archive
/
mitogen
mirror of https://github.com/mitogen-hq/mitogen.git
1
0
Fork 0
Code Releases Activity

tests: Support Ubuntu 22.04 as test suite runner (controller)

Browse Source 
To do so the test suite allows a weak cryptographic alogorithm (SHA1) to be
used, principally for CentOS 6 targets. This can be removed if/when support
for older (legacy) targets is dropped.

Only the test suite enables this known weak alogorithm. Mitogen as-shipped
doesn't enable or disable algorithms.
pull/1006/head
Alex Willmer 10 months ago
parent ec212a10d8
commit 270c3a25de
8 changed files with 124 additions and 106 deletions
Show Stats Download Patch File Download Diff File

18
tests/ansible/ansible.cfg
Unescape Escape View File

@ -48,5 +48,21 @@ host_pattern_mismatch = error
task_output_limit = 10
[ssh_connection]
ssh_args = -o UserKnownHostsFile=/dev/null -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s
# https://www.openssh.com/legacy.html
# ssh-rsa uses SHA1. Least worst available with CentOS 7 sshd.
# Rejected by default in newer ssh clients (e.g. Ubuntu 22.04).
# Duplicated cases in
# - tests/ansible/ansible.cfg
# - tests/ansible/integration/connection_delegation/delegate_to_template.yml
# - tests/ansible/integration/connection_delegation/stack_construction.yml
# - tests/ansible/integration/process/unix_socket_cleanup.yml
# - tests/ansible/integration/ssh/variables.yml
# - tests/testlib.py
ssh_args =
-o ControlMaster=auto
-o ControlPersist=60s
-o ForwardAgent=yes
-o HostKeyAlgorithms=+ssh-rsa
-o PubkeyAcceptedKeyTypes=+ssh-rsa
-o UserKnownHostsFile=/dev/null
pipelining = True

28
tests/ansible/integration/connection_delegation/delegate_to_template.yml
Unescape Escape View File

@ -44,14 +44,12 @@
'python_path': ["/usr/bin/python"],
'remote_name': null,
'ssh_args': [
'-o',
'UserKnownHostsFile=/dev/null',
'-o',
'ForwardAgent=yes',
'-o',
'ControlMaster=auto',
'-o',
'ControlPersist=60s',
-o, ControlMaster=auto,
-o, ControlPersist=60s,
-o, ForwardAgent=yes,
-o, HostKeyAlgorithms=+ssh-rsa,
-o, PubkeyAcceptedKeyTypes=+ssh-rsa,
-o, UserKnownHostsFile=/dev/null,
],
'ssh_debug_level': null,
'ssh_path': 'ssh',
@ -74,14 +72,12 @@
'python_path': ["/usr/bin/python"],
'remote_name': null,
'ssh_args': [
'-o',
'UserKnownHostsFile=/dev/null',
'-o',
'ForwardAgent=yes',
'-o',
'ControlMaster=auto',
'-o',
'ControlPersist=60s',
-o, ControlMaster=auto,
-o, ControlPersist=60s,
-o, ForwardAgent=yes,
-o, HostKeyAlgorithms=+ssh-rsa,
-o, PubkeyAcceptedKeyTypes=+ssh-rsa,
-o, UserKnownHostsFile=/dev/null,
],
'ssh_debug_level': null,
'ssh_path': 'ssh',

98
tests/ansible/integration/connection_delegation/stack_construction.yml
Unescape Escape View File

@ -81,14 +81,12 @@
"python_path": ["/usr/bin/python"],
'remote_name': null,
'ssh_args': [
'-o',
'UserKnownHostsFile=/dev/null',
'-o',
'ForwardAgent=yes',
'-o',
'ControlMaster=auto',
'-o',
'ControlPersist=60s',
-o, ControlMaster=auto,
-o, ControlPersist=60s,
-o, ForwardAgent=yes,
-o, HostKeyAlgorithms=+ssh-rsa,
-o, PubkeyAcceptedKeyTypes=+ssh-rsa,
-o, UserKnownHostsFile=/dev/null,
],
'ssh_debug_level': null,
'ssh_path': 'ssh',
@ -126,14 +124,12 @@
"python_path": ["/usr/bin/python"],
'remote_name': null,
'ssh_args': [
'-o',
'UserKnownHostsFile=/dev/null',
'-o',
'ForwardAgent=yes',
'-o',
'ControlMaster=auto',
'-o',
'ControlPersist=60s',
-o, ControlMaster=auto,
-o, ControlPersist=60s,
-o, ForwardAgent=yes,
-o, HostKeyAlgorithms=+ssh-rsa,
-o, PubkeyAcceptedKeyTypes=+ssh-rsa,
-o, UserKnownHostsFile=/dev/null,
],
'ssh_debug_level': null,
'ssh_path': 'ssh',
@ -182,14 +178,12 @@
"python_path": ["/usr/bin/python"],
'remote_name': null,
'ssh_args': [
'-o',
'UserKnownHostsFile=/dev/null',
'-o',
'ForwardAgent=yes',
'-o',
'ControlMaster=auto',
'-o',
'ControlPersist=60s',
-o, ControlMaster=auto,
-o, ControlPersist=60s,
-o, ForwardAgent=yes,
-o, HostKeyAlgorithms=+ssh-rsa,
-o, PubkeyAcceptedKeyTypes=+ssh-rsa,
-o, UserKnownHostsFile=/dev/null,
],
'ssh_debug_level': null,
'ssh_path': 'ssh',
@ -227,14 +221,12 @@
"python_path": ["/usr/bin/python"],
'remote_name': null,
'ssh_args': [
'-o',
'UserKnownHostsFile=/dev/null',
'-o',
'ForwardAgent=yes',
'-o',
'ControlMaster=auto',
'-o',
'ControlPersist=60s',
-o, ControlMaster=auto,
-o, ControlPersist=60s,
-o, ForwardAgent=yes,
-o, HostKeyAlgorithms=+ssh-rsa,
-o, PubkeyAcceptedKeyTypes=+ssh-rsa,
-o, UserKnownHostsFile=/dev/null,
],
'ssh_debug_level': null,
'ssh_path': 'ssh',
@ -257,14 +249,12 @@
"python_path": ["/usr/bin/python"],
'remote_name': null,
'ssh_args': [
'-o',
'UserKnownHostsFile=/dev/null',
'-o',
'ForwardAgent=yes',
'-o',
'ControlMaster=auto',
'-o',
'ControlPersist=60s',
-o, ControlMaster=auto,
-o, ControlPersist=60s,
-o, ForwardAgent=yes,
-o, HostKeyAlgorithms=+ssh-rsa,
-o, PubkeyAcceptedKeyTypes=+ssh-rsa,
-o, UserKnownHostsFile=/dev/null,
],
'ssh_debug_level': null,
'ssh_path': 'ssh',
@ -313,14 +303,12 @@
"python_path": ["/usr/bin/python"],
'remote_name': null,
'ssh_args': [
'-o',
'UserKnownHostsFile=/dev/null',
'-o',
'ForwardAgent=yes',
'-o',
'ControlMaster=auto',
'-o',
'ControlPersist=60s',
-o, ControlMaster=auto,
-o, ControlPersist=60s,
-o, ForwardAgent=yes,
-o, HostKeyAlgorithms=+ssh-rsa,
-o, PubkeyAcceptedKeyTypes=+ssh-rsa,
-o, UserKnownHostsFile=/dev/null,
],
'ssh_debug_level': null,
'ssh_path': 'ssh',
@ -359,14 +347,12 @@
"python_path": ["/usr/bin/python"],
'remote_name': null,
'ssh_args': [
'-o',
'UserKnownHostsFile=/dev/null',
'-o',
'ForwardAgent=yes',
'-o',
'ControlMaster=auto',
'-o',
'ControlPersist=60s',
-o, ControlMaster=auto,
-o, ControlPersist=60s,
-o, ForwardAgent=yes,
-o, HostKeyAlgorithms=+ssh-rsa,
-o, PubkeyAcceptedKeyTypes=+ssh-rsa,
-o, UserKnownHostsFile=/dev/null,
],
'ssh_debug_level': null,
'ssh_path': 'ssh',

2
tests/ansible/integration/process/unix_socket_cleanup.yml
Unescape Escape View File

@ -9,7 +9,7 @@
- shell: >
ANSIBLE_STRATEGY=mitogen_linear
ANSIBLE_SSH_ARGS=""
ANSIBLE_SSH_ARGS="-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"
ansible -m shell -c local -a whoami
{% for inv in ansible_inventory_sources %}
-i "{{ inv }}"

16
tests/ansible/integration/ssh/variables.yml
Unescape Escape View File

@ -17,7 +17,7 @@
shell: >
ANSIBLE_ANY_ERRORS_FATAL=false
ANSIBLE_STRATEGY=mitogen_linear
ANSIBLE_SSH_ARGS=""
ANSIBLE_SSH_ARGS="-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"
ansible -m shell -a whoami
{% for inv in ansible_inventory_sources %}
-i "{{ inv }}"
@ -34,7 +34,7 @@
shell: >
ANSIBLE_ANY_ERRORS_FATAL=false
ANSIBLE_STRATEGY=mitogen_linear
ANSIBLE_SSH_ARGS=""
ANSIBLE_SSH_ARGS="-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"
ansible -m shell -a whoami
{% for inv in ansible_inventory_sources %}
-i "{{ inv }}"
@ -59,7 +59,7 @@
shell: >
ANSIBLE_ANY_ERRORS_FATAL=false
ANSIBLE_STRATEGY=mitogen_linear
ANSIBLE_SSH_ARGS=""
ANSIBLE_SSH_ARGS="-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"
ansible -m shell -a whoami
{% for inv in ansible_inventory_sources %}
-i "{{ inv }}"
@ -76,7 +76,7 @@
shell: >
ANSIBLE_ANY_ERRORS_FATAL=false
ANSIBLE_STRATEGY=mitogen_linear
ANSIBLE_SSH_ARGS=""
ANSIBLE_SSH_ARGS="-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"
ansible -m shell -a whoami
{% for inv in ansible_inventory_sources %}
-i "{{ inv }}"
@ -101,7 +101,7 @@
shell: >
ANSIBLE_ANY_ERRORS_FATAL=false
ANSIBLE_STRATEGY=mitogen_linear
ANSIBLE_SSH_ARGS=""
ANSIBLE_SSH_ARGS="-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"
ansible -m shell -a whoami
{% for inv in ansible_inventory_sources %}
-i "{{ inv }}"
@ -118,7 +118,7 @@
shell: >
ANSIBLE_ANY_ERRORS_FATAL=false
ANSIBLE_STRATEGY=mitogen_linear
ANSIBLE_SSH_ARGS=""
ANSIBLE_SSH_ARGS="-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"
ansible -m shell -a whoami
{% for inv in ansible_inventory_sources %}
-i "{{ inv }}"
@ -148,7 +148,7 @@
shell: >
ANSIBLE_ANY_ERRORS_FATAL=false
ANSIBLE_STRATEGY=mitogen_linear
ANSIBLE_SSH_ARGS=""
ANSIBLE_SSH_ARGS="-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"
ansible -m shell -a whoami
{% for inv in ansible_inventory_sources %}
-i "{{ inv }}"
@ -165,7 +165,7 @@
shell: >
ANSIBLE_ANY_ERRORS_FATAL=false
ANSIBLE_STRATEGY=mitogen_linear
ANSIBLE_SSH_ARGS=""
ANSIBLE_SSH_ARGS="-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"
ansible -m shell -a whoami
{% for inv in ansible_inventory_sources %}
-i "{{ inv }}"

8
tests/ssh_test.py
Unescape Escape View File

@ -134,12 +134,13 @@ class SshTest(testlib.DockerMixin, testlib.TestCase):
def test_enforce_unknown_host_key(self):
fp = tempfile.NamedTemporaryFile()
ssh_args = self.docker_ssh_default_kwargs.get('ssh_args', [])
try:
e = self.assertRaises(mitogen.ssh.HostKeyError,
lambda: self.docker_ssh(
username='mitogen__has_sudo_pubkey',
password='has_sudo_password',
ssh_args=['-o', 'UserKnownHostsFile ' + fp.name],
ssh_args=ssh_args + ['-o', 'UserKnownHostsFile %s' % fp.name],
check_host_keys='enforce',
)
)
@ -149,11 +150,12 @@ class SshTest(testlib.DockerMixin, testlib.TestCase):
def test_accept_enforce_host_keys(self):
fp = tempfile.NamedTemporaryFile()
ssh_args = self.docker_ssh_default_kwargs.get('ssh_args', [])
try:
context = self.docker_ssh(
username='mitogen__has_sudo',
password='has_sudo_password',
ssh_args=['-o', 'UserKnownHostsFile ' + fp.name],
ssh_args=ssh_args + ['-o', 'UserKnownHostsFile %s' % fp.name],
check_host_keys='accept',
)
context.shutdown(wait=True)
@ -166,7 +168,7 @@ class SshTest(testlib.DockerMixin, testlib.TestCase):
context = self.docker_ssh(
username='mitogen__has_sudo',
password='has_sudo_password',
ssh_args=['-o', 'UserKnownHostsFile ' + fp.name],
ssh_args=ssh_args + ['-o', 'UserKnownHostsFile %s' % fp.name],
check_host_keys='enforce',
)
context.shutdown(wait=True)

31
tests/testlib.py
Unescape Escape View File

@ -631,12 +631,33 @@ class DockerMixin(RouterMixin):
cls.dockerized_ssh.close()
super(DockerMixin, cls).tearDownClass()
@property
def docker_ssh_default_kwargs(self):
return {
'hostname': self.dockerized_ssh.host,
'port': self.dockerized_ssh.port,
'check_host_keys': 'ignore',
'ssh_debug_level': 3,
# https://www.openssh.com/legacy.html
# ssh-rsa uses SHA1. Least worst available with CentOS 7 sshd.
# Rejected by default in newer ssh clients (e.g. Ubuntu 22.04).
# Duplicated cases in
# - tests/ansible/ansible.cfg
# - tests/ansible/integration/connection_delegation/delegate_to_template.yml
# - tests/ansible/integration/connection_delegation/stack_construction.yml
# - tests/ansible/integration/process/unix_socket_cleanup.yml
# - tests/ansible/integration/ssh/variables.yml
# - tests/testlib.py
'ssh_args': [
'-o', 'HostKeyAlgorithms +ssh-rsa',
'-o', 'PubkeyAcceptedKeyTypes +ssh-rsa',
],
'python_path': self.dockerized_ssh.python_path,
}
def docker_ssh(self, **kwargs):
kwargs.setdefault('hostname', self.dockerized_ssh.host)
kwargs.setdefault('port', self.dockerized_ssh.port)
kwargs.setdefault('check_host_keys', 'ignore')
kwargs.setdefault('ssh_debug_level', 3)
kwargs.setdefault('python_path', self.dockerized_ssh.python_path)
for k, v in self.docker_ssh_default_kwargs.items():
kwargs.setdefault(k, v)
return self.router.ssh(**kwargs)
def docker_ssh_any(self, **kwargs):

29
tox.ini
Unescape Escape View File

@ -1,23 +1,20 @@
# This file is a local convenience. It is not a substitute for the full CI
# suite, and does not cover the full range of Python versions for Mitogen.
# I use this on Ubuntu 20.04, with the following additions
# This configuration drives both CI and local development.
# I use this locally on Ubuntu 22.04, with the following additions
#
# sudo add-apt-repository ppa:deadsnakes/ppa
# sudo apt update
# sudo apt install python3.5 python3.6 python3.7 python3.9 tox libsasl2-dev libldap2-dev libssl-dev ssh-pass
# sudo apt install awscli lib{ldap2,sasl2,ssl}-dev python2.7 python3.{6..11} python-is-python3 sshpass tox
# Last version to support each python version
#
# Python tox virt'env pip A cntllr A target coverage
# ========== ======== ======== ======== ======== ======== ========
# python2.4 1.4 1.8 1.1 2.3?
# python2.5 1.6.1 1.9.1 1.3.1 ???
# python2.6 2.9.1 15.2.0 9.0.3 2.6.20 2.13 4.5.4
# python2.7 20.3 2.11
# python3.5 2.11
# python3.6 2.11
# python3.7 2.11
# Py tox virtualenv pip A cntrllr A target Jinja2 coverage psutil pytest
# ==== ======== ========== ======== ========= ========= ========== ======== ======== =========
# 2.4 <= 1.4 <= 1.8 <= 1.1 2.3? <= 3.7.1 <= 2.1.3
# 2.5 <= 1.6.1 <= 1.9.1 <= 1.3.1 ??? <= 3.7.1 <= 2.1.3 <= 2.8.7
# 2.6 <= 2.9.1 <= 15.2.0 <= 9.0.3 <= 2.6.20 <= 2.13 <= 2.10.3 <= 4.5.4 <= 5.9.0 <= 3.2.5
# 2.7 <= 3.28 <= 20.3? <= 20 <= 2.11 <= 2.11.3 <= 5.6 <= 4.6.11
# 3.5 <= 3.28 <= 20.15 <= 20 <= 2.11 <= 2.13 <= 2.11.3 <= 5.6 <= 6.1.0
# 3.6 <= 3.28 <= 20.16 <= 21 <= 2.11 <= 3.0.3 <= 6.2 <= 7.0.1
# 3.7 <= 2.12
# 3.8 <= 2.12
# Ansible Dependency
# ================== ======================

Write Preview
Loading…
Cancel
Save