-
Notifications
You must be signed in to change notification settings - Fork 137
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update ACME tests to check server files and folders
- Loading branch information
Showing
1 changed file
with
144 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -105,6 +105,120 @@ jobs: | |
| -D url=ldap://ds.example.com:3389 | ||
| docker exec pki pki-server acme-deploy --wait | ||
| - name: Check PKI server base dir after installation | ||
| run: | | ||
| # check file types, owners, and permissions | ||
| docker exec pki ls -l /var/lib/pki/pki-tomcat \ | ||
| | sed \ | ||
| -e '/^total/d' \ | ||
| -e 's/^\(\S*\) *\S* *\(\S*\) *\(\S*\) *\S* *\S* *\S* *\S* *\(.*\)$/\1 \2 \3 \4/' \ | ||
| | tee output | ||
| # TODO: review permissions | ||
| cat > expected << EOF | ||
| lrwxrwxrwx pkiuser pkiuser alias -> /etc/pki/pki-tomcat/alias | ||
| lrwxrwxrwx pkiuser pkiuser bin -> /usr/share/tomcat/bin | ||
| drwxrwx--- pkiuser pkiuser ca | ||
| drwxrwx--- pkiuser pkiuser common | ||
| lrwxrwxrwx pkiuser pkiuser conf -> /etc/pki/pki-tomcat | ||
| lrwxrwxrwx pkiuser pkiuser lib -> /usr/share/pki/server/lib | ||
| lrwxrwxrwx pkiuser pkiuser logs -> /var/log/pki/pki-tomcat | ||
| drwxrwx--- pkiuser pkiuser temp | ||
| drwxr-xr-x pkiuser pkiuser webapps | ||
| drwxrwx--- pkiuser pkiuser work | ||
| EOF | ||
| diff expected output | ||
| - name: Check PKI server conf dir after installation | ||
| run: | | ||
| # check file types, owners, and permissions | ||
| docker exec pki ls -l /etc/pki/pki-tomcat \ | ||
| | sed \ | ||
| -e '/^total/d' \ | ||
| -e 's/^\(\S*\) *\S* *\(\S*\) *\(\S*\) *\S* *\S* *\S* *\S* *\(.*\)$/\1 \2 \3 \4/' \ | ||
| | tee output | ||
| # TODO: review permissions | ||
| cat > expected << EOF | ||
| drwxrwx--- pkiuser pkiuser Catalina | ||
| drwxr-x--- pkiuser pkiuser acme | ||
| drwxrwx--- pkiuser pkiuser alias | ||
| drwxrwx--- pkiuser pkiuser ca | ||
| -rw-r--r-- pkiuser pkiuser catalina.policy | ||
| lrwxrwxrwx pkiuser pkiuser catalina.properties -> /usr/share/pki/server/conf/catalina.properties | ||
| drwxrwx--- pkiuser pkiuser certs | ||
| lrwxrwxrwx pkiuser pkiuser context.xml -> /etc/tomcat/context.xml | ||
| lrwxrwxrwx pkiuser pkiuser logging.properties -> /usr/share/pki/server/conf/logging.properties | ||
| -rw-rw---- pkiuser pkiuser password.conf | ||
| -rw-rw---- pkiuser pkiuser server.xml | ||
| -rw-rw---- pkiuser pkiuser serverCertNick.conf | ||
| -rw-rw---- pkiuser pkiuser tomcat.conf | ||
| lrwxrwxrwx pkiuser pkiuser web.xml -> /etc/tomcat/web.xml | ||
| EOF | ||
| diff expected output | ||
| - name: Check PKI server logs dir after installation | ||
| run: | | ||
| # check file types, owners, and permissions | ||
| # ignore backup dir since it doesn't always exist | ||
| docker exec pki ls -l /var/log/pki/pki-tomcat \ | ||
| | sed \ | ||
| -e '/^total/d' \ | ||
| -e 's/^\(\S*\) *\S* *\(\S*\) *\(\S*\) *\S* *\S* *\S* *\S* *\(.*\)$/\1 \2 \3 \4/' \ | ||
| -e '/^\S* *\S* *\S* *backup$/d' \ | ||
| | tee output | ||
| DATE=$(date +'%Y-%m-%d') | ||
| # TODO: review permissions | ||
| cat > expected << EOF | ||
| drwxr-xr-x pkiuser pkiuser acme | ||
| drwxrwx--- pkiuser pkiuser ca | ||
| -rw-rw-r-- pkiuser pkiuser catalina.$DATE.log | ||
| -rw-rw-r-- pkiuser pkiuser host-manager.$DATE.log | ||
| -rw-rw-r-- pkiuser pkiuser localhost.$DATE.log | ||
| -rw-r--r-- pkiuser pkiuser localhost_access_log.$DATE.txt | ||
| -rw-rw-r-- pkiuser pkiuser manager.$DATE.log | ||
| drwxr-xr-x pkiuser pkiuser pki | ||
| EOF | ||
| diff expected output | ||
| - name: Check ACME conf dir | ||
| run: | | ||
| # check file types, owners, and permissions | ||
| docker exec pki ls -l /etc/pki/pki-tomcat/acme \ | ||
| | sed \ | ||
| -e '/^total/d' \ | ||
| -e 's/^\(\S*\) *\S* *\(\S*\) *\(\S*\) *\S* *\S* *\S* *\S* *\(.*\)$/\1 \2 \3 \4/' \ | ||
| | tee output | ||
| # TODO: review permissions | ||
| cat > expected << EOF | ||
| -rw-rw---- pkiuser pkiuser database.conf | ||
| -rw-rw---- pkiuser pkiuser issuer.conf | ||
| -rw-rw---- pkiuser pkiuser realm.conf | ||
| EOF | ||
| diff expected output | ||
| - name: Check ACME database config | ||
| if: always() | ||
| run: | | ||
| docker exec pki cat /etc/pki/pki-tomcat/acme/database.conf | ||
| - name: Check ACME issuer config | ||
| if: always() | ||
| run: | | ||
| docker exec pki cat /etc/pki/pki-tomcat/acme/issuer.conf | ||
| - name: Check ACME realm config | ||
| if: always() | ||
| run: | | ||
| docker exec pki cat /etc/pki/pki-tomcat/acme/realm.conf | ||
| - name: Check initial ACME accounts | ||
| run: | | ||
| docker exec ds ldapsearch \ | ||
|
|
@@ -547,6 +661,36 @@ jobs: | |
| sed -n 's/^acmeStatus: *\(.*\)$/\1/p' output > actual | ||
| diff expected actual | ||
| - name: Check DS server systemd journal | ||
| if: always() | ||
| run: | | ||
| docker exec ds journalctl -x --no-pager -u [email protected] | ||
| - name: Check DS container logs | ||
| if: always() | ||
| run: | | ||
| docker logs ds | ||
| - name: Check PKI server systemd journal | ||
| if: always() | ||
| run: | | ||
| docker exec pki journalctl -x --no-pager -u [email protected] | ||
| - name: Check CA debug log | ||
| if: always() | ||
| run: | | ||
| docker exec pki find /var/lib/pki/pki-tomcat/logs/ca -name "debug.*" -exec cat {} \; | ||
| - name: Check ACME debug log | ||
| if: always() | ||
| run: | | ||
| docker exec pki find /var/lib/pki/pki-tomcat/logs/acme -name "debug.*" -exec cat {} \; | ||
| - name: Check certbot log | ||
| if: always() | ||
| run: | | ||
| docker exec client cat /var/log/letsencrypt/letsencrypt.log | ||
| - name: Gather artifacts from server containers | ||
| if: always() | ||
| run: | | ||
|
|
||