Open mirror ssl ports externally

This was missed in an earlier change where we enabled these vhosts. Testing worked because testing was communicating to localhost and not the public ip address. This has been addressed as well. Change-Id: I2d91aea466f1b587780a452cfe8e1396515930ed
2020-05-19 15:32:10 -07:00 · 2020-05-19 15:32:10 -07:00 · d8f01de682
commit d8f01de682
parent 728f8a9ee5
2 changed files with 59 additions and 24 deletions
--- a/playbooks/group_vars/mirror.yaml
+++ b/playbooks/group_vars/mirror.yaml
@ -1,6 +1,11 @@
 iptables_extra_public_tcp_ports:
  - 80
  - 443
+  - 4443
+  - 4444
+  - 4445
+  - 4446
+  - 4447
  - 8080
  - 8081
  - 8082
--- a/testinfra/test_mirror.py
+++ b/testinfra/test_mirror.py
@ -23,42 +23,72 @@ def test_apache(host):

 def test_base_mirror(host):
    # BaseMirror
-    cmd = host.run("wget --no-check-certificate -qO- https://localhost/")
-    assert '<a href="debian/">' in cmd.stdout
+    for addr in host.addr(host.backend.host).ip_addresses:
+        cmd = host.run("wget --no-check-certificate -qO- https://%s/" % addr)
+        assert '<a href="debian/">' in cmd.stdout

-    cmd = host.run("wget -qO- http://localhost/")
-    assert '<a href="debian/">' in cmd.stdout
+        cmd = host.run("wget -qO- http://%s/" % addr)
+        assert '<a href="debian/">' in cmd.stdout

 def test_proxy_mirror(host):
    # ProxyMirror
-    cmd = host.run("wget --no-check-certificate -qO- "
-                   "https://localhost:4443/pypi/simple/setuptools")
-    assert 'setuptools' in cmd.stdout
+    for addr in host.addr(host.backend.host).ipv4_addresses:
+        cmd = host.run("wget --no-check-certificate -qO- "
+                       "https://%s:4443/pypi/simple/setuptools" % addr)
+        assert 'setuptools' in cmd.stdout

-    cmd = host.run("wget -qO- http://localhost:8080/pypi/simple/setuptools")
-    assert 'setuptools' in cmd.stdout
+        cmd = host.run("wget -qO- "
+                       "http://%s:8080/pypi/simple/setuptools" % addr)
+        assert 'setuptools' in cmd.stdout
+
+    # split the test cases so that we can escape the ipv6 addrs properly
+    for addr in host.addr(host.backend.host).ipv6_addresses:
+        cmd = host.run("wget --no-check-certificate -qO- "
+                       "https://[%s]:4443/pypi/simple/setuptools" % addr)
+        assert 'setuptools' in cmd.stdout
+
+        cmd = host.run("wget -qO- "
+                       "http://[%s]:8080/pypi/simple/setuptools" % addr)
+        assert 'setuptools' in cmd.stdout

 def test_dockerv1_mirror(host):
    # Dockerv1Mirror
-    cmd = host.run("wget --no-check-certificate -O- "
-                   "https://localhost:4444/registry-1.docker")
-    # TODO assert that this proxy cache is working more properly
-    assert '403 Forbidden' in cmd.stderr
+    for addr in host.addr(host.backend.host).ipv4_addresses:
+        cmd = host.run("wget --no-check-certificate -O- "
+                       "https://%s:4444/registry-1.docker" % addr)
+        # TODO assert that this proxy cache is working more properly
+        assert '403 Forbidden' in cmd.stderr

-    cmd = host.run("wget -O- http://localhost:8081/registry-1.docker")
-    # TODO assert that this proxy cache is working more properly
-    assert '403 Forbidden' in cmd.stderr
+        cmd = host.run("wget -O- http://%s:8081/registry-1.docker" % addr)
+        # TODO assert that this proxy cache is working more properly
+        assert '403 Forbidden' in cmd.stderr
+
+    for addr in host.addr(host.backend.host).ipv6_addresses:
+        cmd = host.run("wget --no-check-certificate -O- "
+                       "https://[%s]:4444/registry-1.docker" % addr)
+        # TODO assert that this proxy cache is working more properly
+        assert '403 Forbidden' in cmd.stderr
+
+        cmd = host.run("wget -O- http://[%s]:8081/registry-1.docker" % addr)
+        # TODO assert that this proxy cache is working more properly
+        assert '403 Forbidden' in cmd.stderr

 def test_dockerv2_mirror(host):
    # Dockerv2Mirror
-    cmd = host.run("wget --no-check-certificate -O- "
-                   "https://localhost:4445/v2/")
-    assert '401 Unauthorized' in cmd.stderr
+    for addr in host.addr(host.backend.host).ipv4_addresses:
+        cmd = host.run("wget --no-check-certificate -O- "
+                       "https://%s:4445/v2/" % addr)
+        assert '401 Unauthorized' in cmd.stderr

-    cmd = host.run("wget -O- http://localhost:8082/v2/")
-    assert '401 Unauthorized' in cmd.stderr
+        cmd = host.run("wget -O- http://%s:8082/v2/" %addr)
+        assert '401 Unauthorized' in cmd.stderr
+
+    for addr in host.addr(host.backend.host).ipv6_addresses:
+        cmd = host.run("wget --no-check-certificate -O- "
+                       "https://[%s]:4445/v2/" % addr)
+        assert '401 Unauthorized' in cmd.stderr
+
+        cmd = host.run("wget -O- http://[%s]:8082/v2/" %addr)
+        assert '401 Unauthorized' in cmd.stderr

 # TODO test RHRegistryMirror and QuayMirror
-
-# NOTE(ianw): further testing idea for anyone interested; get the
-# actual IP address of the mirror node and connect via that