53522910fb
This attempts to exercise our firewall rules externally via the bridge host in our testinfra testing. If we like this style of rule we can add a number of tests for various firewall behaviors that we want to ensure. Change-Id: I4ee63bc6f15af9b68fc1c690c5d92f4bf9c756c3
77 lines
2.7 KiB
Python
77 lines
2.7 KiB
Python
# Copyright 2020 Red Hat, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import json
|
|
import util
|
|
|
|
|
|
testinfra_hosts = ['zk04.opendev.org']
|
|
|
|
|
|
def test_id_file(host):
|
|
# Test that wacky hostname regex works
|
|
myid = host.file('/var/zookeeper/data/myid')
|
|
assert myid.content == b'4\n'
|
|
|
|
def test_zk_listening(host):
|
|
zk = host.socket("tcp://0.0.0.0:2181")
|
|
assert zk.is_listening
|
|
|
|
def test_zk_listening_ssl(host):
|
|
zk = host.socket("tcp://0.0.0.0:2281")
|
|
assert zk.is_listening
|
|
|
|
def test_l4_commands(host):
|
|
cmd = host.run("echo srvr | nc localhost 2181")
|
|
assert "Zookeeper version" in cmd.stdout
|
|
assert "not executed because it is not in the whitelist" not in cmd.stdout
|
|
|
|
cmd = host.run("echo stat | nc localhost 2181")
|
|
assert "Zookeeper version" in cmd.stdout
|
|
assert "not executed because it is not in the whitelist" not in cmd.stdout
|
|
|
|
cmd = host.run("echo dump | nc localhost 2181")
|
|
assert "SessionTracker dump" in cmd.stdout
|
|
assert "not executed because it is not in the whitelist" not in cmd.stdout
|
|
|
|
cmd = host.run("echo mntr | nc localhost 2181")
|
|
assert "zk_version" in cmd.stdout
|
|
assert "not executed because it is not in the whitelist" not in cmd.stdout
|
|
|
|
def test_zookeeper_statsd_running(host):
|
|
cmd = host.run("docker inspect zookeeper-compose_zookeeper-statsd_1")
|
|
out = json.loads(cmd.stdout)
|
|
assert out[0]["State"]["Status"] == "running"
|
|
assert out[0]["RestartCount"] == 0
|
|
|
|
def test_zk_2181_accessibility(host):
|
|
# Ask the host to report its own IP addresses. This will use our test
|
|
# local /etc/hosts values and not DNS.
|
|
zk = host.addr("zk04.opendev.org")
|
|
# Verify it is using our local /etc/hosts values
|
|
print(zk.ipv4_addresses)
|
|
print(zk.ipv6_addresses)
|
|
|
|
for addr in zk.ipv4_addresses + zk.ipv6_addresses:
|
|
if addr.startswith("::ffff:"):
|
|
# This is an ipv4 address mapped to ipv6 and is covered by
|
|
# the ipv4_addresses list
|
|
continue
|
|
if addr.startswith("127.") or addr == "::1":
|
|
# We don't want to talk to localhost as we are connecting
|
|
# from our test bridge instance.
|
|
continue
|
|
util.check_unreachable(addr, 2181)
|
|
util.check_unreachable(addr, 2281)
|