def setUp(self):
testutils.GanetiTestCase.setUp(self)
# certificate file that contains the certificate only
self._certfilename1 = testutils.TestDataFilename("cert1.pem")
# (different) certificate file that contains both, certificate
# and private key
self._certfilename2 = testutils.TestDataFilename("cert2.pem")
def testMismatchInNodeCert(self):
cert1_path = testutils.TestDataFilename("cert1.pem")
cert2_path = testutils.TestDataFilename("cert2.pem")
tmpfile = utils.PathJoin(self.tmpdir, "cert")
# Extract certificate
cert1 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
utils.ReadFile(cert1_path))
cert1_pem = OpenSSL.crypto.dump_certificate(
OpenSSL.crypto.FILETYPE_PEM, cert1)
# Extract mismatching key
key2 = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM,
utils.ReadFile(cert2_path))
key2_pem = OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM,
key2)
# Write to file
utils.WriteFile(tmpfile, data=cert1_pem + key2_pem)
try:
utils.CheckNodeCertificate(cert1, _noded_cert_file=tmpfile)
except errors.X509CertError, err:
self.assertEqual(
err.args,
(tmpfile, "Certificate does not match with private key"))
class TestCgroupReadData(LXCHypervisorTestCase):
cgroot = os.path.abspath(testutils.TestDataFilename("cgroup_root"))
@patch_object(LXCHypervisor, "_CGROUP_ROOT_DIR", cgroot)
def testGetCgroupMountPoint(self):
self.assertEqual(self.hv._GetCgroupMountPoint(), self.cgroot)
@patch_object(LXCHypervisor, "_PROC_SELF_CGROUP_FILE",
testutils.TestDataFilename("proc_cgroup.txt"))
def testGetCurrentCgroupSubsysGroups(self):
expected_groups = {
"memory": "", # root
"cpuset": "some_group",
"devices": "some_group",
}
self.assertEqual(self.hv._GetCurrentCgroupSubsysGroups(),
expected_groups)
@patch_object(LXCHypervisor, "_GetOrPrepareCgroupSubsysMountPoint")
@patch_object(LXCHypervisor, "_GetCurrentCgroupSubsysGroups")
def testGetCgroupSubsysDir(self, getcgg_mock, getmp_mock):
getmp_mock.return_value = "/cg"
getcgg_mock.return_value = {"cpuset": "grp"}
self.assertEqual(self.hv._GetCgroupSubsysDir("memory"), "/cg/lxc")
self.assertEqual(self.hv._GetCgroupSubsysDir("cpuset"), "/cg/grp/lxc")
@patch_object(LXCHypervisor, "_GetOrPrepareCgroupSubsysMountPoint")
@patch_object(LXCHypervisor, "_GetCurrentCgroupSubsysGroups")
def testGetCgroupParamPath(self, getcgg_mock, getmp_mock):
getmp_mock.return_value = "/cg"
getcgg_mock.return_value = {"cpuset": "grp"}
self.assertEqual(
self.hv._GetCgroupParamPath("memory.memsw.limit_in_bytes",
instance_name="instance1"),
"/cg/lxc/instance1/memory.memsw.limit_in_bytes")
self.assertEqual(self.hv._GetCgroupParamPath("cpuset.cpus"),
"/cg/grp/lxc/cpuset.cpus")
@patch_object(LXCHypervisor, "_GetCgroupSubsysDir")
def testGetCgroupInstanceValue(self, getdir_mock):
getdir_mock.return_value = utils.PathJoin(self.cgroot, "memory", "lxc")
self.assertEqual(
self.hv._GetCgroupInstanceValue("instance1",
"memory.limit_in_bytes"), "128")
getdir_mock.return_value = utils.PathJoin(self.cgroot, "cpuset",
"some_group", "lxc")
self.assertEqual(
self.hv._GetCgroupInstanceValue("instance1", "cpuset.cpus"), "0-1")
@patch_object(LXCHypervisor, "_GetCgroupInstanceValue")
def testGetCgroupCpuList(self, getval_mock):
getval_mock.return_value = "0-1"
self.assertEqual(self.hv._GetCgroupCpuList("instance1"), [0, 1])
@patch_object(LXCHypervisor, "_GetCgroupInstanceValue")
def testGetCgroupMemoryLimit(self, getval_mock):
getval_mock.return_value = "128"
self.assertEqual(self.hv._GetCgroupMemoryLimit("instance1"), 128)
def setUp(self):
"""Read in txt data"""
testutils.GanetiTestCase.setUp(self)
proc_data = testutils.TestDataFilename("proc_drbd8.txt")
proc80e_data = testutils.TestDataFilename("proc_drbd80-emptyline.txt")
proc83_data = testutils.TestDataFilename("proc_drbd83.txt")
proc83_sync_data = testutils.TestDataFilename("proc_drbd83_sync.txt")
proc83_sync_krnl_data = \
testutils.TestDataFilename("proc_drbd83_sync_krnl2.6.39.txt")
proc84_data = testutils.TestDataFilename("proc_drbd84.txt")
proc84_sync_data = testutils.TestDataFilename("proc_drbd84_sync.txt")
proc84_emptyfirst_data = \
testutils.TestDataFilename("proc_drbd84_emptyfirst.txt")
self.proc80ev_data = \
testutils.TestDataFilename("proc_drbd80-emptyversion.txt")
self.drbd_info = drbd.DRBD8Info.CreateFromFile(filename=proc_data)
self.drbd_info80e = drbd.DRBD8Info.CreateFromFile(
filename=proc80e_data)
self.drbd_info83 = drbd.DRBD8Info.CreateFromFile(filename=proc83_data)
self.drbd_info83_sync = \
drbd.DRBD8Info.CreateFromFile(filename=proc83_sync_data)
self.drbd_info83_sync_krnl = \
drbd.DRBD8Info.CreateFromFile(filename=proc83_sync_krnl_data)
self.drbd_info84 = drbd.DRBD8Info.CreateFromFile(filename=proc84_data)
self.drbd_info84_sync = \
drbd.DRBD8Info.CreateFromFile(filename=proc84_sync_data)
self.drbd_info84_emptyfirst = \
drbd.DRBD8Info.CreateFromFile(filename=proc84_emptyfirst_data)
def testGetLinuxNodeInfo(self):
meminfo = testutils.TestDataFilename("proc_meminfo.txt")
cpuinfo = testutils.TestDataFilename("proc_cpuinfo.txt")
result = hv_base.BaseHypervisor.GetLinuxNodeInfo(meminfo, cpuinfo)
self.assertEqual(result["memory_total"], 7686)
self.assertEqual(result["memory_free"], 6272)
self.assertEqual(result["memory_dom0"], 2722)
self.assertEqual(result["cpu_total"], 4)
self.assertEqual(result["cpu_nodes"], 1)
self.assertEqual(result["cpu_sockets"], 1)
def testVerifyCertificate(self):
security.VerifyCertificate(testutils.TestDataFilename("cert1.pem"))
nonexist_filename = os.path.join(self.tmpdir, "does-not-exist")
(errcode, msg) = security.VerifyCertificate(nonexist_filename)
self.assertEqual(errcode, constants.CV_ERROR)
# Try to load non-certificate file
invalid_cert = testutils.TestDataFilename("bdev-net.txt")
(errcode, msg) = security.VerifyCertificate(invalid_cert)
self.assertEqual(errcode, constants.CV_ERROR)
def testMismatchingKey(self):
other_cert = testutils.TestDataFilename("cert1.pem")
node_cert = testutils.TestDataFilename("cert2.pem")
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
utils.ReadFile(other_cert))
try:
utils.CheckNodeCertificate(cert, _noded_cert_file=node_cert)
except errors.GenericError, err:
self.assertEqual(
str(err), "Given cluster certificate does not match local key")
def testNoPrivateKey(self):
cert_filename = testutils.TestDataFilename("cert1.pem")
cert_pem = utils.ReadFile(cert_filename)
self.assertRaises(self.MyException,
common._VerifyCertificateStrong,
cert_pem, self.MyException, _check_fn=NotImplemented)
def testNoPrivateKey(self):
cert_filename = testutils.TestDataFilename("cert1.pem")
cert_pem = utils.ReadFile(cert_filename)
self.assertRaises(errors.X509CertError,
node_daemon_setup._VerifyCertificate,
cert_pem, _check_fn=NotImplemented)
def testVerifyClientCertificateFailed(self, verif_cert):
expected_errcode = 666
verif_cert.return_value = (expected_errcode,
"The devil created this certificate.")
cert_file = testutils.TestDataFilename("cert2.pem")
(errcode, digest) = backend._VerifyClientCertificate(cert_file=cert_file)
self.assertEqual(expected_errcode, errcode)
def testInputFileHandle(self):
testfile = testutils.TestDataFilename("cert1.pem")
result = utils.RunCmd(["cat"], input_fd=open(testfile, "r"))
self.assertFalse(result.failed)
self.assertEqual(result.stdout, utils.ReadFile(testfile))
self.assertEqual(result.stderr, "")
def testReadAll(self):
data = utils.ReadFile(testutils.TestDataFilename("cert1.pem"))
self.assertEqual(len(data), 814)
h = compat.md5_hash()
h.update(data)
self.assertEqual(h.hexdigest(), "a491efb3efe56a0535f924d5f8680fd4")
def testCallback(self):
def _Cb(fh):
self.assertEqual(fh.tell(), 0)
data = utils.ReadFile(testutils.TestDataFilename("cert1.pem"),
preread=_Cb)
self.assertEqual(len(data), 1229)
def testReadAll(self):
data = utils.ReadFile(testutils.TestDataFilename("cert1.pem"))
self.assertEqual(len(data), 1229)
h = compat.md5_hash()
h.update(data)
self.assertEqual(h.hexdigest(), "a02be485db0d82b70c0ae7913b26894e")
def testVerifyClientCertificateSuccess(self, verif_cert):
# mock the underlying x509 verification because the test cert is expired
verif_cert.return_value = (None, None)
cert_file = testutils.TestDataFilename("cert2.pem")
(errcode, digest) = backend._VerifyClientCertificate(cert_file=cert_file)
self.assertEqual(None, errcode)
self.assertTrue(isinstance(digest, str))
def testNoInputRead(self):
testfile = testutils.TestDataFilename("cert1.pem")
result = utils.RunCmd(["cat"], timeout=10.0)
self.assertFalse(result.failed)
self.assertEqual(result.stderr, "")
self.assertEqual(result.stdout, "")
def testMissingFile(self):
cert_path = testutils.TestDataFilename("cert1.pem")
nodecert = utils.PathJoin(self.tmpdir, "does-not-exist")
utils.CheckNodeCertificate(NotImplemented, _noded_cert_file=nodecert)
self.assertFalse(os.path.exists(nodecert))
def testReadSize(self):
data = utils.ReadFile(testutils.TestDataFilename("cert1.pem"),
size=100)
self.assertEqual(len(data), 100)
h = compat.md5_hash()
h.update(data)
self.assertEqual(h.hexdigest(), "256d28505448898d4741b10c5f5dbc12")
def testGivenPrivateKey(self):
cert_filename = testutils.TestDataFilename("cert2.pem")
cert_pem = utils.ReadFile(cert_filename)
self.assertRaises(_JoinError,
prepare_node_join._VerifyCertificate,
cert_pem,
_check_fn=NotImplemented)
def testReadSize(self):
data = utils.ReadFile(testutils.TestDataFilename("cert1.pem"),
size=100)
self.assertEqual(len(data), 100)
h = compat.md5_hash()
h.update(data)
self.assertEqual(h.hexdigest(), "893772354e4e690b9efd073eed433ce7")
def testMatchingKey(self):
cert_filename = testutils.TestDataFilename("cert2.pem")
# Extract certificate
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
utils.ReadFile(cert_filename))
cert_pem = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM,
cert)
utils.CheckNodeCertificate(cert, _noded_cert_file=cert_filename)
def setUp(self):
"""Read in txt data"""
testutils.GanetiTestCase.setUp(self)
self.proc80_info = \
drbd_info.DRBD8Info.CreateFromFile(
filename=testutils.TestDataFilename("proc_drbd8.txt"))
self.proc83_info = \
drbd_info.DRBD8Info.CreateFromFile(
filename=testutils.TestDataFilename("proc_drbd83.txt"))
self.proc84_info = \
drbd_info.DRBD8Info.CreateFromFile(
filename=testutils.TestDataFilename("proc_drbd84.txt"))
self.test_unique_id = ("hosta.com", 123, "host2.com", 123, 0, "secret")
self.test_dyn_params = {
constants.DDP_LOCAL_IP: "192.0.2.1",
constants.DDP_LOCAL_MINOR: 0,
constants.DDP_REMOTE_IP: "192.0.2.2",
constants.DDP_REMOTE_MINOR: 0,
}
def testSuccessfulCheck(self):
cert_filename = testutils.TestDataFilename("cert2.pem")
cert_pem = utils.ReadFile(cert_filename)
result = \
node_daemon_setup._VerifyCertificate(cert_pem, _check_fn=self._Check)
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, result)
self.assertTrue(cert)
key = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, result)
self.assertTrue(key)
def testInputNumericFileDescriptor(self):
testfile = testutils.TestDataFilename("cert2.pem")
fh = open(testfile, "r")
try:
result = utils.RunCmd(["cat"], input_fd=fh.fileno())
finally:
fh.close()
self.assertFalse(result.failed)
self.assertEqual(result.stdout, utils.ReadFile(testfile))
self.assertEqual(result.stderr, "")
def testMismatchingKey(self):
cert1_path = testutils.TestDataFilename("cert1.pem")
cert2_path = testutils.TestDataFilename("cert2.pem")
# Extract certificate
cert1 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
utils.ReadFile(cert1_path))
cert1_pem = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM,
cert1)
# Extract mismatching key
key2 = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM,
utils.ReadFile(cert2_path))
key2_pem = OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM,
key2)
try:
common._VerifyCertificateStrong(cert1_pem + key2_pem, self.MyException,
_check_fn=NotImplemented)
except self.MyException, err:
self.assertTrue("not signed with given key" in str(err))
def testMismatchingKey(self):
cert1_path = testutils.TestDataFilename("cert1.pem")
cert2_path = testutils.TestDataFilename("cert2.pem")
# Extract certificate
cert1 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
utils.ReadFile(cert1_path))
cert1_pem = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM,
cert1)
# Extract mismatching key
key2 = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM,
utils.ReadFile(cert2_path))
key2_pem = OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM,
key2)
try:
node_daemon_setup._VerifyCertificate(cert1_pem + key2_pem,
_check_fn=NotImplemented)
except errors.X509CertError, err:
self.assertEqual(err.args,
("(stdin)", "Certificate is not signed with given key"))
def testInputWithCloseFds(self):
testfile = testutils.TestDataFilename("cert1.pem")
temp = open(self.fname, "r+")
try:
temp.write("test283523367")
temp.seek(0)
result = utils.RunCmd(["/bin/bash", "-c",
("cat && read -u %s; echo $REPLY" %
temp.fileno())],
input_fd=open(testfile, "r"),
noclose_fds=[temp.fileno()])
self.assertFalse(result.failed)
self.assertEqual(result.stdout.strip(),
utils.ReadFile(testfile) + "test283523367")
self.assertEqual(result.stderr, "")
finally:
temp.close()
def setUp(self):
"""Set up test data"""
testutils.GanetiTestCase.setUp(self)
self.proc84_info = \
drbd_info.DRBD8Info.CreateFromFile(
filename=testutils.TestDataFilename("proc_drbd84.txt"))
self.test_unique_id = ("hosta.com", 123, "host2.com", 123, 0,
serializer.Private("secret"))
self.test_dyn_params = {
constants.DDP_LOCAL_IP: "192.0.2.1",
constants.DDP_LOCAL_MINOR: 0,
constants.DDP_REMOTE_IP: "192.0.2.2",
constants.DDP_REMOTE_MINOR: 0,
}
fake_child_1 = self.fake_disk("/dev/sda5")
fake_child_2 = self.fake_disk("/dev/sda6")
self.children = [fake_child_1, fake_child_2]
def testNotStrict(self):
data = utils.ReadOneLineFile(testutils.TestDataFilename("cert1.pem"),
strict=False)
self.assertEqual(len(data), 27)
self.assertEqual(data, "-----BEGIN CERTIFICATE-----")
def testStrictFailure(self):
self.assertRaises(errors.GenericError,
utils.ReadOneLineFile,
testutils.TestDataFilename("cert1.pem"),
strict=True)
