opendev/system-config
Code Issues Proposed changes

paste : move testing host to paste99, remove https hacks

Browse Source 
Move the paste testing server to paste99 to distinguish it in testing
from the actual production paste service.  Since we have certificates
setup now, we can directly test against "paste99.opendev.org",
removing the insecure flags to various calls.

Change-Id: Ifd5e270604102806736dffa86dff2bf8b23799c5
This commit is contained in:
Ian Wienand 2022-07-06 05:54:55 +10:00
parent 72a0ad6d19
commit 939233e4e4
8 changed files with 21 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
inventory/service/group_vars/paste.yaml Normal file
View File

@ -0,0 +1,3 @@
borg_backup_excludes_extra:
# live db; dumped with mysqldump
- /var/lib/lodgeit

3
inventory/service/host_vars/paste01.opendev.org.yaml
View File

@ -3,6 +3,3 @@ letsencrypt_certs:
- paste01.opendev.org - paste01.opendev.org
- paste.opendev.org - paste.opendev.org
- paste.openstack.org - paste.openstack.org
borg_backup_excludes_extra:
# live db; dumped with mysqldump
- /var/lib/lodgeit

3
playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
View File

@ -171,6 +171,9 @@
- name: letsencrypt updated paste01-opendev-org-main - name: letsencrypt updated paste01-opendev-org-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated paste99-opendev-org-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
# review # review
- name: letsencrypt updated review02-opendev-org-main - name: letsencrypt updated review02-opendev-org-main

2
playbooks/zuul/run-base.yaml
View File

@ -148,7 +148,7 @@
- host_vars/mirror01.openafs.provider.opendev.org.yaml - host_vars/mirror01.openafs.provider.opendev.org.yaml
- host_vars/mirror02.openafs.provider.opendev.org.yaml - host_vars/mirror02.openafs.provider.opendev.org.yaml
- host_vars/mirror-update01.opendev.org.yaml - host_vars/mirror-update01.opendev.org.yaml
- host_vars/paste01.opendev.org.yaml - host_vars/paste99.opendev.org.yaml
- host_vars/refstack01.openstack.org.yaml - host_vars/refstack01.openstack.org.yaml
- host_vars/review99.opendev.org.yaml - host_vars/review99.opendev.org.yaml
- name: Display group membership - name: Display group membership

2
playbooks/zuul/templates/host_vars/paste01.opendev.org.yaml.j2
View File

@ -1,2 +0,0 @@
lodgeit_secret_key: secretkey
lodgeit_db_password: password

7
playbooks/zuul/templates/host_vars/paste99.opendev.org.yaml.j2 Normal file
View File

@ -0,0 +1,7 @@
lodgeit_secret_key: secretkey
lodgeit_db_password: password
letsencrypt_certs:
paste99-opendev-org-main:
- paste99.opendev.org
- paste.opendev.org
- paste.openstack.org

19
testinfra/test_paste.py
View File

@ -16,7 +16,7 @@ import requests
from util import take_screenshots from util import take_screenshots
testinfra_hosts = ['paste01.opendev.org'] testinfra_hosts = ['paste99.opendev.org']
def test_lodgeit_container_web_listening(host): def test_lodgeit_container_web_listening(host):
@ -27,9 +27,7 @@ def test_lodgeit_container_web_listening(host):
assert paste_https.is_listening assert paste_https.is_listening
def test_paste(host): def test_paste(host):
cmd = host.run('curl --insecure ' cmd = host.run('curl https://paste99.opendev.org')
'--resolve paste.opendev.org:443:127.0.0.1 '
'https://paste.opendev.org')
assert 'New Paste' in cmd.stdout assert 'New Paste' in cmd.stdout
# ensure we paste private by default # ensure we paste private by default
assert '<input type="checkbox" name="private" id="private" checked>' \ assert '<input type="checkbox" name="private" id="private" checked>' \
@ -37,27 +35,22 @@ def test_paste(host):
def test_paste_redirects(host): def test_paste_redirects(host):
# http site should redirect all agents but Pastebinit # http site should redirect all agents but Pastebinit
r = requests.get( r = requests.get('http://paste99.opendev.org', allow_redirects=False)
'http://%s' % host.backend.get_hostname(), allow_redirects=False)
assert r.status_code == 301 assert r.status_code == 301
assert r.headers['Location'] == 'https://paste.opendev.org/' assert r.headers['Location'] == 'https://paste.opendev.org/'
headers = { headers = {
'User-Agent': 'Pastebinit v1.2.3' 'User-Agent': 'Pastebinit v1.2.3'
} }
r = requests.get('http://%s' % (host.backend.get_hostname())) r = requests.get('http://paste99.opendev.org')
assert r.status_code == 200 assert r.status_code == 200
def test_paste_logo(host): def test_paste_logo(host):
cmd = host.run('curl --insecure ' cmd = host.run('curl https://paste99.opendev.org/assets/opendev.svg')
'--resolve paste.opendev.org:443:127.0.0.1 '
'https://paste.opendev.org/assets/opendev.svg')
assert 'image/svg+xml' in cmd.stdout assert 'image/svg+xml' in cmd.stdout
def test_paste_robots(host): def test_paste_robots(host):
cmd = host.run('curl --insecure ' cmd = host.run('curl https://paste99.opendev.org/robots.txt')
'--resolve paste.opendev.org:443:127.0.0.1 '
'https://paste.opendev.org/robots.txt')
assert 'Disallow: /' in cmd.stdout assert 'Disallow: /' in cmd.stdout
def test_paste_screenshots(host): def test_paste_screenshots(host):

2
zuul.d/system-config-run.yaml
View File

@ -778,7 +778,7 @@
nodes: nodes:
- name: bridge.openstack.org - name: bridge.openstack.org
label: ubuntu-bionic label: ubuntu-bionic
- name: paste01.opendev.org - name: paste99.opendev.org
label: ubuntu-focal label: ubuntu-focal
vars: vars:
run_playbooks: run_playbooks: