def test_view_ops_n2n_encryption_enabled(self):
ntonencryptionBase().disable_nton_cluster([self.master])
self.log.info("###### Generating x509 certificate#####")
self.generate_x509_certs(self.servers)
self.log.info("###### uploading x509 certificate#####")
self.upload_x509_certs(self.servers)
self._load_doc_data_all_buckets()
for bucket in self.buckets:
self._execute_ddoc_ops("create",
self.test_with_view,
self.num_ddocs,
self.num_views_per_ddoc,
bucket=bucket)
self._wait_for_stats_all_buckets([self.master])
ntonencryptionBase().setup_nton_cluster(
[self.master], clusterEncryptionLevel="strict")
self.x509enable = True
encryption_result = ntonencryptionBase().setup_nton_cluster(
self.servers, 'enable', self.ntonencrypt_level)
self.assertTrue(encryption_result,
"Retries Exceeded. Cannot enable n2n encryption")
self._verify_ddoc_ops_all_buckets()
self._verify_ddoc_data_all_buckets()
self._execute_ddoc_ops("update",
self.test_with_view,
self.num_ddocs // 2,
self.num_views_per_ddoc // 2,
bucket=bucket)
self._wait_for_stats_all_buckets([self.master])
ntonencryptionBase().disable_nton_cluster([self.master])
self._verify_ddoc_ops_all_buckets()
self._verify_ddoc_data_all_buckets()
self._execute_ddoc_ops("delete",
self.test_with_view,
self.num_ddocs // 2,
self.num_views_per_ddoc // 2,
bucket=bucket)
self._wait_for_stats_all_buckets([self.master])
ntonencryptionBase().setup_nton_cluster(
[self.master], clusterEncryptionLevel="strict")
self._verify_ddoc_ops_all_buckets()
self._verify_ddoc_data_all_buckets()
assert ClusterOperationHelper.check_if_services_obey_tls(
servers=[self.master
]), "Port binding after enforcing TLS incorrect"
def test_n2n_encryption_enabled_rebalance_in_with_ddoc_ops(self):
self.assertTrue(self.num_servers > self.nodes_in + self.nodes_out,
"ERROR: Not enough nodes to do rebalance in and out")
ntonencryptionBase().disable_nton_cluster([self.master])
self._load_doc_data_all_buckets()
servs_in = self.servers[1:self.nodes_in + 1]
rebalance = self.cluster.async_rebalance(self.servers[:1], servs_in,
[])
for bucket in self.buckets:
self._execute_ddoc_ops("create",
self.test_with_view,
self.num_ddocs,
self.num_views_per_ddoc,
bucket=bucket)
self._execute_ddoc_ops("update",
self.test_with_view,
self.num_ddocs // 2,
self.num_views_per_ddoc // 2,
bucket=bucket)
self._execute_ddoc_ops("delete",
self.test_with_view,
self.num_ddocs // 2,
self.num_views_per_ddoc // 2,
bucket=bucket)
rebalance.result()
self._wait_for_stats_all_buckets(self.servers[:self.nodes_in + 1])
max_verify = None
if self.num_items > 500000:
max_verify = 100000
ntonencryptionBase().setup_nton_cluster(
[self.master], clusterEncryptionLevel="strict")
self._verify_all_buckets(server=self.master,
timeout=self.wait_timeout *
15 if not self.dgm_run else None,
max_verify=max_verify)
self._verify_stats_all_buckets(
self.servers[:self.nodes_in + 1],
timeout=self.wait_timeout if not self.dgm_run else None)
self._verify_ddoc_ops_all_buckets()
if self.test_with_view:
self._verify_ddoc_data_all_buckets()
assert ClusterOperationHelper.check_if_services_obey_tls(
servers=[self.master
]), "Port binding after enforcing TLS incorrect"
def test_n2n_encryption_enabled_rebalance_in_and_out_with_ddoc_ops(self):
#assert if number of nodes_in and nodes_out are not sufficient
self.assertTrue(self.num_servers > self.nodes_in + self.nodes_out,
"ERROR: Not enough nodes to do rebalance in and out")
ntonencryptionBase().disable_nton_cluster([self.master])
servs_in = self.servers[self.num_servers - self.nodes_in:]
#subtract the servs_in from the list of servers
servs_for_rebal = [
serv for serv in self.servers if serv not in servs_in
]
servs_out = servs_for_rebal[self.num_servers - self.nodes_in -
self.nodes_out:]
x509main().setup_cluster_nodes_ssl(servs_out)
#list of server which will be available after the in/out operation
servs_after_rebal = [
serv for serv in self.servers if serv not in servs_out
]
self.log.info(
"create a cluster of all the available servers except nodes_in")
self.cluster.rebalance(servs_for_rebal[:1], servs_for_rebal[1:], [])
#ntonencryptionBase().disable_nton_cluster([self.master])
# load initial documents
self._load_doc_data_all_buckets()
#start the rebalance in/out operation
rebalance = self.cluster.async_rebalance(servs_for_rebal, servs_in,
servs_out)
for bucket in self.buckets:
self._execute_ddoc_ops("create",
self.test_with_view,
self.num_ddocs,
self.num_views_per_ddoc,
bucket=bucket)
if self.ddoc_ops in ["update", "delete"]:
self._execute_ddoc_ops(self.ddoc_ops,
self.test_with_view,
self.num_ddocs // 2,
self.num_views_per_ddoc // 2,
bucket=bucket)
rebalance.result()
self._wait_for_stats_all_buckets(servs_after_rebal)
max_verify = None
if self.num_items > 500000:
max_verify = 100000
encryption_result = ntonencryptionBase().setup_nton_cluster(
[self.master], clusterEncryptionLevel="strict")
self.assertTrue(encryption_result,
"Retries Exceeded. Cannot enable n2n encryption")
self.cluster.async_rebalance(servs_for_rebal, servs_in, servs_out)
self._verify_all_buckets(server=self.master,
timeout=self.wait_timeout *
15 if not self.dgm_run else None,
max_verify=max_verify)
self._verify_stats_all_buckets(
servs_after_rebal,
timeout=self.wait_timeout if not self.dgm_run else None)
self._verify_ddoc_ops_all_buckets()
if self.test_with_view:
self._verify_ddoc_data_all_buckets()
assert ClusterOperationHelper.check_if_services_obey_tls(
servers=[self.master
]), "Port binding after enforcing TLS incorrect"
