Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updates pytest pluggy testinfra molecule and the universe #5585

Merged
merged 9 commits into from Oct 28, 2020
Merged

Updates pytest pluggy testinfra molecule and the universe #5585

merged 9 commits into from Oct 28, 2020

Conversation

kushaldas
Copy link
Contributor

@kushaldas kushaldas commented Oct 15, 2020
edited by emkll

Status

Ready for review

Description of Changes

Fixes #5584

Testing

We have to test each and every scenario. Note: we have to update each of the below points with proper test steps.

  • make build-debs
  • make build-debs-focal
  • make fetch-tor-packages
  • molecule test -s libvirt-staging-xenial
  • molecule test -s libvirt-staging-focal
  • molecule converge -s qubes-staging-focal
  • molecule converge -s qubes-staging-xenial
  • make testinfra on prod VMs
  • make upgrade-start
  • make upgrade test-local
  • make upgrade-start-qa
  • make upgrade-test-qa

Deployment

Any special considerations for deployment? Consider both:

  1. Upgrading existing production instances.
  2. New installs.

Checklist

If you made changes to the server application code:

  • Linting (make lint) and tests (make test) pass in the development container

If you made changes to securedrop-admin:

  • Linting and tests (make -C admin test) pass in the admin development container

If you made changes to the system configuration:

If you made non-trivial code changes:

  • I have written a test plan and validated it for this PR

If you made changes to documentation:

  • Doc linting (make docs-lint) passed locally

If you added or updated a code dependency:

Choose one of the following:

  • I have performed a diff review and pasted the contents to the packaging wiki
  • I would like someone else to do the diff review

@eloquence eloquence added this to In Development in SecureDrop Team Board Oct 16, 2020
@kushaldas kushaldas force-pushed the updates_pytest_pluggy_testinfra_molecule_and_the_universe branch from 05531b1 to 8ff1fb1 Compare October 19, 2020 10:15
@kushaldas kushaldas marked this pull request as ready for review October 19, 2020 12:59
@kushaldas kushaldas moved this from In Development to Ready for Review in SecureDrop Team Board Oct 19, 2020
@emkll emkll moved this from Ready for Review to Under Review in SecureDrop Team Board Oct 21, 2020
@kushaldas kushaldas mentioned this pull request Oct 21, 2020
Merged
12 tasks
emkll
emkll suggested changes Oct 21, 2020
View reviewed changes
Copy link
Contributor

@emkll emkll left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @kushaldas , went though the test plan and observe a few failures in some scenarios. Also, I did not test all the cases (Qubes and Virtualbox scenarios)

  • make build-debs
  • make build-debs-focal
  • make fetch-tor-packages
  • molecule test -s libvirt-staging-xenial
  • molecule test -s libvirt-staging-focal
  • molecule converge virtualbox-staging-xenial (did not test)
  • molecule converge -s qubes-staging-focal (did not test)
  • molecule converge -s qubes-staging-xenial (did not test)
  • make testinfra on prod VMs looks like testinfra version needs to be updated in https://github.com/freedomofpress/securedrop/blob/updates_pytest_pluggy_testinfra_molecule_and_the_universe/admin/requirements-testinfra.txt
  • make upgrade-start Molecule syntax error
  • make upgrade test-local can't run because start command above doesn't work
  • make upgrade-start-qaMolecule syntax error
  • make upgrade-test-qa cant run because start command above doesn't work

@zenmonkeykstop
Copy link
Contributor

Confirmed that the following pass:

  • molecule converge -s qubes-staging-focal
  • molecule converge -s qubes-staging-xenial

@emkll emkll moved this from Under Review to In Development in SecureDrop Team Board Oct 22, 2020
@kushaldas
Copy link
Contributor Author

playbook.yml was deprecated, rename it to converge.yml

Wondering if I should update this? @emkll what do you think?

@emkll
Copy link
Contributor

emkll commented Oct 27, 2020

It seems like it just consists of renaming the files, I think it's worth addressing as part of this PR, good catch

@kushaldas
Updates pytest and pluggy to the latest
b0f18f3 
We need the newer version of pluggy and pytest to make sure
that the tests are running on Focal and Xenial in the same way.
@kushaldas
Updates molecule+testinfra+pytest+pytest-xdist+
ed1c145 
Also updates pluggy+molecule-vagrant as dependency
Why? Because the testinfra updates requires molecule update.

Updated the molecule files for the new molecule in the
`libvirt-staging-xenial` scenario.

Also contains all testinfra tests update, as pytest_namespace
is dropped in the pytest.

`molecule test -s libvirt-staging-xenial` now works.
@kushaldas
Updates builder-xenial and builder-focal scenario
6ec4db4 
Updates the pytest tests for the newer version of pytest
and also molecule.yml as required for newer version of molecule.
@kushaldas
Updates molecule yaml files for latest molecule
a4a22e9 
It updates two molecule scenario:
- fetch-tor-packages
- libvirt-staging-focal

In libvirt-staging-focal create.yml also updated for molecule_vagrant
update.
@kushaldas
Updates molecule.yml for the rest of of scenarios
3b925e0
@kushaldas
Adds pytest.ini for the custom marker
d4b514f
@kushaldas
Updates tests for flake8 lint issues
1be7905
@kushaldas
Updates testinfra for production tests
da4d1bd
@kushaldas
Updates to new modulename for vagrant
a11647a
@kushaldas kushaldas force-pushed the updates_pytest_pluggy_testinfra_molecule_and_the_universe branch from 958c778 to a11647a Compare October 27, 2020 14:51
This was referenced Oct 28, 2020
Merged
Merged
Closed
Closed
@emkll
Copy link
Contributor

emkll commented Oct 28, 2020

Hey @kushaldas was just testing the libvirt-focal scenario, is it expected that tests not run?

After running molecule converge -s libvirt-staging-focal and running molecule verify -s libvirt-staging-focal, the verify command returns non-zero with the following output:

--> Executing Testinfra tests found in /home/m/src/securedrop/molecule/libvirt-staging-focal/../testinfra/...
    ============================= test session starts ==============================
    platform linux -- Python 3.7.3, pytest-6.1.1, py-1.9.0, pluggy-0.13.1 -- /home/m/.virtualenvs/securedrop/bin/python3
    rootdir: /home/m/src/securedrop/molecule, configfile: pytest.ini
    plugins: testinfra-5.3.1, forked-1.3.0, xdist-2.1.0
[gw0] linux Python 3.7.3 cwd: /home/m/src/securedrop/molecule/libvirt-staging-focal
[gw1] linux Python 3.7.3 cwd: /home/m/src/securedrop/molecule/libvirt-staging-focal
gw0 C / gw1 C[gw0] node down: Traceback (most recent call last):
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/execnet/gateway_base.py", line 1072, in executetask
        do_exec(co, loc)  # noqa
      File "<string>", line 1, in do_exec
      File "<remote exec>", line 14, in <module>
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/pytest/__init__.py", line 3, in <module>
        from . import collect
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/pytest/collect.py", line 4, in <module>
        from typing import Any
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/typing.py", line 1347, in <module>
        class Callable(extra=collections_abc.Callable, metaclass=CallableMeta):
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/typing.py", line 1003, in __new__
        self._abc_registry = extra._abc_registry
    AttributeError: type object 'Callable' has no attribute '_abc_registry'
    
    
    replacing crashed worker gw0
[gw2] linux Python 3.7.3 cwd: /home/m/src/securedrop/molecule/libvirt-staging-focal
gw2 C / gw1 C[gw1] node down: Traceback (most recent call last):
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/execnet/gateway_base.py", line 1072, in executetask
        do_exec(co, loc)  # noqa
      File "<string>", line 1, in do_exec
      File "<remote exec>", line 14, in <module>
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/pytest/__init__.py", line 3, in <module>
        from . import collect
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/pytest/collect.py", line 4, in <module>
        from typing import Any
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/typing.py", line 1347, in <module>
        class Callable(extra=collections_abc.Callable, metaclass=CallableMeta):
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/typing.py", line 1003, in __new__
        self._abc_registry = extra._abc_registry
    AttributeError: type object 'Callable' has no attribute '_abc_registry'
    
    
    replacing crashed worker gw1
[gw3] linux Python 3.7.3 cwd: /home/m/src/securedrop/molecule/libvirt-staging-focal
gw2 C / gw3 C[gw2] node down: Traceback (most recent call last):
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/execnet/gateway_base.py", line 1072, in executetask
        do_exec(co, loc)  # noqa
      File "<string>", line 1, in do_exec
      File "<remote exec>", line 14, in <module>
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/pytest/__init__.py", line 3, in <module>
        from . import collect
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/pytest/collect.py", line 4, in <module>
        from typing import Any
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/typing.py", line 1347, in <module>
        class Callable(extra=collections_abc.Callable, metaclass=CallableMeta):
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/typing.py", line 1003, in __new__
        self._abc_registry = extra._abc_registry
    AttributeError: type object 'Callable' has no attribute '_abc_registry'
    
    
    replacing crashed worker gw2
[gw4] linux Python 3.7.3 cwd: /home/m/src/securedrop/molecule/libvirt-staging-focal
gw4 C / gw3 C[gw3] node down: Traceback (most recent call last):
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/execnet/gateway_base.py", line 1072, in executetask
        do_exec(co, loc)  # noqa
      File "<string>", line 1, in do_exec
      File "<remote exec>", line 14, in <module>
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/pytest/__init__.py", line 3, in <module>
        from . import collect
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/pytest/collect.py", line 4, in <module>
        from typing import Any
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/typing.py", line 1347, in <module>
        class Callable(extra=collections_abc.Callable, metaclass=CallableMeta):
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/typing.py", line 1003, in __new__
        self._abc_registry = extra._abc_registry
    AttributeError: type object 'Callable' has no attribute '_abc_registry'
    
    
    replacing crashed worker gw3
[gw5] linux Python 3.7.3 cwd: /home/m/src/securedrop/molecule/libvirt-staging-focal
gw4 C / gw5 C[gw4] node down: Traceback (most recent call last):
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/execnet/gateway_base.py", line 1072, in executetask
        do_exec(co, loc)  # noqa
      File "<string>", line 1, in do_exec
      File "<remote exec>", line 14, in <module>
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/pytest/__init__.py", line 3, in <module>
        from . import collect
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/pytest/collect.py", line 4, in <module>
        from typing import Any
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/typing.py", line 1347, in <module>
        class Callable(extra=collections_abc.Callable, metaclass=CallableMeta):
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/typing.py", line 1003, in __new__
        self._abc_registry = extra._abc_registry
    AttributeError: type object 'Callable' has no attribute '_abc_registry'
    
    
    replacing crashed worker gw4
[gw6] linux Python 3.7.3 cwd: /home/m/src/securedrop/molecule/libvirt-staging-focal
gw6 C / gw5 C[gw5] node down: Traceback (most recent call last):
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/execnet/gateway_base.py", line 1072, in executetask
        do_exec(co, loc)  # noqa
      File "<string>", line 1, in do_exec
      File "<remote exec>", line 14, in <module>
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/pytest/__init__.py", line 3, in <module>
        from . import collect
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/pytest/collect.py", line 4, in <module>
        from typing import Any
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/typing.py", line 1347, in <module>
        class Callable(extra=collections_abc.Callable, metaclass=CallableMeta):
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/typing.py", line 1003, in __new__
        self._abc_registry = extra._abc_registry
    AttributeError: type object 'Callable' has no attribute '_abc_registry'
    
    
    replacing crashed worker gw5
[gw7] linux Python 3.7.3 cwd: /home/m/src/securedrop/molecule/libvirt-staging-focal
gw6 C / gw7 C[gw6] node down: Traceback (most recent call last):
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/execnet/gateway_base.py", line 1072, in executetask
        do_exec(co, loc)  # noqa
      File "<string>", line 1, in do_exec
      File "<remote exec>", line 14, in <module>
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/pytest/__init__.py", line 3, in <module>
        from . import collect
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/pytest/collect.py", line 4, in <module>
        from typing import Any
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/typing.py", line 1347, in <module>
        class Callable(extra=collections_abc.Callable, metaclass=CallableMeta):
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/typing.py", line 1003, in __new__
        self._abc_registry = extra._abc_registry
    AttributeError: type object 'Callable' has no attribute '_abc_registry'
    
    
    replacing crashed worker gw6
[gw8] linux Python 3.7.3 cwd: /home/m/src/securedrop/molecule/libvirt-staging-focal
gw8 C / gw7 C[gw7] node down: Traceback (most recent call last):
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/execnet/gateway_base.py", line 1072, in executetask
        do_exec(co, loc)  # noqa
      File "<string>", line 1, in do_exec
      File "<remote exec>", line 14, in <module>
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/pytest/__init__.py", line 3, in <module>
        from . import collect
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/pytest/collect.py", line 4, in <module>
        from typing import Any
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/typing.py", line 1347, in <module>
        class Callable(extra=collections_abc.Callable, metaclass=CallableMeta):
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/typing.py", line 1003, in __new__
        self._abc_registry = extra._abc_registry
    AttributeError: type object 'Callable' has no attribute '_abc_registry'
    
    
    replacing crashed worker gw7
[gw9] linux Python 3.7.3 cwd: /home/m/src/securedrop/molecule/libvirt-staging-focal
gw8 C / gw9 C[gw8] node down: Traceback (most recent call last):
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/execnet/gateway_base.py", line 1072, in executetask
        do_exec(co, loc)  # noqa
      File "<string>", line 1, in do_exec
      File "<remote exec>", line 14, in <module>
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/pytest/__init__.py", line 3, in <module>
        from . import collect
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/pytest/collect.py", line 4, in <module>
        from typing import Any
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/typing.py", line 1347, in <module>
        class Callable(extra=collections_abc.Callable, metaclass=CallableMeta):
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/typing.py", line 1003, in __new__
        self._abc_registry = extra._abc_registry
    AttributeError: type object 'Callable' has no attribute '_abc_registry'
    
    
    maximum crashed workers reached: 8
    [gw9] node down: Traceback (most recent call last):
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/execnet/gateway_base.py", line 1072, in executetask
        do_exec(co, loc)  # noqa
      File "<string>", line 1, in do_exec
      File "<remote exec>", line 14, in <module>
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/pytest/__init__.py", line 3, in <module>
        from . import collect
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/pytest/collect.py", line 4, in <module>
        from typing import Any
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/typing.py", line 1347, in <module>
        class Callable(extra=collections_abc.Callable, metaclass=CallableMeta):
      File "/home/m/.virtualenvs/securedrop/lib/python3.7/site-packages/typing.py", line 1003, in __new__
        self._abc_registry = extra._abc_registry
    AttributeError: type object 'Callable' has no attribute '_abc_registry'
    
    
    maximum crashed workers reached: 8
    
    ================== xdist: maximum crashed workers reached: 8 ===================
    ---- generated xml file: /home/m/src/securedrop/junit/testinfra-results.xml ----
    ============================ no tests ran in 0.73s =============================
An error occurred during the test sequence action: 'verify'. Cleaning up.

@kushaldas
Copy link
Contributor Author

@emkll can you please paste the output of python3 -m pip list from the virtualenv on the host machine?

@emkll
Copy link
Contributor

emkll commented Oct 28, 2020 

Package             Version    
------------------- -----------
alembic             0.9.9      
ansible             2.9.7      
ansible-lint        4.2.0      
apipkg              1.4        
argon2-cffi         20.1.0     
arrow               0.10.0     
asn1crypto          0.22.0     
aspy.yaml           1.3.0      
astroid             2.4.0      
attrs               20.2.0     
Babel               2.5.1      
bandit              1.4.0      
bcrypt              3.1.3      
binaryornot         0.4.4      
boto                2.48.0     
boto3               1.5.24     
botocore            1.8.38     
Cerberus            1.3.1      
certifi             2017.7.27.1
cffi                1.14.2     
cfgv                2.0.1      
chardet             3.0.4      
click               7.1.2      
click-completion    0.5.2      
click-help-colors   0.8        
colorama            0.3.9      
cookiecutter        1.6.0      
cryptography        2.7        
distro              1.5.0      
dnspython           1.15.0     
docker-py           1.10.6     
docker-pycreds      0.2.1      
docopt              0.6.2      
docutils            0.14       
dparse              0.4.1      
entrypoints         0.3        
execnet             1.4.1      
fasteners           0.14.1     
flake8              3.7.7      
Flask               1.0.2      
Flask-Assets        0.12       
Flask-Babel         0.11.2     
Flask-SQLAlchemy    2.4.0      
Flask-WTF           0.14.2     
future              0.16.0     
git-url-parse       1.0.2      
gitdb2              2.0.3      
GitPython           2.1.8      
html-linter         0.4.0      
identify            1.4.7      
idna                2.5        
importlib-metadata  0.23       
importlib-resources 1.5.0      
iniconfig           1.0.1      
isort               4.2.15     
itsdangerous        0.24       
Jinja2              2.10.1     
jinja2-time         0.2.0      
jmespath            0.9.3      
jsmin               2.2.2      
lazy-object-proxy   1.4.3      
Mako                1.0.7      
MarkupSafe          1.1.1      
mccabe              0.6.1      
mod-wsgi            4.6.7      
molecule            3.0.2.1    
molecule-vagrant    0.3        
monotonic           1.4        
more-itertools      7.2.0      
mypy                0.761      
mypy-extensions     0.4.3      
netaddr             0.7.19     
nodeenv             1.3.3      
packaging           16.8       
paramiko            2.6.0      
passlib             1.7.1      
pathspec            0.5.5      
pbr                 5.1.1      
pexpect             4.6.0      
pip                 19.3.1     
pip-tools           4.5.1      
pkg-resources       0.0.0      
pluggy              0.13.1     
poyo                0.4.1      
pre-commit          1.18.3     
pretty-bad-protocol 3.1.1      
prompt-toolkit      2.0.9      
psutil              5.7.0      
ptyprocess          0.5.2      
py                  1.9.0      
pycodestyle         2.5.0      
pycparser           2.18       
pyenchant           2.0.0      
pyflakes            2.1.1      
pylint              2.5.0      
PyNaCl              1.1.2      
pyotp               2.2.6      
pyparsing           2.2.0      
pytest              6.1.1      
pytest-forked       1.3.0      
pytest-xdist        2.1.0      
python-dateutil     2.6.1      
python-editor       1.0.3      
python-gilt         1.2.1      
python-vagrant      0.5.15     
pytz                2017.3     
PyYAML              5.3.1      
qrcode              5.3        
redis               3.3.6      
requests            2.22.0     
rq                  1.1.0      
ruamel.yaml         0.16.10    
ruamel.yaml.clib    0.2.0      
s3transfer          0.1.12     
safety              1.8.7      
scrypt              0.8.0      
selinux             0.2.1      
setuptools          46.0.0     
sh                  1.12.14    
shellingham         1.3.2      
six                 1.15.0     
smmap2              2.0.3      
SQLAlchemy          1.3.3      
stevedore           1.28.0     
tabulate            0.8.7      
template-remover    0.1.9      
testinfra           5.3.1      
toml                0.10.0     
tree-format         0.1.2      
typed-ast           1.4.1      
typing              3.6.4      
typing-extensions   3.7.4.1    
urllib3             1.25.10    
virtualenv          16.7.5     
wcwidth             0.1.7      
webassets           0.12.1     
websocket-client    0.44.0     
Werkzeug            0.16.0     
wheel               0.35.1     
whichcraft          0.4.1      
wrapt               1.11.2     
WTForms             2.1        
yamllint            1.17.0     
zipp                0.6.0

@kushaldas
Copy link
Contributor Author

typing 3.6.4

This is the problem, as the host is already Python3.7 on Buster. @emkll can you please create a fresh virtualenv and install develop-requirements.txt from this branch and try?

@rmol
Copy link
Contributor

rmol commented Oct 28, 2020
edited

I ran through all the test scenarios. All but libvirt-staging-focal eventually completed without errors, but qubes-staging-xenial fails pretty consistently the first time through, because of an apt lock error on the mon server.

  • make build-debs

  • make build-debs-focal

  • make fetch-tor-packages

  • molecule test -s libvirt-staging-xenial

  • molecule test -s libvirt-staging-focal

    🤕 Repeatable errors:

    Provisioning errors: ossec packages can't be installed because of dependency problems, but this is ignored. 
        failed: [mon-staging] (item=[2, 'securedrop-ossec-server-3.6.0+1.7.0~rc1-amd64.deb']) => {"ansible_loop_var": "item", "changed": false, "item": [2, "securedrop-ossec-server-3.6.0+1.7.0~rc1-amd64.deb"], "msg": "Dependency is not satisfiable: ossec-server\n"}
    failed: [app-staging] (item=[2, 'securedrop-ossec-agent-3.6.0+1.7.0~rc1-amd64.deb']) => {"ansible_loop_var": "item", "changed": false, "item": [2, "securedrop-ossec-agent-3.6.0+1.7.0~rc1-amd64.deb"], "msg": "Dependency is not satisfiable: ossec-agent\n"}
    Five test errors 
        __________ test_listening_ports[ansible://mon-staging-ossec_service1] __________
    [gw2] linux -- Python 3.7.3 /home/user/src/fpf/securedrop/.venv/bin/python3
  
    host = <testinfra.host.Host ansible://mon-staging>
    ossec_service = {'host': '0.0.0.0', 'listening': True, 'port': 1514, 'proto': 'udp'}
  
      @pytest.mark.skip_in_prod
      @pytest.mark.parametrize('ossec_service', [
          dict(host="0.0.0.0", proto="tcp", port=22, listening=True),
          dict(host="0.0.0.0", proto="udp", port=1514, listening=True),
          dict(host="0.0.0.0", proto="tcp", port=1515, listening=False),
      ])
      def test_listening_ports(host, ossec_service):
          """
          Ensure the OSSEC-related services are listening on the
          expected sockets. Services to check include ossec-remoted
          and ossec-authd. Helper services such as postfix are checked
          separately.
  
          Note that the SSH check will fail if run against a prod host, due
          to the SSH-over-Tor strategy. We can port the parametrized values
          to config test YAML vars at that point.
          """
          socket = "{proto}://{host}:{port}".format(**ossec_service)
          with host.sudo():
              # Really hacky work-around for bug found in testinfra 1.12.0
              # https://github.com/philpep/testinfra/issues/311
              if "udp" in socket:
                  lsof_socket = "{proto}@{host}:{port}".format(**ossec_service)
                  udp_check = host.run("lsof -n -i"+lsof_socket)
  
                  if ossec_service['listening']:
  >                   assert udp_check.rc == 0
  E                   assert 1 == 0
  E                     +1
  E                     -0
  
  ../testinfra/mon/test_mon_network.py:76: AssertionError
  _________ test_apparmor_enforced[ansible://app-staging-/sbin/dhclient] _________
  [gw2] linux -- Python 3.7.3 /home/user/src/fpf/securedrop/.venv/bin/python3
  
  host = <testinfra.host.Host ansible://app-staging>
  aa_enforced = '/sbin/dhclient'
  
      @pytest.mark.parametrize('aa_enforced', sdvars.apparmor_enforce)
      def test_apparmor_enforced(host, aa_enforced):
          awk = ("awk '/[0-9]+ profiles.*enforce./"
                 "{flag=1;next}/^[0-9]+.*/{flag=0}flag'")
          with host.sudo():
              c = host.check_output("aa-status | {}".format(awk))
  >           assert aa_enforced in c
  E           AssertionError: assert '/sbin/dhclient' in '   /usr/bin/man\n   /usr/lib/NetworkManager/nm-dhcp-client.action\n   /usr/lib/NetworkManager/nm-dhcp-helper\n   /usr...bin/dhclient\n   lsb_release\n   man_filter\n   man_groff\n   nvidia_modprobe\n   nvidia_modprobe//kmod\n   system_tor'
  
  ../testinfra/app/test_apparmor.py:102: AssertionError
  ________________ test_gpg_key_in_keyring[ansible://app-staging] ________________
  [gw3] linux -- Python 3.7.3 /home/user/src/fpf/securedrop/.venv/bin/python3
  
  host = <testinfra.host.Host ansible://app-staging>
  
      @pytest.mark.skip_in_prod
      def test_gpg_key_in_keyring(host):
          """ ensure test gpg key is present in app keyring """
          with host.sudo(sdvars.securedrop_user):
              c = host.run("gpg --homedir /var/lib/securedrop/keys "
                           "--list-keys 28271441")
  >           assert "pub   4096R/28271441 2013-10-12" in c.stdout
  E           assert 'pub   4096R/28271441 2013-10-12' in 'pub   rsa4096 2013-10-12 [SC]\n      65A1B5FF195B56353CC63DFFCC40EF1228271441\nuid           [ unknown] SecureDrop Test/Development (DO NOT USE IN PRODUCTION)\nsub   rsa4096 2013-10-12 [E]\n\n'
  E            +  where 'pub   rsa4096 2013-10-12 [SC]\n      65A1B5FF195B56353CC63DFFCC40EF1228271441\nuid           [ unknown] SecureDrop Test/Development (DO NOT USE IN PRODUCTION)\nsub   rsa4096 2013-10-12 [E]\n\n' = CommandResult(command=b"sudo -u www-data /bin/sh -c 'gpg --homedir /var/lib/securedrop/keys --list-keys 28271441'", ex...96 2013-10-12 [E]\n\n', stderr=b"Warning: Permanently added '192.168.121.149' (ECDSA) to the list of known hosts.\r\n").stdout
  
  ../testinfra/app/test_appenv.py:75: AssertionError
  _____________ test_fpf_apt_repo_fingerprint[ansible://app-staging] _____________
  [gw0] linux -- Python 3.7.3 /home/user/src/fpf/securedrop/.venv/bin/python3
  
  host = <testinfra.host.Host ansible://app-staging>
  
      def test_fpf_apt_repo_fingerprint(host):
          """
          Ensure the FPF apt repo has the correct fingerprint on the associated
          signing pubkey. The key changed in October 2016, so test for the
          newest fingerprint, which is installed on systems via the
          `securedrop-keyring` package.
          """
  
          c = host.run('apt-key finger')
  
          fpf_gpg_pub_key_info = """/etc/apt/trusted.gpg.d/securedrop-keyring.gpg
      ---------------------------------------------
      pub   4096R/00F4AD77 2016-10-20 [expires: 2021-06-30]
            Key fingerprint = 2224 5C81 E3BA EB41 38B3  6061 310F 5612 00F4 AD77
      uid                  SecureDrop Release Signing Key"""
  
          assert c.rc == 0
  >       assert fpf_gpg_pub_key_info in c.stdout
  E       assert '/etc/apt/trusted.gpg.d/securedrop-keyring.gpg\n---------------------------------------------\npub   4096R/00F4AD77 20... fingerprint = 2224 5C81 E3BA EB41 38B3  6061 310F 5612 00F4 AD77\nuid                  SecureDrop Release Signing Key' in '/etc/apt/trusted.gpg.d/securedrop-keyring.gpg\n---------------------------------------------\npub   rsa4096 2016-10-2...2 8719 20D1 991B C93C\nuid           [ unknown] Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>\n\n'
  E        +  where '/etc/apt/trusted.gpg.d/securedrop-keyring.gpg\n---------------------------------------------\npub   rsa4096 2016-10-2...2 8719 20D1 991B C93C\nuid           [ unknown] Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>\n\n' = CommandResult(command=b'apt-key finger', exit_status=0, stdout=b'/etc/apt/trusted.gpg.d/securedrop-keyring.gpg\n------...149' (ECDSA) to the list of known hosts.\r\nWarning: apt-key output should not be parsed (stdout is not a terminal)\n").stdout
  
  ../testinfra/common/test_fpf_apt_repo.py:55: AssertionError
  _____________ test_fpf_apt_repo_fingerprint[ansible://mon-staging] _____________
  [gw1] linux -- Python 3.7.3 /home/user/src/fpf/securedrop/.venv/bin/python3
  
  host = <testinfra.host.Host ansible://mon-staging>
  
      def test_fpf_apt_repo_fingerprint(host):
          """
          Ensure the FPF apt repo has the correct fingerprint on the associated
          signing pubkey. The key changed in October 2016, so test for the
          newest fingerprint, which is installed on systems via the
          `securedrop-keyring` package.
          """
  
          c = host.run('apt-key finger')
  
          fpf_gpg_pub_key_info = """/etc/apt/trusted.gpg.d/securedrop-keyring.gpg
      ---------------------------------------------
      pub   4096R/00F4AD77 2016-10-20 [expires: 2021-06-30]
            Key fingerprint = 2224 5C81 E3BA EB41 38B3  6061 310F 5612 00F4 AD77
      uid                  SecureDrop Release Signing Key"""
  
          assert c.rc == 0
  >       assert fpf_gpg_pub_key_info in c.stdout
  E       assert '/etc/apt/trusted.gpg.d/securedrop-keyring.gpg\n---------------------------------------------\npub   4096R/00F4AD77 20... fingerprint = 2224 5C81 E3BA EB41 38B3  6061 310F 5612 00F4 AD77\nuid                  SecureDrop Release Signing Key' in '/etc/apt/trusted.gpg.d/securedrop-keyring.gpg\n---------------------------------------------\npub   rsa4096 2016-10-2...2 8719 20D1 991B C93C\nuid           [ unknown] Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>\n\n'
  E        +  where '/etc/apt/trusted.gpg.d/securedrop-keyring.gpg\n---------------------------------------------\npub   rsa4096 2016-10-2...2 8719 20D1 991B C93C\nuid           [ unknown] Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>\n\n' = CommandResult(command=b'apt-key finger', exit_status=0, stdout=b'/etc/apt/trusted.gpg.d/securedrop-keyring.gpg\n------...140' (ECDSA) to the list of known hosts.\r\nWarning: apt-key output should not be parsed (stdout is not a terminal)\n").stdout
  
  ../testinfra/common/test_fpf_apt_repo.py:55: AssertionError
  =============================== warnings summary ===============================
  ../../.venv/lib/python3.7/site-packages/jinja2/utils.py:485
  ../../.venv/lib/python3.7/site-packages/jinja2/utils.py:485
  ../../.venv/lib/python3.7/site-packages/jinja2/utils.py:485
  ../../.venv/lib/python3.7/site-packages/jinja2/utils.py:485
    /home/user/src/fpf/securedrop/.venv/lib/python3.7/site-packages/jinja2/utils.py:485: DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated, and in 3.8 it will stop working
      from collections import MutableMapping
  
  ../../.venv/lib/python3.7/site-packages/jinja2/runtime.py:318
  ../../.venv/lib/python3.7/site-packages/jinja2/runtime.py:318
  ../../.venv/lib/python3.7/site-packages/jinja2/runtime.py:318
  ../../.venv/lib/python3.7/site-packages/jinja2/runtime.py:318
    /home/user/src/fpf/securedrop/.venv/lib/python3.7/site-packages/jinja2/runtime.py:318: DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated, and in 3.8 it will stop working
      from collections import Mapping
  
  -- Docs: https://docs.pytest.org/en/stable/warnings.html
  - generated xml file: /home/user/src/fpf/securedrop/junit/testinfra-results.xml -
  =========================== short test summary info ============================
  FAILED ../testinfra/mon/test_mon_network.py::test_listening_ports[ansible:/mon-staging-ossec_service1]
  FAILED ../testinfra/app/test_apparmor.py::test_apparmor_enforced[ansible:/app-staging-/sbin/dhclient]
  FAILED ../testinfra/app/test_appenv.py::test_gpg_key_in_keyring[ansible:/app-staging]
  FAILED ../testinfra/common/test_fpf_apt_repo.py::test_fpf_apt_repo_fingerprint[ansible:/app-staging]
  FAILED ../testinfra/common/test_fpf_apt_repo.py::test_fpf_apt_repo_fingerprint[ansible:/mon-staging]
  = 5 failed, 455 passed, 13 skipped, 9 xfailed, 1 xpassed, 8 warnings in 60.20s (0:01:00) =
An error occurred during the test sequence action: 'verify'. Cleaning up.
--> Scenario: 'libvirt-staging-focal'
--> Action: 'cleanup'
Skipping, cleanup playbook not configured.
--> Scenario: 'libvirt-staging-focal'
--> Action: 'destroy'
  
  PLAY [Destroy] *****************************************************************
  
  TASK [Gathering Facts] *********************************************************
  ok: [localhost]
  
  TASK [Destroy molecule instance(s)] ********************************************
  changed: [localhost] => (item={'box': 'bento/ubuntu-20.04', 'groups': ['securedrop_application_server', 'securedrop', 'staging'], 'instance_raw_config_args': ["vm.synced_folder './', '/vagrant', disabled: true", "vm.network 'private_network', ip: '10.0.1.2'", 'ssh.insert_key = false'], 'memory': 1024, 'name': 'app-staging', 'private_ip': '10.0.1.2', 'raw_config_args': ["cpu_mode = 'host-passthrough'", "video_type = 'virtio'"]})
  changed: [localhost] => (item={'box': 'bento/ubuntu-20.04', 'groups': ['securedrop_monitor_server', 'securedrop', 'staging'], 'instance_raw_config_args': ["vm.synced_folder './', '/vagrant', disabled: true", "vm.network 'private_network', ip: '10.0.1.3'", 'ssh.insert_key = false'], 'memory': 1024, 'name': 'mon-staging', 'private_ip': '10.0.1.3', 'raw_config_args': ["cpu_mode = 'host-passthrough'", "video_type = 'virtio'"]})
  
  TASK [Populate instance config] ************************************************
  ok: [localhost]
  
  TASK [Dump instance config] ****************************************************
  changed: [localhost]
  
  PLAY RECAP *********************************************************************
  localhost                  : ok=4    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

  • molecule converge virtualbox-staging-xenial

    ⚠️ This one failed a couple of times with:

    TASK [ossec : Register OSSEC agent.] *******************************************
    fatal: [app-staging]: FAILED! => {"changed": true, "cmd": ["/var/ossec/bin/agent-auth", "-m", "10.0.1.3", "-p", "1515", "-A", "app-staging", "-P", "/var/ossec/etc/authd.pass"], "delta": "0:02:10.459368", "end": "2020-10-27 21:56:16.837336", "failed_when_result": true, "msg": "non-zero return code", "rc": 1, "start": "2020-10-27 21:54:06.377968", "stderr": "2020/10/27 21:54:06 ossec-authd: INFO: Started (pid: 15688).\n2020/10/27 21:56:16 ossec-authd: Unable to connect to 10.0.1.3:1515", "stderr_lines": ["2020/10/27 21:54:06 ossec-authd: INFO: Started (pid: 15688).", "2020/10/27 21:56:16 ossec-authd: Unable to connect to 10.0.1.3:1515"], "stdout": "INFO: Using specified password.", "stdout_lines": ["INFO: Using specified password."]}

    But I did eventually get a clean run, from scratch.

  • molecule converge -s qubes-staging-focal

  • molecule converge -s qubes-staging-xenial

    ⚠️ The mon server consistently fails with "E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable)", "E: Unable to lock directory /var/lib/apt/lists/" the first time this is run, but the second invocation works.

@emkll
Copy link
Contributor

emkll commented Oct 28, 2020
edited

This is the problem, as the host is already Python3.7 on Buster. @emkll can you please create a fresh virtualenv and install develop-requirements.txt from this branch and try?

That worked, thanks! My mistake was installing the updated requirements in an existing virtualenv. Developers will need to recreate a new virtualenv or manually remove typing from the virtualenv. Tests are now successfully failing for the focal scenario.

@kushaldas kushaldas moved this from In Development to Ready for Review in SecureDrop Team Board Oct 28, 2020
@rmol
Copy link
Contributor

rmol commented Oct 28, 2020

I retried the failures on develop:

  • molecule test -s libvirt-staging-focal had exactly the same failures.
  • molecule converge virtualbox-staging-xenial worked perfectly two times in a row. I can't see any difference in our code that would explain this.
  • molecule converge -s qubes-staging-xenial worked perfectly once, then the second run had the same apt lock error.

I'm inclined to merge this and address the failures separately, since two out of three are happening on develop and the other, if it isn't in fact a flake, only affects a staging environment that's on the way out (Virtualbox and Xenial).

emkll
emkll approved these changes Oct 28, 2020
View reviewed changes
Copy link
Contributor

@emkll emkll left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Based on @rmol and @zenmonkeykstop 's review, I second @rmol 's comment, good to merge as-is, to unblock work on Focal. Let's identify any problems that may arise from these major version bumps, and open follow-up issues as needed

All changes here are to test requirements and therefore should not need a diff review.

@emkll emkll merged commit 6117fcc into develop Oct 28, 2020
SecureDrop Team Board automation moved this from Ready for Review to Done Oct 28, 2020
@emkll emkll deleted the updates_pytest_pluggy_testinfra_molecule_and_the_universe branch October 28, 2020 22:10
This was referenced Nov 24, 2020
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@emkll emkll emkll approved these changes

@conorsch conorsch Awaiting requested review from conorsch

@redshiftzero redshiftzero Awaiting requested review from redshiftzero

Assignees
No one assigned
Labels
None yet
Projects
No open projects
SecureDrop Team Board
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update pytest-*, molecule, testinfra dependencies
4 participants
@kushaldas @zenmonkeykstop @emkll @rmol