qa/713

   1 #!/bin/sh
   2 # PCP QA Test No. 713
   3 #
   4 # Exercise encrypted communications between pmproxy/clients
   5 # Copyright (c) 2013 Red Hat.
   6 #
   7
   8 seq=`basename $0`
   9 echo "QA output created by $seq"
  10
  11 . ./common.secure
  12 nss_notrun_checks
  13
  14 _cleanup()
  15 {
  16     nss_cleanup
  17
  18     $sudo $signal -a pmproxy >/dev/null 2>&1
  19     $sudo $PCP_RC_DIR/pcp restart 2>&1 | _filter_pcp_stop | _filter_pcp_start
  20     _wait_for_pmcd
  21     _wait_for_pmlogger
  22
  23     $sudo rm -f $tmp.*
  24     $sudo rm -fr $tmp
  25 }
  26
  27 status=1        # failure is the default!
  28 username=`id -u -n`
  29 signal=$PCP_BINADM_DIR/pmsignal
  30 $sudo rm -rf $tmp.* $seq.full
  31 trap "_cleanup; exit \$status" 0 1 2 3 15
  32 $sudo $PCP_RC_DIR/pcp stop | _filter_pcp_stop
  33
  34 # real QA test starts here
  35 nss_backup
  36 nss_setup_randomness
  37 nss_setup_collector true $qahost $hostname
  38
  39 # pmcd is now secure.  next, pmproxy...
  40 $sudo $PCP_RC_DIR/pmproxy stop >/dev/null 2>&1
  41 $sudo $signal -a pmproxy >/dev/null 2>&1
  42
  43 proxyargs="-C $PCP_SECURE_DB_METHOD$collectordb -P $collectorpw"
  44 id pcp >/dev/null 2>&1 && proxyargs="$proxyargs -U $username"
  45 $PCP_BINADM_DIR/pmproxy $proxyargs -l $tmp.log 2>&1
  46 echo "Checking pmproxy.log for unexpected messages" | tee -a $seq.full
  47 sleep 1 # allow log file creation to complete
  48 egrep 'Error:|Info:' $tmp.log
  49 cat $tmp.log >> $seq.full
  50
  51 # verify that local clients are prompted to establish a connection
  52 # when a valid collectoer certificate exists but no client config.
  53 nss_setup_empty_userdb
  54 echo "checking client, server certificate only.  should prompt and fail..." | tee -a $seq.full
  55 export PMPROXY_HOST=$hostname
  56 export PCP_SECURE_SOCKETS=enforce
  57 yes | pminfo -h $hostname -f hinv.ncpu 2>&1 | tee -a $seq.full | nss_filter_pminfo
  58 unset PMPROXY_HOST PCP_SECURE_SOCKETS
  59
  60 # make the new certificate visible to just this user
  61 echo "checking client, user certificate only.  should pass..."
  62 nss_setup_empty_userdb
  63 nss_import_cert_userdb
  64 export PMPROXY_HOST=$hostname
  65 export PCP_SECURE_SOCKETS=enforce
  66 yes | pminfo -h $hostname -f hinv.ncpu 2>&1 | tee -a $seq.full | nss_filter_pminfo
  67
  68 # Try a second connection
  69 echo "checking client, user certificate only, second time.  should pass..."
  70 yes | pminfo -h $hostname -f hinv.ncpu 2>&1 | tee -a $seq.full | nss_filter_pminfo
  71
  72 unset PMPROXY_HOST PCP_SECURE_SOCKETS
  73
  74 # success, all done
  75 status=0
  76 exit