def check_anonymous_bind():
# Use anonymous bind to try and get uid & matrNr, then only matrNr
cmd = "ldapsearch -H {0} -b \"{1}\" -x uid=root1 uid{2}"
out1 = get_process_output(cmd.format(ldap_host, ldap_base_dn, ", matrNr"))
out2 = get_process_output(cmd.format(ldap_host, ldap_base_dn, ''))
# The 2nd command should have worked and the 1st not
return "uid: root1" in out2 and not "matrNr: 1938351754" in out1
def check_login(password="******", tls=True):
# If tls=False use ldap://ldap.psa-team10.in.tum.de instead of ldap_host
host = ldap_host if tls else ldap_host.replace('ldaps', 'ldap')
# Use a ldapwhoami to check whether login w/ given pw possible (use timeout)
cmd = "ldapwhoami -H {0} -D {1} -o nettimeout=5 -w \"{2}\""
cmd = cmd.format(host, ldap_binddn, password)
return ldap_binddn in get_process_output(cmd)
def check_fileserver_size_mount():
# Get output of df -h and extract fileserver-pool line
df = get_process_output("df -h").splitlines()
lines = [l for l in df if l.startswith("fileserver-pool 12G")]
# Check whether df -h contains fileserver-pool line
print_log("Checking df -h combined size")
print_check(len(lines) > 0)
# Check whether fileserver-pool line mentions a mount at /mnt/fileserver-pool
print_log("Checking pool mounted")
print_crit_check(
len(lines) > 0 and lines[0].endswith('/mnt/fileserver-pool'))
def check_organizational_units():
# Get all the organizational units from the LDAP server
cmd = ldap_search_base + \
"-b \"{0}\" -LLL objectClass=organizationalUnit | grep dn: | cut -d ' ' -f2"
ous = get_process_output(cmd.format(ldap_base_dn)).split('\n')
# Check that both the 'Praktikum' and 'Students' organizational units exist
if ((not any(ou for ou in ous if ou.startswith('ou=Praktikum'))) or
(not any(ou for ou in ous if ou.startswith('ou=Students')))):
return False
# Check that the team sub-organizational units exist
for i in range(1, 12):
if not any(ou for ou in ous if ou.startswith('ou=Team{},ou=Praktikum'.format(i))):
return False
# If we're here, all required organizational units exist
return True
def check_hdds_size():
def get_block_device_size(dev):
# Get block device size in bytes
out = get_process_output("lsblk -brno SIZE /dev/{}".format(dev))
# Convert from bytes to GiB
return int(out.splitlines()[0]) / (2**30)
# Get all block devices in fileserver-pool
out = get_process_output("zpool status -L fileserver-pool")
out = out[out.find('config:'):out.find('errors:')]
devs = [l[5:8] for l in out.splitlines() if l.startswith('\t ')]
# Check whether we have the right number of them
print_log("Checking correct number of block devices")
print_check(len(devs) == 7)
# Check whether no block device is larger than 2GiB
print_log("Checking block devices sizes")
print_check(all(map(lambda x: x <= 2, map(get_block_device_size, devs))))
def check_csv_certificate():
# Extract certificate from LDAP
cert = get_user_attributes(['userCertificate'])
if len(cert) < 2:
return False
# Remove "userCertificate;binary: " and add start/end delimiters
start = "-----BEGIN CERTIFICATE-----"
cert = '\n'.join([cert[0][25:]] + cert[1:])
end = "-----END CERTIFICATE-----"
# Write the certificate to a temporary file
with open('test.der', 'w') as f:
f.write('\n'.join([start, cert, end]) + '\n')
# Get certificate content using openssl
cmd = "openssl x509 -noout -text -in test.der"
openssl_out = get_process_output(cmd)
# Delete the temporary file
os.remove('test.der')
# Check whether the subject is set correctly
test_string = "Subject: C = DE, ST = Bavaria, L = Munich, O = PSA Team 10, OU = Students, CN = Olga Root, emailAddress = [email protected]"
return test_string in openssl_out
main_key = 'PSA-T10-1'
cgi_key = "Hello world from user rech!"
cname_key = 'PSA-T10-2'
alt_ip_key = 'PSA-T10-3'
# Logging
access_log_path = '/var/log/nginx/'
access_log_name = 'access.log'
error_log_path = '/var/log/nginx/'
error_log_name = 'error.log'
# Check whether DNS resolves to specified IPs
log_msg = "Checking DNS for {0}"
cmd = "host {0}"
print_log(log_msg.format("the main hostname"))
out = get_process_output(cmd.format(main_hostname))
print_crit_check(main_ip in out)
print_log(log_msg.format("the cname hostname"))
out = get_process_output(cmd.format(cname_hostname))
print_check(main_ip in out)
print_log(log_msg.format("the alt. hostname"))
out = get_process_output(cmd.format(alt_ip_hostname))
print_check(alt_ip in out)
print_log("Checking resolving to different IPs")
cond = (get_process_output(cmd.format(main_hostname)) != get_process_output(
cmd.format(alt_ip_hostname)))
print_check(cond)
# Check whether different hostnames return the correct keys
log_msg = "Checking hostname honored ({0})"
print_log(log_msg.format("main"))
vm1_dns, vm1_ip = 'vm1.psa-team10.in.tum.de.', '192.168.10.1'
team_dns, team_ip = 'psa-team10.in.tum.de.', '192.168.10.1'
team_one_dns, team_one_ip = 'dns.psa-team01.in.tum.de.', '192.168.1.3'
tum_proxy_dns, tum_proxy_ip = 'proxy.in.tum.de.', '131.159.0.2'
# First, check whether bind9 is even active if same VM
if get_vm_name() == 'vm02':
print_log("Checking bind9 active")
cmd = "systemctl is-active --quiet bind9.service"
print_crit_check(get_process_returncode(cmd) == 0)
cmd = "host {0} " + server_ip
# Do tests for team domain names
print_log("Checking dns A record")
print_check(server_ip in get_process_output(cmd.format(server_dns)))
print_log("Checking team A record")
print_check(team_ip in get_process_output(cmd.format(team_dns)))
print_log("Checking vm1 A record")
print_check(vm1_ip in get_process_output(cmd.format(vm1_dns)))
# Do tests for other team's domain names
print_log("Checking other team's records")
print_check(team_one_ip in get_process_output(cmd.format(team_one_dns)))
# Do tests for non-PSA domain names
print_log("Checking real-world A records")
print_check(tum_proxy_ip in get_process_output(cmd.format(tum_proxy_dns)))
# Test reverse lookup
print_log("Checking reverse lookup")
def get_block_device_size(dev):
# Get block device size in bytes
out = get_process_output("lsblk -brno SIZE /dev/{}".format(dev))
# Convert from bytes to GiB
return int(out.splitlines()[0]) / (2**30)
import sys
sys.path.append(sys.path[0] + '/../99_helpers/')
from test_helpers import get_process_output, exists_mount # noqa # pylint: disable=import-error
from test_helpers import set_log_length, print_log, print_check # noqa # pylint: disable=import-error
from test_helpers import print_test_summary # noqa # pylint: disable=import-error
print_log("Checking accessing a file on fileserver")
secret = get_process_output("su -c \"cat /home/rech/.fileserver_test\" rech")
print_check('my_secret' in secret)
print_log("Checking (auto)mount entry in df")
src = '192.168.10.6:/mnt/fileserver-pool/home/rech'
dst = '/home/rech'
print_check(exists_mount(src, dst))
print_test_summary()
def get_user_attributes(attributes):
# Get given attributes of the root1 user using ldapsearch
cmd = ldap_search_base + \
"-b \"{0}\" -LLL {1}".format(ldap_binddn, ' '.join(attributes))
return get_process_output(cmd).splitlines()[1:-1]
def get_uids(in_oud):
# Get all the uids, limit output to actual uids, then return them as tuple
cmd = ldap_search_base + \
"-b \"ou={0},{1}\" uid=* uid ".format(in_oud, ldap_base_dn) + \
"| grep -a \"uid: \" | cut -d ' ' -f 2"
return get_process_output(cmd).splitlines()
def change_pw(old_password, new_password):
# Execute passwd as test1 user
cmd = "runuser -l root1 -c \"echo \\\"{0}\\n{1}\\n{1}\\\" | passwd\" 2>&1"
out = get_process_output(cmd.format(old_password, new_password))
return "password updated successfully" in out
import sys
import json
from subprocess import run
from itertools import compress
sys.path.append(sys.path[0] + '/../99_helpers/')
from test_helpers import get_vm_name, Cursor, WriteCursor # noqa # pylint: disable=import-error
from test_helpers import print_log, print_check, get_process_output, set_log_length # noqa # pylint: disable=import-error
# Constants
python_version = 'python3.7'
# Hostname is vmXX where XX are the digits at the end of the Linux hostname
hostname = get_vm_name()
# Get full path to sysadmin-scripts folder
dir = get_process_output('cd .. && pwd')[:-1] + '/'
# Between tests we want to ask the user whether they want to continue and
# clean the screen
test_seperator = ("\nprintf \"\\n\\nPress a key to continue to next test\""
"&& read -n 1 -s && printf \"\\n\\n\"\n")
# Read in the configuration file for which tests and helpers to install
with open('tests_config.json', 'r') as config_file:
config = json.load(config_file)
# Set log length to 50
set_log_length(50)
def get_files_to_install(week, category):
"""
#!/usr/bin/env python3.7
import sys
sys.path.append(sys.path[0] + '/../99_helpers/')
from test_helpers import print_log, print_check, print_crit_check # noqa # pylint: disable=import-error
from test_helpers import print_test_summary # noqa # pylint: disable=import-error
from test_helpers import get_process_output # noqa # pylint: disable=import-error
print_log("Checking netplan dhcp")
with open('/etc/netplan/psa.yaml', 'r') as f:
netplan = f.read()
print_crit_check('dhcp4: true' in netplan)
print_log("Checking IP address assigned")
ip = get_process_output("ip -o -f inet addr show dev enp0s8 dynamic")
print_crit_check("inet 192.168.10." in ip)
print_log("Checking subnet mask specified")
print_check("/24 brd" in ip)
print_log("Checking routes specified")
routes = get_process_output("ip route list proto dhcp dev enp0s8")
print_check("192.168.0.0/16 via 192.168.10.2" in routes)
print_test_summary()