def reduce_metrics_collection_threshold(appliance): f_name = scripts_path.join( 'openshift/change_metrics_collection_threshold.rb').strpath appliance.ssh_client.put_file(f_name, "/var/www/miq/vmdb") appliance.ssh_client.run_rails_command( "change_metrics_collection_threshold.rb {threshold}.minutes".format( threshold=SET_METRICS_CAPTURE_THRESHOLD_IN_MINUTES))
def reduce_metrics_collection_threshold(appliance): f_name = scripts_path.join('openshift/change_metrics_collection_threshold.rb').strpath appliance.ssh_client.put_file(f_name, "/var/www/miq/vmdb") appliance.ssh_client.run_rails_command( "change_metrics_collection_threshold.rb {threshold}.minutes".format( threshold=SET_METRICS_CAPTURE_THRESHOLD_IN_MINUTES))
def main(): parser = argparse.ArgumentParser(epilog=__doc__, formatter_class=argparse.RawDescriptionHelpFormatter) parser.add_argument('hostname', nargs='?', default=None, help='hostname or ip address of target appliance') parser.add_argument('username', nargs='?', default=credentials['ssh']['username'], help='SSH username for target appliance') parser.add_argument('password', nargs='?', default=credentials['ssh']['password'], help='SSH password for target appliance') parser.add_argument('-q', '--quiet', action='store_true', default=False, help='Do not print output of SSH commnads') args = parser.parse_args() ssh_kwargs = { 'username': args.username, 'password': args.password } if args.hostname is not None: ssh_kwargs['hostname'] = args.hostname appliance = IPAppliance(args.hostname) if appliance.version < '5.9': # Running evm:db:reset on CFME 5.8 sometimes leaves it in a state # where it is unable to start again print('EXITING: This script does not work reliably for CFME 5.8') return 1 with SSHClient(stream_output=not args.quiet, **ssh_kwargs) as ssh_client: # Graceful stop is done here even though it is slower than killing ruby processes. # Problem with killing ruby is that evm_watchdog gets spawned right after being killed # and then prevents you from destroying the DB. # Graceful stop makes sure there are no active connections to the DB left. print('Stopping evmserverd...') ssh_client.run_command('systemctl stop evmserverd') @wait_for_decorator(num_sec=60, delay=5) def check_no_db_connections(): psql_cmd = '/opt/rh/rh-postgresql95/root/usr/bin/psql' query = 'SELECT numbackends FROM pg_stat_database WHERE datname = \'vmdb_production\'' db = 'postgres' response = ssh_client.run_command('{} -c "{}" -d "{}" -t'.format(psql_cmd, query, db)) db_connections = int(response.output.strip()) return db_connections == 0 ssh_client.run_rake_command('evm:db:reset', disable_db_check=True) ssh_client.run_command('systemctl start evmserverd') # SSHClient has the smarts to get our hostname if none was provided # Soon, utils.appliance.Appliance will be able to do all of this # and this will be made good hostname = ssh_client._connect_kwargs['hostname'] print('Waiting for appliance UI...') args = [scripts_path.join('wait_for_appliance_ui.py').strpath, 'http://{}'.format(hostname)] return subprocess.call(args)
def scap_failures(self): """Return applied scap rules failure list.""" rules_failures = [] self.appliance.ssh_client.put_file(scripts_path.join('scap.rb'), '/tmp/scap.rb') if self.appliance.version >= "5.8": rules = '/var/www/miq/vmdb/productization/appliance_console/config/scap_rules.yml' else: rules = '/var/www/miq/vmdb/gems/pending/appliance_console/config/scap_rules.yml' ssg_path = VersionPicker({ Version.lowest(): "/usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml", '5.11': "/usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml" }).pick(self.appliance.version) assert self.appliance.ssh_client.run_command( 'gem install optimist').success assert self.appliance.ssh_client.run_command( f'cd /tmp/ && ruby scap.rb --rulesfile={rules} --ssg-path={ssg_path}' ) self.appliance.ssh_client.get_file('/tmp/scap-results.xccdf.xml', '/tmp/scap-results.xccdf.xml') self.appliance.ssh_client.get_file( f'{rules}', '/tmp/scap_rules.yml') # Get the scap rules with open('/tmp/scap_rules.yml') as f: yml = yaml.safe_load(f.read()) rules = yml['rules'] tree = lxml.etree.parse('/tmp/scap-results.xccdf.xml') root = tree.getroot() for rule in rules: elements = root.findall( f'.//{{http://checklists.nist.gov/xccdf/1.1}}rule-result[@idref="{rule}"]' ) if elements: result = elements[0].findall( './{http://checklists.nist.gov/xccdf/1.1}result') if result: if result[0].text != 'pass': rules_failures.append(rule) logger.info("{}: {}".format(rule, result[0].text)) else: logger.info(f"{rule}: no result") else: logger.info(f"{rule}: rule not found") return rules_failures
def main(): parser = argparse.ArgumentParser( epilog=__doc__, formatter_class=argparse.RawDescriptionHelpFormatter) parser.add_argument('hostname', nargs='?', default=None, help='hostname or ip address of target appliance') parser.add_argument('username', nargs='?', default=credentials['ssh']['username'], help='SSH username for target appliance') parser.add_argument('password', nargs='?', default=credentials['ssh']['password'], help='SSH password for target appliance') args = parser.parse_args() ssh_kwargs = {'username': args.username, 'password': args.password} if args.hostname is not None: ssh_kwargs['hostname'] = args.hostname with SSHClient(stream_output=True, **ssh_kwargs) as ssh_client: # Graceful stop is done here even though it is slower than killing ruby processes. # Problem with killing ruby is that evm_watchdog gets spawned right after being killed # and then prevents you from destroying the DB. # Graceful stop makes sure there are no active connections to the DB left. print('Stopping evmserverd...') ssh_client.run_command('systemctl stop evmserverd') ssh_client.run_rake_command('evm:db:reset', disable_db_check=True) ssh_client.run_command('systemctl start evmserverd') # SSHClient has the smarts to get our hostname if none was provided # Soon, utils.appliance.Appliance will be able to do all of this # and this will be made good hostname = ssh_client._connect_kwargs['hostname'] print('Waiting for appliance UI...') args = [ scripts_path.join('wait_for_appliance_ui.py').strpath, 'http://{}'.format(hostname) ] return subprocess.call(args)
def main(): parser = argparse.ArgumentParser( epilog=__doc__, formatter_class=argparse.RawDescriptionHelpFormatter) parser.add_argument('hostname', nargs='?', default=None, help='hostname or ip address of target appliance') parser.add_argument('username', nargs='?', default=credentials['ssh']['username'], help='SSH username for target appliance') parser.add_argument('password', nargs='?', default=credentials['ssh']['password'], help='SSH password for target appliance') args = parser.parse_args() ssh_kwargs = {'username': args.username, 'password': args.password} if args.hostname is not None: ssh_kwargs['hostname'] = args.hostname with SSHClient(stream_output=True, **ssh_kwargs) as ssh_client: # `systemctl stop evmserverd` is a little slow, and we're destroying the # db, so rudely killing ruby speeds things up significantly print('Stopping ruby processes...') ssh_client.run_command('killall ruby') ssh_client.run_rake_command('evm:db:reset') ssh_client.run_command('systemctl start evmserverd') # SSHClient has the smarts to get our hostname if none was provided # Soon, utils.appliance.Appliance will be able to do all of this # and this will be made good hostname = ssh_client._connect_kwargs['hostname'] print('Waiting for appliance UI...') args = [ scripts_path.join('wait_for_appliance_ui.py').strpath, 'http://{}'.format(hostname) ] return subprocess.call(args)
def main(): parser = argparse.ArgumentParser(epilog=__doc__, formatter_class=argparse.RawDescriptionHelpFormatter) parser.add_argument('hostname', nargs='?', default=None, help='hostname or ip address of target appliance') parser.add_argument('username', nargs='?', default=credentials['ssh']['username'], help='SSH username for target appliance') parser.add_argument('password', nargs='?', default=credentials['ssh']['password'], help='SSH password for target appliance') args = parser.parse_args() ssh_kwargs = { 'username': args.username, 'password': args.password } if args.hostname is not None: ssh_kwargs['hostname'] = args.hostname with SSHClient(stream_output=True, **ssh_kwargs) as ssh_client: # `systemctl stop evmserverd` is a little slow, and we're destroying the # db, so rudely killing ruby speeds things up significantly print('Stopping ruby processes...') ssh_client.run_command('killall ruby') ssh_client.run_rake_command('evm:db:reset') ssh_client.run_command('systemctl start evmserverd') # SSHClient has the smarts to get our hostname if none was provided # Soon, utils.appliance.Appliance will be able to do all of this # and this will be made good hostname = ssh_client._connect_kwargs['hostname'] print('Waiting for appliance UI...') args = [scripts_path.join('wait_for_appliance_ui.py').strpath, 'http://{}'.format(hostname)] return subprocess.call(args)
def smtp_test(request, appliance): """Fixture, which prepares the appliance for e-mail capturing tests Returns: :py:class:`util.smtp_collector_client.SMTPCollectorClient` instance. """ logger.info("Preparing start for e-mail collector") ports = env.get("mail_collector", {}).get("ports", {}) mail_server_port = ports.get("smtp", False) or os.getenv( 'SMTP', False) or random_port() mail_query_port = ports.get("json", False) or os.getenv( 'JSON', False) or random_port() my_ip = my_ip_address() logger.info("Mind that it needs ports %s and %s open", mail_query_port, mail_server_port) appliance.server.settings.update_smtp_server({ 'host': my_ip, 'port': str(mail_server_port), 'auth': "none" }) server_filename = scripts_path.join('smtp_collector.py').strpath server_command = server_filename + " --smtp-port {} --query-port {}".format( mail_server_port, mail_query_port) logger.info("Starting mail collector %s", server_command) collector = None def _finalize(): if collector is None: return logger.info("Sending KeyboardInterrupt to collector") try: collector.send_signal(signal.SIGINT) except OSError as e: # TODO: Better logging. logger.exception(e) logger.error("Something happened to the e-mail collector!") return time.sleep(2) if collector.poll() is None: logger.info("Sending SIGTERM to collector") collector.send_signal(signal.SIGTERM) time.sleep(5) if collector.poll() is None: logger.info("Sending SIGKILL to collector") collector.send_signal(signal.SIGKILL) collector.wait() logger.info("Collector finished") logger.info("Cleaning up smtp setup in CFME") collector = subprocess.Popen(server_command, shell=True) request.addfinalizer(_finalize) logger.info("Collector pid %s", collector.pid) logger.info("Waiting for collector to become alive.") time.sleep(3) assert collector.poll( ) is None, "Collector has died. Something must be blocking selected ports" logger.info("Collector alive") query_port_open = net_check_remote(mail_query_port, my_ip, force=True) server_port_open = net_check_remote(mail_server_port, my_ip, force=True) assert query_port_open and server_port_open,\ 'Ports {} and {} on the machine executing the tests are closed.\n'\ 'The ports are randomly chosen -> turn firewall off.'\ .format(mail_query_port, mail_server_port) client = SMTPCollectorClient(my_ip, mail_query_port) client.set_test_name(request.node.name) client.clear_database() return client
def main(): parser = argparse.ArgumentParser( epilog=__doc__, formatter_class=argparse.RawDescriptionHelpFormatter) parser.add_argument('hostname', nargs='?', default=None, help='hostname or ip address of target appliance') parser.add_argument('username', nargs='?', default=credentials['ssh']['username'], help='SSH username for target appliance') parser.add_argument('password', nargs='?', default=credentials['ssh']['password'], help='SSH password for target appliance') parser.add_argument('-q', '--quiet', action='store_true', default=False, help='Do not print output of SSH commnads') args = parser.parse_args() ssh_kwargs = {'username': args.username, 'password': args.password} if args.hostname is not None: ssh_kwargs['hostname'] = args.hostname appliance = IPAppliance(args.hostname) if appliance.version < '5.9': # Running evm:db:reset on CFME 5.8 sometimes leaves it in a state # where it is unable to start again print('EXITING: This script does not work reliably for CFME 5.8') return 1 with SSHClient(stream_output=not args.quiet, **ssh_kwargs) as ssh_client: # Graceful stop is done here even though it is slower than killing ruby processes. # Problem with killing ruby is that evm_watchdog gets spawned right after being killed # and then prevents you from destroying the DB. # Graceful stop makes sure there are no active connections to the DB left. print('Stopping evmserverd...') ssh_client.run_command('systemctl stop evmserverd') @wait_for_decorator(num_sec=60, delay=5) def check_no_db_connections(): psql_cmd = '/opt/rh/rh-postgresql95/root/usr/bin/psql' query = 'SELECT numbackends FROM pg_stat_database WHERE datname = \'vmdb_production\'' db = 'postgres' response = ssh_client.run_command( f'{psql_cmd} -c "{query}" -d "{db}" -t') db_connections = int(response.output.strip()) return db_connections == 0 ssh_client.run_rake_command( 'evm:db:reset', rake_cmd_prefix='DISABLE_DATABASE_ENVIRONMENT_CHECK=1') ssh_client.run_command('systemctl start evmserverd') # SSHClient has the smarts to get our hostname if none was provided # Soon, utils.appliance.Appliance will be able to do all of this # and this will be made good hostname = ssh_client._connect_kwargs['hostname'] print('Waiting for appliance UI...') args = [ scripts_path.join('wait_for_appliance_ui.py').strpath, f'http://{hostname}' ] return subprocess.call(args)
def smtp_test(request, appliance): """Fixture, which prepares the appliance for e-mail capturing tests Returns: :py:class:`util.smtp_collector_client.SMTPCollectorClient` instance. """ logger.info("Preparing start for e-mail collector") ports = env.get("mail_collector", {}).get("ports", {}) mail_server_port = ports.get("smtp", False) or os.getenv('SMTP', False) or random_port() mail_query_port = ports.get("json", False) or os.getenv('JSON', False) or random_port() my_ip = my_ip_address() logger.info("Mind that it needs ports %s and %s open", mail_query_port, mail_server_port) appliance.server.settings.update_smtp_server({ 'host': my_ip, 'port': str(mail_server_port), 'auth': "none" }) server_filename = scripts_path.join('smtp_collector.py').strpath server_command = server_filename + " --smtp-port {} --query-port {}".format( mail_server_port, mail_query_port ) logger.info("Starting mail collector %s", server_command) collector = None def _finalize(): if collector is None: return logger.info("Sending KeyboardInterrupt to collector") try: collector.send_signal(signal.SIGINT) except OSError as e: # TODO: Better logging. logger.exception(e) logger.error("Something happened to the e-mail collector!") return time.sleep(2) if collector.poll() is None: logger.info("Sending SIGTERM to collector") collector.send_signal(signal.SIGTERM) time.sleep(5) if collector.poll() is None: logger.info("Sending SIGKILL to collector") collector.send_signal(signal.SIGKILL) collector.wait() logger.info("Collector finished") logger.info("Cleaning up smtp setup in CFME") collector = subprocess.Popen(server_command, shell=True) request.addfinalizer(_finalize) logger.info("Collector pid %s", collector.pid) logger.info("Waiting for collector to become alive.") time.sleep(3) assert collector.poll() is None, "Collector has died. Something must be blocking selected ports" logger.info("Collector alive") query_port_open = net_check_remote(mail_query_port, my_ip, force=True) server_port_open = net_check_remote(mail_server_port, my_ip, force=True) assert query_port_open and server_port_open,\ 'Ports {} and {} on the machine executing the tests are closed.\n'\ 'The ports are randomly chosen -> turn firewall off.'\ .format(mail_query_port, mail_server_port) client = SMTPCollectorClient( my_ip, mail_query_port ) client.set_test_name(request.node.name) client.clear_database() return client