Project

General

Profile

action #152695

Updated by szarate 7 months ago

While we're testing SSH, it seems that we skipped one important part, particularly for stagings, which led to [bsc#1217220](https://bugzilla.suse.com/show_bug.cgi?id=1217220) not being catched by our testing. 

 All in all, we should enable two different tests: 
 1- password login 
 2- ssh-key login 

 ### Acceptance Criteria 

 1. New test scenario called Authentication Stack is created 
 1. Testsuite is enabled in All of osd stagings. 
 1. Testsuite is enabled for maintenance incidents. 
 1. Testsuite is enabled for maintenance incidents. 
 1. PR is created to enable this test for Microos and Leap Micro (request review from Dimstar before enabling) 

 #### Order of importance 

 1. Microos 
 1. ALP 
 1. Leap 
 1. SLE 

 ### Notes 
 1. It is important *NOT* to modify `/etc/ssh/sshd_config` but rather to apply the changes on its own file i.e `/etc/ssh/sshd_config.d/99-bsc1217220.conf` to ensure loading of config files is not broken or disabled without knowing. 
 1. The test should be local only (i.e ssh root@localhost) 

 The test doesn't really need to do much, other than the login with password and with ssh key, I see that we do or have tests for this in quite few places, but we also have `tests/console/sshd.pm` which doesn't seeem to cover this case, however it would be great to either adapt it, or come up with a test module that is self contained, and aware of transactional systems 

 ``` 
 foursixnine@pakhet os-autoinst-distri-opensuse % ag 'PermitRootLogin' -C3 lib 
 lib/utils.pm 
 2506- 
 2507-sub permit_root_ssh { 
 2508-      if (is_sle('<16') || is_leap('<16.0')) { 
 2509:          my $results = script_run("grep 'PermitRootLogin yes' /etc/ssh/sshd_config"); 
 2510-          if (!$results) { 
 2511:              assert_script_run("sed -i 's/^PermitRootLogin.*\$/PermitRootLogin yes/' /etc/ssh/sshd_config"); 
 2512-              assert_script_run("systemctl restart sshd"); 
 2513-          } 
 2514-      } 
 2515-      else { 
 2516:          assert_script_run("echo 'PermitRootLogin yes' > /etc/ssh/sshd_config.d/root.conf"); 
 2517-          assert_script_run("systemctl restart sshd"); 
 2518-      } 
 2519-} 
 -- 
 2521-=head2 permit_root_ssh_in_sol 
 2522-      permit_root_ssh_in_sol(); 
 2523- 
 2524:for ipmi backend, PermitRootLogin has to be set in sol console 
 2525-however, assert_script_run and script_run is not stable in sole console 
 2526-enter_cmd or type_string are acceptable 
 2527- 
 -- 
 2531-      my $sshd_config_file = shift; 
 2532- 
 2533-      $sshd_config_file //= "/etc/ssh/sshd_config"; 
 2534:      enter_cmd("[ `grep \"^PermitRootLogin *yes\" $sshd_config_file | wc -l` -gt 0 ] || (echo 'PermitRootLogin yes' >>$sshd_config_file; systemctl restart sshd)", wait_still_screen => 5); 
 2535-} 
 2536- 
 2537-=head2 cleanup_disk_space 
 ```

Back