| Ievgeniia Zadorozhna | 1bccf00 | 2019-11-14 18:47:36 +0300 | [diff] [blame] | 1 | import copy |
| 2 | import json |
| 3 | |
| 4 | import pytest |
| 5 | |
| 6 | |
| 7 | @pytest.mark.smoke |
| 8 | @pytest.mark.usefixtures('check_openstack') |
| 9 | def test_fernet_token_consistency(local_salt_client): |
| 10 | """ |
| 11 | The test checks that /var/lib/keystone/fernet-keys/ directory at ctl*: |
| 12 | * has the same files and same number of files; |
| 13 | * all same files on different ctl* nodes have the same MD5 sum. |
| 14 | |
| 15 | When fernet token rotation is not equal on all ctl* nodes and these files |
| 16 | are not consistent, the OpenStack API works unexpectedly and responds with |
| 17 | random 500 HTTP errors for random requests. |
| 18 | """ |
| 19 | fernet_keys_files = local_salt_client.cmd( |
| 20 | tgt='keystone:server', |
| 21 | param='ls -1 /var/lib/keystone/fernet-keys/', |
| 22 | expr_form='pillar') |
| 23 | for k in fernet_keys_files: |
| 24 | fernet_keys_files[k] = fernet_keys_files[k].replace('\n', ', ') |
| 25 | assert len(set(fernet_keys_files.values())) == 1, ( |
| 26 | "Fernet keys files are not equal on all nodes, please check " |
| 27 | "/var/lib/keystone/fernet-keys/ at all ctl* nodes: {}".format( |
| 28 | json.dumps(fernet_keys_files, indent=4))) |
| 29 | |
| 30 | md5sums = local_salt_client.cmd( |
| 31 | tgt='keystone:server', |
| 32 | param='md5sum /var/lib/keystone/fernet-keys/*', |
| 33 | expr_form='pillar') |
| 34 | md5sums_print = copy.deepcopy(md5sums) |
| 35 | for k in md5sums_print: md5sums_print[k] = md5sums_print[k].split('\n') |
| 36 | assert len(set(md5sums.values())) == 1, ( |
| 37 | "Fernet keys files are not consistent - MD5 sums are not equal on " |
| 38 | "all ctl* nodes: {}".format(json.dumps(md5sums_print, indent=4))) |