Skip to content

Instantly share code, notes, and snippets.

@redshiftzero

redshiftzero/app-staging-ansible-2.2.1

Last active May 12, 2017 20:48
Show Gist options
  • Save redshiftzero/3016ea21e5eafcc84240a6d99687e5fa to your computer and use it in GitHub Desktop.
Save redshiftzero/3016ea21e5eafcc84240a6d99687e5fa to your computer and use it in GitHub Desktop.
Download ZIP
Raw
app-staging-ansible-2.2.1
======================================================= FAILURES =======================================================
____________________________________ test_app_iptables_rules[ansible://app-staging] ____________________________________
[gw3] darwin -- Python 2.7.12 /usr/local/opt/python/bin/python2.7
SystemInfo = <testinfra.modules.base.SystemInfo object at 0x10fcdabd0>
Command = <command>, Sudo = <sudo>
def test_app_iptables_rules(SystemInfo, Command, Sudo):
# Build a dict of variables to pass to jinja for iptables comparison
kwargs = dict(
mon_ip=securedrop_test_vars.mon_ip,
default_interface = Command.check_output("ip r | head -n 1 | awk '{ print $5 }'"),
tor_user_id = Command.check_output("id -u debian-tor"),
securedrop_user_id = Command.check_output("id -u www-data"),
ssh_group_gid = Command.check_output("getent group ssh | cut -d: -f3"),
dns_server = securedrop_test_vars.dns_server)
# Build iptables scrape cmd, purge comments + counters
iptables = "iptables-save | sed 's/ \[[0-9]*\:[0-9]*\]//g' | egrep -v '^#'"
environment = os.environ.get("CI_SD_ENV")
iptables_file = "{}/iptables-app-{}.j2".format(
os.path.dirname(os.path.abspath(__file__)),
environment)
# template out a local iptables jinja file
> jinja_iptables = Template(open(iptables_file,'r').read())
E IOError: [Errno 2] No such file or directory: '/Users/redshiftzero/Documents/FPFGithub/conor-ossec-reboot/securedrop/testinfra/app/iptables-app-None.j2'
testinfra/app/test_network.py:29: IOError
------------------------------------------------- Captured stderr call -------------------------------------------------
INFO:testinfra:RUN Ansible(u'shell', "ip r | head -n 1 | awk '{ print $5 }'", {}): {'_ansible_no_log': False,
'_ansible_parsed': True,
u'changed': True,
u'cmd': u"ip r | head -n 1 | awk '{ print $5 }'",
u'delta': u'0:00:00.036434',
u'end': u'2017-05-12 20:28:01.293474',
'invocation': {u'module_args': {u'_raw_params': u"ip r | head -n 1 | awk '{ print $5 }'",
u'_uses_shell': True,
u'chdir': None,
u'creates': None,
u'executable': None,
u'removes': None,
u'warn': True},
'module_name': u'command'},
u'rc': 0,
u'start': u'2017-05-12 20:28:01.257040',
u'stderr': u'',
u'stdout': u'eth0',
'stdout_lines': [u'eth0'],
u'warnings': []}
INFO:testinfra:RUN CommandResult(command="ip r | head -n 1 | awk '{ print $5 }'", exit_status=0, stdout='eth0', stderr=u'')
INFO:testinfra:RUN Ansible(u'shell', 'id -u debian-tor', {}): {'_ansible_no_log': False,
'_ansible_parsed': True,
u'changed': True,
u'cmd': u'id -u debian-tor',
u'delta': u'0:00:00.018108',
u'end': u'2017-05-12 20:28:01.967531',
'invocation': {u'module_args': {u'_raw_params': u'id -u debian-tor',
u'_uses_shell': True,
u'chdir': None,
u'creates': None,
u'executable': None,
u'removes': None,
u'warn': True},
'module_name': u'command'},
u'rc': 0,
u'start': u'2017-05-12 20:28:01.949423',
u'stderr': u'',
u'stdout': u'107',
'stdout_lines': [u'107'],
u'warnings': []}
INFO:testinfra:RUN CommandResult(command='id -u debian-tor', exit_status=0, stdout='107', stderr=u'')
INFO:testinfra:RUN Ansible(u'shell', 'id -u www-data', {}): {'_ansible_no_log': False,
'_ansible_parsed': True,
u'changed': True,
u'cmd': u'id -u www-data',
u'delta': u'0:00:00.035439',
u'end': u'2017-05-12 20:28:02.847071',
'invocation': {u'module_args': {u'_raw_params': u'id -u www-data',
u'_uses_shell': True,
u'chdir': None,
u'creates': None,
u'executable': None,
u'removes': None,
u'warn': True},
'module_name': u'command'},
u'rc': 0,
u'start': u'2017-05-12 20:28:02.811632',
u'stderr': u'',
u'stdout': u'33',
'stdout_lines': [u'33'],
u'warnings': []}
INFO:testinfra:RUN CommandResult(command='id -u www-data', exit_status=0, stdout='33', stderr=u'')
INFO:testinfra:RUN Ansible(u'shell', 'getent group ssh | cut -d: -f3', {}): {'_ansible_no_log': False,
'_ansible_parsed': True,
u'changed': True,
u'cmd': u'getent group ssh | cut -d: -f3',
u'delta': u'0:00:00.019824',
u'end': u'2017-05-12 20:28:03.559388',
'invocation': {u'module_args': {u'_raw_params': u'getent group ssh | cut -d: -f3',
u'_uses_shell': True,
u'chdir': None,
u'creates': None,
u'executable': None,
u'removes': None,
u'warn': True},
'module_name': u'command'},
u'rc': 0,
u'start': u'2017-05-12 20:28:03.539564',
u'stderr': u'',
u'stdout': u'108',
'stdout_lines': [u'108'],
u'warnings': []}
INFO:testinfra:RUN CommandResult(command='getent group ssh | cut -d: -f3', exit_status=0, stdout='108', stderr=u'')
______ test_apache_config_journalist_interface[ansible://app-staging-XSendFilePath /var/lib/securedrop/store/] ______
[gw3] darwin -- Python 2.7.12 /usr/local/opt/python/bin/python2.7
File = <class 'testinfra.modules.base.GNUFile'>
apache_opt = 'XSendFilePath /var/lib/securedrop/store/'
@pytest.mark.parametrize("apache_opt", [
'Header set Cache-Control "max-age=1800"',
"<VirtualHost {}:8080>".format(securedrop_test_vars['apache_listening_address']),
"DocumentRoot {}/static".format(securedrop_test_vars['securedrop_code']),
"Alias /static {}/static".format(securedrop_test_vars['securedrop_code']),
"WSGIDaemonProcess journalist processes=2 threads=30 display-name=%{GROUP}"+" python-path={}".format(securedrop_test_vars['securedrop_code']),
'WSGIProcessGroup journalist',
'WSGIScriptAlias / /var/www/journalist.wsgi/',
'AddType text/html .py',
'XSendFile On',
'XSendFilePath /var/lib/securedrop/store/',
'XSendFilePath /var/lib/securedrop/tmp/',
'ErrorLog /var/log/apache2/journalist-error.log',
'CustomLog /var/log/apache2/journalist-access.log combined',
])
def test_apache_config_journalist_interface(File, apache_opt):
"""
Ensure the necessary Apache settings for serving the application
are in place. Some values will change according to the host,
e.g. app-staging versus app-prod will have different listening
addresses, depending on whether Tor connections are forced.
These checks apply only to the Document Interface, used by Journalists.
"""
f = File("/etc/apache2/sites-available/journalist.conf")
> assert f.is_file
testinfra/app/apache/test_apache_journalist_interface.py:111:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python2.7/site-packages/testinfra/modules/file.py:42: in is_file
return self.run_test("test -f %s", self.path).rc == 0
/usr/local/lib/python2.7/site-packages/testinfra/host.py:74: in run_test
return self.run_expect([0, 1], command, *args, **kwargs)
/usr/local/lib/python2.7/site-packages/testinfra/host.py:55: in run
return self.backend.run(command, *args, **kwargs)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <testinfra.backend.ansible.AnsibleBackend object at 0x10f1048d0>
command = 'test -f /etc/apache2/sites-available/journalist.conf'
args = ('/etc/apache2/sites-available/journalist.conf',), kwargs = {}
out = {'exception': 'Traceback (most recent call last):
File "/usr/local/lib/python2.7/site-packages/ansible/executor/task...: [Errno 24] Too many open files
', 'failed': True, 'msg': 'Unexpected failure during module execution.', 'stdout': ''}
stdout_bytes = ''
def run(self, command, *args, **kwargs):
command = self.get_command(command, *args)
out = self.run_ansible("shell", module_args=command)
# Ansible may return bytes as an unicode object...
# A simple test case is:
# >>> assert File("/bin/true").content == open("/bin/true").read()
try:
stdout_bytes = b"".join((chr(ord(c)) for c in out['stdout']))
except ValueError:
stdout_bytes = None
try:
> stderr_bytes = b"".join((chr(ord(c)) for c in out['stderr']))
E KeyError: u'stderr'
/usr/local/lib/python2.7/site-packages/testinfra/backend/ansible.py:55: KeyError
------------------------------------------------- Captured stderr call -------------------------------------------------
INFO:testinfra:RUN Ansible(u'shell', u'test -f /etc/apache2/sites-available/journalist.conf', {}): {'exception': u'Traceback (most recent call last):\n File "/usr/local/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 126, in run\n res = self._execute()\n File "/usr/local/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 502, in _execute\n result = self._handler.run(task_vars=variables)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/action/normal.py", line 33, in run\n results = merge_hash(results, self._execute_module(tmp=tmp, task_vars=task_vars))\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/action/__init__.py", line 650, in _execute_module\n res = self._low_level_execute_command(cmd, sudoable=sudoable, in_data=in_data)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/action/__init__.py", line 774, in _low_level_execute_command\n rc, stdout, stderr = self._connection.exec_command(cmd, in_data=in_data, sudoable=sudoable)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/connection/ssh.py", line 674, in exec_command\n return_tuple = self._exec_command(*args, **kwargs)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/connection/ssh.py", line 599, in _exec_command\n (returncode, stdout, stderr) = self._run(cmd, in_data, sudoable=sudoable)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/connection/ssh.py", line 359, in _run\n p = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)\n File "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 711, in __init__\n errread, errwrite)\n File "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 1227, in _execute_child\n errpipe_read, errpipe_write = self.pipe_cloexec()\n File "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 1179, in pipe_cloexec\n r, w = os.pipe()\nOSError: [Errno 24] Too many open files\n',
'failed': True,
'msg': 'Unexpected failure during module execution.',
'stdout': ''}
____ test_apache_config_journalist_interface[ansible://app-staging-ErrorLog /var/log/apache2/journalist-error.log] _____
[gw1] darwin -- Python 2.7.12 /usr/local/opt/python/bin/python2.7
File = <class 'testinfra.modules.base.GNUFile'>
apache_opt = 'ErrorLog /var/log/apache2/journalist-error.log'
@pytest.mark.parametrize("apache_opt", [
'Header set Cache-Control "max-age=1800"',
"<VirtualHost {}:8080>".format(securedrop_test_vars['apache_listening_address']),
"DocumentRoot {}/static".format(securedrop_test_vars['securedrop_code']),
"Alias /static {}/static".format(securedrop_test_vars['securedrop_code']),
"WSGIDaemonProcess journalist processes=2 threads=30 display-name=%{GROUP}"+" python-path={}".format(securedrop_test_vars['securedrop_code']),
'WSGIProcessGroup journalist',
'WSGIScriptAlias / /var/www/journalist.wsgi/',
'AddType text/html .py',
'XSendFile On',
'XSendFilePath /var/lib/securedrop/store/',
'XSendFilePath /var/lib/securedrop/tmp/',
'ErrorLog /var/log/apache2/journalist-error.log',
'CustomLog /var/log/apache2/journalist-access.log combined',
])
def test_apache_config_journalist_interface(File, apache_opt):
"""
Ensure the necessary Apache settings for serving the application
are in place. Some values will change according to the host,
e.g. app-staging versus app-prod will have different listening
addresses, depending on whether Tor connections are forced.
These checks apply only to the Document Interface, used by Journalists.
"""
f = File("/etc/apache2/sites-available/journalist.conf")
assert f.is_file
> assert f.user == "root"
testinfra/app/apache/test_apache_journalist_interface.py:112:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python2.7/site-packages/testinfra/modules/file.py:190: in user
return self.check_output("stat -c %%U %s", self.path)
/usr/local/lib/python2.7/site-packages/testinfra/host.py:55: in run
return self.backend.run(command, *args, **kwargs)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <testinfra.backend.ansible.AnsibleBackend object at 0x1052668d0>
command = 'stat -c %U /etc/apache2/sites-available/journalist.conf'
args = ('/etc/apache2/sites-available/journalist.conf',), kwargs = {}
out = {'exception': 'Traceback (most recent call last):
File "/usr/local/lib/python2.7/site-packages/ansible/executor/task...: [Errno 24] Too many open files
', 'failed': True, 'msg': 'Unexpected failure during module execution.', 'stdout': ''}
stdout_bytes = ''
def run(self, command, *args, **kwargs):
command = self.get_command(command, *args)
out = self.run_ansible("shell", module_args=command)
# Ansible may return bytes as an unicode object...
# A simple test case is:
# >>> assert File("/bin/true").content == open("/bin/true").read()
try:
stdout_bytes = b"".join((chr(ord(c)) for c in out['stdout']))
except ValueError:
stdout_bytes = None
try:
> stderr_bytes = b"".join((chr(ord(c)) for c in out['stderr']))
E KeyError: u'stderr'
/usr/local/lib/python2.7/site-packages/testinfra/backend/ansible.py:55: KeyError
------------------------------------------------- Captured stderr call -------------------------------------------------
INFO:testinfra:RUN Ansible(u'shell', u'test -f /etc/apache2/sites-available/journalist.conf', {}): {'_ansible_no_log': False,
'_ansible_parsed': True,
u'changed': True,
u'cmd': u'test -f /etc/apache2/sites-available/journalist.conf',
u'delta': u'0:00:00.012655',
u'end': u'2017-05-12 20:28:22.341183',
'invocation': {u'module_args': {u'_raw_params': u'test -f /etc/apache2/sites-available/journalist.conf',
u'_uses_shell': True,
u'chdir': None,
u'creates': None,
u'executable': None,
u'removes': None,
u'warn': True},
'module_name': u'command'},
u'rc': 0,
u'start': u'2017-05-12 20:28:22.328528',
u'stderr': u'',
u'stdout': u'',
'stdout_lines': [],
u'warnings': []}
INFO:testinfra:RUN CommandResult(command=u'test -f /etc/apache2/sites-available/journalist.conf', exit_status=0, stdout=u'', stderr=u'')
INFO:testinfra:RUN Ansible(u'shell', u'stat -c %U /etc/apache2/sites-available/journalist.conf', {}): {'exception': u'Traceback (most recent call last):\n File "/usr/local/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 126, in run\n res = self._execute()\n File "/usr/local/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 502, in _execute\n result = self._handler.run(task_vars=variables)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/action/normal.py", line 33, in run\n results = merge_hash(results, self._execute_module(tmp=tmp, task_vars=task_vars))\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/action/__init__.py", line 650, in _execute_module\n res = self._low_level_execute_command(cmd, sudoable=sudoable, in_data=in_data)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/action/__init__.py", line 774, in _low_level_execute_command\n rc, stdout, stderr = self._connection.exec_command(cmd, in_data=in_data, sudoable=sudoable)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/connection/ssh.py", line 674, in exec_command\n return_tuple = self._exec_command(*args, **kwargs)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/connection/ssh.py", line 599, in _exec_command\n (returncode, stdout, stderr) = self._run(cmd, in_data, sudoable=sudoable)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/connection/ssh.py", line 359, in _run\n p = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)\n File "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 711, in __init__\n errread, errwrite)\n File "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 1227, in _execute_child\n errpipe_read, errpipe_write = self.pipe_cloexec()\n File "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 1179, in pipe_cloexec\n r, w = os.pipe()\nOSError: [Errno 24] Too many open files\n',
'failed': True,
'msg': 'Unexpected failure during module execution.',
'stdout': ''}
______________________________________ test_apache_service[ansible://app-staging] ______________________________________
[gw2] darwin -- Python 2.7.12 /usr/local/opt/python/bin/python2.7
Service = <class 'testinfra.modules.base.UpstartService'>, Sudo = <sudo>
def test_apache_service(Service, Sudo):
"""
Ensure Apache service is running.
"""
# Sudo is necessary to run `service apache2 status`, otherwise
# the service is falsely reported as not running.
with Sudo():
s = Service("apache2")
> assert s.is_running
testinfra/app/apache/test_apache_service.py:52:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python2.7/site-packages/testinfra/modules/service.py:129: in is_running
return super(UpstartService, self).is_running
/usr/local/lib/python2.7/site-packages/testinfra/modules/service.py:80: in is_running
[0, 1, 3], "service %s status", self.name).rc == 0
/usr/local/lib/python2.7/site-packages/testinfra/host.py:55: in run
return self.backend.run(command, *args, **kwargs)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <testinfra.backend.ansible.AnsibleBackend object at 0x109c9c8d0>
command = "sudo /bin/sh -c 'service apache2 status'", args = ('apache2',)
kwargs = {}
out = {'exception': 'Traceback (most recent call last):
File "/usr/local/lib/python2.7/site-packages/ansible/executor/task...: [Errno 24] Too many open files
', 'failed': True, 'msg': 'Unexpected failure during module execution.', 'stdout': ''}
stdout_bytes = ''
def run(self, command, *args, **kwargs):
command = self.get_command(command, *args)
out = self.run_ansible("shell", module_args=command)
# Ansible may return bytes as an unicode object...
# A simple test case is:
# >>> assert File("/bin/true").content == open("/bin/true").read()
try:
stdout_bytes = b"".join((chr(ord(c)) for c in out['stdout']))
except ValueError:
stdout_bytes = None
try:
> stderr_bytes = b"".join((chr(ord(c)) for c in out['stderr']))
E KeyError: u'stderr'
/usr/local/lib/python2.7/site-packages/testinfra/backend/ansible.py:55: KeyError
------------------------------------------------ Captured stderr setup -------------------------------------------------
INFO:testinfra:RUN Ansible(u'shell', u'command -v systemctl', {}): {'_ansible_no_log': False,
'_ansible_parsed': True,
u'changed': True,
u'cmd': u'command -v systemctl',
u'delta': u'0:00:00.006588',
u'end': u'2017-05-12 20:28:22.067592',
'failed': True,
'invocation': {u'module_args': {u'_raw_params': u'command -v systemctl',
u'_uses_shell': True,
u'chdir': None,
u'creates': None,
u'executable': None,
u'removes': None,
u'warn': True},
'module_name': u'command'},
u'rc': 127,
u'start': u'2017-05-12 20:28:22.061004',
u'stderr': u'',
u'stdout': u'',
'stdout_lines': [],
u'warnings': []}
INFO:testinfra:RUN CommandResult(command=u'command -v systemctl', exit_status=127, stdout=u'', stderr=u'')
INFO:testinfra:RUN Ansible(u'shell', u'command -v initctl', {}): {'_ansible_no_log': False,
'_ansible_parsed': True,
u'changed': True,
u'cmd': u'command -v initctl',
u'delta': u'0:00:00.007638',
u'end': u'2017-05-12 20:28:22.539150',
'invocation': {u'module_args': {u'_raw_params': u'command -v initctl',
u'_uses_shell': True,
u'chdir': None,
u'creates': None,
u'executable': None,
u'removes': None,
u'warn': True},
'module_name': u'command'},
u'rc': 0,
u'start': u'2017-05-12 20:28:22.531512',
u'stderr': u'',
u'stdout': u'/sbin/initctl',
'stdout_lines': [u'/sbin/initctl'],
u'warnings': []}
INFO:testinfra:RUN CommandResult(command=u'command -v initctl', exit_status=0, stdout='/sbin/initctl', stderr=u'')
------------------------------------------------- Captured stderr call -------------------------------------------------
INFO:testinfra:RUN Ansible(u'shell', u"sudo /bin/sh -c 'status apache2'", {}): {'_ansible_no_log': False,
'_ansible_parsed': True,
u'changed': True,
u'cmd': u"sudo /bin/sh -c 'status apache2'",
u'delta': u'0:00:00.034880',
u'end': u'2017-05-12 20:28:22.989148',
'failed': True,
'invocation': {u'module_args': {u'_raw_params': u"sudo /bin/sh -c 'status apache2'",
u'_uses_shell': True,
u'chdir': None,
u'creates': None,
u'executable': None,
u'removes': None,
u'warn': True},
'module_name': u'command'},
u'rc': 1,
u'start': u'2017-05-12 20:28:22.954268',
u'stderr': u'status: Unknown job: apache2',
u'stdout': u'',
'stdout_lines': [],
u'warnings': [u"Consider using 'become', 'become_method', and 'become_user' rather than running sudo"]}
INFO:testinfra:RUN CommandResult(command=u"sudo /bin/sh -c 'status apache2'", exit_status=1, stdout=u'', stderr='status: Unknown job: apache2')
INFO:testinfra:RUN Ansible(u'shell', u"sudo /bin/sh -c 'service apache2 status'", {}): {'exception': u'Traceback (most recent call last):\n File "/usr/local/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 126, in run\n res = self._execute()\n File "/usr/local/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 502, in _execute\n result = self._handler.run(task_vars=variables)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/action/normal.py", line 33, in run\n results = merge_hash(results, self._execute_module(tmp=tmp, task_vars=task_vars))\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/action/__init__.py", line 650, in _execute_module\n res = self._low_level_execute_command(cmd, sudoable=sudoable, in_data=in_data)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/action/__init__.py", line 774, in _low_level_execute_command\n rc, stdout, stderr = self._connection.exec_command(cmd, in_data=in_data, sudoable=sudoable)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/connection/ssh.py", line 674, in exec_command\n return_tuple = self._exec_command(*args, **kwargs)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/connection/ssh.py", line 599, in _exec_command\n (returncode, stdout, stderr) = self._run(cmd, in_data, sudoable=sudoable)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/connection/ssh.py", line 359, in _run\n p = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)\n File "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 711, in __init__\n errread, errwrite)\n File "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 1227, in _execute_child\n errpipe_read, errpipe_write = self.pipe_cloexec()\n File "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 1179, in pipe_cloexec\n r, w = os.pipe()\nOSError: [Errno 24] Too many open files\n',
'failed': True,
'msg': 'Unexpected failure during module execution.',
'stdout': ''}
_______________________________________ test_apache_user[ansible://app-staging] ________________________________________
[gw2] darwin -- Python 2.7.12 /usr/local/opt/python/bin/python2.7
User = <class 'testinfra.modules.base.User'>
def test_apache_user(User):
"""
Ensure user account for running application code is configured correctly.
"""
u = User("www-data")
assert u.exists
> assert u.home == "/var/www"
testinfra/app/apache/test_apache_service.py:62:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python2.7/site-packages/testinfra/modules/user.py:72: in home
return self.check_output("getent passwd %s", self.name).split(":")[5]
/usr/local/lib/python2.7/site-packages/testinfra/host.py:55: in run
return self.backend.run(command, *args, **kwargs)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <testinfra.backend.ansible.AnsibleBackend object at 0x109c9c8d0>
command = 'getent passwd www-data', args = ('www-data',), kwargs = {}
out = {'exception': 'Traceback (most recent call last):
File "/usr/local/lib/python2.7/site-packages/ansible/executor/task...: [Errno 24] Too many open files
', 'failed': True, 'msg': 'Unexpected failure during module execution.', 'stdout': ''}
stdout_bytes = ''
def run(self, command, *args, **kwargs):
command = self.get_command(command, *args)
out = self.run_ansible("shell", module_args=command)
# Ansible may return bytes as an unicode object...
# A simple test case is:
# >>> assert File("/bin/true").content == open("/bin/true").read()
try:
stdout_bytes = b"".join((chr(ord(c)) for c in out['stdout']))
except ValueError:
stdout_bytes = None
try:
> stderr_bytes = b"".join((chr(ord(c)) for c in out['stderr']))
E KeyError: u'stderr'
/usr/local/lib/python2.7/site-packages/testinfra/backend/ansible.py:55: KeyError
------------------------------------------------- Captured stderr call -------------------------------------------------
INFO:testinfra:RUN Ansible(u'shell', u'id www-data', {}): {'_ansible_no_log': False,
'_ansible_parsed': True,
u'changed': True,
u'cmd': u'id www-data',
u'delta': u'0:00:00.011863',
u'end': u'2017-05-12 20:28:23.478107',
'invocation': {u'module_args': {u'_raw_params': u'id www-data',
u'_uses_shell': True,
u'chdir': None,
u'creates': None,
u'executable': None,
u'removes': None,
u'warn': True},
'module_name': u'command'},
u'rc': 0,
u'start': u'2017-05-12 20:28:23.466244',
u'stderr': u'',
u'stdout': u'uid=33(www-data) gid=33(www-data) groups=33(www-data)',
'stdout_lines': [u'uid=33(www-data) gid=33(www-data) groups=33(www-data)'],
u'warnings': []}
INFO:testinfra:RUN CommandResult(command=u'id www-data', exit_status=0, stdout='uid=33(www-data) gid=33(www-data) groups=33(www-data)', stderr=u'')
INFO:testinfra:RUN Ansible(u'shell', u'getent passwd www-data', {}): {'exception': u'Traceback (most recent call last):\n File "/usr/local/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 126, in run\n res = self._execute()\n File "/usr/local/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 502, in _execute\n result = self._handler.run(task_vars=variables)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/action/normal.py", line 33, in run\n results = merge_hash(results, self._execute_module(tmp=tmp, task_vars=task_vars))\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/action/__init__.py", line 650, in _execute_module\n res = self._low_level_execute_command(cmd, sudoable=sudoable, in_data=in_data)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/action/__init__.py", line 774, in _low_level_execute_command\n rc, stdout, stderr = self._connection.exec_command(cmd, in_data=in_data, sudoable=sudoable)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/connection/ssh.py", line 674, in exec_command\n return_tuple = self._exec_command(*args, **kwargs)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/connection/ssh.py", line 599, in _exec_command\n (returncode, stdout, stderr) = self._run(cmd, in_data, sudoable=sudoable)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/connection/ssh.py", line 359, in _run\n p = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)\n File "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 711, in __init__\n errread, errwrite)\n File "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 1227, in _execute_child\n errpipe_read, errpipe_write = self.pipe_cloexec()\n File "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 1179, in pipe_cloexec\n r, w = os.pipe()\nOSError: [Errno 24] Too many open files\n',
'failed': True,
'msg': 'Unexpected failure during module execution.',
'stdout': ''}
________________ test_apache_config_source_interface[ansible://app-staging-ErrorDocument 404 /notfound] ________________
[gw0] darwin -- Python 2.7.12 /usr/local/opt/python/bin/python2.7
File = <class 'testinfra.modules.base.GNUFile'>
apache_opt = 'ErrorDocument 404 /notfound'
@pytest.mark.parametrize("apache_opt", [
'Header set Cache-Control "max-age=1800, must-revalidate"',
"<VirtualHost {}:80>".format(securedrop_test_vars.apache_listening_address),
"DocumentRoot {}/static".format(securedrop_test_vars.securedrop_code),
"Alias /static {}/static".format(securedrop_test_vars.securedrop_code),
"WSGIDaemonProcess source processes=2 threads=30 display-name=%{GROUP}"+" python-path={}".format(securedrop_test_vars.securedrop_code),
'WSGIProcessGroup source',
'WSGIScriptAlias / /var/www/source.wsgi/',
'AddType text/html .py',
'XSendFile Off',
'LimitRequestBody 524288000',
'ErrorDocument 400 /notfound',
'ErrorDocument 401 /notfound',
'ErrorDocument 403 /notfound',
'ErrorDocument 404 /notfound',
'ErrorDocument 500 /notfound',
"ErrorLog {}".format(securedrop_test_vars.apache_source_log),
])
def test_apache_config_source_interface(File, apache_opt):
"""
Ensure the necessary Apache settings for serving the application
are in place. Some values will change according to the host,
e.g. app-staging versus app-prod will have different listening
addresses, depending on whether Tor connections are forced.
These checks apply only to the Source Interface, used by Sources.
"""
f = File("/etc/apache2/sites-available/source.conf")
> assert f.is_file
testinfra/app/apache/test_apache_source_interface.py:50:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python2.7/site-packages/testinfra/modules/file.py:42: in is_file
return self.run_test("test -f %s", self.path).rc == 0
/usr/local/lib/python2.7/site-packages/testinfra/host.py:74: in run_test
return self.run_expect([0, 1], command, *args, **kwargs)
/usr/local/lib/python2.7/site-packages/testinfra/host.py:55: in run
return self.backend.run(command, *args, **kwargs)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <testinfra.backend.ansible.AnsibleBackend object at 0x104ba78d0>
command = 'test -f /etc/apache2/sites-available/source.conf'
args = ('/etc/apache2/sites-available/source.conf',), kwargs = {}
out = {'exception': 'Traceback (most recent call last):
File "/usr/local/lib/python2.7/site-packages/ansible/executor/task...: [Errno 24] Too many open files
', 'failed': True, 'msg': 'Unexpected failure during module execution.', 'stdout': ''}
stdout_bytes = ''
def run(self, command, *args, **kwargs):
command = self.get_command(command, *args)
out = self.run_ansible("shell", module_args=command)
# Ansible may return bytes as an unicode object...
# A simple test case is:
# >>> assert File("/bin/true").content == open("/bin/true").read()
try:
stdout_bytes = b"".join((chr(ord(c)) for c in out['stdout']))
except ValueError:
stdout_bytes = None
try:
> stderr_bytes = b"".join((chr(ord(c)) for c in out['stderr']))
E KeyError: u'stderr'
/usr/local/lib/python2.7/site-packages/testinfra/backend/ansible.py:55: KeyError
------------------------------------------------- Captured stderr call -------------------------------------------------
INFO:testinfra:RUN Ansible(u'shell', u'test -f /etc/apache2/sites-available/source.conf', {}): {'exception': u'Traceback (most recent call last):\n File "/usr/local/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 126, in run\n res = self._execute()\n File "/usr/local/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 502, in _execute\n result = self._handler.run(task_vars=variables)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/action/normal.py", line 33, in run\n results = merge_hash(results, self._execute_module(tmp=tmp, task_vars=task_vars))\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/action/__init__.py", line 650, in _execute_module\n res = self._low_level_execute_command(cmd, sudoable=sudoable, in_data=in_data)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/action/__init__.py", line 774, in _low_level_execute_command\n rc, stdout, stderr = self._connection.exec_command(cmd, in_data=in_data, sudoable=sudoable)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/connection/ssh.py", line 674, in exec_command\n return_tuple = self._exec_command(*args, **kwargs)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/connection/ssh.py", line 599, in _exec_command\n (returncode, stdout, stderr) = self._run(cmd, in_data, sudoable=sudoable)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/connection/ssh.py", line 359, in _run\n p = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)\n File "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 711, in __init__\n errread, errwrite)\n File "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 1227, in _execute_child\n errpipe_read, errpipe_write = self.pipe_cloexec()\n File "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 1179, in pipe_cloexec\n r, w = os.pipe()\nOSError: [Errno 24] Too many open files\n',
'failed': True,
'msg': 'Unexpected failure during module execution.',
'stdout': ''}
___________________________ test_apache_config_settings[ansible://app-staging-KeepAlive On] ____________________________
[gw0] darwin -- Python 2.7.12 /usr/local/opt/python/bin/python2.7
File = <class 'testinfra.modules.base.GNUFile'>, apache_opt = 'KeepAlive On'
@pytest.mark.parametrize("apache_opt", [
'Mutex file:${APACHE_LOCK_DIR} default',
'PidFile ${APACHE_PID_FILE}',
'Timeout 60',
'KeepAlive On',
'MaxKeepAliveRequests 100',
'KeepAliveTimeout 5',
'User www-data',
'Group www-data',
'AddDefaultCharset UTF-8',
'DefaultType None',
'HostnameLookups Off',
'ErrorLog /dev/null',
'LogLevel crit',
'IncludeOptional mods-enabled/*.load',
'IncludeOptional mods-enabled/*.conf',
'Include ports.conf',
'IncludeOptional sites-enabled/*.conf',
'ServerTokens Prod',
'ServerSignature Off',
'TraceEnable Off',
])
def test_apache_config_settings(File, apache_opt):
"""
Check required Apache config settings for general server.
These checks do not target individual interfaces, e.g.
Source versus Document Interface, and instead apply to
Apache more generally.
"""
f = File("/etc/apache2/apache2.conf")
assert f.is_file
> assert f.user == "root"
testinfra/app/apache/test_apache_system_config.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python2.7/site-packages/testinfra/modules/file.py:190: in user
return self.check_output("stat -c %%U %s", self.path)
/usr/local/lib/python2.7/site-packages/testinfra/host.py:55: in run
return self.backend.run(command, *args, **kwargs)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <testinfra.backend.ansible.AnsibleBackend object at 0x104ba78d0>
command = 'stat -c %U /etc/apache2/apache2.conf'
args = ('/etc/apache2/apache2.conf',), kwargs = {}
out = {'exception': 'Traceback (most recent call last):
File "/usr/local/lib/python2.7/site-packages/ansible/executor/task...: [Errno 24] Too many open files
', 'failed': True, 'msg': 'Unexpected failure during module execution.', 'stdout': ''}
stdout_bytes = ''
def run(self, command, *args, **kwargs):
command = self.get_command(command, *args)
out = self.run_ansible("shell", module_args=command)
# Ansible may return bytes as an unicode object...
# A simple test case is:
# >>> assert File("/bin/true").content == open("/bin/true").read()
try:
stdout_bytes = b"".join((chr(ord(c)) for c in out['stdout']))
except ValueError:
stdout_bytes = None
try:
> stderr_bytes = b"".join((chr(ord(c)) for c in out['stderr']))
E KeyError: u'stderr'
/usr/local/lib/python2.7/site-packages/testinfra/backend/ansible.py:55: KeyError
Raw
app-staging-ansible-2.2.2
======================================================================================================================= ERRORS ========================================================================================================================
___________________________________________________________________________________________________ ERROR collecting testinfra/app/test_apparmor.py ___________________________________________________________________________________________________
/usr/local/lib/python2.7/site-packages/testinfra/plugin.py:136: in pytest_generate_tests
ansible_inventory=metafunc.config.option.ansible_inventory,
/usr/local/lib/python2.7/site-packages/testinfra/host.py:125: in get_hosts
for backend in testinfra.backend.get_backends(hosts, **kwargs):
/usr/local/lib/python2.7/site-packages/testinfra/backend/__init__.py:84: in get_backends
for name in klass.get_hosts(host, **kw):
/usr/local/lib/python2.7/site-packages/testinfra/backend/ansible.py:82: in get_hosts
return AnsibleRunner(kwargs.get("ansible_inventory")).get_hosts(host)
/usr/local/lib/python2.7/site-packages/testinfra/utils/ansible_runner.py:165: in __init__
host_list=host_list or self.cli.options.inventory,
/usr/local/lib/python2.7/site-packages/ansible/inventory/__init__.py:97: in __init__
self.parse_inventory(host_list)
/usr/local/lib/python2.7/site-packages/ansible/inventory/__init__.py:181: in parse_inventory
host.remove_group(ungrouped)
E AttributeError: 'Host' object has no attribute 'remove_group'
=============================================================================================================== pytest-warning summary ================================================================================================================
WP1 None Module already imported so can not be re-written: testinfra
=============================================================================================== 254 skipped, 1 pytest-warnings, 1 error in 3.13 seconds ===============================================================================================
=============================================================================================== 254 skipped, 1 pytest-warnings, 1 error in 3.13 seconds ===============================================================================================
Traceback (most recent call last):
File "./testinfra/test.py", line 129, in <module>
run_testinfra(target_host)
File "./testinfra/test.py", line 126, in run_testinfra
subprocess.check_call(testinfra_command)
File "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 541, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['testinfra', '-vv', '-n', 'auto', '--connection', 'ansible', '--ansible-inventory', '.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory', '--hosts', 'app-staging', 'testinfra/app', 'testinfra/app-code', 'testinfra/common', 'testinfra/development/test_xvfb.py']' returned non-zero exit status 1
Raw
mon-staging-ansible-2.2.1
====================================================================================================================== FAILURES =======================================================================================================================
___________________________________________________________________________________________________ test_mon_iptables_rules[ansible://mon-staging] ____________________________________________________________________________________________________
[gw0] darwin -- Python 2.7.12 /usr/local/opt/python/bin/python2.7
SystemInfo = <testinfra.modules.base.SystemInfo object at 0x102e0d690>
Command = <command>, Sudo = <sudo>
def test_mon_iptables_rules(SystemInfo, Command, Sudo):
app_ip = securedrop_test_vars.app_ip
# Build a dict of variables to pass to jinja for iptables comparison
kwargs = dict(
app_ip=app_ip,
default_interface = Command.check_output("ip r | head -n 1 | awk '{ print $5 }'"),
tor_user_id = Command.check_output("id -u debian-tor"),
ssh_group_gid = Command.check_output("getent group ssh | cut -d: -f3"),
postfix_user_id = Command.check_output("id -u postfix"),
dns_server = securedrop_test_vars.dns_server)
# Build iptables scrape cmd, purge comments + counters
iptables = "iptables-save | sed 's/ \[[0-9]*\:[0-9]*\]//g' | egrep -v '^#'"
environment = os.environ.get("CI_SD_ENV")
iptables_file = "{}/iptables-mon-{}.j2".format(
os.path.dirname(os.path.abspath(__file__)),
environment)
# template out a local iptables jinja file
> jinja_iptables = Template(open(iptables_file,'r').read())
E IOError: [Errno 2] No such file or directory: '/Users/redshiftzero/Documents/FPFGithub/conor-ossec-reboot/securedrop/testinfra/mon/iptables-mon-None.j2'
testinfra/mon/test_network.py:30: IOError
---------------------------------------------------------------------------------------------------------------- Captured stderr call -----------------------------------------------------------------------------------------------------------------
INFO:testinfra:RUN Ansible(u'shell', "ip r | head -n 1 | awk '{ print $5 }'", {}): {'_ansible_no_log': False,
'_ansible_parsed': True,
u'changed': True,
u'cmd': u"ip r | head -n 1 | awk '{ print $5 }'",
u'delta': u'0:00:00.045255',
u'end': u'2017-05-12 20:35:58.458598',
'invocation': {u'module_args': {u'_raw_params': u"ip r | head -n 1 | awk '{ print $5 }'",
u'_uses_shell': True,
u'chdir': None,
u'creates': None,
u'executable': None,
u'removes': None,
u'warn': True},
'module_name': u'command'},
u'rc': 0,
u'start': u'2017-05-12 20:35:58.413343',
u'stderr': u'',
u'stdout': u'eth0',
'stdout_lines': [u'eth0'],
u'warnings': []}
INFO:testinfra:RUN CommandResult(command="ip r | head -n 1 | awk '{ print $5 }'", exit_status=0, stdout='eth0', stderr=u'')
INFO:testinfra:RUN Ansible(u'shell', 'id -u debian-tor', {}): {'_ansible_no_log': False,
'_ansible_parsed': True,
u'changed': True,
u'cmd': u'id -u debian-tor',
u'delta': u'0:00:00.020328',
u'end': u'2017-05-12 20:35:59.011410',
'invocation': {u'module_args': {u'_raw_params': u'id -u debian-tor',
u'_uses_shell': True,
u'chdir': None,
u'creates': None,
u'executable': None,
u'removes': None,
u'warn': True},
'module_name': u'command'},
u'rc': 0,
u'start': u'2017-05-12 20:35:58.991082',
u'stderr': u'',
u'stdout': u'107',
'stdout_lines': [u'107'],
u'warnings': []}
INFO:testinfra:RUN CommandResult(command='id -u debian-tor', exit_status=0, stdout='107', stderr=u'')
INFO:testinfra:RUN Ansible(u'shell', 'getent group ssh | cut -d: -f3', {}): {'_ansible_no_log': False,
'_ansible_parsed': True,
u'changed': True,
u'cmd': u'getent group ssh | cut -d: -f3',
u'delta': u'0:00:00.021239',
u'end': u'2017-05-12 20:35:59.572331',
'invocation': {u'module_args': {u'_raw_params': u'getent group ssh | cut -d: -f3',
u'_uses_shell': True,
u'chdir': None,
u'creates': None,
u'executable': None,
u'removes': None,
u'warn': True},
'module_name': u'command'},
u'rc': 0,
u'start': u'2017-05-12 20:35:59.551092',
u'stderr': u'',
u'stdout': u'108',
'stdout_lines': [u'108'],
u'warnings': []}
INFO:testinfra:RUN CommandResult(command='getent group ssh | cut -d: -f3', exit_status=0, stdout='108', stderr=u'')
INFO:testinfra:RUN Ansible(u'shell', 'id -u postfix', {}): {'_ansible_no_log': False,
'_ansible_parsed': True,
u'changed': True,
u'cmd': u'id -u postfix',
u'delta': u'0:00:00.013949',
u'end': u'2017-05-12 20:36:00.373319',
'invocation': {u'module_args': {u'_raw_params': u'id -u postfix',
u'_uses_shell': True,
u'chdir': None,
u'creates': None,
u'executable': None,
u'removes': None,
u'warn': True},
'module_name': u'command'},
u'rc': 0,
u'start': u'2017-05-12 20:36:00.359370',
u'stderr': u'',
u'stdout': u'108',
'stdout_lines': [u'108'],
u'warnings': []}
INFO:testinfra:RUN CommandResult(command='id -u postfix', exit_status=0, stdout='108', stderr=u'')
_____________________________________________________________________ test_postfix_settings[ansible://mon-staging-mydestination = $myhostname, localhost.localdomain , localhost] _____________________________________________________________________
[gw0] darwin -- Python 2.7.12 /usr/local/opt/python/bin/python2.7
File = <class 'testinfra.modules.base.GNUFile'>
setting = 'mydestination = $myhostname, localhost.localdomain , localhost'
@pytest.mark.parametrize('setting', [
'relayhost = [smtp.gmail.com]:587',
'smtp_sasl_auth_enable = yes',
'smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd',
'smtp_sasl_security_options = noanonymous',
'smtp_use_tls = yes',
'smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache',
'smtp_tls_security_level = secure',
'smtp_tls_CApath = /etc/ssl/certs',
'smtp_tls_ciphers = high',
'smtp_tls_protocols = TLSv1.2 TLSv1.1 TLSv1 !SSLv3 !SSLv2',
'myhostname = ossec.server',
'myorigin = $myhostname',
'smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)',
'biff = no',
'append_dot_mydomain = no',
'readme_directory = no',
'smtp_header_checks = regexp:/etc/postfix/header_checks',
'mailbox_command = /usr/bin/procmail',
'inet_interfaces = loopback-only',
'alias_maps = hash:/etc/aliases',
'alias_database = hash:/etc/aliases',
'mydestination = $myhostname, localhost.localdomain , localhost',
'mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128',
'mailbox_size_limit = 0',
'recipient_delimiter = +',
])
def test_postfix_settings(File, setting):
"""
Check all postfix configuration lines. There are technically multiple
configuration paths regarding the TLS settings, particularly the
fingerprint verification logic, but only the base default config is tested
currently.
"""
f = File("/etc/postfix/main.cf")
assert f.is_file
assert f.user == 'root'
> assert oct(f.mode) == "0644"
testinfra/mon/test_ossec.py:79:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python2.7/site-packages/testinfra/modules/file.py:208: in mode
return int(self.check_output("stat -c %%a %s", self.path), 8)
/usr/local/lib/python2.7/site-packages/testinfra/host.py:55: in run
return self.backend.run(command, *args, **kwargs)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <testinfra.backend.ansible.AnsibleBackend object at 0x102ba5d90>
command = 'stat -c %a /etc/postfix/main.cf', args = ('/etc/postfix/main.cf',)
kwargs = {}
out = {'exception': 'Traceback (most recent call last):
File "/usr/local/lib/python2.7/site-packages/ansible/executor/task...: [Errno 24] Too many open files
', 'failed': True, 'msg': 'Unexpected failure during module execution.', 'stdout': ''}
stdout_bytes = ''
def run(self, command, *args, **kwargs):
command = self.get_command(command, *args)
out = self.run_ansible("shell", module_args=command)
# Ansible may return bytes as an unicode object...
# A simple test case is:
# >>> assert File("/bin/true").content == open("/bin/true").read()
try:
stdout_bytes = b"".join((chr(ord(c)) for c in out['stdout']))
except ValueError:
stdout_bytes = None
try:
> stderr_bytes = b"".join((chr(ord(c)) for c in out['stderr']))
E KeyError: u'stderr'
/usr/local/lib/python2.7/site-packages/testinfra/backend/ansible.py:55: KeyError
---------------------------------------------------------------------------------------------------------------- Captured stderr call -----------------------------------------------------------------------------------------------------------------
INFO:testinfra:RUN Ansible(u'shell', u'test -f /etc/postfix/main.cf', {}): {'_ansible_no_log': False,
'_ansible_parsed': True,
u'changed': True,
u'cmd': u'test -f /etc/postfix/main.cf',
u'delta': u'0:00:00.028580',
u'end': u'2017-05-12 20:36:43.928436',
'invocation': {u'module_args': {u'_raw_params': u'test -f /etc/postfix/main.cf',
u'_uses_shell': True,
u'chdir': None,
u'creates': None,
u'executable': None,
u'removes': None,
u'warn': True},
'module_name': u'command'},
u'rc': 0,
u'start': u'2017-05-12 20:36:43.899856',
u'stderr': u'',
u'stdout': u'',
'stdout_lines': [],
u'warnings': []}
INFO:testinfra:RUN CommandResult(command=u'test -f /etc/postfix/main.cf', exit_status=0, stdout=u'', stderr=u'')
INFO:testinfra:RUN Ansible(u'shell', u'stat -c %U /etc/postfix/main.cf', {}): {'_ansible_no_log': False,
'_ansible_parsed': True,
u'changed': True,
u'cmd': u'stat -c %U /etc/postfix/main.cf',
u'delta': u'0:00:00.028372',
u'end': u'2017-05-12 20:36:44.727562',
'invocation': {u'module_args': {u'_raw_params': u'stat -c %U /etc/postfix/main.cf',
u'_uses_shell': True,
u'chdir': None,
u'creates': None,
u'executable': None,
u'removes': None,
u'warn': True},
'module_name': u'command'},
u'rc': 0,
u'start': u'2017-05-12 20:36:44.699190',
u'stderr': u'',
u'stdout': u'root',
'stdout_lines': [u'root'],
u'warnings': []}
INFO:testinfra:RUN CommandResult(command=u'stat -c %U /etc/postfix/main.cf', exit_status=0, stdout='root', stderr=u'')
INFO:testinfra:RUN Ansible(u'shell', u'stat -c %a /etc/postfix/main.cf', {}): {'exception': u'Traceback (most recent call last):\n File "/usr/local/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 126, in run\n res = self._execute()\n File "/usr/local/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 502, in _execute\n result = self._handler.run(task_vars=variables)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/action/normal.py", line 33, in run\n results = merge_hash(results, self._execute_module(tmp=tmp, task_vars=task_vars))\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/action/__init__.py", line 650, in _execute_module\n res = self._low_level_execute_command(cmd, sudoable=sudoable, in_data=in_data)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/action/__init__.py", line 774, in _low_level_execute_command\n rc, stdout, stderr = self._connection.exec_command(cmd, in_data=in_data, sudoable=sudoable)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/connection/ssh.py", line 674, in exec_command\n return_tuple = self._exec_command(*args, **kwargs)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/connection/ssh.py", line 599, in _exec_command\n (returncode, stdout, stderr) = self._run(cmd, in_data, sudoable=sudoable)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/connection/ssh.py", line 359, in _run\n p = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)\n File "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 711, in __init__\n errread, errwrite)\n File "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 1227, in _execute_child\n errpipe_read, errpipe_write = self.pipe_cloexec()\n File "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 1179, in pipe_cloexec\n r, w = os.pipe()\nOSError: [Errno 24] Too many open files\n',
'failed': True,
'msg': 'Unexpected failure during module execution.',
'stdout': ''}
________________________________________________________________________________________ test_postfix_settings[ansible://mon-staging-append_dot_mydomain = no] ________________________________________________________________________________________
[gw2] darwin -- Python 2.7.12 /usr/local/opt/python/bin/python2.7
File = <class 'testinfra.modules.base.GNUFile'>
setting = 'append_dot_mydomain = no'
@pytest.mark.parametrize('setting', [
'relayhost = [smtp.gmail.com]:587',
'smtp_sasl_auth_enable = yes',
'smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd',
'smtp_sasl_security_options = noanonymous',
'smtp_use_tls = yes',
'smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache',
'smtp_tls_security_level = secure',
'smtp_tls_CApath = /etc/ssl/certs',
'smtp_tls_ciphers = high',
'smtp_tls_protocols = TLSv1.2 TLSv1.1 TLSv1 !SSLv3 !SSLv2',
'myhostname = ossec.server',
'myorigin = $myhostname',
'smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)',
'biff = no',
'append_dot_mydomain = no',
'readme_directory = no',
'smtp_header_checks = regexp:/etc/postfix/header_checks',
'mailbox_command = /usr/bin/procmail',
'inet_interfaces = loopback-only',
'alias_maps = hash:/etc/aliases',
'alias_database = hash:/etc/aliases',
'mydestination = $myhostname, localhost.localdomain , localhost',
'mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128',
'mailbox_size_limit = 0',
'recipient_delimiter = +',
])
def test_postfix_settings(File, setting):
"""
Check all postfix configuration lines. There are technically multiple
configuration paths regarding the TLS settings, particularly the
fingerprint verification logic, but only the base default config is tested
currently.
"""
f = File("/etc/postfix/main.cf")
> assert f.is_file
testinfra/mon/test_ossec.py:77:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python2.7/site-packages/testinfra/modules/file.py:42: in is_file
return self.run_test("test -f %s", self.path).rc == 0
/usr/local/lib/python2.7/site-packages/testinfra/host.py:74: in run_test
return self.run_expect([0, 1], command, *args, **kwargs)
/usr/local/lib/python2.7/site-packages/testinfra/host.py:55: in run
return self.backend.run(command, *args, **kwargs)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <testinfra.backend.ansible.AnsibleBackend object at 0x1032badd0>
command = 'test -f /etc/postfix/main.cf', args = ('/etc/postfix/main.cf',)
kwargs = {}
out = {'exception': 'Traceback (most recent call last):
File "/usr/local/lib/python2.7/site-packages/ansible/executor/task...: [Errno 24] Too many open files
', 'failed': True, 'msg': 'Unexpected failure during module execution.', 'stdout': ''}
stdout_bytes = ''
def run(self, command, *args, **kwargs):
command = self.get_command(command, *args)
out = self.run_ansible("shell", module_args=command)
# Ansible may return bytes as an unicode object...
# A simple test case is:
# >>> assert File("/bin/true").content == open("/bin/true").read()
try:
stdout_bytes = b"".join((chr(ord(c)) for c in out['stdout']))
except ValueError:
stdout_bytes = None
try:
> stderr_bytes = b"".join((chr(ord(c)) for c in out['stderr']))
E KeyError: u'stderr'
/usr/local/lib/python2.7/site-packages/testinfra/backend/ansible.py:55: KeyError
---------------------------------------------------------------------------------------------------------------- Captured stderr call -----------------------------------------------------------------------------------------------------------------
INFO:testinfra:RUN Ansible(u'shell', u'test -f /etc/postfix/main.cf', {}): {'exception': u'Traceback (most recent call last):\n File "/usr/local/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 126, in run\n res = self._execute()\n File "/usr/local/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 502, in _execute\n result = self._handler.run(task_vars=variables)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/action/normal.py", line 33, in run\n results = merge_hash(results, self._execute_module(tmp=tmp, task_vars=task_vars))\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/action/__init__.py", line 650, in _execute_module\n res = self._low_level_execute_command(cmd, sudoable=sudoable, in_data=in_data)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/action/__init__.py", line 774, in _low_level_execute_command\n rc, stdout, stderr = self._connection.exec_command(cmd, in_data=in_data, sudoable=sudoable)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/connection/ssh.py", line 674, in exec_command\n return_tuple = self._exec_command(*args, **kwargs)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/connection/ssh.py", line 599, in _exec_command\n (returncode, stdout, stderr) = self._run(cmd, in_data, sudoable=sudoable)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/connection/ssh.py", line 359, in _run\n p = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)\n File "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 711, in __init__\n errread, errwrite)\n File "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 1227, in _execute_child\n errpipe_read, errpipe_write = self.pipe_cloexec()\n File "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 1179, in pipe_cloexec\n r, w = os.pipe()\nOSError: [Errno 24] Too many open files\n',
'failed': True,
'msg': 'Unexpected failure during module execution.',
'stdout': ''}
_____________________________________________________________________________________ test_grsecurity_paxtest[ansible://mon-staging-Return to function (memcpy)] ______________________________________________________________________________________
[gw0] darwin -- Python 2.7.12 /usr/local/opt/python/bin/python2.7
Command = <command>, Sudo = <sudo>
paxtest_check = 'Return to function (memcpy)'
@pytest.mark.skipif(os.environ.get('FPF_GRSEC','true') == "false",
reason="Need to skip in environment w/o grsec")
@pytest.mark.parametrize('paxtest_check', [
"Executable anonymous mapping",
"Executable bss",
"Executable data",
"Executable heap",
"Executable stack",
"Executable shared library bss",
"Executable shared library data",
"Executable anonymous mapping (mprotect)",
"Executable bss (mprotect)",
"Executable data (mprotect)",
"Executable heap (mprotect)",
"Executable stack (mprotect)",
"Executable shared library bss (mprotect)",
"Executable shared library data (mprotect)",
"Writable text segments",
"Return to function (memcpy)",
"Return to function (memcpy, PIE)",
])
def test_grsecurity_paxtest(Command, Sudo, paxtest_check):
"""
Check that paxtest does not report anything vulnerable
Requires the package paxtest to be installed.
The paxtest package is currently being installed in the app-test role.
"""
> if Command.exists("/usr/bin/paxtest"):
testinfra/common/test_grsecurity.py:123:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python2.7/site-packages/testinfra/modules/command.py:25: in exists
return self._host.exists(command)
/usr/local/lib/python2.7/site-packages/testinfra/host.py:30: in exists
return self.run_expect([0, 1, 127], "command -v %s", command).rc == 0
/usr/local/lib/python2.7/site-packages/testinfra/host.py:55: in run
return self.backend.run(command, *args, **kwargs)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <testinfra.backend.ansible.AnsibleBackend object at 0x102ba5d90>
command = 'command -v /usr/bin/paxtest', args = ('/usr/bin/paxtest',)
kwargs = {}
out = {'exception': 'Traceback (most recent call last):
File "/usr/local/lib/python2.7/site-packages/ansible/executor/task...: [Errno 24] Too many open files
', 'failed': True, 'msg': 'Unexpected failure during module execution.', 'stdout': ''}
stdout_bytes = ''
def run(self, command, *args, **kwargs):
command = self.get_command(command, *args)
out = self.run_ansible("shell", module_args=command)
# Ansible may return bytes as an unicode object...
# A simple test case is:
# >>> assert File("/bin/true").content == open("/bin/true").read()
try:
stdout_bytes = b"".join((chr(ord(c)) for c in out['stdout']))
except ValueError:
stdout_bytes = None
try:
> stderr_bytes = b"".join((chr(ord(c)) for c in out['stderr']))
E KeyError: u'stderr'
/usr/local/lib/python2.7/site-packages/testinfra/backend/ansible.py:55: KeyError
---------------------------------------------------------------------------------------------------------------- Captured stderr call -----------------------------------------------------------------------------------------------------------------
INFO:testinfra:RUN Ansible(u'shell', u'command -v /usr/bin/paxtest', {}): {'exception': u'Traceback (most recent call last):\n File "/usr/local/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 126, in run\n res = self._execute()\n File "/usr/local/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 502, in _execute\n result = self._handler.run(task_vars=variables)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/action/normal.py", line 33, in run\n results = merge_hash(results, self._execute_module(tmp=tmp, task_vars=task_vars))\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/action/__init__.py", line 650, in _execute_module\n res = self._low_level_execute_command(cmd, sudoable=sudoable, in_data=in_data)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/action/__init__.py", line 774, in _low_level_execute_command\n rc, stdout, stderr = self._connection.exec_command(cmd, in_data=in_data, sudoable=sudoable)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/connection/ssh.py", line 674, in exec_command\n return_tuple = self._exec_command(*args, **kwargs)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/connection/ssh.py", line 599, in _exec_command\n (returncode, stdout, stderr) = self._run(cmd, in_data, sudoable=sudoable)\n File "/usr/local/lib/python2.7/site-packages/ansible/plugins/connection/ssh.py", line 359, in _run\n p = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)\n File "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 711, in __init__\n errread, errwrite)\n File "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 1227, in _execute_child\n errpipe_read, errpipe_write = self.pipe_cloexec()\n File "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 1179, in pipe_cloexec\n r, w = os.pipe()\nOSError: [Errno 24] Too many open files\n',
'failed': True,
'msg': 'Unexpected failure during module execution.',
'stdout': ''}
=============================================================================================================== pytest-warning summary ================================================================================================================
WP1 None Module already imported so can not be re-written: testinfra
Raw
mon-staging-ansible-2.2.2
======================================================================================================================= ERRORS ========================================================================================================================
___________________________________________________________________________________________________ ERROR collecting testinfra/mon/test_network.py ____________________________________________________________________________________________________
/usr/local/lib/python2.7/site-packages/testinfra/plugin.py:136: in pytest_generate_tests
ansible_inventory=metafunc.config.option.ansible_inventory,
/usr/local/lib/python2.7/site-packages/testinfra/host.py:125: in get_hosts
for backend in testinfra.backend.get_backends(hosts, **kwargs):
/usr/local/lib/python2.7/site-packages/testinfra/backend/__init__.py:84: in get_backends
for name in klass.get_hosts(host, **kw):
/usr/local/lib/python2.7/site-packages/testinfra/backend/ansible.py:82: in get_hosts
return AnsibleRunner(kwargs.get("ansible_inventory")).get_hosts(host)
/usr/local/lib/python2.7/site-packages/testinfra/utils/ansible_runner.py:165: in __init__
host_list=host_list or self.cli.options.inventory,
/usr/local/lib/python2.7/site-packages/ansible/inventory/__init__.py:97: in __init__
self.parse_inventory(host_list)
/usr/local/lib/python2.7/site-packages/ansible/inventory/__init__.py:181: in parse_inventory
host.remove_group(ungrouped)
E AttributeError: 'Host' object has no attribute 'remove_group'
=============================================================================================================== pytest-warning summary ================================================================================================================
WP1 None Module already imported so can not be re-written: testinfra
=============================================================================================== 148 skipped, 1 pytest-warnings, 1 error in 3.39 seconds ===============================================================================================
Traceback (most recent call last):
File "./testinfra/test.py", line 129, in <module>
run_testinfra(target_host)
File "./testinfra/test.py", line 126, in run_testinfra
subprocess.check_call(testinfra_command)
File "/usr/local/Cellar/python/2.7.12/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 541, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['testinfra', '-vv', '-n', 'auto', '--connection', 'ansible', '--ansible-inventory', '.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory', '--hosts', 'mon-staging', 'testinfra/mon', 'testinfra/common']' returned non-zero exit status 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment