GridSite Test Plan

Prerequisities

yum -y install httpd mod_ssl

Start Apache with the GridSite module enabled:

sed -e '1,$s!/usr/lib/httpd/modules/!modules/!' /usr/share/doc/gridsite-*/httpd-webserver.conf | sed 's!/var/www/html!/var/www/htdocs!' | sed "s/FULL.SERVER.NAME/$(hostname -f)/"> /tmp/httpd-webserver.conf
echo "AddHandler cgi-script .cgi" >> /tmp/httpd-webserver.conf
echo "ScriptAlias /gridsite-delegation.cgi /usr/sbin/gridsite-delegation.cgi" >> /tmp/httpd-webserver.conf
mkdir /var/www/htdocs
httpd -f /tmp/httpd-webserver.conf

The following configuration file can be used, too.

#Based on config file shipped with GridSite in /usr/share/doc/gridsite-1.5/httpd-webserver.conf
ServerRoot "/etc/httpd"
#ServerName FULL.SERVER.NAME
PidFile logs/httpd.pid

LoadModule log_config_module    modules/mod_log_config.so
LoadModule ssl_module           modules/mod_ssl.so
LoadModule gridsite_module      modules/mod_gridsite.so
LoadModule mime_module          modules/mod_mime.so
LoadModule dir_module           modules/mod_dir.so
LoadModule alias_module         modules/mod_alias.so
LoadModule cgi_module           modules/mod_cgi.so

AddHandler cgi-script .cgi
TypesConfig /etc/mime.types

User  apache
Group apache

DocumentRoot "/var/www/htdocs"
<Directory />
    AllowOverride None
</Directory>

LogLevel debug
LogFormat "%h \"%{SSL_CLIENT_S_DN}x\" %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

CustomLog       logs/httpd-gridsite-access combined
ErrorLog        logs/httpd-gridsite-errors

HostnameLookups On

ScriptAlias /real-gridsite-admin.cgi /usr/sbin/real-gridsite-admin.cgi
ScriptAlias /gridsite-delegation.cgi /usr/sbin/gridsite-delegation.cgi

Listen 443
Listen 488
SSLSessionCacheTimeout  300
SSLSessionCache         shm:/var/cache/mod_ssl/shm_cache

<VirtualHost *:443 *:488>

SSLEngine               on
SSLCertificateFile      /etc/grid-security/hostcert.pem
SSLCertificateKeyFile   /etc/grid-security/hostkey.pem
SSLCACertificatePath    /etc/grid-security/certificates
SSLVerifyClient         optional
SSLVerifyDepth          10
SSLOptions              +ExportCertData +StdEnvVars

<Directory "/var/www/htdocs">
 GridSiteAuth           on
 GridSiteEnvs           on
 GridSiteIndexes        on
 GridSiteHtmlFormat     on
 GridSiteDNlists /etc/grid-security/dn-lists/:/var/www/htdocs/dn-lists/
 GridSiteDNlistsURI     /dn-lists/
 GridSiteGSIProxyLimit  0
 GridSiteMethods        GET PUT DELETE MOVE
 GridSiteAdminURI       /real-gridsite-admin.cgi
 GridSiteAdminFile      gridsite-admin.cgi
</Directory>

</VirtualHost>

'Service ping test'

Basic tests verifying that the service is up and running:
  • gridsite-test-ping-local.sh - Test installation on a local machine (processes running, ports listening, modules loaded, etc.).
  • gridsite-test-ping-remote.sh - Test the GridSite availability remotely (ports open, WS delegation ping (?))

Functionality tests

Basic access control test. First check that the server is closed, then specify a policy and check that it opened the access. Repeat for reading (HTTP PUT), writing (HTTP PUT) and removal (HTTP DEVEL).

READ (Read Permissions)
cat >/var/www/htdocs/test.html <<EOF
<html><body><h1>Hello Grid</h1></body></html>
EOF
code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n'  https://$(hostname -f)/test.html`
[ "$code" = "403" ] && echo "OK"

cat >/var/www/htdocs/.gacl <<EOF
<gacl>
  <entry>
    <any-user/>
      <allow><read/></allow>
  </entry>
</gacl>
EOF

code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n'  https://$(hostname -f)/test.html`
[ "$code" = "200" ] && echo "OK"

Get index (list & read permissions)
code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
https://$(hostname -f)/`
[ "$code" = "403" ] && echo "OK"

cat >/var/www/htdocs/.gacl <<EOF
<gacl>
  <entry>
    <person>
      <dn>`openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'`</dn>
    </person>
    <allow><read/><list/></allow>
  </entry>
</gacl>
EOF

code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
https://$(hostname -f)/`
[ "$code" = "200" ] && echo "OK"

WRITE & DELETE (write permissions)
rm -f /var/www/htdocs/.gacl /var/www/htdocs/test.txt
date > /tmp/test.txt
chown apache /var/www/htdocs/
code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
--upload-file /tmp/test.txt https://$(hostname -f)/test.txt`
[ "$code" = "403" ] && echo "OK"

cat >/var/www/htdocs/.gacl <<EOF
<gacl>
  <entry>
    <person>
      <dn>`openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'`</dn>
    </person>
    <allow><write/></allow>
  </entry>
</gacl>
EOF

code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
--upload-file /tmp/test.txt https://$(hostname -f)/test.txt`
cmp -s /tmp/test.txt /var/www/htdocs/test.txt
[ $? -eq 0 -a "$code" = "201" ] && echo "OK"

mv  /var/www/htdocs/.gacl /var/www/htdocs/.gacl.bak
code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
-X DELETE https://$(hostname -f)/test.txt`
[ "$code" = "403" ] && echo "OK"

mv /var/www/htdocs/.gacl.bak /var/www/htdocs/.gacl

code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
-X DELETE https://$(hostname -f)/test.txt`
[ "$code" = "200" ] && echo "OK"
chown root /var/www/htdocs
XXX Repeat the tests with particular VOMS attributes.

Check the attributes and passed on to the environment
cat >/var/www/htdocs/.gacl <<EOF
<gacl>
  <entry>
    <person>
      <dn>`openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'`</dn>
    </person>
    <allow><read/></allow>
  </entry>
</gacl>
EOF
cat >/var/www/htdocs/test.cgi <<EOF
#!/bin/sh                                                                                                                                    
echo 'Content-type: text/plain'                                                                                                              
echo                                                                                                                                         
printenv
EOF
chmod +x /var/www/htdocs/test.cgi
code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /tmp/gridsite.log --silent --write-out '%{http_code}\n'  https://$(hostname -f)/test.cgi`
[ "$code" = "200" ] && echo "OK"
grep "^GRST_" /tmp/gridsite.log 2>/dev/null
[ $? -eq 0 ] && echo "OK"

Test the basic commands (htcp, htls, htmkdir, htmv, htrm)
cat >/var/www/htdocs/.gacl <<EOF
<gacl>
  <entry>
    <person>
      <dn>`openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'`</dn>
    </person>
    <allow><read/><write/><list/></allow>
  </entry>
</gacl>
EOF

chown apache /var/www/htdocs/

date > /tmp/test.txt
htcp --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ /tmp/test.txt https://$(hostname -f)/
[ $? -eq 0 ] && echo "OK"
htls --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test.txt > /dev/null
[ $? -eq 0 ] && echo "OK"
htmv --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test.txt https://$(hostname -f)/test2.txt
[ $? -eq 0 ] && echo "OK"
htcp --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt /tmp
[ $? -eq 0 ] && echo "OK"
htrm --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt
[ $? -eq 0 ] && echo "OK"
htls --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt 2> /dev/null
[ $? -eq 22 ] && echo "OK"
htls --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/ > /dev/null
[ $? -eq 0 ] && echo "OK"
cmp /tmp/test.txt /tmp/test2.txt
[ $? -eq 0 ] && echo "OK"

chown root /var/www/htdocs/

Test proxy delegation (see also DelegationTestPlan) (XXX Disable the gridsite module?)
mkdir /var/www/proxycache
chown apache /var/www/proxycache

#delegation
id=`htproxyput --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates https://$(hostname -f)/gridsite-delegation.cgi`
[ $? -eq 0 -a -n "$id" ] && echo OK

expiry=`htproxyunixtime --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --delegation-id $id https://$(hostname -f)/gridsite-delegation.cgi`

newid=`htproxyrenew --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --delegation-id $id https://$(hostname -f)/gridsite-delegation.cgi`
[ $? -eq 0 -a -n "$newid" ] && echo OK

htproxydestroy --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --delegation-id $id https://$(hostname -f)/gridsite-delegation.cgi

-- DanielKouril - 24-Sep-2010

Edit | Attach | Watch | Print version | History: r8 | r6 < r5 < r4 < r3 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r4 - 2010-10-01 - FrantisekDvorak
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EGEE All webs login

This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright & by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Ask a support question or Send feedback