aboutsummaryrefslogtreecommitdiffstats
path: root/functest/opnfv_tests
diff options
context:
space:
mode:
Diffstat (limited to 'functest/opnfv_tests')
-rwxr-xr-xfunctest/opnfv_tests/features/security_scan.py24
-rw-r--r--functest/opnfv_tests/openstack/snaps/health_check.py34
-rw-r--r--functest/opnfv_tests/openstack/tempest/conf_utils.py51
-rw-r--r--functest/opnfv_tests/security_scan/config.ini29
-rw-r--r--functest/opnfv_tests/security_scan/connect.py245
-rw-r--r--functest/opnfv_tests/security_scan/examples/xccdf-rhel7-server-upstream.ini29
-rw-r--r--functest/opnfv_tests/security_scan/examples/xccdf-standard.ini29
-rw-r--r--functest/opnfv_tests/security_scan/scripts/createfiles.py26
-rw-r--r--functest/opnfv_tests/security_scan/scripts/internet_check.py27
-rwxr-xr-xfunctest/opnfv_tests/security_scan/security_scan.py220
10 files changed, 94 insertions, 620 deletions
diff --git a/functest/opnfv_tests/features/security_scan.py b/functest/opnfv_tests/features/security_scan.py
new file mode 100755
index 00000000..bcae516b
--- /dev/null
+++ b/functest/opnfv_tests/features/security_scan.py
@@ -0,0 +1,24 @@
+#!/usr/bin/python
+#
+# Copyright (c) 2015 All rights reserved
+# This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+
+import functest.core.feature_base as base
+from functest.utils.constants import CONST
+
+
+class SecurityScan(base.FeatureBase):
+ def __init__(self):
+ super(SecurityScan, self).__init__(project='security_scan',
+ case='security_scan',
+ repo='dir_repo_securityscan')
+ self.cmd = ('bash {0} && '
+ 'cd {1} && '
+ 'python security_scan.py --config config.ini && '
+ 'cd -'.format(CONST.openstack_creds,
+ self.repo))
diff --git a/functest/opnfv_tests/openstack/snaps/health_check.py b/functest/opnfv_tests/openstack/snaps/health_check.py
new file mode 100644
index 00000000..993c1000
--- /dev/null
+++ b/functest/opnfv_tests/openstack/snaps/health_check.py
@@ -0,0 +1,34 @@
+# Copyright (c) 2015 All rights reserved
+# This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+
+import unittest
+
+from snaps.openstack.tests.os_source_file_test import OSIntegrationTestCase
+from snaps.openstack.tests.create_instance_tests import SimpleHealthCheck
+
+from functest.core.pytest_suite_runner import PyTestSuiteRunner
+from functest.opnfv_tests.openstack.snaps import snaps_utils
+from functest.utils.constants import CONST
+
+
+class HealthCheck(PyTestSuiteRunner):
+ """
+ This test executes the SNAPS Python Test case SimpleHealthCheck which
+ creates a VM with a single port with an IPv4 address that is assigned by
+ DHCP. This test then validates the expected IP with the actual
+ """
+ def __init__(self):
+ super(HealthCheck, self).__init__()
+
+ self.suite = unittest.TestSuite()
+ self.case_name = "snaps_health_check"
+ ext_net_name = snaps_utils.get_ext_net_name()
+
+ self.suite.addTest(
+ OSIntegrationTestCase.parameterize(
+ SimpleHealthCheck, CONST.openstack_creds, ext_net_name,
+ use_keystone=CONST.snaps_use_keystone))
diff --git a/functest/opnfv_tests/openstack/tempest/conf_utils.py b/functest/opnfv_tests/openstack/tempest/conf_utils.py
index 91a5bb4b..f013b442 100644
--- a/functest/opnfv_tests/openstack/tempest/conf_utils.py
+++ b/functest/opnfv_tests/openstack/tempest/conf_utils.py
@@ -110,24 +110,23 @@ def get_verifier_deployment_dir(verifier_id, deployment_id):
def configure_tempest(deployment_dir, IMAGE_ID=None, FLAVOR_ID=None):
"""
- Add/update needed parameters into tempest.conf file generated by Rally
+ Calls rally verify and updates the generated tempest.conf with
+ given parameters
"""
- tempest_conf_file = os.path.join(deployment_dir, "tempest.conf")
- if os.path.isfile(tempest_conf_file):
- logger.debug("Verifier is already configured.")
- logger.debug("Reconfiguring the current verifier...")
- cmd = "rally verify configure-verifier --reconfigure"
+ conf_verifier_result = configure_verifier(deployment_dir)
+ if conf_verifier_result == releng_constants.EXIT_RUN_ERROR:
+ return releng_constants.EXIT_RUN_ERROR
else:
- logger.info("Configuring the verifier...")
- cmd = "rally verify configure-verifier"
- ft_utils.execute_command(cmd)
+ configure_tempest_update_params(conf_verifier_result,
+ IMAGE_ID, FLAVOR_ID)
+ return releng_constants.EXIT_OK
- logger.debug("Looking for tempest.conf file...")
- if not os.path.isfile(tempest_conf_file):
- logger.error("Tempest configuration file %s NOT found."
- % tempest_conf_file)
- return releng_constants.EXIT_RUN_ERROR
+def configure_tempest_update_params(tempest_conf_file,
+ IMAGE_ID=None, FLAVOR_ID=None):
+ """
+ Add/update needed parameters into tempest.conf file
+ """
logger.debug("Updating selected tempest.conf parameters...")
config = ConfigParser.RawConfigParser()
config.read(tempest_conf_file)
@@ -178,7 +177,29 @@ def configure_tempest(deployment_dir, IMAGE_ID=None, FLAVOR_ID=None):
shutil.copyfile(tempest_conf_file,
os.path.join(TEMPEST_RESULTS_DIR, 'tempest.conf'))
- return releng_constants.EXIT_OK
+
+def configure_verifier(deployment_dir):
+ """
+ Execute rally verify configure-verifier, which generates tempest.conf
+ """
+ tempest_conf_file = os.path.join(deployment_dir, "tempest.conf")
+ if os.path.isfile(tempest_conf_file):
+ logger.debug("Verifier is already configured.")
+ logger.debug("Reconfiguring the current verifier...")
+ cmd = "rally verify configure-verifier --reconfigure"
+ else:
+ logger.info("Configuring the verifier...")
+ cmd = "rally verify configure-verifier"
+ ft_utils.execute_command(cmd)
+ logger.debug("Looking for tempest.conf file...")
+
+ if not os.path.isfile(tempest_conf_file):
+ logger.error("Tempest configuration file %s NOT found."
+ % tempest_conf_file)
+ return releng_constants.EXIT_RUN_ERROR
+
+ else:
+ return tempest_conf_file
def configure_tempest_multisite(deployment_dir):
diff --git a/functest/opnfv_tests/security_scan/config.ini b/functest/opnfv_tests/security_scan/config.ini
deleted file mode 100644
index b97de80f..00000000
--- a/functest/opnfv_tests/security_scan/config.ini
+++ /dev/null
@@ -1,29 +0,0 @@
-[undercloud]
-port = 22
-user = stack
-remotekey = /home/stack/.ssh/id_rsa
-localkey = /root/.ssh/overCloudKey
-
-[controller]
-port = 22
-user = heat-admin
-scantype = xccdf
-secpolicy = /usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml
-cpe = /usr/share/xml/scap/ssg/content/ssg-rhel7-cpe-dictionary.xml
-profile = stig-rhel7-server-upstream
-report = report.html
-results = results.xml
-reports_dir=/home/opnfv/functest/results/security_scan/
-clean = True
-
-[compute]
-port = 22
-user = heat-admin
-scantype = xccdf
-secpolicy = /usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml
-cpe = /usr/share/xml/scap/ssg/content/ssg-rhel7-cpe-dictionary.xml
-profile = sstig-rhel7-server-upstream
-report = report.html
-results = results.xml
-reports_dir=/home/opnfv/functest/results/security_scan/
-clean = True
diff --git a/functest/opnfv_tests/security_scan/connect.py b/functest/opnfv_tests/security_scan/connect.py
deleted file mode 100644
index 3d5456c5..00000000
--- a/functest/opnfv_tests/security_scan/connect.py
+++ /dev/null
@@ -1,245 +0,0 @@
-#!/usr/bin/python
-#
-# Copyright (c) 2016 Red Hat
-# Luke Hinds (lhinds@redhat.com)
-# This program and the accompanying materials
-# are made available under the terms of the Apache License, Version 2.0
-# which accompanies this distribution, and is available at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# 0.1: OpenSCAP paramiko connection functions
-
-import os
-import socket
-import paramiko
-
-import functest.utils.functest_logger as ft_logger
-import functest.utils.functest_constants as ft_constants
-
-# add installer IP from env
-INSTALLER_IP = ft_constants.CI_INSTALLER_IP
-
-# Set up loggers
-logger = ft_logger.Logger("security_scan").getLogger()
-paramiko.util.log_to_file("/var/log/paramiko.log")
-
-
-class SetUp:
- def __init__(self, *args):
- self.args = args
-
- def keystonepass(self):
- com = self.args[0]
- client = paramiko.SSHClient()
- privatekeyfile = os.path.expanduser('/root/.ssh/id_rsa')
- selectedkey = paramiko.RSAKey.from_private_key_file(privatekeyfile)
- client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
- try:
- client.connect(INSTALLER_IP, port=22, username='stack',
- pkey=selectedkey)
- except paramiko.SSHException:
- logger.error("Password is invalid for "
- "undercloud host: {0}".format(INSTALLER_IP))
- except paramiko.AuthenticationException:
- logger.error("Authentication failed for "
- "undercloud host: {0}".format(INSTALLER_IP))
- except socket.error:
- logger.error("Socker Connection failed for "
- "undercloud host: {0}".format(INSTALLER_IP))
- stdin, stdout, stderr = client.exec_command(com)
- return stdout.read()
- client.close()
-
- def getockey(self):
- remotekey = self.args[0]
- localkey = self.args[1]
- privatekeyfile = os.path.expanduser('/root/.ssh/id_rsa')
- selectedkey = paramiko.RSAKey.from_private_key_file(privatekeyfile)
- transport = paramiko.Transport((INSTALLER_IP, 22))
- transport.connect(username='stack', pkey=selectedkey)
- try:
- sftp = paramiko.SFTPClient.from_transport(transport)
- except paramiko.SSHException:
- logger.error("Authentication failed for "
- "host: {0}".format(INSTALLER_IP))
- except paramiko.AuthenticationException:
- logger.error("Authentication failed for "
- "host: {0}".format(INSTALLER_IP))
- except socket.error:
- logger.error("Socker Connection failed for "
- "undercloud host: {0}".format(INSTALLER_IP))
- sftp.get(remotekey, localkey)
- sftp.close()
- transport.close()
-
-
-class ConnectionManager:
- def __init__(self, host, port, user, localkey, *args):
- self.host = host
- self.port = port
- self.user = user
- self.localkey = localkey
- self.args = args
-
- def remotescript(self):
- localpath = self.args[0]
- remotepath = self.args[1]
- com = self.args[2]
-
- client = paramiko.SSHClient()
- privatekeyfile = os.path.expanduser('/root/.ssh/id_rsa')
- selectedkey = paramiko.RSAKey.from_private_key_file(privatekeyfile)
- client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
- # Connection to undercloud
- try:
- client.connect(INSTALLER_IP, port=22, username='stack',
- pkey=selectedkey)
- except paramiko.SSHException:
- logger.error("Authentication failed for "
- "host: {0}".format(self.host))
- except paramiko.AuthenticationException:
- logger.error("Authentication failed for "
- "host: {0}".format(self.host))
- except socket.error:
- logger.error("Socker Connection failed for "
- "undercloud host: {0}".format(self.host))
-
- transport = client.get_transport()
- local_addr = ('127.0.0.1', 0)
- channel = transport.open_channel("direct-tcpip",
- (self.host, int(self.port)),
- (local_addr))
- remote_client = paramiko.SSHClient()
- remote_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
- # Tunnel to overcloud
- try:
- remote_client.connect('127.0.0.1', port=22, username=self.user,
- key_filename=self.localkey, sock=channel)
- sftp = remote_client.open_sftp()
- sftp.put(localpath, remotepath)
- except paramiko.SSHException:
- logger.error("Authentication failed for "
- "host: {0}".format(self.host))
- except paramiko.AuthenticationException:
- logger.error("Authentication failed for "
- "host: {0}".format(self.host))
- except socket.error:
- logger.error("Socker Connection failed for "
- "undercloud host: {0}".format(self.host))
-
- output = ""
- stdin, stdout, stderr = remote_client.exec_command(com)
- stdout = stdout.readlines()
- # remove script
- sftp.remove(remotepath)
- remote_client.close()
- client.close()
- # Pipe back stout
- for line in stdout:
- output = output + line
- if output != "":
- return output
-
- def remotecmd(self):
- com = self.args[0]
-
- client = paramiko.SSHClient()
- privatekeyfile = os.path.expanduser('/root/.ssh/id_rsa')
- selectedkey = paramiko.RSAKey.from_private_key_file(privatekeyfile)
- client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
- # Connection to undercloud
- try:
- client.connect(INSTALLER_IP, port=22, username='stack',
- pkey=selectedkey)
- except paramiko.SSHException:
- logger.error("Authentication failed for "
- "host: {0}".format(self.host))
- except paramiko.AuthenticationException:
- logger.error("Authentication failed for "
- "host: {0}".format(self.host))
- except socket.error:
- logger.error("Socker Connection failed for "
- "undercloud host: {0}".format(self.host))
-
- transport = client.get_transport()
- local_addr = ('127.0.0.1', 0) # 0 denotes choose random port
- channel = transport.open_channel("direct-tcpip",
- (self.host, int(self.port)),
- (local_addr))
- remote_client = paramiko.SSHClient()
- remote_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
- # Tunnel to overcloud
- try:
- remote_client.connect('127.0.0.1', port=22, username=self.user,
- key_filename=self.localkey, sock=channel)
- except paramiko.SSHException:
- logger.error("Authentication failed for "
- "host: {0}".format(self.host))
- except paramiko.AuthenticationException:
- logger.error("Authentication failed for "
- "host: {0}".format(self.host))
- except socket.error:
- logger.error("Socker Connection failed for "
- "undercloud host: {0}".format(self.host))
-
- chan = remote_client.get_transport().open_session()
- chan.get_pty()
- feed = chan.makefile()
- chan.exec_command(com)
- print feed.read()
-
- remote_client.close()
- client.close()
-
- def download_reports(self):
- dl_folder = self.args[0]
- reportfile = self.args[1]
- reportname = self.args[2]
- resultsname = self.args[3]
- client = paramiko.SSHClient()
- privatekeyfile = os.path.expanduser('/root/.ssh/id_rsa')
- selectedkey = paramiko.RSAKey.from_private_key_file(privatekeyfile)
- client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
- # Connection to overcloud
- try:
- client.connect(INSTALLER_IP, port=22, username='stack',
- pkey=selectedkey)
- except paramiko.SSHException:
- logger.error("Authentication failed for "
- "host: {0}".format(self.host))
- except paramiko.AuthenticationException:
- logger.error("Authentication failed for "
- "host: {0}".format(self.host))
- except socket.error:
- logger.error("Socker Connection failed for "
- "undercloud host: {0}".format(self.host))
-
- transport = client.get_transport()
- local_addr = ('127.0.0.1', 0) # 0 denotes choose random port
- channel = transport.open_channel("direct-tcpip",
- (self.host, int(self.port)),
- (local_addr))
- remote_client = paramiko.SSHClient()
- remote_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
- # Tunnel to overcloud
- try:
- remote_client.connect('127.0.0.1', port=22, username=self.user,
- key_filename=self.localkey, sock=channel)
- except paramiko.SSHException:
- logger.error("Authentication failed for "
- "host: {0}".format(self.host))
- except paramiko.AuthenticationException:
- logger.error("Authentication failed for "
- "host: {0}".format(self.host))
- except socket.error:
- logger.error("Socker Connection failed for "
- "undercloud host: {0}".format(self.host))
- # Download the reports
- sftp = remote_client.open_sftp()
- logger.info("Downloading \"{0}\"...".format(reportname))
- sftp.get(reportfile, ('{0}/{1}'.format(dl_folder, reportname)))
- logger.info("Downloading \"{0}\"...".format(resultsname))
- sftp.get(reportfile, ('{0}/{1}'.format(dl_folder, resultsname)))
- sftp.close()
- transport.close()
diff --git a/functest/opnfv_tests/security_scan/examples/xccdf-rhel7-server-upstream.ini b/functest/opnfv_tests/security_scan/examples/xccdf-rhel7-server-upstream.ini
deleted file mode 100644
index 43b2e82d..00000000
--- a/functest/opnfv_tests/security_scan/examples/xccdf-rhel7-server-upstream.ini
+++ /dev/null
@@ -1,29 +0,0 @@
-[undercloud]
-port = 22
-user = stack
-remotekey = /home/stack/.ssh/id_rsa
-localkey = /root/.ssh/overCloudKey
-
-[controller]
-port = 22
-user = heat-admin
-scantype = xccdf
-secpolicy = /usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml
-cpe = /usr/share/xml/scap/ssg/content/ssg-rhel7-cpe-dictionary.xml
-profile = stig-rhel7-server-upstream
-report = report.hmtl
-results = results.xml
-reports_dir=/home/opnfv/functest/results/security_scan/
-clean = True
-
-[compute]
-port = 22
-user = heat-admin
-scantype = xccdf
-secpolicy = /usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml
-cpe = /usr/share/xml/scap/ssg/content/ssg-rhel7-cpe-dictionary.xml
-profile = stig-rhel7-server-upstream
-report = report.hmtl
-results = results.xml
-reports_dir=/home/opnfv/functest/results/security_scan/
-clean = True
diff --git a/functest/opnfv_tests/security_scan/examples/xccdf-standard.ini b/functest/opnfv_tests/security_scan/examples/xccdf-standard.ini
deleted file mode 100644
index bfbcf82d..00000000
--- a/functest/opnfv_tests/security_scan/examples/xccdf-standard.ini
+++ /dev/null
@@ -1,29 +0,0 @@
-[undercloud]
-port = 22
-user = stack
-remotekey = /home/stack/.ssh/id_rsa
-localkey = /root/.ssh/overCloudKey
-
-[controller]
-port = 22
-user = heat-admin
-scantype = xccdf
-secpolicy = /usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml
-cpe = /usr/share/xml/scap/ssg/content/ssg-rhel7-cpe-dictionary.xml
-profile = standard
-report = report.hmtl
-results = results.xml
-reports_dir=/home/opnfv/functest/results/security_scan/
-clean = True
-
-[compute]
-port = 22
-user = heat-admin
-scantype = xccdf
-secpolicy = /usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml
-cpe = /usr/share/xml/scap/ssg/content/ssg-rhel7-cpe-dictionary.xml
-profile = standard
-report = report.hmtl
-results = results.xml
-reports_dir=/home/opnfv/functest/results/security_scan/
-clean = True
diff --git a/functest/opnfv_tests/security_scan/scripts/createfiles.py b/functest/opnfv_tests/security_scan/scripts/createfiles.py
deleted file mode 100644
index b828901a..00000000
--- a/functest/opnfv_tests/security_scan/scripts/createfiles.py
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/usr/bin/python
-#
-# Copyright (c) 2016 Red Hat
-# Luke Hinds (lhinds@redhat.com)
-# This program and the accompanying materials
-# are made available under the terms of the Apache License, Version 2.0
-# which accompanies this distribution, and is available at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# 0.1: This script creates the needed local files into a tmp directory. Should
-# '--clean' be passed, all files will be removed, post scan.
-
-
-import os
-import tempfile
-
-files = ['results.xml', 'report.html', 'syschar.xml']
-
-
-directory_name = tempfile.mkdtemp()
-
-for i in files:
- os.system("touch %s/%s" % (directory_name, i))
-
-print directory_name
diff --git a/functest/opnfv_tests/security_scan/scripts/internet_check.py b/functest/opnfv_tests/security_scan/scripts/internet_check.py
deleted file mode 100644
index d417d174..00000000
--- a/functest/opnfv_tests/security_scan/scripts/internet_check.py
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/usr/bin/python
-#
-# Copyright (c) 2016 Red Hat
-# Luke Hinds (lhinds@redhat.com)
-# This program and the accompanying materials
-# are made available under the terms of the Apache License, Version 2.0
-# which accompanies this distribution, and is available at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Performs simple connection check, falls to default timeout of 10 seconds
-
-import socket
-
-TEST_HOST = "google.com"
-
-
-def is_connected():
- try:
- host = socket.gethostbyname(TEST_HOST)
- socket.create_connection((host, 80), 2)
- return True
- except:
- return False
-
-
-print is_connected()
diff --git a/functest/opnfv_tests/security_scan/security_scan.py b/functest/opnfv_tests/security_scan/security_scan.py
deleted file mode 100755
index f0673924..00000000
--- a/functest/opnfv_tests/security_scan/security_scan.py
+++ /dev/null
@@ -1,220 +0,0 @@
-#!/usr/bin/python
-#
-# Copyright (c) 2016 Red Hat
-# Luke Hinds (lhinds@redhat.com)
-# This program and the accompanying materials
-# are made available under the terms of the Apache License, Version 2.0
-# which accompanies this distribution, and is available at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# 0.1: This script installs OpenSCAP on the remote host, and scans the
-# nominated node. Post scan a report is downloaded and if '--clean' is passed
-# all trace of the scan is removed from the remote system.
-
-
-import datetime
-import os
-import sys
-from ConfigParser import SafeConfigParser
-
-import argparse
-from keystoneclient import session
-from keystoneclient.auth.identity import v2
-from novaclient import client
-
-import connect
-import functest.utils.functest_constants as ft_constants
-
-__version__ = 0.1
-__author__ = 'Luke Hinds (lhinds@redhat.com)'
-__url__ = 'https://wiki.opnfv.org/display/functest/Functest+Security'
-
-# Global vars
-INSTALLER_IP = ft_constants.CI_INSTALLER_IP
-oscapbin = 'sudo /bin/oscap'
-functest_dir = '%s/security_scan/' % ft_constants.FUNCTEST_TEST_DIR
-
-# Apex Spefic var needed to query Undercloud
-if ft_constants.OS_AUTH_URL is None:
- connect.logger.error(" Enviroment variable OS_AUTH_URL is not set")
- sys.exit(0)
-else:
- OS_AUTH_URL = ft_constants.OS_AUTH_URL
-
-# args
-parser = argparse.ArgumentParser(description='OPNFV OpenSCAP Scanner')
-parser.add_argument('--config', action='store', dest='cfgfile',
- help='Config file', required=True)
-args = parser.parse_args()
-
-# Config Parser
-cfgparse = SafeConfigParser()
-cfgparse.read(args.cfgfile)
-
-# Grab Undercloud key
-remotekey = cfgparse.get('undercloud', 'remotekey')
-localkey = cfgparse.get('undercloud', 'localkey')
-setup = connect.SetUp(remotekey, localkey)
-setup.getockey()
-
-
-# Configure Nova Credentials
-com = 'sudo /usr/bin/hiera admin_password'
-setup = connect.SetUp(com)
-keypass = setup.keystonepass()
-auth = v2.Password(auth_url=OS_AUTH_URL,
- username='admin',
- password=str(keypass).rstrip(),
- tenant_name='admin')
-sess = session.Session(auth=auth)
-nova = client.Client(2, session=sess)
-
-
-class GlobalVariables:
- tmpdir = ""
-
-
-def run_tests(host, nodetype):
- user = cfgparse.get(nodetype, 'user')
- port = cfgparse.get(nodetype, 'port')
- connect.logger.info("Host: {0} Selected Profile: {1}".format(host,
- nodetype))
- connect.logger.info("Checking internet for package installation...")
- if internet_check(host, nodetype):
- connect.logger.info("Internet Connection OK.")
- connect.logger.info("Creating temp file structure..")
- createfiles(host, port, user, localkey)
- connect.logger.debug("Installing OpenSCAP...")
- install_pkg(host, port, user, localkey)
- connect.logger.debug("Running scan...")
- run_scanner(host, port, user, localkey, nodetype)
- clean = cfgparse.get(nodetype, 'clean')
- connect.logger.info("Post installation tasks....")
- post_tasks(host, port, user, localkey, nodetype)
- if clean:
- connect.logger.info("Cleaning down environment....")
- connect.logger.debug("Removing OpenSCAP....")
- removepkg(host, port, user, localkey, nodetype)
- connect.logger.info("Deleting tmp file and reports (remote)...")
- cleandir(host, port, user, localkey, nodetype)
- else:
- connect.logger.error("Internet timeout. Moving on to next node..")
- pass
-
-
-def nova_iterate():
- # Find compute nodes, active with network on ctlplane
- for server in nova.servers.list():
- if server.status == 'ACTIVE' and 'compute' in server.name:
- networks = server.networks
- nodetype = 'compute'
- for host in networks['ctlplane']:
- run_tests(host, nodetype)
- # Find controller nodes, active with network on ctlplane
- elif server.status == 'ACTIVE' and 'controller' in server.name:
- networks = server.networks
- nodetype = 'controller'
- for host in networks['ctlplane']:
- run_tests(host, nodetype)
-
-
-def internet_check(host, nodetype):
- import connect
- user = cfgparse.get(nodetype, 'user')
- port = cfgparse.get(nodetype, 'port')
- localpath = functest_dir + 'scripts/internet_check.py'
- remotepath = '/tmp/internet_check.py'
- com = 'python /tmp/internet_check.py'
- testconnect = connect.ConnectionManager(host, port, user, localkey,
- localpath, remotepath, com)
- connectionresult = testconnect.remotescript()
- if connectionresult.rstrip() == 'True':
- return True
- else:
- return False
-
-
-def createfiles(host, port, user, localkey):
- import connect
- localpath = functest_dir + 'scripts/createfiles.py'
- remotepath = '/tmp/createfiles.py'
- com = 'python /tmp/createfiles.py'
- connect = connect.ConnectionManager(host, port, user, localkey,
- localpath, remotepath, com)
- GlobalVariables.tmpdir = connect.remotescript()
-
-
-def install_pkg(host, port, user, localkey):
- import connect
- com = 'sudo yum -y install openscap-scanner scap-security-guide'
- connect = connect.ConnectionManager(host, port, user, localkey, com)
- connect.remotecmd()
-
-
-def run_scanner(host, port, user, localkey, nodetype):
- import connect
- scantype = cfgparse.get(nodetype, 'scantype')
- profile = cfgparse.get(nodetype, 'profile')
- results = cfgparse.get(nodetype, 'results')
- report = cfgparse.get(nodetype, 'report')
- secpolicy = cfgparse.get(nodetype, 'secpolicy')
- # Here is where we contruct the actual scan command
- if scantype == 'xccdf':
- cpe = cfgparse.get(nodetype, 'cpe')
- com = '{0} xccdf eval --profile {1} --results {2}/{3}' \
- ' --report {2}/{4}' \
- ' --cpe {5} {6}'.format(oscapbin,
- profile,
- GlobalVariables.tmpdir.rstrip(),
- results,
- report,
- cpe,
- secpolicy)
- connect = connect.ConnectionManager(host, port, user, localkey, com)
- connect.remotecmd()
- elif scantype == 'oval':
- com = '{0} oval eval --results {1}/{2} '
- '--report {1}/{3} {4}'.format(oscapbin,
- GlobalVariables.tmpdir.rstrip(),
- results, report, secpolicy)
- connect = connect.ConnectionManager(host, port, user, localkey, com)
- connect.remotecmd()
- else:
- com = '{0} oval-collect '.format(oscapbin)
- connect = connect.ConnectionManager(host, port, user, localkey, com)
- connect.remotecmd()
-
-
-def post_tasks(host, port, user, localkey, nodetype):
- import connect
- # Create the download folder for functest dashboard and download reports
- reports_dir = cfgparse.get(nodetype, 'reports_dir')
- dl_folder = os.path.join(reports_dir, host + "_" +
- datetime.datetime.
- now().strftime('%Y-%m-%d_%H-%M-%S'))
- os.makedirs(dl_folder, 0755)
- report = cfgparse.get(nodetype, 'report')
- results = cfgparse.get(nodetype, 'results')
- reportfile = '{0}/{1}'.format(GlobalVariables.tmpdir.rstrip(), report)
- connect = connect.ConnectionManager(host, port, user, localkey, dl_folder,
- reportfile, report, results)
- connect.download_reports()
-
-
-def removepkg(host, port, user, localkey, nodetype):
- import connect
- com = 'sudo yum -y remove openscap-scanner scap-security-guide'
- connect = connect.ConnectionManager(host, port, user, localkey, com)
- connect.remotecmd()
-
-
-def cleandir(host, port, user, localkey, nodetype):
- import connect
- com = 'sudo rm -r {0}'.format(GlobalVariables.tmpdir.rstrip())
- connect = connect.ConnectionManager(host, port, user, localkey, com)
- connect.remotecmd()
-
-
-if __name__ == '__main__':
- nova_iterate()