From 4d8a1bc0ce304404e4d0cab0ce6a3c51ed035e71 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 8 Nov 2016 21:05:39 +0100 Subject: New nickserver is using fully qualified ruby path now --- tests/server-tests/white-box/webapp.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests/server-tests') diff --git a/tests/server-tests/white-box/webapp.rb b/tests/server-tests/white-box/webapp.rb index da1ec8c5..40c234d6 100644 --- a/tests/server-tests/white-box/webapp.rb +++ b/tests/server-tests/white-box/webapp.rb @@ -28,7 +28,7 @@ class Webapp < LeapTest def test_03_Are_daemons_running? assert_running '^/usr/sbin/apache2' - assert_running '^ruby /usr/bin/nickserver' + assert_running '^/usr/bin/ruby /usr/bin/nickserver' pass end -- cgit v1.2.3 From d8255eb07a8b96ad04fcade8486530db2e61dad4 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 9 Nov 2016 13:50:30 +0100 Subject: Don't do strict checking for nickserver Sometimes nickserver is listed with `ruby /usr/bin/nickserver start` in the process table, sometimes with `/usr/bin/ruby /usr/bin/nickserver start`. We should do proper checking with `systemctl status nickserver` to make sure the service is up though (https://leap.se/code/issues/8579). Meanwhile it's ok to not do strict checking. --- tests/server-tests/white-box/webapp.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests/server-tests') diff --git a/tests/server-tests/white-box/webapp.rb b/tests/server-tests/white-box/webapp.rb index 40c234d6..c46c9f96 100644 --- a/tests/server-tests/white-box/webapp.rb +++ b/tests/server-tests/white-box/webapp.rb @@ -28,7 +28,7 @@ class Webapp < LeapTest def test_03_Are_daemons_running? assert_running '^/usr/sbin/apache2' - assert_running '^/usr/bin/ruby /usr/bin/nickserver' + assert_running 'ruby /usr/bin/nickserver' pass end -- cgit v1.2.3 From 678a211ca31a7801d8bef8a74ca30feaa16af508 Mon Sep 17 00:00:00 2001 From: drebs Date: Fri, 18 Nov 2016 18:03:26 -0200 Subject: add a timeout for the soledad sync test script (#8590) If for any reason a sync takes too long, the script will timeout and log an errro. --- tests/server-tests/helpers/soledad_sync.py | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'tests/server-tests') diff --git a/tests/server-tests/helpers/soledad_sync.py b/tests/server-tests/helpers/soledad_sync.py index f4fc81ae..b674818d 100755 --- a/tests/server-tests/helpers/soledad_sync.py +++ b/tests/server-tests/helpers/soledad_sync.py @@ -35,6 +35,7 @@ flags.set_events_enabled(False) NUMDOCS = 1 USAGE = "Usage: %s uuid token server cert_file password" % sys.argv[0] +SYNC_TIMEOUT = 60 def bail(msg, exitcode): @@ -68,12 +69,23 @@ if __name__ == '__main__': s = get_soledad_instance( uuid, passphrase, tempdir, server, cert_file, token) + def syncWithTimeout(_): + d = s.sync() + reactor.callLater(SYNC_TIMEOUT, d.cancel) + return d + def onSyncDone(sync_result): print "SYNC_RESULT:", sync_result s.close() rm_tempdir() reactor.stop() + def trap_cancel(f): + f.trap(defer.CancelledError) + log.err("sync timed out after %s seconds" % SYNC_TIMEOUT) + rm_tempdir() + reactor.stop() + def log_and_exit(f): log.err(f) rm_tempdir() @@ -81,8 +93,9 @@ if __name__ == '__main__': def start_sync(): d = create_docs(s) - d.addCallback(lambda _: s.sync()) + d.addCallback(syncWithTimeout) d.addCallback(onSyncDone) + d.addErrback(trap_cancel) d.addErrback(log_and_exit) reactor.callWhenRunning(start_sync) -- cgit v1.2.3 From 389228df6ee52ce41cc83c2b91fe0b6572d4bc50 Mon Sep 17 00:00:00 2001 From: drebs Date: Fri, 18 Nov 2016 18:16:41 -0200 Subject: use lock to avoid running multiple soledad tests (#8590) If a soledad sync test script is already running, there's no need to run another one. This avoids having multiple test script hanging and eating up resources. We have seen this situation under development circumstances, when the soledad server has been modified in a way that the client hangs and never finishes. --- tests/server-tests/helpers/soledad_sync.py | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'tests/server-tests') diff --git a/tests/server-tests/helpers/soledad_sync.py b/tests/server-tests/helpers/soledad_sync.py index b674818d..a92ec68f 100755 --- a/tests/server-tests/helpers/soledad_sync.py +++ b/tests/server-tests/helpers/soledad_sync.py @@ -27,6 +27,7 @@ os.environ['SKIP_TWISTED_SSL_CHECK'] = '1' from twisted.internet import defer, reactor from twisted.python import log +from twisted.python.lockfile import FilesystemLock from client_side_db import get_soledad_instance from leap.common.events import flags @@ -43,6 +44,13 @@ def bail(msg, exitcode): sys.exit(exitcode) +def obtain_lock(): + scriptname = os.path.basename(__file__) + lockfile = os.path.join(tempfile.gettempdir(), scriptname + '.lock') + lock = FilesystemLock(lockfile) + return lock.lock() + + def create_docs(soledad): """ Populates the soledad database with dummy messages, so we can exercise @@ -65,6 +73,9 @@ if __name__ == '__main__': if len(sys.argv) < 6: bail(USAGE, 2) + if not obtain_lock(): + bail("another instance is already running", 1) + uuid, token, server, cert_file, passphrase = sys.argv[1:] s = get_soledad_instance( uuid, passphrase, tempdir, server, cert_file, token) -- cgit v1.2.3 From 6814e226d90944b4adde33ad4946ff7a400b413e Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 23 Dec 2016 13:03:33 +0100 Subject: Change regex for soledad process check --- tests/server-tests/white-box/soledad.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests/server-tests') diff --git a/tests/server-tests/white-box/soledad.rb b/tests/server-tests/white-box/soledad.rb index d41bee58..b89145bc 100644 --- a/tests/server-tests/white-box/soledad.rb +++ b/tests/server-tests/white-box/soledad.rb @@ -10,7 +10,7 @@ class Soledad < LeapTest end def test_00_Is_Soledad_running? - assert_running '.*/usr/bin/twistd.*--wsgi=leap.soledad.server.application' + assert_running '/usr/bin/python /usr/bin/twistd --uid=soledad --gid=soledad --pidfile=/var/run/soledad.pid --syslog --prefix=soledad-server web --class=leap.soledad.server.resource.SoledadResource.*' pass end -- cgit v1.2.3 From 889e206ac2dfab93adbc3ad70ab0ba4f883de2e2 Mon Sep 17 00:00:00 2001 From: drebs Date: Thu, 22 Dec 2016 20:23:21 -0200 Subject: bugfix: remove deprecated parameter from soledad test script --- tests/server-tests/helpers/client_side_db.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'tests/server-tests') diff --git a/tests/server-tests/helpers/client_side_db.py b/tests/server-tests/helpers/client_side_db.py index 2f8c220f..5842c007 100644 --- a/tests/server-tests/helpers/client_side_db.py +++ b/tests/server-tests/helpers/client_side_db.py @@ -55,8 +55,7 @@ def get_soledad_instance(uuid, passphrase, basedir, server_url, cert_file, local_db_path=local_db_path, server_url=server_url, cert_file=cert_file, - auth_token=token, - defer_encryption=True) + auth_token=token) def _get_api_info(provider): -- cgit v1.2.3 From 9b8314f3d2707a80e6238bb173280de291ecd2f4 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 10 Jan 2017 19:43:30 +0100 Subject: New unbound runs with debug flag by default --- tests/server-tests/white-box/mx.rb | 2 +- tests/server-tests/white-box/openvpn.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'tests/server-tests') diff --git a/tests/server-tests/white-box/mx.rb b/tests/server-tests/white-box/mx.rb index 0eeaacd0..ecc8686c 100644 --- a/tests/server-tests/white-box/mx.rb +++ b/tests/server-tests/white-box/mx.rb @@ -57,7 +57,7 @@ class Mx < LeapTest assert_running '^/usr/sbin/postfwd' assert_running 'postfwd2::cache$' assert_running 'postfwd2::policy$' - assert_running '^/usr/sbin/unbound$' + assert_running '^/usr/sbin/unbound' assert_running '^/usr/bin/freshclam' assert_running '^/usr/sbin/opendkim' if Dir.glob("/var/lib/clamav/main.{c[vl]d,inc}").size > 0 and Dir.glob("/var/lib/clamav/daily.{c[vl]d,inc}").size > 0 diff --git a/tests/server-tests/white-box/openvpn.rb b/tests/server-tests/white-box/openvpn.rb index 170d4503..d5cc2265 100644 --- a/tests/server-tests/white-box/openvpn.rb +++ b/tests/server-tests/white-box/openvpn.rb @@ -9,7 +9,7 @@ class OpenVPN < LeapTest def test_01_Are_daemons_running? assert_running '^/usr/sbin/openvpn .* /etc/openvpn/tcp_config.conf$' assert_running '^/usr/sbin/openvpn .* /etc/openvpn/udp_config.conf$' - assert_running '^/usr/sbin/unbound$' + assert_running '^/usr/sbin/unbound' pass end -- cgit v1.2.3 From 9e68982b4ef8af087e8792e502d37632d1a9a0e8 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 9 Feb 2017 16:34:56 -0800 Subject: tests: check process by either process scan or service name. closes #8753 --- tests/server-tests/helpers/os_helper.rb | 28 +++++++++++++++++++++++----- tests/server-tests/white-box/couchdb.rb | 4 ++-- tests/server-tests/white-box/mx.rb | 20 ++++++++++---------- tests/server-tests/white-box/openvpn.rb | 6 +++--- tests/server-tests/white-box/soledad.rb | 2 +- tests/server-tests/white-box/webapp.rb | 4 ++-- 6 files changed, 41 insertions(+), 23 deletions(-) (limited to 'tests/server-tests') diff --git a/tests/server-tests/helpers/os_helper.rb b/tests/server-tests/helpers/os_helper.rb index 9923d5b1..6a71388c 100644 --- a/tests/server-tests/helpers/os_helper.rb +++ b/tests/server-tests/helpers/os_helper.rb @@ -20,11 +20,29 @@ class LeapTest }.compact end - def assert_running(process, options={}) - processes = pgrep(process) - assert processes.any?, "No running process for #{process}" - if options[:single] - assert processes.length == 1, "More than one process for #{process}" + # + # passes if the specified process is runnin. + # + # arguments: + # + # match => VALUE -- scan process table for VALUE + # service => VALUE -- call systemctl is-active VALUE + # + # single => true|false -- if true, there must be one result + # + def assert_running(match:nil, service:nil, single:false) + if match + processes = pgrep(match) + assert processes.any?, "No running process for #{match}" + if single + assert processes.length == 1, "More than one process for #{match}" + end + elsif service + `systemctl is-active #{service} 2>&1` + if $?.exitstatus != 0 + output = `systemctl status #{service} 2>&1` + fail "Service '#{service}' is not running:\n#{output}" + end end end diff --git a/tests/server-tests/white-box/couchdb.rb b/tests/server-tests/white-box/couchdb.rb index 44a2769b..dcf71bc7 100644 --- a/tests/server-tests/white-box/couchdb.rb +++ b/tests/server-tests/white-box/couchdb.rb @@ -9,9 +9,9 @@ class CouchDB < LeapTest end def test_00_Are_daemons_running? - assert_running 'bin/beam' + assert_running match: 'bin/beam' if multimaster? - assert_running 'bin/epmd' + assert_running match: 'bin/epmd' end pass end diff --git a/tests/server-tests/white-box/mx.rb b/tests/server-tests/white-box/mx.rb index ecc8686c..432f4e54 100644 --- a/tests/server-tests/white-box/mx.rb +++ b/tests/server-tests/white-box/mx.rb @@ -52,17 +52,17 @@ class Mx < LeapTest end def test_04_Are_MX_daemons_running? - assert_running '.*/usr/bin/twistd.*mx.tac' - assert_running '^/usr/lib/postfix/master$' - assert_running '^/usr/sbin/postfwd' - assert_running 'postfwd2::cache$' - assert_running 'postfwd2::policy$' - assert_running '^/usr/sbin/unbound' - assert_running '^/usr/bin/freshclam' - assert_running '^/usr/sbin/opendkim' + assert_running match: '.*/usr/bin/twistd.*mx.tac' + assert_running match: '^/usr/lib/postfix/master$' + assert_running match: '^/usr/sbin/postfwd' + assert_running match: 'postfwd2::cache$' + assert_running match: 'postfwd2::policy$' + assert_running match: '^/usr/sbin/unbound' + assert_running match: '^/usr/bin/freshclam' + assert_running match: '^/usr/sbin/opendkim' if Dir.glob("/var/lib/clamav/main.{c[vl]d,inc}").size > 0 and Dir.glob("/var/lib/clamav/daily.{c[vl]d,inc}").size > 0 - assert_running '^/usr/sbin/clamd' - assert_running '^/usr/sbin/clamav-milter' + assert_running match: '^/usr/sbin/clamd' + assert_running match: '^/usr/sbin/clamav-milter' pass else skip "Downloading the clamav signature files (/var/lib/clamav/{daily,main}.{c[vl]d,inc}) is still in progress, so clamd is not running." diff --git a/tests/server-tests/white-box/openvpn.rb b/tests/server-tests/white-box/openvpn.rb index d5cc2265..4eed7eb9 100644 --- a/tests/server-tests/white-box/openvpn.rb +++ b/tests/server-tests/white-box/openvpn.rb @@ -7,9 +7,9 @@ class OpenVPN < LeapTest end def test_01_Are_daemons_running? - assert_running '^/usr/sbin/openvpn .* /etc/openvpn/tcp_config.conf$' - assert_running '^/usr/sbin/openvpn .* /etc/openvpn/udp_config.conf$' - assert_running '^/usr/sbin/unbound' + assert_running match: '^/usr/sbin/openvpn .* /etc/openvpn/tcp_config.conf$' + assert_running match: '^/usr/sbin/openvpn .* /etc/openvpn/udp_config.conf$' + assert_running match: '^/usr/sbin/unbound' pass end diff --git a/tests/server-tests/white-box/soledad.rb b/tests/server-tests/white-box/soledad.rb index b89145bc..112d6b9b 100644 --- a/tests/server-tests/white-box/soledad.rb +++ b/tests/server-tests/white-box/soledad.rb @@ -10,7 +10,7 @@ class Soledad < LeapTest end def test_00_Is_Soledad_running? - assert_running '/usr/bin/python /usr/bin/twistd --uid=soledad --gid=soledad --pidfile=/var/run/soledad.pid --syslog --prefix=soledad-server web --class=leap.soledad.server.resource.SoledadResource.*' + assert_running service: 'soledad-server' pass end diff --git a/tests/server-tests/white-box/webapp.rb b/tests/server-tests/white-box/webapp.rb index c46c9f96..e48df524 100644 --- a/tests/server-tests/white-box/webapp.rb +++ b/tests/server-tests/white-box/webapp.rb @@ -27,8 +27,8 @@ class Webapp < LeapTest end def test_03_Are_daemons_running? - assert_running '^/usr/sbin/apache2' - assert_running 'ruby /usr/bin/nickserver' + assert_running match: '^/usr/sbin/apache2' + assert_running match: 'ruby /usr/bin/nickserver' pass end -- cgit v1.2.3 From 5035b80537d4f6d4f4d57a3a429d12fc4ca04d54 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 23 Feb 2017 11:52:10 +0100 Subject: [8144] Remove Haproxy tests --- tests/server-tests/helpers/couchdb_helper.rb | 31 +--------------------------- tests/server-tests/helpers/http_helper.rb | 4 ++-- tests/server-tests/white-box/mx.rb | 10 --------- tests/server-tests/white-box/webapp.rb | 10 --------- 4 files changed, 3 insertions(+), 52 deletions(-) (limited to 'tests/server-tests') diff --git a/tests/server-tests/helpers/couchdb_helper.rb b/tests/server-tests/helpers/couchdb_helper.rb index efb2c2bf..0b6671ee 100644 --- a/tests/server-tests/helpers/couchdb_helper.rb +++ b/tests/server-tests/helpers/couchdb_helper.rb @@ -30,35 +30,6 @@ class LeapTest end end - # - # generates a couchdb url for accessing couchdb via haproxy - # - # example properties: - # - # haproxy: - # couch: - # listen_port: 4096 - # servers: - # panda: - # backup: false - # host: localhost - # port: 4000 - # weight: 100 - # writable: true - # - def couchdb_url_via_haproxy(path="", options=nil) - path = path.gsub('"', '%22') - if options && options[:username] && options[:password] - userpart = "%{username}:%{password}@" % options - else - userpart = "" - end - port = assert_property('haproxy.couch.listen_port') - return URLString.new("http://#{userpart}localhost:#{port}#{path}").tap { |url| - url.memo = '(via haproxy)' - } - end - # # generates a couchdb url for when couchdb is running locally. # @@ -140,4 +111,4 @@ class LeapTest end end -end \ No newline at end of file +end diff --git a/tests/server-tests/helpers/http_helper.rb b/tests/server-tests/helpers/http_helper.rb index 0d0bb7d5..3a1df9e7 100644 --- a/tests/server-tests/helpers/http_helper.rb +++ b/tests/server-tests/helpers/http_helper.rb @@ -5,7 +5,7 @@ class LeapTest # # In order to easily provide detailed error messages, it is useful # to append a memo to a url string that details what this url is for - # (e.g. stunnel, haproxy, etc). + # (e.g. stunnel, etc). # # So, the url happens to be a UrlString, the memo field is used # if there is an error in assert_get. @@ -154,4 +154,4 @@ class LeapTest request end -end \ No newline at end of file +end diff --git a/tests/server-tests/white-box/mx.rb b/tests/server-tests/white-box/mx.rb index 432f4e54..dfad0eed 100644 --- a/tests/server-tests/white-box/mx.rb +++ b/tests/server-tests/white-box/mx.rb @@ -24,16 +24,6 @@ class Mx < LeapTest pass end - def test_02_Can_contact_couchdb_via_haproxy? - if property('haproxy.couch') - url = couchdb_url_via_haproxy("", couch_url_options) - assert_get(url) do |body| - assert_match /"couchdb":"Welcome"/, body, "Request to #{url} should return couchdb welcome message." - end - pass - end - end - # # this test picks a random identity document, then queries # using the by_address view for that same document again. diff --git a/tests/server-tests/white-box/webapp.rb b/tests/server-tests/white-box/webapp.rb index e48df524..b1ceddb1 100644 --- a/tests/server-tests/white-box/webapp.rb +++ b/tests/server-tests/white-box/webapp.rb @@ -16,16 +16,6 @@ class Webapp < LeapTest pass end - def test_02_Can_contact_couchdb_via_haproxy? - if property('haproxy.couch') - url = couchdb_url_via_haproxy("", url_options) - assert_get(url) do |body| - assert_match /"couchdb":"Welcome"/, body, "Request to #{url} should return couchdb welcome message." - end - pass - end - end - def test_03_Are_daemons_running? assert_running match: '^/usr/sbin/apache2' assert_running match: 'ruby /usr/bin/nickserver' -- cgit v1.2.3 From 6482a4ccb3d72773cc6d00d5fa7933fa83c4cafe Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 5 Sep 2017 18:24:31 -0700 Subject: Bug: fix vpn network problem caused by vagrant fact Boolean facts must be escaped with str2bool. This commit includes new tests to catch VPN problems like this in the future. --- tests/server-tests/white-box/openvpn.rb | 36 +++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) (limited to 'tests/server-tests') diff --git a/tests/server-tests/white-box/openvpn.rb b/tests/server-tests/white-box/openvpn.rb index 4eed7eb9..adda34a9 100644 --- a/tests/server-tests/white-box/openvpn.rb +++ b/tests/server-tests/white-box/openvpn.rb @@ -13,4 +13,40 @@ class OpenVPN < LeapTest pass end + def test_02_Can_connect_to_openvpn? + # because of the way the firewall rules are currently set up, you can only + # connect to the standard 1194 openvpn port when you are connecting + # from the same host as openvpn is running on. + # + # so, this is disabled for now: + # $node['openvpn']['ports'].each {|port| ...} + # + + $node['openvpn']['protocols'].each do |protocol| + assert_openvpn_is_bound_to_port($node['openvpn']['gateway_address'], protocol, 1194) + end + pass + end + + private + + # + # asserting succeeds if openvpn appears to be correctly bound and we can + # connect to it. we don't actually try to establish a vpn connection in this + # test, we just check to see that it sort of looks like it is openvpn running + # on the port. + # + def assert_openvpn_is_bound_to_port(ip_address, protocol, port) + protocol = protocol.downcase + if protocol == 'udp' + # this sends a magic string to openvpn to attempt to start the protocol. + nc_output = `/bin/echo -e "\\x38\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" | timeout 0.5 nc -u #{ip_address} #{port}`.strip + assert !nc_output.empty?, "Could not connect to OpenVPN daemon at #{ip_address} on port #{port} (#{protocol})." + elsif protocol == 'tcp' + assert system("openssl s_client -connect #{ip_address}:#{port} 2>&1 | grep -q CONNECTED"), + "Could not connect to OpenVPN daemon at #{ip_address} on port #{port} (#{protocol})." + else + assert false, "invalid openvpn protocol #{protocol}" + end + end end -- cgit v1.2.3 From 6cc86459acccc915cb3dd4c9700dd5b64aef50c2 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 16 Nov 2017 13:10:41 -0500 Subject: CI: Change the soledad test to run before webapp It is more useful to check to see if Soledad is running before running the webapp tests that require soledad to be running. --- tests/server-tests/white-box/webapp.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'tests/server-tests') diff --git a/tests/server-tests/white-box/webapp.rb b/tests/server-tests/white-box/webapp.rb index b1ceddb1..b0285e2e 100644 --- a/tests/server-tests/white-box/webapp.rb +++ b/tests/server-tests/white-box/webapp.rb @@ -4,6 +4,7 @@ require 'json' class Webapp < LeapTest depends_on "Network" + depends_on "Soledad" def setup end -- cgit v1.2.3 From 88a95ce8d6a3a151c20cbfa0ddfff7ca75f78751 Mon Sep 17 00:00:00 2001 From: elijah Date: Mon, 27 Nov 2017 10:52:45 -0800 Subject: fix tests - webapp test should only depend on soledad if soledad service is present --- tests/server-tests/white-box/webapp.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests/server-tests') diff --git a/tests/server-tests/white-box/webapp.rb b/tests/server-tests/white-box/webapp.rb index b0285e2e..42adf219 100644 --- a/tests/server-tests/white-box/webapp.rb +++ b/tests/server-tests/white-box/webapp.rb @@ -4,7 +4,7 @@ require 'json' class Webapp < LeapTest depends_on "Network" - depends_on "Soledad" + depends_on "Soledad" if service?(:soledad) def setup end -- cgit v1.2.3