Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Thomas Gambier
slapos
Commits
6e7330a5
Commit
6e7330a5
authored
Sep 28, 2020
by
Łukasz Nowak
Browse files
Options
Browse Files
Download
Plain Diff
Fix/slapos master instantiation
See merge request
nexedi/slapos!814
parents
b6a12b43
d2d2a1b6
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
203 additions
and
21 deletions
+203
-21
component/openssl/buildout.cfg
component/openssl/buildout.cfg
+1
-0
software/slapos-master/test/test/test_erp5.py
software/slapos-master/test/test/test_erp5.py
+198
-19
software/slapos-sr-testing/buildout.hash.cfg
software/slapos-sr-testing/buildout.hash.cfg
+1
-1
software/slapos-sr-testing/instance.cfg
software/slapos-sr-testing/instance.cfg
+1
-1
software/slapos-sr-testing/software.cfg
software/slapos-sr-testing/software.cfg
+2
-0
No files found.
component/openssl/buildout.cfg
View file @
6e7330a5
...
...
@@ -53,6 +53,7 @@ stop-on-error = true
update-command = ${:command}
command = ${coreutils-output:test} -x ${:openssl}
openssl = ${openssl:location}/bin/openssl
bin = ${openssl:location}
[openssl-1.0]
recipe = slapos.recipe.cmmi
...
...
software/slapos-master/test/test/test_erp5.py
View file @
6e7330a5
...
...
@@ -31,6 +31,10 @@ import glob
import
urlparse
import
socket
import
time
import
re
import
BaseHTTPServer
import
multiprocessing
import
subprocess
import
psutil
import
requests
...
...
@@ -46,15 +50,17 @@ class TestPublishedURLIsReachableMixin(object):
def
_checkERP5IsReachable
(
self
,
url
):
# What happens is that instanciation just create the services, but does not
# wait for ERP5 to be initialized. When this test run ERP5 instance is
# instanciated, but zope is still busy creating the site and haproxy
replies
#
with 503 Service Unavailable when zope is not started yet, with 404 when
#
erp5 site is not created, with 500 when mysql is not yet reachable, so we
# retry in a loop until we get a succesful response.
# instanciated, but zope is still busy creating the site and haproxy
#
replies with 503 Service Unavailable when zope is not started yet, with
#
404 when erp5 site is not created, with 500 when mysql is not yet
# re
achable, so we re
try in a loop until we get a succesful response.
for
i
in
range
(
1
,
60
):
r
=
requests
.
get
(
url
,
verify
=
False
)
# XXX can we get CA from caucase already ?
# XXX can we get CA from caucase already ?
r
=
requests
.
get
(
url
,
verify
=
False
)
if
r
.
status_code
!=
requests
.
codes
.
ok
:
delay
=
i
*
2
self
.
logger
.
warn
(
"ERP5 was not available, sleeping for %ds and retrying"
,
delay
)
self
.
logger
.
warn
(
"ERP5 was not available, sleeping for %ds and retrying"
,
delay
)
time
.
sleep
(
delay
)
continue
r
.
raise_for_status
()
...
...
@@ -77,7 +83,8 @@ class TestPublishedURLIsReachableMixin(object):
urlparse
.
urljoin
(
param_dict
[
'family-default'
],
param_dict
[
'site-id'
]))
class
TestDefaultParameters
(
ERP5InstanceTestCase
,
TestPublishedURLIsReachableMixin
):
class
TestDefaultParameters
(
ERP5InstanceTestCase
,
TestPublishedURLIsReachableMixin
):
"""Test ERP5 can be instanciated with no parameters
"""
__partition_reference__
=
'defp'
...
...
@@ -125,16 +132,19 @@ class TestApacheBalancerPorts(ERP5InstanceTestCase):
self
.
assertTrue
(
parsed
.
port
)
def
test_published_family_parameters
(
self
):
# when we request two families, we have two published family-{family_name} URLs
# when we request two families, we have two published family-{family_name}
# URLs
param_dict
=
self
.
getRootPartitionConnectionParameterDict
()
for
family_name
in
(
'family1'
,
'family2'
):
self
.
checkValidHTTPSURL
(
param_dict
[
'family-{family_name}'
.
format
(
family_name
=
family_name
)])
self
.
checkValidHTTPSURL
(
param_dict
[
'family-{family_name}-v6'
.
format
(
family_name
=
family_name
)])
param_dict
[
'family-{family_name}-v6'
.
format
(
family_name
=
family_name
)])
def
test_published_test_runner_url
(
self
):
# each family's also a list of test test runner URLs, by default 3 per family
# each family's also a list of test test runner URLs, by default 3 per
# family
param_dict
=
self
.
getRootPartitionConnectionParameterDict
()
for
family_name
in
(
'family1'
,
'family2'
):
family_test_runner_url_list
=
param_dict
[
...
...
@@ -144,7 +154,8 @@ class TestApacheBalancerPorts(ERP5InstanceTestCase):
self
.
checkValidHTTPSURL
(
url
)
def
test_zope_listen
(
self
):
# we requested 3 zope in family1 and 5 zopes in family2, we should have 8 zope running.
# we requested 3 zope in family1 and 5 zopes in family2, we should have 8
# zope running.
with
self
.
slap
.
instance_supervisor_rpc
as
supervisor
:
all_process_info
=
supervisor
.
getAllProcessInfo
()
self
.
assertEqual
(
...
...
@@ -179,7 +190,8 @@ class TestApacheBalancerPorts(ERP5InstanceTestCase):
])
class
TestDisableTestRunner
(
ERP5InstanceTestCase
,
TestPublishedURLIsReachableMixin
):
class
TestDisableTestRunner
(
ERP5InstanceTestCase
,
TestPublishedURLIsReachableMixin
):
"""Test ERP5 can be instanciated without test runner.
"""
__partition_reference__
=
'distr'
...
...
@@ -192,7 +204,8 @@ class TestDisableTestRunner(ERP5InstanceTestCase, TestPublishedURLIsReachableMix
"""
# self.computer_partition_root_path is the path of root partition.
# we want to assert that no scripts exist in any partition.
bin_programs
=
map
(
os
.
path
.
basename
,
bin_programs
=
map
(
os
.
path
.
basename
,
glob
.
glob
(
self
.
computer_partition_root_path
+
"/../*/bin/*"
))
self
.
assertTrue
(
bin_programs
)
# just to check the glob was correct.
...
...
@@ -200,7 +213,8 @@ class TestDisableTestRunner(ERP5InstanceTestCase, TestPublishedURLIsReachableMix
self
.
assertNotIn
(
'runTestSuite'
,
bin_programs
)
def
test_no_apache_testrunner_port
(
self
):
# Apache only listen on two ports, there is no apache ports allocated for test runner
# Apache only listen on two ports, there is no apache ports allocated for
# test runner
with
self
.
slap
.
instance_supervisor_rpc
as
supervisor
:
all_process_info
=
supervisor
.
getAllProcessInfo
()
process_info
,
=
[
p
for
p
in
all_process_info
if
p
[
'name'
]
==
'apache'
]
...
...
@@ -213,7 +227,9 @@ class TestDisableTestRunner(ERP5InstanceTestCase, TestPublishedURLIsReachableMix
if
c
.
status
==
'LISTEN'
))
class
TestZopeNodeParameterOverride
(
ERP5InstanceTestCase
,
TestPublishedURLIsReachableMixin
):
class
TestZopeNodeParameterOverride
(
ERP5InstanceTestCase
,
TestPublishedURLIsReachableMixin
):
"""Test override zope node parameters
"""
__partition_reference__
=
'override'
...
...
@@ -228,7 +244,7 @@ class TestZopeNodeParameterOverride(ERP5InstanceTestCase, TestPublishedURLIsReac
"server"
:
{},
"cache-size-bytes"
:
"20MB"
,
"cache-size-bytes!"
:
[
(
"bb-0"
,
1
<<
20
),
(
"bb-0"
,
1
<<
20
),
(
"bb-.*"
,
"500MB"
),
],
"pool-timeout"
:
"10m"
,
...
...
@@ -299,7 +315,170 @@ class TestZopeNodeParameterOverride(ERP5InstanceTestCase, TestPublishedURLIsReac
partition
=
self
.
getComputerPartitionPath
(
'zope-bb'
)
for
zope
in
xrange
(
5
):
checkConf
({
"cache-size-bytes"
:
"500MB"
if
zope
else
1
<<
20
,
"cache-size-bytes"
:
"500MB"
if
zope
else
1
<<
20
,
},
{
"cache-size"
:
None
,
})
def
popenCommunicate
(
command_list
,
input_
=
None
,
**
kwargs
):
kwargs
.
update
(
stdout
=
subprocess
.
PIPE
,
stderr
=
subprocess
.
STDOUT
)
popen
=
subprocess
.
Popen
(
command_list
,
**
kwargs
)
result
=
popen
.
communicate
(
input_
)[
0
]
if
popen
.
returncode
is
None
:
popen
.
kill
()
if
popen
.
returncode
!=
0
:
raise
ValueError
(
'Issue during calling %r, result was:
\
n
%s'
%
(
command_list
,
result
))
return
result
class
TestHandler
(
BaseHTTPServer
.
BaseHTTPRequestHandler
):
def
do_GET
(
self
):
self
.
send_response
(
200
)
response
=
{
'Path'
:
self
.
path
,
'Incoming Headers'
:
self
.
headers
.
dict
}
response
=
json
.
dumps
(
response
,
indent
=
2
)
self
.
end_headers
()
self
.
wfile
.
write
(
response
)
class
TestDeploymentScriptInstantiation
(
ERP5InstanceTestCase
):
"""This check deployment script like instantiation
Low level assertions are done here in roder to assure that
https://lab.nexedi.com/nexedi/slapos.package/blob/master/playbook/
slapos-master-standalone.yml
works correctly
"""
__partition_reference__
=
'tdsi'
# a bit more partition is required
partition_count
=
20
@
classmethod
def
getInstanceParameterDict
(
cls
):
# As close as possible configuration to deployment script
parameter_dict
=
{
"timezone"
:
"UTC"
,
"site-id"
:
"erp5"
,
"bt5"
:
"erp5_full_text_myisam_catalog slapos_configurator"
,
"wsgi"
:
False
,
"test-runner"
:
{
"enabled"
:
False
},
# won't work anyway here
"zope-partition-dict"
:
{
"admin"
:
{
"family"
:
"admin"
,
"thread-amount"
:
4
,
"port-base"
:
2220
,
"instance-count"
:
1
},
"activities-node"
:
{
"family"
:
"activities"
,
"thread-amount"
:
4
,
"instance-count"
:
1
,
"timerserver-interval"
:
1
,
"port-base"
:
2230
},
"distribution-node"
:
{
"family"
:
"distribution"
,
"thread-amount"
:
1
,
"instance-count"
:
1
,
"port-base"
:
2210
,
"timerserver-interval"
:
1
},
"web-node"
:
{
"family"
:
"web"
,
"thread-amount"
:
2
,
"instance-count"
:
1
,
"port-base"
:
2240
},
"service-slapos"
:
{
"family"
:
"service"
,
"thread-amount"
:
2
,
"instance-count"
:
1
,
"port-base"
:
2250
,
"ssl-authentication"
:
True
,
"backend-path"
:
"/%(site-id)s/portal_slap"
}
}
}
# put shared-certificate-authority-path in controlled location
cls
.
ca_path
=
os
.
path
.
join
(
cls
.
slap
.
instance_directory
,
'ca_path'
)
parameter_dict
[
"shared-certificate-authority-path"
]
=
cls
.
ca_path
return
{
'_'
:
json
.
dumps
(
parameter_dict
)}
@
classmethod
def
callSupervisorMethod
(
cls
,
method
,
*
args
,
**
kwargs
):
with
cls
.
slap
.
instance_supervisor_rpc
as
instance_supervisor
:
return
getattr
(
instance_supervisor
,
method
)(
*
args
,
**
kwargs
)
def
test_ssl_auth
(
self
):
backend_apache_configuration_list
=
glob
.
glob
(
os
.
path
.
join
(
self
.
slap
.
instance_directory
,
'*'
,
'etc'
,
'apache'
,
'apache.conf'
))
self
.
assertEqual
(
1
,
len
(
backend_apache_configuration_list
)
)
backend_apache_configuration
=
open
(
backend_apache_configuration_list
[
0
]).
read
()
self
.
assertIn
(
'SSLVerifyClient require'
,
backend_apache_configuration
)
self
.
assertIn
(
r'RequestHeader set Remote-User %{SSL_CLIENT_S_DN_CN}s'
,
backend_apache_configuration
)
# stop haproxy, it's going to be hijacked
haproxy_name
=
':'
.
join
([
(
q
[
'group'
],
q
[
'name'
])
for
q
in
self
.
callSupervisorMethod
(
'getAllProcessInfo'
)
if
'haproxy'
in
q
[
'name'
]][
0
])
self
.
callSupervisorMethod
(
'stopProcess'
,
haproxy_name
)
# do similar certificate request like CertificateAuthorityTool
openssl_config
=
os
.
path
.
join
(
self
.
ca_path
,
'openssl.cnf'
)
key
=
os
.
path
.
join
(
self
.
ca_path
,
'private'
,
'test.key'
)
csr
=
os
.
path
.
join
(
self
.
ca_path
,
'text.csr'
)
cert
=
os
.
path
.
join
(
self
.
ca_path
,
'certs'
,
'test.crt'
)
common_name
=
'TEST-SSL-AUTH'
popenCommunicate
([
'openssl'
,
'req'
,
'-utf8'
,
'-nodes'
,
'-config'
,
openssl_config
,
'-new'
,
'-keyout'
,
key
,
'-out'
,
csr
,
'-days'
,
'3650'
],
'%s
\
n
'
%
(
common_name
,),
stdin
=
subprocess
.
PIPE
)
popenCommunicate
([
'openssl'
,
'ca'
,
'-utf8'
,
'-days'
,
'3650'
,
'-batch'
,
'-config'
,
openssl_config
,
'-out'
,
cert
,
'-infiles'
,
csr
])
# find IP and port on which hijacked process shall listen
portal_slap_line
=
[
q
for
q
in
backend_apache_configuration
.
splitlines
()
if
'portal_slap'
in
q
][
0
]
ip
,
port
=
re
.
search
(
r'.*http:\
/
\/(.*):(\
d*)
\/.*'
,
portal_slap_line
).
groups
()
port
=
int
(
port
)
server
=
BaseHTTPServer
.
HTTPServer
((
ip
,
port
),
TestHandler
)
server_process
=
multiprocessing
.
Process
(
target
=
server
.
serve_forever
,
name
=
'HTTPServer'
)
server_process
.
start
()
try
:
# assert that accessing the service endpoint results with certificate
# authentication and proper information extraction
result_json
=
requests
.
get
(
self
.
getRootPartitionConnectionParameterDict
()[
'family-service'
],
verify
=
False
,
cert
=
(
cert
,
key
)).
json
()
self
.
assertEqual
(
common_name
,
result_json
[
'Incoming Headers'
][
'remote-user'
]
)
self
.
assertEqual
(
'/erp5/portal_slap/'
,
result_json
[
'Path'
]
)
finally
:
server_process
.
join
(
10
)
server_process
.
terminate
()
software/slapos-sr-testing/buildout.hash.cfg
View file @
6e7330a5
...
...
@@ -15,4 +15,4 @@
[template]
filename = instance.cfg
md5sum =
14d2f49d20670e44c2a162bcec9e0a8e
md5sum =
4246cde0a27138e057ba1635cc621edf
software/slapos-sr-testing/instance.cfg
View file @
6e7330a5
...
...
@@ -44,7 +44,7 @@ environment =
SLAPOS_TEST_WORKING_DIR=${slapos-test-runner-environment:SLAPOS_TEST_WORKING_DIR}
[slapos-test-runner-environment]
PATH = {{ buildout['bin-directory'] }}:{{ curl_location }}/bin/:{{ faketime_location }}/bin/:/usr/bin/:/bin
PATH = {{ buildout['bin-directory'] }}:{{ curl_location }}/bin/:{{ faketime_location }}/bin/:
{{ openssl_location }}/bin/:
/usr/bin/:/bin
SLAPOS_TEST_IPV4 = ${slap-configuration:ipv4-random}
SLAPOS_TEST_IPV6 = ${slap-configuration:ipv6-random}
SLAPOS_TEST_WORKING_DIR = ${directory:working-dir}
...
...
software/slapos-sr-testing/software.cfg
View file @
6e7330a5
...
...
@@ -3,6 +3,7 @@
extends =
../../component/bcrypt/buildout.cfg
../../component/curl/buildout.cfg
../../component/openssl/buildout.cfg
../../component/git/buildout.cfg
../../component/faketime/buildout.cfg
../../component/pillow/buildout.cfg
...
...
@@ -240,6 +241,7 @@ context =
key slapos_location slapos-repository:location
key interpreter eggs:interpreter
key curl_location curl:location
key openssl_location openssl-output:bin
key faketime_location faketime:location
key tests :tests
tests =
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment