Changeset - 76debadf4dae
Parent rev.
Child rev.
[Not reviewed]
0 3 0
Branko Majic (branko) - 21 months ago 2024-02-17 13:36:59
branko@majic.rs
MAR-194: Switch to using nmap for testing connectivity in common role:

- Unfortunately, hping3 does not support IPv6.
3 files changed with 21 insertions and 16 deletions:
roles/common/molecule/default/prepare.yml
1
6
roles/common/molecule/default/tests/test_maintenance_from_allowed_client.py
8
4
roles/common/molecule/default/tests/test_maintenance_from_disallowed_client.py
12
6
0 comments (0 inline, 0 general)
roles/common/molecule/default/prepare.yml
Show inline comments
 
@@ -48,49 +48,44 @@
 

			




	
	
	
		
 
    - name: Install apt-cacher-ng

			




	
	
	
		
 
      apt:

			




	
	
	
		
 
        name: apt-cacher-ng

			




	
	
	
		
 
        state: present

			




	
	
	
		
 

			




	
	
	
		
 
- hosts: client

			




	
	
	
		
 
  become: true

			




	
	
	
		
 
  tasks:

			




	
	
	
		
 

			




	
	
	
		
 
    - name: Install tool for testing TCP connectivity

			




	
	
	
		
 
      apt:

			




	
	
	
		
 
        name: hping3

			




	
	
	
		
 
        name: nmap

			




	
	
	
		
 
        state: present

			




	
	
	
		
 

			




	
	
	
		
 
    - name: Set-up /etc/hosts with entries for all servers

			




	
	
	
		
 
      lineinfile:

			




	
	
	
		
 
        path: /etc/hosts

			




	
	
	
		
 
        regexp: "^{{ item.key }}"

			




	
	
	
		
 
        line: "{{ item.key }} {{ item.value }}"

			




	
	
	
		
 
        owner: root

			




	
	
	
		
 
        group: root

			




	
	
	
		
 
        mode: 0644

			




	
	
	
		
 
        state: present

			




	
	
	
		
 
      with_dict:

			




	
	
	
		
 
        192.168.56.31: parameters-mandatory-bullseye

			




	
	
	
		
 
        192.168.56.32: parameters-optional-bullseye

			




	
	
	
		
 

			




	
	
	
		
 
- hosts: parameters-mandatory,parameters-optional

			




	
	
	
		
 
  become: true

			




	
	
	
		
 
  tasks:

			




	
	
	
		
 

			




	
	
	
		
 
    - name: Install tool for testing TCP connectivity

			




	
	
	
		
 
      apt:

			




	
	
	
		
 
        name: hping3

			




	
	
	
		
 
        state: present

			




	
	
	
		
 

			




	
	
	
		
 
    - name: Set-up /etc/hosts with entries for all servers

			




	
	
	
		
 
      lineinfile:

			




	
	
	
		
 
        path: /etc/hosts

			




	
	
	
		
 
        regexp: "^{{ item.key }}"

			




	
	
	
		
 
        line: "{{ item.key }} {{ item.value }}"

			




	
	
	
		
 
        owner: root

			




	
	
	
		
 
        group: root

			




	
	
	
		
 
        mode: 0644

			




	
	
	
		
 
        state: present

			




	
	
	
		
 
      with_dict:

			




	
	
	
		
 
        192.168.56.3: client1

			




	
	
	
		
 
        192.168.56.4: client2

			




        

    


    
    

    

        

                

                    roles/common/molecule/default/tests/test_maintenance_from_allowed_client.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -14,26 +14,30 @@ parameters_mandatory_hosts = testinfra.utils.ansible_runner.AnsibleRunner(

			




	
	
	
		
 
parameters_optional_hosts = testinfra.utils.ansible_runner.AnsibleRunner(

			




	
	
	
		
 
    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-optional')

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
@pytest.mark.parametrize("target_host", parameters_mandatory_hosts + parameters_optional_hosts)

			




	
	
	
		
 
def test_ssh_connectivity(host, target_host):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Test if SSH server is reachable.

			




	
	
	
		
 
    """

			




	
	
	
		
 

			




	
	
	
		
 
    with host.sudo():

			




	
	
	
		
 

			




	
	
	
		
 
        ping = host.run('hping3 -S -p 22 -c 1 %s', target_host)

			




	
	
	
		
 
        assert ping.rc == 0

			




	
	
	
		
 
        scan = host.run('nmap -p 22 -oG - %s', target_host)

			




	
	
	
		
 

			




	
	
	
		
 
        assert scan.rc == 0

			




	
	
	
		
 
        assert "Ports: 22/open/tcp//ssh" in scan.stdout

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
@pytest.mark.parametrize("target_host", parameters_mandatory_hosts + parameters_optional_hosts)

			




	
	
	
		
 
def test_http_connectivity(host, target_host):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Test if HTTP server is reachable.

			




	
	
	
		
 
    """

			




	
	
	
		
 

			




	
	
	
		
 
    with host.sudo():

			




	
	
	
		
 

			




	
	
	
		
 
        ping = host.run('hping3 -S -p 80 -c 1 %s', target_host)

			




	
	
	
		
 
        assert ping.rc == 0

			




	
	
	
		
 
        scan = host.run('nmap -p 80 -oG - %s', target_host)

			




	
	
	
		
 

			




	
	
	
		
 
        assert scan.rc == 0

			




	
	
	
		
 
        assert "Ports: 80/open/tcp//http" in scan.stdout

			




        

    


    
    

    

        

                

                    roles/common/molecule/default/tests/test_maintenance_from_disallowed_client.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -14,38 +14,44 @@ parameters_mandatory_hosts = testinfra.utils.ansible_runner.AnsibleRunner(

			




	
	
	
		
 
parameters_optional_hosts = testinfra.utils.ansible_runner.AnsibleRunner(

			




	
	
	
		
 
    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-optional')

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
@pytest.mark.parametrize("target_host", parameters_mandatory_hosts + parameters_optional_hosts)

			




	
	
	
		
 
def test_ssh_connectivity(host, target_host):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Test if SSH server is reachable.

			




	
	
	
		
 
    """

			




	
	
	
		
 

			




	
	
	
		
 
    with host.sudo():

			




	
	
	
		
 

			




	
	
	
		
 
        ping = host.run('hping3 -S -p 22 -c 1 %s', '%s' % target_host)

			




	
	
	
		
 
        assert ping.rc == 0

			




	
	
	
		
 
        scan = host.run('nmap -p 22 -oG - %s', target_host)

			




	
	
	
		
 

			




	
	
	
		
 
        assert scan.rc == 0

			




	
	
	
		
 
        assert "Ports: 22/open/tcp//ssh" in scan.stdout

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
@pytest.mark.parametrize("target_host", parameters_mandatory_hosts)

			




	
	
	
		
 
def test_http_connectivity_allowed(host, target_host):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Test if HTTP server is reachable.

			




	
	
	
		
 
    """

			




	
	
	
		
 

			




	
	
	
		
 
    with host.sudo():

			




	
	
	
		
 

			




	
	
	
		
 
        ping = host.run('hping3 -S -p 80 -c 1 %s', target_host)

			




	
	
	
		
 
        assert ping.rc == 0

			




	
	
	
		
 
        scan = host.run('nmap -p 80 -oG - %s', target_host)

			




	
	
	
		
 

			




	
	
	
		
 
        assert scan.rc == 0

			




	
	
	
		
 
        assert "Ports: 80/open/tcp//http" in scan.stdout

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
@pytest.mark.parametrize("target_host", parameters_optional_hosts)

			




	
	
	
		
 
def test_http_connectivity_disallowed(host, target_host):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Test if HTTP server is reachable.

			




	
	
	
		
 
    """

			




	
	
	
		
 

			




	
	
	
		
 
    with host.sudo():

			




	
	
	
		
 

			




	
	
	
		
 
        ping = host.run('hping3 -S -p 80 -c 1 %s', target_host)

			




	
	
	
		
 
        assert ping.rc == 1

			




	
	
	
		
 
        scan = host.run('nmap -p 80 -oG - %s', target_host)

			




	
	
	
		
 

			




	
	
	
		
 
        assert scan.rc == 0

			




	
	
	
		
 
        assert "Ports: 80/filtered/tcp//http" in scan.stdout

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.