[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 6/6] tests: exercise NBD server in TLS mode
From: |
Daniel P . Berrangé |
Subject: |
Re: [Qemu-devel] [PATCH 6/6] tests: exercise NBD server in TLS mode |
Date: |
Mon, 19 Nov 2018 10:37:52 +0000 |
User-agent: |
Mutt/1.10.1 (2018-07-13) |
On Sat, Nov 17, 2018 at 03:31:34PM -0600, Eric Blake wrote:
> On 11/16/18 11:20 AM, Eric Blake wrote:
> > On 11/16/18 9:53 AM, Daniel P. Berrangé wrote:
> > > Add tests that validate it is possible to connect to an NBD server
> > > running TLS mode. Also test mis-matched TLS vs non-TLS connections
> > > correctly fail.
> > > ---
>
> > > +== check TLS client to plain server fails ==
> > > +option negotiation failed: read failed: Unexpected end-of-file
> > > before all bytes were read
> >
> > Annoying message; I wonder if we can clean that up. But not this patch's
> > problem.
> >
>
> Actually, I tracked this message down to using socat (which actually
> connects and then abruptly exits) when probing whether the socket is up and
> listening. That is, the message is being produced as a side effect of
> nbd_server_wait_for_tcp_socket rather than during the actual $QEMU_IMG
> command we are interested in testing.
>
>
> > > nbd_pid_file="${TEST_DIR}/qemu-nbd.pid"
> > > function nbd_server_stop()
> > > @@ -62,3 +63,49 @@ function nbd_server_start_unix_socket()
> > > $QEMU_NBD -v -t -k "$nbd_unix_socket" $@ &
> > > nbd_server_wait_for_unix_socket $!
> > > }
> > > +
> > > +function nbd_server_set_tcp_port()
> > > +{
> > > + for port in `seq 10809 10909`
> > > + do
> > > + socat TCP:$nbd_tcp_addr:$port STDIO < /dev/null 1>/dev/null 2>&1
> >
> > This is the first use of socat in iotests. Might not be the most
> > portable, but I don't know if I have better ideas.
> > nbdkit.git/tests/test-ip.sh greps the output of 'ss -ltn' to locate free
> > ports, but I don't know if ss is any better than socat.
>
> So, I'm planning to squash this in, to use ss instead of socat, as follows:
Personally I prefer socat since it is more portable, per my previous
message.
> diff --git i/tests/qemu-iotests/233.out w/tests/qemu-iotests/233.out
> index eaa410c2703..eb4077f9fd7 100644
> --- i/tests/qemu-iotests/233.out
> +++ w/tests/qemu-iotests/233.out
> @@ -11,12 +11,10 @@ Generating a signed certificate...
> Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864
>
> == check TLS client to plain server fails ==
> -option negotiation failed: read failed: Unexpected end-of-file before all
> bytes were read
> qemu-img: Could not open
> 'driver=nbd,host=127.0.0.1,port=10809,tls-creds=tls0': Denied by server for
> option 5 (starttls)
> server reported: TLS not configured
>
> == check plain client to TLS server fails ==
> -option negotiation failed: read failed: Unexpected end-of-file before all
> bytes were read
> qemu-img: Could not open 'nbd://localhost:10809': TLS negotiation required
> before option 8 (structured reply)
> server reported: Option 0x8 not permitted before TLS
> write failed (error message): Unable to write to socket: Broken pipe
>
>
> Also, you have to sanitize 233.out to change 10809 into PORT, so the test
> can still pass when it picked a different port.
Opps, yes.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
Re: [Qemu-devel] [PATCH 6/6] tests: exercise NBD server in TLS mode, Eric Blake, 2018/11/17
Re: [Qemu-devel] [PATCH 6/6] tests: exercise NBD server in TLS mode, Daniel P . Berrangé, 2018/11/19
[Qemu-devel] [PATCH 7/6] iotests: Also test I/O over NBD TLS, Eric Blake, 2018/11/17