Commit 1098ba6f authored by Killian Lufau's avatar Killian Lufau Committed by Thomas Gambier

demo: Add testing of HMAC

/reviewed-on nexedi/re6stnet!19
parent d0233199
#!/usr/bin/python2 #!/usr/bin/python2
import argparse, math, nemu, os, re, signal import argparse, math, nemu, os, re, signal
import socket, subprocess, sys, time, weakref import socket, sqlite3, subprocess, sys, time, weakref
from collections import defaultdict from collections import defaultdict
from contextlib import contextmanager from contextlib import contextmanager
from threading import Thread
IPTABLES = 'iptables' IPTABLES = 'iptables'
SCREEN = 'screen' SCREEN = 'screen'
VERBOSE = 4 VERBOSE = 4
...@@ -60,6 +61,8 @@ parser.add_argument('-d', '--duration', type = int, ...@@ -60,6 +61,8 @@ parser.add_argument('-d', '--duration', type = int,
help = 'time of the demo execution in seconds') help = 'time of the demo execution in seconds')
parser.add_argument('-p', '--ping', action = 'store_true', parser.add_argument('-p', '--ping', action = 'store_true',
help = 'execute ping utility') help = 'execute ping utility')
parser.add_argument('-m', '--hmac', action = 'store_true',
help = 'execute HMAC test')
args = parser.parse_args() args = parser.parse_args()
def handler(signum, frame): def handler(signum, frame):
...@@ -243,7 +246,8 @@ def new_network(registry, reg_addr, serial, ca): ...@@ -243,7 +246,8 @@ def new_network(registry, reg_addr, serial, ca):
""")).wait() """)).wait()
db = sqlite3.connect(db_path, isolation_level=None) db = sqlite3.connect(db_path, isolation_level=None)
def new_node(node, folder, args='', prefix_len=None, registry=registry_url): def new_node(node, folder, args='', prefix_len=None, registry=registry_url):
nodes.append(node) if node not in nodes:
nodes.append(node)
if not os.path.exists(folder + '/cert.crt'): if not os.path.exists(folder + '/cert.crt'):
dh_path = folder + '/dh2048.pem' dh_path = folder + '/dh2048.pem'
if not os.path.exists(dh_path): if not os.path.exists(dh_path):
...@@ -297,6 +301,46 @@ if args.ping: ...@@ -297,6 +301,46 @@ if args.ping:
name = machine.name if machine.short[0] == 'R' else 'm' + machine.short name = machine.name if machine.short[0] == 'R' else 'm' + machine.short
machine.screen('python ping.py {} {}'.format(name, ' '.join(ips))) machine.screen('python ping.py {} {}'.format(name, ' '.join(ips)))
class testHMAC(Thread):
def run(self):
reg1_db = sqlite3.connect('registry/registry.db', isolation_level=None,
check_same_thread=False)
reg2_db = sqlite3.connect('registry2/registry.db', isolation_level=None,
check_same_thread=False)
reg1_db.text_factory = reg2_db.text_factory = str
m_net1 = ['registry', 'm1', 'm2', 'm3', 'm4', 'm5', 'm6', 'm7', 'm8']
m_net2 = ['registry2', 'm10']
print 'Testing HMAC, letting the time to machines to create tunnels...'
time.sleep(45)
print 'Check that the initial HMAC config is deployed on network 1'
test_hmac.checkHMAC(reg1_db, m_net1)
print 'Test that a HMAC update works with nodes that are up'
registry.screen('wget http://10.0.0.2/updateHMAC')
print 'Updated HMAC (config = hmac0 & hmac1), waiting...'
time.sleep(60)
print 'Checking HMAC on machines connected to registry 1...'
test_hmac.checkHMAC(reg1_db, m_net1)
print ('Test that machines can update upon reboot ' +
'when they were off during a HMAC update.')
test_hmac.killRe6st('m1')
print 'Re6st on machine 1 is stopped'
time.sleep(5)
registry.screen('wget http://10.0.0.2/updateHMAC')
print 'Updated HMAC on registry (config = hmac1 & hmac2), waiting...'
time.sleep(60)
new_node(machine1, 'm1', '-I%s' % m1_if_0.name,
None, 'http://%s/' % REGISTRY)
print 'Started re6st on machine 1, waiting for it to get new conf'
time.sleep(60)
print 'Checking HMAC on machines connected to registry 1...'
test_hmac.checkHMAC(reg1_db, m_net1)
print 'Testing of HMAC done!'
if args.hmac:
import test_hmac
testHMAC().start()
_ll = {} _ll = {}
def node_by_ll(addr): def node_by_ll(addr):
try: try:
......
import sqlite3, subprocess
def getConfig(db, name):
r, = next(db.execute(
"SELECT value FROM config WHERE name=?", (name,)), (None,))
if r is not None:
r = str(r).encode('hex')
return r
def killRe6st(machine):
p = subprocess.Popen(['pgrep', '-f', 'set ./py re6stnet @%s' %machine],
stdout=subprocess.PIPE)
ps_id = p.communicate()[0].split('\n', 1)[0]
if ps_id:
subprocess.Popen(['kill', ps_id])
def checkHMAC(db, machines):
hmac = dict([(k, getConfig(db, k))
for k in 'babel_hmac0', 'babel_hmac1', 'babel_hmac2'])
rc = True
ps = subprocess.Popen(['pgrep', '-a', 'babel'], stdout=subprocess.PIPE)
for p in (p for p in ps.communicate()[0].split('\n') if p):
if p.split('/',1)[0].split()[-1] in machines:
if hmac['babel_hmac0'] and not hmac['babel_hmac1']: # state = hmac0
if ('sign' not in p or
'accept' in p or
p.split('sign value ',1)[1].split()[0]\
!= hmac['babel_hmac0']):
rc = False
print 'HMAC config wrong for in %s' % p
else:
if hmac['babel_hmac0']: # state = hmac0 and hmac1
sign = 'babel_hmac0'
accept = 'babel_hmac1'
else: # state = hmac1 and hmac2
sign = 'babel_hmac1'
accept = 'babel_hmac2'
if ('accept' not in p or
'sign' not in p or
p.split('sign value ',1)[1].split()[0] != hmac[sign] or
p.split('accept value ',1)[1].split()[0] != hmac[accept]):
rc = False
print 'HMAC config wrong in %s' % p
if rc:
print('All nodes use Babel with the correct HMAC configuration')
else:
print('Correct config: %s' % hmac)
return rc
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment