def varnish(): env.platform_family = detect.detect() varnish_config = "/etc/varnish/default.vcl" assert package.installed("varnish") assert process.is_up("varnishd") assert service.is_enabled("varnish") assert port.is_listening(80) assert file.has_line(varnish_config, "backend master") assert file.has_line(varnish_config, "backend local")
def add_password(self, ip, password): config = { "ip_address": ip, "password":password, "type":"vmpassword" } self.update_config(config) assert file.has_line("/var/cache/cloud/passwords", "%s=%s" % (ip, password))
def check(): env.platform_family = detect.detect() # file assert file.exists("/etc/hosts") assert file.is_file("/etc/hosts") assert file.is_dir("/tmp/") assert file.dir_exists("/tmp/") assert file.has_line("/etc/passwd", "sshd") assert file.owner_is("/bin/sh", "root") if env.platform_family == "freebsd": assert file.is_link("/compat") assert file.group_is("/bin/sh", "wheel") assert file.mode_is("/bin/sh", "555") else: assert file.is_link("/usr/tmp") assert file.group_is("/bin/sh", "root") assert file.mode_is("/bin/sh", "777") assert package.installed("wget.x86_64") assert user.exists("sshd") assert user.is_belonging_group("worker", "users") assert group.is_exists("wheel") assert port.is_listening(22) assert cron.has_entry('shirou', 'python') if env.platform_family == "freebsd": assert service.is_enabled("apache22") assert process.is_up("httpd") else: assert service.is_enabled("http") assert process.is_up("http") is False
def apache2(): assert package.installed("apache2") assert service.is_enabled("apache2") assert service.is_up("apache2") assert port.is_listening(80) assert file.is_file("/etc/apache2/httpd.conf") assert file.has_line("/etc/apache2/httpd.conf", "ServerName localhost")
def apache(): env.platform_family = detect.detect() apache_config = "/etc/apache2/sites-enabled/wordpress.conf" assert package.installed("apache2") assert process.is_up("apache2") assert service.is_enabled("apache2") assert port.is_listening(8080) assert file.has_line(apache_config, "VirtualHost *:8080")
def apache(): env.platform_family = detect.detect() apache_config = "/etc/apache2/sites-enabled/wordpress.conf" web_user = "******" www_dir = "/var/www/vhosts/example.com" assert package.installed("apache2") assert process.is_up("apache2") assert service.is_enabled("apache2") assert port.is_listening(8080) assert file.has_line(apache_config, "VirtualHost *:8080") assert file.owner_is(www_dir, web_user)
def guest_network(self,config): vpn_config = { "local_public_ip": config['router_guest_ip'], "local_guest_cidr":"%s/%s" % (config['router_guest_gateway'], config['cidr']), "local_public_gateway":"172.16.1.1", "peer_gateway_ip":"10.200.200.1", "peer_guest_cidr_list":"10.0.0.0/24", "esp_policy":"3des-md5", "ike_policy":"3des-md5", "ipsec_psk":"vpnblabla", "ike_lifetime":86400, "esp_lifetime":3600, "create":True, "dpd":False, "passive":False, "type":"site2sitevpn" } octets = config['router_guest_ip'].split('.') configs = [] # This should fail because the network does not yet exist self.update_config(vpn_config) assert not file.exists("/etc/ipsec.d/ipsec.vpn-%s.conf" % vpn_config['peer_gateway_ip']) self.update_config(config) self.update_config(vpn_config) assert ip.has_ip("%s/%s" % (config['router_guest_ip'], config['cidr']), config['device']) assert process.is_up("apache2"), "Apache2 should be running after adding a guest network" assert process.is_up("dnsmasq"), "Dnsmasq should be running after adding a guest network" assert file.exists("/etc/ipsec.d/ipsec.vpn-%s.conf" % vpn_config['peer_gateway_ip']) assert file.mode_is("/etc/ipsec.d/ipsec.vpn-%s.secrets" % vpn_config['peer_gateway_ip'], "400") result = run("/usr/sbin/ipsec setup status", timeout=600, warn_only=True) assert result.succeeded, 'ipsec returned non zero status %s' % config['router_guest_ip'] # Add a host to the dhcp server # This must happen in order for dnsmasq to be listening for n in range(3,13): ipb = ".".join(octets[0:3]) ipa = "%s.%s" % (ipb, n) gw = "%s.1" % ipb self.basic_dhcp_entry['ipv4_adress'] = ipa self.basic_dhcp_entry['default_gateway'] = gw self.basic_dhcp_entry['host_name'] = "host_%s" % (ipa) self.update_config(self.basic_dhcp_entry) configs.append(copy.deepcopy(self.basic_dhcp_entry)) assert port.is_listening(80) assert port.is_listening(53) assert port.is_listening(53) assert port.is_listening(67) for o in configs: line = "%s,%s,%s,infinite" % (o['mac_address'], o['ipv4_adress'], o['host_name']) assert file.has_line("/etc/dhcphosts.txt", line) config['add'] = False self.update_config(config) assert not ip.has_ip("%s/%s" % (config['router_guest_ip'], config['cidr']), config['device']) # Now setup what we have redundant self.redundant("-e") self.configure() assert process.is_up("keepalived"), "Keepalived should be running after enabling redundancy" assert process.is_up("conntrackd"), "Conntrackd should be running after enabling redundancy" self.redundant("-d") self.configure() assert not process.is_up("keepalived"), "Keepalived should be not running after disabling redundancy" assert not process.is_up("conntrackd"), "Conntrackd should be not running after disabling redundancy" for o in configs: o['add'] = False self.update_config(o) for o in configs: line = "%s,%s,%s,infinite" % (o['mac_address'], o['ipv4_adress'], o['host_name']) assert file.has_line("/etc/dhcphosts.txt", line) is False # If the network gets deleted so should the vpn assert not file.exists("/etc/ipsec.d/ipsec.vpn-%s.conf" % vpn_config['peer_gateway_ip'])
def check_password(self,passw): for val in passw: self.add_password(val, passw[val]) for val in passw: assert file.has_line("/var/cache/cloud/passwords", "%s=%s" % (val, passw[val]))