Exemple #1
0
def check():
    env.platform_family = detect.detect()
    # file
    assert file.exists("/etc/hosts")
    assert file.is_file("/etc/hosts")
    assert file.is_dir("/tmp/")
    assert file.dir_exists("/tmp/")
    assert file.has_line("/etc/passwd", "sshd")
    assert file.owner_is("/bin/sh", "root")
    if env.platform_family == "freebsd":
        assert file.is_link("/compat")
        assert file.group_is("/bin/sh", "wheel")
        assert file.mode_is("/bin/sh", "555")
    else:
        assert file.is_link("/usr/tmp")
        assert file.group_is("/bin/sh", "root")
        assert file.mode_is("/bin/sh", "777")

    assert package.installed("wget.x86_64")

    assert user.exists("sshd")
    assert user.is_belonging_group("worker", "users")

    assert group.is_exists("wheel")

    assert port.is_listening(22)
    assert cron.has_entry('shirou', 'python')

    if env.platform_family == "freebsd":
        assert service.is_enabled("apache22")
        assert process.is_up("httpd")
    else:
        assert service.is_enabled("http")
        assert process.is_up("http") is False
def check():
    env.platform_family = detect.detect()

    dot_npm = "/home/user1/.npm"
    assert file.exists(dot_npm), \
        "%s does not exist" % dot_npm
    assert file.is_dir(dot_npm), \
        "%s is not a directory" % dot_npm
    assert file.mode_is(dot_npm, '755'), \
        "%s is not mode 755" % dot_npm
    assert file.owner_is(dot_npm, 'user1'), \
        "%s is not owned by user1" % dot_npm
    # directory { should be_grouped_into 'my_nodejs_app' }

    assert port.is_listening(80), "port 80/apache2 is not listening"

    assert user.exists("user1"), "user my_nodejs_app does not exist"

    assert process.is_up("node"), "node process is not up"
    # its('args') { should match 'server.js|app.js' }

    assert service.is_enabled("node-app"), \
        "node-app service is not enabled"

    assert nodejs_is_responding(), "node demo app did not respond as expected"
def mysql():
    env.platform_family = detect.detect()

    if env.platform_family == 'debian':
        mysql_package = 'mysql-server-5.5'
        mysql_process = 'mysql'
        holland_package = 'holland'
    elif env.platform_family == 'rhel':
        mysql_package = 'mysql-server'
        mysql_process = 'mysqld'
        holland_package = 'holland'
    else:
        raise ValueError('OS ' + env.platform_family +
                         ' unknown, update tests.')

    packages = [holland_package, mysql_package]
    for pkg in packages:
        assert package.installed(pkg), ('package ' + pkg + 'not found')

    assert port.is_listening(3306), '3306 not listening'

    root_my_cnf = "/root/.my.cnf"
    assert file.exists(root_my_cnf), 'root my.cnf does not exist'
    assert file.mode_is(root_my_cnf, 600), \
        'permissions are wrong on root my.cnf'
    assert file.owner_is(root_my_cnf, "root"), 'owner is wrong on root my.cnf'
    assert process.is_up(mysql_process), 'mysql is not running'
    assert service.is_enabled(mysql_process), 'mysql is not enabled'
def check():
    env.platform_family = detect.detect()

    dot_npm = "/home/user1/.npm"
    assert file.exists(dot_npm), \
        "%s does not exist" % dot_npm
    assert file.is_dir(dot_npm), \
        "%s is not a directory" % dot_npm
    assert file.mode_is(dot_npm, '755'), \
        "%s is not mode 755" % dot_npm
    assert file.owner_is(dot_npm, 'user1'), \
        "%s is not owned by user1" % dot_npm
    # directory { should be_grouped_into 'my_nodejs_app' }

    assert port.is_listening(80), "port 80/apache2 is not listening"

    assert user.exists("user1"), "user my_nodejs_app does not exist"

    assert process.is_up("node"), "node process is not up"
    # its('args') { should match 'server.js|app.js' }

    assert service.is_enabled("node-app"), \
        "node-app service is not enabled"

    assert nodejs_is_responding(), "node demo app did not respond as expected"
Exemple #5
0
def mysql():
    env.platform_family = detect.detect()

    packages = ["holland", "mysql-server"]
    for pkg in packages:
        assert package.installed(pkg)

    assert port.is_listening(3306)
    assert process.is_up("mysqld")

    root_my_cnf = "/root/.my.cnf"
    assert file.exists(root_my_cnf)
    assert file.mode_is(root_my_cnf, 600)
    assert file.owner_is(root_my_cnf, "root")
Exemple #6
0
def lsync_client():
    env.platform_family = detect.detect()

    wordpress_user = "******"
    web_group = "www-data"
    ssh_dir = "/var/www/vhosts/example.com/.ssh"
    auth_keys = os.path.join(ssh_dir, "authorized_keys")

    assert user.exists(wordpress_user)
    assert user.is_belonging_group(wordpress_user, web_group)
    assert file.dir_exists(ssh_dir)
    assert file.owner_is(ssh_dir, wordpress_user)
    assert file.owner_is(auth_keys, wordpress_user)
    assert file.mode_is(auth_keys, 644)
def lsyncd():
    env.platform_family = detect.detect()

    wordpress_user = "******"
    web_group = "www-data"
    ssh_dir = "/var/www/vhosts/example.com/.ssh"
    private_key = os.path.join(ssh_dir, "id_rsa")

    assert package.installed("lsyncd")
    assert process.is_up("lsyncd")
    assert service.is_enabled("lsyncd")
    assert user.exists(wordpress_user)
    assert user.is_belonging_group(wordpress_user, web_group)
    assert file.dir_exists(ssh_dir)
    assert file.owner_is(ssh_dir, wordpress_user)
    assert file.owner_is(private_key, wordpress_user)
    assert file.mode_is(private_key, 600)
def lsyncd():
    env.platform_family = detect.detect()

    wordpress_user = "******"
    web_group = "www-data"
    ssh_dir = "/var/www/vhosts/example.com/.ssh"
    private_key = os.path.join(ssh_dir, "id_rsa")

    assert package.installed("lsyncd"), 'lsyncd is not installed'
    check_lsync_up()
    assert service.is_enabled("lsyncd"), 'lsyncd is not enabled'
    assert user.exists(wordpress_user), 'wp_user user does not exist'
    assert user.exists('wp_user').get('passwd') != '!', 'wp_user pass missing'
    assert user.is_belonging_group(wordpress_user, web_group), 'wp_user does belong to correct group'
    assert file.dir_exists(ssh_dir), 'ssh directory does not exist'
    assert file.owner_is(ssh_dir, wordpress_user), 'wp_user does not own ssh directory'
    assert file.owner_is(private_key, wordpress_user), 'wp_user does not own ssh key'
    assert file.mode_is(private_key, 600), 'ssh key is not set to correct mode'
Exemple #9
0
def lsyncd():
    env.platform_family = detect.detect()

    wordpress_user = "******"
    web_group = "www-data"
    ssh_dir = "/var/www/vhosts/example.com/.ssh"
    private_key = os.path.join(ssh_dir, "id_rsa")

    assert package.installed("lsyncd"), 'lsyncd is not installed'
    assert process.is_up("lsyncd"), 'lsyncd is not up'
    assert service.is_enabled("lsyncd"), 'lsyncd is not enabled'
    assert user.exists(wordpress_user), 'wp_user user does not exist'
    assert user.exists('wp_user').get('passwd') != '!', 'wp_user pass missing'
    assert user.is_belonging_group(
        wordpress_user, web_group), 'wp_user does belong to correct group'
    assert file.dir_exists(ssh_dir), 'ssh directory does not exist'
    assert file.owner_is(ssh_dir,
                         wordpress_user), 'wp_user does not own ssh directory'
    assert file.owner_is(private_key,
                         wordpress_user), 'wp_user does not own ssh key'
    assert file.mode_is(private_key, 600), 'ssh key is not set to correct mode'
Exemple #10
0
    def guest_network(self,config):
        vpn_config = {
            "local_public_ip": config['router_guest_ip'],
            "local_guest_cidr":"%s/%s" % (config['router_guest_gateway'], config['cidr']),
            "local_public_gateway":"172.16.1.1",
            "peer_gateway_ip":"10.200.200.1",
            "peer_guest_cidr_list":"10.0.0.0/24",
            "esp_policy":"3des-md5",
            "ike_policy":"3des-md5",
            "ipsec_psk":"vpnblabla",
            "ike_lifetime":86400,
            "esp_lifetime":3600,
            "create":True,
            "dpd":False,
            "passive":False,
            "type":"site2sitevpn"
        }
        octets = config['router_guest_ip'].split('.')
        configs = []

        # This should fail because the network does not yet exist
        self.update_config(vpn_config)
        assert not file.exists("/etc/ipsec.d/ipsec.vpn-%s.conf" % vpn_config['peer_gateway_ip'])

        self.update_config(config)
        self.update_config(vpn_config)
        assert ip.has_ip("%s/%s" % (config['router_guest_ip'], config['cidr']), config['device'])
        assert process.is_up("apache2"), "Apache2 should be running after adding a guest network"
        assert process.is_up("dnsmasq"), "Dnsmasq should be running after adding a guest network"

        assert file.exists("/etc/ipsec.d/ipsec.vpn-%s.conf" % vpn_config['peer_gateway_ip'])
        assert file.mode_is("/etc/ipsec.d/ipsec.vpn-%s.secrets" % vpn_config['peer_gateway_ip'], "400")
        result = run("/usr/sbin/ipsec setup status", timeout=600, warn_only=True)
        assert result.succeeded, 'ipsec returned non zero status %s' % config['router_guest_ip']
		# Add a host to the dhcp server
		# This must happen in order for dnsmasq to be listening
        for n in range(3,13):
            ipb = ".".join(octets[0:3])
            ipa = "%s.%s" % (ipb, n)
            gw = "%s.1" % ipb
            self.basic_dhcp_entry['ipv4_adress'] =  ipa
            self.basic_dhcp_entry['default_gateway'] =  gw
            self.basic_dhcp_entry['host_name'] =  "host_%s" % (ipa)
            self.update_config(self.basic_dhcp_entry)
            configs.append(copy.deepcopy(self.basic_dhcp_entry))
        assert port.is_listening(80)
        assert port.is_listening(53)
        assert port.is_listening(53)
        assert port.is_listening(67)
        for o in configs:
            line = "%s,%s,%s,infinite" % (o['mac_address'], o['ipv4_adress'], o['host_name'])
            assert file.has_line("/etc/dhcphosts.txt", line)
        config['add'] = False
        self.update_config(config)
        assert not ip.has_ip("%s/%s" % (config['router_guest_ip'], config['cidr']), config['device'])
        # Now setup what we have redundant
        self.redundant("-e")
        self.configure()
        assert process.is_up("keepalived"), "Keepalived should be running after enabling redundancy"
        assert process.is_up("conntrackd"), "Conntrackd should be running after enabling redundancy"
        self.redundant("-d")
        self.configure()
        assert not process.is_up("keepalived"), "Keepalived should be not running after disabling redundancy"
        assert not process.is_up("conntrackd"), "Conntrackd should be not running after disabling redundancy"
        for o in configs:
            o['add'] = False
            self.update_config(o)
        for o in configs:
            line = "%s,%s,%s,infinite" % (o['mac_address'], o['ipv4_adress'], o['host_name'])
            assert file.has_line("/etc/dhcphosts.txt", line) is False
        # If the network gets deleted so should the vpn
        assert not file.exists("/etc/ipsec.d/ipsec.vpn-%s.conf" % vpn_config['peer_gateway_ip'])
def acceptance_tests_common_tests_for_flocker(distribution):
    """ Runs checks that are common to all platforms related to Flocker

    :param string distribution: which OS to use 'centos7', 'ubuntu1404'
    """

    with settings():
        env.platform_family = detect.detect()

        # Jenkins should call the correct interpreter based on the shebang
        # However,
        # We noticed that our Ubuntu /bin/bash calls were being executed
        # as /bin/sh.
        # So we as part of the slave image build process symlinked
        # /bin/sh -> /bin/bash.
        # https://clusterhq.atlassian.net/browse/FLOC-2986
        log_green('check that /bin/sh is symlinked to bash')
        assert file.is_link("/bin/sh")
        assert 'bash' in run('ls -l /bin/sh')

        # umask needs to be set to 022, so that the packages we build
        # through the flocker tests have the correct permissions.
        # otherwise rpmlint fails with permssion errors.
        log_green('check that our umask matches 022')
        assert '022' in run('umask')

        # we need to keep the PATH so that we can run virtualenv with sudo
        log_green('check that the environment is not reset on sudo')
        assert sudo("sudo grep "
                    "'Defaults:\%wheel\ \!env_reset\,\!secure_path'"
                    " /etc/sudoers")

        # the run acceptance tests fail if we don't have a known_hosts file
        # so we make sure it exists
        log_green('check that /root/.ssh/known_hosts exists')

        # known_hosts needs to have 600 permissions
        assert sudo("ls /root/.ssh/known_hosts")
        assert "600" in sudo("stat -c %a /root/.ssh/known_hosts")

        # fpm is used for building RPMs/DEBs
        log_green('check that fpm is installed')
        assert 'fpm' in sudo('gem list')

        # A lot of Flocker tests use different docker images,
        # we don't want to have to download those images every time we
        # spin up a new slave node. So we make sure they are cached
        # locally when we bake the image.
        log_green('check that images have been downloaded locally')
        for image in local_docker_images():
            log_green(' checking %s' % image)
            if ':' in image:
                parts = image.split(':')
                expression = parts[0] + '.*' + parts[1]
                assert re.search(expression, sudo('docker images'))
            else:
                assert image in sudo('docker images')

        # CentOS 7 provides us with a fairly old git version, we install
        # a recent version in /usr/local/bin
        log_green('check that git is installed locally')
        assert file.exists("/usr/local/bin/git")

        # and then update the PATH so that our new git comes first
        log_green('check that /usr/local/bin is in path')
        assert '/usr/local/bin/git' in run('which git')

        # update pip
        # We have a devpi cache in AWS which we will consume instead of
        # going upstream to the PyPi servers.
        # We specify that devpi caching server using -i \$PIP_INDEX_URL
        # which requires as to include --trusted_host as we are not (yet)
        # using  SSL on our caching box.
        # The --trusted-host option is only available with pip 7
        log_green('check that pip is the latest version')
        assert '7.' in run('pip --version')

        # The /tmp/acceptance.yaml file is deployed to the jenkins slave
        # during bootstrapping. These are copied from the Jenkins Master
        # /etc/slave_config directory.
        # We just need to make sure that directory exists.
        log_green('check that /etc/slave_config exists')
        assert file.dir_exists("/etc/slave_config")
        assert file.mode_is("/etc/slave_config", "777")

        # pypy will be used in the acceptance tests
        log_green('check that pypy is available')
        assert '2.6.1' in run('pypy --version')

        # the client acceptance tests run on docker instances
        log_green('check that docker is running')
        assert sudo('docker --version | grep "1.10."')
        assert process.is_up("docker")