def test_ssl(cfy, manager, module_tmpdir, attributes, ssh_key, logger):
cert_path = join(module_tmpdir, '.cloudify', 'profiles',
manager.ip_address, 'public_rest_cert.crt')
_generate_external_cert(manager, logger)
_download_external_cert(manager, logger, local_cert_path=cert_path)
cfy.profiles.set('-c', cert_path)
assert 'SSL disabled' in cfy.ssl.status()
current_profile = cfy.profiles.show()
assert ' 80 ' in current_profile
assert ' http ' in current_profile
cfy.ssl.enable()
cfy.profiles.set('--ssl', 'on', '--skip-credentials-validation')
time.sleep(5)
assert 'SSL enabled' in cfy.ssl.status()
current_profile = cfy.profiles.show()
assert ' 443 ' in current_profile
assert ' https ' in current_profile
_manager_client = manager.client
ssl_client = CloudifyClient(username='******',
password='******',
host=manager.ip_address,
tenant='default_tenant',
protocol='https',
cert=cert_path)
manager.client = ssl_client
if not is_community():
tenant_name = 'ssl_tenant'
cfy.users.create('ssl_user', '-p', 'ssl_pass')
cfy.tenants.create(tenant_name)
cfy.tenants('add-user',
'ssl_user',
'-t',
tenant_name,
'-r',
DEFAULT_TENANT_ROLE)
hello_world = centos_hello_world(cfy, manager, attributes, ssh_key,
logger, module_tmpdir)
hello_world.upload_and_verify_install()
cfy.ssl.disable()
cfy.profiles.set('--ssl', 'off', '--skip-credentials-validation')
time.sleep(5)
assert 'SSL disabled' in cfy.ssl.status()
current_profile = cfy.profiles.show()
assert ' 80 ' in current_profile
assert ' http ' in current_profile
manager.client = _manager_client
hello_world.uninstall()
hello_world.delete_deployment()
def test_cfy_manager_configure(manager, logger, tmpdir):
logger.info('Putting code to get decrypted passwords on manager...')
manager.put_remote_file_content(
remote_path=GET_MQ_PASSWORDS_CODE_PATH,
content=GET_MQ_PASSWORDS_CODE
)
logger.info('Getting current CA cert from the manager...')
old_cert = manager.get_remote_file_content(REMOTE_CERT_PATH)
tenants_to_check = [DEFAULT_TENANT_NAME]
# Creating new tenants is a premium-only feature
if not is_community():
logger.info('Creating new tenant and '
'validating RMQ user was created...')
manager.client.tenants.create(NEW_TENANT)
tenants_to_check.append(NEW_TENANT)
mq_passwords = _get_mq_passwords(manager)
for tenant in tenants_to_check:
assert 'rabbitmq_user_{0}'.format(tenant) in mq_passwords
logger.info('Editing security config file on the manager...')
_edit_security_config(manager)
logger.info('Editing hooks.conf file on the manager...')
manager.put_remote_file_content(REMOTE_HOOKS_PATH, NEW_HOOKS)
logger.info('Running `cfy_manager configure`...')
manager.run_command('cfy_manager configure')
logger.info('Verifying certificates unchanged after configure...')
new_cert = manager.get_remote_file_content(REMOTE_CERT_PATH)
assert old_cert == new_cert
logger.info('Validating security config file on the manager persists...')
security_config = json.loads(
manager.get_remote_file_content(REMOTE_CONF_PATH)
)
assert NEW_KEY in security_config
assert security_config[NEW_KEY] == NEW_VALUE
logger.info('Validating hooks.conf file unchanged after configure...')
hooks_content = manager.get_remote_file_content(REMOTE_HOOKS_PATH)
assert hooks_content == NEW_HOOKS
logger.info('Validating MQ passwords unchanged after configure...')
# We expect the command to fail if the password has changed or
# if the any of the users weren't recreated in RMQ
for mq_user, mq_password in mq_passwords.items():
manager.run_command(
AUTH_MQ_USER_CMD.format(user=mq_user, password=mq_password),
use_sudo=True
)
def test_ssl(cfy, manager, module_tmpdir, attributes, ssh_key, logger):
cert_path = join(module_tmpdir, '.cloudify', 'profiles',
manager.ip_address, 'public_rest_cert.crt')
_generate_external_cert(manager, logger)
_download_external_cert(manager, logger, local_cert_path=cert_path)
cfy.profiles.set('-c', cert_path)
assert 'SSL disabled' in cfy.ssl.status()
current_profile = cfy.profiles.show()
assert ' 80 ' in current_profile
assert ' http ' in current_profile
cfy.ssl.enable()
cfy.profiles.set('--ssl', 'on', '--skip-credentials-validation')
time.sleep(5)
assert 'SSL enabled' in cfy.ssl.status()
current_profile = cfy.profiles.show()
assert ' 443 ' in current_profile
assert ' https ' in current_profile
_manager_client = manager.client
ssl_client = CloudifyClient(username='******',
password='******',
host=manager.ip_address,
tenant='default_tenant',
protocol='https',
cert=cert_path)
manager.client = ssl_client
if not is_community():
tenant_name = 'ssl_tenant'
cfy.users.create('ssl_user', '-p', 'ssl_pass')
cfy.tenants.create(tenant_name)
cfy.tenants('add-user', 'ssl_user', '-t', tenant_name, '-r',
DEFAULT_TENANT_ROLE)
hello_world = centos_hello_world(cfy, manager, attributes, ssh_key, logger,
module_tmpdir)
hello_world.upload_and_verify_install()
cfy.ssl.disable()
cfy.profiles.set('--ssl', 'off', '--skip-credentials-validation')
time.sleep(5)
assert 'SSL disabled' in cfy.ssl.status()
current_profile = cfy.profiles.show()
assert ' 80 ' in current_profile
assert ' http ' in current_profile
manager.client = _manager_client
hello_world.uninstall()
hello_world.delete_deployment()
def test_cfy_manager_configure(manager, logger, tmpdir):
logger.info('Putting code to get decrypted passwords on manager...')
manager.put_remote_file_content(remote_path=GET_MQ_PASSWORDS_CODE_PATH,
content=GET_MQ_PASSWORDS_CODE)
logger.info('Getting current CA cert from the manager...')
old_cert = manager.get_remote_file_content(REMOTE_CERT_PATH)
tenants_to_check = [DEFAULT_TENANT_NAME]
# Creating new tenants is a premium-only feature
if not is_community():
logger.info('Creating new tenant and '
'validating RMQ user was created...')
manager.client.tenants.create(NEW_TENANT)
tenants_to_check.append(NEW_TENANT)
mq_passwords = _get_mq_passwords(manager)
for tenant in tenants_to_check:
assert 'rabbitmq_user_{0}'.format(tenant) in mq_passwords
logger.info('Editing security config file on the manager...')
_edit_security_config(manager)
logger.info('Editing hooks.conf file on the manager...')
manager.put_remote_file_content(REMOTE_HOOKS_PATH, NEW_HOOKS)
logger.info('Running `cfy_manager configure`...')
manager.run_command('cfy_manager configure')
logger.info('Verifying certificates unchanged after configure...')
new_cert = manager.get_remote_file_content(REMOTE_CERT_PATH)
assert old_cert == new_cert
logger.info('Validating security config file on the manager persists...')
security_config = json.loads(
manager.get_remote_file_content(REMOTE_CONF_PATH))
assert NEW_KEY in security_config
assert security_config[NEW_KEY] == NEW_VALUE
logger.info('Validating hooks.conf file unchanged after configure...')
hooks_content = manager.get_remote_file_content(REMOTE_HOOKS_PATH)
assert hooks_content == NEW_HOOKS
logger.info('Validating MQ passwords unchanged after configure...')
# We expect the command to fail if the password has changed or
# if the any of the users weren't recreated in RMQ
for mq_user, mq_password in mq_passwords.items():
manager.run_command(AUTH_MQ_USER_CMD.format(user=mq_user,
password=mq_password),
use_sudo=True)
def get_hello_worlds(cfy, manager, attributes, ssh_key, tmpdir, logger):
if is_community():
tenants = ['default_tenant']
else:
tenants = [
prepare_and_get_test_tenant(name, manager, cfy)
for name in ('hello1', 'hello2')
]
hellos = []
for tenant in tenants:
hello = centos_hello_world(cfy, manager, attributes, ssh_key,
logger, tmpdir, tenant, suffix=tenant)
hellos.append(hello)
return hellos
def upgrade_agents(cfy, manager, logger):
logger.info('Upgrading agents')
args = [] if is_community() else ['--all-tenants']
cfy.agents.install(args)
def get_multi_tenant_versions_list():
if is_community():
# Community only works single tenanted
return ()
else:
return MULTI_TENANT_MANAGERS
def manager_supports_users_in_snapshot_creation(manager):
# You probably don't want to change this, unless somebody broke snapshots
# for users in a recent manager version and we decided to release anyway
return (manager.branch_name
not in ('3.4.2', '4.0', '4.0.1', '4.1', '4.1.1')
and not is_community())
import pytest
from cosmo_tester.framework.util import is_community
skip_community = pytest.mark.skipif(
is_community(),
reason='Cloudify Community version does not support clustering')
def upgrade_agents(cfy, manager, logger):
logger.info('Upgrading agents')
args = [] if is_community() else ['--all-tenants']
cfy.agents.install(args)
def get_multi_tenant_versions_list():
if is_community():
# Community only works single tenanted
return ()
else:
return MULTI_TENANT_MANAGERS
def manager_supports_users_in_snapshot_creation(manager):
"""Premium managers starting 4.2 support users in snapshot creation."""
return not is_community()
for i in range(number_of_deps):
cluster = cluster_class(
cfy, tier_2_manager, attributes,
ssh_key, logger, tmpdir, suffix=resource_id
)
cluster.blueprint_id = '{0}_bp'.format(resource_id)
cluster.deployment_id = '{0}_dep_{1}'.format(resource_id, i)
cluster.blueprint_file = 'blueprint.yaml'
clusters.append(cluster)
return clusters
@pytest.mark.skipif(util.is_redhat(),
reason='MoM plugin is only available on Centos')
@pytest.mark.skipif(util.is_community(),
reason='Cloudify Community version does '
'not support clustering')
def test_tier_1_cluster_staged_upgrade(floating_ip_2_tier_1_clusters):
"""
In this scenario the second cluster is created _alongside_ the first one
with different floating IPs
"""
first_cluster = floating_ip_2_tier_1_clusters[0]
second_cluster = floating_ip_2_tier_1_clusters[1]
first_cluster.deploy_and_validate()
# Install hello world deployment on Tier 1 cluster
first_cluster.execute_hello_world_workflow('install')
attributes,
ssh_key,
logger,
tmpdir,
suffix=resource_id)
cluster.blueprint_id = '{0}_bp'.format(resource_id)
cluster.deployment_id = '{0}_dep_{1}'.format(resource_id, i)
cluster.blueprint_file = 'blueprint.yaml'
clusters.append(cluster)
return clusters
@pytest.mark.skipif(util.is_redhat(),
reason='MoM plugin is only available on Centos')
@pytest.mark.skipif(util.is_community(),
reason='Cloudify Community version does '
'not support clustering')
def test_tier_1_cluster_staged_upgrade(floating_ip_2_tier_1_clusters):
"""
In this scenario the second cluster is created _alongside_ the first one
with different floating IPs
"""
first_cluster = floating_ip_2_tier_1_clusters[0]
second_cluster = floating_ip_2_tier_1_clusters[1]
first_cluster.deploy_and_validate()
# Install hello world deployment on Tier 1 cluster
first_cluster.execute_hello_world_workflow('install')