parent
8d2b8389cd
commit
cde1888238
|
@ -231,22 +231,54 @@ class NovajoinScenarioTest(manager.ScenarioTest):
|
|||
return self.execute_on_controller(user, controller_ip, cmd)
|
||||
|
||||
def get_rabbitmq_host(self, user, controller_ip):
|
||||
cmd = 'sudo hiera -c /etc/puppet/hiera.yaml rabbitmq::ssl_interface'
|
||||
return self.execute_on_controller(user, controller_ip, cmd).rstrip()
|
||||
return self.get_hiera(user, controller_ip, 'rabbitmq::ssl_interface')
|
||||
|
||||
def get_rabbitmq_port(self, user, controller_ip):
|
||||
cmd = 'sudo hiera -c /etc/puppet/hiera.yaml rabbitmq::ssl_port'
|
||||
return self.execute_on_controller(user, controller_ip, cmd).rstrip()
|
||||
return self.get_hiera(user, controller_ip, 'rabbitmq::ssl_port')
|
||||
|
||||
def get_libvirt_port(self, user, compute_ip):
|
||||
# TODO(alee) Get from hiera nova::migration::libvirt::listen_address
|
||||
return "16514"
|
||||
|
||||
def get_hiera(self, user, host_ip, parameter):
|
||||
cmd = ('sudo hiera -c /etc/puppet/hiera.yaml '
|
||||
'{parameter}'.format(parameter=parameter))
|
||||
return self.execute_on_controller(user, host_ip, cmd).rstrip()
|
||||
|
||||
def verify_mysql_tls_connection(self, user, host_ip):
|
||||
cmd = "sudo mysql --ssl -e \"SHOW SESSION STATUS LIKE 'Ssl_version';\""
|
||||
result = self.execute_on_controller(user, host_ip, cmd)
|
||||
self.assertTrue('TLS' in result)
|
||||
|
||||
def verify_mysql_access_with_ssl(self,
|
||||
user,
|
||||
host_ip,
|
||||
dbuser,
|
||||
dbhost,
|
||||
dbpassword):
|
||||
sql = "SHOW SESSION STATUS LIKE \'Ssl_version\';"
|
||||
cmd = ('sudo mysql --ssl -u {user} -h {host} --password={password} '
|
||||
'-e \"{sql}\"'.format(user=dbuser,
|
||||
host=dbhost,
|
||||
password=dbpassword,
|
||||
sql=sql))
|
||||
result = self.execute_on_controller(user, host_ip, cmd)
|
||||
self.assertTrue('TLS' in result)
|
||||
|
||||
def verify_mysql_access_without_ssl(self,
|
||||
user,
|
||||
host_ip,
|
||||
dbuser,
|
||||
dbhost,
|
||||
dbpassword):
|
||||
cmd = ('sudo mysql -u {user} -h {host} --password={password} '
|
||||
'-e \"SHOW DATABASES;\"'.format(user=dbuser,
|
||||
host=dbhost,
|
||||
password=dbpassword))
|
||||
self.assertRaises(subprocess.CalledProcessError,
|
||||
self.execute_on_controller,
|
||||
user, host_ip, cmd)
|
||||
|
||||
def execute_on_controller(self, user, hostip, target_cmd):
|
||||
keypair = '/home/stack/.ssh/id_rsa'
|
||||
cmd = ['ssh', '-i', keypair,
|
||||
|
|
|
@ -29,6 +29,10 @@ TLS_EXCEPTIONS = [
|
|||
("horizon", "80")
|
||||
]
|
||||
|
||||
NOVADB_USER = 'nova::db::mysql::user'
|
||||
NOVADB_HOST = 'nova::db::mysql::host'
|
||||
NOVADB_PASSWORD = 'nova::db::mysql::password'
|
||||
|
||||
|
||||
class TripleOTLSTest(novajoin_manager.NovajoinScenarioTest):
|
||||
|
||||
|
@ -108,8 +112,10 @@ class TripleOTLSTest(novajoin_manager.NovajoinScenarioTest):
|
|||
def test_rabbitmq_tls_connection(self):
|
||||
for controller in CONF.novajoin.tripleo_controllers:
|
||||
controller_ip = self.get_overcloud_server_ip(controller)
|
||||
rabbitmq_host = self.get_rabbitmq_host('heat-admin', controller_ip)
|
||||
rabbitmq_port = self.get_rabbitmq_port('heat-admin', controller_ip)
|
||||
rabbitmq_host = self.get_rabbitmq_host('heat-admin',
|
||||
controller_ip)
|
||||
rabbitmq_port = self.get_rabbitmq_port('heat-admin',
|
||||
controller_ip)
|
||||
self.verify_overcloud_tls_connection(
|
||||
controller_ip=controller_ip,
|
||||
user='heat-admin',
|
||||
|
@ -134,3 +140,39 @@ class TripleOTLSTest(novajoin_manager.NovajoinScenarioTest):
|
|||
for controller in CONF.novajoin.tripleo_controllers:
|
||||
controller_ip = self.get_overcloud_server_ip(controller)
|
||||
self.verify_mysql_tls_connection('heat-admin', controller_ip)
|
||||
|
||||
def test_mysql_nova_connection_with_ssl(self):
|
||||
for controller in CONF.novajoin.tripleo_controllers:
|
||||
controller_ip = self.get_overcloud_server_ip(controller)
|
||||
dbuser = self.get_hiera('heat-admin',
|
||||
controller_ip,
|
||||
NOVADB_USER)
|
||||
dbhost = self.get_hiera('heat-admin',
|
||||
controller_ip,
|
||||
NOVADB_HOST)
|
||||
dbpassword = self.get_hiera('heat-admin',
|
||||
controller_ip,
|
||||
NOVADB_PASSWORD)
|
||||
self.verify_mysql_access_with_ssl('heat-admin',
|
||||
controller_ip,
|
||||
dbuser,
|
||||
dbhost,
|
||||
dbpassword)
|
||||
|
||||
def test_mysql_nova_connection_without_ssl(self):
|
||||
for controller in CONF.novajoin.tripleo_controllers:
|
||||
controller_ip = self.get_overcloud_server_ip(controller)
|
||||
dbuser = self.get_hiera('heat-admin',
|
||||
controller_ip,
|
||||
NOVADB_USER)
|
||||
dbhost = self.get_hiera('heat-admin',
|
||||
controller_ip,
|
||||
NOVADB_HOST)
|
||||
dbpassword = self.get_hiera('heat-admin',
|
||||
controller_ip,
|
||||
NOVADB_PASSWORD)
|
||||
self.verify_mysql_access_without_ssl('heat-admin',
|
||||
controller_ip,
|
||||
dbuser,
|
||||
dbhost,
|
||||
dbpassword)
|
||||
|
|
Loading…
Reference in New Issue