From 5210671dbb6379ef996e35f18dd0de136bdd2b86 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Wed, 8 Jun 2016 11:44:10 -0400 Subject: [PATCH] refacto: move run_puppet & catch_selinux_alerts into functions Change-Id: I78324c8787b129e91f1ac32694085bde5b6043fe --- functions | 26 ++++++++++++++++++++++++++ run_tests.sh | 35 +++-------------------------------- 2 files changed, 29 insertions(+), 32 deletions(-) diff --git a/functions b/functions index 66cdd5a2c..4e84600f0 100644 --- a/functions +++ b/functions @@ -140,3 +140,29 @@ install_puppet() { $SUDO yum install -y ${PUPPET_PKG} fi } + +function run_puppet() { + local manifest=$1 + $SUDO $PUPPET_FULL_PATH apply $PUPPET_ARGS fixtures/${manifest}.pp + local res=$? + return $res +} + +function catch_selinux_alerts() { + if is_fedora; then + $SUDO sealert -a /var/log/audit/audit.log + if $SUDO grep -iq 'type=AVC' /var/log/audit/audit.log; then + echo "AVC detected in /var/log/audit/audit.log" + # TODO: figure why latest rabbitmq deployed with SSL tries to write in SSL pem file. + # https://bugzilla.redhat.com/show_bug.cgi?id=1341738 + if $SUDO grep -iqE 'denied.*system_r:rabbitmq_t' /var/log/audit/audit.log; then + echo "non-critical RabbitMQ AVC, ignoring it now." + else + echo "Please file a bug on https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20OpenStack&component=openstack-selinux showing sealert output." + exit 1 + fi + else + echo 'No AVC detected in /var/log/audit/audit.log' + fi + fi +} diff --git a/run_tests.sh b/run_tests.sh index 3abe7307d..8bb5a8a8c 100755 --- a/run_tests.sh +++ b/run_tests.sh @@ -17,7 +17,7 @@ export PUPPET_MAJ_VERSION=${PUPPET_MAJ_VERSION:-3} export SCENARIO=${SCENARIO:-scenario001} export MANAGE_PUPPET_MODULES=${MANAGE_PUPPET_MODULES:-true} export MANAGE_REPOS=${MANAGE_REPOS:-true} -export PUPPET_ARGS=${PUPPET_ARGS:-} +export PUPPET_ARGS="${PUPPET_ARGS} --detailed-exitcodes --color=false --test --trace" export SCRIPT_DIR=$(cd `dirname $0` && pwd -P) export DISTRO=$(lsb_release -c -s) @@ -62,6 +62,8 @@ else fi install_puppet +PUPPET_FULL_PATH=$(which puppet) + if uses_debs; then $SUDO apt-get install -y dstat elif is_fedora; then @@ -71,37 +73,6 @@ elif is_fedora; then $SUDO selinuxenabled && $SUDO setenforce 0 fi -PUPPET_ARGS="${PUPPET_ARGS} --detailed-exitcodes --color=false --test --trace" - -PUPPET_FULL_PATH=$(which puppet) - -function run_puppet() { - local manifest=$1 - $SUDO $PUPPET_FULL_PATH apply $PUPPET_ARGS fixtures/${manifest}.pp - local res=$? - - return $res -} - -function catch_selinux_alerts() { - if is_fedora; then - $SUDO sealert -a /var/log/audit/audit.log - if $SUDO grep -iq 'type=AVC' /var/log/audit/audit.log; then - echo "AVC detected in /var/log/audit/audit.log" - # TODO: figure why latest rabbitmq deployed with SSL tries to write in SSL pem file. - # https://bugzilla.redhat.com/show_bug.cgi?id=1341738 - if $SUDO grep -iqE 'denied.*system_r:rabbitmq_t' /var/log/audit/audit.log; then - echo "non-critical RabbitMQ AVC, ignoring it now." - else - echo "Please file a bug on https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20OpenStack&component=openstack-selinux showing sealert output." - exit 1 - fi - else - echo 'No AVC detected in /var/log/audit/audit.log' - fi - fi -} - # use dstat to monitor system activity during integration testing if type "dstat" 2>/dev/null; then print_header 'Start dstat'