| *** Settings *** |
| Documentation Remote logging test for rsyslog. |
| |
| # Program arguments: |
| # REMOTE_LOG_SERVER_HOST The host name or IP address of the remote |
| # logging server. |
| # REMOTE_LOG_SERVER_PORT The port number for the remote logging server. |
| # REMOTE_USERNAME The username for the remote logging server. |
| # REMOTE_PASSWORD The password for the remote logging server. |
| |
| Library String |
| Resource ../../lib/openbmc_ffdc.robot |
| Resource ../../lib/boot_utils.robot |
| Resource ../../lib/remote_logging_utils.robot |
| Resource ../../lib/bmc_redfish_resource.robot |
| Resource ../../lib/ipmi_client.robot |
| Resource ../../lib/bmc_redfish_resource.robot |
| Resource ../../lib/ipmi_client.robot |
| Library ../../lib/ipmi_utils.py |
| Library ../../lib/gen_misc.py |
| |
| Suite Setup Suite Setup Execution |
| Test Setup Test Setup Execution |
| Test Teardown FFDC On Test Case Fail |
| |
| *** Variables *** |
| |
| # Strings to check from journald. |
| ${BMC_STOP_MSG} Stopping Network IPMI daemon |
| ${BMC_START_MSG} Starting Flush Journal to Persistent Storage |
| ${BMC_BOOT_MSG} Startup finished in |
| ${BMC_SYSLOG_REGEX} dropbear|vrm-control.sh |
| ${RSYSLOG_REGEX} start|exiting on signal 15|there are no active actions configured |
| ${RSYSLOG_RETRY_REGEX} suspended |
| ${valid_password} 0penBmc1 |
| ${max_password_length} 20 |
| |
| *** Test Cases *** |
| |
| Test BMC Hostname Service And Verify |
| [Documentation] Write to hostname interface and verify via REST and |
| ... 'hostname' command. |
| [Tags] Test_BMC_Hostname_Service_And_Verify |
| |
| ${openbmc_host_name} ${openbmc_ip} ${openbmc_short_name}= |
| ... Get Host Name IP host=${OPENBMC_HOST} short_name=1 |
| |
| ${host_name_dict}= Create Dictionary data=${openbmc_short_name} |
| Write Attribute ${NETWORK_MANAGER}config HostName data=${host_name_dict} |
| ... verify=${TRUE} expected_value=${openbmc_short_name} |
| |
| ${hostname} ${stderr} ${rc}= BMC Execute Command hostname |
| |
| Should Be Equal As Strings ${hostname} ${openbmc_short_name} |
| ... msg=The hostname interface ${openbmc_short_name} and command value ${hostname} do not match. |
| |
| # Override the suite hostname variable if this test is executed. |
| Set Suite Variable ${bmc_hostname} ${openbmc_short_name} |
| |
| |
| Verify REST Logging On BMC Journal When Disabled |
| [Documentation] Enable REST logging and verify from journald. |
| [Tags] Verify_REST_Logging_On_BMC_Journal_When_Disabled |
| |
| ${log_dict}= Create Dictionary data=${False} |
| Write Attribute ${BMC_LOGGING_URI}${/}rest_api_logs Enabled data=${log_dict} |
| ... verify=${True} expected_value=${False} |
| |
| # If it was enabled prior, this REST footprint will show up. |
| # Takes around 5 seconds for the REST to restart service when policy is changed. |
| Sleep 10s |
| |
| ${login_footprint}= Catenate login json: None 200 OK |
| # Example: Just get the message part of the syslog |
| # user:root POST http://xx.xx.xx.xx/login json: None 200 OK |
| ${cmd}= Catenate SEPARATOR= --no-pager | egrep '${login_footprint}' |
| |
| Start Journal Log filter=${cmd} |
| Initialize OpenBMC |
| Sleep 5s |
| ${bmc_journald}= Stop Journal Log |
| |
| Should Be Empty ${bmc_journald} |
| ... msg=${bmc_journald} contains unexpected REST entries. |
| |
| |
| Verify REST Logging On BMC Journal When Enabled |
| [Documentation] Enable REST logging and verify from journald. |
| [Tags] Verify_REST_Logging_On_BMC_Journal_When_Enabled |
| |
| ${log_dict}= Create Dictionary data=${True} |
| Write Attribute ${BMC_LOGGING_URI}${/}rest_api_logs Enabled data=${log_dict} |
| ... verify=${True} expected_value=${True} |
| |
| Sleep 5s |
| |
| Start Journal Log |
| Initialize OpenBMC |
| Log Out OpenBMC |
| ${bmc_journald}= Stop Journal Log |
| |
| Should Contain ${bmc_journald} login json: None 200 OK |
| ... msg=${bmc_journald} doesn't contains REST entries. |
| |
| |
| Test Remote API Valid Config Combination |
| [Documentation] Verify valid combination of address and port. |
| [Tags] Test_Remote_API_Valid_Config_Combination |
| [Template] Verify Configure Remote Logging Server |
| # Forego normal test setup: |
| [Setup] No Operation |
| |
| # Address Port Expected result |
| ${EMPTY} ${REMOTE_LOG_SERVER_PORT} ${True} |
| ${REMOTE_LOG_SERVER_HOST} ${REMOTE_LOG_SERVER_PORT} ${True} |
| ${REMOTE_LOG_SERVER_HOST} ${0} ${True} |
| |
| |
| Test Remote API Invalid Config Combination |
| [Documentation] Verify invalid combination of address and port. |
| [Tags] Test_Remote_API_Invalid_Config_Combination |
| [Template] Verify Configure Remote Logging Server |
| # Forego normal test setup: |
| [Setup] No Operation |
| |
| # Address Port Expected result |
| ${0} ${REMOTE_LOG_SERVER_PORT} ${False} |
| "0" ${REMOTE_LOG_SERVER_PORT} ${False} |
| ${REMOTE_LOG_SERVER_HOST} ${EMPTY} ${False} |
| ${REMOTE_LOG_SERVER_HOST} "0" ${False} |
| |
| |
| Test Remote Logging REST Interface And Verify Config |
| [Documentation] Test remote logging interface and configuration. |
| [Tags] Test_Remote_Logging_REST_Interface_And_Verify_Config |
| |
| Verify Rsyslog Config On BMC |
| |
| |
| Test Remote Logging Invalid Port Config And Verify BMC Journald |
| [Documentation] Test remote logging interface and configuration. |
| [Tags] Test_Remote_Logging_Invalid_Port_Config_And_Verify_BMC_Journald |
| |
| # Invalid port derived by (REMOTE_LOG_SERVER_PORT + 1) port config setting. |
| ${INVALID_PORT}= Evaluate ${REMOTE_LOG_SERVER_PORT} + ${1} |
| Configure Remote Log Server With Parameters |
| ... remote_host=${REMOTE_LOG_SERVER_HOST} remote_port=${INVALID_PORT} |
| |
| Sleep 3s |
| # rsyslogd[1870]: action 'action 0' suspended, |
| # next retry is Fri Sep 14 05:47:39 2018 [v8.29.0 try http://www.rsyslog.com/e/2007 ] |
| ${bmc_journald} ${stderr} ${rc}= BMC Execute Command |
| ... journalctl -b --no-pager | egrep 'rsyslog.*${RSYSLOG_RETRY_REGEX}' |
| |
| Should Contain ${bmc_journald} ${RSYSLOG_RETRY_REGEX} |
| ... msg=${bmc_journald} doesn't contain rsyslog retry entries. |
| |
| |
| Verify BMC Journald Synced To Remote Logging Server |
| [Documentation] Check that BMC journald is sync to remote rsyslog. |
| [Tags] Verify_BMC_Journald_Synced_To_Remote_Logging_Server |
| |
| # Restart BMC dump service and get the last entry of the journald. |
| # Example: |
| # systemd[1]: Started Phosphor Dump Manager. |
| BMC Execute Command |
| ... systemctl restart xyz.openbmc_project.Dump.Manager.service |
| |
| ${bmc_journald} ${stderr} ${rc}= BMC Execute Command |
| ... journalctl --no-pager | grep 'Started Phosphor Dump Manager' |
| |
| # systemd[1]: Started Phosphor Dump Manager. |
| ${cmd}= Catenate SEPARATOR= egrep '${bmc_hostname}.*Started Phosphor Dump Manager' /var/log/syslog |
| ${remote_journald}= Remote Logging Server Execute Command command=${cmd} |
| |
| # TODO: rsyslog configuration and time date template to match BMC journald. |
| # Compare the BMC journlad log. Example: |
| # systemd[1]: Started Phosphor Dump Manager. |
| Should Contain ${remote_journald} ${bmc_journald.split('${bmc_hostname}')[1][0]} |
| ... msg= ${bmc_journald} doesn't match remote rsyslog:${remote_journald}. |
| |
| |
| Verify Journald Post BMC Reset |
| [Documentation] Check that BMC journald is sync'ed to remote rsyslog after |
| ... BMC reset. |
| [Tags] Verify_Journald_Post_BMC_Reset |
| |
| ${hostname} ${stderr} ${rc}= BMC Execute Command hostname |
| OBMC Reboot (off) |
| |
| ${cmd}= Catenate grep ${hostname} /var/log/syslog | |
| ... egrep '${BMC_STOP_MSG}|${BMC_START_MSG}|${BMC_BOOT_MSG}' |
| ${remote_journald}= Remote Logging Server Execute Command command=${cmd} |
| |
| # 1. Last reboot message to verify. |
| Should Contain ${remote_journald} ${BMC_STOP_MSG} |
| ... msg=The remote journald doesn't contain the IPMI shutdown message: ${BMC_STOP_MSG}. |
| |
| # 2. Earliest booting message on journald. |
| Should Contain ${remote_journald} ${BMC_START_MSG} |
| ... msg=The remote journald doesn't contain the start message: ${BMC_START_MSG}. |
| |
| # 3. Unique boot to standby message. |
| # Startup finished in 9.961s (kernel) + 1min 59.039s (userspace) = 2min 9.000s |
| ${bmc_journald} ${stderr} ${rc}= BMC Execute Command |
| ... journalctl -b --no-pager | egrep '${BMC_BOOT_MSG}' |
| |
| Should Contain ${remote_journald} |
| ... ${bmc_journald.split('${hostname}')[1]} |
| ... msg=The remote journald doesn't contain the boot message: ${BMC_BOOT_MSG}. |
| |
| |
| Verify BMC Journald Contains No Credential Data |
| [Documentation] Check that BMC journald doesn't log any credential data. |
| [Tags] Verify_BMC_Journald_Contains_No_Credential_Data |
| |
| Initialize OpenBMC |
| |
| Create Redfish And IPMI Users |
| |
| # Time for user manager to sync. |
| Sleep 5 s |
| |
| Open Connection And Log In |
| ${bmc_journald} ${stderr} ${rc}= BMC Execute Command |
| ... journalctl -o json-pretty | cat |
| |
| Should Not Contain Any ${bmc_journald} ${OPENBMC_PASSWORD} ${valid_password} |
| ... ignore_case=False msg=Journald logs BMC credentials/password ${OPENBMC_PASSWORD}. |
| |
| |
| Audit BMC SSH Login And Remote Logging |
| [Documentation] Check that the SSH login to BMC is logged and synced to |
| ... remote logging server. |
| [Tags] Audit_BMC_SSH_Login_And_Remote_Logging |
| |
| ${login_footprint}= Catenate Started SSH Per-Connection Server |
| # Example: Just get the message part of the syslog |
| # Started SSH Per-Connection Server (xx.xx.xx.xx:51292) |
| ${cmd}= Catenate SEPARATOR= --no-pager | egrep '${login_footprint}' |
| ... | awk -F': ' '{print $2}' |
| |
| Start Journal Log filter=${cmd} |
| Open Connection And Log In |
| Sleep 5s |
| ${bmc_journald}= Stop Journal Log |
| @{ssh_entry}= Split To Lines ${bmc_journald} |
| |
| ${cmd}= Catenate SEPARATOR= egrep -E '*${bmc_hostname}.*${login_footprint}' /var/log/syslog |
| |
| ${remote_journald}= Remote Logging Server Execute Command command=${cmd} |
| |
| Should Contain ${remote_journald} ${ssh_entry[0]} |
| ... msg=${remote_journald} don't contain ${bmc_journald} entry. |
| |
| |
| Verify Rsyslog Does Not Log On BMC |
| [Documentation] Check that rsyslog journald doesn't log on BMC. |
| [Tags] Verify_Rsyslog_Does_Not_Log_On_BMC |
| |
| # Expected filter rsyslog entries. |
| # Example: |
| # syslogd[3356]: |
| # [origin software="rsyslogd" swVersion="8.29.0" x-pid="3356" x-info="http://www.rsyslog.com"] |
| # exiting on signal 15. |
| # rsyslogd[3364]: |
| # [origin software="rsyslogd" swVersion="8.29.0" x-pid="3364" x-info="http://www.rsyslog.com"] start |
| ${bmc_journald} ${stderr} ${rc}= BMC Execute Command |
| ... journalctl -b --no-pager | egrep 'rsyslog' | egrep -Ev '${RSYSLOG_REGEX}|${RSYSLOG_RETRY_REGEX}' |
| ... ignore_err=${1} |
| |
| Should Be Empty ${bmc_journald} |
| ... msg=${bmc_journald} contains unexpected rsyslog entries. |
| |
| |
| Boot Host And Verify Data Is Synced To Remote Server |
| [Documentation] Boot host and verify the power on sequence logs are synced |
| ... to remote logging server. |
| [Tags] Boot_Host_And_Verify_Data_Is_Synced_To_Remote_Server |
| |
| # Filter kernel dmesg from the journald log. |
| # Example: xx.xx.xx kernel: |
| |
| ${openbmc_host_name} ${openbmc_ip} ${openbmc_short_name}= |
| ... Get Host Name IP host=${OPENBMC_HOST} short_name=1 |
| |
| ${cmd}= Catenate SEPARATOR= --no-pager | egrep -Ev '${BMC_SYSLOG_REGEX} |
| ... |${openbmc_short_name} kernel' | awk -F': ' '{print $2}' |
| |
| # Example: Just get the message part of the syslog |
| # Started OpenPOWER OCC Active Disable. |
| Start Journal Log filter=${cmd} |
| |
| # Irrespective of the outcome, the journald should be synced. |
| Run Keyword And Ignore Error Redfish Power On |
| ${bmc_journald}= Stop Journal Log |
| |
| ${cmd}= Catenate SEPARATOR= egrep -a '${bmc_hostname}' /var/log/syslog |
| ${remote_journald}= Remote Logging Server Execute Command command=${cmd} |
| |
| @{lines}= Split To Lines ${bmc_journald} |
| |
| FOR ${line} IN @{lines} |
| Log To Console \n ${line} |
| Should Contain ${remote_journald} ${line} |
| ... mgs=${line} line doesn't contain in ${remote_journald}. |
| END |
| |
| |
| *** Keywords *** |
| |
| Suite Setup Execution |
| [Documentation] Do the suite setup. |
| |
| Should Not Be Empty ${REMOTE_LOG_SERVER_HOST} |
| Should Not Be Empty ${REMOTE_LOG_SERVER_PORT} |
| Should Not Be Empty ${REMOTE_USERNAME} |
| Should Not Be Empty ${REMOTE_PASSWORD} |
| Ping Host ${REMOTE_LOG_SERVER_HOST} |
| Remote Logging Server Execute Command true |
| Remote Logging Interface Should Exist |
| |
| ${hostname} ${stderr} ${rc}= BMC Execute Command /bin/hostname |
| Set Suite Variable ${bmc_hostname} ${hostname} |
| Configure Remote Log Server With Parameters |
| |
| |
| Test Setup Execution |
| [Documentation] Do the test setup. |
| |
| # Retain only the past 1 second log: |
| BMC Execute Command journalctl --vacuum-time=1s |
| |
| ${config_status}= Run Keyword And Return Status |
| ... Get Remote Log Server Configured |
| |
| Run Keyword If ${config_status}==${FALSE} |
| ... Configure Remote Log Server With Parameters |
| |
| |
| Remote Logging Interface Should Exist |
| [Documentation] Check that the remote logging URI exist. |
| |
| ${resp}= OpenBMC Get Request ${REMOTE_LOGGING_URI} |
| Should Be Equal As Strings ${resp.status_code} ${HTTP_OK} |
| |
| |
| Verify Configure Remote Logging Server |
| [Documentation] Configure the remote logging REST interface on BMC. |
| [Arguments] ${remote_host} ${remote_port} ${expectation} |
| |
| # Description of argument(s): |
| # remote_host The host name or IP address of the remote logging server |
| # (e.g. "xx.xx.xx.xx"). |
| # remote_port Remote ryslog server port number (e.g. "514"). |
| # expectation Expect boolean True/False. |
| |
| |
| ${status}= Run Keyword And Return Status |
| ... Configure Remote Log Server With Parameters remote_host=${remote_host} remote_port=${remote_port} |
| |
| Should Be Equal ${status} ${expectation} |
| ... msg=Test result ${status} and expectation ${expectation} do not match. |
| |
| |
| Create Redfish And IPMI Users |
| [Documentation] Create a valid Redfish and IPMI local user accounts and |
| ... delete them. |
| |
| # Create redfish local valid user. |
| ${redfish_username}= Generate Random String 8 [LETTERS] |
| |
| Redfish.Login |
| |
| ${payload}= Create Dictionary |
| ... UserName=${redfish_username} Password=${valid_password} |
| ... RoleId=Administrator Enabled=${True} |
| Redfish.Post /redfish/v1/AccountService/Accounts body=&{payload} |
| ... valid_status_codes=[${HTTP_CREATED}] |
| |
| # Delete newly created user. |
| Redfish.Delete /redfish/v1/AccountService/Accounts/${redfish_username} |
| |
| Redfish.Logout |
| |
| # Create IPMI local valid user. |
| ${random_username}= Generate Random String 8 [LETTERS] |
| Set Test Variable ${random_username} |
| ${random_userid}= Evaluate random.randint(2, 15) modules=random |
| IPMI Create User ${random_userid} ${random_username} |
| |
| Run IPMI Standard Command user set password ${random_userid} ${valid_password} |
| |
| ${msg}= Run IPMI Standard Command user test ${random_userid} ${max_password_length} ${valid_password} |
| Should Contain ${msg} Success |
| |
| # Delete IPMI user. |
| Run IPMI Standard Command user set name ${random_userid} "" |