summaryrefslogtreecommitdiff
path: root/tests/white-box/network.rb
diff options
context:
space:
mode:
Diffstat (limited to 'tests/white-box/network.rb')
-rw-r--r--tests/white-box/network.rb90
1 files changed, 0 insertions, 90 deletions
diff --git a/tests/white-box/network.rb b/tests/white-box/network.rb
deleted file mode 100644
index 436fc8a8..00000000
--- a/tests/white-box/network.rb
+++ /dev/null
@@ -1,90 +0,0 @@
-require 'socket'
-require 'openssl'
-
-raise SkipTest if $node["dummy"]
-
-class Network < LeapTest
-
- def setup
- end
-
- def test_01_Can_connect_to_internet?
- assert_get('http://www.google.com/images/srpr/logo11w.png')
- pass
- end
-
- #
- # example properties:
- #
- # stunnel:
- # ednp_clients:
- # elk_9002:
- # accept_port: 4003
- # connect: elk.dev.bitmask.i
- # connect_port: 19002
- # couch_server:
- # accept: 15984
- # connect: "127.0.0.1:5984"
- #
- def test_02_Is_stunnel_running?
- ignore unless $node['stunnel']
- good_stunnel_pids = []
- release = `facter lsbmajdistrelease`
- if release.to_i > 7
- # on jessie, there is only one stunnel proc running instead of 6
- expected = 1
- else
- expected = 6
- end
- $node['stunnel']['clients'].each do |stunnel_type, stunnel_configs|
- stunnel_configs.each do |stunnel_name, stunnel_conf|
- config_file_name = "/etc/stunnel/#{stunnel_name}.conf"
- processes = pgrep(config_file_name)
- assert_equal expected, processes.length, "There should be #{expected} stunnel processes running for `#{config_file_name}`"
- good_stunnel_pids += processes.map{|ps| ps[:pid]}
- assert port = stunnel_conf['accept_port'], 'Field `accept_port` must be present in `stunnel` property.'
- assert_tcp_socket('localhost', port)
- end
- end
- $node['stunnel']['servers'].each do |stunnel_name, stunnel_conf|
- config_file_name = "/etc/stunnel/#{stunnel_name}.conf"
- processes = pgrep(config_file_name)
- assert_equal expected, processes.length, "There should be #{expected} stunnel processes running for `#{config_file_name}`"
- good_stunnel_pids += processes.map{|ps| ps[:pid]}
- assert accept_port = stunnel_conf['accept_port'], "Field `accept` must be present in property `stunnel.servers.#{stunnel_name}`"
- assert_tcp_socket('localhost', accept_port)
- assert connect_port = stunnel_conf['connect_port'], "Field `connect` must be present in property `stunnel.servers.#{stunnel_name}`"
- assert_tcp_socket('localhost', connect_port,
- "The local connect endpoint for stunnel `#{stunnel_name}` is unavailable.\n"+
- "This is probably caused by a daemon that died or failed to start on\n"+
- "port `#{connect_port}`, not stunnel itself.")
- end
- all_stunnel_pids = pgrep('/usr/bin/stunnel').collect{|process| process[:pid]}.uniq
- assert_equal good_stunnel_pids.sort, all_stunnel_pids.sort, "There should not be any extra stunnel processes that are not configured in /etc/stunnel"
- pass
- end
-
- def test_03_Is_shorewall_running?
- ignore unless File.exists?('/sbin/shorewall')
- assert_run('/sbin/shorewall status')
- pass
- end
-
- THIRTY_DAYS = 60*60*24*30
-
- def test_04_Are_server_certificates_valid?
- cert_paths = ["/etc/x509/certs/leap_commercial.crt", "/etc/x509/certs/leap.crt"]
- cert_paths.each do |cert_path|
- if File.exists?(cert_path)
- cert = OpenSSL::X509::Certificate.new(File.read(cert_path))
- if Time.now > cert.not_after
- fail "The certificate #{cert_path} expired on #{cert.not_after}"
- elsif Time.now + THIRTY_DAYS > cert.not_after
- fail "The certificate #{cert_path} will expire soon, on #{cert.not_after}"
- end
- end
- end
- pass
- end
-
-end