Re: [PATCH devel-2.1 16/17] QA: Restore RAPI cert after “gnt-cluster renew-crypto ”

Tue, 11 May 2010 03:54:27 -0700 

On Mon, May 10, 2010 at 05:30:42PM +0200, Michael Hanselmann wrote:
> The RAPI tests will depend on the certificate.
> ---
>  qa/qa_cluster.py |   45 +++++++++++++++++++++++++++++----------------
>  1 files changed, 29 insertions(+), 16 deletions(-)
> 
> diff --git a/qa/qa_cluster.py b/qa/qa_cluster.py
> index 09782e5..7e74ff9 100644
> --- a/qa/qa_cluster.py
> +++ b/qa/qa_cluster.py
> @@ -182,32 +182,45 @@ def TestClusterRenewCrypto():
>    AssertNotEqual(StartSSH(master["primary"],
>                            utils.ShellQuoteArgs(cmd)).wait(), 0)
>  
> -  # Custom RAPI certificate
> -  fh = tempfile.NamedTemporaryFile()
> +  rapi_cert_backup = qa_utils.BackupFile(master["primary"],
> +                                         constants.RAPI_CERT_FILE)
> +  try:
> +    # Custom RAPI certificate
> +    fh = tempfile.NamedTemporaryFile()
>  
> -  # Ensure certificate doesn't cause "gnt-cluster verify" to complain
> -  validity = constants.SSL_CERT_EXPIRATION_WARN * 3
> +    # Ensure certificate doesn't cause "gnt-cluster verify" to complain
> +    validity = constants.SSL_CERT_EXPIRATION_WARN * 3
>  
> -  bootstrap.GenerateSelfSignedSslCert(fh.name, validity=validity)
> +    bootstrap.GenerateSelfSignedSslCert(fh.name, validity=validity)
>  
> -  tmpcert = qa_utils.UploadFile(master["primary"], fh.name)
> -  try:
> +    tmpcert = qa_utils.UploadFile(master["primary"], fh.name)
> +    try:
> +      cmd = ["gnt-cluster", "renew-crypto", "--force",
> +             "--rapi-certificate=%s" % tmpcert]
> +      AssertEqual(StartSSH(master["primary"],
> +                           utils.ShellQuoteArgs(cmd)).wait(), 0)
> +    finally:
> +      cmd = ["rm", "-f", tmpcert]
> +      AssertEqual(StartSSH(master["primary"],
> +                           utils.ShellQuoteArgs(cmd)).wait(), 0)
> +
> +    # Normal case
> +    cmd = ["gnt-cluster", "renew-crypto", "--force",
> +           "--new-cluster-certificate", "--new-confd-hmac-key",
> +           "--new-rapi-certificate"]
> +    AssertEqual(StartSSH(master["primary"],
> +                         utils.ShellQuoteArgs(cmd)).wait(), 0)
> +
> +    # Restore RAPI certificate
>      cmd = ["gnt-cluster", "renew-crypto", "--force",
> -           "--rapi-certificate=%s" % tmpcert]
> +           "--rapi-certificate=%s" % rapi_cert_backup]
>      AssertEqual(StartSSH(master["primary"],
>                           utils.ShellQuoteArgs(cmd)).wait(), 0)

LGTM, but after this step, you don't verify that the correct file has
been put back into place, and this could trigger (seemingly unrelated)
RAPI failures (instead of renew-crypto failures).  Are you fine with
that?

iustin

Reply via email to