Files
@ 8d272d91d3d2
Branch filter:
Location: majic-ansible-roles/roles/database_server/molecule/default/tests/test_default.py
8d272d91d3d2
5.0 KiB
text/x-python
MAR-165: Deploy Diffie-Helman parameters for LDAP server in the ldap_server role:
- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 | import os
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-mandatory')
testinfra_hosts += testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('deprecated')
testinfra_hosts = sorted(set(testinfra_hosts))
def test_installed_packages(host):
"""
Tests if the correct packages have been installed.
"""
assert host.package('mariadb-client').is_installed
assert host.package('mariadb-server').is_installed
assert host.package('python3-pymysql').is_installed
def test_service(host):
"""
Tests if the database server service is enabled on boot and running.
"""
service = host.service('mysql')
assert service.is_enabled
assert service.is_running
def test_root_my_cnf_is_absent(host):
"""
Tests if the root my.cnf configuration file is absent (root should
be able to login via unix socket, and does not need its password
set).
"""
with host.sudo():
assert not host.file('/root/.my.cnf').exists
def test_root_password_is_not_empty(host):
"""
Tests if the database server root password is empty.
"""
login = host.run("mysql -uroot -BNe 'show databases'")
assert login.rc != 0
def test_root_os_user_can_login(host):
"""
Tests if the root account can log-in without providing any password (via unix socket).
"""
with host.sudo():
login = host.run("mysql -uroot -BNe 'show databases'")
assert login.rc == 0
assert "information_schema" in login.stdout
assert "mysql" in login.stdout
assert "performance_schema" in login.stdout
def test_utf8_configuration_file(host):
"""
Tests if UTF-8 database server configuration file has been deployed
correctly.
"""
config = host.file('/etc/mysql/mariadb.conf.d/90-utf8.cnf')
assert config.is_file
assert config.user == 'root'
assert config.group == 'root'
assert config.mode == 0o644
def test_utf8_configuration(host):
"""
Tests if UTF-8 configuration has been applied correctly to server.
"""
with host.sudo():
assert host.run("mysql -uroot -BNe 'drop database if exists test'").rc == 0
assert host.run("mysql -uroot -BNe 'create database test'").rc == 0
check_server = host.run("mysql -uroot test -BNe 'select @@character_set_server; select @@collation_server'")
assert check_server.rc == 0
assert check_server.stdout == "utf8\nutf8_general_ci\n"
check_database = host.run("mysql -uroot test -BNe 'select @@character_set_database; select @@collation_database'")
assert check_database.rc == 0
assert check_database.stdout == "utf8\nutf8_general_ci\n"
check_database = host.run("mysql -uroot -BNe 'select @@character_set_connection; select @@collation_connection'")
assert check_database.rc == 0
assert check_database.stdout == "utf8\nutf8_general_ci\n"
def test_root_can_login_via_unix_socket_only(host):
"""
Tests if the root login is possible only via unix socket.
"""
with host.sudo():
root_logins_without_unix_socket_count = host.run("mysql -BNe %s", "select count(*) from mysql.user where user = 'root' and plugin != 'unix_socket'")
root_logins_with_unix_socket = host.run("mysql -BNe %s", "select User, Host, Password from mysql.user where user = 'root' and plugin = 'unix_socket'")
assert root_logins_without_unix_socket_count.rc == 0
assert root_logins_without_unix_socket_count.stdout.strip() == "0"
assert root_logins_with_unix_socket.rc == 0
assert root_logins_with_unix_socket.stdout.strip() == "root localhost"
def test_debian_system_maintenance_user_is_absent(host):
"""
Tests if the dedicated Debian system maintenance user is absent
(leftover from Debian Jessie and previous versions).
"""
with host.sudo():
debian_system_maintenance_user = host.run("mysql -BNe %s", "select count(*) from mysql.user where user = 'debian-sys-maint'")
assert debian_system_maintenance_user.rc == 0
assert debian_system_maintenance_user.stdout.strip() == "0"
def test_debian_system_maintenance_configuration_file(host):
"""
Tests if the Debian system maintenance configuration file has been
set-up properly.
"""
with host.sudo():
config = host.file("/etc/mysql/debian.cnf")
assert config.is_file
assert config.user == 'root'
assert config.group == 'root'
assert config.mode == 0o600
assert "debian-sys-maint" not in config.content_string
def test_debian_system_maintenance_configuration_file_can_be_used_for_login(host):
"""
Tests if the Debian system maintenance configuration file can be
used for authenticating as the root user.
"""
with host.sudo():
login = host.run("mysql --defaults-file=/etc/mysql/debian.cnf -NBe %s", "select current_user();")
assert login.rc == 0
assert login.stdout.strip() == "root@localhost"
|