tests: Support Ubuntu 22.04 as test suite runner (controller)
To do so the test suite allows a weak cryptographic alogorithm (SHA1) to be used, principally for CentOS 6 targets. This can be removed if/when support for older (legacy) targets is dropped. Only the test suite enables this known weak alogorithm. Mitogen as-shipped doesn't enable or disable algorithms.
This commit is contained in:
parent
ec212a10d8
commit
270c3a25de
|
@ -48,5 +48,21 @@ host_pattern_mismatch = error
|
|||
task_output_limit = 10
|
||||
|
||||
[ssh_connection]
|
||||
ssh_args = -o UserKnownHostsFile=/dev/null -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s
|
||||
# https://www.openssh.com/legacy.html
|
||||
# ssh-rsa uses SHA1. Least worst available with CentOS 7 sshd.
|
||||
# Rejected by default in newer ssh clients (e.g. Ubuntu 22.04).
|
||||
# Duplicated cases in
|
||||
# - tests/ansible/ansible.cfg
|
||||
# - tests/ansible/integration/connection_delegation/delegate_to_template.yml
|
||||
# - tests/ansible/integration/connection_delegation/stack_construction.yml
|
||||
# - tests/ansible/integration/process/unix_socket_cleanup.yml
|
||||
# - tests/ansible/integration/ssh/variables.yml
|
||||
# - tests/testlib.py
|
||||
ssh_args =
|
||||
-o ControlMaster=auto
|
||||
-o ControlPersist=60s
|
||||
-o ForwardAgent=yes
|
||||
-o HostKeyAlgorithms=+ssh-rsa
|
||||
-o PubkeyAcceptedKeyTypes=+ssh-rsa
|
||||
-o UserKnownHostsFile=/dev/null
|
||||
pipelining = True
|
||||
|
|
|
@ -44,14 +44,12 @@
|
|||
'python_path': ["/usr/bin/python"],
|
||||
'remote_name': null,
|
||||
'ssh_args': [
|
||||
'-o',
|
||||
'UserKnownHostsFile=/dev/null',
|
||||
'-o',
|
||||
'ForwardAgent=yes',
|
||||
'-o',
|
||||
'ControlMaster=auto',
|
||||
'-o',
|
||||
'ControlPersist=60s',
|
||||
-o, ControlMaster=auto,
|
||||
-o, ControlPersist=60s,
|
||||
-o, ForwardAgent=yes,
|
||||
-o, HostKeyAlgorithms=+ssh-rsa,
|
||||
-o, PubkeyAcceptedKeyTypes=+ssh-rsa,
|
||||
-o, UserKnownHostsFile=/dev/null,
|
||||
],
|
||||
'ssh_debug_level': null,
|
||||
'ssh_path': 'ssh',
|
||||
|
@ -74,14 +72,12 @@
|
|||
'python_path': ["/usr/bin/python"],
|
||||
'remote_name': null,
|
||||
'ssh_args': [
|
||||
'-o',
|
||||
'UserKnownHostsFile=/dev/null',
|
||||
'-o',
|
||||
'ForwardAgent=yes',
|
||||
'-o',
|
||||
'ControlMaster=auto',
|
||||
'-o',
|
||||
'ControlPersist=60s',
|
||||
-o, ControlMaster=auto,
|
||||
-o, ControlPersist=60s,
|
||||
-o, ForwardAgent=yes,
|
||||
-o, HostKeyAlgorithms=+ssh-rsa,
|
||||
-o, PubkeyAcceptedKeyTypes=+ssh-rsa,
|
||||
-o, UserKnownHostsFile=/dev/null,
|
||||
],
|
||||
'ssh_debug_level': null,
|
||||
'ssh_path': 'ssh',
|
||||
|
|
|
@ -81,14 +81,12 @@
|
|||
"python_path": ["/usr/bin/python"],
|
||||
'remote_name': null,
|
||||
'ssh_args': [
|
||||
'-o',
|
||||
'UserKnownHostsFile=/dev/null',
|
||||
'-o',
|
||||
'ForwardAgent=yes',
|
||||
'-o',
|
||||
'ControlMaster=auto',
|
||||
'-o',
|
||||
'ControlPersist=60s',
|
||||
-o, ControlMaster=auto,
|
||||
-o, ControlPersist=60s,
|
||||
-o, ForwardAgent=yes,
|
||||
-o, HostKeyAlgorithms=+ssh-rsa,
|
||||
-o, PubkeyAcceptedKeyTypes=+ssh-rsa,
|
||||
-o, UserKnownHostsFile=/dev/null,
|
||||
],
|
||||
'ssh_debug_level': null,
|
||||
'ssh_path': 'ssh',
|
||||
|
@ -126,14 +124,12 @@
|
|||
"python_path": ["/usr/bin/python"],
|
||||
'remote_name': null,
|
||||
'ssh_args': [
|
||||
'-o',
|
||||
'UserKnownHostsFile=/dev/null',
|
||||
'-o',
|
||||
'ForwardAgent=yes',
|
||||
'-o',
|
||||
'ControlMaster=auto',
|
||||
'-o',
|
||||
'ControlPersist=60s',
|
||||
-o, ControlMaster=auto,
|
||||
-o, ControlPersist=60s,
|
||||
-o, ForwardAgent=yes,
|
||||
-o, HostKeyAlgorithms=+ssh-rsa,
|
||||
-o, PubkeyAcceptedKeyTypes=+ssh-rsa,
|
||||
-o, UserKnownHostsFile=/dev/null,
|
||||
],
|
||||
'ssh_debug_level': null,
|
||||
'ssh_path': 'ssh',
|
||||
|
@ -182,14 +178,12 @@
|
|||
"python_path": ["/usr/bin/python"],
|
||||
'remote_name': null,
|
||||
'ssh_args': [
|
||||
'-o',
|
||||
'UserKnownHostsFile=/dev/null',
|
||||
'-o',
|
||||
'ForwardAgent=yes',
|
||||
'-o',
|
||||
'ControlMaster=auto',
|
||||
'-o',
|
||||
'ControlPersist=60s',
|
||||
-o, ControlMaster=auto,
|
||||
-o, ControlPersist=60s,
|
||||
-o, ForwardAgent=yes,
|
||||
-o, HostKeyAlgorithms=+ssh-rsa,
|
||||
-o, PubkeyAcceptedKeyTypes=+ssh-rsa,
|
||||
-o, UserKnownHostsFile=/dev/null,
|
||||
],
|
||||
'ssh_debug_level': null,
|
||||
'ssh_path': 'ssh',
|
||||
|
@ -227,14 +221,12 @@
|
|||
"python_path": ["/usr/bin/python"],
|
||||
'remote_name': null,
|
||||
'ssh_args': [
|
||||
'-o',
|
||||
'UserKnownHostsFile=/dev/null',
|
||||
'-o',
|
||||
'ForwardAgent=yes',
|
||||
'-o',
|
||||
'ControlMaster=auto',
|
||||
'-o',
|
||||
'ControlPersist=60s',
|
||||
-o, ControlMaster=auto,
|
||||
-o, ControlPersist=60s,
|
||||
-o, ForwardAgent=yes,
|
||||
-o, HostKeyAlgorithms=+ssh-rsa,
|
||||
-o, PubkeyAcceptedKeyTypes=+ssh-rsa,
|
||||
-o, UserKnownHostsFile=/dev/null,
|
||||
],
|
||||
'ssh_debug_level': null,
|
||||
'ssh_path': 'ssh',
|
||||
|
@ -257,14 +249,12 @@
|
|||
"python_path": ["/usr/bin/python"],
|
||||
'remote_name': null,
|
||||
'ssh_args': [
|
||||
'-o',
|
||||
'UserKnownHostsFile=/dev/null',
|
||||
'-o',
|
||||
'ForwardAgent=yes',
|
||||
'-o',
|
||||
'ControlMaster=auto',
|
||||
'-o',
|
||||
'ControlPersist=60s',
|
||||
-o, ControlMaster=auto,
|
||||
-o, ControlPersist=60s,
|
||||
-o, ForwardAgent=yes,
|
||||
-o, HostKeyAlgorithms=+ssh-rsa,
|
||||
-o, PubkeyAcceptedKeyTypes=+ssh-rsa,
|
||||
-o, UserKnownHostsFile=/dev/null,
|
||||
],
|
||||
'ssh_debug_level': null,
|
||||
'ssh_path': 'ssh',
|
||||
|
@ -313,14 +303,12 @@
|
|||
"python_path": ["/usr/bin/python"],
|
||||
'remote_name': null,
|
||||
'ssh_args': [
|
||||
'-o',
|
||||
'UserKnownHostsFile=/dev/null',
|
||||
'-o',
|
||||
'ForwardAgent=yes',
|
||||
'-o',
|
||||
'ControlMaster=auto',
|
||||
'-o',
|
||||
'ControlPersist=60s',
|
||||
-o, ControlMaster=auto,
|
||||
-o, ControlPersist=60s,
|
||||
-o, ForwardAgent=yes,
|
||||
-o, HostKeyAlgorithms=+ssh-rsa,
|
||||
-o, PubkeyAcceptedKeyTypes=+ssh-rsa,
|
||||
-o, UserKnownHostsFile=/dev/null,
|
||||
],
|
||||
'ssh_debug_level': null,
|
||||
'ssh_path': 'ssh',
|
||||
|
@ -359,14 +347,12 @@
|
|||
"python_path": ["/usr/bin/python"],
|
||||
'remote_name': null,
|
||||
'ssh_args': [
|
||||
'-o',
|
||||
'UserKnownHostsFile=/dev/null',
|
||||
'-o',
|
||||
'ForwardAgent=yes',
|
||||
'-o',
|
||||
'ControlMaster=auto',
|
||||
'-o',
|
||||
'ControlPersist=60s',
|
||||
-o, ControlMaster=auto,
|
||||
-o, ControlPersist=60s,
|
||||
-o, ForwardAgent=yes,
|
||||
-o, HostKeyAlgorithms=+ssh-rsa,
|
||||
-o, PubkeyAcceptedKeyTypes=+ssh-rsa,
|
||||
-o, UserKnownHostsFile=/dev/null,
|
||||
],
|
||||
'ssh_debug_level': null,
|
||||
'ssh_path': 'ssh',
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
|
||||
- shell: >
|
||||
ANSIBLE_STRATEGY=mitogen_linear
|
||||
ANSIBLE_SSH_ARGS=""
|
||||
ANSIBLE_SSH_ARGS="-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"
|
||||
ansible -m shell -c local -a whoami
|
||||
{% for inv in ansible_inventory_sources %}
|
||||
-i "{{ inv }}"
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
shell: >
|
||||
ANSIBLE_ANY_ERRORS_FATAL=false
|
||||
ANSIBLE_STRATEGY=mitogen_linear
|
||||
ANSIBLE_SSH_ARGS=""
|
||||
ANSIBLE_SSH_ARGS="-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"
|
||||
ansible -m shell -a whoami
|
||||
{% for inv in ansible_inventory_sources %}
|
||||
-i "{{ inv }}"
|
||||
|
@ -34,7 +34,7 @@
|
|||
shell: >
|
||||
ANSIBLE_ANY_ERRORS_FATAL=false
|
||||
ANSIBLE_STRATEGY=mitogen_linear
|
||||
ANSIBLE_SSH_ARGS=""
|
||||
ANSIBLE_SSH_ARGS="-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"
|
||||
ansible -m shell -a whoami
|
||||
{% for inv in ansible_inventory_sources %}
|
||||
-i "{{ inv }}"
|
||||
|
@ -59,7 +59,7 @@
|
|||
shell: >
|
||||
ANSIBLE_ANY_ERRORS_FATAL=false
|
||||
ANSIBLE_STRATEGY=mitogen_linear
|
||||
ANSIBLE_SSH_ARGS=""
|
||||
ANSIBLE_SSH_ARGS="-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"
|
||||
ansible -m shell -a whoami
|
||||
{% for inv in ansible_inventory_sources %}
|
||||
-i "{{ inv }}"
|
||||
|
@ -76,7 +76,7 @@
|
|||
shell: >
|
||||
ANSIBLE_ANY_ERRORS_FATAL=false
|
||||
ANSIBLE_STRATEGY=mitogen_linear
|
||||
ANSIBLE_SSH_ARGS=""
|
||||
ANSIBLE_SSH_ARGS="-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"
|
||||
ansible -m shell -a whoami
|
||||
{% for inv in ansible_inventory_sources %}
|
||||
-i "{{ inv }}"
|
||||
|
@ -101,7 +101,7 @@
|
|||
shell: >
|
||||
ANSIBLE_ANY_ERRORS_FATAL=false
|
||||
ANSIBLE_STRATEGY=mitogen_linear
|
||||
ANSIBLE_SSH_ARGS=""
|
||||
ANSIBLE_SSH_ARGS="-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"
|
||||
ansible -m shell -a whoami
|
||||
{% for inv in ansible_inventory_sources %}
|
||||
-i "{{ inv }}"
|
||||
|
@ -118,7 +118,7 @@
|
|||
shell: >
|
||||
ANSIBLE_ANY_ERRORS_FATAL=false
|
||||
ANSIBLE_STRATEGY=mitogen_linear
|
||||
ANSIBLE_SSH_ARGS=""
|
||||
ANSIBLE_SSH_ARGS="-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"
|
||||
ansible -m shell -a whoami
|
||||
{% for inv in ansible_inventory_sources %}
|
||||
-i "{{ inv }}"
|
||||
|
@ -148,7 +148,7 @@
|
|||
shell: >
|
||||
ANSIBLE_ANY_ERRORS_FATAL=false
|
||||
ANSIBLE_STRATEGY=mitogen_linear
|
||||
ANSIBLE_SSH_ARGS=""
|
||||
ANSIBLE_SSH_ARGS="-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"
|
||||
ansible -m shell -a whoami
|
||||
{% for inv in ansible_inventory_sources %}
|
||||
-i "{{ inv }}"
|
||||
|
@ -165,7 +165,7 @@
|
|||
shell: >
|
||||
ANSIBLE_ANY_ERRORS_FATAL=false
|
||||
ANSIBLE_STRATEGY=mitogen_linear
|
||||
ANSIBLE_SSH_ARGS=""
|
||||
ANSIBLE_SSH_ARGS="-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"
|
||||
ansible -m shell -a whoami
|
||||
{% for inv in ansible_inventory_sources %}
|
||||
-i "{{ inv }}"
|
||||
|
|
|
@ -134,12 +134,13 @@ class SshTest(testlib.DockerMixin, testlib.TestCase):
|
|||
|
||||
def test_enforce_unknown_host_key(self):
|
||||
fp = tempfile.NamedTemporaryFile()
|
||||
ssh_args = self.docker_ssh_default_kwargs.get('ssh_args', [])
|
||||
try:
|
||||
e = self.assertRaises(mitogen.ssh.HostKeyError,
|
||||
lambda: self.docker_ssh(
|
||||
username='mitogen__has_sudo_pubkey',
|
||||
password='has_sudo_password',
|
||||
ssh_args=['-o', 'UserKnownHostsFile ' + fp.name],
|
||||
ssh_args=ssh_args + ['-o', 'UserKnownHostsFile %s' % fp.name],
|
||||
check_host_keys='enforce',
|
||||
)
|
||||
)
|
||||
|
@ -149,11 +150,12 @@ class SshTest(testlib.DockerMixin, testlib.TestCase):
|
|||
|
||||
def test_accept_enforce_host_keys(self):
|
||||
fp = tempfile.NamedTemporaryFile()
|
||||
ssh_args = self.docker_ssh_default_kwargs.get('ssh_args', [])
|
||||
try:
|
||||
context = self.docker_ssh(
|
||||
username='mitogen__has_sudo',
|
||||
password='has_sudo_password',
|
||||
ssh_args=['-o', 'UserKnownHostsFile ' + fp.name],
|
||||
ssh_args=ssh_args + ['-o', 'UserKnownHostsFile %s' % fp.name],
|
||||
check_host_keys='accept',
|
||||
)
|
||||
context.shutdown(wait=True)
|
||||
|
@ -166,7 +168,7 @@ class SshTest(testlib.DockerMixin, testlib.TestCase):
|
|||
context = self.docker_ssh(
|
||||
username='mitogen__has_sudo',
|
||||
password='has_sudo_password',
|
||||
ssh_args=['-o', 'UserKnownHostsFile ' + fp.name],
|
||||
ssh_args=ssh_args + ['-o', 'UserKnownHostsFile %s' % fp.name],
|
||||
check_host_keys='enforce',
|
||||
)
|
||||
context.shutdown(wait=True)
|
||||
|
|
|
@ -631,12 +631,33 @@ class DockerMixin(RouterMixin):
|
|||
cls.dockerized_ssh.close()
|
||||
super(DockerMixin, cls).tearDownClass()
|
||||
|
||||
@property
|
||||
def docker_ssh_default_kwargs(self):
|
||||
return {
|
||||
'hostname': self.dockerized_ssh.host,
|
||||
'port': self.dockerized_ssh.port,
|
||||
'check_host_keys': 'ignore',
|
||||
'ssh_debug_level': 3,
|
||||
# https://www.openssh.com/legacy.html
|
||||
# ssh-rsa uses SHA1. Least worst available with CentOS 7 sshd.
|
||||
# Rejected by default in newer ssh clients (e.g. Ubuntu 22.04).
|
||||
# Duplicated cases in
|
||||
# - tests/ansible/ansible.cfg
|
||||
# - tests/ansible/integration/connection_delegation/delegate_to_template.yml
|
||||
# - tests/ansible/integration/connection_delegation/stack_construction.yml
|
||||
# - tests/ansible/integration/process/unix_socket_cleanup.yml
|
||||
# - tests/ansible/integration/ssh/variables.yml
|
||||
# - tests/testlib.py
|
||||
'ssh_args': [
|
||||
'-o', 'HostKeyAlgorithms +ssh-rsa',
|
||||
'-o', 'PubkeyAcceptedKeyTypes +ssh-rsa',
|
||||
],
|
||||
'python_path': self.dockerized_ssh.python_path,
|
||||
}
|
||||
|
||||
def docker_ssh(self, **kwargs):
|
||||
kwargs.setdefault('hostname', self.dockerized_ssh.host)
|
||||
kwargs.setdefault('port', self.dockerized_ssh.port)
|
||||
kwargs.setdefault('check_host_keys', 'ignore')
|
||||
kwargs.setdefault('ssh_debug_level', 3)
|
||||
kwargs.setdefault('python_path', self.dockerized_ssh.python_path)
|
||||
for k, v in self.docker_ssh_default_kwargs.items():
|
||||
kwargs.setdefault(k, v)
|
||||
return self.router.ssh(**kwargs)
|
||||
|
||||
def docker_ssh_any(self, **kwargs):
|
||||
|
|
29
tox.ini
29
tox.ini
|
@ -1,23 +1,20 @@
|
|||
# This file is a local convenience. It is not a substitute for the full CI
|
||||
# suite, and does not cover the full range of Python versions for Mitogen.
|
||||
|
||||
# I use this on Ubuntu 20.04, with the following additions
|
||||
# This configuration drives both CI and local development.
|
||||
# I use this locally on Ubuntu 22.04, with the following additions
|
||||
#
|
||||
# sudo add-apt-repository ppa:deadsnakes/ppa
|
||||
# sudo apt update
|
||||
# sudo apt install python3.5 python3.6 python3.7 python3.9 tox libsasl2-dev libldap2-dev libssl-dev ssh-pass
|
||||
# sudo apt install awscli lib{ldap2,sasl2,ssl}-dev python2.7 python3.{6..11} python-is-python3 sshpass tox
|
||||
|
||||
# Last version to support each python version
|
||||
#
|
||||
# Python tox virt'env pip A cntllr A target coverage
|
||||
# ========== ======== ======== ======== ======== ======== ========
|
||||
# python2.4 1.4 1.8 1.1 2.3?
|
||||
# python2.5 1.6.1 1.9.1 1.3.1 ???
|
||||
# python2.6 2.9.1 15.2.0 9.0.3 2.6.20 2.13 4.5.4
|
||||
# python2.7 20.3 2.11
|
||||
# python3.5 2.11
|
||||
# python3.6 2.11
|
||||
# python3.7 2.11
|
||||
# Py tox virtualenv pip A cntrllr A target Jinja2 coverage psutil pytest
|
||||
# ==== ======== ========== ======== ========= ========= ========== ======== ======== =========
|
||||
# 2.4 <= 1.4 <= 1.8 <= 1.1 2.3? <= 3.7.1 <= 2.1.3
|
||||
# 2.5 <= 1.6.1 <= 1.9.1 <= 1.3.1 ??? <= 3.7.1 <= 2.1.3 <= 2.8.7
|
||||
# 2.6 <= 2.9.1 <= 15.2.0 <= 9.0.3 <= 2.6.20 <= 2.13 <= 2.10.3 <= 4.5.4 <= 5.9.0 <= 3.2.5
|
||||
# 2.7 <= 3.28 <= 20.3? <= 20 <= 2.11 <= 2.11.3 <= 5.6 <= 4.6.11
|
||||
# 3.5 <= 3.28 <= 20.15 <= 20 <= 2.11 <= 2.13 <= 2.11.3 <= 5.6 <= 6.1.0
|
||||
# 3.6 <= 3.28 <= 20.16 <= 21 <= 2.11 <= 3.0.3 <= 6.2 <= 7.0.1
|
||||
# 3.7 <= 2.12
|
||||
# 3.8 <= 2.12
|
||||
|
||||
# Ansible Dependency
|
||||
# ================== ======================
|
||||
|
|
Loading…
Reference in New Issue