Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kirill Smelkov
slapos
Commits
73065d6d
Commit
73065d6d
authored
Sep 29, 2020
by
Kirill Smelkov
Browse files
Options
Browse Files
Download
Plain Diff
Merge remote-tracking branch 'origin/master' into t
parents
7fb00f38
3b14e028
Changes
10
Hide whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
237 additions
and
42 deletions
+237
-42
component/caddy/buildout.cfg
component/caddy/buildout.cfg
+9
-21
component/caddy/gowork.cfg
component/caddy/gowork.cfg
+12
-0
component/openssl/buildout.cfg
component/openssl/buildout.cfg
+1
-0
software/caddy-frontend/test/test.py
software/caddy-frontend/test/test.py
+9
-0
software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test_file_list_plugin-CADDY.txt
...TestSlaveHostHaproxyClash.test_file_list_plugin-CADDY.txt
+2
-0
software/slapos-master/test/test/test_erp5.py
software/slapos-master/test/test/test_erp5.py
+198
-19
software/slapos-sr-testing/buildout.hash.cfg
software/slapos-sr-testing/buildout.hash.cfg
+1
-1
software/slapos-sr-testing/instance.cfg
software/slapos-sr-testing/instance.cfg
+1
-1
software/slapos-sr-testing/software.cfg
software/slapos-sr-testing/software.cfg
+2
-0
stack/erp5/buildout.cfg
stack/erp5/buildout.cfg
+2
-0
No files found.
component/caddy/buildout.cfg
View file @
73065d6d
[buildout]
extends =
../../component/golang/buildout.cfg
gowork.cfg
parts =
gowork
caddy
[gowork.goinstall]
command = bash -c ". ${gowork:env.sh} && cd ${go_github.com_caddyserver_caddy:location} && GO111MODULE=on go install -v $(echo -n '${gowork:install}' |tr '\n' ' ')"
[gowork]
# Caddy 1.x+ uses go modules, for which gowork does not work yet
golang = ${golang1.14:location}
golang = ${golang1.12:location}
install =
[gowork.goinstall]
command = :
depends =
${caddy:recipe}
github.com/caddyserver/caddy/...
[caddy]
# revision and repository can be used to control which caddy version is used
revision = v1.0.3
repository = github.com/caddyserver/caddy/caddy
recipe = plone.recipe.command
recipe = plone.recipe.command
command = exit 0
update-command = ${:command}
stop-on-error = True
# GO111MODULE=on enables go modules support
# the chmod is needed as modules are fetched with u-w
command =
. ${gowork:env.sh} &&
cd ${gowork:directory} &&
export GO111MODULE=on &&
go get ${:repository}@${:revision} &&
chmod -R u+w .
output = ${gowork:bin}/caddy
location = ${:output}
component/caddy/gowork.cfg
0 → 100644
View file @
73065d6d
# Code generated by gowork-snapshot; DO NOT EDIT.
# list of go git repositories to fetch
[gowork.goinstall]
depends_gitfetch =
${go_github.com_caddyserver_caddy:recipe}
[go_github.com_caddyserver_caddy]
<= go-git-package
go.importpath = github.com/caddyserver/caddy
repository = https://lab.nexedi.com/nexedi/caddy.git
revision = nxd-v1.0.3-1-g2c11cedc
component/openssl/buildout.cfg
View file @
73065d6d
...
...
@@ -53,6 +53,7 @@ stop-on-error = true
update-command = ${:command}
command = ${coreutils-output:test} -x ${:openssl}
openssl = ${openssl:location}/bin/openssl
bin = ${openssl:location}
[openssl-1.0]
recipe = slapos.recipe.cmmi
...
...
software/caddy-frontend/test/test.py
View file @
73065d6d
...
...
@@ -1682,6 +1682,15 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
proto
)
def
test_telemetry_disabled
(
self
):
# here we trust that telemetry not present in error log means it was
# really disabled
error_log_file
=
glob
.
glob
(
os
.
path
.
join
(
self
.
instance_path
,
'*'
,
'var'
,
'log'
,
'frontend-error.log'
))[
0
]
with
open
(
error_log_file
)
as
fh
:
self
.
assertNotIn
(
'Sending telemetry'
,
fh
.
read
(),
'Telemetry enabled'
)
def
test_url
(
self
):
parameter_dict
=
self
.
assertSlaveBase
(
'Url'
)
...
...
software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test_file_list_plugin-CADDY.txt
View file @
73065d6d
...
...
@@ -18,6 +18,7 @@ T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-1/etc/plugin/promise-logrotate-setup.py
T-2/etc/plugin/__init__.py
T-2/etc/plugin/backend-client-caucase-updater.py
T-2/etc/plugin/backend-haproxy-configuration.py
...
...
@@ -35,6 +36,7 @@ T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/promise-logrotate-setup.py
T-2/etc/plugin/re6st-connectivity.py
T-2/etc/plugin/slave-introspection-configuration.py
T-2/etc/plugin/slave_introspection_https.py
...
...
software/slapos-master/test/test/test_erp5.py
View file @
73065d6d
...
...
@@ -31,13 +31,17 @@ import glob
import
urlparse
import
socket
import
time
import
re
import
BaseHTTPServer
import
multiprocessing
import
subprocess
import
psutil
import
requests
from
.
import
ERP5InstanceTestCase
from
.
import
setUpModule
setUpModule
# pyflakes
setUpModule
# pyflakes
class
TestPublishedURLIsReachableMixin
(
object
):
...
...
@@ -46,15 +50,17 @@ class TestPublishedURLIsReachableMixin(object):
def
_checkERP5IsReachable
(
self
,
url
):
# What happens is that instanciation just create the services, but does not
# wait for ERP5 to be initialized. When this test run ERP5 instance is
# instanciated, but zope is still busy creating the site and haproxy
replies
#
with 503 Service Unavailable when zope is not started yet, with 404 when
#
erp5 site is not created, with 500 when mysql is not yet reachable, so we
# retry in a loop until we get a succesful response.
# instanciated, but zope is still busy creating the site and haproxy
#
replies with 503 Service Unavailable when zope is not started yet, with
#
404 when erp5 site is not created, with 500 when mysql is not yet
# re
achable, so we re
try in a loop until we get a succesful response.
for
i
in
range
(
1
,
60
):
r
=
requests
.
get
(
url
,
verify
=
False
)
# XXX can we get CA from caucase already ?
# XXX can we get CA from caucase already ?
r
=
requests
.
get
(
url
,
verify
=
False
)
if
r
.
status_code
!=
requests
.
codes
.
ok
:
delay
=
i
*
2
self
.
logger
.
warn
(
"ERP5 was not available, sleeping for %ds and retrying"
,
delay
)
self
.
logger
.
warn
(
"ERP5 was not available, sleeping for %ds and retrying"
,
delay
)
time
.
sleep
(
delay
)
continue
r
.
raise_for_status
()
...
...
@@ -77,7 +83,8 @@ class TestPublishedURLIsReachableMixin(object):
urlparse
.
urljoin
(
param_dict
[
'family-default'
],
param_dict
[
'site-id'
]))
class
TestDefaultParameters
(
ERP5InstanceTestCase
,
TestPublishedURLIsReachableMixin
):
class
TestDefaultParameters
(
ERP5InstanceTestCase
,
TestPublishedURLIsReachableMixin
):
"""Test ERP5 can be instanciated with no parameters
"""
__partition_reference__
=
'defp'
...
...
@@ -125,16 +132,19 @@ class TestApacheBalancerPorts(ERP5InstanceTestCase):
self
.
assertTrue
(
parsed
.
port
)
def
test_published_family_parameters
(
self
):
# when we request two families, we have two published family-{family_name} URLs
# when we request two families, we have two published family-{family_name}
# URLs
param_dict
=
self
.
getRootPartitionConnectionParameterDict
()
for
family_name
in
(
'family1'
,
'family2'
):
self
.
checkValidHTTPSURL
(
param_dict
[
'family-{family_name}'
.
format
(
family_name
=
family_name
)])
self
.
checkValidHTTPSURL
(
param_dict
[
'family-{family_name}-v6'
.
format
(
family_name
=
family_name
)])
param_dict
[
'family-{family_name}-v6'
.
format
(
family_name
=
family_name
)])
def
test_published_test_runner_url
(
self
):
# each family's also a list of test test runner URLs, by default 3 per family
# each family's also a list of test test runner URLs, by default 3 per
# family
param_dict
=
self
.
getRootPartitionConnectionParameterDict
()
for
family_name
in
(
'family1'
,
'family2'
):
family_test_runner_url_list
=
param_dict
[
...
...
@@ -144,7 +154,8 @@ class TestApacheBalancerPorts(ERP5InstanceTestCase):
self
.
checkValidHTTPSURL
(
url
)
def
test_zope_listen
(
self
):
# we requested 3 zope in family1 and 5 zopes in family2, we should have 8 zope running.
# we requested 3 zope in family1 and 5 zopes in family2, we should have 8
# zope running.
with
self
.
slap
.
instance_supervisor_rpc
as
supervisor
:
all_process_info
=
supervisor
.
getAllProcessInfo
()
self
.
assertEqual
(
...
...
@@ -179,7 +190,8 @@ class TestApacheBalancerPorts(ERP5InstanceTestCase):
])
class
TestDisableTestRunner
(
ERP5InstanceTestCase
,
TestPublishedURLIsReachableMixin
):
class
TestDisableTestRunner
(
ERP5InstanceTestCase
,
TestPublishedURLIsReachableMixin
):
"""Test ERP5 can be instanciated without test runner.
"""
__partition_reference__
=
'distr'
...
...
@@ -192,15 +204,17 @@ class TestDisableTestRunner(ERP5InstanceTestCase, TestPublishedURLIsReachableMix
"""
# self.computer_partition_root_path is the path of root partition.
# we want to assert that no scripts exist in any partition.
bin_programs
=
map
(
os
.
path
.
basename
,
bin_programs
=
map
(
os
.
path
.
basename
,
glob
.
glob
(
self
.
computer_partition_root_path
+
"/../*/bin/*"
))
self
.
assertTrue
(
bin_programs
)
# just to check the glob was correct.
self
.
assertTrue
(
bin_programs
)
# just to check the glob was correct.
self
.
assertNotIn
(
'runUnitTest'
,
bin_programs
)
self
.
assertNotIn
(
'runTestSuite'
,
bin_programs
)
def
test_no_apache_testrunner_port
(
self
):
# Apache only listen on two ports, there is no apache ports allocated for test runner
# Apache only listen on two ports, there is no apache ports allocated for
# test runner
with
self
.
slap
.
instance_supervisor_rpc
as
supervisor
:
all_process_info
=
supervisor
.
getAllProcessInfo
()
process_info
,
=
[
p
for
p
in
all_process_info
if
p
[
'name'
]
==
'apache'
]
...
...
@@ -213,7 +227,9 @@ class TestDisableTestRunner(ERP5InstanceTestCase, TestPublishedURLIsReachableMix
if
c
.
status
==
'LISTEN'
))
class
TestZopeNodeParameterOverride
(
ERP5InstanceTestCase
,
TestPublishedURLIsReachableMixin
):
class
TestZopeNodeParameterOverride
(
ERP5InstanceTestCase
,
TestPublishedURLIsReachableMixin
):
"""Test override zope node parameters
"""
__partition_reference__
=
'override'
...
...
@@ -228,7 +244,7 @@ class TestZopeNodeParameterOverride(ERP5InstanceTestCase, TestPublishedURLIsReac
"server"
:
{},
"cache-size-bytes"
:
"20MB"
,
"cache-size-bytes!"
:
[
(
"bb-0"
,
1
<<
20
),
(
"bb-0"
,
1
<<
20
),
(
"bb-.*"
,
"500MB"
),
],
"pool-timeout"
:
"10m"
,
...
...
@@ -299,7 +315,170 @@ class TestZopeNodeParameterOverride(ERP5InstanceTestCase, TestPublishedURLIsReac
partition
=
self
.
getComputerPartitionPath
(
'zope-bb'
)
for
zope
in
xrange
(
5
):
checkConf
({
"cache-size-bytes"
:
"500MB"
if
zope
else
1
<<
20
,
"cache-size-bytes"
:
"500MB"
if
zope
else
1
<<
20
,
},
{
"cache-size"
:
None
,
})
def
popenCommunicate
(
command_list
,
input_
=
None
,
**
kwargs
):
kwargs
.
update
(
stdout
=
subprocess
.
PIPE
,
stderr
=
subprocess
.
STDOUT
)
popen
=
subprocess
.
Popen
(
command_list
,
**
kwargs
)
result
=
popen
.
communicate
(
input_
)[
0
]
if
popen
.
returncode
is
None
:
popen
.
kill
()
if
popen
.
returncode
!=
0
:
raise
ValueError
(
'Issue during calling %r, result was:
\
n
%s'
%
(
command_list
,
result
))
return
result
class
TestHandler
(
BaseHTTPServer
.
BaseHTTPRequestHandler
):
def
do_GET
(
self
):
self
.
send_response
(
200
)
response
=
{
'Path'
:
self
.
path
,
'Incoming Headers'
:
self
.
headers
.
dict
}
response
=
json
.
dumps
(
response
,
indent
=
2
)
self
.
end_headers
()
self
.
wfile
.
write
(
response
)
class
TestDeploymentScriptInstantiation
(
ERP5InstanceTestCase
):
"""This check deployment script like instantiation
Low level assertions are done here in roder to assure that
https://lab.nexedi.com/nexedi/slapos.package/blob/master/playbook/
slapos-master-standalone.yml
works correctly
"""
__partition_reference__
=
'tdsi'
# a bit more partition is required
partition_count
=
20
@
classmethod
def
getInstanceParameterDict
(
cls
):
# As close as possible configuration to deployment script
parameter_dict
=
{
"timezone"
:
"UTC"
,
"site-id"
:
"erp5"
,
"bt5"
:
"erp5_full_text_myisam_catalog slapos_configurator"
,
"wsgi"
:
False
,
"test-runner"
:
{
"enabled"
:
False
},
# won't work anyway here
"zope-partition-dict"
:
{
"admin"
:
{
"family"
:
"admin"
,
"thread-amount"
:
4
,
"port-base"
:
2220
,
"instance-count"
:
1
},
"activities-node"
:
{
"family"
:
"activities"
,
"thread-amount"
:
4
,
"instance-count"
:
1
,
"timerserver-interval"
:
1
,
"port-base"
:
2230
},
"distribution-node"
:
{
"family"
:
"distribution"
,
"thread-amount"
:
1
,
"instance-count"
:
1
,
"port-base"
:
2210
,
"timerserver-interval"
:
1
},
"web-node"
:
{
"family"
:
"web"
,
"thread-amount"
:
2
,
"instance-count"
:
1
,
"port-base"
:
2240
},
"service-slapos"
:
{
"family"
:
"service"
,
"thread-amount"
:
2
,
"instance-count"
:
1
,
"port-base"
:
2250
,
"ssl-authentication"
:
True
,
"backend-path"
:
"/%(site-id)s/portal_slap"
}
}
}
# put shared-certificate-authority-path in controlled location
cls
.
ca_path
=
os
.
path
.
join
(
cls
.
slap
.
instance_directory
,
'ca_path'
)
parameter_dict
[
"shared-certificate-authority-path"
]
=
cls
.
ca_path
return
{
'_'
:
json
.
dumps
(
parameter_dict
)}
@
classmethod
def
callSupervisorMethod
(
cls
,
method
,
*
args
,
**
kwargs
):
with
cls
.
slap
.
instance_supervisor_rpc
as
instance_supervisor
:
return
getattr
(
instance_supervisor
,
method
)(
*
args
,
**
kwargs
)
def
test_ssl_auth
(
self
):
backend_apache_configuration_list
=
glob
.
glob
(
os
.
path
.
join
(
self
.
slap
.
instance_directory
,
'*'
,
'etc'
,
'apache'
,
'apache.conf'
))
self
.
assertEqual
(
1
,
len
(
backend_apache_configuration_list
)
)
backend_apache_configuration
=
open
(
backend_apache_configuration_list
[
0
]).
read
()
self
.
assertIn
(
'SSLVerifyClient require'
,
backend_apache_configuration
)
self
.
assertIn
(
r'RequestHeader set Remote-User %{SSL_CLIENT_S_DN_CN}s'
,
backend_apache_configuration
)
# stop haproxy, it's going to be hijacked
haproxy_name
=
':'
.
join
([
(
q
[
'group'
],
q
[
'name'
])
for
q
in
self
.
callSupervisorMethod
(
'getAllProcessInfo'
)
if
'haproxy'
in
q
[
'name'
]][
0
])
self
.
callSupervisorMethod
(
'stopProcess'
,
haproxy_name
)
# do similar certificate request like CertificateAuthorityTool
openssl_config
=
os
.
path
.
join
(
self
.
ca_path
,
'openssl.cnf'
)
key
=
os
.
path
.
join
(
self
.
ca_path
,
'private'
,
'test.key'
)
csr
=
os
.
path
.
join
(
self
.
ca_path
,
'text.csr'
)
cert
=
os
.
path
.
join
(
self
.
ca_path
,
'certs'
,
'test.crt'
)
common_name
=
'TEST-SSL-AUTH'
popenCommunicate
([
'openssl'
,
'req'
,
'-utf8'
,
'-nodes'
,
'-config'
,
openssl_config
,
'-new'
,
'-keyout'
,
key
,
'-out'
,
csr
,
'-days'
,
'3650'
],
'%s
\
n
'
%
(
common_name
,),
stdin
=
subprocess
.
PIPE
)
popenCommunicate
([
'openssl'
,
'ca'
,
'-utf8'
,
'-days'
,
'3650'
,
'-batch'
,
'-config'
,
openssl_config
,
'-out'
,
cert
,
'-infiles'
,
csr
])
# find IP and port on which hijacked process shall listen
portal_slap_line
=
[
q
for
q
in
backend_apache_configuration
.
splitlines
()
if
'portal_slap'
in
q
][
0
]
ip
,
port
=
re
.
search
(
r'.*http:\
/
\/(.*):(\
d*)
\/.*'
,
portal_slap_line
).
groups
()
port
=
int
(
port
)
server
=
BaseHTTPServer
.
HTTPServer
((
ip
,
port
),
TestHandler
)
server_process
=
multiprocessing
.
Process
(
target
=
server
.
serve_forever
,
name
=
'HTTPServer'
)
server_process
.
start
()
try
:
# assert that accessing the service endpoint results with certificate
# authentication and proper information extraction
result_json
=
requests
.
get
(
self
.
getRootPartitionConnectionParameterDict
()[
'family-service'
],
verify
=
False
,
cert
=
(
cert
,
key
)).
json
()
self
.
assertEqual
(
common_name
,
result_json
[
'Incoming Headers'
][
'remote-user'
]
)
self
.
assertEqual
(
'/erp5/portal_slap/'
,
result_json
[
'Path'
]
)
finally
:
server_process
.
join
(
10
)
server_process
.
terminate
()
software/slapos-sr-testing/buildout.hash.cfg
View file @
73065d6d
...
...
@@ -15,4 +15,4 @@
[template]
filename = instance.cfg
md5sum =
14d2f49d20670e44c2a162bcec9e0a8e
md5sum =
4246cde0a27138e057ba1635cc621edf
software/slapos-sr-testing/instance.cfg
View file @
73065d6d
...
...
@@ -44,7 +44,7 @@ environment =
SLAPOS_TEST_WORKING_DIR=${slapos-test-runner-environment:SLAPOS_TEST_WORKING_DIR}
[slapos-test-runner-environment]
PATH = {{ buildout['bin-directory'] }}:{{ curl_location }}/bin/:{{ faketime_location }}/bin/:/usr/bin/:/bin
PATH = {{ buildout['bin-directory'] }}:{{ curl_location }}/bin/:{{ faketime_location }}/bin/:
{{ openssl_location }}/bin/:
/usr/bin/:/bin
SLAPOS_TEST_IPV4 = ${slap-configuration:ipv4-random}
SLAPOS_TEST_IPV6 = ${slap-configuration:ipv6-random}
SLAPOS_TEST_WORKING_DIR = ${directory:working-dir}
...
...
software/slapos-sr-testing/software.cfg
View file @
73065d6d
...
...
@@ -3,6 +3,7 @@
extends =
../../component/bcrypt/buildout.cfg
../../component/curl/buildout.cfg
../../component/openssl/buildout.cfg
../../component/git/buildout.cfg
../../component/faketime/buildout.cfg
../../component/pillow/buildout.cfg
...
...
@@ -240,6 +241,7 @@ context =
key slapos_location slapos-repository:location
key interpreter eggs:interpreter
key curl_location curl:location
key openssl_location openssl-output:bin
key faketime_location faketime:location
key tests :tests
tests =
...
...
stack/erp5/buildout.cfg
View file @
73065d6d
...
...
@@ -408,6 +408,7 @@ eggs = ${neoppod:eggs}
jsonschema
mechanize
mock
oauthlib
objgraph
paramiko
ply
...
...
@@ -645,6 +646,7 @@ logilab-common = 1.3.0
munnel = 0.3
nt-svcutils = 2.13.0
oauth2client = 4.0.0
oauthlib = 3.1.0
objgraph = 3.1.0
ply = 3.10
polib = 1.0.8
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment