running(config.SERVICE_NAME, NUM_HELLO + NUM_WORLD)
# Verify secret content is changed
assert secret_content_alternative == read_secret(
"world-0", "bash -c 'echo $WORLD_SECRET1_ENV'")
assert secret_content_alternative == read_secret("world-0",
"cat WORLD_SECRET2_FILE")
assert secret_content_alternative == read_secret("world-0", "cat secret3")
assert secret_content_alternative == read_secret(
"hello-0", "bash -c 'echo $HELLO_SECRET1_ENV'")
assert secret_content_alternative == read_secret("hello-0",
"cat HELLO_SECRET1_FILE")
assert secret_content_alternative == read_secret("hello-0",
"cat HELLO_SECRET2_FILE")
# clean up and delete secrets
delete_secrets()
def test_marathon_volume_collision():
# This test validates that a service registered in a sub-role of
# slave_public will _not_ unreserve Marathon volumes RESERVED
# in the `slave_public` role.
# Uninstall HW first
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
# Install the marathon app
marathon_app_name = "persistent-test"
volume_name = "persistent-volume"
persistent_app = {
"id": marathon_app_name,
"mem": 128,
"user": "******",
"cmd":
"echo 'this is a test' > {}/test && sleep 10000".format(volume_name),
"container": {
"type":
"MESOS",
"volumes": [{
"persistent": {
"type": "root",
"size": 500,
"constraints": []
},
"mode": "RW",
"containerPath": volume_name,
}],
},
}
try:
sdk_marathon.install_app(persistent_app)
# Get its persistent Volume
host = sdk_marathon.get_scheduler_host(marathon_app_name)
# Should get e.g.: "/var/lib/mesos/slave/volumes/roles/slave_public/persistent-test#persistent-volume#76e7bb6d-64fa-11e8-abc5-8e679b292d5e"
rc, pv_path, _ = sdk_cmd.agent_ssh(
host,
"ls -d /var/lib/mesos/slave/volumes/roles/slave_public/{}#{}#*".
format(marathon_app_name, volume_name),
)
if rc != 0:
log.error("Could not get slave_public roles. return-code: '%s'\n",
rc)
assert rc == 0
pv_path = pv_path.strip()
@retrying.retry(wait_fixed=1000, stop_max_delay=60 * 1000)
def check_content():
rc, pv_content, _ = sdk_cmd.agent_ssh(
host, "cat {}/test".format(pv_path))
assert rc == 0 and pv_content.strip() == "this is a test"
check_content()
# Scale down the Marathon app
app_config = sdk_marathon.get_config(marathon_app_name)
app_config["instances"] = 0
sdk_marathon.update_app(app_config)
# Install Hello World
sdk_install.install(
config.PACKAGE_NAME,
config.SERVICE_NAME,
PRERESERVED_TASK_COUNT,
additional_options=pre_reserved_options,
)
# Make sure the persistent volume is still there
check_content()
# Uninstall Hello World
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
# Make sure the persistent volume is still there
check_content()
# Scale back up the marathon app
app_config = sdk_marathon.get_config(marathon_app_name)
app_config["instances"] = 1
sdk_marathon.update_app(app_config)
# Make sure the persistent volume is still there
check_content()
finally:
# Reinstall hello world
sdk_install.install(
config.PACKAGE_NAME,
config.SERVICE_NAME,
PRERESERVED_TASK_COUNT,
additional_options=pre_reserved_options,
)
sdk_marathon.destroy_app(marathon_app_name)
def hdfs_with_kerberos(configure_security_hdfs):
try:
primaries = ["hdfs", "HTTP"]
fqdn = "{service_name}.{host_suffix}".format(
service_name=HDFS_SERVICE_NAME,
host_suffix=sdk_hosts.AUTOIP_HOST_SUFFIX)
instances = [
"name-0-node",
"name-0-zkfc",
"name-1-node",
"name-1-zkfc",
"journal-0-node",
"journal-1-node",
"journal-2-node",
"data-0-node",
"data-1-node",
"data-2-node",
]
principals = []
for (instance, primary) in itertools.product(instances, primaries):
principals.append("{primary}/{instance}.{fqdn}@{REALM}".format(
primary=primary,
instance=instance,
fqdn=fqdn,
REALM=sdk_auth.REALM))
principals.append(GENERIC_HDFS_USER_PRINCIPAL)
principals.append(ALICE_PRINCIPAL)
kerberos_env = sdk_auth.KerberosEnvironment()
kerberos_env.add_principals(principals)
kerberos_env.finalize()
service_kerberos_options = {
"service": {
"security": {
"kerberos": {
"enabled": True,
"kdc": {
"hostname": kerberos_env.get_host(),
"port": int(kerberos_env.get_port())
},
"keytab_secret": kerberos_env.get_keytab_path(),
"realm": kerberos_env.get_realm()
}
}
},
"hdfs": {
"security_auth_to_local":
hdfs_auth.get_principal_to_user_mapping()
}
}
sdk_install.uninstall(HDFS_PACKAGE_NAME, HDFS_SERVICE_NAME)
sdk_install.install(HDFS_PACKAGE_NAME,
HDFS_SERVICE_NAME,
DEFAULT_HDFS_TASK_COUNT,
additional_options=service_kerberos_options,
timeout_seconds=30 * 60)
yield kerberos_env
finally:
sdk_install.uninstall(HDFS_PACKAGE_NAME, HDFS_SERVICE_NAME)
sdk_cmd.run_cli('package repo remove hdfs-aws')
if kerberos_env:
kerberos_env.cleanup()
def setup_module(module):
install.uninstall(SERVICE_NAME, PACKAGE_NAME)
utils.gc_frameworks()
install.install(PACKAGE_NAME,
DEFAULT_BROKER_COUNT,
service_name=SERVICE_NAME)
def test_upgrade_111_210(configure_security):
foldered_name = sdk_utils.get_foldered_name(config.SERVICE_NAME)
sdk_install.uninstall(config.PACKAGE_NAME, foldered_name)
from_version = '2.4.0-1.1.1'
to_version = 'stub-universe'
# In case that 2.1.0 has been released upgrade we want to test to a specific
# 2.1.0 version rather than to latest stub universe version.
ret_code, stdout, _ = sdk_cmd.run_cli(
cmd='package describe kafka --package-versions', )
assert ret_code == 0
# Filter old versions in custom format that doesn't matches the x.x.x-x.x.x
package_versions = [
v for v in json.loads(stdout) if re.match(r'^([\d\.]+)\-([\d\.]+)$', v)
]
version_210 = sorted(
[v for v in package_versions if v.split('-')[1] == '2.1.0'],
reverse=True,
)
if len(version_210) > 0:
to_version = version_210[0]
try:
sdk_install.install(
package_name=config.PACKAGE_NAME,
service_name=foldered_name,
expected_running_tasks=config.DEFAULT_BROKER_COUNT,
additional_options={
"service": {
"name": foldered_name
},
"brokers": {
"cpus": 0.5
}
},
package_version=from_version,
)
# wait for brokers to finish registering before starting tests
test_utils.broker_count_check(config.DEFAULT_BROKER_COUNT,
service_name=foldered_name)
# Assert that inter broker protocol is set to 1.x version
_, options, _ = sdk_cmd.svc_cli(
config.PACKAGE_NAME,
foldered_name,
'describe',
parse_json=True,
)
assert options['kafka']['inter_broker_protocol_version'] == '1.0'
task_ids = sdk_tasks.get_task_ids(foldered_name, "")
# Run update to the new version
with tempfile.NamedTemporaryFile() as opts_f:
opts_f.write(
json.dumps({
'kafka': {
'inter_broker_protocol_version': '1.0'
}
}).encode('utf-8'))
opts_f.flush()
sdk_cmd.svc_cli(
config.PACKAGE_NAME,
foldered_name,
'update start --package-version={} --options={}'.format(
to_version,
opts_f.name,
),
)
# we must manually upgrade the package CLI because it's not done automatically in this flow
# (and why should it? that'd imply the package CLI replacing itself via a call to the main CLI...)
sdk_cmd.run_cli(
'package install --yes --cli --package-version={} {}'.format(
to_version,
config.PACKAGE_NAME,
))
sdk_tasks.check_tasks_updated(foldered_name, "", task_ids)
# Assert that inter broker protocol is set to 1.x version
_, options, _ = sdk_cmd.svc_cli(
config.PACKAGE_NAME,
foldered_name,
'describe',
parse_json=True,
)
assert options['kafka']['inter_broker_protocol_version'] == '1.0'
# Update protocol to 2.1 (serially) by changing kafka configuration
with tempfile.NamedTemporaryFile() as opts_f:
options['kafka']['inter_broker_protocol_version'] = '2.1'
opts_f.write(json.dumps(options).encode('utf-8'))
opts_f.flush()
sdk_cmd.svc_cli(
config.PACKAGE_NAME,
foldered_name,
"update start --options={}".format(opts_f.name),
)
# Assert that inter broker protocol is set to 2.1 version
_, options, _ = sdk_cmd.svc_cli(
config.PACKAGE_NAME,
foldered_name,
'describe',
parse_json=True,
)
assert options['kafka']['inter_broker_protocol_version'] == '2.1'
finally:
sdk_install.uninstall(config.PACKAGE_NAME, foldered_name)
def setup_module(module):
install.uninstall(PACKAGE_NAME)
options = {"service": {"spec_file": "examples/executor_volume.yml"}}
install.install(PACKAGE_NAME, 3, additional_options=options)
def setup_module(module):
install.uninstall(PACKAGE_NAME)
options = {"service": {"spec_file": "examples/web-url.yml"}}
# this config produces 1 hello's + 0 world's:
install.install(PACKAGE_NAME, 1, additional_options=options)
def test_upgrade_from_xpack_enabled(
package_name: str,
service_name: str,
options: Dict[str, Any],
expected_task_count: int,
) -> None:
# This test needs to run some code in between the Universe version installation and the upgrade
# to the 'stub-universe' version, so it cannot use `sdk_upgrade.test_upgrade`.
http_user = DEFAULT_ELASTICSEARCH_USER
http_password = DEFAULT_ELASTICSEARCH_PASSWORD
sdk_install.uninstall(package_name, service_name)
# Move Universe repo to the top of the repo list so that we can first install the Universe
# version.
_, universe_version = sdk_repository.move_universe_repo(
package_name, universe_repo_index=0)
sdk_install.install(
package_name,
service_name,
expected_running_tasks=expected_task_count,
additional_options={"elasticsearch": {
"xpack_enabled": True
}},
package_version=universe_version,
)
document_es_5_id = 1
document_es_5_fields = {
"name": "Elasticsearch 5: X-Pack enabled",
"role": "search engine"
}
create_document(
DEFAULT_INDEX_NAME,
DEFAULT_INDEX_TYPE,
document_es_5_id,
document_es_5_fields,
service_name=service_name,
http_user=http_user,
http_password=http_password,
)
# This is the first crucial step when upgrading from "X-Pack enabled" on ES5 to "X-Pack security
# enabled" on ES6. The default "changeme" password doesn't work anymore on ES6, so passwords
# *must* be *explicitly* set, otherwise nodes won't authenticate requests, leaving the cluster
# unavailable. Users will have to do this manually when upgrading.
_curl_query(
service_name,
"POST",
"_xpack/security/user/{}/_password".format(http_user),
json_body={"password": http_password},
http_user=http_user,
http_password=http_password,
)
# Move Universe repo back to the bottom of the repo list so that we can upgrade to the version
# under test.
_, test_version = sdk_repository.move_universe_repo(package_name)
# First we upgrade to "X-Pack security enabled" set to false on ES6, so that we can use the
# X-Pack migration assistance and upgrade APIs.
sdk_upgrade.update_or_upgrade_or_downgrade(
package_name,
service_name,
test_version,
{
"service": {
"update_strategy": "parallel"
},
"elasticsearch": {
"xpack_security_enabled": False
},
},
expected_task_count,
)
# Get list of indices to upgrade from here. The response looks something like:
# {
# "indices" : {
# ".security" : {
# "action_required" : "upgrade"
# },
# ".watches" : {
# "action_required" : "upgrade"
# }
# }
# }
response = _curl_query(service_name, "GET",
"_xpack/migration/assistance?pretty")
# This is the second crucial step when upgrading from "X-Pack enabled" on ES5 to ES6. The
# ".security" index (along with any others returned by the "assistance" API) needs to be
# upgraded.
for index in response["indices"]:
_curl_query(
service_name,
"POST",
"_xpack/migration/upgrade/{}?pretty".format(index),
http_user=http_user,
http_password=http_password,
)
document_es_6_security_disabled_id = 2
document_es_6_security_disabled_fields = {
"name": "Elasticsearch 6: X-Pack security disabled",
"role": "search engine",
}
create_document(
DEFAULT_INDEX_NAME,
DEFAULT_INDEX_TYPE,
document_es_6_security_disabled_id,
document_es_6_security_disabled_fields,
service_name=service_name,
http_user=http_user,
http_password=http_password,
)
# After upgrading the indices, we're now safe to do the actual configuration update, possibly
# enabling X-Pack security.
sdk_service.update_configuration(package_name, service_name, options,
expected_task_count)
document_es_6_post_update_id = 3
document_es_6_post_update_fields = {
"name": "Elasticsearch 6: Post update",
"role": "search engine",
}
create_document(
DEFAULT_INDEX_NAME,
DEFAULT_INDEX_TYPE,
document_es_6_post_update_id,
document_es_6_post_update_fields,
service_name=service_name,
http_user=http_user,
http_password=http_password,
)
# Make sure that documents were created and are accessible.
verify_document(
service_name,
document_es_5_id,
document_es_5_fields,
http_user=http_user,
http_password=http_password,
)
verify_document(
service_name,
document_es_6_security_disabled_id,
document_es_6_security_disabled_fields,
http_user=http_user,
http_password=http_password,
)
verify_document(
service_name,
document_es_6_post_update_id,
document_es_6_post_update_fields,
http_user=http_user,
http_password=http_password,
)
def test_region_zone_injection():
sdk_install.install(config.PACKAGE_NAME, config.SERVICE_NAME, 3)
assert fault_domain_vars_are_present('hello-0')
assert fault_domain_vars_are_present('world-0')
assert fault_domain_vars_are_present('world-1')
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
