forked from Tokutek/tokumxse
-
Notifications
You must be signed in to change notification settings - Fork 60
/
Copy pathselinux_test_executor.sh
executable file
·179 lines (139 loc) · 4.79 KB
/
selinux_test_executor.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
#!/bin/bash
set +o errexit
readonly k_log_path="/var/log/mongodb/mongod.log"
readonly k_mongo="$(pwd)/dist-test/bin/mongo"
readonly k_test_path="$1"
return_code=1
export PATH="$(dirname "$k_mongo"):$PATH"
function print_err() {
echo "$@" >&2
}
function monitor_log() {
sed "s!^!mongod| $(date '+%F %H-%M-%S') !" <(sudo --non-interactive tail -f $k_log_path)
}
function output_ausearch() {
local cmd_parameters="AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR"
echo ""
echo "====== SELinux errors (ausearch -m $cmd_parameters): ======"
sudo --non-interactive ausearch -m $cmd_parameters -ts $1
}
function output_journalctl() {
echo ""
echo "============================== journalctl ========================================="
sudo --non-interactive journalctl --no-pager --catalog --since="$1" | grep -i mongo
}
function fail_and_exit_err() {
echo ""
echo "==================================================================================="
echo "++++++++ Test failed, outputting last 5 seconds of additional log info ++++++++++++"
echo "==================================================================================="
output_ausearch "$(date --utc --date='5 seconds ago' '+%x %H:%M:%S')"
output_journalctl "$(date --utc --date='5 seconds ago' +'%Y-%m-%d %H:%M:%S')"
echo ""
echo "==== FAIL: $1 ===="
exit 1
}
function create_mongo_config() {
echo "Writing /etc/mongod.conf for $k_test_path:"
"$k_mongo" --nodb --norc --quiet --eval='
const {TestDefinition} = await import("'"$k_test_path"'");
assert(TestDefinition);
const test = new TestDefinition();
print(JSON.stringify(test.config, null, 2));
' | sudo --non-interactive tee /etc/mongod.conf
}
function start_mongod() {
# Start mongod and if it won't come up, fail and exit
sudo --non-interactive systemctl start mongod \
&& sudo --non-interactive systemctl status mongod || (
fail_and_exit_err "systemd failed to start mongod server!"
)
}
function wait_for_mongod_to_accept_connections() {
# Once the mongod process starts via systemd, it can still take a couple of seconds
# to set up and accept connections... we will wait for log id 23016 to show up
# indicating that the server is ready to accept incoming connections before starting the tests
local server_ready=0
local wait_seconds=2
local wait_retries_max=30
local wait_retries=0
while [[ $wait_retries -le $wait_retries_max ]]; do
local server_status="$(grep 23016 $k_log_path || echo "")"
if [ "$server_status" != "" ]; then
server_ready=1
break
fi
sleep $wait_seconds
((wait_retries++))
done
if [ ! $server_ready ]; then
fail_and_exit_err "failed to connect to mongod server after waiting for $(($wait_seconds * $wait_retries)) seconds!"
fi
}
function clear_mongo_config() {
# stop mongod, zero mongo log, clean up database, set all booleans to off
sudo --non-interactive bash -c '
systemctl stop mongod
rm -f '"$k_log_path"'
touch '"$k_log_path"'
chown mongod '"$k_log_path"'
rm -rf /var/lib/mongo/*
rm -rf /etc/sysconfig/mongod /etc/mongod
setsebool mongod_can_connect_ldap off
setsebool mongod_can_use_kerberos off
'
}
function exit_with_code() {
exit $return_code
}
function setup_test_definition() {
"$k_mongo" --nodb --norc --quiet --eval='
const {TestDefinition} = await import("'"$k_test_path"'");
assert(TestDefinition);
(() => {
const test = new TestDefinition();
print("Running setup() for '"$k_test_path"'");
test.setup();
})();
'
}
function run_test() {
"$k_mongo" --norc --gssapiServiceName=mockservice --eval='
const {TestDefinition} = await import("'"$k_test_path"'");
assert(TestDefinition);
print("Running test '"$k_test_path"'");
const test = new TestDefinition();
try {
await test.run();
} finally {
test.teardown();
}
' || fail_and_exit_err "Test failed"
echo "SUCCESS: $k_test_path"
}
if [ ! -f "$k_mongo" ]; then
print_err "Mongo shell at $k_mongo is missing"
exit 1
fi
if [ ! -f "$k_test_path" ]; then
print_err "No test supplied or test file not found. Run:"
print_err "$(basename "${BASH_SOURCE[0]}") <path>"
exit 1
fi
# Ensure file containing tests is valid before executing
if ! "$k_mongo" --nodb --norc --quiet "$k_test_path"; then
print_err "File $k_test_path has syntax errors"
exit 1
fi
echo "STARTING TEST: $k_test_path"
clear_mongo_config
create_mongo_config
setup_test_definition
# start log monitor, also kill it on exit
monitor_log &
monitor_pid="$!"
trap "sudo --non-interactive pkill -P $monitor_pid; exit_with_code" SIGINT SIGTERM ERR EXIT
start_mongod
wait_for_mongod_to_accept_connections
run_test
return_code=0