rpms/ktls-utils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Add initial gating for RHEL 10

Browse Source 
Related: RHEL-39058
This commit is contained in:
Scott Mayhew 2024-06-13 10:58:25 -04:00
parent cf1f02c485
commit 5598153031
5 changed files with 120 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.fmf/version Normal file
View File

@ -0,0 +1 @@
1

6
gating.yaml Normal file
View File

@ -0,0 +1,6 @@
--- !Policy
product_versions:
- rhel-10
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

12
plans/sanity.fmf Normal file
View File

@ -0,0 +1,12 @@
summary:
Basic sanity test for ktls-utils
discover:
how: fmf
prepare:
how: install
package:
- ktls-utils
- nfs-utils
- openssl
execute:
how: tmt

2
tests/sanity/main.fmf Normal file
View File

@ -0,0 +1,2 @@
summary: Basic sanity test for ktls-utils
test: ./test.sh

99
tests/sanity/test.sh Executable file
View File

@ -0,0 +1,99 @@
#!/bin/bash
MYOLDHOSTNAME=$(hostnamectl hostname --static)
MYHOSTNAME=nfs.ktls-utils.test
MYIP=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src \([0-9.]\+\).*/\1/p')
echo "Setup..."
hostnamectl hostname --static "$MYHOSTNAME"
cp /etc/tlshd.conf /etc/tlshd.conf.bak
openssl req -x509 -newkey rsa:4096 -subj "/CN=ktls-utils smoketest CA" -days 365 -noenc -out ca-cert.pem -keyout ca-cert.key >/dev/null 2>&1
openssl req -x509 -newkey rsa:4096 -subj "/CN=${MYHOSTNAME}" -addext "subjectAltName=DNS:${MYHOSTNAME},IP:${MYIP}" -days 365 -noenc -CA ca-cert.pem -CAkey ca-cert.key -extensions usr_cert -out ktls.pem -keyout ktls.key >/dev/null 2>&1
cp ca-cert.pem /etc/pki/tls/certs
cp ktls.pem /etc/pki/tls/certs
cp ktls.key /etc/pki/tls/private
cat <<EOF >/etc/tlshd.conf
[debug]
loglevel=0
tls=0
nl=0
[authenticate]
#keyrings= <keyring>;<keyring>;<keyring>
[authenticate.client]
x509.truststore=/etc/pki/tls/certs/ca-cert.pem
x509.certificate=/etc/pki/tls/certs/ktls.pem
x509.private_key=/etc/pki/tls/private/ktls.key
[authenticate.server]
x509.truststore=/etc/pki/tls/certs/ca-cert.pem
x509.certificate=/etc/pki/tls/certs/ktls.pem
x509.private_key=/etc/pki/tls/private/ktls.key
EOF
systemctl start tlshd
systemctl start nfs-server
mkdir /export
exportfs -o rw,insecure,no_root_squash,xprtsec=tls:mtls *:/export
# mount by hostname
echo "Try to mount $MYHOSTNAME:/export without xprtsec=tls"
mount -o v4.2 $MYHOSTNAME:/export /mnt
if [ $? -eq 0 ]; then
echo "Mounted $MYHOSTNAME:/export without xprtsec=tls!"
exit 1
fi
echo "Try to mount $MYHOSTNAME:/export with xprtsec=tls"
mount -o v4.2,xprtsec=tls $MYHOSTNAME:/export /mnt
if [ $? -ne 0 ]; then
echo "Failed to mount $MYHOSTNAME:/export with xprtsec=tls!"
exit 1
fi
if ! grep "xprtsec=tls" /proc/mounts; then
echo "Failed to find xprtsec=tls in /proc/mounts"
exit 1
fi
umount /mnt
# mount by ip address
echo "Try to mount $MYIP:/export without xprtsec=tls"
mount -o v4.2 $MYIP:/export /mnt
if [ $? -eq 0 ]; then
echo "Mounted $MYIP:/export without xprtsec=tls!"
exit 1
fi
echo "Try to mount $MYIP:/export with xprtsec=tls"
mount -o v4.2,xprtsec=tls $MYIP:/export /mnt
if [ $? -ne 0 ]; then
echo "Failed to mount $MYIP:/export with xprtsec=tls!"
exit 1
fi
if ! grep "xprtsec=tls" /proc/mounts; then
echo "Failed to find xprtsec=tls in /proc/mounts"
exit 1
fi
umount /mnt
echo "Success!"
echo "Cleanup..."
hostnamectl hostname --static "$MYOLDHOSTNAME"
exportfs -ua
systemctl stop nfs-server
rmdir /export
systemctl stop tlshd
cp /etc/tlshd.conf.bak /etc/tlshd.conf
rm -f /etc/pki/tls/certs/ca-cert.pem
rm -f /etc/pki/tls/certs/ktls.pem
rm -f /etc/pki/tls/private/ktls.key
rm -f ca-cert.pem
rm -f ca-cert.key
rm -f ktls.pem
rm -f ktls.key
exit 0