def check():
env.platform_family = detect.detect()
# file
assert file.exists("/etc/hosts")
assert file.is_file("/etc/hosts")
assert file.is_dir("/tmp/")
assert file.dir_exists("/tmp/")
assert file.has_line("/etc/passwd", "sshd")
assert file.owner_is("/bin/sh", "root")
if env.platform_family == "freebsd":
assert file.is_link("/compat")
assert file.group_is("/bin/sh", "wheel")
assert file.mode_is("/bin/sh", "555")
else:
assert file.is_link("/usr/tmp")
assert file.group_is("/bin/sh", "root")
assert file.mode_is("/bin/sh", "777")
assert package.installed("wget.x86_64")
assert user.exists("sshd")
assert user.is_belonging_group("worker", "users")
assert group.is_exists("wheel")
assert port.is_listening(22)
assert cron.has_entry('shirou', 'python')
if env.platform_family == "freebsd":
assert service.is_enabled("apache22")
assert process.is_up("httpd")
else:
assert service.is_enabled("http")
assert process.is_up("http") is False
def check():
env.platform_family = detect.detect()
dot_npm = "/home/user1/.npm"
assert file.exists(dot_npm), \
"%s does not exist" % dot_npm
assert file.is_dir(dot_npm), \
"%s is not a directory" % dot_npm
assert file.mode_is(dot_npm, '755'), \
"%s is not mode 755" % dot_npm
assert file.owner_is(dot_npm, 'user1'), \
"%s is not owned by user1" % dot_npm
# directory { should be_grouped_into 'my_nodejs_app' }
assert port.is_listening(80), "port 80/apache2 is not listening"
assert user.exists("user1"), "user my_nodejs_app does not exist"
assert process.is_up("node"), "node process is not up"
# its('args') { should match 'server.js|app.js' }
assert service.is_enabled("node-app"), \
"node-app service is not enabled"
assert nodejs_is_responding(), "node demo app did not respond as expected"
def mysql():
env.platform_family = detect.detect()
if env.platform_family == 'debian':
mysql_package = 'mysql-server-5.5'
mysql_process = 'mysql'
holland_package = 'holland'
elif env.platform_family == 'rhel':
mysql_package = 'mysql-server'
mysql_process = 'mysqld'
holland_package = 'holland'
else:
raise ValueError('OS ' + env.platform_family +
' unknown, update tests.')
packages = [holland_package, mysql_package]
for pkg in packages:
assert package.installed(pkg), ('package ' + pkg + 'not found')
assert port.is_listening(3306), '3306 not listening'
root_my_cnf = "/root/.my.cnf"
assert file.exists(root_my_cnf), 'root my.cnf does not exist'
assert file.mode_is(root_my_cnf, 600), \
'permissions are wrong on root my.cnf'
assert file.owner_is(root_my_cnf, "root"), 'owner is wrong on root my.cnf'
assert process.is_up(mysql_process), 'mysql is not running'
assert service.is_enabled(mysql_process), 'mysql is not enabled'
def check():
env.platform_family = detect.detect()
dot_npm = "/home/user1/.npm"
assert file.exists(dot_npm), \
"%s does not exist" % dot_npm
assert file.is_dir(dot_npm), \
"%s is not a directory" % dot_npm
assert file.mode_is(dot_npm, '755'), \
"%s is not mode 755" % dot_npm
assert file.owner_is(dot_npm, 'user1'), \
"%s is not owned by user1" % dot_npm
# directory { should be_grouped_into 'my_nodejs_app' }
assert port.is_listening(80), "port 80/apache2 is not listening"
assert user.exists("user1"), "user my_nodejs_app does not exist"
assert process.is_up("node"), "node process is not up"
# its('args') { should match 'server.js|app.js' }
assert service.is_enabled("node-app"), \
"node-app service is not enabled"
assert nodejs_is_responding(), "node demo app did not respond as expected"
def mysql():
env.platform_family = detect.detect()
packages = ["holland", "mysql-server"]
for pkg in packages:
assert package.installed(pkg)
assert port.is_listening(3306)
assert process.is_up("mysqld")
root_my_cnf = "/root/.my.cnf"
assert file.exists(root_my_cnf)
assert file.mode_is(root_my_cnf, 600)
assert file.owner_is(root_my_cnf, "root")
def lsync_client():
env.platform_family = detect.detect()
wordpress_user = "******"
web_group = "www-data"
ssh_dir = "/var/www/vhosts/example.com/.ssh"
auth_keys = os.path.join(ssh_dir, "authorized_keys")
assert user.exists(wordpress_user)
assert user.is_belonging_group(wordpress_user, web_group)
assert file.dir_exists(ssh_dir)
assert file.owner_is(ssh_dir, wordpress_user)
assert file.owner_is(auth_keys, wordpress_user)
assert file.mode_is(auth_keys, 644)
def lsyncd():
env.platform_family = detect.detect()
wordpress_user = "******"
web_group = "www-data"
ssh_dir = "/var/www/vhosts/example.com/.ssh"
private_key = os.path.join(ssh_dir, "id_rsa")
assert package.installed("lsyncd")
assert process.is_up("lsyncd")
assert service.is_enabled("lsyncd")
assert user.exists(wordpress_user)
assert user.is_belonging_group(wordpress_user, web_group)
assert file.dir_exists(ssh_dir)
assert file.owner_is(ssh_dir, wordpress_user)
assert file.owner_is(private_key, wordpress_user)
assert file.mode_is(private_key, 600)
def lsyncd():
env.platform_family = detect.detect()
wordpress_user = "******"
web_group = "www-data"
ssh_dir = "/var/www/vhosts/example.com/.ssh"
private_key = os.path.join(ssh_dir, "id_rsa")
assert package.installed("lsyncd"), 'lsyncd is not installed'
check_lsync_up()
assert service.is_enabled("lsyncd"), 'lsyncd is not enabled'
assert user.exists(wordpress_user), 'wp_user user does not exist'
assert user.exists('wp_user').get('passwd') != '!', 'wp_user pass missing'
assert user.is_belonging_group(wordpress_user, web_group), 'wp_user does belong to correct group'
assert file.dir_exists(ssh_dir), 'ssh directory does not exist'
assert file.owner_is(ssh_dir, wordpress_user), 'wp_user does not own ssh directory'
assert file.owner_is(private_key, wordpress_user), 'wp_user does not own ssh key'
assert file.mode_is(private_key, 600), 'ssh key is not set to correct mode'
def lsyncd():
env.platform_family = detect.detect()
wordpress_user = "******"
web_group = "www-data"
ssh_dir = "/var/www/vhosts/example.com/.ssh"
private_key = os.path.join(ssh_dir, "id_rsa")
assert package.installed("lsyncd"), 'lsyncd is not installed'
assert process.is_up("lsyncd"), 'lsyncd is not up'
assert service.is_enabled("lsyncd"), 'lsyncd is not enabled'
assert user.exists(wordpress_user), 'wp_user user does not exist'
assert user.exists('wp_user').get('passwd') != '!', 'wp_user pass missing'
assert user.is_belonging_group(
wordpress_user, web_group), 'wp_user does belong to correct group'
assert file.dir_exists(ssh_dir), 'ssh directory does not exist'
assert file.owner_is(ssh_dir,
wordpress_user), 'wp_user does not own ssh directory'
assert file.owner_is(private_key,
wordpress_user), 'wp_user does not own ssh key'
assert file.mode_is(private_key, 600), 'ssh key is not set to correct mode'
def guest_network(self,config):
vpn_config = {
"local_public_ip": config['router_guest_ip'],
"local_guest_cidr":"%s/%s" % (config['router_guest_gateway'], config['cidr']),
"local_public_gateway":"172.16.1.1",
"peer_gateway_ip":"10.200.200.1",
"peer_guest_cidr_list":"10.0.0.0/24",
"esp_policy":"3des-md5",
"ike_policy":"3des-md5",
"ipsec_psk":"vpnblabla",
"ike_lifetime":86400,
"esp_lifetime":3600,
"create":True,
"dpd":False,
"passive":False,
"type":"site2sitevpn"
}
octets = config['router_guest_ip'].split('.')
configs = []
# This should fail because the network does not yet exist
self.update_config(vpn_config)
assert not file.exists("/etc/ipsec.d/ipsec.vpn-%s.conf" % vpn_config['peer_gateway_ip'])
self.update_config(config)
self.update_config(vpn_config)
assert ip.has_ip("%s/%s" % (config['router_guest_ip'], config['cidr']), config['device'])
assert process.is_up("apache2"), "Apache2 should be running after adding a guest network"
assert process.is_up("dnsmasq"), "Dnsmasq should be running after adding a guest network"
assert file.exists("/etc/ipsec.d/ipsec.vpn-%s.conf" % vpn_config['peer_gateway_ip'])
assert file.mode_is("/etc/ipsec.d/ipsec.vpn-%s.secrets" % vpn_config['peer_gateway_ip'], "400")
result = run("/usr/sbin/ipsec setup status", timeout=600, warn_only=True)
assert result.succeeded, 'ipsec returned non zero status %s' % config['router_guest_ip']
# Add a host to the dhcp server
# This must happen in order for dnsmasq to be listening
for n in range(3,13):
ipb = ".".join(octets[0:3])
ipa = "%s.%s" % (ipb, n)
gw = "%s.1" % ipb
self.basic_dhcp_entry['ipv4_adress'] = ipa
self.basic_dhcp_entry['default_gateway'] = gw
self.basic_dhcp_entry['host_name'] = "host_%s" % (ipa)
self.update_config(self.basic_dhcp_entry)
configs.append(copy.deepcopy(self.basic_dhcp_entry))
assert port.is_listening(80)
assert port.is_listening(53)
assert port.is_listening(53)
assert port.is_listening(67)
for o in configs:
line = "%s,%s,%s,infinite" % (o['mac_address'], o['ipv4_adress'], o['host_name'])
assert file.has_line("/etc/dhcphosts.txt", line)
config['add'] = False
self.update_config(config)
assert not ip.has_ip("%s/%s" % (config['router_guest_ip'], config['cidr']), config['device'])
# Now setup what we have redundant
self.redundant("-e")
self.configure()
assert process.is_up("keepalived"), "Keepalived should be running after enabling redundancy"
assert process.is_up("conntrackd"), "Conntrackd should be running after enabling redundancy"
self.redundant("-d")
self.configure()
assert not process.is_up("keepalived"), "Keepalived should be not running after disabling redundancy"
assert not process.is_up("conntrackd"), "Conntrackd should be not running after disabling redundancy"
for o in configs:
o['add'] = False
self.update_config(o)
for o in configs:
line = "%s,%s,%s,infinite" % (o['mac_address'], o['ipv4_adress'], o['host_name'])
assert file.has_line("/etc/dhcphosts.txt", line) is False
# If the network gets deleted so should the vpn
assert not file.exists("/etc/ipsec.d/ipsec.vpn-%s.conf" % vpn_config['peer_gateway_ip'])
def acceptance_tests_common_tests_for_flocker(distribution):
""" Runs checks that are common to all platforms related to Flocker
:param string distribution: which OS to use 'centos7', 'ubuntu1404'
"""
with settings():
env.platform_family = detect.detect()
# Jenkins should call the correct interpreter based on the shebang
# However,
# We noticed that our Ubuntu /bin/bash calls were being executed
# as /bin/sh.
# So we as part of the slave image build process symlinked
# /bin/sh -> /bin/bash.
# https://clusterhq.atlassian.net/browse/FLOC-2986
log_green('check that /bin/sh is symlinked to bash')
assert file.is_link("/bin/sh")
assert 'bash' in run('ls -l /bin/sh')
# umask needs to be set to 022, so that the packages we build
# through the flocker tests have the correct permissions.
# otherwise rpmlint fails with permssion errors.
log_green('check that our umask matches 022')
assert '022' in run('umask')
# we need to keep the PATH so that we can run virtualenv with sudo
log_green('check that the environment is not reset on sudo')
assert sudo("sudo grep "
"'Defaults:\%wheel\ \!env_reset\,\!secure_path'"
" /etc/sudoers")
# the run acceptance tests fail if we don't have a known_hosts file
# so we make sure it exists
log_green('check that /root/.ssh/known_hosts exists')
# known_hosts needs to have 600 permissions
assert sudo("ls /root/.ssh/known_hosts")
assert "600" in sudo("stat -c %a /root/.ssh/known_hosts")
# fpm is used for building RPMs/DEBs
log_green('check that fpm is installed')
assert 'fpm' in sudo('gem list')
# A lot of Flocker tests use different docker images,
# we don't want to have to download those images every time we
# spin up a new slave node. So we make sure they are cached
# locally when we bake the image.
log_green('check that images have been downloaded locally')
for image in local_docker_images():
log_green(' checking %s' % image)
if ':' in image:
parts = image.split(':')
expression = parts[0] + '.*' + parts[1]
assert re.search(expression, sudo('docker images'))
else:
assert image in sudo('docker images')
# CentOS 7 provides us with a fairly old git version, we install
# a recent version in /usr/local/bin
log_green('check that git is installed locally')
assert file.exists("/usr/local/bin/git")
# and then update the PATH so that our new git comes first
log_green('check that /usr/local/bin is in path')
assert '/usr/local/bin/git' in run('which git')
# update pip
# We have a devpi cache in AWS which we will consume instead of
# going upstream to the PyPi servers.
# We specify that devpi caching server using -i \$PIP_INDEX_URL
# which requires as to include --trusted_host as we are not (yet)
# using SSL on our caching box.
# The --trusted-host option is only available with pip 7
log_green('check that pip is the latest version')
assert '7.' in run('pip --version')
# The /tmp/acceptance.yaml file is deployed to the jenkins slave
# during bootstrapping. These are copied from the Jenkins Master
# /etc/slave_config directory.
# We just need to make sure that directory exists.
log_green('check that /etc/slave_config exists')
assert file.dir_exists("/etc/slave_config")
assert file.mode_is("/etc/slave_config", "777")
# pypy will be used in the acceptance tests
log_green('check that pypy is available')
assert '2.6.1' in run('pypy --version')
# the client acceptance tests run on docker instances
log_green('check that docker is running')
assert sudo('docker --version | grep "1.10."')
assert process.is_up("docker")
