feat(systemd): check sockets created by systemd

[baby-gnu]

PR progress checklist (to be filled in by reviewers)

• [ ] Changes to documentation are appropriate (or tick if not required)
• [ ] Changes to tests are appropriate (or tick if not required)
• [ ] Reviews completed

---

What type of PR is this?

Primary type

• [ ] [build] Changes related to the build system
• [ ] [chore] Changes to the build process or auxiliary tools and libraries such as documentation generation
• [ ] [ci] Changes to the continuous integration configuration
• [x] [feat] A new feature
• [ ] [fix] A bug fix
• [ ] [perf] A code change that improves performance
• [ ] [refactor] A code change that neither fixes a bug nor adds a feature
• [ ] [revert] A change used to revert a previous commit
• [ ] [style] Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc.)

Secondary type

• [ ] [docs] Documentation changes
• [x] [test] Adding missing or correcting existing tests

Does this PR introduce a BREAKING CHANGE?

No.

Related issues and/or pull requests

• 64

Describe the changes you're proposing

On systems with sockets created by systemd, the configuration in “libvirtd.conf” is not used.

• test/integration/share/libraries/systemd_config.rb: new utility to get systemd service configuration options.

• test/integration/share/libraries/libvirt_socket_admin.rb: load “libvirt-admin.socket” configuration and provide 3 methods to return owner, group and permissions defined. Fallback on default values.

• test/integration/share/libraries/libvirt_socket_ro.rb: load “libvirt-ro.socket” configuration and provide 3 methods to return owner, group and permissions defined. Fallback on default values.

• test/integration/share/libraries/libvirt_socket_rw.rb: load “libvirt.socket” configuration and provide 3 methods to return owner, group and permissions defined. Fallback on default values.

• test/integration/default/controls/socket_admin_spec.rb: check socket owner, group and permissions against configured values.

• test/integration/default/controls/socket_ro_spec.rb: ditoo.

• test/integration/default/controls/socket_rw_spec.rb: ditoo.

Pillar / config required to test the proposed changes

Debug log showing how the proposed changes work

-----> Starting Kitchen (v2.3.3)
-----> Verifying <default-fedora-31-master-py3>...
       Loaded default 

Profile: libvirt formula (default)
Version: (not specified)
Target:  ssh://kitchen@localhost:32768

  ✔  Libvirt service: verify running service
     ✔  Service libvirtd should be enabled
     ✔  Service libvirtd should be running
  ✔  Libvirt packages: verify installed packages
     ✔  System Package libvirt should be installed
     ✔  System Package qemu-kvm should be installed
     ✔  System Package libguestfs should be installed
     ✔  System Package python3-libvirt should be installed
  ✔  Libvirt read/write socket: should exist with proper permissions
     ✔  libvirt_socket_rw should exist
     ✔  libvirt_socket_rw type should eq :socket
     ✔  libvirt_socket_rw owner should eq "root"
     ✔  libvirt_socket_rw group should eq "root"
     ✔  libvirt_socket_rw mode should cmp == "0666"
  ✔  Libvirt admin socket: should exist with proper permissions
     ✔  libvirt_socket_admin should exist
     ✔  libvirt_socket_admin type should eq :socket
     ✔  libvirt_socket_admin owner should eq "root"
     ✔  libvirt_socket_admin group should eq "root"
     ✔  libvirt_socket_admin mode should cmp == "0600"
  ✔  Libvirt configuration: verify applied configuration
     ✔  File /etc/sysconfig/libvirtd should exist
     ✔  File /etc/sysconfig/libvirtd content should match /This\sfile\sis\smanaged\sby\sSalt/
     ✔  File /etc/libvirt/libvirtd.conf should exist
     ✔  File /etc/libvirt/libvirtd.conf content should match /This\sfile\sis\smanaged\sby\sSalt/
     ✔  Parse Config File /etc/libvirt/libvirtd.conf listen_tls should eq "0"
     ✔  Parse Config File /etc/libvirt/libvirtd.conf listen_tcp should eq "0"
     ✔  Parse Config File /etc/libvirt/libvirtd.conf tls_port should eq "16514"
     ✔  Parse Config File /etc/libvirt/libvirtd.conf tcp_port should eq "16509"
     ✔  Parse Config File /etc/libvirt/libvirtd.conf listen_addr should eq "0.0.0.0"
     ✔  Parse Config File /etc/libvirt/libvirtd.conf unix_sock_group should eq "root"
     ✔  Parse Config File /etc/libvirt/libvirtd.conf unix_sock_ro_perms should eq "0777"
     ✔  Parse Config File /etc/libvirt/libvirtd.conf unix_sock_rw_perms should eq "0770"
     ✔  Parse Config File /etc/libvirt/libvirtd.conf auth_unix_ro should eq "none"
     ✔  Parse Config File /etc/libvirt/libvirtd.conf auth_unix_rw should eq "none"
     ✔  Parse Config File /etc/libvirt/libvirtd.conf auth_tcp should eq "none"
  ✔  Libvirt read only socket: should exist with proper permissions
     ✔  libvirt_socket_ro should exist
     ✔  libvirt_socket_ro type should eq :socket
     ✔  libvirt_socket_ro owner should eq "root"
     ✔  libvirt_socket_ro group should eq "root"
     ✔  libvirt_socket_ro mode should cmp == "0666"

Profile: libvirt formula (share)
Version: (not specified)
Target:  ssh://kitchen@localhost:32768

     No tests executed.

Profile Summary: 6 successful controls, 0 control failures, 0 controls skipped
Test Summary: 36 successful, 0 failures, 0 skipped
       Finished verifying <default-fedora-31-master-py3> (0m9.68s).
-----> Kitchen is finished. (0m12.62s)

Documentation checklist

• [ ] Updated the README (e.g. Available states).
• [ ] Updated pillar.example.

Testing checklist

• [ ] Included in Kitchen (i.e. under state_top).
• [ ] Covered by new/existing tests (e.g. InSpec, Serverspec, etc.).
• [ ] Updated the relevant test pillar.

Additional context

[baby-gnu]

In the kitchen output we can see that the configured perms in libvirtd.conf are:

• unix_sock_ro_perms should eq "0777"
• unix_sock_rw_perms should eq "0770"

but the real perms are tested against values from systemd .socket services:

• libvirt_socket_rw mode should cmp == "0666"
• libvirt_socket_ro mode should cmp == "0666"

We could enable new images after this PR is merged.

Regards.

[myii]

Merged, thanks @baby-gnu.

[saltstack-formulas-travis]

:tada: This PR is included in version 3.4.0 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket: