File: 966

package info (click to toggle)
pcp 7.1.0-1
  • links: PTS
  • area: main
  • in suites: forky, sid
  • size: 252,748 kB
  • sloc: ansic: 1,483,656; sh: 182,366; xml: 160,462; cpp: 83,813; python: 24,980; perl: 18,327; yacc: 6,877; lex: 2,864; makefile: 2,738; awk: 165; fortran: 60; java: 52
file content (96 lines) | stat: -rwxr-xr-x 2,502 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
 
#!/bin/sh
# PCP QA Test No. 966
# Test pmcd startup with secure connections misconfigured.
#
# Copyright (c) 2014,2022 Red Hat.
#

seq=`basename $0`
echo "QA output created by $seq"

. ./common.secure

_check_tls

_cleanup()
{
    _restore_config $PCP_TLSCONF_PATH
    unset PCP_SECURE_SOCKETS

    _service pmcd restart 2>&1 | _filter_pcp_restart
    _wait_for_pmcd
    _restore_auto_restart pmcd
    _service pmlogger restart 2>&1 | _filter_pcp_restart
    _wait_for_pmlogger
    _restore_auto_restart pmlogger

    $sudo rm -rf $tmp.*
}

status=1	# failure is the default!
trap "_cleanup; exit \$status" 0 1 2 3 15

_save_config $PCP_TLSCONF_PATH
_stop_auto_restart pmcd
_stop_auto_restart pmlogger
if ! _service pmlogger stop 2>&1; then _exit 1; fi \
| _filter_pcp_stop
_wait_pmlogger_end || _exit 1
if ! _service pmcd stop 2>&1; then _exit 1; fi \
| _filter_pcp_stop
_wait_pmcd_end || _exit 1

_filter_tls()
{
    sed \
	-e 's/value [0-9][0-9]*/value NUMBER/' \
	-e '/pminfo([0-9][0-9]*)/s//pminfo(PID)/' \
	-e "s/host \"$hostname\"/host LOCALHOST/g" \
	-e 's/^\[[A-Z].. [A-Z]..  *[0-9][0-9]* ..:..:..]/[DATE]/' \
    #end
}

# real QA test starts here
_setup_tls

if ! _service pmcd start || ! _wait_for_pmcd
then
    echo "--- cert & key files and sum by user $PCP_USER"
    for file in $tmp.tls/*
    do
	ls -l $file
	sudo -u $PCP_USER sum $file
    done
    echo "--- openssl.log from key & cert setup"
    cat $tmp.tls/openssl.log
    _exit 1
fi | _filter_pcp_start

echo
echo "checking client, secure connection.  should pass..." | tee -a $seq_full
PCP_SECURE_SOCKETS=1; export PCP_SECURE_SOCKETS
yes | pminfo -h $hostname -f hinv.ncpu 2>&1 | tee -a $seq_full | _filter_tls

# verify that pmcd still starts and accepts insecure connections
# when the TLS configuration is corrupted / partially missing.
#
echo
echo "checking client, bad secure config.  should fail..." | tee -a $seq_full
cp $PCP_TLSCONF_PATH $tmp.tls.conf
sed -i -e 's,^tls-cert-file = .*,tls-cert-file = /dev/null,g' $tmp.tls.conf
$sudo cp $tmp.tls.conf $PCP_TLSCONF_PATH
yes | pminfo -h $hostname -f hinv.ncpu 2>&1 | tee -a $seq_full | _filter_tls

echo
echo "checking client, insecure connection.  should pass..."
unset PCP_SECURE_SOCKETS
yes | pminfo -h $hostname -f hinv.ncpu 2>&1 | tee -a $seq_full | _filter_tls

echo
echo "checking client, connecting via 'local:'.  should pass..."
unset PCP_SECURE_SOCKETS
yes | pminfo -h local: -f hinv.ncpu 2>&1 | tee -a $seq_full | _filter_tls

# success, all done
status=0
exit