GridSite Test Plan

Prerequisities

yum -y install httpd mod_ssl

Workarounds for mod_ssl (see https://savannah.cern.ch/bugs/?48458):

yum -y install dummy-ca-certs

Start Apache with the GridSite module enabled:

sed -e '1,$s!/usr/lib/httpd/modules/!modules/!' /usr/share/doc/gridsite-*/httpd-webserver.conf | sed 's!/var/www/html!/var/www/htdocs!' | sed "s/FULL.SERVER.NAME/$(hostname -f)/" | sed "s/\(GridSiteGSIProxyLimit\)/# \1/"> /tmp/httpd-webserver.conf
echo "AddHandler cgi-script .cgi" >> /tmp/httpd-webserver.conf
echo "ScriptAlias /gridsite-delegation.cgi /usr/sbin/gridsite-delegation.cgi" >> /tmp/httpd-webserver.conf
mkdir /var/www/htdocs
httpd -f /tmp/httpd-webserver.conf

'Service ping test'

Basic tests verifying that the service is up and running:
  • gridsite-test-ping-local.sh - Test installation on a local machine (processes running, ports listening, modules loaded, etc.).
  • gridsite-test-ping-remote.sh - Test the GridSite availability remotely (ports open, WS delegation ping (?))

./ping-remote.sh `hostname -f`
./ping-local.sh -f /tmp/httpd-webserver.conf

Functionality tests

Basic access control test. First check that the server is closed, then specify a policy and check that it opened the access. Repeat for reading (HTTP PUT), writing (HTTP PUT) and removal (HTTP DEVEL).

READ (Read Permissions)
cat >/var/www/htdocs/test.html <<EOF
<html><body><h1>Hello Grid</h1></body></html>
EOF
code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n'  https://$(hostname -f)/test.html`
[ "$code" = "403" ] && echo "OK"

cat >/var/www/htdocs/.gacl <<EOF
<gacl>
  <entry>
    <any-user/>
      <allow><read/></allow>
  </entry>
</gacl>
EOF

code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n'  https://$(hostname -f)/test.html`
[ "$code" = "200" ] && echo "OK"

Get index (list & read permissions)
code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
https://$(hostname -f)/`
[ "$code" = "403" ] && echo "OK"

cat >/var/www/htdocs/.gacl <<EOF
<gacl>
  <entry>
    <person>
      <dn>`openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'`</dn>
    </person>
    <allow><read/><list/></allow>
  </entry>
</gacl>
EOF

code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
https://$(hostname -f)/`
[ "$code" = "200" ] && echo "OK"

WRITE & DELETE (write permissions)
rm -f /var/www/htdocs/.gacl /var/www/htdocs/test.txt
date > /tmp/test.txt
chown apache /var/www/htdocs/
code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
--upload-file /tmp/test.txt https://$(hostname -f)/test.txt`
[ "$code" = "403" ] && echo "OK"

cat >/var/www/htdocs/.gacl <<EOF
<gacl>
  <entry>
    <person>
      <dn>`openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'`</dn>
    </person>
    <allow><write/></allow>
  </entry>
</gacl>
EOF

code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
--upload-file /tmp/test.txt https://$(hostname -f)/test.txt`
cmp -s /tmp/test.txt /var/www/htdocs/test.txt
[ $? -eq 0 -a "$code" = "201" ] && echo "OK"

mv  /var/www/htdocs/.gacl /var/www/htdocs/.gacl.bak
code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
-X DELETE https://$(hostname -f)/test.txt`
[ "$code" = "403" ] && echo "OK"

mv /var/www/htdocs/.gacl.bak /var/www/htdocs/.gacl

code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
-X DELETE https://$(hostname -f)/test.txt`
[ "$code" = "200" ] && echo "OK"
chown root /var/www/htdocs
XXX Repeat the tests with particular VOMS attributes. Try also longer proxy chains

Check the attributes and passed on to the environment
cat >/var/www/htdocs/.gacl <<EOF
<gacl>
  <entry>
    <person>
      <dn>`openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'`</dn>
    </person>
    <allow><read/></allow>
  </entry>
</gacl>
EOF
cat >/var/www/htdocs/test.cgi <<EOF
#!/bin/sh                                                                                                                                    
echo 'Content-type: text/plain'                                                                                                              
echo                                                                                                                                         
printenv
EOF
chmod +x /var/www/htdocs/test.cgi
code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /tmp/gridsite.log --silent --write-out '%{http_code}\n'  https://$(hostname -f)/test.cgi`
[ "$code" = "200" ] && echo "OK"
grep "^GRST_" /tmp/gridsite.log 2>/dev/null
[ $? -eq 0 ] && echo "OK"

Test the basic commands (htcp, htls, htmkdir, htmv, htrm)
cat >/var/www/htdocs/.gacl <<EOF
<gacl>
  <entry>
    <person>
      <dn>`openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'`</dn>
    </person>
    <allow><read/><write/><list/></allow>
  </entry>
</gacl>
EOF

chown apache /var/www/htdocs/

date > /tmp/test.txt
htcp --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ /tmp/test.txt https://$(hostname -f)/
[ $? -eq 0 ] && echo "OK"
htls --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test.txt > /dev/null
[ $? -eq 0 ] && echo "OK"
htmv --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test.txt https://$(hostname -f)/test2.txt
[ $? -eq 0 ] && echo "OK"
htcp --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt /tmp
[ $? -eq 0 ] && echo "OK"
htrm --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt
[ $? -eq 0 ] && echo "OK"
htls --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt 2> /dev/null
[ $? -eq 22 ] && echo "OK"
htls --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/ > /dev/null
[ $? -eq 0 ] && echo "OK"
cmp /tmp/test.txt /tmp/test2.txt
[ $? -eq 0 ] && echo "OK"

chown root /var/www/htdocs/

Test proxy delegation (see also DelegationTestPlan) (XXX Disable the gridsite module?)
mkdir /var/www/proxycache
chown apache /var/www/proxycache

#delegation
id=`htproxyput --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates https://$(hostname -f)/gridsite-delegation.cgi`
[ $? -eq 0 -a -n "$id" ] && echo OK

expiry=`htproxyunixtime --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --delegation-id $id https://$(hostname -f)/gridsite-delegation.cgi`

newid=`htproxyrenew --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --delegation-id $id https://$(hostname -f)/gridsite-delegation.cgi`
[ $? -eq 0 -a -n "$newid" ] && echo OK

htproxydestroy --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --delegation-id $id https://$(hostname -f)/gridsite-delegation.cgi

-- DanielKouril - 24-Sep-2010

Edit | Attach | Watch | Print version | History: r8 < r7 < r6 < r5 < r4 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r8 - 2010-11-25 - FrantisekDvorak
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EGEE All webs login

This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright & by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Ask a support question or Send feedback