hybrid_platforms_conductor 33.4.0 → 33.7.1

data/spec/hybrid_platforms_conductor_test/api/nodes_handler/cmdbs/host_keys_spec.rb

@@ -4,7 +4,7 @@ describe HybridPlatformsConductor::NodesHandler do
 
     it 'makes sure to have hostname or host_ip set to compute host_keys' do
       with_test_platform({}) do
-        expect(cmdb(:host_keys).property_dependencies[:host_keys].sort).to eq %i[hostname host_ip].sort
+        expect(cmdb(:host_keys).property_dependencies[:host_keys].sort).to eq %i[hostname host_ip ssh_port].sort
       end
     end
 
@@ -17,17 +17,27 @@ describe HybridPlatformsConductor::NodesHandler do
     it 'returns host keys when hostname is set' do
       with_test_platform({ nodes: { 'test_node' => {} } }) do
         with_cmd_runner_mocked [
-          ['ssh-keyscan my_host.my_domain', proc { [0, "my_host.my_domain ssh-rsa fake_host_key\n", ''] }]
+          ['ssh-keyscan -p 22 my_host.my_domain', proc { [0, "my_host.my_domain ssh-rsa fake_host_key\n", ''] }]
         ] do
           expect(cmdb(:host_keys).get_host_keys(['test_node'], { 'test_node' => { hostname: 'my_host.my_domain' } })).to eq('test_node' => ['ssh-rsa fake_host_key'])
         end
       end
     end
 
+    it 'returns host keys for the correct ssh port' do
+      with_test_platform({ nodes: { 'test_node' => {} } }) do
+        with_cmd_runner_mocked [
+          ['ssh-keyscan -p 666 my_host.my_domain', proc { [0, "my_host.my_domain ssh-rsa fake_host_key\n", ''] }]
+        ] do
+          expect(cmdb(:host_keys).get_host_keys(['test_node'], { 'test_node' => { hostname: 'my_host.my_domain', ssh_port: 666 } })).to eq('test_node' => ['ssh-rsa fake_host_key'])
+        end
+      end
+    end
+
     it 'returns host keys when host_ip is set' do
       with_test_platform({ nodes: { 'test_node' => {} } }) do
         with_cmd_runner_mocked [
-          ['ssh-keyscan 192.168.42.42', proc { [0, "192.168.42.42 ssh-rsa fake_host_key\n", ''] }]
+          ['ssh-keyscan -p 22 192.168.42.42', proc { [0, "192.168.42.42 ssh-rsa fake_host_key\n", ''] }]
         ] do
           expect(cmdb(:host_keys).get_host_keys(['test_node'], { 'test_node' => { host_ip: '192.168.42.42' } })).to eq('test_node' => ['ssh-rsa fake_host_key'])
         end
@@ -37,7 +47,7 @@ describe HybridPlatformsConductor::NodesHandler do
     it 'returns several host keys' do
       with_test_platform({ nodes: { 'test_node' => {} } }) do
         with_cmd_runner_mocked [
-          ['ssh-keyscan 192.168.42.42', proc do
+          ['ssh-keyscan -p 22 192.168.42.42', proc do
             [0, <<~EO_STDOUT, '']
               192.168.42.42 ssh-rsa fake_host_key_rsa
               192.168.42.42 ssh-ed25519 fake_host_key_ed25519
@@ -55,7 +65,7 @@ describe HybridPlatformsConductor::NodesHandler do
     it 'returns several host keys and ignores comments from ssh-keyscan' do
       with_test_platform({ nodes: { 'test_node' => {} } }) do
         with_cmd_runner_mocked [
-          ['ssh-keyscan 192.168.42.42', proc do
+          ['ssh-keyscan -p 22 192.168.42.42', proc do
             [0, <<~EO_STDOUT, '']
               # That's a comment
               192.168.42.42 ssh-rsa fake_host_key_rsa
@@ -78,7 +88,7 @@ describe HybridPlatformsConductor::NodesHandler do
     it 'returns host keys sorted' do
       with_test_platform({ nodes: { 'test_node' => {} } }) do
         with_cmd_runner_mocked [
-          ['ssh-keyscan 192.168.42.42', proc do
+          ['ssh-keyscan -p 22 192.168.42.42', proc do
             [0, <<~EO_STDOUT, '']
               192.168.42.42 ssh-dsa fake_host_key_dsa
               192.168.42.42 ssh-rsa fake_host_key_rsa
@@ -100,7 +110,7 @@ describe HybridPlatformsConductor::NodesHandler do
     it 'does not return host keys when ssh-keyscan can\'t retrieve them' do
       with_test_platform({ nodes: { 'test_node' => {} } }) do
         with_cmd_runner_mocked [
-          ['ssh-keyscan 192.168.42.42', proc { [0, '', ''] }]
+          ['ssh-keyscan -p 22 192.168.42.42', proc { [0, '', ''] }]
         ] do
           expect(cmdb(:host_keys).get_host_keys(['test_node'], { 'test_node' => { host_ip: '192.168.42.42' } })).to eq({})
         end
@@ -119,9 +129,9 @@ describe HybridPlatformsConductor::NodesHandler do
         }
       ) do
         with_cmd_runner_mocked [
-          ['ssh-keyscan 192.168.42.1', proc { [0, "192.168.42.1 ssh-rsa fake_host_key_1\n", ''] }],
-          ['ssh-keyscan 192.168.42.2', proc { [0, '', ''] }],
-          ['ssh-keyscan my_host_4.my_domain', proc { [0, "my_host_4.my_domain ssh-rsa fake_host_key_4\n", ''] }]
+          ['ssh-keyscan -p 22 192.168.42.1', proc { [0, "192.168.42.1 ssh-rsa fake_host_key_1\n", ''] }],
+          ['ssh-keyscan -p 22 192.168.42.2', proc { [0, '', ''] }],
+          ['ssh-keyscan -p 22 my_host_4.my_domain', proc { [0, "my_host_4.my_domain ssh-rsa fake_host_key_4\n", ''] }]
         ] do
           expect(
             cmdb(:host_keys).get_host_keys(
@@ -141,6 +151,35 @@ describe HybridPlatformsConductor::NodesHandler do
       end
     end
 
+    it 'returns different host keys for hosts having the same IPs but different SSH ports' do
+      with_test_platform(
+        {
+          nodes: {
+            'test_node1' => {},
+            'test_node2' => {}
+          }
+        }
+      ) do
+        with_cmd_runner_mocked [
+          ['ssh-keyscan -p 6661 192.168.42.1', proc { [0, "192.168.42.1 ssh-rsa fake_host_key_1\n", ''] }],
+          ['ssh-keyscan -p 6662 192.168.42.1', proc { [0, "192.168.42.1 ssh-rsa fake_host_key_2\n", ''] }]
+        ] do
+          expect(
+            cmdb(:host_keys).get_host_keys(
+              ['test_node'],
+              {
+                'test_node1' => { host_ip: '192.168.42.1', ssh_port: 6661 },
+                'test_node2' => { host_ip: '192.168.42.1', ssh_port: 6662 }
+              }
+            )
+          ).to eq(
+            'test_node1' => ['ssh-rsa fake_host_key_1'],
+            'test_node2' => ['ssh-rsa fake_host_key_2']
+          )
+        end
+      end
+    end
+
   end
 
 end

data/spec/hybrid_platforms_conductor_test/api/platform_handlers/serverless_chef/services_deployment_spec.rb

@@ -46,7 +46,7 @@ describe HybridPlatformsConductor::HpcPlugins::PlatformHandler::ServerlessChef d
           remote_bash: [
             'set -e',
             'set -o pipefail',
-            "if [ -n \"$(command -v apt)\" ]; then #{sudo}apt update && #{sudo}apt install -y curl build-essential ; else #{sudo}yum groupinstall 'Development Tools' && #{sudo}yum install -y curl ; fi",
+            "if [ -n \"$(command -v apt)\" ]; then #{sudo}apt update && #{sudo}apt install -y curl build-essential expect ; else #{sudo}yum groupinstall 'Development Tools' && #{sudo}yum install -y curl expect ; fi",
             'mkdir -p ./hpc_deploy',
             'rm -rf ./hpc_deploy/tmp',
             'mkdir -p ./hpc_deploy/tmp',
@@ -57,16 +57,22 @@ describe HybridPlatformsConductor::HpcPlugins::PlatformHandler::ServerlessChef d
         },
         {
           scp: { "#{repository}/dist/#{env}/#{policy}" => './hpc_deploy' },
-          remote_bash: [
-            'set -e',
-            "cd ./hpc_deploy/#{policy}"
-          ] +
-            gems_install_cmds.map { |gem_install_cmd| "#{sudo}SSL_CERT_DIR=/etc/ssl/certs /opt/chef/embedded/bin/#{gem_install_cmd}" } +
-            [
-              "#{sudo}SSL_CERT_DIR=/etc/ssl/certs /opt/chef/bin/chef-client --local-mode --chef-license accept --json-attributes nodes/#{node}.json#{check_mode ? ' --why-run' : ''}",
-              'cd ..',
-              "#{sudo}rm -rf ./hpc_deploy/#{policy}"
-            ]
+          remote_bash: {
+            commands: [
+              'set -e',
+              "cd ./hpc_deploy/#{policy}"
+            ] +
+              gems_install_cmds.map { |gem_install_cmd| "#{sudo}/opt/chef/embedded/bin/#{gem_install_cmd}" } +
+              [
+                "#{sudo}unbuffer /opt/chef/bin/chef-client --local-mode --chef-license accept --json-attributes nodes/#{node}.json#{check_mode ? ' --why-run' : ''}",
+                'cd ..',
+                "#{sudo}rm -rf ./hpc_deploy/#{policy}"
+              ],
+            env: {
+              'SSL_CERT_DIR' => '/etc/ssl/certs',
+              'TERM' => 'xterm-256color'
+            }
+          }
         }
       ]
     end
@@ -256,6 +262,44 @@ describe HybridPlatformsConductor::HpcPlugins::PlatformHandler::ServerlessChef d
 
     end
 
+    context 'with a platform having 1 local node' do
+
+      it 'returns actions to deploy on this node' do
+        with_serverless_chef_platforms('1_local_node') do |platform, repository|
+          mock_package(repository)
+          platform.prepare_for_deploy(
+            services: { 'node' => %w[test_policy] },
+            secrets: {},
+            local_environment: false,
+            why_run: false
+          )
+          with_cmd_runner_mocked [
+            ['whoami', proc { [0, 'test_user', ''] }]
+          ] do
+            expect(platform.actions_to_deploy_on('node', 'test_policy', use_why_run: false)).to eq expected_actions_to_deploy_chef(repository)
+          end
+        end
+      end
+
+      it 'returns actions to deploy on this node as root' do
+        with_serverless_chef_platforms('1_local_node') do |platform, repository|
+          mock_package(repository)
+          platform.prepare_for_deploy(
+            services: { 'node' => %w[test_policy] },
+            secrets: {},
+            local_environment: false,
+            why_run: false
+          )
+          with_cmd_runner_mocked [
+            ['whoami', proc { [0, 'root', ''] }]
+          ] do
+            expect(platform.actions_to_deploy_on('node', 'test_policy', use_why_run: false)).to eq expected_actions_to_deploy_chef(repository, sudo: '')
+          end
+        end
+      end
+
+    end
+
     context 'with a platform having several nodes' do
 
       it 'deploys services declared on 1 node on another node if asked' do
@@ -285,7 +329,9 @@ describe HybridPlatformsConductor::HpcPlugins::PlatformHandler::ServerlessChef d
               bash: [
                 'set -e',
                 "cd #{repository}/dist/prod/test_policy_1",
-                'sudo SSL_CERT_DIR=/etc/ssl/certs /opt/chef-workstation/bin/chef-client --local-mode --chef-license accept --json-attributes nodes/local.json'
+                'export SSL_CERT_DIR=/etc/ssl/certs',
+                'export TERM=xterm-256color',
+                'sudo -E /opt/chef-workstation/bin/chef-client --local-mode --chef-license accept --json-attributes nodes/local.json'
               ]
             }
           ]
@@ -314,10 +360,12 @@ describe HybridPlatformsConductor::HpcPlugins::PlatformHandler::ServerlessChef d
               bash: [
                 'set -e',
                 "cd #{repository}/dist/prod/test_policy_1",
-                'sudo SSL_CERT_DIR=/etc/ssl/certs /opt/chef-workstation/bin/chef gem install my_gem_1 --version "0.0.1"',
-                'sudo SSL_CERT_DIR=/etc/ssl/certs /opt/chef-workstation/bin/chef gem install my_gem_2 --version "0.0.2"',
-                'sudo SSL_CERT_DIR=/etc/ssl/certs /opt/chef-workstation/bin/chef gem install my_gem_3 --version "~> 1.3"',
-                'sudo SSL_CERT_DIR=/etc/ssl/certs /opt/chef-workstation/bin/chef-client --local-mode --chef-license accept --json-attributes nodes/local.json'
+                'export SSL_CERT_DIR=/etc/ssl/certs',
+                'export TERM=xterm-256color',
+                'sudo -E /opt/chef-workstation/bin/chef gem install my_gem_1 --version "0.0.1"',
+                'sudo -E /opt/chef-workstation/bin/chef gem install my_gem_2 --version "0.0.2"',
+                'sudo -E /opt/chef-workstation/bin/chef gem install my_gem_3 --version "~> 1.3"',
+                'sudo -E /opt/chef-workstation/bin/chef-client --local-mode --chef-license accept --json-attributes nodes/local.json'
               ]
             }
           ]

data/spec/hybrid_platforms_conductor_test/helpers/connector_ssh_helpers.rb

@@ -11,6 +11,7 @@ module HybridPlatformsConductorTest
       # * *nodes_connections* (Hash<String, Hash<Symbol,Object> >): Nodes' connections info, per node name:
       #   * *connection* (String): Connection string (fqdn, IP...) used by SSH
       #   * *ip* (String): IP used by SSH (can be different from connection in case of transformed SSH) [default: connection]
+      #   * *port* (Integer): SSH port used [default: 22]
       #   * *user* (String): User used by SSH
       #   * *times* (Integer): Number of times this connection should be used [default: 1]
       #   * *control_master_create_error* (String or nil): Error to simulate during the SSH ControlMaster creation, or nil for none [default: nil]
@@ -37,6 +38,7 @@ module HybridPlatformsConductorTest
       )
         nodes_connections.map do |node, node_connection_info|
           node_connection_info[:times] = 1 unless node_connection_info.key?(:times)
+          node_connection_info[:port] = 22 unless node_connection_info.key?(:port)
           ssh_commands_once = []
           ssh_commands_per_connection = []
           if with_strict_host_key_checking
@@ -44,7 +46,7 @@ module HybridPlatformsConductorTest
             ssh_commands_once.concat(
               [
                 [
-                  "ssh-keyscan #{ip}",
+                  "ssh-keyscan -p #{node_connection_info[:port]} #{ip}",
                   proc { [0, "#{ip} ssh-rsa fake_host_key_for_#{ip}", ''] }
                 ]
               ]
@@ -67,7 +69,7 @@ module HybridPlatformsConductorTest
                 %r{^xterm -e '.+/ssh -o ControlMaster=yes -o ControlPersist=yes hpc\.#{Regexp.escape(node)}'$}
               end,
               proc do
-                control_file = test_actions_executor.connector(:ssh).send(:control_master_file, node_connection_info[:connection], '22', node_connection_info[:user])
+                control_file = test_actions_executor.connector(:ssh).send(:control_master_file, node_connection_info[:connection], node_connection_info[:port].to_s, node_connection_info[:user])
                 # Fail if the ControlMaster file already exists, as would SSH do if the file is stalled
                 if File.exist?(control_file)
                   [255, '', "Control file #{control_file} already exists"]
@@ -97,7 +99,7 @@ module HybridPlatformsConductorTest
               %r{^.+/ssh -O exit hpc\.#{Regexp.escape(node)} 2>&1 \| grep -v 'Exit request sent\.'$},
               proc do
                 # Really mock the control file deletion
-                File.unlink(test_actions_executor.connector(:ssh).send(:control_master_file, node_connection_info[:connection], '22', node_connection_info[:user]))
+                File.unlink(test_actions_executor.connector(:ssh).send(:control_master_file, node_connection_info[:connection], node_connection_info[:port].to_s, node_connection_info[:user]))
                 [1, '', '']
               end,
               { optional: with_control_master_destroy_optional }

data/spec/hybrid_platforms_conductor_test/serverless_chef_repositories/1_local_node/chef_versions.yml

@@ -0,0 +1,3 @@
+---
+workstation: '21.5'
+client: '17.0'

data/spec/hybrid_platforms_conductor_test/serverless_chef_repositories/1_local_node/nodes/node.json

@@ -0,0 +1,15 @@
+{
+  "name": "node",
+  "normal": {
+    "description": "Single test node",
+    "image": "debian_9",
+    "private_ips": ["172.16.0.1"],
+    "local_node": true,
+    "property_1": {
+      "property_11": "value11"
+    },
+    "property_2": "value2"
+  },
+  "policy_name": "test_policy",
+  "policy_group": "test_group"
+}

data/spec/hybrid_platforms_conductor_test/serverless_chef_repositories/1_local_node/policyfiles/test_policy.rb

@@ -0,0 +1,3 @@
+name File.basename(__FILE__, '.rb')
+default_source :supermarket
+run_list 'recipe[test_cookbook]'

data/spec/hybrid_platforms_conductor_test/shared_examples/deployer.rb

@@ -46,6 +46,30 @@ shared_examples 'a deployer' do
     end
   end
 
+  it 'deploys on 1 local node' do
+    with_platform_to_deploy(nodes_info: { nodes: { 'node' => { meta: { local_node: true }, services: %w[service] } } }) do
+      # Make sure the ssh_user is ignored in this case
+      test_actions_executor.connector(:ssh).ssh_user = 'root'
+      with_cmd_runner_mocked [
+        ['whoami', proc { [0, 'test_user', ''] }]
+      ] do
+        expect(test_deployer.deploy_on('node')).to eq('node' => expected_deploy_result)
+      end
+    end
+  end
+
+  it 'deploys on 1 local node as root' do
+    with_platform_to_deploy(nodes_info: { nodes: { 'node' => { meta: { local_node: true }, services: %w[service] } } }, expect_sudo: nil) do
+      # Make sure the ssh_user is ignored in this case
+      test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+      with_cmd_runner_mocked [
+        ['whoami', proc { [0, 'root', ''] }]
+      ] do
+        expect(test_deployer.deploy_on('node')).to eq('node' => expected_deploy_result)
+      end
+    end
+  end
+
   it 'deploys on 1 node using 1 secret' do
     with_platform_to_deploy(expect_secrets: { 'secret1' => 'password1' }) do
       test_deployer.override_secrets('secret1' => 'password1')
@@ -137,6 +161,61 @@ shared_examples 'a deployer' do
     end
   end
 
+  it 'deploys on 1 local node in local environment with certificates to install using hpc_certificates on Debian' do
+    with_certs_dir do |certs_dir|
+      with_platform_to_deploy(
+        nodes_info: { nodes: { 'node' => { meta: { local_node: true, image: 'debian_9' }, services: %w[service] } } },
+        expect_local_environment: true,
+        expect_additional_actions: [
+          { remote_bash: 'sudo -u root apt update && sudo -u root apt install -y ca-certificates' },
+          {
+            remote_bash: 'sudo -u root update-ca-certificates',
+            scp: {
+              certs_dir => '/usr/local/share/ca-certificates',
+              :sudo => true
+            }
+          }
+        ]
+      ) do
+        ENV['hpc_certificates'] = certs_dir
+        test_deployer.local_environment = true
+        with_cmd_runner_mocked [
+          ['whoami', proc { [0, 'test_user', ''] }]
+        ] do
+          expect(test_deployer.deploy_on('node')).to eq('node' => expected_deploy_result)
+        end
+      end
+    end
+  end
+
+  it 'deploys on 1 local node in local environment with certificates to install using hpc_certificates on Debian as root' do
+    with_certs_dir do |certs_dir|
+      with_platform_to_deploy(
+        nodes_info: { nodes: { 'node' => { meta: { local_node: true, image: 'debian_9' }, services: %w[service] } } },
+        expect_sudo: nil,
+        expect_local_environment: true,
+        expect_additional_actions: [
+          { remote_bash: 'apt update && apt install -y ca-certificates' },
+          {
+            remote_bash: 'update-ca-certificates',
+            scp: {
+              certs_dir => '/usr/local/share/ca-certificates',
+              :sudo => false
+            }
+          }
+        ]
+      ) do
+        ENV['hpc_certificates'] = certs_dir
+        test_deployer.local_environment = true
+        with_cmd_runner_mocked [
+          ['whoami', proc { [0, 'root', ''] }]
+        ] do
+          expect(test_deployer.deploy_on('node')).to eq('node' => expected_deploy_result)
+        end
+      end
+    end
+  end
+
   it 'deploys on 1 node with certificates to install using hpc_certificates on CentOS' do
     with_certs_dir do |certs_dir|
       with_platform_to_deploy(
@@ -212,6 +291,61 @@ shared_examples 'a deployer' do
     end
   end
 
+  it 'deploys on 1 local node with certificates to install using hpc_certificates on CentOS' do
+    with_certs_dir do |certs_dir|
+      with_platform_to_deploy(
+        nodes_info: { nodes: { 'node' => { meta: { local_node: true, image: 'centos_7' }, services: %w[service] } } },
+        expect_local_environment: true,
+        expect_additional_actions: [
+          { remote_bash: 'sudo -u root yum install -y ca-certificates' },
+          {
+            remote_bash: ['sudo -u root update-ca-trust enable', 'sudo -u root update-ca-trust extract'],
+            scp: {
+              "#{certs_dir}/test_cert.crt" => '/etc/pki/ca-trust/source/anchors',
+              :sudo => true
+            }
+          }
+        ]
+      ) do
+        ENV['hpc_certificates'] = certs_dir
+        test_deployer.local_environment = true
+        with_cmd_runner_mocked [
+          ['whoami', proc { [0, 'test_user', ''] }]
+        ] do
+          expect(test_deployer.deploy_on('node')).to eq('node' => expected_deploy_result)
+        end
+      end
+    end
+  end
+
+  it 'deploys on 1 local node with certificates to install using hpc_certificates on CentOS as root' do
+    with_certs_dir do |certs_dir|
+      with_platform_to_deploy(
+        nodes_info: { nodes: { 'node' => { meta: { local_node: true, image: 'centos_7' }, services: %w[service] } } },
+        expect_sudo: nil,
+        expect_local_environment: true,
+        expect_additional_actions: [
+          { remote_bash: 'yum install -y ca-certificates' },
+          {
+            remote_bash: ['update-ca-trust enable', 'update-ca-trust extract'],
+            scp: {
+              "#{certs_dir}/test_cert.crt" => '/etc/pki/ca-trust/source/anchors',
+              :sudo => false
+            }
+          }
+        ]
+      ) do
+        ENV['hpc_certificates'] = certs_dir
+        test_deployer.local_environment = true
+        with_cmd_runner_mocked [
+          ['whoami', proc { [0, 'root', ''] }]
+        ] do
+          expect(test_deployer.deploy_on('node')).to eq('node' => expected_deploy_result)
+        end
+      end
+    end
+  end
+
   it 'deploys on several nodes' do
     with_platform_to_deploy(
       nodes_info: {