def check():
env.platform_family = detect.detect()
# file
assert file.exists("/etc/hosts")
assert file.is_file("/etc/hosts")
assert file.is_dir("/tmp/")
assert file.dir_exists("/tmp/")
assert file.has_line("/etc/passwd", "sshd")
assert file.owner_is("/bin/sh", "root")
if env.platform_family == "freebsd":
assert file.is_link("/compat")
assert file.group_is("/bin/sh", "wheel")
assert file.mode_is("/bin/sh", "555")
else:
assert file.is_link("/usr/tmp")
assert file.group_is("/bin/sh", "root")
assert file.mode_is("/bin/sh", "777")
assert package.installed("wget.x86_64")
assert user.exists("sshd")
assert user.is_belonging_group("worker", "users")
assert group.is_exists("wheel")
assert port.is_listening(22)
assert cron.has_entry('shirou', 'python')
if env.platform_family == "freebsd":
assert service.is_enabled("apache22")
assert process.is_up("httpd")
else:
assert service.is_enabled("http")
assert process.is_up("http") is False
def lsync_client():
env.platform_family = detect.detect()
wordpress_user = "******"
web_group = "www-data"
ssh_dir = "/var/www/vhosts/example.com/.ssh"
auth_keys = os.path.join(ssh_dir, "authorized_keys")
assert user.exists(wordpress_user)
assert user.is_belonging_group(wordpress_user, web_group)
assert file.dir_exists(ssh_dir)
assert file.owner_is(ssh_dir, wordpress_user)
assert file.owner_is(auth_keys, wordpress_user)
assert file.mode_is(auth_keys, 644)
def lsyncd():
env.platform_family = detect.detect()
wordpress_user = "******"
web_group = "www-data"
ssh_dir = "/var/www/vhosts/example.com/.ssh"
private_key = os.path.join(ssh_dir, "id_rsa")
assert package.installed("lsyncd")
assert process.is_up("lsyncd")
assert service.is_enabled("lsyncd")
assert user.exists(wordpress_user)
assert user.is_belonging_group(wordpress_user, web_group)
assert file.dir_exists(ssh_dir)
assert file.owner_is(ssh_dir, wordpress_user)
assert file.owner_is(private_key, wordpress_user)
assert file.mode_is(private_key, 600)
def lsyncd():
env.platform_family = detect.detect()
wordpress_user = "******"
web_group = "www-data"
ssh_dir = "/var/www/vhosts/example.com/.ssh"
private_key = os.path.join(ssh_dir, "id_rsa")
assert package.installed("lsyncd"), 'lsyncd is not installed'
check_lsync_up()
assert service.is_enabled("lsyncd"), 'lsyncd is not enabled'
assert user.exists(wordpress_user), 'wp_user user does not exist'
assert user.exists('wp_user').get('passwd') != '!', 'wp_user pass missing'
assert user.is_belonging_group(wordpress_user, web_group), 'wp_user does belong to correct group'
assert file.dir_exists(ssh_dir), 'ssh directory does not exist'
assert file.owner_is(ssh_dir, wordpress_user), 'wp_user does not own ssh directory'
assert file.owner_is(private_key, wordpress_user), 'wp_user does not own ssh key'
assert file.mode_is(private_key, 600), 'ssh key is not set to correct mode'
def lsyncd():
env.platform_family = detect.detect()
wordpress_user = "******"
web_group = "www-data"
ssh_dir = "/var/www/vhosts/example.com/.ssh"
private_key = os.path.join(ssh_dir, "id_rsa")
assert package.installed("lsyncd"), 'lsyncd is not installed'
assert process.is_up("lsyncd"), 'lsyncd is not up'
assert service.is_enabled("lsyncd"), 'lsyncd is not enabled'
assert user.exists(wordpress_user), 'wp_user user does not exist'
assert user.exists('wp_user').get('passwd') != '!', 'wp_user pass missing'
assert user.is_belonging_group(
wordpress_user, web_group), 'wp_user does belong to correct group'
assert file.dir_exists(ssh_dir), 'ssh directory does not exist'
assert file.owner_is(ssh_dir,
wordpress_user), 'wp_user does not own ssh directory'
assert file.owner_is(private_key,
wordpress_user), 'wp_user does not own ssh key'
assert file.mode_is(private_key, 600), 'ssh key is not set to correct mode'
def acceptance_tests_common_tests_for_flocker(distribution):
""" Runs checks that are common to all platforms related to Flocker
:param string distribution: which OS to use 'centos7', 'ubuntu1404'
"""
with settings():
env.platform_family = detect.detect()
# Jenkins should call the correct interpreter based on the shebang
# However,
# We noticed that our Ubuntu /bin/bash calls were being executed
# as /bin/sh.
# So we as part of the slave image build process symlinked
# /bin/sh -> /bin/bash.
# https://clusterhq.atlassian.net/browse/FLOC-2986
log_green('check that /bin/sh is symlinked to bash')
assert file.is_link("/bin/sh")
assert 'bash' in run('ls -l /bin/sh')
# umask needs to be set to 022, so that the packages we build
# through the flocker tests have the correct permissions.
# otherwise rpmlint fails with permssion errors.
log_green('check that our umask matches 022')
assert '022' in run('umask')
# we need to keep the PATH so that we can run virtualenv with sudo
log_green('check that the environment is not reset on sudo')
assert sudo("sudo grep "
"'Defaults:\%wheel\ \!env_reset\,\!secure_path'"
" /etc/sudoers")
# the run acceptance tests fail if we don't have a known_hosts file
# so we make sure it exists
log_green('check that /root/.ssh/known_hosts exists')
# known_hosts needs to have 600 permissions
assert sudo("ls /root/.ssh/known_hosts")
assert "600" in sudo("stat -c %a /root/.ssh/known_hosts")
# fpm is used for building RPMs/DEBs
log_green('check that fpm is installed')
assert 'fpm' in sudo('gem list')
# A lot of Flocker tests use different docker images,
# we don't want to have to download those images every time we
# spin up a new slave node. So we make sure they are cached
# locally when we bake the image.
log_green('check that images have been downloaded locally')
for image in local_docker_images():
log_green(' checking %s' % image)
if ':' in image:
parts = image.split(':')
expression = parts[0] + '.*' + parts[1]
assert re.search(expression, sudo('docker images'))
else:
assert image in sudo('docker images')
# CentOS 7 provides us with a fairly old git version, we install
# a recent version in /usr/local/bin
log_green('check that git is installed locally')
assert file.exists("/usr/local/bin/git")
# and then update the PATH so that our new git comes first
log_green('check that /usr/local/bin is in path')
assert '/usr/local/bin/git' in run('which git')
# update pip
# We have a devpi cache in AWS which we will consume instead of
# going upstream to the PyPi servers.
# We specify that devpi caching server using -i \$PIP_INDEX_URL
# which requires as to include --trusted_host as we are not (yet)
# using SSL on our caching box.
# The --trusted-host option is only available with pip 7
log_green('check that pip is the latest version')
assert '7.' in run('pip --version')
# The /tmp/acceptance.yaml file is deployed to the jenkins slave
# during bootstrapping. These are copied from the Jenkins Master
# /etc/slave_config directory.
# We just need to make sure that directory exists.
log_green('check that /etc/slave_config exists')
assert file.dir_exists("/etc/slave_config")
assert file.mode_is("/etc/slave_config", "777")
# pypy will be used in the acceptance tests
log_green('check that pypy is available')
assert '2.6.1' in run('pypy --version')
# the client acceptance tests run on docker instances
log_green('check that docker is running')
assert sudo('docker --version | grep "1.10."')
assert process.is_up("docker")