From d6a8b9523eb61da75d18189f945e3cb4ba181e08 2017-11-19 18:21:04 From: Branko Majic Date: 2017-11-19 18:21:04 Subject: [PATCH] MAR-127: Added tests for time synchronisation (NTP) implementation: - Updated test playbook. - Added tests related to time synchronisation. --- diff --git a/roles/common/playbook.yml b/roles/common/playbook.yml index 86b24d9b467dd69a60ab0cb4ce521fb7563cc85f..9a2b37a515fda97f413f23f3db049a0ac5d83496 100644 --- a/roles/common/playbook.yml +++ b/roles/common/playbook.yml @@ -68,6 +68,12 @@ pipreqcheck_gid: 2500 prompt_colour: cyan prompt_id: test + # Purposefully set this to 3 servers to make sure we are + # overriding the default configuration. + ntp_servers: + - "0.debian.pool.ntp.org" + - "1.debian.pool.ntp.org" + - "2.debian.pool.ntp.org" # From backup_client role meta dependency. backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/backup_encryption_key') }}" backup_server: backup-server diff --git a/roles/common/tests/test_parameters_mandatory.py b/roles/common/tests/test_parameters_mandatory.py index 7df43d6e57c536eb9b0e7a911cbb229d69cc66ac..ceae7c98c97fe6666f2232442d07d02ce5aad8ad 100644 --- a/roles/common/tests/test_parameters_mandatory.py +++ b/roles/common/tests/test_parameters_mandatory.py @@ -122,3 +122,24 @@ def test_backup_configuration_absent(File, Sudo): with Sudo(): assert not File('/etc/duply/main/patterns/common').exists + + +def test_ntp_software_not_installed(Package): + """ + Tests if NTP packages are absent. + """ + + # @TODO: This throws an exception. It seems version of Testinfra + # used cannot properly check for absence of package. + # assert not Package('ntp').is_installed + # assert not Package('ntpdate').is_installed + + pass + + +def test_ntp_listening_interfaces(Socket): + """ + Tests if NTP server is not listening. + """ + + assert not Socket('udp://:::123').is_listening diff --git a/roles/common/tests/test_parameters_optional.py b/roles/common/tests/test_parameters_optional.py index 58c71fefe368d7af59537f767b92481191ecde44..89c405877be2704dc5dd14cef5b846147acbbbec 100644 --- a/roles/common/tests/test_parameters_optional.py +++ b/roles/common/tests/test_parameters_optional.py @@ -1,4 +1,5 @@ import os +import re import socket import paramiko @@ -283,3 +284,51 @@ def test_backup_configuration(File, Sudo): assert common_extra.is_file assert "/home/user1" in common_extra.content.split("\n") assert "/home/user2" in common_extra.content.split("\n") + + +def test_ntp_software_installed(Package): + """ + Tests if NTP packages are installed. + """ + + assert Package('ntp').is_installed + assert Package('ntpdate').is_installed + + +def test_ntp_server_configuration(File, Sudo): + """ + Tests if NTP server has been correctly configured. + """ + + with Sudo(): + + # Read the configuration file. + configuration = File("/etc/ntp.conf").content.split("\n") + + # Extract only the relevant sections of files (exculde empty + # lines and comments). + configuration = [c.strip() for c in configuration if re.match('^\s*(|#.*)$', c) is None] + + # Ensure correct servers have been configured in the pool. + servers = [c for c in configuration if c.startswith('server')] + + expected_servers = ["server 0.debian.pool.ntp.org iburst", + "server 1.debian.pool.ntp.org iburst", + "server 2.debian.pool.ntp.org iburst"] + + assert sorted(servers) == sorted(expected_servers) + + # Ensure querying of server is disable for untrusted clients. + restrictions = [c for c in configuration if c.startswith('restrict')] + expected_restrictions = ["restrict -4 default kod notrap nomodify nopeer noquery notrust", + "restrict -6 default kod notrap nomodify nopeer noquery notrust"] + + assert sorted(restrictions) == sorted(expected_restrictions) + + +def test_ntp_listening_interfaces(Socket): + """ + Tests if NTP server is listening on correct ports. + """ + + assert Socket('udp://:::123').is_listening