def is_ssl_enabled_on_unit(unit, port=None):
"""Check a single juju rmq unit for ssl and port in the config file."""
host = unit.public_address
unit_name = unit.entity_id
conf_file = '/etc/rabbitmq/rabbitmq.config'
conf_contents = str(generic_utils.get_file_contents(unit, conf_file))
# Checks
conf_ssl = 'ssl' in conf_contents
conf_port = str(port) in conf_contents
# Port explicitly checked in config
if port and conf_port and conf_ssl:
logging.debug('SSL is enabled @{}:{} '
'({})'.format(host, port, unit_name))
return True
elif port and not conf_port and conf_ssl:
logging.debug('SSL is enabled @{} but not on port {} '
'({})'.format(host, port, unit_name))
return False
# Port not checked (useful when checking that ssl is disabled)
elif not port and conf_ssl:
logging.debug('SSL is enabled @{}:{} '
'({})'.format(host, port, unit_name))
return True
elif not conf_ssl:
logging.debug('SSL not enabled @{}:{} '
'({})'.format(host, port, unit_name))
return False
else:
msg = ('Unknown condition when checking SSL status @{}:{} '
'({})'.format(host, port, unit_name))
raise ValueError(msg)
def test_200_haproxy_stats_config(self):
"""Verify that the HAProxy stats are properly setup."""
logging.info('Checking dashboard HAProxy settings...')
unit = zaza_model.get_unit_from_name(
zaza_model.get_lead_unit_name(self.application_name))
logging.debug("... dashboard_ip is:{}".format(
zaza_model.get_unit_public_address(unit)))
conf = '/etc/haproxy/haproxy.cfg'
port = '8888'
set_alternate = {
'haproxy-expose-stats': 'True',
}
request = urllib.request.Request('http://{}:{}'.format(
zaza_model.get_unit_public_address(unit), port))
output = str(generic_utils.get_file_contents(unit, conf))
password = None
for line in output.split('\n'):
if "stats auth" in line:
password = line.split(':')[1]
break
else:
raise ValueError("'stats auth' not found in output'")
base64string = base64.b64encode(
bytes('{}:{}'.format('admin', password), 'ascii'))
request.add_header("Authorization",
"Basic {}".format(base64string.decode('utf-8')))
# Expect default config to not be available externally.
expected = 'bind 127.0.0.1:{}'.format(port)
self.assertIn(expected, output)
with self.assertRaises(urllib.error.URLError):
_do_request(request)
zaza_model.set_application_config(self.application_name, set_alternate)
zaza_model.block_until_all_units_idle(model_name=self.model_name)
# Once exposed, expect HAProxy stats to be available externally
output = str(generic_utils.get_file_contents(unit, conf))
expected = 'bind 0.0.0.0:{}'.format(port)
html = _do_request(request).read().decode(encoding='utf-8')
self.assertIn(expected, output)
self.assertIn('Statistics Report for HAProxy', html,
"HAProxy stats check failed")
def test_vgpu_in_nova_conf(self):
"""Test that nova.conf contains vGPU-related settings.
This test assumes that nova-compute-nvidia-vgpu's config option
vgpu-device-mappings has been set to something not empty like
"{'nvidia-108': ['0000:c1:00.0']}".
"""
for unit in zaza.model.get_units('nova-compute',
model_name=self.model_name):
nova_conf_file = '/etc/nova/nova.conf'
nova_conf = str(generic_utils.get_file_contents(unit,
nova_conf_file))
# See
# https://docs.openstack.org/nova/queens/admin/virtual-gpu.html
# https://docs.openstack.org/nova/ussuri/admin/virtual-gpu.html
# https://docs.openstack.org/releasenotes/nova/xena.html#deprecation-notes
self.assertTrue(('enabled_vgpu_types' in nova_conf) or
('enabled_mdev_types' in nova_conf))