Support for continuous integration testing of salt-ssh

2025-04-17 10:10:20 +00:00 · 2014-05-09 15:54:21 -06:00 · 2014-05-09 15:54:21 -06:00 · 0cbac67a3f
commit 0cbac67a3f
parent 9630d43d05
5 changed files with 113 additions and 0 deletions
--- a/tests/integration/init.py
+++ b/tests/integration/init.py
@ -305,6 +305,9 @@ class TestDaemon(object):
        self.pre_setup_minions()
        self.setup_minions()

+        if self.parser.options.ssh:
+            self.prep_ssh()
+
        if self.parser.options.sysinfo:
            try:
                print_header(
@ -343,6 +346,45 @@ class TestDaemon(object):
        finally:
            self.post_setup_minions()

+    def prep_ssh(self, sshd_port=2827):
+        '''
+        Generate keys and start an ssh daemon on an alternate port
+        '''
+        keygen = salt.utils.which('ssh-keygen')
+        sshd = salt.utils.which('sshd')
+
+        print(keygen)
+        print(sshd)
+        if not (keygen and sshd):
+            print('WARNING: Could not initialize SSH subsystem. Tests for salt-ssh may break!')
+            return
+        if not os.path.exists(TMP_CONF_DIR):
+            os.makedirs(TMP_CONF_DIR)
+        
+        keygen_process = subprocess.Popen(
+                [keygen, '-t', 'ecdsa', '-b', '521', '-C', '"$(whoami)@$(hostname)-$(date -I)"', '-f', 'key_test', '-P', 'INSECURE_TEMPORARY_KEY_PASSWORD'],
+                stdout=subprocess.PIPE,
+                stderr=subprocess.PIPE,
+                close_fds=True,
+                cwd=TMP_CONF_DIR 
+        )
+        out, err = keygen_process.communicate()
+        if err:
+            print('ssh-keygen had errors: {0}'.format(err))
+        sshd_config_path = os.path.join(FILES, 'files/sshd_config')
+        shutil.copy(os.path.join(FILES, 'conf/sshd_config'), TMP_CONF_DIR)
+        auth_key_file = os.path.join(TMP_CONF_DIR, 'key_test.pub')
+        with open(os.path.join(TMP_CONF_DIR, 'sshd_config'), 'a') as ssh_config:
+            ssh_config.write('AuthorizedKeysFile {0}\n'.format(auth_key_file))
+        sshd_process = subprocess.Popen(
+                [sshd, '-f', 'sshd_config'],
+                stdout=subprocess.PIPE,
+                stderr=subprocess.PIPE,
+                close_fds=True,
+                cwd=TMP_CONF_DIR
+        )
+        shutil.copy(os.path.join(FILES, 'conf/roster'), TMP_CONF_DIR)
+
    @property
    def client(self):
        '''
@ -885,6 +927,13 @@ class ShellCase(AdaptedConfigurationTestCaseMixIn, ShellTestCase):
        arg_str = '-c {0} {1}'.format(self.get_config_dir(), arg_str)
        return self.run_script('salt', arg_str, with_retcode=with_retcode, catch_stderr=catch_stderr)

+    def run_ssh(self, arg_str, with_retcode=False, catch_stderr=False):
+        '''
+        Execute salt-ssh
+        '''
+        arg_str = '-c {0} {1}'.format(self.get_config_dir(), arg_str)
+        return self.run_script('salt-ssh', arg_str, with_retcode=with_retcode, catch_stderr=catch_stderr)
+
    def run_run(self, arg_str, with_retcode=False, catch_stderr=False):
        '''
        Execute salt-run
--- a/tests/integration/files/conf/roster
+++ b/tests/integration/files/conf/roster
@ -0,0 +1,3 @@
+localhost:
+  host: 127.0.0.1
+  user: root
--- a/tests/integration/files/conf/sshd_config
+++ b/tests/integration/files/conf/sshd_config
@ -0,0 +1,60 @@
+# Package generated configuration file
+# See the sshd_config(5) manpage for details
+
+Port 2827
+Protocol 2
+# HostKeys for protocol version 2
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+UsePrivilegeSeparation yes
+# Turn strict modes off so that we can operate in /tmp
+StrictModes no
+
+# Lifetime and size of ephemeral version 1 server key
+KeyRegenerationInterval 3600
+ServerKeyBits 1024
+
+# Logging
+SyslogFacility AUTH
+LogLevel INFO
+
+# Authentication:
+LoginGraceTime 120
+PermitRootLogin without-password
+StrictModes yes
+
+RSAAuthentication yes
+PubkeyAuthentication yes
+#AuthorizedKeysFile	%h/.ssh/authorized_keys
+#AuthorizedKeysFile	key_test.pub
+
+# Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+RhostsRSAAuthentication no
+# similar for protocol version 2
+HostbasedAuthentication no
+#IgnoreUserKnownHosts yes
+
+# To enable empty passwords, change to yes (NOT RECOMMENDED)
+PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Change to no to disable tunnelled clear text passwords
+PasswordAuthentication no
+
+X11Forwarding no
+X11DisplayOffset 10
+PrintMotd no
+PrintLastLog yes
+TCPKeepAlive yes
+#UseLogin no
+AcceptEnv LANG LC_*
+
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+UsePAM yes
--- a/tests/integration/ssh/init.py
+++ b/tests/integration/ssh/init.py
@ -0,0 +1 @@
+# -*- coding: utf-8 -*-
--- a/tests/integration/ssh/deploy.py
+++ b/tests/integration/ssh/deploy.py