system-config/testinfra/test_base.py
2023-03-29 13:35:19 +02:00

121 lines
4.0 KiB
Python

# Copyright 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import util
testinfra_hosts = ['all']
def test_firewalld(host):
firewalld = host.service('firewalld')
assert firewalld.is_running
assert firewalld.is_enabled
ports = util.verify_firewalld_ports(host)
services = util.verify_firewalld_services(host)
# Make sure that the zuul console stream rule is still present
zuul = '19885/tcp'
assert zuul in ports
def test_ntp(host):
package = host.package("ntp")
if host.system_info.distribution in ['fedora', 'centos']:
package = host.package('chrony')
assert package.is_installed
service = host.service('chronyd')
assert service.is_running
assert service.is_enabled
else:
assert not package.is_installed
service = host.service('systemd-timesyncd')
assert service.is_running
# Focal updates the status string to just say NTP
if host.system_info.codename == 'bionic':
stdout_string = 'systemd-timesyncd.service active'
else:
stdout_string = 'NTP service: active'
cmd = host.run("timedatectl status")
assert stdout_string in cmd.stdout
def test_timezone(host):
tz = host.check_output('date +%Z')
assert tz == "UTC"
def test_unbound(host):
output = host.check_output('host opendev.org')
assert 'has address' in output
def test_unattended_upgrades(host):
if host.system_info.distribution in ['ubuntu', 'debian']:
package = host.package("unattended-upgrades")
assert package.is_installed
package = host.package("mailutils")
assert package.is_installed
cfg_file = host.file("/etc/apt/apt.conf.d/10periodic")
assert cfg_file.exists
assert cfg_file.contains('^APT::Periodic::Enable "1"')
assert cfg_file.contains('^APT::Periodic::Update-Package-Lists "1"')
assert cfg_file.contains('^APT::Periodic::Download-Upgradeable-Packages "1"')
assert cfg_file.contains('^APT::Periodic::AutocleanInterval "5"')
assert cfg_file.contains('^APT::Periodic::Unattended-Upgrade "1"')
assert cfg_file.contains('^APT::Periodic::RandomSleep "1800"')
cfg_file = host.file("/etc/apt/apt.conf.d/50unattended-upgrades")
assert cfg_file.contains('^Unattended-Upgrade::Mail "root"')
else:
package = host.package("dnf-automatic")
assert package.is_installed
service = host.service("crond")
assert service.is_enabled
assert service.is_running
cfg_file = host.file("/etc/dnf/automatic.conf")
assert cfg_file.exists
assert cfg_file.contains('apply_updates = yes')
def test_logrotate(host):
'''Check for log rotation configuration files
The magic number here is [0:5] of the sha1 hash of the full
path to the rotated logfile; the role adds this for uniqueness.
'''
ansible_vars = host.ansible.get_variables()
if ansible_vars['inventory_hostname'] == 'bridge.eco.tsi-dev.otc-service.com':
cfg_file = host.file("/etc/logrotate.d/ansible.log.37237.conf")
assert cfg_file.exists
assert cfg_file.contains('/var/log/ansible/ansible.log')
def test_no_recommends(host):
if host.system_info.distribution in ['ubuntu', 'debian']:
cfg_file = host.file("/etc/apt/apt.conf.d/95disable-recommends")
assert cfg_file.exists
assert cfg_file.contains('^APT::Install-Recommends "0"')
assert cfg_file.contains('^APT::Install-Suggests "0"')