def setUp(self):
super(BaseTestFC.BaseTestFirewallControl, self).setUp()
mock.patch.object(
util, 'platform_info',
util.PlatformInfo('Linux', 'CentOS', 0.0, self.el_version, 0.0,
0, '')).start()
self.test_firewall = FirewallControl.create()
# Guaranteed cleanup with unittest2
self.addCleanup(mock.patch.stopall)
def open_firewall(port, address, proto, description, persist):
firewall_control = FirewallControl.create()
return agent_ok_or_error(
firewall_control.add_rule(port, proto, description, persist, address))
from chroma_core.lib.util import CommandLine, CommandError
from iml_common.lib.ntp import NTPConfig
from iml_common.lib.firewall_control import FirewallControl
from iml_common.lib.service_control import ServiceControl, ServiceControlEL7
from iml_common.lib.util import wait_for_result
log = logging.getLogger("installation")
try:
# python2.7
log.addHandler(logging.StreamHandler(stream=sys.stdout))
except TypeError:
# python2.6
log.addHandler(logging.StreamHandler(strm=sys.stdout))
log.setLevel(logging.INFO)
firewall_control = FirewallControl.create()
class ServiceConfig(CommandLine):
REQUIRED_DB_SPACE_GB = 100
bytes_in_gigabytes = 1073741824
def __init__(self):
self.verbose = False
@staticmethod
def _check_name_resolution():
"""
Check:
* that the hostname is not localhost
* that the FQDN can be looked up from hostname
from netaddr import IPNetwork, IPAddress
from netaddr.core import AddrFormatError
from urlparse import urljoin
from chroma_agent import config
from chroma_agent.lib import node_admin
from chroma_agent.lib.shell import AgentShell
from chroma_agent.log import console_log
from iml_common.lib.firewall_control import FirewallControl
from iml_common.lib.service_control import ServiceControl
from chroma_agent.lib import networking
from chroma_agent.lib.talker_thread import TalkerThread
env = Environment(loader=PackageLoader('chroma_agent', 'templates'))
firewall_control = FirewallControl.create(logger=console_log)
# Used to make noise on ring1 to enable corosync detection.
talker_thread = None
class RingDetectionError(Exception):
pass
def get_all_interfaces():
import ethtool
# Not sure how robust this will be; need to test with real gear.
# In theory, should do the job to exclude IPoIB and lo interfaces.
hwaddr_blacklist = ['00:00:00:00:00:00', '80:00:00:48:fe:80']
eth_interfaces = []
class BaseTestFirewallControl(CommandCaptureTestCase):
""" Abstract base class for testing the FirewallControl class """
__metaclass__ = abc.ABCMeta
# class variables
port = '88'
proto = 'tcp'
desc = 'test service'
address = '192.168.1.100'
# create example named tuple to compare with objects in rules list
example_port_rule = FirewallControl.FirewallRule(port,
proto,
desc,
persist=True,
address=None)
example_address_rule = FirewallControl.FirewallRule(0,
proto,
desc,
persist=False,
address=address)
# base expected error strings
assert_address_with_port_msg = 'ing a specific port on a source address is not ' \
'supported, port value must be 0 (ANY)'
assert_address_persist_msg = 'ing all ports on a source address permanently is not ' \
'currently supported'
assert_port_not_persist_msg = 'ing a single port temporarily is not currently supported'
def init_firewall(self, el_version):
self.el_version = el_version
def setUp(self):
super(BaseTestFC.BaseTestFirewallControl, self).setUp()
mock.patch.object(
util, 'platform_info',
util.PlatformInfo('Linux', 'CentOS', 0.0, self.el_version, 0.0,
0, '')).start()
self.test_firewall = FirewallControl.create()
# Guaranteed cleanup with unittest2
self.addCleanup(mock.patch.stopall)
def test_open_address_incorrect_port(self):
# test opening a given port on a specific address, AssertionError should be
# thrown and no commands issued
try:
self.test_firewall.add_rule(1234,
self.proto,
self.desc,
persist=True,
address=self.address)
# shouldn't get here
self.assertTrue(False)
except AssertionError as e:
self.assertEqual(str(e),
'open' + self.assert_address_with_port_msg)
# class instance should have record of added rule
self.assertEqual(len(self.test_firewall.rules), 0)
# no commands should have run
self.assertRanAllCommandsInOrder()
def test_close_address_incorrect_port(self):
# test closing a given port on a specific address, AssertionError should be
# thrown and no commands issued
try:
self.test_firewall.remove_rule(1234,
self.proto,
self.desc,
persist=True,
address=self.address)
# shouldn't get here
self.assertTrue(False)
except AssertionError as e:
self.assertEqual(str(e),
'clos' + self.assert_address_with_port_msg)
# class instance should have record of added rule
self.assertEqual(len(self.test_firewall.rules), 0)
# no commands should have run
self.assertRanAllCommandsInOrder()
def test_open_address_persistent(self):
# test opening all ports on a specific address permanently, AssertionError
# should be thrown and no commands issued
try:
self.test_firewall.add_rule(0,
self.proto,
self.desc,
persist=True,
address=self.address)
# shouldn't get here
self.assertTrue(False)
except AssertionError as e:
self.assertEqual(str(e),
'open' + self.assert_address_persist_msg)
# class instance should have record of added rule
self.assertEqual(len(self.test_firewall.rules), 0)
# no commands should have run
self.assertRanAllCommandsInOrder()
def test_close_address_persistent(self):
# test closing all ports on a specific address permanently, AssertionError
# should be thrown and no commands issued
try:
self.test_firewall.remove_rule(0,
self.proto,
self.desc,
persist=True,
address=self.address)
# shouldn't get here
self.assertTrue(False)
except AssertionError as e:
self.assertEqual(str(e),
'clos' + self.assert_address_persist_msg)
# class instance should have record of added rule
self.assertEqual(len(self.test_firewall.rules), 0)
# no commands should have run
self.assertRanAllCommandsInOrder()
def test_open_port_not_persistent(self):
# test opening port on a specific address temporarily, AssertionError
# should be thrown and no commands issued
try:
self.test_firewall.add_rule(1234,
self.proto,
self.desc,
persist=False,
address=None)
# shouldn't get here
self.assertTrue(False)
except AssertionError as e:
self.assertEqual(str(e),
'open' + self.assert_port_not_persist_msg)
# class instance should have record of added rule
self.assertEqual(len(self.test_firewall.rules), 0)
# no commands should have run
self.assertRanAllCommandsInOrder()
def test_close_port_not_persistent(self):
# test closing port on a specific address temporarily, AssertionError
# should be thrown and no commands issued
try:
self.test_firewall.remove_rule(1234,
self.proto,
self.desc,
persist=False,
address=None)
# shouldn't get here
self.assertTrue(False)
except AssertionError as e:
self.assertEqual(str(e),
'clos' + self.assert_port_not_persist_msg)
# class instance should have record of added rule
self.assertEqual(len(self.test_firewall.rules), 0)
# no commands should have run
self.assertRanAllCommandsInOrder()
@abc.abstractmethod
def test_open_port(self):
raise NotImplementedError
@abc.abstractmethod
def test_close_port(self):
raise NotImplementedError
@abc.abstractmethod
def test_open_address(self):
raise NotImplementedError
@abc.abstractmethod
def test_close_address(self):
raise NotImplementedError
