Changeset 4403


Ignore:
Timestamp:
31/10/08 13:41:54 (11 years ago)
Author:
pjkersha
Message:

Updated sessionmanager and attributeauthorityclient unit test readmes

Location:
TI12-security/trunk/python
Files:
2 added
2 deleted
3 edited
1 copied
1 moved

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/attributeauthority.py

    r4401 r4403  
    249249        # Configuration file properties are held together in a dictionary 
    250250        fileProp = readAndValidateProperties(self.propFilePath,  
    251                                      validKeys=AttributeAuthority.propertyDefaults, 
    252                                      prefix=prefix, 
    253                                      sections=(section,)) 
     251                                 validKeys=AttributeAuthority.propertyDefaults, 
     252                                 prefix=prefix, 
     253                                 sections=(section,)) 
    254254         
    255255        # Allow for section and prefix names which will nest the Attribute 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/attributeauthorityclient/README

    r4129 r4403  
    33The test client connects to two different test Attribute Authorities 
    44corresponding to the fictitious Service Providers Site "A" and Site "B".  Each 
    5 has its own respective properties file.  The services require access to specific 
    6 security settings so the following should be done, if not running as root: 
     5has its own respective properties file.   
    76 
    8 i) Set the NDGSEC_DIR environment variable set to a local dir 
    9 ii) Copy /ndg/security/server/conf and /ndg/security/server/logs directories to this dir 
    10 iii) Set the NDGSEC_AA_PROPFILEPATH environment variable to the file with the server config 
    11  - i.e. siteAAttAuthorityProperties.xml (the same env var should be used for the siteB config file) 
     7These services must be started before running the unit tests.  Start a terminal 
     8in this directory and run: 
    129 
    13 These services must be started before 
    14 running the unit tests.  Start a terminal in this directory and run: 
    15  
    16 $ python ./siteAServer.py 
     10$ python ./wsgi/siteAServerApp.py 
    1711 
    1812...and in a separate terminal: 
    1913 
    20 $ python ./siteBServer.py 
     14$ python ./wsgi/siteBServerApp.py 
    2115 
    22 Note however that the siteBServer is only needed for tests for getting mapped  
    23 certificates: test7GetMappedAttCert and test8GetMappedAttCertStressTest 
     16Configuration for these services is held in the files ./wsgi/site-a.ini and 
     17./wsgi/site-b.ini respectively. 
    2418 
    25 Settings for the client to these services are configured with  
    26 attAuthorityClientTest.cfg.  The default values should work as set - although these assume 
    27 that tcpmon is running in the system - with local port = 4900 and server port = 5000.  NB, 
    28 problems may occur due to proxy settings (Access Denied errors); no proxy should be specified for the ports used by 
    29 the services - i.e. use: 
     19Note however that the siteBServerApp.py is only needed for tests for getting  
     20mapped attribute certificates: test7GetMappedAttCert and  
     21test8GetMappedAttCertStressTest 
    3022 
    31 export no_proxy=localhost:5100,localhost:5000,localhost:4900  
     23Settings for the client to these services are configured with the file 
     24attAuthorityClientTest.cfg.  The default values should work as set. 
    3225 
    33 Run the unit tests script AttAuthorityClientTest.py from another terminal: 
     26Problems may occur due to proxy settings (Access Denied errors); no proxy  
     27should be specified for the ports used by the services - i.e. use: 
    3428 
    35 $ python ./AttAuthorityClientTest.py 
     29$ unset http_proxy 
     30 
     31or set specific exceptions according to the address+port of the services used: 
     32 
     33$ export no_proxy=localhost:5100,localhost:5000 
     34 
     35Run the unit tests script test_attributeauthorityclient.py from another 
     36terminal: 
     37 
     38$ python ./test_attributeauthorityclient.py 
    3639 
    3740Tests can be run individually e.g. 
    3841 
    39 $ python ./AttAuthorityClientTest.py AttAuthorityClientTestCase.test1GetX509Cert 
     42$ python ./test_attributeauthorityclient.py AttributeAuthorityClientTestCase.test1GetX509Cert 
     43 
     44Running Services with the Twisted Application Server 
     45==================================================== 
     46Services have been ported from the Twisted Application Server to run with a 
     47WSGI wrapper under Paste.  Paste scripts are held in the wsgi/ sub-directory 
     48and the previous Twisted based ones in twisted/.  These are untested and may 
     49be removed from future releases of NDG-Security. 
     50 
     51P J Kershaw 31/10/08 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanager/README

    r4139 r4403  
    22================================================== 
    33These tests need some careful attention to their configuration in order to  
    4 correctly set up.  MyProxy and test Attribute Authorities services must be  
     4correctly set up.  Test Attribute Authorities services must be  
    55configured and started. 
     6  
     71) Two test Attribute Authority services are required.  These can be run from  
     8the Attribute Authority unit test directory.  It's path relative to this  
     9directory is ../attributeauthorityclient/.  Run each service in a separate  
     10window so that the output can be monitored: 
    611 
    7 MyProxy is installed as part of the NDG Security installation.  See the  
    8 installation guide for details: 
     12$ ../attributeauthorityclient/wsgi/siteAServerApp.py 
     13$ ../attributeauthorityclient/wsgi/siteBServerApp.py 
    914 
    10 http://proj.badc.rl.ac.uk/ndg/browser/TI12-security/trunk/documentation/InstallationGuide/pdf/NDGSecurityInstallationGuide.pdf?format=raw 
    11  
    12 1) Ensure MyProxy is running on it's host machine.  Depending on how you have 
    13 configured it it may be running as SysV init script or with xinetd or inetd. 
    14 Check with the Installation guide.  To start myproxy-server manually as root  
    15 run, 
    16  
    17 $ myproxy-server 
    18  
    19 2) Edit sessionMgrProperties.xml in this directory and set the hostname element 
    20 to the fully qualified domain name (FQDN) of the MyProxy host OR alternatively  
    21 set the environment variable MYPROXY_SERVER to the FQDN e.g. 
    22  
    23 export MYPROXY_SERVER=myproxyhost.somewhere.uk 
    24  
    25 3) Edit sessionMgrTest.cfg and set the username for the MyProxy account you 
    26 wish to test: NDG Security uses MyProxy with a PAM plugin to enable 
    27 authentication against an external source such as a user database or a UNIX 
    28 system account.  The passphrase field can also be filled, or alternatively if 
    29 omitted from the file or commented out it will be prompted for from the 
    30 command line.  Both test1Connect and test3ConnectNoCreateServerSess fields 
    31 should be set. 
    32   
    33 4) Two test Attribute Authority services are required.  These can be run from  
    34 the Attribute Authority unit test directory.  It's path relative to this  
    35 directory is ../attAuthority.   
    36  
    37 The Attribute Authorities accept requests from this Session Manager  
    38 authenticated based on the MyProxy user credentials used in the unit test 
    39 test1Connect.  In order to accept these, the Attribute Authorities must be  
    40 configured to trust the MyProxy CA.  This can be done by including the MyProxy 
    41 CA certificate in the list of trusted CA files in the respective Attribute  
    42 Authority configuration files: 
    43  i) Copy the CA certificate from your MyProxy host computer to the ca/ sub- 
    44  directory under THIS directory. 
    45   
    46  The file will be located on the MyProxy server as e.g. 
    47   
    48  /etc/grid-security/certificates/abcdef01.0 
    49   
    50  The exact name of the CA certificate file will be unique to your installation. 
    51  In the above, it is "abcdef01.0".    
    52   
    53  i) edit 'caCertFilePathList' element in  
    54  ../attAuthority/siteAAttAuthorityProperties.xml and add a new entry for the  
    55  MyProxy CA: 
    56  
    57  -8<--------------------------------------------------------------------------- 
    58     <caCertFilePathList> 
    59         <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile> 
    60 -->     <caCertFile>$NDGSEC_AACLNT_UNITTEST_DIR/ca/abcdef01.0</caCertFile> 
    61     </caCertFilePathList> 
    62  -8<--------------------------------------------------------------------------- 
    63  The exact name of the CA certificate file will be unique to your installation. 
    64  In the above, it is "abcdef01.0".  Ammend to the correct setting.  Edit  
    65  ../attAuthority/siteBAttAuthorityProperties.xml and in the same way add a new  
    66  entry for the MyProxy CA certificate. 
    67   
    68  Nb. You can check the MyProxy certificate file independently with OpenSSL: 
    69   
    70  $ openssl x509 -in  /etc/grid-security/certificates/abcdef01.0 -text 
    71   
    72155) Run the tests with the command: 
    7316 
    74 $ python ./test.py 
     17$ python ./test_sessionmanager.py 
    7518 
    76196) To run individual tests give the test method name: 
    7720 
    78 $ python ./test.py SessionMgrTestCase.test1Connect 
     21$ python ./test_sessionmanager.py SessionManagerTestCase.test1Connect 
    7922 
    8023Finally, 
    81  * See sessionMgrTest.cfg configuration file to change test parameters. 
    82  * See the installation guide for MyProxy trouble shooting information. 
     24 * See sessionMgrTest.cfg sets the unittest configuration 
     25 * sessionMgr.cfg sets the Session Manager configuration 
    8326 
    8427Troubleshooting: 
Note: See TracChangeset for help on using the changeset viewer.