def test_zones_referenced_in_placement_constraints(): sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) sdk_install.install( config.PACKAGE_NAME, config.SERVICE_NAME, config.DEFAULT_TASK_COUNT, additional_options={ "master_nodes": { "placement": "[[\"@zone\", \"GROUP_BY\"]]" }, "data_nodes": { "placement": "[[\"@zone\", \"GROUP_BY\"]]" }, "ingest_nodes": { "placement": "[[\"@zone\", \"GROUP_BY\"]]" }, "coordinator_nodes": { "placement": "[[\"@zone\", \"GROUP_BY\"]]" } }) nodes_info = config.get_elasticsearch_nodes_info( service_name=config.SERVICE_NAME) for node_uid, node in nodes_info["nodes"].items(): assert "zone" == sdk_utils.get_in([ "settings", "cluster", "routing", "allocation", "awareness", "attributes" ], node) assert sdk_fault_domain.is_valid_zone( sdk_utils.get_in(["attributes", "zone"], node)) sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def kafka_server(kerberos): """ A pytest fixture that installs a Kerberized kafka service. On teardown, the service is uninstalled. """ service_kerberos_options = { "service": { "name": config.SERVICE_NAME, "security": { "kerberos": { "enabled": True, "kdc": { "hostname": kerberos.get_host(), "port": int(kerberos.get_port()) }, "realm": kerberos.get_realm(), "keytab_secret": kerberos.get_keytab_path(), } } } } sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) try: sdk_install.install( config.PACKAGE_NAME, config.SERVICE_NAME, config.DEFAULT_BROKER_COUNT, additional_options=service_kerberos_options, timeout_seconds=30 * 60) yield {**service_kerberos_options, **{"package_name": config.PACKAGE_NAME}} finally: sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def kafka_server(service_account): """ A pytest fixture that installs a non-kerberized kafka service. On teardown, the service is uninstalled. """ service_options = { "service": { "name": config.SERVICE_NAME, # Note that since we wish to toggle TLS which *REQUIRES* a service account, # we need to install Kafka with a service account to start with. "service_account": service_account["name"], "service_account_secret": service_account["secret"], } } sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) try: sdk_install.install( config.PACKAGE_NAME, config.SERVICE_NAME, config.DEFAULT_BROKER_COUNT, additional_options=service_options, timeout_seconds=30 * 60) yield {**service_options, **{"package_name": config.PACKAGE_NAME}} finally: sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def setup_constraint_switch(): sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) agents = sdk_agents.get_private_agents() some_agent = agents[0]["hostname"] other_agent = agents[1]["hostname"] log.info("Agents: %s %s", some_agent, other_agent) assert some_agent != other_agent options = _escape_placement_for_1_9( { "service": {"yaml": "marathon_constraint"}, "hello": { "count": 1, # First, we stick the pod to some_agent "placement": '[["hostname", "LIKE", "{}"]]'.format(some_agent), }, "world": {"count": 0}, } ) sdk_install.install(config.PACKAGE_NAME, config.SERVICE_NAME, 1, additional_options=options) sdk_tasks.check_running(config.SERVICE_NAME, 1) hello_ids = sdk_tasks.get_task_ids(config.SERVICE_NAME, "hello") # Now, stick it to other_agent marathon_config = sdk_marathon.get_config(config.SERVICE_NAME) marathon_config["env"]["HELLO_PLACEMENT"] = '[["hostname", "LIKE", "{}"]]'.format(other_agent) sdk_marathon.update_app(marathon_config) # Wait for the scheduler to be up and settled before advancing. sdk_plan.wait_for_completed_deployment(config.SERVICE_NAME) return some_agent, other_agent, hello_ids
def test_hostname_unique(): sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) options = _escape_placement_for_1_9( { "service": {"yaml": "marathon_constraint"}, "hello": {"count": get_num_private_agents(), "placement": '[["hostname", "UNIQUE"]]'}, "world": {"count": get_num_private_agents(), "placement": '[["hostname", "UNIQUE"]]'}, } ) sdk_install.install( config.PACKAGE_NAME, config.SERVICE_NAME, get_num_private_agents() * 2, additional_options=options, ) # hello deploys first. One "world" task should end up placed with each "hello" task. # ensure "hello" task can still be placed with "world" task old_ids = sdk_tasks.get_task_ids(config.SERVICE_NAME, "hello-0") sdk_cmd.svc_cli(config.PACKAGE_NAME, config.SERVICE_NAME, "pod replace hello-0") sdk_tasks.check_tasks_updated(config.SERVICE_NAME, "hello-0", old_ids) sdk_plan.wait_for_completed_recovery(config.SERVICE_NAME) sdk_tasks.check_running( config.SERVICE_NAME, get_num_private_agents() * 2 - 1, timeout_seconds=10 ) sdk_tasks.check_running(config.SERVICE_NAME, get_num_private_agents() * 2) ensure_count_per_agent(hello_count=1, world_count=1)
def configure_package(configure_security): test_jobs = [] try: test_jobs = config.get_all_jobs() # destroy any leftover jobs first, so that they don't touch the newly installed service: for job in test_jobs: sdk_jobs.remove_job(job) sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) sdk_install.install( config.PACKAGE_NAME, config.SERVICE_NAME, config.DEFAULT_TASK_COUNT, additional_options=sdk_networks.ENABLE_VIRTUAL_NETWORKS_OPTIONS) tmp_dir = tempfile.mkdtemp(prefix='cassandra-test') for job in test_jobs: sdk_jobs.install_job(job, tmp_dir=tmp_dir) yield # let the test session execute finally: sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) for job in test_jobs: sdk_jobs.remove_job(job)
def configure_package(configure_security): test_jobs = [] try: test_jobs = config.get_all_jobs(node_address=config.get_foldered_node_address()) # destroy/reinstall any prior leftover jobs, so that they don't touch the newly installed service: for job in test_jobs: sdk_jobs.install_job(job) sdk_install.uninstall(config.PACKAGE_NAME, config.get_foldered_service_name()) # user=root because Azure CLI needs to run in root... # We don't run the Azure tests in strict however, so don't set it then. if os.environ.get("SECURITY") == "strict": additional_options={"service": { "name": config.get_foldered_service_name() } } else: additional_options={"service": { "name": config.get_foldered_service_name(), "user": "******" } } sdk_install.install( config.PACKAGE_NAME, config.get_foldered_service_name(), config.DEFAULT_TASK_COUNT, additional_options=additional_options) yield # let the test session execute finally: sdk_install.uninstall(config.PACKAGE_NAME, config.get_foldered_service_name()) # remove job definitions from metronome for job in test_jobs: sdk_jobs.remove_job(job)
def cassandra_service(service_account: Dict[str, Any]) -> Iterator[Dict[str, Any]]: """ A pytest fixture that installs the cassandra service. On teardown, the service is uninstalled. """ options = { "service": { "name": config.SERVICE_NAME, # Note that since we wish to toggle TLS which *REQUIRES* a service account, # we need to install Cassandra with a service account to start with. "service_account": service_account["name"], "service_account_secret": service_account["secret"], } } sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) try: sdk_install.install( config.PACKAGE_NAME, config.SERVICE_NAME, config.DEFAULT_TASK_COUNT, additional_options=options, wait_for_deployment=True, ) yield {**options, **{"package_name": config.PACKAGE_NAME}} finally: sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def test_secrets_basic(): # 1) create Secrets # 2) install examples/secrets.yml # 3) if secret file is not created, tasks will fail # 4) wait till deployment finishes # 5) do replace operation # 6) ensure all tasks are running # 7) delete Secrets sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) create_secrets("{}/".format(config.SERVICE_NAME)) sdk_install.install(config.PACKAGE_NAME, config.SERVICE_NAME, NUM_HELLO + NUM_WORLD, additional_options=secret_options) hello_tasks_0 = sdk_tasks.get_task_ids(config.SERVICE_NAME, "hello-0-server") world_tasks_0 = sdk_tasks.get_task_ids(config.SERVICE_NAME, "word-0-server") # ensure that secrets work after replace sdk_cmd.svc_cli(config.PACKAGE_NAME, config.SERVICE_NAME, 'pod replace hello-0') sdk_cmd.svc_cli(config.PACKAGE_NAME, config.SERVICE_NAME, 'pod replace world-0') sdk_tasks.check_tasks_updated(config.SERVICE_NAME, "hello-0-server", hello_tasks_0) sdk_tasks.check_tasks_updated(config.SERVICE_NAME, 'world-0-server', world_tasks_0) # tasks will fail if secret files are not created by mesos module sdk_tasks.check_running(config.SERVICE_NAME, NUM_HELLO + NUM_WORLD) # clean up and delete secrets delete_secrets("{}/".format(config.SERVICE_NAME))
def update_or_upgrade_or_downgrade( package_name: str, service_name: str, to_version: Optional[str], to_options: Dict[str, Any], expected_running_tasks: int, wait_for_deployment: bool = True, timeout_seconds: int = TIMEOUT_SECONDS, ) -> bool: initial_config = get_config(package_name, service_name) task_ids = sdk_tasks.get_task_ids(service_name, "") if (to_version and not is_cli_supports_service_version_upgrade()) or ( to_options and not is_cli_supports_service_options_update() ): log.info("Using marathon flow to upgrade %s to version [%s]", service_name, to_version) sdk_marathon.destroy_app(service_name) sdk_install.install( package_name, service_name, expected_running_tasks, additional_options=to_options, package_version=to_version, timeout_seconds=timeout_seconds, wait_for_deployment=wait_for_deployment, ) else: _update_service_with_cli(package_name, service_name, to_version, to_options) if wait_for_deployment: _wait_for_deployment(package_name, service_name, initial_config, task_ids, timeout_seconds) return not wait_for_deployment
def dynamic_port_config(): install.install(PACKAGE_NAME, DEFAULT_BROKER_COUNT, service_name=SERVICE_NAME, additional_options=DYNAMIC_PORT_OPTIONS_DICT) yield install.uninstall(SERVICE_NAME, PACKAGE_NAME)
def test_pods_restart_graceful_shutdown(): options = { "world": { "kill_grace_period": 30 } } sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) sdk_install.install(config.PACKAGE_NAME, config.SERVICE_NAME, config.DEFAULT_TASK_COUNT, additional_options=options) world_ids = sdk_tasks.get_task_ids(config.SERVICE_NAME, 'world-0') jsonobj = sdk_cmd.svc_cli(config.PACKAGE_NAME, config.SERVICE_NAME, 'pod restart world-0', json=True) assert len(jsonobj) == 2 assert jsonobj['pod'] == 'world-0' assert len(jsonobj['tasks']) == 1 assert jsonobj['tasks'][0] == 'world-0-server' sdk_tasks.check_tasks_updated(config.SERVICE_NAME, 'world-0', world_ids) config.check_running() # ensure the SIGTERM was sent via the "all clean" message in the world # service's signal trap/handler, BUT not the shell command, indicated # by "echo". stdout = sdk_cmd.run_cli( "task log --completed --lines=1000 {}".format(world_ids[0])) clean_msg = None for s in stdout.split('\n'): if s.find('echo') < 0 and s.find('all clean') >= 0: clean_msg = s assert clean_msg is not None
def hdfs_server(kerberos): """ A pytest fixture that installs a Kerberized HDFS service. On teardown, the service is uninstalled. """ service_options = { "service": { "name": config.SERVICE_NAME, "security": { "kerberos": { "enabled": True, "kdc": {"hostname": kerberos.get_host(), "port": int(kerberos.get_port())}, "realm": kerberos.get_realm(), "keytab_secret": kerberos.get_keytab_path(), } }, }, "hdfs": {"security_auth_to_local": auth.get_principal_to_user_mapping()}, } sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) try: sdk_install.install( config.PACKAGE_NAME, config.SERVICE_NAME, config.DEFAULT_TASK_COUNT, additional_options=service_options, timeout_seconds=30 * 60, ) yield {**service_options, **{"package_name": config.PACKAGE_NAME}} finally: sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def test_install_without_additional_principal_to_user_mapping(kerberos, service_account): try: service_options = { "service": { "name": config.SERVICE_NAME, "service_account": service_account["name"], "service_account_secret": service_account["secret"], "security": { "kerberos": { "enabled": True, "debug": True, "kdc": {"hostname": kerberos.get_host(), "port": int(kerberos.get_port())}, "realm": kerberos.get_realm(), "keytab_secret": kerberos.get_keytab_path(), } }, } } sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) sdk_install.install( config.PACKAGE_NAME, config.SERVICE_NAME, config.DEFAULT_TASK_COUNT, additional_options=service_options, timeout_seconds=30 * 60, ) finally: sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def configure_package(configure_security): try: sdk_install.uninstall(config.PACKAGE_NAME, foldered_name) if sdk_utils.dcos_version_less_than("1.9"): # HDFS upgrade in 1.8 is not supported. sdk_install.install( config.PACKAGE_NAME, foldered_name, config.DEFAULT_TASK_COUNT, additional_options={"service": {"name": foldered_name}}, timeout_seconds=30 * 60, ) else: sdk_upgrade.test_upgrade( config.PACKAGE_NAME, foldered_name, config.DEFAULT_TASK_COUNT, from_options={"service": {"name": foldered_name}}, timeout_seconds=30 * 60, ) yield # let the test session execute finally: sdk_install.uninstall(config.PACKAGE_NAME, foldered_name)
def hdfs_service_tls(service_account): try: sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) sdk_install.install( config.PACKAGE_NAME, service_name=config.SERVICE_NAME, expected_running_tasks=config.DEFAULT_TASK_COUNT, additional_options={ "service": { "service_account": service_account["name"], "service_account_secret": service_account["secret"], "security": { "transport_encryption": { "enabled": True } } } }, timeout_seconds=30 * 60) sdk_plan.wait_for_completed_deployment(config.SERVICE_NAME) yield service_account finally: sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def cassandra_service_tls(service_account): sdk_install.uninstall(package_name=config.PACKAGE_NAME, service_name=config.SERVICE_NAME) sdk_install.install( config.PACKAGE_NAME, config.SERVICE_NAME, config.DEFAULT_TASK_COUNT, additional_options={ "service": { "service_account": service_account["name"], "service_account_secret": service_account["secret"], "security": { "transport_encryption": { "enabled": True } } } } ) sdk_plan.wait_for_completed_deployment(config.SERVICE_NAME) # Wait for service health check to pass shakedown.service_healthy(config.SERVICE_NAME) yield sdk_install.uninstall(package_name=config.PACKAGE_NAME, service_name=config.SERVICE_NAME)
def test_zones_not_referenced_in_placement_constraints(): foldered_name = sdk_utils.get_foldered_name(config.SERVICE_NAME) sdk_install.uninstall(config.PACKAGE_NAME, foldered_name) sdk_install.install( config.PACKAGE_NAME, foldered_name, config.DEFAULT_BROKER_COUNT, additional_options={ "service": { "name": foldered_name } }) test_utils.broker_count_check( config.DEFAULT_BROKER_COUNT, service_name=foldered_name) broker_ids = sdk_cmd.svc_cli( config.PACKAGE_NAME, foldered_name, 'broker list', json=True) for broker_id in broker_ids: broker_info = sdk_cmd.svc_cli( config.PACKAGE_NAME, foldered_name, 'broker get {}'.format(broker_id), json=True) assert broker_info.get('rack') == None sdk_install.uninstall(config.PACKAGE_NAME, foldered_name)
def zookeeper_server(kerberos): service_kerberos_options = { "service": { "name": config.ZOOKEEPER_SERVICE_NAME, "security": { "kerberos": { "enabled": True, "kdc": { "hostname": kerberos.get_host(), "port": int(kerberos.get_port()) }, "realm": kerberos.get_realm(), "keytab_secret": kerberos.get_keytab_path(), } } } } try: sdk_install.uninstall(config.ZOOKEEPER_PACKAGE_NAME, config.ZOOKEEPER_SERVICE_NAME) sdk_install.install( config.ZOOKEEPER_PACKAGE_NAME, config.ZOOKEEPER_SERVICE_NAME, config.ZOOKEEPER_TASK_COUNT, additional_options=service_kerberos_options, timeout_seconds=30 * 60) yield {**service_kerberos_options, **{"package_name": config.ZOOKEEPER_PACKAGE_NAME}} finally: sdk_install.uninstall(config.ZOOKEEPER_PACKAGE_NAME, config.ZOOKEEPER_SERVICE_NAME)
def test_zones_referenced_in_placement_constraints(): foldered_name = sdk_utils.get_foldered_name(config.SERVICE_NAME) sdk_install.uninstall(config.PACKAGE_NAME, foldered_name) sdk_install.install( config.PACKAGE_NAME, foldered_name, config.DEFAULT_BROKER_COUNT, additional_options={ "service": { "name": foldered_name, "placement_constraint": "[[\"@zone\", \"GROUP_BY\"]]" } }) test_utils.broker_count_check( config.DEFAULT_BROKER_COUNT, service_name=foldered_name) broker_ids = sdk_cmd.svc_cli( config.PACKAGE_NAME, foldered_name, 'broker list', json=True) for broker_id in broker_ids: broker_info = sdk_cmd.svc_cli( config.PACKAGE_NAME, foldered_name, 'broker get {}'.format(broker_id), json=True) assert sdk_fault_domain.is_valid_zone(broker_info.get('rack')) sdk_install.uninstall(config.PACKAGE_NAME, foldered_name)
def setup_constraint_switch(): sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) agents = shakedown.get_private_agents() some_agent = agents[0] other_agent = agents[1] log.info('Agents: %s %s', some_agent, other_agent) assert some_agent != other_agent options = _escape_placement_for_1_9({ "service": { "yaml": "marathon_constraint" }, "hello": { "count": 1, # First, we stick the pod to some_agent "placement": "[[\"hostname\", \"LIKE\", \"{}\"]]".format(some_agent) }, "world": { "count": 0 } }) sdk_install.install(config.PACKAGE_NAME, config.SERVICE_NAME, 1, additional_options=options) sdk_tasks.check_running(config.SERVICE_NAME, 1) hello_ids = sdk_tasks.get_task_ids(config.SERVICE_NAME, 'hello') # Now, stick it to other_agent marathon_config = sdk_marathon.get_config(config.SERVICE_NAME) marathon_config['env']['HELLO_PLACEMENT'] = "[[\"hostname\", \"LIKE\", \"{}\"]]".format(other_agent) sdk_marathon.update_app(config.SERVICE_NAME, marathon_config) # Wait for the scheduler to be up and settled before advancing. sdk_plan.wait_for_completed_deployment(config.SERVICE_NAME) return some_agent, other_agent, hello_ids
def test_secrets_dcos_space(): # 1) create secrets in hello-world/somePath, i.e. hello-world/somePath/secret1 ... # 2) Tasks with DCOS_SPACE hello-world/somePath # or some DCOS_SPACE path under hello-world/somePath # (for example hello-world/somePath/anotherPath/) # can access these Secrets sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) # cannot access these secrets because of DCOS_SPACE authorization create_secrets("{}/somePath/".format(config.SERVICE_NAME)) try: sdk_install.install( config.PACKAGE_NAME, config.SERVICE_NAME, NUM_HELLO + NUM_WORLD, additional_options=options_dcos_space_test, timeout_seconds=5 * 60) # Wait for 5 minutes. We don't need to wait 15 minutes for hello-world to fail an install assert False, "Should have failed to install" except AssertionError as arg: raise arg except: pass # expected to fail # clean up and delete secrets delete_secrets("{}/somePath/".format(config.SERVICE_NAME))
def elastic_service_tls(service_account): try: sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) sdk_install.install( config.PACKAGE_NAME, service_name=config.SERVICE_NAME, expected_running_tasks=config.DEFAULT_TASK_COUNT, additional_options={ "service": { "service_account": service_account["name"], "service_account_secret": service_account["secret"], "security": { "transport_encryption": { "enabled": True } } }, "elasticsearch": { "xpack_enabled": True, } }) yield finally: sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def configure_package(configure_security: None) -> Iterator[None]: test_jobs: List[Dict[str, Any]] = [] try: test_jobs = config.get_all_jobs(auth=True) # destroy/reinstall any prior leftover jobs, so that they don't touch the newly installed service: for job in test_jobs: sdk_jobs.install_job(job) create_secret( secret_value=config.SECRET_VALUE, secret_path=config.PACKAGE_NAME + '/' + config.SECRET_VALUE ) service_options = { "service": { "name": config.SERVICE_NAME, "security": {"authentication": {"enabled": True}, "authorization": {"enabled": True}}, } } sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) sdk_install.install( config.PACKAGE_NAME, config.SERVICE_NAME, config.DEFAULT_TASK_COUNT, additional_options=service_options, ) yield # let the test session execute finally: sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) delete_secret(secret=config.PACKAGE_NAME + '/' + config.SECRET_VALUE) # remove job definitions from metronome for job in test_jobs: sdk_jobs.remove_job(job)
def configure_package(configure_security): try: sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) sdk_install.install(config.PACKAGE_NAME, config.SERVICE_NAME, config.DEFAULT_TASK_COUNT) yield # let the test session execute finally: sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def test_launch_task_with_multiple_ports(): sdk_install.install( config.PACKAGE_NAME, config.SERVICE_NAME, 0, additional_options={"service": {"yaml": "multiport"}}, ) assert sdk_tasks.get_summary(with_completed=True, task_name="multiport-0-server"), "Unable to find matching completed task"
def test_static_port_comes_online(): sdk_install.install( config.PACKAGE_NAME, config.SERVICE_NAME, config.DEFAULT_BROKER_COUNT, additional_options=STATIC_PORT_OPTIONS_DICT) sdk_tasks.check_running(config.SERVICE_NAME, config.DEFAULT_BROKER_COUNT)
def upgrade_or_downgrade(package_name, running_task_count): task_ids = tasks.get_task_ids(package_name, '') marathon.destroy_app(package_name) install.install(package_name, running_task_count) print('Waiting for upgrade / downgrade deployment to complete') spin.time_wait_noisy(lambda: ( plan.get_deployment_plan(package_name).json()['status'] == 'COMPLETE')) print('Checking that all tasks have restarted') tasks.check_tasks_updated(package_name, '', task_ids)
def setup_module(module): install.uninstall(SERVICE_NAME, PACKAGE_NAME) utils.gc_frameworks() options = { "service": { "name": SERVICE_NAME } } install.install(PACKAGE_NAME, DEFAULT_TASK_COUNT, SERVICE_NAME, additional_options=options)
def configure_package(configure_security): try: sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) options = {"service": {"yaml": "host-volume"}} sdk_install.install(config.PACKAGE_NAME, config.SERVICE_NAME, 2, additional_options=options) yield # let the test session execute finally: sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def hdfs_with_kerberos(configure_security_hdfs): try: # To do: remove the following as soon as HDFS with kerberos is released log.warning( 'Temporarily using HDFS stub universe until kerberos is released') sdk_cmd.run_cli('package repo add --index=0 {} {}'.format( 'hdfs-aws', 'https://universe-converter.mesosphere.com/transform?url=https://infinity-artifacts.s3.amazonaws.com/permanent/beta-hdfs/20171122-112028-Vl2QaSERix2q6Dhk/stub-universe-beta-hdfs.json' )) primaries = ["hdfs", "HTTP"] fqdn = "{service_name}.{host_suffix}".format( service_name=HDFS_SERVICE_NAME, host_suffix=sdk_hosts.AUTOIP_HOST_SUFFIX) instances = [ "name-0-node", "name-0-zkfc", "name-1-node", "name-1-zkfc", "journal-0-node", "journal-1-node", "journal-2-node", "data-0-node", "data-1-node", "data-2-node", ] principals = [] for (instance, primary) in itertools.product(instances, primaries): principals.append("{primary}/{instance}.{fqdn}@{REALM}".format( primary=primary, instance=instance, fqdn=fqdn, REALM=sdk_auth.REALM)) principals.append(GENERIC_HDFS_USER_PRINCIPAL) kerberos_env = sdk_auth.KerberosEnvironment() kerberos_env.add_principals(principals) kerberos_env.finalize() service_kerberos_options = { "service": { "kerberos": { "enabled": True, "kdc_host_name": kerberos_env.get_host(), "kdc_host_port": kerberos_env.get_port(), "keytab_secret": kerberos_env.get_keytab_path(), "primary": primaries[0], "primary_http": primaries[1], "realm": sdk_auth.REALM } } } sdk_install.uninstall(HDFS_PACKAGE_NAME, HDFS_SERVICE_NAME) sdk_install.install(HDFS_PACKAGE_NAME, HDFS_SERVICE_NAME, DEFAULT_HDFS_TASK_COUNT, additional_options=service_kerberos_options, timeout_seconds=30 * 60) yield kerberos_env finally: sdk_install.uninstall(HDFS_PACKAGE_NAME, HDFS_SERVICE_NAME) sdk_cmd.run_cli('package repo remove hdfs-aws') if kerberos_env: kerberos_env.cleanup()
def succeed_placement(options): """ This assumes that the DC/OS cluster is reporting that all agents are in a single zone. """ sdk_install.install(config.PACKAGE_NAME, config.SERVICE_NAME, 0, additional_options=options) sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def setup_module(module): install.uninstall(PACKAGE_NAME) utils.gc_frameworks() install.install(PACKAGE_NAME, DEFAULT_TASK_COUNT, additional_options=OVERLAY_OPTIONS)
def setup_module(module): install.uninstall(PACKAGE_NAME) sdk_utils.gc_frameworks() install.install(PACKAGE_NAME, DEFAULT_TASK_COUNT)
def setup_module(module): install.uninstall(PACKAGE_NAME) sdk_utils.gc_frameworks() # check_suppression=False due to https://jira.mesosphere.com/browse/CASSANDRA-568 install.install(PACKAGE_NAME, DEFAULT_TASK_COUNT, check_suppression=False)
def static_port_config(): install.install(PACKAGE_NAME, DEFAULT_BROKER_COUNT, service_name=SERVICE_NAME, additional_options=STATIC_PORT_OPTIONS_DICT)
def test_upgrade( package_name, service_name, expected_running_tasks, additional_options={}, test_version_additional_options=None, timeout_seconds=TIMEOUT_SECONDS, wait_for_deployment=True, ): # allow providing different options dicts to the universe version vs the test version: if test_version_additional_options is None: test_version_additional_options = additional_options sdk_install.uninstall(package_name, service_name) test_version = _get_pkg_version(package_name) log.info("Found test version: {}".format(test_version)) universe_url = _get_universe_url() universe_version = None try: # Move the Universe repo to the top of the repo list so that we can first install the release version. sdk_repository.remove_repo("Universe") assert sdk_repository.add_repo("Universe", universe_url, 0) log.info( "Waiting for Universe release version of {} to appear: version != {}" .format(package_name, test_version)) universe_version = _wait_for_new_package_version( package_name, test_version) log.info("Installing Universe version: {}={}".format( package_name, universe_version)) sdk_install.install( package_name, service_name, expected_running_tasks, package_version=universe_version, additional_options=additional_options, timeout_seconds=timeout_seconds, wait_for_deployment=wait_for_deployment, ) finally: if universe_version: # Return the Universe repo back to the bottom of the repo list so that we can upgrade to the build version. sdk_repository.remove_repo("Universe") assert sdk_repository.add_repo("Universe", universe_url) log.info( "Waiting for test build version of {} to appear: version != {}" .format(package_name, universe_version)) _wait_for_new_package_version(package_name, universe_version) log.info("Upgrading {}: {} => {}".format(package_name, universe_version, test_version)) update_or_upgrade_or_downgrade( package_name, service_name, test_version, test_version_additional_options, expected_running_tasks, wait_for_deployment, timeout_seconds, )
def setup_module(module): install.uninstall(PACKAGE_NAME) install.install(PACKAGE_NAME)
def test_upgrade_from_xpack_enabled_to_xpack_security_enabled(): # Since this test uninstalls the Elastic service that is shared between all previous tests, # reset the number of expected tasks to the default value. This is checked before all tests # by the `pre_test_setup` fixture. global current_expected_task_count current_expected_task_count = config.DEFAULT_TASK_COUNT # This test needs to run some code in between the Universe version installation and the stub Universe # upgrade, so it cannot use `sdk_upgrade.test_upgrade`. log.info("Updating from X-Pack 'enabled' to X-Pack security 'enabled'") http_user = config.DEFAULT_ELASTICSEARCH_USER http_password = config.DEFAULT_ELASTICSEARCH_PASSWORD package_name = config.PACKAGE_NAME sdk_install.uninstall(package_name, foldered_name) # Move Universe repo to the top of the repo list so that we can first install the Universe # version. _, universe_version = sdk_repository.move_universe_repo(package_name, universe_repo_index=0) sdk_install.install( package_name, foldered_name, expected_running_tasks=current_expected_task_count, additional_options={"elasticsearch": {"xpack_enabled": True}}, package_version=universe_version, ) document_es_5_id = 1 document_es_5_fields = {"name": "Elasticsearch 5: X-Pack enabled", "role": "search engine"} config.create_document( config.DEFAULT_INDEX_NAME, config.DEFAULT_INDEX_TYPE, document_es_5_id, document_es_5_fields, service_name=foldered_name, http_user=http_user, http_password=http_password, ) # This is the first crucial step when upgrading from "X-Pack enabled" on ES5 to "X-Pack security # enabled" on ES6. The default "changeme" password doesn't work anymore on ES6, so passwords # *must* be *explicitly* set, otherwise nodes won't authenticate requests, leaving the cluster # unavailable. Users will have to do this manually when upgrading. config._curl_query( foldered_name, "POST", "_xpack/security/user/{}/_password".format(http_user), json_body={"password": http_password}, http_user=http_user, http_password=http_password, ) # Move Universe repo back to the bottom of the repo list so that we can upgrade to the version # under test. _, test_version = sdk_repository.move_universe_repo(package_name) # First we upgrade to "X-Pack security enabled" set to false on ES6, so that we can use the # X-Pack migration assistance and upgrade APIs. sdk_upgrade.update_or_upgrade_or_downgrade( package_name, foldered_name, test_version, { "service": {"update_strategy": "parallel"}, "elasticsearch": {"xpack_security_enabled": False}, }, current_expected_task_count, ) # Get list of indices to upgrade from here. The response looks something like: # { # "indices" : { # ".security" : { # "action_required" : "upgrade" # }, # ".watches" : { # "action_required" : "upgrade" # } # } # } response = config._curl_query(foldered_name, "GET", "_xpack/migration/assistance?pretty") # This is the second crucial step when upgrading from "X-Pack enabled" on ES5 to "X-Pack # security enabled" on ES6. The ".security" index (along with any others returned by the # "assistance" API) needs to be upgraded. for index in response["indices"]: config._curl_query( foldered_name, "POST", "_xpack/migration/upgrade/{}?pretty".format(index), http_user=http_user, http_password=http_password, ) document_es_6_security_disabled_id = 2 document_es_6_security_disabled_fields = { "name": "Elasticsearch 6: X-Pack security disabled", "role": "search engine", } config.create_document( config.DEFAULT_INDEX_NAME, config.DEFAULT_INDEX_TYPE, document_es_6_security_disabled_id, document_es_6_security_disabled_fields, service_name=foldered_name, http_user=http_user, http_password=http_password, ) # After upgrading the indices, we're now safe to enable X-Pack security. sdk_service.update_configuration( package_name, foldered_name, {"elasticsearch": {"xpack_security_enabled": True}}, current_expected_task_count, ) document_es_6_security_enabled_id = 3 document_es_6_security_enabled_fields = { "name": "Elasticsearch 6: X-Pack security enabled", "role": "search engine", } config.create_document( config.DEFAULT_INDEX_NAME, config.DEFAULT_INDEX_TYPE, document_es_6_security_enabled_id, document_es_6_security_enabled_fields, service_name=foldered_name, http_user=http_user, http_password=http_password, ) # Make sure that documents were created and are accessible. config.verify_document( foldered_name, document_es_5_id, document_es_5_fields, http_user=http_user, http_password=http_password, ) config.verify_document( foldered_name, document_es_6_security_disabled_id, document_es_6_security_disabled_fields, http_user=http_user, http_password=http_password, ) config.verify_document( foldered_name, document_es_6_security_enabled_id, document_es_6_security_enabled_fields, http_user=http_user, http_password=http_password, )
def test_security_toggle_with_kibana(default_populated_index): # Verify that commercial APIs are disabled by default in Elasticsearch. config.verify_commercial_api_status(False, service_name=foldered_name) # Write some data with security disabled, enabled security, and afterwards verify that we can # still read what we wrote. document_security_disabled_id = 1 document_security_disabled_fields = {"name": "Elasticsearch", "role": "search engine"} config.create_document( config.DEFAULT_INDEX_NAME, config.DEFAULT_INDEX_TYPE, document_security_disabled_id, document_security_disabled_fields, service_name=foldered_name, ) # Verify that basic license is enabled by default. config.verify_xpack_license("basic", service_name=foldered_name) # Install Kibana. elasticsearch_url = "http://" + sdk_hosts.vip_host(foldered_name, "coordinator", 9200) sdk_install.install( config.KIBANA_PACKAGE_NAME, config.KIBANA_PACKAGE_NAME, 0, {"kibana": {"elasticsearch_url": elasticsearch_url}}, timeout_seconds=config.KIBANA_DEFAULT_TIMEOUT, wait_for_deployment=False, insert_strict_options=False, ) # Verify that it works. config.check_kibana_adminrouter_integration("service/{}/".format(config.KIBANA_PACKAGE_NAME)) # Uninstall it. sdk_install.uninstall(config.KIBANA_PACKAGE_NAME, config.KIBANA_PACKAGE_NAME) # Enable Elasticsearch security. sdk_service.update_configuration( config.PACKAGE_NAME, foldered_name, { "elasticsearch": {"xpack_security_enabled": True}, "service": {"update_strategy": "parallel"}, }, current_expected_task_count, ) # This should still be disabled. config.verify_commercial_api_status(False, service_name=foldered_name) # Start trial license. config.start_trial_license(service_name=foldered_name) # Set up passwords. Basic HTTP credentials will have to be used in HTTP requests to # Elasticsearch from now on. passwords = config.setup_passwords(foldered_name) # Verify trial license is working. config.verify_xpack_license( "trial", service_name=foldered_name, http_user=config.DEFAULT_ELASTICSEARCH_USER, http_password=passwords["elastic"], ) config.verify_commercial_api_status( True, service_name=foldered_name, http_user=config.DEFAULT_ELASTICSEARCH_USER, http_password=passwords["elastic"], ) # Write some data with security enabled, disable security, and afterwards verify that we can # still read what we wrote. document_security_enabled_id = 2 document_security_enabled_fields = {"name": "X-Pack", "role": "commercial plugin"} config.create_document( config.DEFAULT_INDEX_NAME, config.DEFAULT_INDEX_TYPE, document_security_enabled_id, document_security_enabled_fields, service_name=foldered_name, http_user=config.DEFAULT_ELASTICSEARCH_USER, http_password=passwords["elastic"], ) # Install Kibana with security enabled. sdk_install.install( config.KIBANA_PACKAGE_NAME, config.KIBANA_PACKAGE_NAME, 0, { "kibana": { "elasticsearch_url": elasticsearch_url, "elasticsearch_xpack_security_enabled": True, "user": config.DEFAULT_KIBANA_USER, "password": passwords["kibana"], } }, timeout_seconds=config.KIBANA_DEFAULT_TIMEOUT, wait_for_deployment=False, insert_strict_options=False, ) # Verify that it works. Notice that with security enabled, one has to access # /service/kibana/login instead of /service/kibana. config.check_kibana_adminrouter_integration( "service/{}/login".format(config.KIBANA_PACKAGE_NAME) ) # Uninstall it. sdk_install.uninstall(config.KIBANA_PACKAGE_NAME, config.KIBANA_PACKAGE_NAME) # Disable Elastic security. sdk_service.update_configuration( config.PACKAGE_NAME, foldered_name, { "elasticsearch": {"xpack_security_enabled": False}, "service": {"update_strategy": "parallel"}, }, current_expected_task_count, ) # Verify we can read what was written before toggling security, without basic HTTP credentials. document_security_disabled = config.get_document( config.DEFAULT_INDEX_NAME, config.DEFAULT_INDEX_TYPE, document_security_disabled_id, service_name=foldered_name, ) assert ( document_security_disabled["_source"]["name"] == document_security_disabled_fields["name"] ) # Verify we can read what was written when security was enabled, without basic HTTP credentials. document_security_enabled = config.get_document( config.DEFAULT_INDEX_NAME, config.DEFAULT_INDEX_TYPE, document_security_enabled_id, service_name=foldered_name, ) assert document_security_enabled["_source"]["name"] == document_security_enabled_fields["name"] # Set update_strategy back to serial. sdk_service.update_configuration( config.PACKAGE_NAME, foldered_name, {"service": {"update_strategy": "serial"}}, current_expected_task_count, )
def test_marathon_volume_collission(): # This test validates that a service registered in a sub-role of # slave_public will _not_ unreserve Marathon volumes RESERVED # in the `slave_public` role. # Uninstall HW first sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) # Install the marathon app marathon_app_name = "persistent-test" persistent_app = { "id": marathon_app_name, "mem": 128, "user": "******", "cmd": "echo 'this is a test' > persistent-volume/test && sleep 10000", "container": { "type": "MESOS", "volumes": [{ "persistent": { "type": "root", "size": 500, "constraints": [] }, "mode": "RW", "containerPath": "persistent-volume" }] } } try: sdk_marathon.install_app(persistent_app) # Get its persistent Volume host = sdk_marathon.get_scheduler_host(marathon_app_name) ok, pv_name = shakedown.run_command_on_agent( host, "ls /var/lib/mesos/slave/volumes/roles/slave_public") assert ok pv_name = pv_name.strip() @retrying.retry(wait_fixed=1000, stop_max_delay=60 * 1000) def check_content(): ok, pv_content = shakedown.run_command_on_agent( host, "cat /var/lib/mesos/slave/volumes/roles/slave_public/{}/test". format(pv_name)) assert pv_content.strip() == "this is a test" check_content() # Scale down the Marathon app app_config = sdk_marathon.get_config(marathon_app_name) app_config['instances'] = 0 sdk_marathon.update_app(marathon_app_name, app_config) # Install Hello World sdk_install.install(config.PACKAGE_NAME, config.SERVICE_NAME, config.DEFAULT_TASK_COUNT, additional_options=pre_reserved_options) # Make sure the persistent volume is still there check_content() # Uninstall Hello World sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) # Make sure the persistent volume is still there check_content() # Scale back up the marathon app app_config = sdk_marathon.get_config(marathon_app_name) app_config['instances'] = 1 sdk_marathon.update_app(marathon_app_name, app_config) # Make sure the persistent volume is still there check_content() finally: # Reinstall hello world sdk_install.install(config.PACKAGE_NAME, config.SERVICE_NAME, config.DEFAULT_TASK_COUNT, additional_options=pre_reserved_options) sdk_marathon.destroy_app(marathon_app_name)
def test_secrets_update(): # 1) create Secrets # 2) install examples/secrets.yml # 3) update Secrets # 4) restart task # 5) verify Secrets content (updated after restart) # 6) delete Secrets sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) create_secrets("{}/".format(config.SERVICE_NAME)) sdk_install.install(config.PACKAGE_NAME, config.SERVICE_NAME, NUM_HELLO + NUM_WORLD, additional_options=secret_options) # tasks will fail if secret file is not created sdk_tasks.check_running(config.SERVICE_NAME, NUM_HELLO + NUM_WORLD) sdk_cmd.run_cli("security secrets update --value={} {}/secret1".format( secret_content_alternative, config.SERVICE_NAME)) sdk_cmd.run_cli("security secrets update --value={} {}/secret2".format( secret_content_alternative, config.SERVICE_NAME)) sdk_cmd.run_cli("security secrets update --value={} {}/secret3".format( secret_content_alternative, config.SERVICE_NAME)) # Verify with hello-0 and world-0, just check with one of the pods hello_tasks_old = sdk_tasks.get_task_ids(config.SERVICE_NAME, "hello-0") world_tasks_old = sdk_tasks.get_task_ids(config.SERVICE_NAME, "world-0") # restart pods to retrieve new secret's content sdk_cmd.svc_cli(config.PACKAGE_NAME, config.SERVICE_NAME, 'pod restart hello-0') sdk_cmd.svc_cli(config.PACKAGE_NAME, config.SERVICE_NAME, 'pod restart world-0') # wait pod restart to complete sdk_tasks.check_tasks_updated(config.SERVICE_NAME, "hello-0", hello_tasks_old) sdk_tasks.check_tasks_updated(config.SERVICE_NAME, 'world-0', world_tasks_old) # wait till it is running sdk_tasks.check_running(config.SERVICE_NAME, NUM_HELLO + NUM_WORLD) # make sure content is changed assert secret_content_alternative == read_secret( "world-0", "bash -c 'echo $WORLD_SECRET1_ENV'") assert secret_content_alternative == read_secret("world-0", "cat WORLD_SECRET2_FILE") assert secret_content_alternative == read_secret( "world-0", "cat {}/secret3".format(config.SERVICE_NAME)) # make sure content is changed assert secret_content_alternative == read_secret( "hello-0", "bash -c 'echo $HELLO_SECRET1_ENV'") assert secret_content_alternative == read_secret("hello-0", "cat HELLO_SECRET1_FILE") assert secret_content_alternative == read_secret("hello-0", "cat HELLO_SECRET2_FILE") # clean up and delete secrets delete_secrets("{}/".format(config.SERVICE_NAME))
def test_backup_and_restore_to_s3_compatible_storage() -> None: try: sdk_install.install( "minio", "minio", expected_running_tasks=0, package_version="0.0.13-RELEASE.2018-10-06T00-15-16Z", wait_for_deployment=False, ) temp_key_id = os.getenv("AWS_ACCESS_KEY_ID") if not temp_key_id: assert ( False ), 'AWS credentials are required for this test. Disable test with e.g. TEST_TYPES="sanity and not aws"' temp_secret_access_key = os.getenv("AWS_SECRET_ACCESS_KEY") options = "" if sdk_utils.is_strict_mode(): sdk_security.create_service_account( service_account_name="marathon-lb-sa", service_account_secret="marathon-lb/service-account-secret", ) sdk_cmd.run_cli( "security org users grant marathon-lb-sa dcos:service:marathon:marathon:services:/ read" ) sdk_cmd.run_cli( 'security org users grant marathon-lb-sa dcos:service:marathon:marathon:admin:events read --description "Allows access to Marathon events"' ) options = { "marathon-lb": { "secret_name": "marathon-lb/service-account-secret", "marathon-uri": "https://marathon.mesos:8443", } } sdk_install.install( "marathon-lb", "marathon-lb", expected_running_tasks=0, additional_options=options, package_version="1.14.0", wait_for_deployment=False, ) host = sdk_marathon.get_scheduler_host("marathon-lb") _, public_node_ip, _ = sdk_cmd.agent_ssh(host, "curl -s ifconfig.co") minio_endpoint_url = "http://" + public_node_ip + ":9000" os.environ["AWS_ACCESS_KEY_ID"] = config.MINIO_AWS_ACCESS_KEY_ID os.environ["AWS_SECRET_ACCESS_KEY"] = config.MINIO_AWS_SECRET_ACCESS_KEY subprocess.run( [ "aws", "s3", "mb", "s3://" + config.MINIO_BUCKET_NAME, "--endpoint", minio_endpoint_url, ] ) plan_parameters = { "AWS_ACCESS_KEY_ID": os.getenv("AWS_ACCESS_KEY_ID"), "AWS_SECRET_ACCESS_KEY": os.getenv("AWS_SECRET_ACCESS_KEY"), "AWS_REGION": os.getenv("AWS_REGION", "us-west-2"), "S3_BUCKET_NAME": config.MINIO_BUCKET_NAME, "SNAPSHOT_NAME": str(uuid.uuid1()), "CASSANDRA_KEYSPACES": '"testspace1 testspace2"', "S3_ENDPOINT_URL": minio_endpoint_url, } config.run_backup_and_restore( config.get_foldered_service_name(), "backup-s3", "restore-s3", plan_parameters, config.get_foldered_node_address(), ) finally: sdk_install.uninstall("minio", "minio") sdk_install.uninstall("marathon-lb", "marathon-lb") os.environ["AWS_ACCESS_KEY_ID"] = temp_key_id os.environ["AWS_SECRET_ACCESS_KEY"] = temp_secret_access_key
def install_jmx_configured_cassandra(self_signed_trust_store: bool = True, authentication: bool = True): foldered_name = config.get_foldered_service_name() test_jobs: List[Dict[str, Any]] = [] if authentication: test_jobs = config.get_all_jobs( node_address=config.get_foldered_node_address(), auth=True) else: test_jobs = config.get_all_jobs( node_address=config.get_foldered_node_address()) # destroy/reinstall any prior leftover jobs, so that they don't touch the newly installed service: for job in test_jobs: sdk_jobs.install_job(job) sdk_install.uninstall(config.PACKAGE_NAME, foldered_name) install_jmx_secrets() service_options = { "service": { "name": foldered_name, "jmx": { "enabled": True, "rmi_port": 31198, "password_file": PASSWORD_FILE, "access_file": ACCESS_FILE, "key_store": KEY_STORE, "key_store_password_file": KEY_STORE_PASS, }, } } if self_signed_trust_store: service_options = sdk_utils.merge_dictionaries( { "service": { "jmx": { "add_trust_store": True, "trust_store": TRUST_STORE, "trust_store_password_file": TRUST_STORE_PASS, } } }, service_options, ) if authentication: secret_path = foldered_name + "/" + config.SECRET_VALUE create_secret(secret_value=config.SECRET_VALUE, secret_path=secret_path) service_options = sdk_utils.merge_dictionaries( { "service": { "security": { "authentication": { "enabled": True, "superuser": { "password_secret_path": secret_path }, }, "authorization": { "enabled": True }, } } }, service_options, ) sdk_install.install( config.PACKAGE_NAME, foldered_name, config.DEFAULT_TASK_COUNT, additional_options=service_options, )
def test_xpack_toggle_with_kibana(default_populated_index): log.info("\n***** Verify X-Pack disabled by default in elasticsearch") config.verify_commercial_api_status(False, service_name=foldered_name) log.info("\n***** Test kibana with X-Pack disabled...") elasticsearch_url = "http://" + sdk_hosts.vip_host(foldered_name, "coordinator", 9200) # It can take several minutes for kibana's health check to start passing once it's running. # Therefore we use a 30m timeout instead of the 15m default. sdk_install.install( config.KIBANA_PACKAGE_NAME, config.KIBANA_PACKAGE_NAME, 0, {"kibana": { "elasticsearch_url": elasticsearch_url }}, timeout_seconds=config.KIBANA_DEFAULT_TIMEOUT, wait_for_deployment=False, insert_strict_options=False, ) config.check_kibana_adminrouter_integration("service/{}/".format( config.KIBANA_PACKAGE_NAME)) log.info("Uninstall kibana with X-Pack disabled") sdk_install.uninstall(config.KIBANA_PACKAGE_NAME, config.KIBANA_PACKAGE_NAME) log.info( "\n***** Set/verify X-Pack enabled in elasticsearch. Requires parallel upgrade strategy for full restart." ) config.set_xpack(True, service_name=foldered_name) config.check_elasticsearch_plugin_installed(config.XPACK_PLUGIN_NAME, service_name=foldered_name) config.verify_commercial_api_status(True, service_name=foldered_name) config.verify_xpack_license(service_name=foldered_name) log.info( "\n***** Write some data while enabled, disable X-Pack, and verify we can still read what we wrote." ) config.create_document( config.DEFAULT_INDEX_NAME, config.DEFAULT_INDEX_TYPE, 2, { "name": "X-Pack", "role": "commercial plugin" }, service_name=foldered_name, ) log.info("\n***** Test kibana with X-Pack enabled...") log.info( "\n***** Installing Kibana w/X-Pack can exceed default 15 minutes for Marathon " "deployment to complete due to a configured HTTP health check. (typical: 12 minutes)" ) sdk_install.install( config.KIBANA_PACKAGE_NAME, config.KIBANA_PACKAGE_NAME, 0, { "kibana": { "elasticsearch_url": elasticsearch_url, "xpack_enabled": True } }, timeout_seconds=config.KIBANA_DEFAULT_TIMEOUT, wait_for_deployment=False, insert_strict_options=False, ) config.check_kibana_plugin_installed( config.XPACK_PLUGIN_NAME, service_name=config.KIBANA_PACKAGE_NAME) config.check_kibana_adminrouter_integration("service/{}/login".format( config.KIBANA_PACKAGE_NAME)) log.info("\n***** Uninstall kibana with X-Pack enabled") sdk_install.uninstall(config.KIBANA_PACKAGE_NAME, config.KIBANA_PACKAGE_NAME) log.info("\n***** Disable X-Pack in elasticsearch.") config.set_xpack(False, service_name=foldered_name) log.info( "\n***** Verify we can still read what we wrote when X-Pack was enabled." ) config.verify_commercial_api_status(False, service_name=foldered_name) doc = config.get_document(config.DEFAULT_INDEX_NAME, config.DEFAULT_INDEX_TYPE, 2, service_name=foldered_name) assert doc["_source"]["name"] == "X-Pack" # reset upgrade strategy to serial config.update_app(foldered_name, {"UPDATE_STRATEGY": "serial"}, current_expected_task_count) sdk_plan.wait_for_completed_deployment(foldered_name) sdk_plan.wait_for_completed_recovery(foldered_name)
def setup_module(module): install.uninstall(PACKAGE_NAME) options = {"service": {"spec_file": "examples/sidecar.yml"}} # this yml has 2 hello's + 0 world's: install.install(PACKAGE_NAME, 2, additional_options=options)
def zookeeper_server(kerberos): service_options = { "service": { "name": config.ZOOKEEPER_SERVICE_NAME, "security": { "kerberos": { "enabled": True, "kdc": { "hostname": kerberos.get_host(), "port": int(kerberos.get_port()) }, "realm": kerberos.get_realm(), "keytab_secret": kerberos.get_keytab_path(), } }, } } zk_account = "kafka-zookeeper-service-account" zk_secret = "kakfa-zookeeper-secret" if sdk_utils.is_strict_mode(): service_options = sdk_utils.merge_dictionaries( { "service": { "service_account": zk_account, "service_account_secret": zk_secret } }, service_options, ) try: sdk_install.uninstall(config.ZOOKEEPER_PACKAGE_NAME, config.ZOOKEEPER_SERVICE_NAME) service_account_info = sdk_security.setup_security( config.ZOOKEEPER_SERVICE_NAME, linux_user="******", service_account=zk_account, service_account_secret=zk_secret, ) sdk_install.install( config.ZOOKEEPER_PACKAGE_NAME, config.ZOOKEEPER_SERVICE_NAME, config.ZOOKEEPER_TASK_COUNT, additional_options=service_options, timeout_seconds=30 * 60, insert_strict_options=False, ) yield { **service_options, **{ "package_name": config.ZOOKEEPER_PACKAGE_NAME } } finally: sdk_install.uninstall(config.ZOOKEEPER_PACKAGE_NAME, config.ZOOKEEPER_SERVICE_NAME) sdk_security.cleanup_security(config.ZOOKEEPER_SERVICE_NAME, service_account_info)
def setup_module(module): install.uninstall(PACKAGE_NAME) utils.gc_frameworks() options = {"service": {"spec_file": "examples/cni.yml"}} install.install(PACKAGE_NAME, 1, additional_options=options)
def test_secrets_config_update(): # 1) install examples/secrets.yml # 2) create new Secrets, delete old Secrets # 2) update configuration with new Secrets # 4) verify secret content (using new Secrets after config update) install.uninstall(PACKAGE_NAME) create_secrets("{}/".format(PACKAGE_NAME)) install.install(PACKAGE_NAME, NUM_HELLO + NUM_WORLD, additional_options=secret_options) # launch will fail if secrets are not available or not accessible plan.wait_for_completed_deployment(PACKAGE_NAME) # tasks will fail if secret file is not created tasks.check_running(PACKAGE_NAME, NUM_HELLO + NUM_WORLD) # Verify secret content, one from each pod type # get tasks ids - only first pods hello_tasks = tasks.get_task_ids(PACKAGE_NAME, "hello-0") world_tasks = tasks.get_task_ids(PACKAGE_NAME, "world-0") # make sure it has the default value assert secret_content_default == task_exec( world_tasks[0], "bash -c 'echo $WORLD_SECRET1_ENV'") assert secret_content_default == task_exec(world_tasks[0], "cat WORLD_SECRET2_FILE") assert secret_content_default == task_exec( world_tasks[0], "cat {}/secret3".format(PACKAGE_NAME)) # hello tasks has container image assert secret_content_default == task_exec( hello_tasks[0], "bash -c 'echo $HELLO_SECRET1_ENV'") assert secret_content_default == task_exec(hello_tasks[0], "cat HELLO_SECRET1_FILE") assert secret_content_default == task_exec(hello_tasks[0], "cat HELLO_SECRET2_FILE") # clean up and delete secrets (defaults) delete_secrets("{}/".format(PACKAGE_NAME)) # create new secrets with new content -- New Value create_secrets(secret_content_arg=secret_content_alternative) config = marathon.get_config(PACKAGE_NAME) config['env']['HELLO_SECRET1'] = 'secret1' config['env']['HELLO_SECRET2'] = 'secret2' config['env']['WORLD_SECRET1'] = 'secret1' config['env']['WORLD_SECRET2'] = 'secret2' config['env']['WORLD_SECRET3'] = 'secret3' # config update marathon.update_app(PACKAGE_NAME, config) # wait till plan is complete - pods are supposed to restart plan.wait_for_completed_deployment(PACKAGE_NAME) # all tasks are running tasks.check_running(PACKAGE_NAME, NUM_HELLO + NUM_WORLD) # Verify secret content is changed # get task ids - only first pod hello_tasks = tasks.get_task_ids(PACKAGE_NAME, "hello-0") world_tasks = tasks.get_task_ids(PACKAGE_NAME, "world-0") assert secret_content_alternative == task_exec( world_tasks[0], "bash -c 'echo $WORLD_SECRET1_ENV'") assert secret_content_alternative == task_exec(world_tasks[0], "cat WORLD_SECRET2_FILE") assert secret_content_alternative == task_exec(world_tasks[0], "cat secret3") assert secret_content_alternative == task_exec( hello_tasks[0], "bash -c 'echo $HELLO_SECRET1_ENV'") assert secret_content_alternative == task_exec(hello_tasks[0], "cat HELLO_SECRET1_FILE") assert secret_content_alternative == task_exec(hello_tasks[0], "cat HELLO_SECRET2_FILE") # clean up and delete secrets delete_secrets()
def test_secrets_update(): # 1) create Secrets # 2) install examples/secrets.yml # 3) update Secrets # 4) restart task # 5) verify Secrets content (updated after restart) # 6) delete Secrets install.uninstall(PACKAGE_NAME) create_secrets("{}/".format(PACKAGE_NAME)) install.install(PACKAGE_NAME, NUM_HELLO + NUM_WORLD, additional_options=secret_options) # launch will fail if secrets are not available or not accessible plan.wait_for_completed_deployment(PACKAGE_NAME) # tasks will fail if secret file is not created tasks.check_running(PACKAGE_NAME, NUM_HELLO + NUM_WORLD) cmd.run_cli("security secrets update --value={} {}/secret1".format( secret_content_alternative, PACKAGE_NAME)) cmd.run_cli("security secrets update --value={} {}/secret2".format( secret_content_alternative, PACKAGE_NAME)) cmd.run_cli("security secrets update --value={} {}/secret3".format( secret_content_alternative, PACKAGE_NAME)) # Verify with hello-0 and world-0, just check with one of the pods hello_tasks_old = tasks.get_task_ids(PACKAGE_NAME, "hello-0") world_tasks_old = tasks.get_task_ids(PACKAGE_NAME, "world-0") # restart pods to retrieve new secret's content cmd.run_cli('hello-world pods restart hello-0') cmd.run_cli('hello-world pods restart world-0') # wait pod restart to complete tasks.check_tasks_updated(PACKAGE_NAME, "hello-0", hello_tasks_old) tasks.check_tasks_updated(PACKAGE_NAME, 'world-0', world_tasks_old) # wait till it is running tasks.check_running(PACKAGE_NAME, NUM_HELLO + NUM_WORLD) # get new task ids - only first pod hello_tasks = tasks.get_task_ids(PACKAGE_NAME, "hello-0") world_tasks = tasks.get_task_ids(PACKAGE_NAME, "world-0") # make sure content is changed assert secret_content_alternative == task_exec( world_tasks[0], "bash -c 'echo $WORLD_SECRET1_ENV'") assert secret_content_alternative == task_exec(world_tasks[0], "cat WORLD_SECRET2_FILE") assert secret_content_alternative == task_exec( world_tasks[0], "cat {}/secret3".format(PACKAGE_NAME)) # make sure content is changed assert secret_content_alternative == task_exec( hello_tasks[0], "bash -c 'echo $HELLO_SECRET1_ENV'") assert secret_content_alternative == task_exec(hello_tasks[0], "cat HELLO_SECRET1_FILE") assert secret_content_alternative == task_exec(hello_tasks[0], "cat HELLO_SECRET2_FILE") # clean up and delete secrets delete_secrets("{}/".format(PACKAGE_NAME))
def setup_module(module): install.uninstall(PACKAGE_NAME) install.install(PACKAGE_NAME, DEFAULT_TASK_COUNT)
def test_secrets_config_update(): # 1) install examples/secrets.yml # 2) create new Secrets, delete old Secrets # 2) update configuration with new Secrets # 4) verify secret content (using new Secrets after config update) sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) create_secrets("{}/".format(config.SERVICE_NAME)) sdk_install.install(config.PACKAGE_NAME, config.SERVICE_NAME, NUM_HELLO + NUM_WORLD, additional_options=secret_options) # tasks will fail if secret file is not created sdk_tasks.check_running(config.SERVICE_NAME, NUM_HELLO + NUM_WORLD) # Verify secret content, one from each pod type # make sure it has the default value assert secret_content_default == read_secret( "world-0", "bash -c 'echo $WORLD_SECRET1_ENV'") assert secret_content_default == read_secret("world-0", "cat WORLD_SECRET2_FILE") assert secret_content_default == read_secret( "world-0", "cat {}/secret3".format(config.SERVICE_NAME)) # hello tasks has container image assert secret_content_default == read_secret( "hello-0", "bash -c 'echo $HELLO_SECRET1_ENV'") assert secret_content_default == read_secret("hello-0", "cat HELLO_SECRET1_FILE") assert secret_content_default == read_secret("hello-0", "cat HELLO_SECRET2_FILE") # clean up and delete secrets (defaults) delete_secrets("{}/".format(config.SERVICE_NAME)) # create new secrets with new content -- New Value create_secrets(secret_content_arg=secret_content_alternative) marathon_config = sdk_marathon.get_config(config.SERVICE_NAME) marathon_config['env']['HELLO_SECRET1'] = 'secret1' marathon_config['env']['HELLO_SECRET2'] = 'secret2' marathon_config['env']['WORLD_SECRET1'] = 'secret1' marathon_config['env']['WORLD_SECRET2'] = 'secret2' marathon_config['env']['WORLD_SECRET3'] = 'secret3' # config update sdk_marathon.update_app(config.SERVICE_NAME, marathon_config) # wait till plan is complete - pods are supposed to restart sdk_plan.wait_for_completed_deployment(config.SERVICE_NAME) # all tasks are running sdk_tasks.check_running(config.SERVICE_NAME, NUM_HELLO + NUM_WORLD) # Verify secret content is changed assert secret_content_alternative == read_secret( "world-0", "bash -c 'echo $WORLD_SECRET1_ENV'") assert secret_content_alternative == read_secret("world-0", "cat WORLD_SECRET2_FILE") assert secret_content_alternative == read_secret("world-0", "cat secret3") assert secret_content_alternative == read_secret( "hello-0", "bash -c 'echo $HELLO_SECRET1_ENV'") assert secret_content_alternative == read_secret("hello-0", "cat HELLO_SECRET1_FILE") assert secret_content_alternative == read_secret("hello-0", "cat HELLO_SECRET2_FILE") # clean up and delete secrets delete_secrets()
def test_marathon_volume_collision(): # This test validates that a service registered in a sub-role of # slave_public will _not_ unreserve Marathon volumes RESERVED # in the `slave_public` role. # Uninstall HW first sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) # Install the marathon app marathon_app_name = "persistent-test" volume_name = "persistent-volume" persistent_app = { "id": marathon_app_name, "mem": 128, "user": "******", "cmd": "echo 'this is a test' > {}/test && sleep 10000".format(volume_name), "container": { "type": "MESOS", "volumes": [{ "persistent": { "type": "root", "size": 500, "constraints": [] }, "mode": "RW", "containerPath": volume_name, }], }, } try: sdk_marathon.install_app(persistent_app) # Get its persistent Volume host = sdk_marathon.get_scheduler_host(marathon_app_name) # Should get e.g.: "/var/lib/mesos/slave/volumes/roles/slave_public/persistent-test#persistent-volume#76e7bb6d-64fa-11e8-abc5-8e679b292d5e" rc, pv_path, _ = sdk_cmd.agent_ssh( host, "ls -d /var/lib/mesos/slave/volumes/roles/slave_public/{}#{}#*". format(marathon_app_name, volume_name), ) if rc != 0: log.error("Could not get slave_public roles. return-code: '%s'\n", rc) assert rc == 0 pv_path = pv_path.strip() @retrying.retry(wait_fixed=1000, stop_max_delay=60 * 1000) def check_content(): rc, pv_content, _ = sdk_cmd.agent_ssh( host, "cat {}/test".format(pv_path)) assert rc == 0 and pv_content.strip() == "this is a test" check_content() # Scale down the Marathon app app_config = sdk_marathon.get_config(marathon_app_name) app_config["instances"] = 0 sdk_marathon.update_app(app_config) # Install Hello World sdk_install.install( config.PACKAGE_NAME, config.SERVICE_NAME, PRERESERVED_TASK_COUNT, additional_options=pre_reserved_options, ) # Make sure the persistent volume is still there check_content() # Uninstall Hello World sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) # Make sure the persistent volume is still there check_content() # Scale back up the marathon app app_config = sdk_marathon.get_config(marathon_app_name) app_config["instances"] = 1 sdk_marathon.update_app(app_config) # Make sure the persistent volume is still there check_content() finally: # Reinstall hello world sdk_install.install( config.PACKAGE_NAME, config.SERVICE_NAME, PRERESERVED_TASK_COUNT, additional_options=pre_reserved_options, ) sdk_marathon.destroy_app(marathon_app_name)
def hdfs_with_kerberos(configure_security_hdfs): try: primaries = ["hdfs", "HTTP"] fqdn = "{service_name}.{host_suffix}".format( service_name=HDFS_SERVICE_NAME, host_suffix=sdk_hosts.AUTOIP_HOST_SUFFIX) instances = [ "name-0-node", "name-0-zkfc", "name-1-node", "name-1-zkfc", "journal-0-node", "journal-1-node", "journal-2-node", "data-0-node", "data-1-node", "data-2-node", ] principals = [] for (instance, primary) in itertools.product(instances, primaries): principals.append("{primary}/{instance}.{fqdn}@{REALM}".format( primary=primary, instance=instance, fqdn=fqdn, REALM=sdk_auth.REALM)) principals.append(GENERIC_HDFS_USER_PRINCIPAL) principals.append(ALICE_PRINCIPAL) kerberos_env = sdk_auth.KerberosEnvironment() kerberos_env.add_principals(principals) kerberos_env.finalize() service_kerberos_options = { "service": { "security": { "kerberos": { "enabled": True, "kdc": { "hostname": kerberos_env.get_host(), "port": int(kerberos_env.get_port()) }, "keytab_secret": kerberos_env.get_keytab_path(), "realm": kerberos_env.get_realm() } } }, "hdfs": { "security_auth_to_local": hdfs_auth.get_principal_to_user_mapping() } } sdk_install.uninstall(HDFS_PACKAGE_NAME, HDFS_SERVICE_NAME) sdk_install.install(HDFS_PACKAGE_NAME, HDFS_SERVICE_NAME, DEFAULT_HDFS_TASK_COUNT, additional_options=service_kerberos_options, timeout_seconds=30 * 60) yield kerberos_env finally: sdk_install.uninstall(HDFS_PACKAGE_NAME, HDFS_SERVICE_NAME) sdk_cmd.run_cli('package repo remove hdfs-aws') if kerberos_env: kerberos_env.cleanup()
def setup_module(module): install.uninstall(SERVICE_NAME, PACKAGE_NAME) utils.gc_frameworks() install.install(PACKAGE_NAME, DEFAULT_BROKER_COUNT, service_name=SERVICE_NAME)
def test_upgrade_111_210(configure_security): foldered_name = sdk_utils.get_foldered_name(config.SERVICE_NAME) sdk_install.uninstall(config.PACKAGE_NAME, foldered_name) from_version = '2.4.0-1.1.1' to_version = 'stub-universe' # In case that 2.1.0 has been released upgrade we want to test to a specific # 2.1.0 version rather than to latest stub universe version. ret_code, stdout, _ = sdk_cmd.run_cli( cmd='package describe kafka --package-versions', ) assert ret_code == 0 # Filter old versions in custom format that doesn't matches the x.x.x-x.x.x package_versions = [ v for v in json.loads(stdout) if re.match(r'^([\d\.]+)\-([\d\.]+)$', v) ] version_210 = sorted( [v for v in package_versions if v.split('-')[1] == '2.1.0'], reverse=True, ) if len(version_210) > 0: to_version = version_210[0] try: sdk_install.install( package_name=config.PACKAGE_NAME, service_name=foldered_name, expected_running_tasks=config.DEFAULT_BROKER_COUNT, additional_options={ "service": { "name": foldered_name }, "brokers": { "cpus": 0.5 } }, package_version=from_version, ) # wait for brokers to finish registering before starting tests test_utils.broker_count_check(config.DEFAULT_BROKER_COUNT, service_name=foldered_name) # Assert that inter broker protocol is set to 1.x version _, options, _ = sdk_cmd.svc_cli( config.PACKAGE_NAME, foldered_name, 'describe', parse_json=True, ) assert options['kafka']['inter_broker_protocol_version'] == '1.0' task_ids = sdk_tasks.get_task_ids(foldered_name, "") # Run update to the new version with tempfile.NamedTemporaryFile() as opts_f: opts_f.write( json.dumps({ 'kafka': { 'inter_broker_protocol_version': '1.0' } }).encode('utf-8')) opts_f.flush() sdk_cmd.svc_cli( config.PACKAGE_NAME, foldered_name, 'update start --package-version={} --options={}'.format( to_version, opts_f.name, ), ) # we must manually upgrade the package CLI because it's not done automatically in this flow # (and why should it? that'd imply the package CLI replacing itself via a call to the main CLI...) sdk_cmd.run_cli( 'package install --yes --cli --package-version={} {}'.format( to_version, config.PACKAGE_NAME, )) sdk_tasks.check_tasks_updated(foldered_name, "", task_ids) # Assert that inter broker protocol is set to 1.x version _, options, _ = sdk_cmd.svc_cli( config.PACKAGE_NAME, foldered_name, 'describe', parse_json=True, ) assert options['kafka']['inter_broker_protocol_version'] == '1.0' # Update protocol to 2.1 (serially) by changing kafka configuration with tempfile.NamedTemporaryFile() as opts_f: options['kafka']['inter_broker_protocol_version'] = '2.1' opts_f.write(json.dumps(options).encode('utf-8')) opts_f.flush() sdk_cmd.svc_cli( config.PACKAGE_NAME, foldered_name, "update start --options={}".format(opts_f.name), ) # Assert that inter broker protocol is set to 2.1 version _, options, _ = sdk_cmd.svc_cli( config.PACKAGE_NAME, foldered_name, 'describe', parse_json=True, ) assert options['kafka']['inter_broker_protocol_version'] == '2.1' finally: sdk_install.uninstall(config.PACKAGE_NAME, foldered_name)
def setup_module(module): install.uninstall(PACKAGE_NAME) options = {"service": {"spec_file": "examples/executor_volume.yml"}} install.install(PACKAGE_NAME, 3, additional_options=options)
def setup_module(module): install.uninstall(PACKAGE_NAME) options = {"service": {"spec_file": "examples/web-url.yml"}} # this config produces 1 hello's + 0 world's: install.install(PACKAGE_NAME, 1, additional_options=options)
def test_upgrade_from_xpack_enabled( package_name: str, service_name: str, options: Dict[str, Any], expected_task_count: int, ) -> None: # This test needs to run some code in between the Universe version installation and the upgrade # to the 'stub-universe' version, so it cannot use `sdk_upgrade.test_upgrade`. http_user = DEFAULT_ELASTICSEARCH_USER http_password = DEFAULT_ELASTICSEARCH_PASSWORD sdk_install.uninstall(package_name, service_name) # Move Universe repo to the top of the repo list so that we can first install the Universe # version. _, universe_version = sdk_repository.move_universe_repo( package_name, universe_repo_index=0) sdk_install.install( package_name, service_name, expected_running_tasks=expected_task_count, additional_options={"elasticsearch": { "xpack_enabled": True }}, package_version=universe_version, ) document_es_5_id = 1 document_es_5_fields = { "name": "Elasticsearch 5: X-Pack enabled", "role": "search engine" } create_document( DEFAULT_INDEX_NAME, DEFAULT_INDEX_TYPE, document_es_5_id, document_es_5_fields, service_name=service_name, http_user=http_user, http_password=http_password, ) # This is the first crucial step when upgrading from "X-Pack enabled" on ES5 to "X-Pack security # enabled" on ES6. The default "changeme" password doesn't work anymore on ES6, so passwords # *must* be *explicitly* set, otherwise nodes won't authenticate requests, leaving the cluster # unavailable. Users will have to do this manually when upgrading. _curl_query( service_name, "POST", "_xpack/security/user/{}/_password".format(http_user), json_body={"password": http_password}, http_user=http_user, http_password=http_password, ) # Move Universe repo back to the bottom of the repo list so that we can upgrade to the version # under test. _, test_version = sdk_repository.move_universe_repo(package_name) # First we upgrade to "X-Pack security enabled" set to false on ES6, so that we can use the # X-Pack migration assistance and upgrade APIs. sdk_upgrade.update_or_upgrade_or_downgrade( package_name, service_name, test_version, { "service": { "update_strategy": "parallel" }, "elasticsearch": { "xpack_security_enabled": False }, }, expected_task_count, ) # Get list of indices to upgrade from here. The response looks something like: # { # "indices" : { # ".security" : { # "action_required" : "upgrade" # }, # ".watches" : { # "action_required" : "upgrade" # } # } # } response = _curl_query(service_name, "GET", "_xpack/migration/assistance?pretty") # This is the second crucial step when upgrading from "X-Pack enabled" on ES5 to ES6. The # ".security" index (along with any others returned by the "assistance" API) needs to be # upgraded. for index in response["indices"]: _curl_query( service_name, "POST", "_xpack/migration/upgrade/{}?pretty".format(index), http_user=http_user, http_password=http_password, ) document_es_6_security_disabled_id = 2 document_es_6_security_disabled_fields = { "name": "Elasticsearch 6: X-Pack security disabled", "role": "search engine", } create_document( DEFAULT_INDEX_NAME, DEFAULT_INDEX_TYPE, document_es_6_security_disabled_id, document_es_6_security_disabled_fields, service_name=service_name, http_user=http_user, http_password=http_password, ) # After upgrading the indices, we're now safe to do the actual configuration update, possibly # enabling X-Pack security. sdk_service.update_configuration(package_name, service_name, options, expected_task_count) document_es_6_post_update_id = 3 document_es_6_post_update_fields = { "name": "Elasticsearch 6: Post update", "role": "search engine", } create_document( DEFAULT_INDEX_NAME, DEFAULT_INDEX_TYPE, document_es_6_post_update_id, document_es_6_post_update_fields, service_name=service_name, http_user=http_user, http_password=http_password, ) # Make sure that documents were created and are accessible. verify_document( service_name, document_es_5_id, document_es_5_fields, http_user=http_user, http_password=http_password, ) verify_document( service_name, document_es_6_security_disabled_id, document_es_6_security_disabled_fields, http_user=http_user, http_password=http_password, ) verify_document( service_name, document_es_6_post_update_id, document_es_6_post_update_fields, http_user=http_user, http_password=http_password, )
def test_region_zone_injection(): sdk_install.install(config.PACKAGE_NAME, config.SERVICE_NAME, 3) assert fault_domain_vars_are_present('hello-0') assert fault_domain_vars_are_present('world-0') assert fault_domain_vars_are_present('world-1') sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)