openstack/puppet-openstack-integration
Code Issues Proposed changes

refacto: move run_puppet & catch_selinux_alerts into functions

Browse Source 
Change-Id: I78324c8787b129e91f1ac32694085bde5b6043fe
This commit is contained in:
Emilien Macchi
2016-06-08 11:44:10 -04:00
parent c7ad920283
commit 5210671dbb
2 changed files with 29 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
functions
View File

@@ -140,3 +140,29 @@ install_puppet() {
$SUDO yum install -y ${PUPPET_PKG} $SUDO yum install -y ${PUPPET_PKG}
fi fi
} }
function run_puppet() {
local manifest=$1
$SUDO $PUPPET_FULL_PATH apply $PUPPET_ARGS fixtures/${manifest}.pp
local res=$?
return $res
}
function catch_selinux_alerts() {
if is_fedora; then
$SUDO sealert -a /var/log/audit/audit.log
if $SUDO grep -iq 'type=AVC' /var/log/audit/audit.log; then
echo "AVC detected in /var/log/audit/audit.log"
# TODO: figure why latest rabbitmq deployed with SSL tries to write in SSL pem file.
# https://bugzilla.redhat.com/show_bug.cgi?id=1341738
if $SUDO grep -iqE 'denied.*system_r:rabbitmq_t' /var/log/audit/audit.log; then
echo "non-critical RabbitMQ AVC, ignoring it now."
else
echo "Please file a bug on https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20OpenStack&component=openstack-selinux showing sealert output."
exit 1
fi
else
echo 'No AVC detected in /var/log/audit/audit.log'
fi
fi
}

35
run_tests.sh
View File

@@ -17,7 +17,7 @@ export PUPPET_MAJ_VERSION=${PUPPET_MAJ_VERSION:-3}
export SCENARIO=${SCENARIO:-scenario001} export SCENARIO=${SCENARIO:-scenario001}
export MANAGE_PUPPET_MODULES=${MANAGE_PUPPET_MODULES:-true} export MANAGE_PUPPET_MODULES=${MANAGE_PUPPET_MODULES:-true}
export MANAGE_REPOS=${MANAGE_REPOS:-true} export MANAGE_REPOS=${MANAGE_REPOS:-true}
export PUPPET_ARGS=${PUPPET_ARGS:-} export PUPPET_ARGS="${PUPPET_ARGS} --detailed-exitcodes --color=false --test --trace"
export SCRIPT_DIR=$(cd `dirname $0` && pwd -P) export SCRIPT_DIR=$(cd `dirname $0` && pwd -P)
export DISTRO=$(lsb_release -c -s) export DISTRO=$(lsb_release -c -s)
@@ -62,6 +62,8 @@ else
fi fi
install_puppet install_puppet
PUPPET_FULL_PATH=$(which puppet)
if uses_debs; then if uses_debs; then
$SUDO apt-get install -y dstat $SUDO apt-get install -y dstat
elif is_fedora; then elif is_fedora; then
@@ -71,37 +73,6 @@ elif is_fedora; then
$SUDO selinuxenabled && $SUDO setenforce 0 $SUDO selinuxenabled && $SUDO setenforce 0
fi fi
PUPPET_ARGS="${PUPPET_ARGS} --detailed-exitcodes --color=false --test --trace"
PUPPET_FULL_PATH=$(which puppet)
function run_puppet() {
local manifest=$1
$SUDO $PUPPET_FULL_PATH apply $PUPPET_ARGS fixtures/${manifest}.pp
local res=$?
return $res
}
function catch_selinux_alerts() {
if is_fedora; then
$SUDO sealert -a /var/log/audit/audit.log
if $SUDO grep -iq 'type=AVC' /var/log/audit/audit.log; then
echo "AVC detected in /var/log/audit/audit.log"
# TODO: figure why latest rabbitmq deployed with SSL tries to write in SSL pem file.
# https://bugzilla.redhat.com/show_bug.cgi?id=1341738
if $SUDO grep -iqE 'denied.*system_r:rabbitmq_t' /var/log/audit/audit.log; then
echo "non-critical RabbitMQ AVC, ignoring it now."
else
echo "Please file a bug on https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20OpenStack&component=openstack-selinux showing sealert output."
exit 1
fi
else
echo 'No AVC detected in /var/log/audit/audit.log'
fi
fi
}
# use dstat to monitor system activity during integration testing # use dstat to monitor system activity during integration testing
if type "dstat" 2>/dev/null; then if type "dstat" 2>/dev/null; then
print_header 'Start dstat' print_header 'Start dstat'