Merge pull request #1992 from letsencrypt/apache-conf-test

Apache conf tests in travis

.travis.yml

@@ -3,6 +3,8 @@ language: python
 services:
   - rabbitmq
   - mariadb
+  # apacheconftest
+  #- apache2
 
 # http://docs.travis-ci.com/user/ci-environment/#CI-environment-OS
 # gimme has to be kept in sync with Boulder's Go version setting in .travis.yml
@@ -22,6 +24,9 @@ env:
     - TOXENV=py27 BOULDER_INTEGRATION=1
     - TOXENV=lint
     - TOXENV=cover
+# Disabled for now due to requiring sudo -> causing more boulder integration
+# DNS timeouts :(
+#    - TOXENV=apacheconftest
 
 
 # Only build pushes to the master branch, PRs, and branches beginning with
@@ -58,6 +63,12 @@ addons:
     - openssl
     # For Boulder integration testing
     - rsyslog
+    # for apacheconftest
+    #- realpath
+    #- apache2
+    #- libapache2-mod-wsgi
+    #- libapache2-mod-macro
+    #- sudo
 
 install: "travis_retry pip install tox coveralls"
 script: 'travis_retry tox && ([ "xxx$BOULDER_INTEGRATION" = "xxx" ] || ./tests/travis-integration.sh)'

docs/contributing.rst

@@ -65,8 +65,14 @@ Testing
 
 The following tools are there to help you:
 
-- ``tox`` starts a full set of tests. Please make sure you run it
-  before submitting a new pull request.
+- ``tox`` starts a full set of tests. Please note that it includes
+  apacheconftest, which uses the system's Apache install to test config file
+  parsing, so it should only be run on systems that have an
+  experimental, non-production Apache2 install on them.  ``tox -e
+  apacheconftest`` can be used to run those specific Apache conf tests.
+
+- ``tox -e py27``, ``tox -e py26`` etc, run unit tests for specific Python
+  versions.
 
 - ``tox -e cover`` checks the test coverage only. Calling the
   ``./tox.cover.sh`` script directly (or even ``./tox.cover.sh $pkg1

letsencrypt-apache/letsencrypt_apache/tests/apache-conf-files/apache-conf-test

@@ -0,0 +1,78 @@
+#!/bin/bash
+
+# A hackish script to see if the client is behaving as expected 
+# with each of the "passing" conf files.
+
+export EA=/etc/apache2/ 
+TESTDIR="`dirname $0`"
+LEROOT="`realpath \"$TESTDIR/../../../../\"`"
+cd $TESTDIR/passing
+LETSENCRYPT="${LETSENCRYPT:-$LEROOT/venv/bin/letsencrypt}"
+
+function CleanupExit() {
+    echo control c, exiting tests...
+    if [ "$f" != "" ] ; then
+        Cleanup
+    fi
+    exit 1
+}
+
+function Setup() {
+    if [ "$APPEND_APACHECONF" = "" ] ; then
+        sudo cp "$f" "$EA"/sites-available/
+        sudo ln -sf "$EA/sites-available/$f" "$EA/sites-enabled/$f"
+        sudo echo """
+<VirtualHost *:80>
+    ServerName example.com
+    DocumentRoot /tmp/
+    ErrorLog /tmp/error.log
+    CustomLog /tmp/requests.log combined
+</VirtualHost>""" >> $EA/sites-available/throwaway-example.conf
+    else
+        TMP="/tmp/`basename \"$APPEND_APACHECONF\"`.$$"
+        sudo cp -a "$APPEND_APACHECONF" "$TMP"
+        sudo bash -c "cat \"$f\" >> \"$APPEND_APACHECONF\""
+    fi
+}
+
+function Cleanup() {
+    if [ "$APPEND_APACHECONF" = "" ] ; then
+        sudo rm /etc/apache2/sites-{enabled,available}/"$f"
+        sudo rm $EA/sites-available/throwaway-example.conf
+    else
+        sudo mv "$TMP" "$APPEND_APACHECONF"
+    fi
+}
+
+# if our environment asks us to enable modules, do our best!
+if [ "$1" = --debian-modules ] ; then
+    sudo apt-get install -y libapache2-mod-wsgi
+    sudo apt-get install -y libapache2-mod-macro
+
+    for mod in  ssl rewrite macro wsgi deflate userdir version mime ; do
+        sudo a2enmod $mod
+    done
+fi
+
+
+FAILS=0
+trap CleanupExit INT
+for f in *.conf ; do 
+    echo -n  testing "$f"...
+    Setup
+    RESULT=`echo c | sudo "$LETSENCRYPT" -vvvv --debug --staging --apache --register-unsafely-without-email --agree-tos certonly -t 2>&1`
+    if echo $RESULT | grep -Eq \("Which names would you like"\|"mod_macro is not yet"\) ; then
+        echo passed
+    else
+        echo failed
+        echo $RESULT
+        echo
+        echo
+        FAILS=`expr $FAILS + 1`
+    fi
+    Cleanup
+done
+if [ "$FAILS" -ne 0 ] ; then
+    exit 1
+fi
+exit 0

letsencrypt-apache/letsencrypt_apache/tests/apache-conf-files/passing/README.modules

@@ -0,0 +1,6 @@
+# Modules required to parse these conf files:
+ssl
+rewrite
+macro
+wsgi
+deflate

letsencrypt-apache/letsencrypt_apache/tests/apache-conf-files/passing/graphite-quote-1934.conf

@@ -1,6 +1,6 @@
 <VirtualHost *:80>
 
-        WSGIDaemonProcess _graphite processes=5 threads=5 display-name='%{GROUP}' inactivity-timeout=120 user=_graphite group=_graphite
+        WSGIDaemonProcess _graphite processes=5 threads=5 display-name='%{GROUP}' inactivity-timeout=120 user=www-data group=www-data
         WSGIProcessGroup _graphite
         WSGIImportScript /usr/share/graphite-web/graphite.wsgi process-group=_graphite application-group=%{GLOBAL}
         WSGIScriptAlias / /usr/share/graphite-web/graphite.wsgi

tests/apache-conf-files/hackish-apache-test

@@ -1,28 +0,0 @@
-#!/bin/bash
-
-# A hackish script to see if the client is behaving as expected 
-# with each of the "passing" conf files.
-
-# TODO presently this requires interaction and human judgement to 
-# assess, but it should be automated
-export EA=/etc/apache2/ 
-TESTDIR="`dirname $0`"
-LEROOT="`realpath \"$TESTDIR/../../\"`"
-cd $TESTDIR/passing
-
-function CleanupExit() {
-    echo control c, exiting tests...
-    if [ "$f" != "" ] ; then
-        sudo rm /etc/apache2/sites-{enabled,available}/"$f"
-    fi
-    exit 1
-}
-
-trap CleanupExit INT
-for f in *.conf ; do 
-    echo testing "$f"
-    sudo cp "$f" "$EA"/sites-available/
-    sudo ln -s "$EA/sites-available/$f" "$EA/sites-enabled/$f"
-    sudo "$LEROOT"/venv/bin/letsencrypt --apache  certonly -t
-    sudo rm /etc/apache2/sites-{enabled,available}/"$f"
-done

tests/apache-conf-files/passing/README.modules

@@ -1,7 +0,0 @@
-Modules required to parse these conf files:
-
-ssl
-rewrite
-macro
-wsgi
-deflate

tox.ini

@@ -67,3 +67,11 @@ commands =
     pylint --rcfile=.pylintrc letsencrypt-nginx/letsencrypt_nginx
     pylint --rcfile=.pylintrc letsencrypt-compatibility-test/letsencrypt_compatibility_test
     pylint --rcfile=.pylintrc letshelp-letsencrypt/letshelp_letsencrypt
+
+[testenv:apacheconftest]
+#basepython = python2.7
+setenv =
+    LETSENCRYPT=/home/travis/build/letsencrypt/letsencrypt/.tox/apacheconftest/bin/letsencrypt
+commands =
+    pip install -e acme -e .[dev] -e letsencrypt-apache -e letsencrypt-nginx -e letsencrypt-compatibility-test -e letshelp-letsencrypt
+    sudo ./letsencrypt-apache/letsencrypt_apache/tests/apache-conf-files/apache-conf-test --debian-modules