Merge "Open mirror ssl ports externally"

2020-05-20 18:37:16 +00:00 · 2020-05-20 18:37:16 +00:00 · 192b77ade8
commit 192b77ade8
parent 2dff1e482d d8f01de682
2 changed files with 59 additions and 24 deletions
--- a/playbooks/group_vars/mirror.yaml
+++ b/playbooks/group_vars/mirror.yaml
@ -1,6 +1,11 @@
 iptables_extra_public_tcp_ports:
  - 80
  - 443
+  - 4443
+  - 4444
+  - 4445
+  - 4446
+  - 4447
  - 8080
  - 8081
  - 8082
--- a/testinfra/test_mirror.py
+++ b/testinfra/test_mirror.py
@ -23,42 +23,72 @@ def test_apache(host):

 def test_base_mirror(host):
    # BaseMirror
-    cmd = host.run("wget --no-check-certificate -qO- https://localhost/")
-    assert '<a href="debian/">' in cmd.stdout
+    for addr in host.addr(host.backend.host).ip_addresses:
+        cmd = host.run("wget --no-check-certificate -qO- https://%s/" % addr)
+        assert '<a href="debian/">' in cmd.stdout

-    cmd = host.run("wget -qO- http://localhost/")
-    assert '<a href="debian/">' in cmd.stdout
+        cmd = host.run("wget -qO- http://%s/" % addr)
+        assert '<a href="debian/">' in cmd.stdout

 def test_proxy_mirror(host):
    # ProxyMirror
-    cmd = host.run("wget --no-check-certificate -qO- "
-                   "https://localhost:4443/pypi/simple/setuptools")
-    assert 'setuptools' in cmd.stdout
+    for addr in host.addr(host.backend.host).ipv4_addresses:
+        cmd = host.run("wget --no-check-certificate -qO- "
+                       "https://%s:4443/pypi/simple/setuptools" % addr)
+        assert 'setuptools' in cmd.stdout

-    cmd = host.run("wget -qO- http://localhost:8080/pypi/simple/setuptools")
-    assert 'setuptools' in cmd.stdout
+        cmd = host.run("wget -qO- "
+                       "http://%s:8080/pypi/simple/setuptools" % addr)
+        assert 'setuptools' in cmd.stdout
+
+    # split the test cases so that we can escape the ipv6 addrs properly
+    for addr in host.addr(host.backend.host).ipv6_addresses:
+        cmd = host.run("wget --no-check-certificate -qO- "
+                       "https://[%s]:4443/pypi/simple/setuptools" % addr)
+        assert 'setuptools' in cmd.stdout
+
+        cmd = host.run("wget -qO- "
+                       "http://[%s]:8080/pypi/simple/setuptools" % addr)
+        assert 'setuptools' in cmd.stdout

 def test_dockerv1_mirror(host):
    # Dockerv1Mirror
-    cmd = host.run("wget --no-check-certificate -O- "
-                   "https://localhost:4444/registry-1.docker")
-    # TODO assert that this proxy cache is working more properly
-    assert '403 Forbidden' in cmd.stderr
+    for addr in host.addr(host.backend.host).ipv4_addresses:
+        cmd = host.run("wget --no-check-certificate -O- "
+                       "https://%s:4444/registry-1.docker" % addr)
+        # TODO assert that this proxy cache is working more properly
+        assert '403 Forbidden' in cmd.stderr

-    cmd = host.run("wget -O- http://localhost:8081/registry-1.docker")
-    # TODO assert that this proxy cache is working more properly
-    assert '403 Forbidden' in cmd.stderr
+        cmd = host.run("wget -O- http://%s:8081/registry-1.docker" % addr)
+        # TODO assert that this proxy cache is working more properly
+        assert '403 Forbidden' in cmd.stderr
+
+    for addr in host.addr(host.backend.host).ipv6_addresses:
+        cmd = host.run("wget --no-check-certificate -O- "
+                       "https://[%s]:4444/registry-1.docker" % addr)
+        # TODO assert that this proxy cache is working more properly
+        assert '403 Forbidden' in cmd.stderr
+
+        cmd = host.run("wget -O- http://[%s]:8081/registry-1.docker" % addr)
+        # TODO assert that this proxy cache is working more properly
+        assert '403 Forbidden' in cmd.stderr

 def test_dockerv2_mirror(host):
    # Dockerv2Mirror
-    cmd = host.run("wget --no-check-certificate -O- "
-                   "https://localhost:4445/v2/")
-    assert '401 Unauthorized' in cmd.stderr
+    for addr in host.addr(host.backend.host).ipv4_addresses:
+        cmd = host.run("wget --no-check-certificate -O- "
+                       "https://%s:4445/v2/" % addr)
+        assert '401 Unauthorized' in cmd.stderr

-    cmd = host.run("wget -O- http://localhost:8082/v2/")
-    assert '401 Unauthorized' in cmd.stderr
+        cmd = host.run("wget -O- http://%s:8082/v2/" %addr)
+        assert '401 Unauthorized' in cmd.stderr
+
+    for addr in host.addr(host.backend.host).ipv6_addresses:
+        cmd = host.run("wget --no-check-certificate -O- "
+                       "https://[%s]:4445/v2/" % addr)
+        assert '401 Unauthorized' in cmd.stderr
+
+        cmd = host.run("wget -O- http://[%s]:8082/v2/" %addr)
+        assert '401 Unauthorized' in cmd.stderr

 # TODO test RHRegistryMirror and QuayMirror
-
-# NOTE(ianw): further testing idea for anyone interested; get the
-# actual IP address of the mirror node and connect via that