def is_ssl_enabled_on_unit(unit, port=None):
    """Check a single juju rmq unit for ssl and port in the config file."""
    host = unit.public_address
    unit_name = unit.entity_id

    conf_file = '/etc/rabbitmq/rabbitmq.config'
    conf_contents = str(generic_utils.get_file_contents(unit, conf_file))
    # Checks
    conf_ssl = 'ssl' in conf_contents
    conf_port = str(port) in conf_contents

    # Port explicitly checked in config
    if port and conf_port and conf_ssl:
        logging.debug('SSL is enabled  @{}:{} '
                      '({})'.format(host, port, unit_name))
        return True
    elif port and not conf_port and conf_ssl:
        logging.debug('SSL is enabled @{} but not on port {} '
                      '({})'.format(host, port, unit_name))
        return False
    # Port not checked (useful when checking that ssl is disabled)
    elif not port and conf_ssl:
        logging.debug('SSL is enabled  @{}:{} '
                      '({})'.format(host, port, unit_name))
        return True
    elif not conf_ssl:
        logging.debug('SSL not enabled @{}:{} '
                      '({})'.format(host, port, unit_name))
        return False
    else:
        msg = ('Unknown condition when checking SSL status @{}:{} '
               '({})'.format(host, port, unit_name))
        raise ValueError(msg)
示例#2
0
    def test_200_haproxy_stats_config(self):
        """Verify that the HAProxy stats are properly setup."""
        logging.info('Checking dashboard HAProxy settings...')
        unit = zaza_model.get_unit_from_name(
            zaza_model.get_lead_unit_name(self.application_name))
        logging.debug("... dashboard_ip is:{}".format(
            zaza_model.get_unit_public_address(unit)))
        conf = '/etc/haproxy/haproxy.cfg'
        port = '8888'
        set_alternate = {
            'haproxy-expose-stats': 'True',
        }

        request = urllib.request.Request('http://{}:{}'.format(
            zaza_model.get_unit_public_address(unit), port))

        output = str(generic_utils.get_file_contents(unit, conf))

        password = None
        for line in output.split('\n'):
            if "stats auth" in line:
                password = line.split(':')[1]
                break
        else:
            raise ValueError("'stats auth' not found in output'")
        base64string = base64.b64encode(
            bytes('{}:{}'.format('admin', password), 'ascii'))
        request.add_header("Authorization",
                           "Basic {}".format(base64string.decode('utf-8')))

        # Expect default config to not be available externally.
        expected = 'bind 127.0.0.1:{}'.format(port)
        self.assertIn(expected, output)
        with self.assertRaises(urllib.error.URLError):
            _do_request(request)

        zaza_model.set_application_config(self.application_name, set_alternate)
        zaza_model.block_until_all_units_idle(model_name=self.model_name)

        # Once exposed, expect HAProxy stats to be available externally
        output = str(generic_utils.get_file_contents(unit, conf))
        expected = 'bind 0.0.0.0:{}'.format(port)
        html = _do_request(request).read().decode(encoding='utf-8')
        self.assertIn(expected, output)
        self.assertIn('Statistics Report for HAProxy', html,
                      "HAProxy stats check failed")
    def test_vgpu_in_nova_conf(self):
        """Test that nova.conf contains vGPU-related settings.

        This test assumes that nova-compute-nvidia-vgpu's config option
        vgpu-device-mappings has been set to something not empty like
        "{'nvidia-108': ['0000:c1:00.0']}".
        """
        for unit in zaza.model.get_units('nova-compute',
                                         model_name=self.model_name):
            nova_conf_file = '/etc/nova/nova.conf'
            nova_conf = str(generic_utils.get_file_contents(unit,
                                                            nova_conf_file))

            # See
            # https://docs.openstack.org/nova/queens/admin/virtual-gpu.html
            # https://docs.openstack.org/nova/ussuri/admin/virtual-gpu.html
            # https://docs.openstack.org/releasenotes/nova/xena.html#deprecation-notes
            self.assertTrue(('enabled_vgpu_types' in nova_conf) or
                            ('enabled_mdev_types' in nova_conf))