def test_vstart_expired_server_cert(request, instance):
"""
Test error when volttron is started with expired server cert when RMQ
server is already running
:param request: pytest request object
:parma instance: volttron instance for testing
"""
# replace certs
crts = instance.certsobj
try:
# overwrite certificates with quick expiry certs
(root_ca, server_cert_name, admin_cert_name) = \
Certs.get_admin_cert_names(instance.instance_name)
crts.create_ca_signed_cert(server_cert_name, type='server',
fqdn=fqdn, valid_days=0.0001)
gevent.sleep(9)
try:
instance.startup_platform(vip_address=get_rand_vip(), timeout=10)
except Exception as e:
assert e.message.startswith("Platform startup failed. Please check volttron.log")
assert not (instance.is_running())
# Rabbitmq log would show
# "TLS server: In state certify received CLIENT ALERT: Fatal -
# Certificate Expired"
except Exception as e:
pytest.fail("Test failed with exception: {}".format(e))
def test_vstart_expired_admin_cert(request, instance):
"""
Test error when volttron is started with expired admin cert when RMQ server
is already running
:param request: pytest request object
:param instance: volttron instance for testing
"""
# replace certs
crts = instance.certsobj
try:
# overwrite certificates with quick expiry certs
(root_ca, server_cert_name, admin_cert_name) = Certs.get_admin_cert_names(instance.instance_name)
crts.create_ca_signed_cert(admin_cert_name, type='client',
fqdn=fqdn, valid_days=0.0001)
gevent.sleep(20)
instance.startup_platform(vip_address=get_rand_vip())
gevent.sleep(5)
assert instance.is_running()
# MGMT PLUGIN DOES NOT COMPLAIN ABOUT EXPIRED ADMIN CERT?? May be because we send the password too ?
cmd = ['volttron-ctl', 'rabbitmq', 'list-users']
process = subprocess.Popen(cmd, env=instance.env,
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
except Exception as e:
pytest.fail("Test failed with exception: {}".format(e))
def test_vctl_shutdown_on_rmq_stop(request):
"""
Test for fix issue# 1886
:param volttron_instance_rmq:
:return:
"""
address = get_rand_vip()
volttron_instance = build_wrapper(address, messagebus='rmq', ssl_auth=True)
agent_uuid = volttron_instance.install_agent(
agent_dir=get_examples("ListenerAgent"), start=True)
assert agent_uuid is not None
agent_pid = volttron_instance.agent_pid(agent_uuid)
assert agent_pid is not None and agent_pid > 0
# Stop RabbitMQ server
rmq_cfg = RMQConfig()
stop_rabbit(rmq_home=rmq_cfg.rmq_home, env=volttron_instance.env)
gevent.sleep(5)
# Shtudown platform
cmd = ['volttron-ctl', 'shutdown', '--platform']
execute_command(cmd, env=volttron_instance.env)
gevent.sleep(2)
# Check that installed agent and platform is not running
assert not psutil.pid_exists(agent_pid)
assert volttron_instance.is_running() == False
def get_n_volttron_instances(n, should_start=True, address_file=True):
get_n_volttron_instances.count = n
instances = []
vip_addresses = []
web_addresses = []
instances = []
addr_config = dict()
names = []
for i in range(0, n):
address = get_rand_vip()
web_address = "http://{}".format(get_rand_ip_and_port())
vip_addresses.append(address)
web_addresses.append(web_address)
nm = 'platform{}'.format(i + 1)
names.append(nm)
for i in range(0, n):
address = vip_addresses[i]
web_address = web_addresses[i]
wrapper = PlatformWrapper()
addr_file = os.path.join(wrapper.volttron_home,
'external_address.json')
if address_file:
with open(addr_file, 'w') as f:
json.dump(web_addresses, f)
gevent.sleep(.1)
wrapper.startup_platform(address,
bind_web_address=web_address,
instance_name=names[i],
setupmode=True)
wrapper.skip_cleanup = True
instances.append(wrapper)
gevent.sleep(11)
for i in range(0, n):
instances[i].shutdown_platform()
gevent.sleep(1)
# del instances[:]
for i in range(0, n):
address = vip_addresses.pop(0)
web_address = web_addresses.pop(0)
print address, web_address
instances[i].startup_platform(address,
bind_web_address=web_address,
instance_name=names[i])
instances[i].allow_all_connections()
gevent.sleep(11)
instances = instances if n > 1 else instances[0]
get_n_volttron_instances.instances = instances
return instances
def build_n_volttron_instances(n, bad_config=False, add_my_address=True):
build_n_volttron_instances.count = n
instances = []
vip_addresses = []
instances = []
addr_config = dict()
names = []
for i in range(0, n):
address = get_rand_vip()
vip_addresses.append(address)
nm = 'platform{}'.format(i + 1)
names.append(nm)
for i in range(0, n):
address = vip_addresses[i]
wrapper = PlatformWrapper()
wrapper.startup_platform(address, instance_name=names[i])
wrapper.skip_cleanup = True
instances.append(wrapper)
gevent.sleep(1)
for i in range(0, n):
instances[i].shutdown_platform()
for i in range(0, n):
addr_config.clear()
for j in range(0, n):
if j != i or (j == i and add_my_address):
name = names[j]
addr_config[name] = dict()
addr_config[name]['instance-name'] = names[j]
if bad_config:
addr_config[name]['vip-address123'] = vip_addresses[j]
else:
addr_config[name]['vip-address'] = vip_addresses[j]
addr_config[name]['serverkey'] = instances[j].serverkey
address_file = os.path.join(instances[i].volttron_home,
'external_platform_discovery.json')
if address_file:
with open(address_file, 'w') as f:
json.dump(addr_config, f)
gevent.sleep(1)
for i in range(0, n):
address = vip_addresses.pop(0)
instances[i].startup_platform(address, instance_name=names[i])
instances[i].allow_all_connections()
gevent.sleep(11)
instances = instances if n > 1 else instances[0]
build_n_volttron_instances.instances = instances
return instances
def test_expired_ca_cert_after_vstart(request, instance):
"""
Test error when CA cert expires after volttron has started. Once CA cert expires, can't install agent or can't get
agent status. CA certificate needs to be recreated and client certs have to
:param request: pytest request object
:param instance: instance of volttron using rmq and ssl
"""
crts = instance.certsobj
try:
(root_ca, server_cert_name, admin_cert_name) = \
Certs.get_admin_cert_names(instance.instance_name)
data = {'C': 'US',
'ST': 'Washington',
'L': 'Richland',
'O': 'pnnl',
'OU': 'volttron',
'CN': instance.instance_name + "_root_ca"}
crts.create_root_ca(valid_days=0.0005, **data)
print("current time after root ca:{}".format(datetime.datetime.utcnow()))
copy(crts.cert_file(crts.root_ca_name),
crts.cert_file(crts.trusted_ca_name))
crts.create_signed_cert_files(server_cert_name, cert_type='server', fqdn=fqdn)
crts.create_signed_cert_files(admin_cert_name, cert_type='client')
instance.startup_platform(vip_address=get_rand_vip())
print("current time after platform start:{}".format(datetime.datetime.utcnow()))
gevent.sleep(30) # wait for CA to expire
# Can't install new agent
with pytest.raises(RuntimeError) as exec_info:
agent = instance.install_agent(
agent_dir=get_examples("ListenerAgent"),
vip_identity="listener2", start=True)
assert exec_info.type is RuntimeError
except Exception as e:
pytest.fail("Test failed with exception: {}".format(e))
finally:
# can't do clean shutdown with expired ca. terminate process
# and clean up manually
instance.p_process.terminate()
stop_rabbit(rmq_home=instance.rabbitmq_config_obj.rmq_home, env=instance.env, quite=True)
if not instance.skip_cleanup:
shutil.rmtree(instance.volttron_home)
def test_expired_server_cert_after_vstart(request, instance):
"""
Test error when server cert expires after volttron has started
:param request: pytest request object
:param instance: instance of volttron using rmq and ssl
"""
crts = instance.certsobj
try:
(root_ca, server_cert_name, admin_cert_name) = \
Certs.get_admin_cert_names(instance.instance_name)
crts.create_signed_cert_files(server_cert_name, cert_type='server',
fqdn=fqdn, valid_days=0.0004) # 34.5 seconds
print("current time:{}".format(datetime.datetime.utcnow()))
instance.startup_platform(vip_address=get_rand_vip())
print("current time:{}".format(datetime.datetime.utcnow()))
agent = instance.install_agent(
agent_dir=get_examples("ListenerAgent"),
vip_identity="listener1", start=True)
gevent.sleep(20)
print("Attempting agent install after server certificate expiry")
with pytest.raises(RuntimeError) as exec_info:
agent = instance.install_agent(
agent_dir=get_examples("ListenerAgent"),
vip_identity="listener2", start=True)
pytest.fail("Agent install should fail")
assert exec_info.type is RuntimeError
# Restore server cert and restart rmq ssl, wait for 30 seconds for volttron to reconnect
crts.create_signed_cert_files(server_cert_name, cert_type='server', fqdn=fqdn)
restart_ssl(rmq_home=instance.rabbitmq_config_obj.rmq_home, env=instance.env)
gevent.sleep(15) # test setup sets the volttron reconnect wait to 5 seconds
# status of first agent would still be fine and it would
# continue to publish hearbeat.
assert instance.is_agent_running(agent)
instance.remove_agent(agent)
except Exception as e:
pytest.fail("Test failed with exception: {}".format(e))
def test_vstart_expired_ca_cert(request, instance):
"""
Test error when volttron is started with expired CA cert when rabbitmq
server is already running
:param request: pytest request object
:parma instance: volttron instance for testing
"""
crts = instance.certsobj
try:
# overwrite certificates with quick expiry certs
(root_ca, server_cert_name, admin_cert_name) = \
Certs.get_admin_cert_names(instance.instance_name)
data = {'C': 'US',
'ST': 'Washington',
'L': 'Richland',
'O': 'pnnl',
'OU': 'volttron',
'CN': instance.instance_name+"_root_ca"}
crts.create_root_ca(valid_days=0.0001, **data)
copy(crts.cert_file(crts.root_ca_name),
crts.cert_file(crts.trusted_ca_name))
crts.create_ca_signed_cert(server_cert_name, type='server',
fqdn=fqdn)
crts.create_ca_signed_cert(admin_cert_name, type='client')
gevent.sleep(9)
print("Attempting to start volttron after cert expiry")
try:
# it fails fast. send a timeout instead of waiting for default timeout
instance.startup_platform(vip_address=get_rand_vip(), timeout=10)
pytest.fail("platform should not start")
except Exception as e:
assert e.message.startswith("Platform startup failed. Please check volttron.log")
assert not (instance.is_running())
# Rabbitmq log would show Fatal certificate expired
except Exception as e:
pytest.fail("Test failed with exception: {}".format(e))
def test_vstart_without_rmq_init(request, instance):
"""
Test error where volttron is started with message bus as rmq but without
any certs
:param request: pytest request object
:parma instance: volttron instance for testing
"""
try:
assert instance.instance_name == os.path.basename(instance.volttron_home), \
"instance name doesn't match volttron_home basename"
os.rename(
os.path.join(instance.volttron_home, "certificates"),
os.path.join(instance.volttron_home, "certs_backup")
)
try:
instance.startup_platform(vip_address=get_rand_vip())
pytest.fail("Instance should not start without certs, but it does!")
except Exception as e:
assert e.message.startswith("Platform startup failed. Please check volttron.log")
assert not (instance.is_running())
except Exception as e:
pytest.fail("Test failed with exception: {}".format(e))
