action #152695
open[qe-core] Test ssh login on for root at localhost
0%
Description
While we're testing SSH, it seems that we skipped one important part, particularly for stagings, which led to bsc#1217220 not being catched by our testing.
All in all, we should enable two different tests:
1- password login
2- ssh-key login
Acceptance Criteria¶
- New test scenario called Authentication Stack is created
- Testsuite is enabled in All of osd stagings.
- Testsuite is enabled for maintenance incidents.
- Testsuite is enabled for maintenance incidents.
- PR is created to enable this test for Microos and Leap Micro (request review from Dimstar before enabling)
Order of importance¶
- Microos
- ALP
- Leap
- SLE
Notes¶
- It is important NOT to modify
/etc/ssh/sshd_configbut rather to apply the changes on its own file i.e/etc/ssh/sshd_config.d/99-bsc1217220.confto ensure loading of config files is not broken or disabled without knowing. - The test should be local only (i.e ssh root@localhost)
The test doesn't really need to do much, other than the login with password and with ssh key, I see that we do or have tests for this in quite few places, but we also have tests/console/sshd.pm which doesn't seeem to cover this case, however it would be great to either adapt it, or come up with a test module that is self contained, and aware of transactional systems
foursixnine@pakhet os-autoinst-distri-opensuse % ag 'PermitRootLogin' -C3 lib
lib/utils.pm
2506-
2507-sub permit_root_ssh {
2508- if (is_sle('<16') || is_leap('<16.0')) {
2509: my $results = script_run("grep 'PermitRootLogin yes' /etc/ssh/sshd_config");
2510- if (!$results) {
2511: assert_script_run("sed -i 's/^PermitRootLogin.*\$/PermitRootLogin yes/' /etc/ssh/sshd_config");
2512- assert_script_run("systemctl restart sshd");
2513- }
2514- }
2515- else {
2516: assert_script_run("echo 'PermitRootLogin yes' > /etc/ssh/sshd_config.d/root.conf");
2517- assert_script_run("systemctl restart sshd");
2518- }
2519-}
--
2521-=head2 permit_root_ssh_in_sol
2522- permit_root_ssh_in_sol();
2523-
2524:for ipmi backend, PermitRootLogin has to be set in sol console
2525-however, assert_script_run and script_run is not stable in sole console
2526-enter_cmd or type_string are acceptable
2527-
--
2531- my $sshd_config_file = shift;
2532-
2533- $sshd_config_file //= "/etc/ssh/sshd_config";
2534: enter_cmd("[ `grep \"^PermitRootLogin *yes\" $sshd_config_file | wc -l` -gt 0 ] || (echo 'PermitRootLogin yes' >>$sshd_config_file; systemctl restart sshd)", wait_still_screen => 5);
2535-}
2536-
2537-=head2 cleanup_disk_space
Updated by dvenkatachala 11 months ago
- Status changed from Workable to In Progress
Updated by dvenkatachala 10 months ago ยท Edited
The current 'tests/console/sshd.pm' test is written with interactive SSH connections, requiring the 'expect' package, which is not present in ALP/SLE Micro. Therefore, I am considering writing a new test suite to cover SSH for the root user.
@szarate, What do you suggest? Do you want me to change the test without the 'expect' package?
Updated by dvenkatachala 9 months ago
- Status changed from In Progress to Feedback
PR: https://github.com/os-autoinst/os-autoinst-distri-opensuse/pull/18531
I added a new test. I discussed with Santi, and we are yet to decide whether we should schedule this test or not.