def checking_encrypted_communication():
# Check whether we can log in using TLS
print_log("Checking login/whoami using TLS", fill=log_length)
print_crit_check(check_login())
# Check whether we can log in w/o TLS
print_log("Checking login/whoami w/o TLS not allowed", fill=log_length)
print_check(not check_login(tls=False))
def check_fileserver_size_mount():
# Get output of df -h and extract fileserver-pool line
df = get_process_output("df -h").splitlines()
lines = [l for l in df if l.startswith("fileserver-pool 12G")]
# Check whether df -h contains fileserver-pool line
print_log("Checking df -h combined size")
print_check(len(lines) > 0)
# Check whether fileserver-pool line mentions a mount at /mnt/fileserver-pool
print_log("Checking pool mounted")
print_crit_check(
len(lines) > 0 and lines[0].endswith('/mnt/fileserver-pool'))
def check_hdds_size():
def get_block_device_size(dev):
# Get block device size in bytes
out = get_process_output("lsblk -brno SIZE /dev/{}".format(dev))
# Convert from bytes to GiB
return int(out.splitlines()[0]) / (2**30)
# Get all block devices in fileserver-pool
out = get_process_output("zpool status -L fileserver-pool")
out = out[out.find('config:'):out.find('errors:')]
devs = [l[5:8] for l in out.splitlines() if l.startswith('\t ')]
# Check whether we have the right number of them
print_log("Checking correct number of block devices")
print_check(len(devs) == 7)
# Check whether no block device is larger than 2GiB
print_log("Checking block devices sizes")
print_check(all(map(lambda x: x <= 2, map(get_block_device_size, devs))))
def check_passwd():
def change_pw(old_password, new_password):
# Execute passwd as test1 user
cmd = "runuser -l root1 -c \"echo \\\"{0}\\n{1}\\n{1}\\\" | passwd\" 2>&1"
out = get_process_output(cmd.format(old_password, new_password))
return "password updated successfully" in out
# Try to use passwd
print_log("Checking passwd works", fill=log_length)
success = change_pw("test1", "test2")
print_check(success)
if not success:
return
# Try to log in using old, then new password
print_log("Checking password changed", fill=log_length)
success = not check_login("test1") and check_login("test2")
print_check(success)
# Reset password for next test run
change_pw("test2", "test1")
import sys
sys.path.append(sys.path[0] + '/../99_helpers/')
from test_helpers import get_page, read_config # noqa # pylint: disable=import-error
from test_helpers import print_log, print_check, set_log_length # noqa # pylint: disable=import-error
from test_helpers import print_test_summary # noqa # pylint: disable=import-error
secret = "<title>Nagios: nagios.psa-team10.in.tum.de</title>"
auth = (read_config('nagios-username'), read_config('nagios-password'))
set_log_length(50)
print_log("Checking Nagios available in PSA network")
page = get_page('nagios.psa-team10.in.tum.de/nagios/', auth=auth)
print_check(secret in page)
print_test_summary()
import sys
sys.path.append(sys.path[0] + '/../99_helpers/')
from test_helpers import exists_mount # noqa # pylint: disable=import-error
from test_helpers import set_log_length, print_log, print_check # noqa # pylint: disable=import-error
from test_helpers import print_test_summary # noqa # pylint: disable=import-error
# Set the test_log length to 50 chars
set_log_length(50)
src = '192.168.10.6:/mnt/fileserver-pool/services/webapp/status-monitor'
dst = '/mnt/status-monitor'
print_log("Checking mount for webapp (on VM5)")
print_check(exists_mount(src, dst))
print_test_summary()
import sys
sys.path.append(sys.path[0] + '/../99_helpers/')
from test_helpers import exists_mount # noqa # pylint: disable=import-error
from test_helpers import set_log_length, print_log, print_check # noqa # pylint: disable=import-error
from test_helpers import print_test_summary # noqa # pylint: disable=import-error
# Set the test_log length to 50 chars
set_log_length(50)
src = '192.168.10.6:/mnt/fileserver-pool/services/website/{}'
dst = 'var/www/{}'
print_log("Checking mount for 1st website (on VM1)")
print_check(exists_mount(src.format('web1'), dst.format('web1')))
print_log("Checking mount for 2nd website (on VM1)")
print_check(exists_mount(src.format('web2'), dst.format('web2')))
print_log("Checking mount for 3rd website (on VM1)")
print_check(exists_mount(src.format('web3'), dst.format('web3')))
print_test_summary()
import sys
sys.path.append(sys.path[0] + '/../99_helpers/')
from test_helpers import get_process_output, exists_mount # noqa # pylint: disable=import-error
from test_helpers import set_log_length, print_log, print_check # noqa # pylint: disable=import-error
from test_helpers import print_test_summary # noqa # pylint: disable=import-error
print_log("Checking accessing a file on fileserver")
secret = get_process_output("su -c \"cat /home/rech/.fileserver_test\" rech")
print_check('my_secret' in secret)
print_log("Checking (auto)mount entry in df")
src = '192.168.10.6:/mnt/fileserver-pool/home/rech'
dst = '/home/rech'
print_check(exists_mount(src, dst))
print_test_summary()
import sys
sys.path.append(sys.path[0] + '/../99_helpers/')
from test_helpers import exists_mount # noqa # pylint: disable=import-error
from test_helpers import set_log_length, print_log, print_check # noqa # pylint: disable=import-error
from test_helpers import print_test_summary # noqa # pylint: disable=import-error
# Set the test_log length to 50 chars
set_log_length(50)
src = '192.168.10.6:/mnt/fileserver-pool/services/database/slave'
dst = '/var/lib/mysql'
print_log("Checking mount for database slave (on VM4)")
print_check(exists_mount(src, dst))
print_test_summary()
import sys
import tempfile
from smb.SMBConnection import SMBConnection
sys.path.append(sys.path[0] + '/../99_helpers/')
from test_helpers import read_config # noqa # pylint: disable=import-error
from test_helpers import print_log, print_check, print_crit_check # noqa # pylint: disable=import-error
from test_helpers import print_test_summary # noqa # pylint: disable=import-error
# Read password from configuration file
password = read_config('samba-rech-password')
print_log("Checking samba server reachable")
con = SMBConnection("rech", password, "local_name", "local_machine")
try:
con.connect("192.168.10.6", 445)
except Exception:
con = None
print_crit_check(con is not None)
print_log("Checking home shared over samba")
shares = list(map(lambda x: x.name, con.listShares()))
print_crit_check('rech' in shares)
print_log("Checking files listed in samba")
files = map(lambda x: x.filename, con.listPath('rech', '/'))
print_check('.fileserver_test' in files)
print_log("Checking file read over samba")
f = tempfile.NamedTemporaryFile()
con.retrieveFile('rech', '/.fileserver_test', f)
f.seek(0) # pysmb starts at end of file
return False
def email_received(imap, msg, limit_from_addr_to=None):
imap.close()
imap.select()
if limit_from_addr_to is None:
_, data = imap.search(None, 'ALL')
else:
_, data = imap.search(None, 'FROM', limit_from_addr_to)
msgs = [imap.fetch(n, '(UID BODY[TEXT])') for n in data[0].split()[-10:]]
msgs = [msg[1][0][1].decode('utf-8') for msg in msgs]
return any(rmsg for rmsg in msgs if msg in rmsg)
print_log("[Firewall] Port 25 (SMTP) open")
print_crit_check(is_port_open(server, 25))
print_log("[Firewall] Port 143 (IMAP) open")
print_crit_check(is_port_open(server, 143))
print()
print_log("[IMAP] Connection possible")
try:
imap = IMAP4(host=server)
print_check('OK' in imap.noop())
except IMAP4.error:
print_crit_check(False)
print_log("[IMAP] STARTTLS successful")
#!/usr/bin/env python3.7
import sys
sys.path.append(sys.path[0] + '/../99_helpers/')
from test_helpers import print_log, print_check, print_crit_check # noqa # pylint: disable=import-error
from test_helpers import print_test_summary # noqa # pylint: disable=import-error
from test_helpers import get_process_output # noqa # pylint: disable=import-error
print_log("Checking netplan dhcp")
with open('/etc/netplan/psa.yaml', 'r') as f:
netplan = f.read()
print_crit_check('dhcp4: true' in netplan)
print_log("Checking IP address assigned")
ip = get_process_output("ip -o -f inet addr show dev enp0s8 dynamic")
print_crit_check("inet 192.168.10." in ip)
print_log("Checking subnet mask specified")
print_check("/24 brd" in ip)
print_log("Checking routes specified")
routes = get_process_output("ip route list proto dhcp dev enp0s8")
print_check("192.168.0.0/16 via 192.168.10.2" in routes)
print_test_summary()
sys.path.append(sys.path[0] + '/../99_helpers/')
from test_helpers import get_vm_name # noqa # pylint: disable=import-error
from test_helpers import print_log, print_check, print_crit_check # noqa # pylint: disable=import-error
from test_helpers import print_test_summary # noqa # pylint: disable=import-error
from test_helpers import get_process_output, get_process_returncode # noqa # pylint: disable=import-error
# Declare constants
server_dns, server_ip = 'dns.psa-team10.in.tum.de.', '192.168.10.2'
vm1_dns, vm1_ip = 'vm1.psa-team10.in.tum.de.', '192.168.10.1'
team_dns, team_ip = 'psa-team10.in.tum.de.', '192.168.10.1'
team_one_dns, team_one_ip = 'dns.psa-team01.in.tum.de.', '192.168.1.3'
tum_proxy_dns, tum_proxy_ip = 'proxy.in.tum.de.', '131.159.0.2'
# First, check whether bind9 is even active if same VM
if get_vm_name() == 'vm02':
print_log("Checking bind9 active")
cmd = "systemctl is-active --quiet bind9.service"
print_crit_check(get_process_returncode(cmd) == 0)
cmd = "host {0} " + server_ip
# Do tests for team domain names
print_log("Checking dns A record")
print_check(server_ip in get_process_output(cmd.format(server_dns)))
print_log("Checking team A record")
print_check(team_ip in get_process_output(cmd.format(team_dns)))
print_log("Checking vm1 A record")
print_check(vm1_ip in get_process_output(cmd.format(vm1_dns)))
# Do tests for other team's domain names
print_log("Checking other team's records")
files = os.listdir(path)
log_pattern = r'^(' + re.escape(name) + r'(\.(\d)+)?)$'
logs = filter_list_by_regex(files, log_pattern, group=1)
logs = [(path + file) for file in logs]
lines = []
for log in logs:
with open(log, 'r') as log_file:
lines += log_file.readlines()
if filter_ips:
ip_pattern = r'((\d?\d?\d\.){3}\d?\d?\d)'
lines = filter_list_by_regex(lines, ip_pattern, group=1)
return logs, lines
# First, check whether nginx is even active
print_log("Checking nginx active")
cmd = "systemctl is-active --quiet nginx.service"
print_crit_check(get_process_returncode(cmd) == 0)
# Checking logfiles
print_log("Checking IPs in access log")
_, access_logs = get_logs(access_log_path, access_log_name, filter_ips=True)
print_check(len(access_logs) == 0)
print_log("Checking IPs in error log")
# Generating error to make sure error log isn't empty
get_page(main_hostname + '/idontexist.filetype')
_, error_logs = get_logs(error_log_path, error_log_name, filter_ips=True)
print_check(len(error_logs) > 0)
# Check logrotate
access_files, access_logs = get_logs(access_log_path, access_log_name)
import sys
sys.path.append(sys.path[0] + '/../99_helpers/')
from test_helpers import get_page # noqa # pylint: disable=import-error
from test_helpers import print_log, print_check # noqa # pylint: disable=import-error
from test_helpers import set_log_length, print_test_summary # noqa # pylint: disable=import-error
set_log_length(65)
print_log("Checking available in PSA network")
page = get_page('status.psa-team10.in.tum.de')
print_check("<title>Status app</title>" in page)
print_log("Checking available externally")
print_check("<title>Status app</title>" in get_page('psa.in.tum.de:61015'))
print_test_summary()
def generate_token(c):
test_token = secrets.token_urlsafe(48)[0:48]
with c.cursor() as cur:
sql = ("select * from {0}.{1} where test_secret = %s;".format(
localhost_db, localhost_test_table))
read_tokens = sql_query(cur, sql, (test_token, ))
if not test_token in read_tokens:
return test_token
else:
return generate_token(c)
# First, check whether mariadb is even active
print_log("Checking database server active", fill=log_fill)
cmd = "systemctl is-active --quiet mariadb.service"
print_crit_check(get_process_returncode(cmd) == 0)
# Try logging in with readonly user
print_log("Checking readonly user can log in", fill=log_fill)
readonly_con = pymysql.connect(host='localhost',
user=readonly_user,
password=readonly_pwd)
print_crit_check(True)
# We just logged in using the readonly user, so it exists
print_log("Checking readonly user exists", fill=log_fill)
print_check(True)
with readonly_con.cursor() as read_cursor:
import sys
sys.path.append(sys.path[0] + '/../99_helpers/')
from test_helpers import exists_mount # noqa # pylint: disable=import-error
from test_helpers import set_log_length, print_log, print_check # noqa # pylint: disable=import-error
from test_helpers import print_test_summary # noqa # pylint: disable=import-error
# Set the test_log length to 50 chars
set_log_length(50)
src = '192.168.10.6:/mnt/fileserver-pool/services/database/master'
dst = '/var/lib/mysql'
print_log("Checking mount database master (on VM3)")
print_check(exists_mount(src, dst))
print_test_summary()
def install_helpers(helpers, week):
msg = "Installing {0} helper file(s) for {1}".format(len(helpers), week)
print_log(msg)
install_files(helpers, '/root/helpers')
print_check(True)
def install_tests(tests, week):
print_log("Installing {0} test file(s) for {1}".format(len(tests), week))
install_files(tests, '/root/tests')
print_check(True)
# Keys for checking whether page was served correctly
main_key = 'PSA-T10-1'
cgi_key = "Hello world from user rech!"
cname_key = 'PSA-T10-2'
alt_ip_key = 'PSA-T10-3'
# Logging
access_log_path = '/var/log/nginx/'
access_log_name = 'access.log'
error_log_path = '/var/log/nginx/'
error_log_name = 'error.log'
# Check whether DNS resolves to specified IPs
log_msg = "Checking DNS for {0}"
cmd = "host {0}"
print_log(log_msg.format("the main hostname"))
out = get_process_output(cmd.format(main_hostname))
print_crit_check(main_ip in out)
print_log(log_msg.format("the cname hostname"))
out = get_process_output(cmd.format(cname_hostname))
print_check(main_ip in out)
print_log(log_msg.format("the alt. hostname"))
out = get_process_output(cmd.format(alt_ip_hostname))
print_check(alt_ip in out)
print_log("Checking resolving to different IPs")
cond = (get_process_output(cmd.format(main_hostname)) != get_process_output(
cmd.format(alt_ip_hostname)))
print_check(cond)
# Check whether different hostnames return the correct keys
log_msg = "Checking hostname honored ({0})"
def check_anonymous_bind():
# Use anonymous bind to try and get uid & matrNr, then only matrNr
cmd = "ldapsearch -H {0} -b \"{1}\" -x uid=root1 uid{2}"
out1 = get_process_output(cmd.format(ldap_host, ldap_base_dn, ", matrNr"))
out2 = get_process_output(cmd.format(ldap_host, ldap_base_dn, ''))
# The 2nd command should have worked and the 1st not
return "uid: root1" in out2 and not "matrNr: 1938351754" in out1
if not is_interactive():
sleep(int(get_vm_name()[2:]) * 15)
# Check encrypted communication w/ server
checking_encrypted_communication()
# Check organizational units
print_log("Checking organizational units", fill=log_length)
print_check(check_organizational_units())
# Check existing user
print_log("Checking Praktikum users exist", fill=log_length)
print_check(check_existing_users())
# Check csv user
print_log("Checking csv users exist", fill=log_length)
print_check(check_csv_users())
# Check csv user details
print_log("Checking csv users attributes", fill=log_length)
print_check(check_csv_attributes())
# Check csv user certificate
print_log("Checking csv users have certificate", fill=log_length)
print_check(check_csv_certificate())
# Check passwd
check_passwd()
import sys
sys.path.append(sys.path[0] + '/../99_helpers/')
from test_helpers import get_page, get_process_returncode, Cursor # noqa # pylint: disable=import-error
from test_helpers import print_log, print_check, run_remote_test # noqa # pylint: disable=import-error
from test_helpers import set_log_length, print_test_summary # noqa # pylint: disable=import-error
set_log_length(65)
print_log("Checking testrunner active")
rc = get_process_returncode("systemctl is-active --quiet dash-testrunner")
print_check(rc == 0)
print_log("Checking server active")
rc = get_process_returncode("systemctl is-active --quiet dash-server")
print_check(rc == 0)
print_log("Checking nginx proxy active")
rc = get_process_returncode("systemctl is-active --quiet nginx")
print_check(rc == 0)
print_log("Checking website online")
page = get_page('localhost')
print_check("<title>Status app</title>" in page)
print_log("Checking all tests executed at least once in last hour")
with Cursor() as c:
sql = ('''select test, vm from run_on where not exists '''
'''( select * from test_results '''
'''where test_results.test = run_on.test '''
'''and test_results.vm = run_on.vm '''
set_log_length(70)
readonly_user = '******'
readonly_pwd = read_config('database-readonly-pw')
test_db = 'test_db1'
test_table = 'test_table'
def sql_query(c, sql, args=()):
c.execute(sql, args)
return [tup[0] for tup in c.fetchall()]
# Get the test_token
if len(sys.argv) == 1 and len(sys.argv[1]) != 48:
print_log("Test token specified")
print_crit_check(False)
test_token = sys.argv[1]
# First, check whether mariadb is even active
print_log("Checking replication server active")
cmd = "systemctl is-active --quiet mariadb.service"
print_check(get_process_returncode(cmd) == 0)
# Try logging in with readonly user
print_log("Checking readonly user can log in to replication")
readonly_con = pymysql.connect(
host='localhost',
user=readonly_user,
password=readonly_pwd,
