diff --git a/.cirrus.yml b/.cirrus.yml index d83fe933b..5517c1efb 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -301,7 +301,7 @@ report_stagetwo_task: dnf -y install python3-pexpect fi main_script: &stagetwo_test | - PYTHONPATH=tests/ avocado run -p TESTLOCAL=true --max-parallel-tasks=1 -t stagetwo tests/{cleaner,collect,report,vendor}_tests + PYTHONPATH=tests/:. avocado run -p TESTLOCAL=true --max-parallel-tasks=1 -t stagetwo tests/{cleaner,collect,report,vendor}_tests on_failure: fail_script: *faillogs log_artifacts: *logs diff --git a/sos/report/plugins/openstack_keystone.py b/sos/report/plugins/openstack_keystone.py index 220a0372f..eb8650ee6 100644 --- a/sos/report/plugins/openstack_keystone.py +++ b/sos/report/plugins/openstack_keystone.py @@ -34,6 +34,7 @@ def setup(self): "/etc/keystone/keystone.conf", "/etc/keystone/logging.conf", "/etc/keystone/policy.json", + "/etc/keystone/keystone.policy.yaml", self.var_puppet_gen + "/etc/keystone/*.conf", self.var_puppet_gen + "/etc/keystone/*.json", self.var_puppet_gen + "/etc/httpd/conf/", diff --git a/tests/report_tests/plugin_tests/openstack/cinder.conf b/tests/report_tests/plugin_tests/openstack/cinder.conf new file mode 100644 index 000000000..afe581588 --- /dev/null +++ b/tests/report_tests/plugin_tests/openstack/cinder.conf @@ -0,0 +1,114 @@ +[DEFAULT] +rootwrap_config = /etc/cinder/rootwrap.conf +api_paste_confg = /etc/cinder/api-paste.ini +iscsi_helper = tgtadm +verbose = True +debug = True +use_syslog = False +auth_strategy = keystone +state_path = /var/lib/cinder +osapi_volume_workers = 2 + + +transport_url = rabbit://cinder:cmB4zBYq3VWFMNqNKFLcqS5Zq8ystLLsTd5BFLbCtX67qShnhgHFxxRFjkhbY54x@10.5.0.95:5672/openstack + + + + +osapi_volume_listen = 0.0.0.0 +osapi_volume_listen_port = 8756 +glance_api_servers = https://10.5.0.29:9292 +glance_api_version = 2 +os_region_name = RegionOne +volume_usage_audit_period = month + +cinder_internal_tenant_project_id = services +cinder_internal_tenant_user_id = cinderv2_cinderv3 + + +enabled_backends = LVM + + +[backend_defaults] + + + + + + +[keystone_authtoken] +auth_type = password +auth_uri = https://10.5.2.40:5000/v3 +auth_url = https://10.5.2.40:35357/v3 +project_domain_name = service_domain +user_domain_name = service_domain +service_type = volumev2 +project_name = services +username = cinderv2_cinderv3 +password = wPhFqY69x94YVJc7STrVH3CfsFrrcZPYw8NS2pjhzqyzw7wrL2VnTmN58c5XTnfV +signing_dir = /var/cache/cinder + +memcached_servers = inet6:[::1]:11211 +service_token_roles = Admin +service_token_roles_required = True + + + +[service_user] +send_service_user_token = true +auth_type = password +auth_url = https://10.5.2.40:35357 +project_domain_name = service_domain +user_domain_name = service_domain +project_name = services +username = cinderv2_cinderv3 +password = wPhFqY69x94YVJc7STrVH3CfsFrrcZPYw8NS2pjhzqyzw7wrL2VnTmN58c5XTnfV + +[database] +connection = mysql+pymysql://cinder:Ck3r7zf6B6PscfjWhhj2zJdy8SNXYd59@127.0.0.1/cinder + + +[oslo_messaging_rabbit] + + +[oslo_messaging_notifications] +driver = messagingv2 +transport_url = rabbit://cinder:cmB4zBYq3VWFMNqNKFLcqS5Zq8ystLLsTd5BFLbCtX67qShnhgHFxxRFjkhbY54x@10.5.0.95:5672/openstack + + + +[oslo_concurrency] +lock_path = /var/lock/cinder + +[keymgr] +# XXX: hack to work around http://pad.lv/1516085 +# will be superseded by SRU to cinder package +encryption_auth_url = https://10.5.2.40:5000/v3 + +[oslo_middleware] + +# Bug #1758675 +enable_proxy_headers_parsing = true + + +[nova] +# Authentication type to load (string value) +auth_type = password + +# Authentication URL (string value) +auth_url = https://10.5.2.40:35357 + +# Username (string value) +username = cinderv2_cinderv3 + +# User's password (string value) +password = wPhFqY69x94YVJc7STrVH3CfsFrrcZPYw8NS2pjhzqyzw7wrL2VnTmN58c5XTnfV + +# Project name to scope to (string value) +project_name = services + + +project_domain_name = service_domain +user_domain_name = service_domain +region_name = RegionOne + diff --git a/tests/report_tests/plugin_tests/openstack/glance-api.conf b/tests/report_tests/plugin_tests/openstack/glance-api.conf new file mode 100644 index 000000000..56255ccb0 --- /dev/null +++ b/tests/report_tests/plugin_tests/openstack/glance-api.conf @@ -0,0 +1,86 @@ +[DEFAULT] +verbose = True +use_syslog = False +debug = True +workers = 2 +bind_host = 0.0.0.0 + +bind_port = 9272 + +transport_url = rabbit://glance:4LzVZZLsPTrKw7c49ZdxqmJ8mkcWkSSnPJzgYyZWPMkrVzyB62CyCzzKVRnBS4Mz@10.5.0.95:5672/openstack + + +log_file = /var/log/glance/api.log +backlog = 4096 + +delayed_delete = False +scrub_time = 43200 +scrubber_datadir = /var/lib/glance/scrubber +image_cache_dir = /var/lib/glance/image-cache/ +db_enforce_mysql_charset = False + +image_size_cap = 1099511627776 + +enabled_backends = local:file + + +[glance_store] + +default_backend = local + + +filesystem_store_datadir = /var/lib/glance/images/ + +stores = glance.store.filesystem.Store,glance.store.http.Store +default_store = file +[image_format] +disk_formats = ami,ari,aki,vhd,vmdk,raw,qcow2,vdi,iso,root-tar +[keystone_authtoken] +auth_type = password +www_authenticate_uri = https://10.5.2.40:5000/v3 +auth_url = https://10.5.2.40:35357/v3 +project_domain_name = service_domain +user_domain_name = service_domain +project_name = services +username = glance +password = cbVtRMqPznc4M7XKVG73yPn5fBX4NXYSC4bMb7PGYTL5RkWXnc8ZsZ9hrJy2hynf +signing_dir = /var/cache/glance +service_type = image + +memcached_servers = inet6:[::1]:11211 + + +[paste_deploy] +flavor = keystone + + +[barbican] +auth_endpoint = https://10.5.2.40:5000/v3 + +[database] +connection = mysql+pymysql://glance:rM5hSHsw8JSV2mJVkcszMBxtVsHbG4MW@127.0.0.1/glance +connection_recycle_time = 3600 + + +[oslo_messaging_rabbit] + + +[oslo_messaging_notifications] +driver = messagingv2 +transport_url = rabbit://glance:4LzVZZLsPTrKw7c49ZdxqmJ8mkcWkSSnPJzgYyZWPMkrVzyB62CyCzzKVRnBS4Mz@10.5.0.95:5672/openstack + + + + +[oslo_middleware] + +# Bug #1758675 +enable_proxy_headers_parsing = true + + + + + +[local] +filesystem_store_datadir = /var/lib/glance/images/ +store_description = Local filesystem store diff --git a/tests/report_tests/plugin_tests/openstack/keystone.conf b/tests/report_tests/plugin_tests/openstack/keystone.conf new file mode 100644 index 000000000..13bfd0063 --- /dev/null +++ b/tests/report_tests/plugin_tests/openstack/keystone.conf @@ -0,0 +1,79 @@ +[DEFAULT] +use_syslog = False +log_config_append = /etc/keystone/logging.conf +debug = True +public_endpoint = https://10.5.2.40:5000 +admin_endpoint = https://10.5.2.40:35357 + +[database] +connection = mysql+pymysql://keystone:2zx9jZZtxdn4grG3xcMV4PwgGwY7X7fP@127.0.0.1/keystone +connection_recycle_time = 200 + +[identity] +driver = sql +default_domain_id = default +domain_specific_drivers_enabled = True +domain_config_dir = /etc/keystone/domains +[credential] +driver = sql +auth_ttl = 15 + +[trust] +driver = sql + +[catalog] +cache_time = 60 +driver = sql + +[endpoint_filter] + +[token] +expiration = 3600 + +[fernet_tokens] +max_active_keys = 3 + + + +[cache] + +enabled = true +backend = oslo_cache.memcache_pool +memcache_servers = inet6:[::1]:11211 + +# This goes in the section above, selectively +# Bug #1899117 +expiration_time = 600 + +[policy] +driver = sql + +[assignment] +driver = sql + +[auth] +methods = external,password,token,oauth1,openid,totp,application_credential + +[paste_deploy] +config_file = /etc/keystone/keystone-paste.ini + +[extra_headers] +Distribution = Ubuntu + +[ldap] + +[resource] +admin_project_domain_name = admin_domain +admin_project_name = admin + + + +[oslo_middleware] + +# Bug #1758675 +enable_proxy_headers_parsing = true + +# This goes in the section above, selectively +# Bug #1819134 +max_request_body_size = 114688 + diff --git a/tests/report_tests/plugin_tests/openstack/keystone.domain1.conf b/tests/report_tests/plugin_tests/openstack/keystone.domain1.conf new file mode 100644 index 000000000..4c25fd000 --- /dev/null +++ b/tests/report_tests/plugin_tests/openstack/keystone.domain1.conf @@ -0,0 +1,33 @@ +[ldap] +url = ldap://10.0.1.124 +user = cn=admin,dc=test,dc=com +password = crapper +suffix = dc=test,dc=com + +user_allow_create = False +user_allow_update = False +user_allow_delete = False + +group_allow_create = False +group_allow_update = False +group_allow_delete = False + +# User supplied configuration flags +group_desc_attribute = description +group_id_attribute = cn +group_member_attribute = memberUid +group_members_are_ids = True +group_name_attribute = cn +group_objectclass = posixGroup +group_tree_dn = ou=groups,dc=test,dc=com +pool_retry_max = 1 +pool_size = 10 +query_scope = sub +use_pool = True +user_attribute_ignore = userPassword +user_id_attribute = uid +user_name_attribute = uid +user_objectclass = posixAccount +user_tree_dn = ou=users,dc=test,dc=com +[identity] +driver = ldap diff --git a/tests/report_tests/plugin_tests/openstack/neutron.conf b/tests/report_tests/plugin_tests/openstack/neutron.conf new file mode 100644 index 000000000..2767324c8 --- /dev/null +++ b/tests/report_tests/plugin_tests/openstack/neutron.conf @@ -0,0 +1,117 @@ +[DEFAULT] +verbose = True +debug = True +use_syslog = False +state_path = /var/lib/neutron +bind_host = 0.0.0.0 +auth_strategy = keystone +api_workers = 2 +rpc_workers = 2 + + +transport_url = rabbit://neutron:KwGKnxV4tSVMpyhyz8Pj8gXnncrfyKr7nYFJhN7t8m6V3jL8jHKqLchgc6fjLMJ6@10.5.0.95:5672/openstack + + +router_distributed = False + +dns_domain = focal-ussuri.stsstack.qa.1ss. +l3_ha = False +allow_automatic_l3agent_failover = False +allow_automatic_dhcp_failover = True +network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.AZAwareWeightScheduler +dhcp_load_type = networks +router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.AZLeastRoutersScheduler +bind_port = 9676 +core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin +service_plugins = metering,segments,ovn-router +allow_overlapping_ips = True +dhcp_agents_per_network = 1 + +notify_nova_on_port_status_changes = True +notify_nova_on_port_data_changes = True + + + +global_physnet_mtu = 8958 + + +[quotas] +quota_driver = neutron.db.quota.driver.DbQuotaDriver +quota_items = network,subnet,port,security_group,security_group_rule +quota_security_group = 10 +quota_security_group_rule = 100 +quota_network = 10 +quota_subnet = 10 +quota_port = 50 +quota_vip = 10 +quota_pool = 10 +quota_member = -1 +quota_health_monitors = -1 +quota_router = 10 +quota_floatingip = 50 + +[agent] +root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf + +[keystone_authtoken] +auth_type = password +auth_uri = https://10.5.2.40:5000/v3 +auth_url = https://10.5.2.40:35357/v3 +project_domain_name = service_domain +user_domain_name = service_domain +service_type = network +project_name = services +username = neutron +password = 2VX9YzhHm7gMsr7RFLx8Ypckpq5fCshsNM8CfMYBXWZcCPKcwcjXb9rFtzWcBgM4 +signing_dir = /var/cache/neutron + +memcached_servers = inet6:[::1]:11211 +service_token_roles = Admin +service_token_roles_required = True + + +[database] +connection = mysql+pymysql://neutron:8ZMkYGjw5bsYwc6cx72b9ZVBrCKM5JMB@127.0.0.1/neutron + + +[oslo_messaging_rabbit] + + +[oslo_messaging_notifications] +driver = messagingv2 +transport_url = rabbit://neutron:KwGKnxV4tSVMpyhyz8Pj8gXnncrfyKr7nYFJhN7t8m6V3jL8jHKqLchgc6fjLMJ6@10.5.0.95:5672/openstack + +topics = notifications + + +[ovs] +igmp_snooping_enable = False + +[oslo_concurrency] +lock_path = $state_path/lock + +[nova] + +auth_section = keystone_authtoken + +region_name = RegionOne + +[placement] +auth_url = https://10.5.2.40:35357 +auth_type = password +project_domain_name = service_domain +user_domain_name = service_domain +project_name = services +username = neutron +password = 2VX9YzhHm7gMsr7RFLx8Ypckpq5fCshsNM8CfMYBXWZcCPKcwcjXb9rFtzWcBgM4 +os_region_name = RegionOne + + +[service_providers] +service_provider = FIREWALL_V2:fwaas_db:neutron_fwaas.services.firewall.service_drivers.agents.agents.FirewallAgentDriver:default + + +[oslo_middleware] + +# Bug #1758675 +enable_proxy_headers_parsing = true diff --git a/tests/report_tests/plugin_tests/openstack/nova.conf b/tests/report_tests/plugin_tests/openstack/nova.conf new file mode 100644 index 000000000..64dbe29a5 --- /dev/null +++ b/tests/report_tests/plugin_tests/openstack/nova.conf @@ -0,0 +1,199 @@ +[DEFAULT] +verbose=True +debug=True +dhcpbridge_flagfile=/etc/nova/nova.conf +dhcpbridge=/usr/bin/nova-dhcpbridge +logdir=/var/log/nova +state_path=/var/lib/nova +iscsi_helper=tgtadm +libvirt_use_virtio_for_bridges=True +connection_type=libvirt +root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf +volumes_path=/var/lib/nova/volumes +enabled_apis=osapi_compute,metadata +compute_driver=libvirt.LibvirtDriver +use_ipv6 = False +osapi_compute_listen = 0.0.0.0 +metadata_host = 0.0.0.0 +s3_listen = 0.0.0.0 +enable_new_services = True + +default_log_levels = "amqp=WARN, amqplib=WARN, boto=WARN, qpid=WARN, sqlalchemy=WARN, suds=INFO, oslo.messaging=INFO, oslo_messaging=DEBUG, iso8601=WARN, requests.packages.urllib3.connectionpool=WARN, urllib3.connectionpool=WARN, websocket=WARN, requests.packages.urllib3.util.retry=WARN, urllib3.util.retry=WARN, keystonemiddleware=WARN, routes.middleware=WARN, stevedore=WARN, taskflow=WARN, keystoneauth=WARN, oslo.cache=INFO, dogpile.core.dogpile=INFO, glanceclient=WARN, oslo.privsep.daemon=INFO" +glance.debug = True + +transport_url = rabbit://nova:JpdsBfXHTwFMmTHsP8WY2gTRpb4ZrLfN6VmT2666TtZfjYcGKMnrJd7pPRxqtNfs@10.5.0.95:5672/openstack + + +dhcp_domain = focal-ussuri.stsstack.qa.1ss. +osapi_compute_workers = 2 + +cpu_allocation_ratio = 16 +ram_allocation_ratio = 0.98 +disk_allocation_ratio = 1 + +use_syslog=False +my_ip = 10.5.2.199 + +cert=/etc/apache2/ssl/nova/cert_10.5.2.199 +key=/etc/apache2/ssl/nova/key_10.5.2.199 + + + +libvirt_vif_driver = nova.virt.libvirt.vif.LibvirtGenericVIFDriver +libvirt_user_virtio_for_bridges = True +security_group_api = neutron +nova_firewall_driver = nova.virt.firewall.NoopFirewallDriver +default_floating_pool = ext_net +network_api_class = nova.network.neutronv2.api.API +volume_api_class=nova.volume.cinder.API +osapi_compute_listen_port = 8754 +metadata_listen_port = 8755 + + +[upgrade_levels] +compute = auto + + + +[database] +connection = mysql+pymysql://nova:Vrn7SkRMHL8FzjNg2NJjwF57t7hJfhjj@127.0.0.1/nova +max_pool_size = 2 + + +[api_database] +connection = mysql+pymysql://nova:Vrn7SkRMHL8FzjNg2NJjwF57t7hJfhjj@127.0.0.1/nova_api +max_pool_size = 2 + + +[glance] +api_servers = https://10.5.0.29:9292 + +[neutron] +url = https://10.5.3.214:9696 +region_name = RegionOne +auth_url = https://10.5.2.40:35357 +auth_type = password +project_domain_name = service_domain +user_domain_name = service_domain +project_name = services +username = nova +password = WCBG8sqmmpKPYBbpVNSjfsScpmh55W2jJgPnXYb7zM2Rr469g2LL4x642R67dFyX +service_metadata_proxy = True +metadata_proxy_shared_secret = 915f3672-014c-11ef-9fe5-095497b544b3 + + + +[keystone_authtoken] +auth_type = password +auth_uri = https://10.5.2.40:5000/v3 +auth_url = https://10.5.2.40:35357/v3 +project_domain_name = service_domain +user_domain_name = service_domain +service_type = compute +project_name = services +username = nova +password = WCBG8sqmmpKPYBbpVNSjfsScpmh55W2jJgPnXYb7zM2Rr469g2LL4x642R67dFyX +signing_dir = /var/cache/nova + +memcached_servers = inet6:[::1]:11211 +service_token_roles = Admin +service_token_roles_required = True + + +[service_user] +send_service_user_token = true +auth_type = password +auth_url = https://10.5.2.40:35357 +project_domain_name = service_domain +user_domain_name = service_domain +project_name = services +username = nova +password = WCBG8sqmmpKPYBbpVNSjfsScpmh55W2jJgPnXYb7zM2Rr469g2LL4x642R67dFyX + + +[cinder] + +os_region_name = RegionOne + +cross_az_attach = True + + +[osapi_v3] +enabled=True + + + +[conductor] +workers = 2 + +[oslo_messaging_rabbit] + + +[oslo_messaging_notifications] +driver = messagingv2 +transport_url = rabbit://nova:JpdsBfXHTwFMmTHsP8WY2gTRpb4ZrLfN6VmT2666TtZfjYcGKMnrJd7pPRxqtNfs@10.5.0.95:5672/openstack + +[notifications] +notification_format = unversioned + + +[oslo_concurrency] +lock_path=/var/lock/nova + +[vnc] + + + +[spice] + + + +[serial_console] +enabled = false +base_url = wss://10.5.2.199:6083/ + + + + + +[placement] +auth_url = https://10.5.2.40:35357 +auth_type = password +project_domain_name = service_domain +user_domain_name = service_domain +project_name = services +username = nova +password = WCBG8sqmmpKPYBbpVNSjfsScpmh55W2jJgPnXYb7zM2Rr469g2LL4x642R67dFyX +os_region_name = RegionOne +region_name = RegionOne +randomize_allocation_candidates = true + +[scheduler] +discover_hosts_in_cells_interval = 30 + +workers = 2 + + + +[filter_scheduler] + +enabled_filters = RetryFilter,AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,DifferentHostFilter,SameHostFilter + + + +build_failure_weight_multiplier = 0.0 + + +[api] +auth_strategy=keystone +[wsgi] +api_paste_config=/etc/nova/api-paste.ini + +[pci] + +[oslo_middleware] + +enable_proxy_headers_parsing = true + + +[quota] diff --git a/tests/report_tests/plugin_tests/openstack/openstack.py b/tests/report_tests/plugin_tests/openstack/openstack.py new file mode 100644 index 000000000..4ae9c6f21 --- /dev/null +++ b/tests/report_tests/plugin_tests/openstack/openstack.py @@ -0,0 +1,145 @@ +# Copyright (C) 2024 Canonical Ltd., Arif Ali +# +# This file is part of the sos project: https://github.com/sosreport/sos +# +# This copyrighted material is made available to anyone wishing to use, +# modify, copy, or redistribute it subject to the terms and conditions of +# version 2 of the GNU General Public License. +# +# See the LICENSE file in the source distribution for further information. +import json + +from sos_tests import StageTwoReportTest, ubuntu_only +from sos.utilities import shell_out + +from avocado.utils import distro +from avocado.utils.software_manager import distro_packages + + +class OpenstackConfScrubbedTest(StageTwoReportTest): + """Ensure that the various openstack confs are picked up and properly + scrubbed + + :avocado: tags=stagetwo + """ + + sos_cmd = ('-o openstack_cinder,openstack_keystone,openstack_glance,' + 'openstack_neutron,openstack_nova') + files = [ + ('cinder.conf', '/etc/cinder/cinder.conf'), + ('keystone.domain1.conf', + '/etc/keystone/domains/keystone.domain1.conf'), + ('keystone.conf', '/etc/keystone/keystone.conf'), + ('glance-api.conf', '/etc/glance/glance-api.conf'), + ('neutron.conf', '/etc/neutron/neutron.conf'), + ('nova.conf', '/etc/nova/nova.conf'), + ] + + packages = { + 'rhel': ['openstack-cinder', 'openstack-glance', + 'openstack-heat-common', 'openstack-keystone', + 'openstack-nova'], + 'Ubuntu': ['cinder-common', 'glance-common', 'heat-common', + 'keystone-common', 'nova-common'] + } + + openstack_only = True + + def setup_mocked_packages(self): + this_distro = distro.detect() + if this_distro.name == "centos" or this_distro.name == "centos-stream": + shell_out("dnf config-manager --enable crb") + shell_out("dnf config-manager --enable powertools") + pkg_to_install = f"centos-release-openstack-yoga" + installed = distro_packages.install_distro_packages( + {this_distro.name: [pkg_to_install]}) + if not installed: + raise Exception( + "Unable to install requested packages " + f"{pkg_to_install}") + self._write_file_to_tmpdir( + 'mocked_osp_package', f'["{pkg_to_install}"]') + super().setup_mocked_packages() + + def teardown_mocked_packages(self): + this_distro = distro.detect() + if this_distro.name == "centos" or this_distro.name == "centos-stream": + pkgs = self.read_file_from_tmpdir('mocked_osp_package') + if not pkgs: + return + pkgs = json.loads(pkgs) + for pkg in pkgs: + self.sm.remove(pkg) + super().teardown_mocked_packages() + + def test_cinder_conf_collected_and_scrubbed(self): + self.assertFileCollected('/etc/cinder/cinder.conf') + + keys_to_mask = [ + 'cmB4zBYq3VWFMNqNKFLcqS5Zq8ystLLsTd5BFLbCtX67qShnhgHFxxRFjkhbY54x', + 'wPhFqY69x94YVJc7STrVH3CfsFrrcZPYw8NS2pjhzqyzw7wrL2VnTmN58c5XTnfV', + 'Ck3r7zf6B6PscfjWhhj2zJdy8SNXYd59', + ] + for key in keys_to_mask: + self.assertFileNotHasContent( + '/etc/cinder/cinder.conf', key) + + def test_glance_conf_collected_and_scrubbed(self): + self.assertFileCollected('/etc/glance/glance-api.conf') + + keys_to_mask = [ + '4LzVZZLsPTrKw7c49ZdxqmJ8mkcWkSSnPJzgYyZWPMkrVzyB62CyCzzKVRnBS4Mz', + 'cbVtRMqPznc4M7XKVG73yPn5fBX4NXYSC4bMb7PGYTL5RkWXnc8ZsZ9hrJy2hynf', + 'rM5hSHsw8JSV2mJVkcszMBxtVsHbG4MW', + ] + + for key in keys_to_mask: + self.assertFileNotHasContent('/etc/glance/glance-api.conf', key) + + def test_heat_conf_collected(self): + self.assertFileCollected('/etc/glance/heat.conf') + + def test_keystone_conf_collected_and_scrubbed(self): + self.assertFileCollected('/etc/keystone/keystone.conf') + self.assertFileCollected('/etc/keystone/keystone.policy.yaml') + + self.assertFileNotHasContent( + '/etc/keystone/keystone.conf', '2zx9jZZtxdn4grG3xcMV4PwgGwY7X7fP') + + def test_keystone_ldap_conf_scrubbed(self): + self.assertFileNotHasContent( + '/etc/keystone/domains/keystone.domain1.conf', 'crapper') + + @ubuntu_only + def test_neutron_ml2_certs_not_collected(self): + self.assertFileNotCollected('/etc/neutron/plugins/ml2/cert_host') + self.assertFileNotCollected('/etc/neutron/plugins/ml2/key_host') + self.assertFileNotCollected( + '/etc/neutron/plugins/ml2/neutron-api-plugin-ovn.crt') + + def test_neutron_conf_collected_and_scrubbed(self): + self.assertFileCollected('/etc/neutron/neutron.conf') + self.assertFileCollected('/etc/neutron/plugins/ml2/ml2_conf.ini') + + keys_to_mask = [ + 'KwGKnxV4tSVMpyhyz8Pj8gXnncrfyKr7nYFJhN7t8m6V3jL8jHKqLchgc6fjLMJ6', + '2VX9YzhHm7gMsr7RFLx8Ypckpq5fCshsNM8CfMYBXWZcCPKcwcjXb9rFtzWcBgM4', + '8ZMkYGjw5bsYwc6cx72b9ZVBrCKM5JMB', + ] + + for key in keys_to_mask: + self.assertFileNotHasContent('/etc/neutron/neutron.conf', key) + + def test_nova_conf_collected_and_scrubbed(self): + self.assertFileCollected('/etc/nova/nova.conf') + + keys_to_mask = [ + 'JpdsBfXHTwFMmTHsP8WY2gTRpb4ZrLfN6VmT2666TtZfjYcGKMnrJd7pPRxqtNfs', + 'WCBG8sqmmpKPYBbpVNSjfsScpmh55W2jJgPnXYb7zM2Rr469g2LL4x642R67dFyX', + 'Vrn7SkRMHL8FzjNg2NJjwF57t7hJfhjj', + ] + + for key in keys_to_mask: + self.assertFileNotHasContent('/etc/nova/nova.conf', key) + +# vim: set et ts=4 sw=4 : diff --git a/tests/sos_tests.py b/tests/sos_tests.py index a2cca0d9c..06013650d 100644 --- a/tests/sos_tests.py +++ b/tests/sos_tests.py @@ -32,7 +32,9 @@ SOS_TEST_BIN = os.path.realpath(os.path.join(SOS_TEST_DIR, '../bin/sos')) RH_DIST = ['rhel', 'centos', 'fedora', 'centos-stream'] +CENTOS_DIST = ['centos', 'centos-stream'] UBUNTU_DIST = ['Ubuntu', 'debian'] +OPENSTACK_DIST = ['centos', 'centos-stream', 'Ubuntu'] def skipIf(cond, message=None): @@ -54,6 +56,13 @@ def wrapper(func): return wrapper +def openstack_only(tst): + def wrapper(func): + if distro.detect().name not in OPENSTACK_DIST: + raise TestSkipError('Not running on a OpenStack supported distro') + return wrapper + + def ubuntu_only(tst): def wrapper(func): if distro.detect().name not in UBUNTU_DIST: @@ -77,6 +86,7 @@ class BaseSoSTest(Test): sos_timeout = 600 redhat_only = False ubuntu_only = False + openstack_only = False end_of_test_case = False arch = [] @@ -242,6 +252,10 @@ def check_distro_for_enablement(self): elif self.ubuntu_only: if self.local_distro not in UBUNTU_DIST: raise TestSkipError("Not running on a Ubuntu or Debian distro") + elif self.openstack_only: + if self.local_distro not in OPENSTACK_DIST: + raise TestSkipError("Not running on a OpenStack supported " + "distro") def check_arch_for_enablement(self): """ @@ -847,8 +861,8 @@ def tearDown(self): def teardown_mocking(self): """Undo any and all mocked setup that we did for tests """ - self.teardown_mocked_packages() self.teardown_mocked_files() + self.teardown_mocked_packages() self.teardown_mocked_plugins() def setup_mocking(self):