def test_07_create_cli_rpm(): ''' create a client configuration RPM ''' RHUIManagerClient.create_container_conf_rpm(RHUA, "/tmp", CONF_RPM_NAME, "1", "1ui") Expect.expect_retval(RHUA, "test -f %s" % CONF_RPM_PATH)
def subscriptions_unregister(connection, pool): ''' remove the subscription from RHUI ''' Expect.expect_retval( connection, "rhui-manager subscriptions unregister --pool %s " % pool)
def install_pkg_from_rhua(rhua_connection, target_connection, pkgpath, allow_update=False): ''' Transfer a package from the RHUA to the target node and install it there. ''' # the package can be an RPM file to install/update using rpm -- typically a RHUI client # configuration RPM, # or it can be a gzipped tarball -- typically an Atomic client configuration package supported_extensions = {"RPM": ".rpm", "tar": ".tar.gz"} target_file_name = "/tmp/%s" % os.path.basename(pkgpath) if pkgpath.endswith(supported_extensions["RPM"]): option = "U" if allow_update else "i" cmd = "rpm -%s %s" % (option, target_file_name) elif pkgpath.endswith(supported_extensions["tar"]): cmd = "tar xzf %s && ./install.sh" % target_file_name else: raise ValueError("%s has an unsupported file extension. Supported extensions are: %s" %\ (pkgpath, list(supported_extensions.values()))) local_file = tempfile.NamedTemporaryFile(delete=False) local_file.close() rhua_connection.sftp.get(pkgpath, local_file.name) target_connection.sftp.put(local_file.name, target_file_name) Expect.expect_retval(target_connection, cmd) os.unlink(local_file.name) Expect.expect_retval(target_connection, "rm -f %s" % target_file_name)
def unregister_system(connection): ''' unregister from RHSM ''' Expect.expect_retval(connection, "rm -f /tmp/rhuipool.txt") Expect.expect_retval(connection, "subscription-manager unregister", timeout=20)
def test_10_set_eus_release(self): ''' set the tested EUS release in Yum configuration ''' # the repo id is ...rpms-X.Y-ARCH, # so the release between the next-to-last and the last dash eus_release = self.repo_id.split("-")[-2] Expect.expect_retval(CLI, "rhui-set-release --set %s" % eus_release)
def test_07_generate_atomic_cert(self): ''' generate an entitlement certificate for the repo ''' RHUIManagerClient.generate_ent_cert(RHUA, [self.atomic_repo_name], "test_atomic_ent_cli", "/root/") Expect.expect_retval(RHUA, "test -f /root/test_atomic_ent_cli.crt") Expect.expect_retval(RHUA, "test -f /root/test_atomic_ent_cli.key")
def restart_if_present(connection, service): ''' restart a systemd service if it exists ''' Expect.expect_retval( connection, "if [ -f /usr/lib/systemd/system/%s.service ]; then " % service + "systemctl restart %s; fi" % service)
def test_08_create_atomic_pkg(): ''' create an Atomic client configuration package ''' RHUIManagerClient.create_atomic_conf_pkg( RHUA, "/root", "test_atomic_pkg", "/root/test_atomic_ent_cli.crt", "/root/test_atomic_ent_cli.key") Expect.expect_retval(RHUA, "test -f /root/test_atomic_pkg.tar.gz")
def test_25_register_system(): '''Register the system in RHSM, attach RHUI SKU''' # update subscription-manager first (due to RHBZ#1554482) rhua_os_version = Util.get_rhua_version(CONNECTION) if rhua_os_version["major"] == 7 and rhua_os_version["minor"] == 5: Expect.expect_retval(CONNECTION, "yum -y update subscription-manager", timeout=30) RHSMRHUI.register_system(CONNECTION) RHSMRHUI.attach_rhui_sku(CONNECTION)
def disable_beta_repos(connection): ''' Disable RHEL Beta repos that might have been created during the deployment if testing RHUI on/with an unreleased compose. ''' Expect.expect_retval( connection, "if [ -f /etc/yum.repos.d/rhel*_beta.repo ]; then" + " yum-config-manager --disable 'rhel*_beta*';" + "fi")
def test_12_inst_rpm_custom_repo(self): ''' install an RPM from the custom repo ''' test_rpm_name = self.custom_rpm.rsplit('-', 2)[0] Expect.expect_retval(CLI, "yum install -y %s --nogpgcheck" % test_rpm_name, timeout=20)
def test_08_ensure_gpgcheck_conf(): ''' ensure that GPG checking is enabled in the client configuration ''' Expect.expect_retval( RHUA, r"grep -q '^gpgcheck\s*=\s*1$' " + "/root/test_cli_rpm-3.0/build/BUILD/test_cli_rpm-3.0/rh-cloud.repo" )
def test_13_install_unsigned_pkg(): ''' try installing the unsigned package, should not work ''' Expect.ping_pong( CLI, "yum -y install %s" % UNSIGNED_PACKAGE, "Package %s-1-1.noarch.rpm is not signed" % UNSIGNED_PACKAGE) Expect.expect_retval(CLI, "rpm -q %s" % UNSIGNED_PACKAGE, 1)
def repo_add_comps(connection, repo_id, comps): ''' associate comps metadata with a repo ''' Expect.expect_retval(connection, "rhui-manager repo add_comps " + "--repo_id %s --comps %s" % (repo_id, comps), timeout=120)
def test_03_rhui_3_for_rhel_7_check(): ''' check if the RHUI 3 packages for RHEL 7 are available ''' Expect.expect_retval( connection, "test $(wget -q -O - --certificate /tmp/extra_rhui_files/rhcert.pem --ca-certificate /etc/rhsm/ca/redhat-uep.pem https://cdn.redhat.com/content/dist/rhel/rhui/server/7/7Server/x86_64/rhui/3/os/Packages/ | grep -c \"A HREF.*\.rpm\") -gt 90", timeout=15)
def remove_amazon_rhui_conf_rpm(connection): ''' Remove Amazon RHUI configuration rpm from instance (which owns /etc/yum/pluginconf.d/rhui-lb.conf file) ''' Expect.expect_retval( connection, "if [ -f /etc/yum/pluginconf.d/rhui-lb.conf ]; " + "then rpm -e `rpm -qf --queryformat '%{NAME}\n' " + "/etc/yum/pluginconf.d/rhui-lb.conf`; fi")
def enable_rhui_repo(connection, base_rhel=True, gluster=False): """enable the RHUI 3 repo and by default also the base RHEL repo, disable everything else""" # the Gluster 3 repo can also be enabled if needed cmd = "subscription-manager repos --disable=* --enable=rhel-7-server-rhui-3-rpms" if base_rhel: cmd += " --enable=rhel-7-server-rhui-rpms" if gluster: cmd += " --enable=rh-gluster-3-for-rhel-7-server-rhui-rpms" Expect.expect_retval(connection, cmd, timeout=60)
def test_01_register_system(): ''' register with RHSM ''' # update subscription-manager first (due to RHBZ#1554482) rhua_os_version = Util.get_rhua_version(CONNECTION) if rhua_os_version["major"] == 7 and rhua_os_version["minor"] == 5: Expect.expect_retval(CONNECTION, "yum -y update subscription-manager", timeout=30) RHSMRHUI.register_system(CONNECTION)
def repo_add_errata(connection, repo_id, updateinfo): ''' associate errata metadata with a repo ''' Expect.expect_retval(connection, "rhui-manager repo add_errata " + "--repo_id %s --updateinfo %s" % (repo_id, updateinfo), timeout=120)
def test_12_install_test_rpm(self): ''' install the test package (from the test repo) ''' Expect.expect_retval(CLI, "yum install -y %s" % self.test_package, timeout=20) # check it Expect.expect_retval(CLI, "rpm -q %s" % self.test_package)
def add_legacy_ca(connection, local_ca_file): """configure a CDS to accept a legacy CA""" # this method takes the path to the local CA file and configures that CA on a CDS ca_dir = "/etc/pki/rhui/legacy-ca" ca_file = join(ca_dir, basename(local_ca_file)) connection.sftp.put(local_ca_file, ca_file) Expect.expect_retval(connection, "hash=`openssl x509 -hash -noout -in %s` && " % ca_file + "ln -sf %s /etc/pki/tls/certs/$hash.0" % ca_file)
def test_13_inst_rpm_rh_repo(self): ''' install an RPM from the RH repo ''' Expect.expect_retval(CLI, "yum install -y %s" % self.test_package, timeout=20) # but make sure the RPM is taken from the RHUI Util.check_package_url(CLI, self.test_package, self.yum_repo_path)
def test_06_generate_ent_cert(self): ''' generate an entitlement certificate ''' RHUIManagerClient.generate_ent_cert(RHUA, [CUSTOM_REPO, self.yum_repo_name], "test_ent_cli", "/root/") Expect.expect_retval(RHUA, "test -f /root/test_ent_cli.crt") Expect.expect_retval(RHUA, "test -f /root/test_ent_cli.key")
def del_legacy_ca(connection, ca_file_name): """unconfigure a legacy CA""" # this method takes just the base file name (something.crt) in the legacy CA dir on a CDS # and unconfigures that CA ca_dir = "/etc/pki/rhui/legacy-ca" ca_file = join(ca_dir, ca_file_name) Expect.expect_retval(connection, "hash=`openssl x509 -hash -noout -in %s` && " % ca_file + "rm -f %s /etc/pki/tls/certs/$hash.0" % ca_file) Expect.expect_retval(connection, "systemctl restart httpd")
def run(connection): """run the sosreport command""" # first make sure the sos package is installed Expect.expect_retval(connection, "yum -y install sos", timeout=30) # now run sosreport with only the RHUI plug-in enabled, return the tarball location _, stdout, _ = connection.exec_command( "sosreport -o rhui --batch | " + "grep -A1 '^Your sosreport' | " + "tail -1") location = stdout.read().decode().strip() return location
def remove_ssh_keys(connection, hostnames=""): """remove SSH keys that belong to the given (or all CDS & HAProxy) hosts""" key_file_exists = connection.recv_exit_status( "test -f ~/.ssh/known_hosts") == 0 if key_file_exists: if not hostnames: hostnames = ConMgr.get_cds_hostnames( ) + ConMgr.get_haproxy_hostnames() for host in hostnames: Expect.expect_retval(connection, "ssh-keygen -R %s" % host)
def test_22_create_cli_config_rpm(): '''create a client configuration RPM''' RHUIManagerCLI.client_rpm( RHUA, ["/tmp/%s.key" % CLI_CFG[0], "/tmp/%s.crt" % CLI_CFG[0]], CLI_CFG, "/tmp", [CUSTOM_REPOS[0]], "_none_") # check if the rpm was created conf_rpm = "/tmp/%s-%s/build/RPMS/noarch/%s-%s-%s.noarch.rpm" % tuple( CLI_CFG[:2] + CLI_CFG) Expect.expect_retval(RHUA, "test -f %s" % conf_rpm)
def test_16_wrong_input_files(): """try using an invalid XML file and a file with an invalid extension""" # create a bad XML file and use a known non-XML file; reuse the big repo bad_xml = Util.mktemp_remote(RHUA, ".xml") not_xml = "/etc/motd" Expect.expect_retval(RHUA, "echo '<foo></bar>' > %s" % bad_xml) for comps_file in [bad_xml, not_xml]: nose.tools.assert_raises(ExpectFailed, RHUIManagerCLI.repo_add_comps, RHUA, BIG_REPO, comps_file) Expect.expect_retval(RHUA, "rm -f %s" % bad_xml)
def test_99_cleanup(self): '''clean up''' Expect.expect_retval(CLI, "rhui-set-release --unset") Util.remove_rpm(CLI, [self.test_package, CONF_RPM_NAME]) RHUIManagerCLI.repo_delete(RHUA, self.repo_id) Expect.expect_retval(RHUA, "rm -rf /tmp/%s*" % CONF_RPM_NAME) if not getenv("RHUISKIPSETUP"): RHUIManager.remove_rh_certs(RHUA) RHUICLI.delete(RHUA, "haproxy", force=True) RHUICLI.delete(RHUA, "cds", force=True) ConMgr.remove_ssh_keys(RHUA)
def test_14_check_fetched_file(self): ''' check if the repo data was fetched on the client ''' if AH_EXISTS: Expect.expect_retval( ATOMIC_CLI, "test -f /sysroot/ostree/repo/refs/remotes/" + "{0}/{1}".format(self.atomic_repo_remote, self.atomic_repo_ref)) else: raise nose.exc.SkipTest("No known Atomic host")
def generate_answers(rhuisetup, version="1.0", generate_certs=True, proxy_host=None, proxy_port="3128", proxy_user="******", proxy_password=None, capassword=None, answersfile_name="/etc/rhui/answers"): ''' Generate answers file ant put it to RHUA node''' answersfile = tempfile.NamedTemporaryFile(delete=False) answersfile.write("[general]\n") answersfile.write("version: " + version + "\n") answersfile.write("dest_dir: /etc/rhui/confrpm\n") answersfile.write("qpid_ca: /etc/rhui/qpid/ca.crt\n") answersfile.write("qpid_client: /etc/rhui/qpid/client.crt\n") answersfile.write("qpid_nss_db: /etc/rhui/qpid/nss\n") instances = [rhuisetup.Instances["RHUA"][0]] instances.extend(rhuisetup.Instances["CDS"]) cds_number = 1 if not capassword: capassword = Util.get_ca_password(rhuisetup.Instances["RHUA"][0]) for instance in instances: if instance.private_hostname: hostname = instance.private_hostname else: hostname = instance.public_hostname if generate_certs: Expect.expect_retval(rhuisetup.Instances["RHUA"][0], "openssl genrsa -out /etc/rhui/pem/" + hostname + ".key 2048", timeout=60) if instance == rhuisetup.Instances["RHUA"][0]: Expect.expect_retval(rhuisetup.Instances["RHUA"][0], "openssl req -new -key /etc/rhui/pem/" + hostname + ".key -subj \"/C=US/ST=NC/L=Raleigh/CN=" + hostname + "\" -out /etc/rhui/pem/" + hostname + ".csr", timeout=60) else: # Create domain wildcard certificates for CDSes # otherwise CDS will not be accessible via public hostname Expect.expect_retval(rhuisetup.Instances["RHUA"][0], "openssl req -new -key /etc/rhui/pem/" + hostname + ".key -subj \"/C=US/ST=NC/L=Raleigh/CN=" + Util.wildcard(hostname) + "\" -out /etc/rhui/pem/" + hostname + ".csr", timeout=60) Expect.expect_retval(rhuisetup.Instances["RHUA"][0], "openssl x509 -req -days 365 -CA /etc/rhui/pem/ca.crt -CAkey /etc/rhui/pem/ca.key -passin \"pass:"******"\" -in /etc/rhui/pem/" + hostname + ".csr -out /etc/rhui/pem/" + hostname + ".crt", timeout=60) if instance == rhuisetup.Instances["RHUA"][0]: answersfile.write("[rhua]\n") if proxy_host: # Doing proxy setup answersfile.write("proxy_server_host: " + proxy_host + "\n") if proxy_port: answersfile.write("proxy_server_port: " + proxy_port + "\n") if proxy_user: answersfile.write("proxy_server_username: "******"\n") if proxy_password: answersfile.write("proxy_server_password: "******"\n") else: answersfile.write("[cds-" + str(cds_number) + "]\n") cds_number += 1 answersfile.write("hostname: " + hostname + "\n") answersfile.write("rpm_name: " + hostname + "\n") answersfile.write("ssl_cert: /etc/rhui/pem/" + hostname + ".crt\n") answersfile.write("ssl_key: /etc/rhui/pem/" + hostname + ".key\n") answersfile.write("ca_cert: /etc/rhui/pem/ca.crt\n") answersfile.close() rhuisetup.Instances["RHUA"][0].sftp.put(answersfile.name, answersfile_name)