Quality Criteria Verification Report ==================================== Product: keystone-voms Release: ifca.keystone-voms.ubuntu-trusty.amd64-9.0.3 Software Provider: IFCA RT Ticket: 12043 Provider contact: aloga@ifca.unican.es Verifier: Pablo Orviz Hours worked: 20min Date: 15/10/2016 Status: Accepted Summary ======= Fully automated verification (deployment+testing), using: - umd-verification: https://github.com/egi-qc/umd-verification + Puppet manifest: https://github.com/egi-qc/umd-verification/blob/master/etc/puppet/keystone_voms.pp + External Puppet modules: puppet-keystone (modified version): https://github.com/egi-qc/puppet-keystone (branch 'umd_stable_liberty') Related tickets =============== None. Documentation Criteria ====================== * Release notes: https://keystone-voms.readthedocs.io/en/stable-mitaka/ * User Documentation: https://keystone-voms.readthedocs.io/en/stable-mitaka/ * API Documentation: https://keystone-voms.readthedocs.io/en/stable-mitaka/ * Admin Documentation: https://keystone-voms.readthedocs.io/en/stable-mitaka/ * Software License: Apache 2.0 Generic Criteria ================ (Possible Statuses: OK, WARN, FAIL, NA (Not Applicable) or NT (Not Tested)) * Binary Distribution: OK * Upgrade: NT * X.509 Certificate support: OK * SHA-2 Certificates Support: OK * RFC Proxy support: OK * ARGUS Integration: NA * World Writable Files: OK * Passwords in world readable files: OK * GlueSchema 1.3 Support: NA * GlueSchema 2.0 Support: NA * Middleware Version Information: NA * Service Probes: OK * Accounting Records: NA * Bug Tracking System: OK Verification Logs ================= # fab keystone-voms-mitaka:umd_release=4,repository_file=http://admin-repo.egi.eu/sw/unverified/cmd-os-1.ifca.keystone-voms.ubuntu-trusty.amd64/9/0/3/repofiles/IFCA.keystone-voms.ubuntu-trusty.amd64.list [INFO] Using UMD 4 release repository [INFO] Using UMD verification repository file: ['http://admin-repo.egi.eu/sw/unverified/cmd-os-1.ifca.keystone-voms.ubuntu-trusty.amd64/9/0/3/repofiles/IFCA.keystone-voms.ubuntu-trusty.amd64.list'] [WARN] No installation type provided: performing installation. [INFO] Metapackage/s selected: + python-keystone-voms=9.0.3* UMD verification tool ===================== Quality criteria: http://egi-qc.github.io Codebase: https://github.com/egi-qc/umd-verification Path locations | | log_path /var/tmp/umd-verification | yaim_path etc/yaim | puppet_path etc/puppet Production repositories | | umd_release_pkg | igtf_repo deb http://repository.egi.eu/sw/production/cas/1/current egi-igtf core [INFO] Using the following repository files + http://admin-repo.egi.eu/sw/unverified/cmd-os-1.ifca.keystone-voms.ubuntu-trusty.amd64/9/0/3/repofiles/IFCA.keystone-voms.ubuntu-trusty.amd64.list [localhost] local: sudo -E apt-get -y install software-properties-common [localhost] local: sudo -E apt-add-repository -y 'deb http://repository.egi.eu/sw/production/cas/1/current egi-igtf core' [INFO] Repository 'deb http://repository.egi.eu/sw/production/cas/1/current egi-igtf core' added [localhost] local: sudo -E wget -q https://dist.eugridpma.info/distribution/igtf/current/GPG-KEY-EUGridPMA-RPM-3 -O /tmp/key.key [localhost] local: sudo -E apt-key add /tmp/key.key [INFO] Repository key added: https://dist.eugridpma.info/distribution/igtf/current/GPG-KEY-EUGridPMA-RPM-3 [localhost] local: sudo -E apt-get -y update [localhost] local: sudo -E apt-get -y install ca-policy-egi-core Certificate already exists under '/etc/grid-security'. Do you want to overwrite them? (y/N) y [INFO] Overwriting already existant certificate [INFO] Generating own certificates [localhost] local: sudo -E mkdir -p /root/UMDVerificationOwnCA [localhost] local: sudo -E openssl req -x509 -nodes -days 1 -newkey rsa:2048 -out ca.pem -outform PEM -keyout ca.key -subj '/DC=es/DC=UMDverification/CN=UMDVerificationOwnCA' [localhost] local: sudo -E openssl x509 -noout -hash -in ca.pem [localhost] local: sudo -E cp ca.pem /etc/grid-security/certificates/0d2a3bdd.0 [localhost] local: sudo -E echo "01" > crlnumber [localhost] local: sudo -E touch index.txt [localhost] local: sudo -E openssl ca -config openssl.cnf -gencrl -keyfile ca.key -cert ca.pem -out crl.pem [localhost] local: sudo -E cp crl.pem /etc/grid-security/certificates/0d2a3bdd.r0 [localhost] local: sudo -E openssl req -newkey rsa:2048 -nodes -sha1 -keyout cert.key -keyform PEM -out cert.req -outform PEM -subj '/DC=es/DC=UMDverification/CN=keystone-ubuntu.privatevlan.cloud.ifca.es' -config openssl.cnf [localhost] local: sudo -E openssl x509 -req -in cert.req -CA ca.pem -CAkey ca.key -CAcreateserial -extensions v3_req -extfile openssl.cnf -out cert.crt -days 1 [localhost] local: sudo -E chmod 600 cert.key [localhost] local: sudo -E cp cert.key /etc/grid-security/hostkey.pem [INFO] Private key stored in '/etc/grid-security/hostkey.pem' (with 600 perms). [localhost] local: sudo -E cp cert.crt /etc/grid-security/hostcert.pem [INFO] Public key stored in '/etc/grid-security/hostcert.pem'. [localhost] local: sudo -E apt-get -y install software-properties-common [localhost] local: sudo -E apt-add-repository -y 'cloud-archive:mitaka' [INFO] Repository 'cloud-archive:mitaka' added [[QC_DIST_1: Binary Distribution]] [localhost] local: sudo -E apt-get -y remove umd-release* [FAIL] Command execution has failed (reason: "E: Unable to locate package umd-release* E: Couldn't find any package by regex 'umd-release*'") (action: no exit) [FAIL] Command execution has failed (reason: "E: Unable to locate package umd-release* E: Couldn't find any package by regex 'umd-release*'") (action: no exit) [INFO] Could not delete UMD release packages. [localhost] local: sudo -E /bin/rm -f /etc/apt/sources.list.d//UMD-* [localhost] local: sudo -E wget -q http://repository.egi.eu/sw/production/umd/UMD-DEB-PGP-KEY -O /tmp/key.key [localhost] local: sudo -E apt-key add /tmp/key.key [INFO] Repository key added: http://repository.egi.eu/sw/production/umd/UMD-DEB-PGP-KEY [INFO] Repository files found: adding [localhost] local: sudo -E wget http://admin-repo.egi.eu/sw/unverified/cmd-os-1.ifca.keystone-voms.ubuntu-trusty.amd64/9/0/3/repofiles/IFCA.keystone-voms.ubuntu-trusty.amd64.list -O /etc/apt/sources.list.d/IFCA.keystone-voms.ubuntu-trusty.amd64.list [INFO] Log directory '/var/tmp/umd-verification' has been created. [INFO] Repository file downloaded to /etc/apt/sources.list.d/IFCA.keystone-voms.ubuntu-trusty.amd64.list [localhost] local: sudo -E apt-get -y update [localhost] local: sudo -E grep -h ^deb /etc/apt/sources.list /etc/apt/sources.list.d/* [INFO] Using repositories: ['deb http://nova.clouds.archive.ubuntu.com/ubuntu/ trusty main', 'deb-src http://nova.clouds.archive.ubuntu.com/ubuntu/ trusty main', 'deb http://nova.clouds.archive.ubuntu.com/ubuntu/ trusty-updates main', 'deb-src http://nova.clouds.archive.ubuntu.com/ubuntu/ trusty-updates main', 'deb http://nova.clouds.archive.ubuntu.com/ubuntu/ trusty universe', 'deb-src http://nova.clouds.archive.ubuntu.com/ubuntu/ trusty universe', 'deb http://nova.clouds.archive.ubuntu.com/ubuntu/ trusty-updates universe', 'deb-src http://nova.clouds.archive.ubuntu.com/ubuntu/ trusty-updates universe', 'deb http://security.ubuntu.com/ubuntu trusty-security main', 'deb-src http://security.ubuntu.com/ubuntu trusty-security main', 'deb http://security.ubuntu.com/ubuntu trusty-security universe', 'deb-src http://security.ubuntu.com/ubuntu trusty-security universe', 'deb http://repository.egi.eu/sw/production/cas/1/current egi-igtf core', 'deb http://admin-repo.egi.eu/sw/unverified/cmd-os-1.ifca.keystone-voms.ubuntu-trusty.amd64/9/0/3/ ./', 'deb http://ubuntu-cloud.archive.canonical.com/ubuntu trusty-updates/mitaka main', 'deb http://ubuntu-cloud.archive.canonical.com/ubuntu trusty-updates/mitaka main', 'deb http://repository.egi.eu/community/software/keystone.voms/stable-mitaka/releases/ubuntu trusty main', 'deb http://repository.egi.eu/community/software/keystone.voms/stable-mitaka/releases/ubuntu trusty main'] [localhost] local: sudo -E apt-get -y install python-keystone-voms=9.0.3* [localhost] local: sudo -E dpkg-query -W python-keystone-voms [OK] Installation ended successfully. [INFO] Running configuration [localhost] local: sudo -E cp /etc/grid-security/certificates/0d2a3bdd.0 /usr/share/ca-certificates/0d2a3bdd.crt [localhost] local: sudo -E echo '0d2a3bdd.crt' >> /etc/ca-certificates.conf [localhost] local: sudo -E update-ca-certificates [INFO] CA '/etc/grid-security/certificates/0d2a3bdd.0' added to system's trust DB [localhost] local: sudo -E pip install mock==1.0.1 [localhost] local: sudo -E apt-get -y install puppet [localhost] local: sudo -E facter -p puppetversion [localhost] local: sudo -E puppet module install openstack/openstacklib --force [localhost] local: sudo -E puppet module install puppetlabs/inifile --force [localhost] local: sudo -E puppet module install puppetlabs-mysql --force [localhost] local: sudo -E puppet module install puppetlabs/apache --force [localhost] local: sudo -E puppet module install puppetlabs-stdlib --force [localhost] local: sudo -E puppet module install puppetlabs/concat --force [localhost] local: sudo -E puppet module install lcgdm-voms --force [localhost] local: sudo -E wget https://github.com/egi-qc/puppet-keystone/archive/umd_stable_mitaka.tar.gz -O /tmp/umd_stable_mitaka.tar.gz [localhost] local: sudo -E puppet module install /tmp/umd_stable_mitaka.tar.gz --force [FAIL] Command execution has failed (reason: "Error: Could not parse filename to obtain the username, module name and version. () Error: Try 'puppet help module install' for usage") (action: no exit) [localhost] local: sudo -E tar tzf /tmp/umd_stable_mitaka.tar.gz | sed -e 's@/.*@@' | uniq [localhost] local: sudo -E tar xvfz /tmp/umd_stable_mitaka.tar.gz -C /etc/puppet/modules [localhost] local: sudo -E rm -rf /etc/puppet/modules/keystone [localhost] local: sudo -E mv /etc/puppet/modules/puppet-keystone-umd_stable_mitaka /etc/puppet/modules/keystone [localhost] local: sudo -E cp etc/puppet/voms.yaml /etc/puppet/hieradata/ [localhost] local: sudo -E puppet config print modulepath [localhost] local: sudo -E puppet apply --modulepath /etc/puppet/modules:/usr/share/puppet/modules etc/puppet/keystone_voms.pp --detail-exitcodes [FAIL] Command execution has failed (reason: "Warning: Scope(Class[Keystone]): Keystone under Eventlet has been deprecated during the Kilo cycle. Support for deploying under eventlet will be dropped as of the M-release of OpenStack.") (action: no exit) (log: ['qc_conf.stdout', 'qc_conf.stderr']) [INFO] Puppet execution ended successfully (some warnings though, check logs) [[QC_SEC_2: SHA-2 Certificates Support]] [[QC_SEC_5: World Writable Files]] [localhost] local: sudo -E find / -not \( -path "/proc" -prune \) -not \( -path "/sys" -prune \) -type f -perm -002 -exec ls -l {} \; [OK] Found no world-writable file. [[QC_INFO_1: GlueSchema 1.3 Support]] [NA] Product does not publish information through BDII. [[QC_INFO_2: GlueSchema 2.0 Support]] [NA] Product does not publish information through BDII. [[QC_INFO_3: Middleware Version Information]] [NA] Product does not publish information through BDII. [[QC_MON_1: Service Probes]] [NA] Product cannot be tested by Nagios. [localhost] local: sudo -E apt-get -y install voms-clients myproxy [localhost] local: sudo -E pip install voms-auth-system-openstack [localhost] local: sudo -E openssl req -newkey rsa:2048 -nodes -sha1 -keyout cert.key -keyform PEM -out cert.req -outform PEM -subj '/DC=es/DC=UMDverification/CN=perico-palotes' -config openssl.cnf [localhost] local: sudo -E openssl x509 -req -in cert.req -CA ca.pem -CAkey ca.key -CAcreateserial -extensions v3_req -extfile openssl.cnf -out cert.crt -days 1 [localhost] local: sudo -E chmod 600 cert.key [localhost] local: sudo -E cp cert.key /tmp/userkey.crt [INFO] Private key stored in '/tmp/userkey.crt' (with 600 perms). [localhost] local: sudo -E cp cert.crt /tmp/usercert.crt [INFO] Public key stored in '/tmp/usercert.crt'. [localhost] local: sudo -E voms-proxy-fake -rfc -cert /tmp/usercert.crt -key /tmp/userkey.crt -hours 44000 -voms dteam -hostcert /etc/grid-security/hostcert.pem -hostkey /etc/grid-security/hostkey.pem -fqan /dteam/Role=NULL/Capability=NULL -uri keystone-ubuntu.privatevlan.cloud.ifca.es:15000 -out /tmp/umd_proxy [INFO] Fake proxy created under '/tmp/umd_proxy' [[QC_FUNC_1: Basic Funcionality Test.]] [INFO] Probe 'Requesting a token using a valid VOMS proxy.' [localhost] local: sudo -E ./bin/keystone-voms/client-test.py VO:dteam --proxy-path /tmp/umd_proxy 2>&1 [INFO] Command './bin/keystone-voms/client-test.py VO:dteam --proxy-path /tmp/umd_proxy' ran successfully [OK] Basic functionality probes ran successfully. [[QC_FUNC_2: New features/bug fixes testing.]] [NA] No definition found for QC_FUNC_2.