David Weintraub wrote:
Isn't there a "failsonerror" parameter to make the build fail if the
ssh command called fails? Would that do what you want?
Unlike "exec" task, the sshexec task doesn't have a "resultsproperty"
that can contain the exit code if the task fails. So, you can't check
for that.
You can set outputproperty, and then use the "matches" condition to
parse the output to see if your sshexec's output is what you expected:
<ssh host="${a_hostname}"
username="${a_username}"
password="${a_password}"
command=" test -d ${a_dir} ||
mkdir -m 777 ${a_dir} 2>&1;
cd ${a_dir} 2>&1;"
trust="true
outproperty="ssh.output"/>
<condition property="${dir.not.created.flag}">
<matches pattern="[a-z]" string="${ssh.output}"/> <!-- If mkdir
worked, no output is produced -->
Here's the targets to check RPM installs
<presetdef name="rpmssh">
<sshexec host="${rpm.ssh.server}"
username="${rpm.ssh.user}"
passphrase="${rpm.ssh.passphrase}"
trust="${rpm.ssh.trust}"
keyfile="${rpm.ssh.keyfile}"
timeout="${ssh.command.timeout}"
/>
</presetdef>
<presetdef name="rootssh">
<rpmssh
username="root"
timeout="${ssh.rpm.command.timeout}"
/>
</presetdef>
<macrodef name="validate-rpm-result">
<attribute name="result" />
<sequential >
<echo>
@{result}
</echo>
<fail>
<condition >
<contains
string="@{result}"
substring="does not exist"/>
</condition>
The rpm contains files belonging to an unknown user.
</fail>
</sequential>
</macrodef>
Then I issue commands like
<rootssh command="rpm --erase ${rpm.verbosity} ${rpms.list}"/>
This will fail if the result !=0;
<rootssh command="rpm --erase --nodeps ${rpm.verbosity} ${rpms.list}"
failonerror="false"/>
is the same thing with no error
A more complex check grabs the output and looks for a specific string
<rootssh
failonerror="true"
command="rpm -qf ${rpm.install.dir} ;
rpm -qf ${rpm.install.dir}/bin ;
rpm -qf ${rpm.install.dir}/lib ;
rpm -qf ${rpm.install.dir}/links ;
rpm -qf ${rpm.install.dir}/links/smartfrog.jar;
rpm -qf ${rpm.install.dir}/links/sfServices.jar;
rpm -qf ${rpm.install.dir}/bin/security ;
rpm -qf ${rpm.install.dir}/bin/metadata ;
rpm -qf ${rpm.log.dir} ;
rpm -qf ${rpm.etc.dir} ;
rpm -qf ${rpm.install.dir}/testCA ;
rpm -qf ${rpm.install.dir}/private ;
rpm -qf ${rpm.install.dir}/signedLib ;
rpm -qf /etc/profile.d/smartfrog.sh ;
rpm -qf /etc/profile.d/smartfrog.csh ;
rpm -qf ${rpm.install.dir}/docs ;
rpm -qf ${rpm.javadocs.path}/index.html ;
rpm -qf ${rpm.install.dir}/src ;
rpm -qf ${rpm.install.dir}/src.zip ;
rpm -qf ${rpm.install.dir}/lib/ant-${apache.ant.version}.jar;
rpm -qf ${rpm.install.dir}/links/ant.jar
"
outputProperty="rpm.queries.results"/>
<echo>${rpm.queries.results}</echo>
<fail>
<condition>
<or>
<contains string="${rpm.queries.results}"
substring="is not owned by any package"/>
<contains string="${rpm.queries.results}"
substring="No such file or directory"/>
</or>
</condition>
One of the directories/files in the RPM is not declared as being
owned by any RPM.
This file/directory will not be managed correctly, or have the
correct permissions
on a hardened linux
</fail>
For the curious, this is how I test my RPMs are valid: we bring up a
virtual RedHat/CentOS machine and copy then install the artifacts, then
walk /etc/init.d/smartfrog through its lifecycle. The target hostname is
all property driven, so I could just as easy hit a remote server, real
or virtual. The hardest part is getting SCP/SSH happy: always connect by
hand first.
--
Steve Loughran http://www.1060.org/blogxter/publish/5
Author: Ant in Action http://antbook.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
