Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(systemd): check sockets created by systemd #66

Merged
merged 1 commit into from
Jan 6, 2020
Merged

feat(systemd): check sockets created by systemd #66

merged 1 commit into from
Jan 6, 2020

Conversation

baby-gnu
Copy link
Contributor

@baby-gnu baby-gnu commented Jan 6, 2020
edited
Loading

PR progress checklist (to be filled in by reviewers)

  • Changes to documentation are appropriate (or tick if not required)
  • Changes to tests are appropriate (or tick if not required)
  • Reviews completed

What type of PR is this?

Primary type

  • [build] Changes related to the build system
  • [chore] Changes to the build process or auxiliary tools and libraries such as documentation generation
  • [ci] Changes to the continuous integration configuration
  • [feat] A new feature
  • [fix] A bug fix
  • [perf] A code change that improves performance
  • [refactor] A code change that neither fixes a bug nor adds a feature
  • [revert] A change used to revert a previous commit
  • [style] Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc.)

Secondary type

  • [docs] Documentation changes
  • [test] Adding missing or correcting existing tests

Does this PR introduce a BREAKING CHANGE?

No.

Related issues and/or pull requests

Describe the changes you're proposing

On systems with sockets created by systemd, the configuration in
“libvirtd.conf” is not used.

  • test/integration/share/libraries/systemd_config.rb: new utility to
    get systemd service configuration options.

  • test/integration/share/libraries/libvirt_socket_admin.rb: load
    “libvirt-admin.socket” configuration and provide 3 methods to return
    owner, group and permissions defined. Fallback on default values.

  • test/integration/share/libraries/libvirt_socket_ro.rb: load
    “libvirt-ro.socket” configuration and provide 3 methods to return
    owner, group and permissions defined. Fallback on default values.

  • test/integration/share/libraries/libvirt_socket_rw.rb: load
    “libvirt.socket” configuration and provide 3 methods to return
    owner, group and permissions defined. Fallback on default values.

  • test/integration/default/controls/socket_admin_spec.rb: check socket
    owner, group and permissions against configured values.

  • test/integration/default/controls/socket_ro_spec.rb: ditoo.

  • test/integration/default/controls/socket_rw_spec.rb: ditoo.

Pillar / config required to test the proposed changes

Debug log showing how the proposed changes work

-----> Starting Kitchen (v2.3.3)
-----> Verifying <default-fedora-31-master-py3>...
       Loaded default 

Profile: libvirt formula (default)
Version: (not specified)
Target:  ssh://kitchen@localhost:32768

  ✔  Libvirt service: verify running service
     ✔  Service libvirtd should be enabled
     ✔  Service libvirtd should be running
  ✔  Libvirt packages: verify installed packages
     ✔  System Package libvirt should be installed
     ✔  System Package qemu-kvm should be installed
     ✔  System Package libguestfs should be installed
     ✔  System Package python3-libvirt should be installed
  ✔  Libvirt read/write socket: should exist with proper permissions
     ✔  libvirt_socket_rw should exist
     ✔  libvirt_socket_rw type should eq :socket
     ✔  libvirt_socket_rw owner should eq "root"
     ✔  libvirt_socket_rw group should eq "root"
     ✔  libvirt_socket_rw mode should cmp == "0666"
  ✔  Libvirt admin socket: should exist with proper permissions
     ✔  libvirt_socket_admin should exist
     ✔  libvirt_socket_admin type should eq :socket
     ✔  libvirt_socket_admin owner should eq "root"
     ✔  libvirt_socket_admin group should eq "root"
     ✔  libvirt_socket_admin mode should cmp == "0600"
  ✔  Libvirt configuration: verify applied configuration
     ✔  File /etc/sysconfig/libvirtd should exist
     ✔  File /etc/sysconfig/libvirtd content should match /This\sfile\sis\smanaged\sby\sSalt/
     ✔  File /etc/libvirt/libvirtd.conf should exist
     ✔  File /etc/libvirt/libvirtd.conf content should match /This\sfile\sis\smanaged\sby\sSalt/
     ✔  Parse Config File /etc/libvirt/libvirtd.conf listen_tls should eq "0"
     ✔  Parse Config File /etc/libvirt/libvirtd.conf listen_tcp should eq "0"
     ✔  Parse Config File /etc/libvirt/libvirtd.conf tls_port should eq "16514"
     ✔  Parse Config File /etc/libvirt/libvirtd.conf tcp_port should eq "16509"
     ✔  Parse Config File /etc/libvirt/libvirtd.conf listen_addr should eq "0.0.0.0"
     ✔  Parse Config File /etc/libvirt/libvirtd.conf unix_sock_group should eq "root"
     ✔  Parse Config File /etc/libvirt/libvirtd.conf unix_sock_ro_perms should eq "0777"
     ✔  Parse Config File /etc/libvirt/libvirtd.conf unix_sock_rw_perms should eq "0770"
     ✔  Parse Config File /etc/libvirt/libvirtd.conf auth_unix_ro should eq "none"
     ✔  Parse Config File /etc/libvirt/libvirtd.conf auth_unix_rw should eq "none"
     ✔  Parse Config File /etc/libvirt/libvirtd.conf auth_tcp should eq "none"
  ✔  Libvirt read only socket: should exist with proper permissions
     ✔  libvirt_socket_ro should exist
     ✔  libvirt_socket_ro type should eq :socket
     ✔  libvirt_socket_ro owner should eq "root"
     ✔  libvirt_socket_ro group should eq "root"
     ✔  libvirt_socket_ro mode should cmp == "0666"


Profile: libvirt formula (share)
Version: (not specified)
Target:  ssh://kitchen@localhost:32768

     No tests executed.

Profile Summary: 6 successful controls, 0 control failures, 0 controls skipped
Test Summary: 36 successful, 0 failures, 0 skipped
       Finished verifying <default-fedora-31-master-py3> (0m9.68s).
-----> Kitchen is finished. (0m12.62s)

Documentation checklist

  • Updated the README (e.g. Available states).
  • Updated pillar.example.

Testing checklist

  • Included in Kitchen (i.e. under state_top).
  • Covered by new/existing tests (e.g. InSpec, Serverspec, etc.).
  • Updated the relevant test pillar.

Additional context

@baby-gnu
feat(systemd): check sockets created by systemd
60a4177 
On systems with sockets created by systemd, the configuration in
“libvirtd.conf” is not used.

* test/integration/share/libraries/systemd_config.rb: new utility to
  get systemd service configuration options.

* test/integration/share/libraries/libvirt_socket_admin.rb: load
  “libvirt-admin.socket” configuration and provide 3 methods to return
  owner, group and permissions defined. Fallback on default values.

* test/integration/share/libraries/libvirt_socket_ro.rb: load
  “libvirt-ro.socket” configuration and provide 3 methods to return
  owner, group and permissions defined. Fallback on default values.

* test/integration/share/libraries/libvirt_socket_rw.rb: load
  “libvirt.socket” configuration and provide 3 methods to return
  owner, group and permissions defined. Fallback on default values.

* test/integration/default/controls/socket_admin_spec.rb: check socket
  owner, group and permissions against configured values.

* test/integration/default/controls/socket_ro_spec.rb: ditoo.

* test/integration/default/controls/socket_rw_spec.rb: ditoo.
@baby-gnu baby-gnu requested a review from myii January 6, 2020 12:04
@baby-gnu
Copy link
Contributor Author

baby-gnu commented Jan 6, 2020

In the kitchen output we can see that the configured perms in libvirtd.conf are:

  • unix_sock_ro_perms should eq "0777"
  • unix_sock_rw_perms should eq "0770"

but the real perms are tested against values from systemd .socket services:

  • libvirt_socket_rw mode should cmp == "0666"
  • libvirt_socket_ro mode should cmp == "0666"

We could enable new images after this PR is merged.

Regards.

myii
myii approved these changes Jan 6, 2020
View reviewed changes
Copy link
Member

@myii myii left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work!

@myii myii merged commit 29190b8 into saltstack-formulas:master Jan 6, 2020
@myii
Copy link
Member

myii commented Jan 6, 2020

Merged, thanks @baby-gnu.

@baby-gnu baby-gnu deleted the feature/support-systemd-sockets branch January 6, 2020 12:51
@saltstack-formulas-travis
Copy link

🎉 This PR is included in version 3.4.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

myii added a commit to myii/ssf-formula that referenced this pull request Jan 7, 2020
@myii
feat(libvirt): update Travis matrix after recent platform fixes
631074d 
* Close saltstack-formulas/libvirt-formula#64
* Based on:
  - saltstack-formulas/libvirt-formula#66
  - saltstack-formulas/libvirt-formula#67
  - saltstack-formulas/libvirt-formula#68
@myii myii mentioned this pull request Jan 7, 2020
Merged
myii added a commit to myii/libvirt-formula that referenced this pull request Jan 7, 2020
@myii
ci(travis): update matrix after recent platform fixes
a6dd1d3 
* Automated using myii/ssf-formula#116
* Close saltstack-formulas#64
* Based on:
  - saltstack-formulas#66
  - saltstack-formulas#67
  - saltstack-formulas#68
@myii myii mentioned this pull request Jan 7, 2020
Merged
19 tasks
saltstack-formulas-travis pushed a commit that referenced this pull request Mar 24, 2020
@semantic-release-bot
chore(release): 3.7.0 [skip ci]
94cf084 
# [3.7.0](v3.6.0...v3.7.0) (2020-03-24)

### Bug Fixes

* **libtofs:** “files_switch” mess up the variable exported by “map.jinja” [skip ci] ([fd277ec](fd277ec))

### Continuous Integration

* workaround issues with newly introduced `amazonlinux-1` [skip ci] ([9299b03](9299b03))
* **kitchen:** avoid using bootstrap for `master` instances [skip ci] ([58709f6](58709f6))
* **travis:** update matrix after recent platform fixes ([a6dd1d3](a6dd1d3)), closes [#64](#64) [#66](#66) [#67](#67) [#68](#68)

### Features

* **map.jinja:** `defaults.yaml` must be under `parameters/` ([3ca19bc](3ca19bc))
* **map.jinja:** load a configurable list of YAML files ([ce1782c](ce1782c))
* **map.jinja:** split `osfamilymap.yaml` under `parameters/os_family/` ([e82d184](e82d184))
* **map.jinja:** split `osfingermap.yaml` under `parameters/osfinger/` ([365f711](365f711))
* **map.jinja:** split `osmap.yaml` under `parameters/os/` ([4255397](4255397))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@myii myii myii approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@baby-gnu @myii @saltstack-formulas-travis