Esempio n. 1
0
def restore_sysadmin_password_raw(connect, current_password, original_password,
                                  exclude_list):
    if current_password == original_password:
        LOG.info(
            'Current password is the same as the original password?!, do nothing'
        )
        return

    for n in range(1, MAX_NUM_PASSWORDS_TRACKED + 1):
        new_password = security_helper.gen_linux_password(
            exclude_list=exclude_list, length=PASSWORD_LEGNTH)
        exclude_list.append(new_password)
        LOG.info('chaning password {} times: from:{} to:{}\n'.format(
            n, current_password, new_password))

        change_password(connect, current_password, new_password)
        HostLinuxUser.set_password(new_password)
        current_password = new_password

    LOG.info('Restore password of sysadmin to:{}'.format(original_password))
    change_password(connect, current_password, original_password)

    HostLinuxUser.set_password(original_password)
    LOG.info(
        'Password for sysadmin is restored to:{}'.format(original_password))
Esempio n. 2
0
def setup_testcase_config(testcase_config, lab=None, natbox=None):
    fip_error = 'A valid IPv4 OAM floating IP has to be specified via ' \
                'cmdline option --lab=<oam_floating_ip>, ' \
                'or testcase config file has to be provided via ' \
                '--testcase-config with oam_floating_ip ' \
                'specified under auth_platform section.'
    if not testcase_config:
        if not lab:
            raise ValueError(fip_error)
        return lab, natbox

    testcase_config = os.path.expanduser(testcase_config)
    auth_section = 'auth'
    guest_image_section = 'guest_image'
    guest_networks_section = 'guest_networks'
    guest_keypair_section = 'guest_keypair'
    natbox_section = 'natbox'

    config = configparser.ConfigParser()
    config.read(testcase_config)

    #
    # Update global variables for auth section
    #
    # Update OAM floating IP
    if lab:
        fip = lab.get('floating ip')
        config.set(auth_section, 'oam_floating_ip', fip)
    else:
        fip = config.get(auth_section, 'oam_floating_ip', fallback='').strip()
        lab = get_lab_dict(fip)

    if __get_ip_version(fip) != 4:
        raise ValueError(fip_error)

    # controller-0 oam ip is updated with best effort if a valid IPv4 IP is
    # provided
    if not lab.get('controller-0 ip') and config.get(
            auth_section, 'controller0_oam_ip', fallback='').strip():
        con0_ip = config.get(auth_section, 'controller0_oam_ip').strip()
        if __get_ip_version(con0_ip) == 4:
            lab['controller-0 ip'] = con0_ip
        else:
            LOG.info(
                "controller0_oam_ip specified in testcase config file is not "
                "a valid IPv4 address. Ignore.")

    # Update linux user credentials
    if config.get(auth_section, 'linux_username', fallback='').strip():
        HostLinuxUser.set_user(
            config.get(auth_section, 'linux_username').strip())
    if config.get(auth_section, 'linux_user_password', fallback='').strip():
        HostLinuxUser.set_password(
            config.get(auth_section, 'linux_user_password').strip())

    # Update openstack keystone user credentials
    auth_dict_map = {
        'platform_admin': 'admin_platform',
        'admin': 'admin',
        'test1': 'tenant1',
        'test2': 'tenant2',
    }
    for conf_prefix, dict_name in auth_dict_map.items():
        kwargs = {}
        default_auth = Tenant.get(dict_name)
        conf_user = config.get(auth_section,
                               '{}_username'.format(conf_prefix),
                               fallback='').strip()
        conf_password = config.get(auth_section,
                                   '{}_password'.format(conf_prefix),
                                   fallback='').strip()
        conf_project = config.get(auth_section,
                                  '{}_project_name'.format(conf_prefix),
                                  fallback='').strip()
        conf_domain = config.get(auth_section,
                                 '{}_domain_name'.format(conf_prefix),
                                 fallback='').strip()
        conf_keypair = config.get(auth_section,
                                  '{}_nova_keypair'.format(conf_prefix),
                                  fallback='').strip()
        if conf_user and conf_user != default_auth.get('user'):
            kwargs['username'] = conf_user
        if conf_password and conf_password != default_auth.get('password'):
            kwargs['password'] = conf_password
        if conf_project and conf_project != default_auth.get('tenant'):
            kwargs['tenant'] = conf_project
        if conf_domain and conf_domain != default_auth.get('domain'):
            kwargs['domain'] = conf_domain
        if conf_keypair and conf_keypair != default_auth.get('nova_keypair'):
            kwargs['nova_keypair'] = conf_keypair

        if kwargs:
            Tenant.update(dict_name, **kwargs)

    #
    # Update global variables for natbox section
    #
    natbox_host = config.get(natbox_section, 'natbox_host',
                             fallback='').strip()
    natbox_user = config.get(natbox_section, 'natbox_user',
                             fallback='').strip()
    natbox_password = config.get(natbox_section,
                                 'natbox_password',
                                 fallback='').strip()
    natbox_prompt = config.get(natbox_section, 'natbox_prompt',
                               fallback='').strip()
    if natbox_host and (not natbox or natbox_host != natbox['ip']):
        natbox = get_natbox_dict(natbox_host,
                                 user=natbox_user,
                                 password=natbox_password,
                                 prompt=natbox_prompt)
    #
    # Update global variables for guest_image section
    #
    img_file_dir = config.get(guest_image_section, 'img_file_dir',
                              fallback='').strip()
    glance_image_name = config.get(guest_image_section,
                                   'glance_image_name',
                                   fallback='').strip()
    img_file_name = config.get(guest_image_section,
                               'img_file_name',
                               fallback='').strip()
    img_disk_format = config.get(guest_image_section,
                                 'img_disk_format',
                                 fallback='').strip()
    min_disk_size = config.get(guest_image_section,
                               'min_disk_size',
                               fallback='').strip()
    img_container_format = config.get(guest_image_section,
                                      'img_container_format',
                                      fallback='').strip()
    image_ssh_user = config.get(guest_image_section,
                                'image_ssh_user',
                                fallback='').strip()
    image_ssh_password = config.get(guest_image_section,
                                    'image_ssh_password',
                                    fallback='').strip()

    if img_file_dir and img_file_dir != GuestImages.DEFAULT['image_dir']:
        # Update default image file directory
        img_file_dir = os.path.expanduser(img_file_dir)
        if not os.path.isabs(img_file_dir):
            raise ValueError(
                "Please provide a valid absolute path for img_file_dir "
                "under guest_image section in testcase config file")
        GuestImages.DEFAULT['image_dir'] = img_file_dir

    if glance_image_name and glance_image_name != GuestImages.DEFAULT['guest']:
        # Update default glance image name
        GuestImages.DEFAULT['guest'] = glance_image_name
        if glance_image_name not in GuestImages.IMAGE_FILES:
            # Add guest image info to consts.stx.GuestImages
            if not (img_file_name and img_disk_format and min_disk_size):
                raise ValueError(
                    "img_file_name and img_disk_format under guest_image "
                    "section have to be "
                    "specified in testcase config file")

            img_container_format = img_container_format if \
                img_container_format else 'bare'
            GuestImages.IMAGE_FILES[glance_image_name] = \
                (None, min_disk_size, img_file_name, img_disk_format,
                 img_container_format)

            # Add guest login credentials
            Guest.CREDS[glance_image_name] = {
                'user': image_ssh_user if image_ssh_user else 'root',
                'password': image_ssh_password if image_ssh_password else None,
            }

    #
    # Update global variables for guest_keypair section
    #
    natbox_keypair_dir = config.get(guest_keypair_section,
                                    'natbox_keypair_dir',
                                    fallback='').strip()
    private_key_path = config.get(guest_keypair_section,
                                  'private_key_path',
                                  fallback='').strip()

    if natbox_keypair_dir:
        natbox_keypair_path = os.path.join(
            natbox_keypair_dir, 'keyfile_{}.pem'.format(lab['short_name']))
        ProjVar.set_var(NATBOX_KEYFILE_PATH=natbox_keypair_path)
    if private_key_path:
        ProjVar.set_var(STX_KEYFILE_PATH=private_key_path)

    #
    # Update global variables for guest_networks section
    #
    net_name_patterns = {
        'mgmt':
        config.get(guest_networks_section,
                   'mgmt_net_name_pattern',
                   fallback='').strip(),
        'data':
        config.get(guest_networks_section,
                   'data_net_name_pattern',
                   fallback='').strip(),
        'internal':
        config.get(guest_networks_section,
                   'internal_net_name_pattern',
                   fallback='').strip(),
        'external':
        config.get(guest_networks_section,
                   'external_net_name_pattern',
                   fallback='').strip()
    }

    for net_type, net_name_pattern in net_name_patterns.items():
        if net_name_pattern:
            Networks.set_neutron_net_patterns(
                net_type=net_type, net_name_pattern=net_name_pattern)

    return lab, natbox
Esempio n. 3
0
def test_sysadmin_aging_and_swact(swact):
    """
    Test password aging.

    Args:

    Test Steps:
    1   change the aging setting, forcing current password expired, new password be set and required by next login
    2   verify the new password is required upon login to the floating IP

    Returns:

    """
    global _host_users

    LOG.tc_step('Change the aging settings of sysadmin')
    if 'sysadmin' != HostLinuxUser.get_user():
        skip('Current User:{} is not sysadmin'.format(
            HostLinuxUser.get_user()))
        return

    user = '******'
    original_password = HostLinuxUser.get_password()
    active_controller = ControllerClient.get_active_controller()
    active_controller_name = system_helper.get_active_controller_name()
    host = lab_info.get_lab_floating_ip()
    _host_users[('active-controller', 'sysadmin')] = [original_password]

    LOG.info('Closing ssh connection to the active controller\n')
    active_controller.flush()
    active_controller.close()

    wait_time = 10
    LOG.info(
        'wait for {} seconds after closing the ssh connect to the active-controller'
        .format(wait_time))
    time.sleep(wait_time)

    # command = 'chage -d 0 -M 0 sysadmin'
    # this is from the test plan
    # sudo passwd -e sysadmin
    command = 'sudo passwd -e sysadmin'
    LOG.info('changing password aging using command:\n{}'.format(command))
    connect = log_in_raw(host, user, original_password)
    LOG.info('sudo execute:{}\n'.format(command))
    code, output = execute_sudo_cmd(connect,
                                    command,
                                    original_password,
                                    expecting_fail=False)
    # code, output = active_controller.exec_sudo_cmd(command)
    LOG.info(
        'OK, aging settings of sysadmin was successfully changed with command:\n{}\ncode:{}, output:{}'
        .format(command, code, output))

    LOG.tc_step('Verify new password needs to be set upon login')
    exclude_list = [original_password]

    # verify password was expired
    new_password = security_helper.gen_linux_password(
        exclude_list=exclude_list, length=PASSWORD_LEGNTH)
    set_password = first_login_to_floating_ip(user, original_password,
                                              new_password)[1]
    if set_password != new_password:
        message = 'first time login did not ask for new password:{}, ' \
                  'current password should still been in effective\n'.format(new_password, original_password)
        LOG.warn(message)
        assert False, message

    # and reset with new password
    new_password = set_password
    if new_password != original_password:
        _host_users[('active-controller', 'sysadmin')].append(new_password)

    HostLinuxUser.set_password(new_password)
    exclude_list.append(new_password)
    LOG.info('OK, new password was required and logged in\n')

    # reconnect after set new password
    LOG.info('reconnect to the active controller')
    host = lab_info.get_lab_floating_ip()
    connect = log_in_raw(host, user, new_password)

    cmd = 'hostname; id; date'
    LOG.info('attempt to run cmd:{}\n'.format(cmd))

    code, output = execute_cmd(connect, cmd)
    LOG.info('output:\n{}\n, code:{}, cmd:{}\n'.format(output, code, cmd))

    # perform swact and verify swact is working
    wait_time = 300
    LOG.info('wait for {} seconds after aging settings been modified'.format(
        wait_time))
    time.sleep(wait_time)

    if swact == 'swact':
        LOG.tc_step('Swact host')
        swact_host_after_reset_sysadmin_raw(connect, active_controller_name)
        LOG.info('OK, host swact')

    LOG.info('Closing raw ssh connection to the active controller\n')
    connect.logout()

    wait_time = 180
    LOG.info('wait for {} after swact and closing own ssh connection'.format(
        wait_time))
    time.sleep(wait_time)

    # reconnect to active after swact
    LOG.info('reconnect to the active controller')
    host = lab_info.get_lab_floating_ip()
    connect = log_in_raw(host, user, new_password)

    LOG.tc_step('Restore the password ')

    # restore_sysadmin_password_raw(connect, new_password, original_password, exclude_list=exclude_list)
    restore_sysadmin_password_raw(connect,
                                  current_password=new_password,
                                  original_password="******",
                                  exclude_list=exclude_list)

    HostLinuxUser.set_password(original_password)
    LOG.info('Close the connection to {} as user:{} with password:{}'.format(
        host, user, original_password))
    connect.close()

    LOG.info(
        'reconnect to the active controller using ControllerClient.get_active_controller()\n'
    )
    active_controller.connect()
Esempio n. 4
0
def change_linux_user_password(password, new_password, user=None,
                               host=None):
    if not user:
        user = HostLinuxUser.get_user()

    LOG.info(
        'Attempt to change password, from password:{}, to new-password:{}, '
        'on host:{}'.format(
            password, new_password, host))

    input_outputs = (
        (
            'passwd',
            (r'\(current\) UNIX password: '******'New password: '******': Authentication token manipulation error', EOF,),
        ),
        (
            new_password,
            ('Retype new password:'******'BAD PASSWORD: The password is too similar to the old one',
                'BAD PASSWORD: No password supplied',
                'passwd: Have exhausted maximum number of retries for service',
                EOF,
            ),
        ),
        (
            new_password,
            (': all authentication tokens updated successfully.',
             Prompt.CONTROLLER_PROMPT,),
            (),
        ),
    )
    conn_to_ac = ControllerClient.get_active_controller()
    initial_prompt = r'.*{}\:~\$ '.format(host)
    LOG.info('Will login as user:"******", password:"******", to host:"{}"'.format(
        user, password, host))
    passed = True
    try:
        conn = SSHFromSSH(conn_to_ac, host, user, password, force_password=True,
                          initial_prompt=initial_prompt)
    except:
        passed = False
        return passed, new_password

    try:
        conn.connect(retry=False, use_password=True)
        for cmd, expected, errors in input_outputs:
            # conn.flush()
            LOG.info("Send '{}'\n".format(cmd))
            conn.send(cmd)
            blob_list = list(expected) + list(errors)
            LOG.info("Expect: {}\n".format(blob_list))
            index = conn.expect(blob_list=blob_list)
            LOG.info('returned index:{}\n'.format(index))
            if len(expected) <= index:
                passed = False
                break

    except Exception as e:
        LOG.warn(
            'Caught exception when connecting to host:{} as user:{} with '
            'pasword:{}\n{}\n'.format(
                host, user, password, e))

        raise

    finally:
        pass
        # TODO: close this connection will lead EOF error in ssh.py if
        #  invoked in fixture cleanup handler
        conn.close()
        if user == HostLinuxUser.get_user():
            conn = ControllerClient.get_active_controller()
            if conn.is_connected():
                conn.close()
            conn.password = new_password
            conn.connect()
            HostLinuxUser.set_password(new_password)

    # flush the output to the cli so the next cli is correctly registered
    # conn.flush()
    LOG.info(
        'Successfully changed password from:\n{}\nto:{} for user:{} on '
        'host:{}'.format(password, new_password, user, host))

    return passed, new_password