From eeea1b949a3c04039fe00215d4f5bd22bd3ddaf8 Mon Sep 17 00:00:00 2001
From: kshithijiyer <kshithij.ki@gmail.com>
Date: Mon, 11 May 2020 16:17:06 +0530
Subject: [Libfix] Remove ssl_ops.py library

Problem:
Ideally operations done in ssl_ops.py should
be performed on a gluster cluster even before
peer probing the nodes. This makes the library
useless as we can't run any library in glusto-tests
without peer probing

Solution:
Enable SSL on gluster cluster before parsing it
to run tests present in glusto-tests.

Change-Id: If803179c67d5b3271b70c1578269350444aa3cf6
Signed-off-by: kshithijiyer <kshithij.ki@gmail.com>
---
 glustolibs-gluster/glustolibs/gluster/ssl_ops.py | 226 -----------------------
 1 file changed, 226 deletions(-)
 delete mode 100644 glustolibs-gluster/glustolibs/gluster/ssl_ops.py

(limited to 'glustolibs-gluster')

diff --git a/glustolibs-gluster/glustolibs/gluster/ssl_ops.py b/glustolibs-gluster/glustolibs/gluster/ssl_ops.py
deleted file mode 100644
index f5d310d01..000000000
--- a/glustolibs-gluster/glustolibs/gluster/ssl_ops.py
+++ /dev/null
@@ -1,226 +0,0 @@
-#!/usr/bin/env python
-#  Copyright (C) 2017-2018  Red Hat, Inc. <http://www.redhat.com>
-#
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License along
-#  with this program; if not, write to the Free Software Foundation, Inc.,
-#  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-
-"""
-    Description: Module for creating ssl machines for
-    validating basic ssl cases
-"""
-
-from io import StringIO
-
-from glusto.core import Glusto as g
-
-
-def create_ssl_machine(servers, clients):
-    """Following are the steps to create ssl machines:
-            - Stop glusterd on all servers
-            - Run: openssl genrsa -out /etc/ssl/glusterfs.key 2048
-            - Run: openssl req -new -x509 -key /etc/ssl/glusterfs.key
-                   -subj "/CN=ip's" -days 365 -out /etc/ssl/glusterfs.pem
-            - copy glusterfs.pem files into glusterfs.ca from all
-              the nodes(servers+clients) to all the servers
-            - touch /var/lib/glusterd/secure-access
-            - Start glusterd on all servers
-    Args:
-        servers: List of servers
-        clients: List of clients
-
-    Returns:
-        bool : True if successfully created ssl machine. False otherwise.
-    """
-    # pylint: disable=too-many-statements, too-many-branches
-    # pylint: disable=too-many-return-statements
-    # Variable to collect all servers ca_file for servers
-    ca_file_server = StringIO()
-
-    # Stop glusterd on all servers
-    ret = g.run_parallel(servers, "systemctl stop glusterd")
-    if not ret:
-        g.log.error("Failed to stop glusterd on all servers")
-        return False
-
-    # Generate key file on all servers
-    cmd = "openssl genrsa -out /etc/ssl/glusterfs.key 2048"
-    ret = g.run_parallel(servers, cmd)
-    if not ret:
-        g.log.error("Failed to create /etc/ssl/glusterfs.key "
-                    "file on all servers")
-        return False
-
-    # Generate glusterfs.pem file on all servers
-    for server in servers:
-        _, hostname, _ = g.run(server, "hostname")
-        cmd = ("openssl req -new -x509 -key /etc/ssl/glusterfs.key -subj "
-               "/CN=%s -days 365 -out /etc/ssl/glusterfs.pem" % (hostname))
-        ret = g.run(server, cmd)
-        if not ret:
-            g.log.error("Failed to create /etc/ssl/glusterfs.pem "
-                        "file on server %s", server)
-            return False
-
-    # Copy glusterfs.pem file of all servers into ca_file_server
-    for server in servers:
-        conn1 = g.rpyc_get_connection(server)
-        if conn1 == "None":
-            g.log.error("Failed to get rpyc connection on %s", server)
-
-        with conn1.builtin.open('/etc/ssl/glusterfs.pem') as fin:
-            ca_file_server.write(fin.read())
-
-    # Copy all ca_file_server for clients use
-    ca_file_client = ca_file_server.getvalue()
-
-    # Generate key file on all clients
-    for client in clients:
-        _, hostname, _ = g.run(client, "hostname -s")
-        cmd = "openssl genrsa -out /etc/ssl/glusterfs.key 2048"
-        ret = g.run(client, cmd)
-        if not ret:
-            g.log.error("Failed to create /etc/ssl/glusterfs.key "
-                        "file on client %s", client)
-            return False
-
-        # Generate glusterfs.pem file on all clients
-        cmd = ("openssl req -new -x509 -key /etc/ssl/glusterfs.key -subj "
-               "/CN=%s -days 365 -out /etc/ssl/glusterfs.pem" % (client))
-        ret = g.run(client, cmd)
-        if not ret:
-            g.log.error("Failed to create /etc/ssl/glusterf.pem "
-                        "file on client %s", client)
-            return False
-
-        # Copy glusterfs.pem file of client to a ca_file_server
-        conn2 = g.rpyc_get_connection(client)
-        if conn2 == "None":
-            g.log.error("Failed to get rpyc connection on %s", server)
-        with conn2.builtin.open('/etc/ssl/glusterfs.pem') as fin:
-            ca_file_server.write(fin.read())
-
-        # Copy glusterfs.pem file to glusterfs.ca of client such that
-        # clients shouldn't share respectives ca file each other
-        cmd = "cp /etc/ssl/glusterfs.pem /etc/ssl/glusterfs.ca"
-        ret, _, _ = g.run(client, cmd)
-        if ret != 0:
-            g.log.error("Failed to copy the glusterfs.pem to "
-                        "glusterfs.ca of client")
-            return False
-
-        # Now copy the ca_file of all servers to client ca file
-        with conn2.builtin.open('/etc/ssl/glusterfs.ca', 'a') as fout:
-            fout.write(ca_file_client)
-
-        # Create /var/lib/glusterd directory on clients
-        ret = g.run(client, "mkdir -p /var/lib/glusterd/")
-        if not ret:
-            g.log.error("Failed to create directory /var/lib/glusterd/"
-                        " on clients")
-
-    # Copy ca_file_server to all servers
-    for server in servers:
-        conn3 = g.rpyc_get_connection(server)
-        if conn3 == "None":
-            g.log.error("Failed to get rpyc connection on %s", server)
-
-        with conn3.builtin.open('/etc/ssl/glusterfs.ca', 'w') as fout:
-            fout.write(ca_file_server.getvalue())
-
-    # Touch /var/lib/glusterd/secure-access on all servers
-    ret = g.run_parallel(servers, "touch /var/lib/glusterd/secure-access")
-    if not ret:
-        g.log.error("Failed to touch the file on servers")
-        return False
-
-    # Touch /var/lib/glusterd/secure-access on all clients
-    ret = g.run_parallel(clients, "touch /var/lib/glusterd/secure-access")
-    if not ret:
-        g.log.error("Failed to touch the file on clients")
-        return False
-
-    # Start glusterd on all servers
-    ret = g.run_parallel(servers, "systemctl start glusterd")
-    if not ret:
-        g.log.error("Failed to stop glusterd on servers")
-        return False
-
-    return True
-
-
-def cleanup_ssl_setup(servers, clients):
-    """
-    Following are the steps to cleanup ssl setup:
-            - Stop glusterd on all servers
-            - Remove folder /etc/ssl/*
-            - Remove /var/lib/glusterd/*
-            - Start glusterd on all servers
-
-    Args:
-        servers: List of servers
-        clients: List of clients
-
-    Returns:
-        bool : True if successfully cleaned ssl machine. False otherwise.
-    """
-    # pylint: disable=too-many-return-statements
-    _rc = True
-
-    # Stop glusterd on all servers
-    ret = g.run_parallel(servers, "systemctl stop glusterd")
-    if not ret:
-        _rc = False
-        g.log.error("Failed to stop glusterd on all servers")
-
-    # Remove glusterfs.key, glusterfs.pem and glusterfs.ca file
-    # from all servers
-    cmd = "rm -rf /etc/ssl/glusterfs*"
-    ret = g.run_parallel(servers, cmd)
-    if not ret:
-        _rc = False
-        g.log.error("Failed to remove folder /etc/ssl/glusterfs* "
-                    "on all servers")
-
-    # Remove folder /var/lib/glusterd/secure-access from servers
-    cmd = "rm -rf /var/lib/glusterd/secure-access"
-    ret = g.run_parallel(servers, cmd)
-    if not ret:
-        _rc = False
-        g.log.error("Failed to remove folder /var/lib/glusterd/secure-access "
-                    "on all servers")
-
-    # Remove glusterfs.key, glusterfs.pem and glusterfs.ca file
-    # from all clients
-    cmd = "rm -rf /etc/ssl/glusterfs*"
-    ret = g.run_parallel(clients, cmd)
-    if not ret:
-        _rc = False
-        g.log.error("Failed to remove folder /etc/ssl/glusterfs* "
-                    "on all clients")
-
-    # Remove folder /var/lib/glusterd/secure-access from clients
-    cmd = "rm -rf /var/lib/glusterd/secure-access"
-    ret = g.run_parallel(clients, cmd)
-    if not ret:
-        _rc = False
-        g.log.error("Failed to remove folder /var/lib/glusterd/secure-access "
-                    "on all clients")
-
-    # Start glusterd on all servers
-    ret = g.run_parallel(servers, "systemctl start glusterd")
-    if not ret:
-        _rc = False
-        g.log.error("Failed to stop glusterd on servers")
-
-    return _rc
-- 
cgit