Quality Criteria Verification Report ==================================== Product: keystone-voms Release: ifca.keystone-voms.centos7.x86_64-9.0.3 Software Provider: IFCA RT Ticket: 12034 Provider contact: aloga@ifca.unican.es Verifier: Pablo Orviz Hours worked: 20min Date: 15/10/2016 Status: Accepted Summary ======= Fully automated verification (deployment+testing), using: - umd-verification: https://github.com/egi-qc/umd-verification + Puppet manifest: https://github.com/egi-qc/umd-verification/blob/master/etc/puppet/keystone_voms.pp + External Puppet modules: puppet-keystone (modified version): https://github.com/egi-qc/puppet-keystone (branch 'umd_stable_liberty') Related tickets =============== None. Documentation Criteria ====================== * Release notes: https://keystone-voms.readthedocs.io/en/stable-mitaka/ * User Documentation: https://keystone-voms.readthedocs.io/en/stable-mitaka/ * API Documentation: https://keystone-voms.readthedocs.io/en/stable-mitaka/ * Admin Documentation: https://keystone-voms.readthedocs.io/en/stable-mitaka/ * Software License: Apache 2.0 Generic Criteria ================ (Possible Statuses: OK, WARN, FAIL, NA (Not Applicable) or NT (Not Tested)) * Binary Distribution: OK * Upgrade: NT * X.509 Certificate support: OK * SHA-2 Certificates Support: OK * RFC Proxy support: OK * ARGUS Integration: NA * World Writable Files: OK * Passwords in world readable files: OK * GlueSchema 1.3 Support: NA * GlueSchema 2.0 Support: NA * Middleware Version Information: NA * Service Probes: OK * Accounting Records: NA * Bug Tracking System: OK Verification Logs ================= # fab keystone-voms-mitaka:umd_release=4,repository_file=http://repository.egi.eu/community/software/keystone.voms/stable-mitaka/releases/repofiles/centos-7-x86_64.repo [INFO] Using UMD 4 release repository [INFO] Using UMD verification repository file: ['http://repository.egi.eu/community/software/keystone.voms/stable-mitaka/releases/repofiles/centos-7-x86_64.repo'] [WARN] No installation type provided: performing installation. [INFO] Metapackage/s selected: + python-keystone-voms-9.0.3* UMD verification tool ===================== Quality criteria: http://egi-qc.github.io Codebase: https://github.com/egi-qc/umd-verification Path locations | | log_path /var/tmp/umd-verification | yaim_path etc/yaim | puppet_path etc/puppet Production repositories | | umd_release_pkg http://repository.egi.eu/sw/production/umd/4/centos7/x86_64/base/umd-release-4.0.0-1.el7.noarch.rpm | igtf_repo http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo | epel_release http://mirror.uv.es/mirror/fedora-epel//epel-release-latest-7.noarch.rpm [INFO] Using the following repository files + http://repository.egi.eu/community/software/keystone.voms/stable-mitaka/releases/repofiles/centos-7-x86_64.repo [localhost] local: sudo -E wget http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo -O /etc/yum.repos.d/EGI-trustanchors.repo [INFO] Repository 'http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo' added [localhost] local: sudo -E yum clean all [localhost] local: sudo -E yum -y makecache fast [localhost] local: sudo -E yum -y install ca-policy-egi-core [INFO] Generating own certificates [localhost] local: sudo -E mkdir -p /root/UMDVerificationOwnCA [localhost] local: sudo -E openssl req -x509 -nodes -days 1 -newkey rsa:2048 -out ca.pem -outform PEM -keyout ca.key -subj '/DC=es/DC=UMDverification/CN=UMDVerificationOwnCA' [localhost] local: sudo -E openssl x509 -noout -hash -in ca.pem [localhost] local: sudo -E cp ca.pem /etc/grid-security/certificates/0d2a3bdd.0 [localhost] local: sudo -E echo "01" > crlnumber [localhost] local: sudo -E touch index.txt [localhost] local: sudo -E openssl ca -config openssl.cnf -gencrl -keyfile ca.key -cert ca.pem -out crl.pem [localhost] local: sudo -E cp crl.pem /etc/grid-security/certificates/0d2a3bdd.r0 [localhost] local: sudo -E openssl req -newkey rsa:2048 -nodes -sha1 -keyout cert.key -keyform PEM -out cert.req -outform PEM -subj '/DC=es/DC=UMDverification/CN=keystone-centos.privatevlan.cloud.ifca.es' -config openssl.cnf [localhost] local: sudo -E openssl x509 -req -in cert.req -CA ca.pem -CAkey ca.key -CAcreateserial -extensions v3_req -extfile openssl.cnf -out cert.crt -days 1 [localhost] local: sudo -E chmod 600 cert.key [localhost] local: sudo -E cp cert.key /etc/grid-security/hostkey.pem [INFO] Private key stored in '/etc/grid-security/hostkey.pem' (with 600 perms). [localhost] local: sudo -E cp cert.crt /etc/grid-security/hostcert.pem [INFO] Public key stored in '/etc/grid-security/hostcert.pem'. [localhost] local: sudo -E yum -y install centos-release-openstack-mitaka [[QC_DIST_1: Binary Distribution]] [localhost] local: sudo -E yum -y remove umd-release* [localhost] local: sudo -E /bin/rm -f /etc/yum.repos.d//UMD-* [localhost] local: sudo -E rpm --import http://repository.egi.eu/sw/production/umd/UMD-RPM-PGP-KEY [INFO] Repository key added: http://repository.egi.eu/sw/production/umd/UMD-RPM-PGP-KEY [localhost] local: sudo -E wget http://repository.egi.eu/sw/production/umd/4/centos7/x86_64/base/umd-release-4.0.0-1.el7.noarch.rpm -O /tmp/umd-release-4.0.0-1.el7.noarch.rpm [INFO] Log directory '/var/tmp/umd-verification' has been created. [INFO] UMD release package fetched from http://repository.egi.eu/sw/production/umd/4/centos7/x86_64/base/umd-release-4.0.0-1.el7.noarch.rpm [localhost] local: sudo -E yum -y install /tmp/umd-release-4.0.0-1.el7.noarch.rpm [INFO] UMD release package installed. [INFO] Repository files found: adding [localhost] local: sudo -E wget http://repository.egi.eu/community/software/keystone.voms/stable-mitaka/releases/repofiles/centos-7-x86_64.repo -O /etc/yum.repos.d/centos-7-x86_64.repo [INFO] Repository file downloaded to /etc/yum.repos.d/centos-7-x86_64.repo [localhost] local: sudo -E yum clean all [localhost] local: sudo -E yum -y makecache fast [localhost] local: sudo -E yum repolist [INFO] Using repositories: ['EGI-trustanchors', 'UMD-4-base/x86_64', 'UMD-4-updates/x86_64', 'base/7/x86_64', 'centos-ceph-jewel/7/x86_64', 'centos-openstack-mitaka/x86_64 CentOS-7 - OpenStack mitaka', 'centos-qemu-ev/7/x86_64', 'epel/x86_64', 'extras/7/x86_64', 'keystone.voms-centos-7-x86_64', 'updates/7/x86_64'] [localhost] local: sudo -E yum -y install python-keystone-voms-9.0.3* [localhost] local: sudo -E yum -q list python-routes python-retrying python2-fasteners python-kombu python-sqlparse python2-oslo-service python-monotonic python-jinja2 python2-oslo-serialization python-migrate python-cachetools python-futures python2-oslo-middleware python2-oslo-config python-editor python-repoze-lru python2-pyasn1 python-fixtures python-pycadf python-testtools python-anyjson python2-funcsigs python-keystone-voms python2-oslo-policy python-markupsafe python2-pika_pool python-netaddr pyOpenSSL python-requests python-idna python2-PyMySQL python-paste python2-crypto python2-greenlet python2-oslo-utils python2-oslo-i18n MySQL-python python-repoze-who python-extras python-enum34 python2-cryptography python2-msgpack libtomcrypt python2-traceback2 python2-passlib python2-eventlet python-urllib3 python-mimeparse libtommath python2-pysocks python-dogpile-core python2-positional python-pysaml2 python-linecache2 python2-oslo-messaging python2-babel python2-oslo-log python2-oslo-db python-webob PyPAM python2-oslo-concurrency python2-oslo-cache python-oauthlib python-ply python-contextlib2 python-dogpile-cache python-inotify openstack-keystone python-dateutil python-keystone python-paste-deploy python2-keystoneauth1 python-alembic python-mako python-beaker python-wrapt python-unittest2 python-ipaddress python-amqp python-pbr python-six python-netifaces python-pycparser python-tempita python2-iso8601 python-jsonschema python2-debtcollector python-keystoneclient python2-cffi python2-pika python-ldappool python-keyring python-stevedore python-sqlalchemy python-posix_ipc python-keystonemiddleware python2-futurist python-zope-interface python2-oslo-context pytz python-memcached [OK] Installation ended successfully. [INFO] Running configuration [localhost] local: sudo -E cp /etc/grid-security/certificates/0d2a3bdd.0 /etc/pki/ca-trust/source/anchors/0d2a3bdd.crt [localhost] local: sudo -E echo '0d2a3bdd.crt' >> /etc/ca-certificates.conf [localhost] local: sudo -E update-ca-trust [INFO] CA '/etc/grid-security/certificates/0d2a3bdd.0' added to system's trust DB [localhost] local: sudo -E ln -s -f /etc/centos-release /etc/redhat-release [localhost] local: sudo -E yum -y install openstack-selinux [localhost] local: sudo -E yum -y install puppet [localhost] local: sudo -E facter -p puppetversion [localhost] local: sudo -E puppet module install openstack/openstacklib --force [localhost] local: sudo -E puppet module install puppetlabs/inifile --force [localhost] local: sudo -E puppet module install puppetlabs-mysql --force [localhost] local: sudo -E puppet module install puppetlabs/apache --force [localhost] local: sudo -E puppet module install puppetlabs-stdlib --force [localhost] local: sudo -E puppet module install puppetlabs/concat --force [localhost] local: sudo -E puppet module install lcgdm-voms --force [localhost] local: sudo -E wget https://github.com/egi-qc/puppet-keystone/archive/umd_stable_mitaka.tar.gz -O /tmp/umd_stable_mitaka.tar.gz [localhost] local: sudo -E puppet module install /tmp/umd_stable_mitaka.tar.gz --force [localhost] local: sudo -E mkdir /etc/puppet/hieradata [localhost] local: sudo -E cp etc/puppet/voms.yaml /etc/puppet/hieradata/ [localhost] local: sudo -E puppet config print modulepath [localhost] local: sudo -E puppet apply --modulepath /etc/puppet/modules:/usr/share/puppet/modules etc/puppet/keystone_voms.pp --detail-exitcodes [FAIL] Command execution has failed (reason: "Warning: Scope(Class[Keystone]): Keystone under Eventlet has been deprecated during the Kilo cycle. Support for deploying under eventlet will be dropped as of the M-release of OpenStack.") (action: no exit) (log: ['qc_conf.stdout', 'qc_conf.stderr']) [INFO] Puppet execution ended successfully (some warnings though, check logs) [[QC_SEC_2: SHA-2 Certificates Support]] [[QC_SEC_5: World Writable Files]] [localhost] local: sudo -E find / -not \( -path "/proc" -prune \) -not \( -path "/sys" -prune \) -type f -perm -002 -exec ls -l {} \; [OK] Found no world-writable file. [[QC_INFO_1: GlueSchema 1.3 Support]] [NA] Product does not publish information through BDII. [[QC_INFO_2: GlueSchema 2.0 Support]] [NA] Product does not publish information through BDII. [[QC_INFO_3: Middleware Version Information]] [NA] Product does not publish information through BDII. [[QC_MON_1: Service Probes]] [NA] Product cannot be tested by Nagios. [localhost] local: sudo -E yum -y install voms-clients myproxy [localhost] local: sudo -E pip install voms-auth-system-openstack [localhost] local: sudo -E openssl req -newkey rsa:2048 -nodes -sha1 -keyout cert.key -keyform PEM -out cert.req -outform PEM -subj '/DC=es/DC=UMDverification/CN=perico-palotes' -config openssl.cnf [localhost] local: sudo -E openssl x509 -req -in cert.req -CA ca.pem -CAkey ca.key -CAcreateserial -extensions v3_req -extfile openssl.cnf -out cert.crt -days 1 [localhost] local: sudo -E chmod 600 cert.key [localhost] local: sudo -E cp cert.key /tmp/userkey.crt [INFO] Private key stored in '/tmp/userkey.crt' (with 600 perms). [localhost] local: sudo -E cp cert.crt /tmp/usercert.crt [INFO] Public key stored in '/tmp/usercert.crt'. [localhost] local: sudo -E voms-proxy-fake -rfc -cert /tmp/usercert.crt -key /tmp/userkey.crt -hours 44000 -voms dteam -hostcert /etc/grid-security/hostcert.pem -hostkey /etc/grid-security/hostkey.pem -fqan /dteam/Role=NULL/Capability=NULL -uri keystone-centos.privatevlan.cloud.ifca.es:15000 -out /tmp/umd_proxy [INFO] Fake proxy created under '/tmp/umd_proxy' [[QC_FUNC_1: Basic Funcionality Test.]] [INFO] Probe 'Requesting a token using a valid VOMS proxy.' [localhost] local: sudo -E ./bin/keystone-voms/client-test.py VO:dteam --proxy-path /tmp/umd_proxy 2>&1 [INFO] Command './bin/keystone-voms/client-test.py VO:dteam --proxy-path /tmp/umd_proxy' ran successfully [OK] Basic functionality probes ran successfully. [[QC_FUNC_2: New features/bug fixes testing.]] [NA] No definition found for QC_FUNC_2.