Fix test farm tests (#6335)

* update CentOS AMI ids * Remove assumption of usable default subnet
2026-01-26 07:41:33 +03:00 · 2018-09-05 13:12:06 -07:00
parent 405a8b4264
commit cd2edeff1b
2 changed files with 51 additions and 13 deletions
--- a/tests/letstest/multitester.py
+++ b/tests/letstest/multitester.py
@@ -103,13 +103,32 @@ LOGDIR = "" #points to logging / working directory
 # boto3/AWS api globals
 AWS_SESSION = None
 EC2 = None
+SECURITY_GROUP_NAME = 'certbot-security-group'
+SUBNET_NAME = 'certbot-subnet'

 # Boto3/AWS automation functions
 #-------------------------------------------------------------------------------
-def make_security_group():
+def should_use_subnet(subnet):
+    """Should we use the given subnet for these tests?
+
+    We should if it is the default subnet for the availability zone or the
+    subnet is named "certbot-subnet".
+
+    """
+    if not subnet.map_public_ip_on_launch:
+        return False
+    if subnet.default_for_az:
+        return True
+    for tag in subnet.tags:
+        if tag['Key'] == 'Name' and tag['Value'] == SUBNET_NAME:
+            return True
+    return False
+
+def make_security_group(vpc):
+    """Creates a security group in the given VPC."""
    # will fail if security group of GroupName already exists
    # cannot have duplicate SGs of the same name
-    mysg = EC2.create_security_group(GroupName="letsencrypt_test",
+    mysg = vpc.create_security_group(GroupName=SECURITY_GROUP_NAME,
                                     Description='security group for automated testing')
    mysg.authorize_ingress(IpProtocol="tcp", CidrIp="0.0.0.0/0", FromPort=22, ToPort=22)
    mysg.authorize_ingress(IpProtocol="tcp", CidrIp="0.0.0.0/0", FromPort=80, ToPort=80)
@@ -123,14 +142,16 @@ def make_security_group():
 def make_instance(instance_name,
                  ami_id,
                  keyname,
+                  security_group_id,
+                  subnet_id,
                  machine_type='t2.micro',
-                  security_groups=['letsencrypt_test'],
                  userdata=""): #userdata contains bash or cloud-init script

    new_instance = EC2.create_instances(
        BlockDeviceMappings=_get_block_device_mappings(ami_id),
        ImageId=ami_id,
-        SecurityGroups=security_groups,
+        SecurityGroupIds=[security_group_id],
+        SubnetId=subnet_id,
        KeyName=keyname,
        MinCount=1,
        MaxCount=1,
@@ -294,7 +315,7 @@ def grab_certbot_log():
    sudo('if [ -f ./certbot.log ]; then \
    cat ./certbot.log; else echo "[nolocallog]"; fi')

-def create_client_instances(targetlist):
+def create_client_instances(targetlist, security_group_id, subnet_id):
    "Create a fleet of client instances"
    instances = []
    print("Creating instances: ", end="")
@@ -314,6 +335,8 @@ def create_client_instances(targetlist):
                                       target['ami'],
                                       KEYNAME,
                                       machine_type=machine_type,
+                                       security_group_id=security_group_id,
+                                       subnet_id=subnet_id,
                                       userdata=userdata))
    print()
    return instances
@@ -418,14 +441,28 @@ print("Connecting to EC2 using\n profile %s\n keyname %s\n keyfile %s"%(PROFILE,
 AWS_SESSION = boto3.session.Session(profile_name=PROFILE)
 EC2 = AWS_SESSION.resource('ec2')

+print("Determining Subnet")
+for subnet in EC2.subnets.all():
+    if should_use_subnet(subnet):
+        subnet_id = subnet.id
+        vpc_id = subnet.vpc.id
+        break
+else:
+    print("No usable subnet exists!")
+    print("Please create a VPC with a subnet named {0}".format(SUBNET_NAME))
+    print("that maps public IPv4 addresses to instances launched in the subnet.")
+    sys.exit(1)
+
 print("Making Security Group")
+vpc = EC2.Vpc(vpc_id)
 sg_exists = False
-for sg in EC2.security_groups.all():
-    if sg.group_name == 'letsencrypt_test':
+for sg in vpc.security_groups.all():
+    if sg.group_name == SECURITY_GROUP_NAME:
+        security_group_id = sg.id
        sg_exists = True
-        print("  %s already exists"%'letsencrypt_test')
+        print("  %s already exists"%SECURITY_GROUP_NAME)
 if not sg_exists:
-    make_security_group()
+    security_group_id = make_security_group(vpc).id
    time.sleep(30)

 boulder_preexists = False
@@ -446,11 +483,12 @@ else:
                                   KEYNAME,
                                   machine_type='t2.micro',
                                   #machine_type='t2.medium',
-                                   security_groups=['letsencrypt_test'])
+                                   security_group_id=security_group_id,
+                                   subnet_id=subnet_id)

 try:
    if not cl_args.boulderonly:
-        instances = create_client_instances(targetlist)
+        instances = create_client_instances(targetlist, security_group_id, subnet_id)

    # Configure and launch boulder server
    #-------------------------------------------------------------------------------
--- a/tests/letstest/targets.yaml
+++ b/tests/letstest/targets.yaml
@@ -48,13 +48,13 @@ targets:
  # CentOS
  # These Marketplace AMIs must, irritatingly, have their terms manually
  # agreed to on the AWS marketplace site for any new AWS account using them...
-  - ami: ami-61bbf104
+  - ami: ami-9887c6e7
    name: centos7
    type: centos
    virt: hvm
    user: centos
  # centos6 requires EPEL repo added
-  - ami: ami-57cd8732
+  - ami: ami-1585c46a
    name: centos6
    type: centos
    virt: hvm