From ed5fe191022f851b52e23a919b5f3350163e52b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miguel=20Mart=C3=ADn?= Date: Mon, 7 Oct 2024 12:28:03 +0200 Subject: [PATCH] test: add service infos to onboarding tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Test actual service infos in onboarding tests to make sure the onboarding client has the needed SELinux permissions. Resolves: THEEDGE-3953 Signed-off-by: Miguel Martín --- test/fmf/tests/onboarding/run-onboarding.sh | 176 +++++++++++++++++--- 1 file changed, 155 insertions(+), 21 deletions(-) diff --git a/test/fmf/tests/onboarding/run-onboarding.sh b/test/fmf/tests/onboarding/run-onboarding.sh index 3afb4140d..b508c1d70 100755 --- a/test/fmf/tests/onboarding/run-onboarding.sh +++ b/test/fmf/tests/onboarding/run-onboarding.sh @@ -17,6 +17,8 @@ DATABASES="${MANUFACTURER_DATABASE} ${OWNER_DATABASE} ${RENDEZVOUS_DATABASE}" OV_STORE_DRIVER="${OV_STORE_DRIVER:-Directory}" +SERVICE_INFO_DIR="/var/lib/fdo/service-info/files" + DATABASE_DRIVER="None" [ "${OV_STORE_DRIVER}" != "Postgres" ] || DATABASE_DRIVER="postgresql" [ "${OV_STORE_DRIVER}" != "Sqlite" ] || DATABASE_DRIVER="sqlite" @@ -41,6 +43,67 @@ generate_fdo_certificates() { done } +generate_serviceinfo_files() { + mkdir -p ${SERVICE_INFO_DIR}/etc/{sudoers.d,pki/ca-trust/source/anchors} + cat > "${SERVICE_INFO_DIR}/etc/hosts" < "${SERVICE_INFO_DIR}/etc/sudoers.d/edge" < "${SERVICE_INFO_DIR}/etc/pki/ca-trust/source/anchors/redhat.crt" < /etc/command-testfile1 + - command: bash + args: + - -c + - echo command-testfile1-content2 >> /etc/command-testfile1 + - command: mkdir + args: + - -p + - /etc/commands + - command: mv + args: + - /etc/command-testfile1 + - /etc/commands/ + - command: bash + args: + - -c + - echo command-testfile2-content1 > /etc/commands/command-testfile2 + - command: bash + args: + - -c + - echo command-testfile2-content2 >> /etc/commands/command-testfile2 + - command: rm + args: + - -rf + - /etc/commands + - command: find + args: + - /etc + - /var + - -type + - f + - -exec + - touch {} + - ; + - command: mkdir + args: + - -p + - /etc/sudoers.d /var/fdo /var/lib/fdo /var/fdo-test /var/lib/fdo-test + - command: /usr/bin/sed + args: + - -i + - -e + - s/^#PasswordAuthentication yes/PasswordAuthentication no/ + - /etc/ssh/sshd_config + may_fail: false + return_stdout: true + return_stderr: true + - command: systemctl + args: + - restart + - sshd + return_stdout: true + return_stderr: true + - command: systemctl + args: + - daemon-reload + return_stdout: true + return_stderr: true + files: + - path: /etc/hosts + permissions: 644 + source_path: ${SERVICE_INFO_DIR}/etc/hosts + - path: /etc/sudoers.d/edge + source_path: ${SERVICE_INFO_DIR}/etc/sudoers.d/edge + - path: /etc/pki/ca-trust/source/anchors/redhat.crt + source_path: ${SERVICE_INFO_DIR}/etc/pki/ca-trust/source/anchors/redhat.crt +# diskencryption_clevis: +# - disk_label: /dev/vda +# binding: +# pin: test +# config: "{}" +# reencrypt: true +# after_onboarding_reboot: true bind: 0.0.0.0:8083 service_info_auth_token: 2IOtlXsSqfcGjnhBLZjPiHIteskzZEW3lncRzpEmgqI= admin_auth_token: Va40bSkLcxwnfml1pmIuaWaOZG96mSMB6fu0xuzcueg= @@ -185,33 +327,25 @@ perform_no_plain_di() { } onboard() { - /usr/libexec/fdo/fdo-client-linuxapp + LOG_LEVEL=trace /usr/libexec/fdo/fdo-client-linuxapp } [ "${OV_STORE_DRIVER}" != "Sqlite" ] || setup_sqlite [ "${OV_STORE_DRIVER}" != "Postgres" ] || setup_postgresql +SSH_PUB_KEY=$(generate_ssh_key) generate_fdo_certificates setup_manufacturing setup_owner setup_rendezvous +generate_serviceinfo_files setup_serviceinfo systemctl restart fdo-{manufacturing,owner-onboarding,rendezvous,serviceinfo-api}-server.service # Wait for servers to be up and running -until [ "$(curl -X POST http://${PRIMARY_IP}:8080/ping)" == "pong" ]; do - sleep 1; -done; - -until [ "$(curl -X POST http://${PRIMARY_IP}:8081/ping)" == "pong" ]; do - sleep 1; -done; - -until [ "$(curl -X POST http://${PRIMARY_IP}:8082/ping)" == "pong" ]; do - sleep 1; -done; - -until [ "$(curl -X POST http://${PRIMARY_IP}:8083/ping)" == "pong" ]; do - sleep 1; -done; +for PORT in 808{0..3}; do + until [ "$(curl -s -X POST http://${PRIMARY_IP}:${PORT}/ping)" == "pong" ]; do + sleep 1; + done; +done perform_no_plain_di [ "${OV_STORE_DRIVER}" = "Directory" ] || export_import_vouchers sleep 60