atex 0.8__py3-none-any.whl → 0.10__py3-none-any.whl

atex/provision/libvirt/__init__.py

@@ -1,24 +0,0 @@
-from .. import base
-from ... import util, ssh
-
-
-class LibvirtProvisioner(base.Provisioner):
-    number = 123
-
-    def reserve(self):
-        util.debug(f"reserving {self.number}")
-
-    # TODO: as simple attribute, to be guaranteed set when reserve() returns,
-    #       can be overriden by a getter function if you need to keep track
-    #       how many times it was accessed
-    def connection(self):
-        #return {"Hostname": "1.2.3.4", "User": "root", "IdentityFile": ...}
-        util.debug(f"returning ssh for {self.number}")
-        return ssh.SSHConn({"Hostname": "1.2.3.4", "User": "root"})
-
-    def release(self):
-        util.debug(f"releasing {self.number}")
-
-    def alive(self):
-        util.debug(f"always alive: {self.number}")
-        return True

atex/provision/podman/README

@@ -1,59 +0,0 @@
-
-making a podman image from the currently installed OS:
-
-1) dnf install into a separate installroot
-
-dnf
-    --installroot=$INSTALLROOT \
-    --setopt=install_weak_deps=False \
-    --setopt=tsflags=nodocs \
-    -y groupinstall minimal-environment
-
-as root (doesn't work well with unshare, maybe could work via bwrap (bubblewrap))
-
-maybe the unprivileged solution is pulling image from hub + installing @minimal-environment
-into it (perhaps via podman build)
-
-
-2) post process it
-
-echo -n > "$INSTALLROOT/etc/machine-id"
-echo container > "$INSTALLROOT/etc/hostname"
-
-rm -rf "$INSTALLROOT/etc/yum.repos.d"
-cp -f /etc/yum.repos.d/* "$INSTALLROOT/etc/yum.repos.d/."
-cp -f /etc/pki/rpm-gpg/* "$INSTALLROOT/etc/pki/rpm-gpg/."
-
-echo install_weak_deps=False >> "$INSTALLROOT/etc/dnf/dnf.conf"
-echo tsflags=nodocs >> "$INSTALLROOT/etc/dnf/dnf.conf"
-
-ln -sf \
-    /usr/lib/systemd/system/multi-user.target \
-    "$INSTALLROOT/etc/systemd/system/default.target"
-
-# disable auditd
-# disable other services
-# set root password
-
-dnf clean all --installroot="$INSTALLROOT"
-
-
-3) pack it
-
-tar --xattrs -C "$INSTALLROOT" -cvf tarball.tar .
-
-rm -rf "$INSTALLROOT"
-
-
-4) import it to podman
-
-podman import --change 'CMD ["/sbin/init"]' tarball.tar my-image-name
-
-
-5) run it
-
-podman {run,create} --systemd=always --cgroups=split ...
-
-
-
-------------------------------

atex/provision/podman/host_container.sh

@@ -1,74 +0,0 @@
-#!/bin/bash
-
-if [[ $# -lt 1 ]]; then
-    echo "usage: $0 <podman-image-name>" >&2
-    exit 1
-fi
-image_name="$1"
-
-set -e -x
-
-tmpdir=$(mktemp -d -p /var/tmp)
-trap "rm -rf '$tmpdir'" EXIT
-
-installroot="$tmpdir/root"
-
-dnf \
-    --installroot="$installroot" \
-    --setopt=install_weak_deps=False \
-    --setopt=tsflags=nodocs \
-    -q -y groupinstall minimal-environment
-
-echo -n > "$installroot/etc/machine-id"
-#echo container > "$installroot/etc/hostname"
-
-cp -f /etc/yum.repos.d/* "$installroot/etc/yum.repos.d/."
-cp -f /etc/pki/rpm-gpg/* "$installroot/etc/pki/rpm-gpg/."
-
-echo install_weak_deps=False >> "$installroot/etc/dnf/dnf.conf"
-echo tsflags=nodocs >> "$installroot/etc/dnf/dnf.conf"
-
-ln -sf \
-    /usr/lib/systemd/system/multi-user.target \
-    "$installroot/etc/systemd/system/default.target"
-
-systemctl --root="$installroot" disable \
-    auditd.service crond.service rhsmcertd.service sshd.service
-
-#encrypted=$(openssl passwd -6 somepass)
-#usermod --root="$installroot" --password "$encrypted" root
-
-dnf clean packages --installroot="$installroot"
-
-tar --xattrs -C "$installroot" -cf "$tmpdir/packed.tar" .
-
-rm -rf "$installroot"
-
-podman import \
-    --change 'CMD ["/sbin/init"]' \
-    "$tmpdir/packed.tar" "$image_name"
-
-# start as
-# podmn {run,create} --systemd=always --cgroups=split --device /dev/kvm ...
-#
-# podman run -t -i \
-#   --systemd=always --cgroups=split \
-#   --device /dev/kvm \
-#   --network=bridge \
-#   --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_MODULE \
-#   --mount type=bind,src=/lib/modules,dst=/lib/modules,ro \
-#   --mount type=bind,src=/proc/sys/net,dst=/proc/sys/net,rw \
-#   my_container
-#
-# as unprivileged user:
-# podman run -t -i \
-#   --systemd=always --cgroups=split --network=bridge --privileged \
-#   my_container
-#
-# container setup:
-# dnf -y install libvirt-daemon qemu-kvm libvirt-client libvirt-daemon-driver-qemu virt-install libvirt-daemon-driver-storage libvirt-daemon-config-network
-# echo $'user = "root"\ngroup = "root"\nremember_owner = 0' >> /etc/libvirt/qemu.conf
-# systemctl start virtqemud.socket virtstoraged.socket virtnetworkd.socket
-# virsh net-start default
-# virt-install --install fedora40 --disk /var/lib/libvirt/images/foo.qcow2,size=20 --console pty --check disk_size=off --unattended --graphics none
-

atex-0.8.dist-info/METADATA

@@ -1,197 +0,0 @@
-Metadata-Version: 2.4
-Name: atex
-Version: 0.8
-Summary: Ad-hoc Test EXecutor
-Project-URL: Homepage, https://github.com/RHSecurityCompliance/atex
-License-Expression: GPL-3.0-or-later
-License-File: COPYING.txt
-Classifier: Operating System :: POSIX :: Linux
-Classifier: Programming Language :: Python :: 3
-Classifier: Topic :: Software Development :: Testing
-Requires-Python: >=3.11
-Requires-Dist: fmf>=1.6
-Requires-Dist: urllib3<3,>=2
-Description-Content-Type: text/markdown
-
-# ATEX = Ad-hoc Test EXecutor
-
-A collections of Python APIs to provision operating systems, collect
-and execute [FMF](https://github.com/teemtee/fmf/)-style tests, gather
-and organize their results and generate reports from those results.
-
-The name comes from a (fairly unique to FMF/TMT ecosystem) approach that
-allows provisioning a pool of systems and scheduling tests on them as one would
-on an ad-hoc pool of thread/process workers - once a worker becomes free,
-it receives a test to run.  
-This is in contrast to splitting a large list of N tests onto M workers
-like N/M, which yields significant time penalties due to tests having
-very varies runtimes.
-
-Above all, this project is meant to be a toolbox, not a silver-plate solution.
-Use its Python APIs to build a CLI tool for your specific use case.  
-The CLI tool provided here is just for demonstration / testing, not for serious
-use - we want to avoid huge modular CLIs for Every Possible Scenario. That's
-the job of the Python API. Any CLI should be simple by nature.
-
----
-
-THIS PROJECT IS HEAVILY WIP, THINGS WILL MOVE AROUND, CHANGE AND OTHERWISE
-BREAK. DO NOT USE IT (for now).
-
----
-
-## License
-
-Unless specified otherwise, any content within this repository is distributed
-under the GNU GPLv3 license, see the [COPYING.txt](COPYING.txt) file for more.
-
-## Parallelism and cleanup
-
-There are effectively 3 methods of running things in parallel in Python:
-
-- `threading.Thread` (and related `concurrent.futures` classes)
-- `multiprocessing.Process` (and related `concurrent.futures` classes)
-- `asyncio`
-
-and there is no clear winner (in terms of cleanup on `SIGTERM` or Ctrl-C):
-
-- `Thread` has signal handlers only in the main thread and is unable to
-  interrupt any running threads without super ugly workarounds like `sleep(1)`
-  in every thread, checking some "pls exit" variable
-- `Process` is too heavyweight and makes sharing native Python objects hard,
-  but it does handle signals in each process individually
-- `asyncio` handles interrupting perfectly (every `try`/`except`/`finally`
-  completes just fine, `KeyboardInterrupt` is raised in every async context),
-  but async python is still (3.14) too weird and unsupported
-  - `asyncio` effectively re-implements `subprocess` with a slightly different
-    API, same with `asyncio.Transport` and derivatives reimplementing `socket`
-  - 3rd party libraries like `requests` or `urllib3` don't support it, one needs
-    to resort to spawning these in separate threads anyway
-  - same with `os.*` functions and syscalls
-  - every thing exposed via API needs to have 2 copies - async and non-async,
-    making it unbearable
-  - other stdlib bugs, ie. "large" reads returning BlockingIOError sometimes
-
-The approach chosen by this project was to use `threading.Thread`, and
-implement thread safety for classes and their functions that need it.  
-For example:
-
-```python
-class MachineReserver:
-    def __init__(self):
-        self.lock = threading.RLock()
-        self.job = None
-        self.proc = None
-
-    def reserve(self, ...):
-        try:
-            ...
-            job = schedule_new_job_on_external_service()
-            with self.lock:
-                self.job = job
-            ...
-            while not reserved(self.job):
-                time.sleep(60)
-            ...
-            with self.lock:
-                self.proc = subprocess.Popen(["ssh", f"{user}@{host}", ...)
-            ...
-            return machine
-        except Exception:
-            self.abort()
-            raise
-
-    def abort(self):
-        with self.lock:
-            if self.job:
-                cancel_external_service(self.job)
-                self.job = None
-            if self.proc:
-                self.proc.kill()
-                self.proc = None
-```
-
-Here, it is expected for `.reserve()` to be called in a long-running thread that
-provisions a new machine on some external service, waits for it to be installed
-and reserved, connects an ssh session to it and returns it back.
-
-But equally, `.abort()` can be called from an external thread and clean up any
-non-pythonic resources (external jobs, processes, temporary files, etc.) at
-which point **we don't care what happens to .reserve()**, it will probably fail
-with some exception, but doesn't do any harm.
-
-Here is where `daemon=True` threads come in handy - we can simply call `.abort()`
-from a `KeyboardInterrupt` (or `SIGTERM`) handle in the main thread, and just
-exit, automatically killing any leftover threads that are uselessly sleeping.  
-(Realistically, we might want to spawn new threads to run many `.abort()`s in
-parallel, but the main thread can wait for those just fine.)
-
-It is not perfect, but it's probably the best Python can do.
-
-Note that races can still occur between a resource being reserved and written
-to `self.*` for `.abort()` to free, so resource de-allocation is not 100%
-guaranteed, but single-threaded interrupting has the same issue.  
-Do have fallbacks (ie. max reserve times on the external service).
-
-Also note that `.reserve()` and `.abort()` could be also called by a context
-manager as `__enter__` and `__exit__`, ie. by a non-threaded caller (running
-everything in the main thread).
-
-
-## Unsorted notes
-
-TODO: codestyle from contest
-
-```
-- this is not tmt, the goal is to make a python toolbox *for* making runcontest
-  style tools easily, not to replace those tools with tmt-style CLI syntax
-
-  - the whole point is to make usecase-targeted easy-to-use tools that don't
-    intimidate users with 1 KB long command line, and runcontest is a nice example
-
-  - TL;DR - use a modular pythonic approach, not a modular CLI like tmt
-
-
-- Orchestrator with
-  - add_provisioner(<class>, max_workers=1)   # will instantiate <class> at most max_workers at a time
-  - algo
-    - for all provisioner classes, spawns classes*max_workers as new Threads
-    - waits for any .reserve() to return
-    - creates a new Thread for minitmt, gives it p.get_ssh() details
-      - minitmt will
-        - establish a SSHConn
-        - install test deps, copy test repo over, prepare socket dir on SUT, etc.
-        - run the test in the background as
-            f=os.open('some/test/log', os.WRONLY); subprocess.Popen(..., stdout=f, stderr=f, stdin=subprocess.DEVNULL)
-        - read/process Unix sock results in the foreground, non-blocking,
-          probably calling some Orchestrator-provided function to store results persistently
-        - regularly check Popen proc status, re-accept UNIX sock connection, etc., etc.
-      - minitmt also has some Thread-independent way to .cancel(), killing the proc, closing SSHConn, etc.
-
-  - while waiting for minitmt Threads to finish, to re-assign existing Provisioner instances
-    to new minitmt Threads, .. Orchestrator uses some logic to select, which TestRun
-    would be ideal to run next
-    - TestRun probably has some "fitness" function that returns some priority number
-      when given a Provisioner instance (?) ...
-    - something from minitmt would also have access to the Provisioner instance
-    - the idea is to allow some logic to set "hey I set up nested VM snapshot on this thing"
-      on the Provisioner instance, and if another /hardening/oscap TestRun finds
-      a Provisioner instance like that, it would return high priority
-    - ...
-    - similar to "fitness" like function, we need some "applicability" function
-      - if TestRun is mixed to RHEL-9 && x86_64, we need it to return True
-        for a Provisioner instance that provides RHEL-9 and x86_64, but False otherwise
-
-- basically Orchestrator has
-  - .add_provisioner()
-  - .run_test()  # called with an exclusively-borrowed Provisioner instance
-    - if Provisioner is_alive()==False after .run_test(), instantiate a new one from the same inst.__class__
-    - if test failed and reruns > 0, try run_test() again (or maybe re-queue the test)
-  - .output_result()  # called by run_test() to persistently log a test result
-  - .applicable()  # return True if a passed TestRun is meant for a passed Platform (Provisioner?)
-    - if no TestRun returns True, the Provisioner is .release()d because we don't need it anymore
-  - .fitness()    # return -inf / 0 / +inf with how much should a passed TestRun run on a Provisioner
-  - MAYBE combine applicable() and fitness() into one function, next_test() ?
-    - given the free Provisioner and a list of TestRuns, select which should run next on the Provisioner
-      - if none is chosen, .release() the Provisioner without replacement, continue
-```

atex-0.8.dist-info/RECORD

@@ -1,37 +0,0 @@
-atex/__init__.py,sha256=LdX67gprtHYeAkjLhFPKzpc7ECv2rHxUbHKDGbGXO1c,517
-atex/fmf.py,sha256=ofbrJx2362qHAxERS-WulK4TMpbp0C4HQ-Js917Ll9w,7871
-atex/cli/__init__.py,sha256=erHv68SsybRbdgJ60013y9jVqY1ec-cb9T9ThPCJ_HY,2408
-atex/cli/fmf.py,sha256=5DbA-3rfbFZ41fJ5z7Tiz5FmuZhXNC7gRAQfIGX7pXc,2516
-atex/cli/testingfarm.py,sha256=wdN26TE9jZ0ozet-JBQQgIcRi0WIV3u_i-7_YYi_SUg,7248
-atex/connection/__init__.py,sha256=xFwGOvlFez1lIt1AD6WXgEEIbsF22pSpQFv41GEAGAI,3798
-atex/connection/ssh.py,sha256=vrrSfVdQoz5kWiZbiPuM8KGneMl2Tlb0VeJIHTFSSYs,13626
-atex/executor/__init__.py,sha256=XCfhi7QDELjey7N1uzhMjc46Kp1Jsd5bOCf52I27SCE,85
-atex/executor/duration.py,sha256=x06sItKOZi6XA8KszQwZGpIb1Z_L-HWqIwZKo2SDo0s,1759
-atex/executor/executor.py,sha256=QYYSlEfBZIm95NhM1gwd2ROeshSAavYu2DP_4TTHlQs,14770
-atex/executor/reporter.py,sha256=nW_Uls3R4Ev80a2ZNJl3nxAYrcYhXk5Cy9nAUMlYPrc,3326
-atex/executor/scripts.py,sha256=yE4Lbfu-TPkBcB5t15-t-tF79H8pBJWbWP6MKRSvKsw,5356
-atex/executor/testcontrol.py,sha256=-rfihfE6kryIGurFrHBPSS8ANaIJkzX-zfpOO8To-9o,12204
-atex/orchestrator/__init__.py,sha256=eF-6ix5rFEu85fBFzgSdTYau7bNTkIQndAU7QqeI-FA,105
-atex/orchestrator/aggregator.py,sha256=5-8nHVeW6kwImoEYOsQqsx6UBdbKc5xuj6qlg7dtOF8,3642
-atex/orchestrator/orchestrator.py,sha256=tQu_d8_9y3rOLHskb694NJKNvxplQWAZ2R452Sy3AXw,12056
-atex/provision/__init__.py,sha256=2d_hRVPxXF5BVbQ_Gn1OR-F2xuqRn8O0yyVbvSrtTIg,4043
-atex/provision/libvirt/VM_PROVISION,sha256=7pkZ-ozgTyK4qNGC-E-HUznr4IhbosWSASbB72Gknl8,2664
-atex/provision/libvirt/__init__.py,sha256=mAkGtciZsXdR9MVVrjm3OWNXZqTs_33-J1qAszFA0k4,768
-atex/provision/libvirt/setup-libvirt.sh,sha256=CXrEFdrj8CSHXQZCd2RWuRvTmw7QYFTVhZeLuhhXooI,1855
-atex/provision/podman/README,sha256=kgP3vcTfWW9gcQzmXnyucjgWbqjNqm_ZM--pnqNTXRg,1345
-atex/provision/podman/host_container.sh,sha256=buCNz0BlsHY5I64sMSTGQHkvzEK0aeIhpGJXWCQVMXk,2283
-atex/provision/testingfarm/__init__.py,sha256=kZncgLGdRCR4FMaRQr2GTwJ8vjlA-24ri8JO2ueZJuw,113
-atex/provision/testingfarm/api.py,sha256=jiEJhYxMTzRihayceHcnDnGKNZJisYWn2o_TAdCI2Xo,19943
-atex/provision/testingfarm/testingfarm.py,sha256=wp8W3bwOmQdO-UUOdqu_JLtOZTGaNg-wERFfLySwZmI,8587
-atex/util/__init__.py,sha256=cWHFbtQ4mDlKe6lXyPDWRmWJOTcHDGfVuW_-GYa8hB0,1473
-atex/util/dedent.py,sha256=SEuJMtLzqz3dQ7g7qyZzEJ9VYynVlk52tQCJY-FveXo,603
-atex/util/log.py,sha256=KZkuw4jl8YTUOHZ4wNBrfDeg16VpLa82-IZYFHfqwgk,1995
-atex/util/path.py,sha256=x-kXqiWCVodfZWbEwtC5A8LFvutpDIPYv2m0boZSlXU,504
-atex/util/ssh_keygen.py,sha256=9yuSl2yBV7pG3Qfsf9tossVC00nbIUrAeLdbwTykpjk,384
-atex/util/subprocess.py,sha256=IQT9QHe2kMaaO_XPSry-DwObYstGsq6_QdwdbhYDjko,1826
-atex/util/threads.py,sha256=bezDIEIMcQinmG7f5E2K6_mHJQOlwx7W3I9CKkCYAYA,1830
-atex-0.8.dist-info/METADATA,sha256=dvXW146ZvIfyzqPqGbKmhTNScLTZM7C5K0FLrGNGIJ0,8981
-atex-0.8.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-atex-0.8.dist-info/entry_points.txt,sha256=pLqJdcfeyQTgup2h6dWb6SvkHhtOl-W5Eg9zV8moK0o,39
-atex-0.8.dist-info/licenses/COPYING.txt,sha256=oEuj51jdmbXcCUy7pZ-KE0BNcJTR1okudRp5zQ0yWnU,670
-atex-0.8.dist-info/RECORD,,