[CPDEV-100414] Install and check thirdparties skipping SSL verification

kubemarine/procedures/check_iaas.py

@@ -341,8 +341,27 @@ def check_kernel_version(cluster: KubernetesCluster) -> None:
 def check_access_to_thirdparties(cluster: KubernetesCluster) -> None:
     with TestCase(cluster, '012', 'Software', 'Thirdparties Availability') as tc:
         detect_preinstalled_python(cluster)
-        broken = []
-        skipped_msgs = nodes_require_python(cluster)
+        check_resolv_conf(cluster)
+        broken: List[str] = []
+        warnings = nodes_require_python(cluster)
+
+        problem_handlers: Dict[str, List[str]] = {}
+
+        def resolve_problem_handler(host: str) -> List[str]:
+            handler = problem_handlers.get(host)
+            if handler is None:
+                resolv_conf_actual = cluster.nodes_context[host]['resolv_conf_is_actual']
+                if not resolv_conf_actual:
+                    warnings.append(f"resolv.conf is not installed for node {host}: "
+                                    f"Thirdparties can be unavailable. You can install resolv.conf using task "
+                                    f"`install --tasks prepare.dns.resolv_conf`")
+                    handler = warnings
+                else:
+                    handler = broken
+
+                problem_handlers[host] = handler
+
+            return handler
 
         # Load script for checking sources
         all_group = get_python_group(cluster, True)
@@ -361,18 +380,19 @@ def check_access_to_thirdparties(cluster: KubernetesCluster) -> None:
                 python_executable = cluster.nodes_context[host]['python']['executable']
                 res = node.run("%s %s %s %s" % (python_executable, random_temp_path, config['source'],
                                                 cluster.inventory['globals']['timeout_download']), warn=True)
+                problem_handler = resolve_problem_handler(host)
                 if res.is_any_failed():
-                    broken.append(f"{host}, {destination}: {res[host].stderr}")
+                    problem_handler.append(f"{host}, {destination}: {res[host].stderr}")
 
         # Remove file
         rm_command = "rm %s" % random_temp_path
         all_group.run(rm_command)
 
         if broken:
             raise TestFailure('Required thirdparties are unavailable', hint=yaml.safe_dump(broken))
-        if skipped_msgs:
+        if warnings:
             raise TestWarn("Can't detect python version for some nodes",
-                           hint='\n'.join(skipped_msgs))
+                           hint='\n'.join(warnings))
         tc.success('All thirdparties are available')
 
 

kubemarine/procedures/check_paas.py

@@ -399,7 +399,7 @@ def thirdparties_hashes(cluster: KubernetesCluster) -> None:
                 cluster.log.verbose('Temporary path: %s' % random_path)
                 remote_commands = "mkdir -p %s" % ('/'.join(random_path.split('/')[:-1]))
                 # Load thirdparty to temporary dir
-                remote_commands += "&& sudo curl -f -g -s --show-error -L %s -o %s" % (config['source'], random_path)
+                remote_commands += "&& sudo curl -k -f -g -s --show-error -L %s -o %s" % (config['source'], random_path)
                 results = first_control_plane.sudo(remote_commands, warn=True)
                 if results.is_any_failed():
                     host = first_control_plane_host

kubemarine/resources/scripts/check_url_availability.py

@@ -16,6 +16,7 @@
 # The script is for testing purpose only.
 # The first argv parameter is source. The second argv parameter is the timeout.
 
+import ssl
 import sys
 
 major_version = sys.version_info.major
@@ -37,8 +38,14 @@
 
     password_mgr = urllib.HTTPPasswordMgrWithDefaultRealm()
     password_mgr.add_password(None, no_auth_url, parsed_url.username or '', parsed_url.password or '')
-    handler = urllib.HTTPBasicAuthHandler(password_mgr)
-    opener = urllib.build_opener(handler)
+    basic_auth_handler = urllib.HTTPBasicAuthHandler(password_mgr)
+
+    ssl_ctx = ssl.create_default_context()
+    ssl_ctx.check_hostname = False
+    ssl_ctx.verify_mode = ssl.CERT_NONE
+    https_handler = urllib.HTTPSHandler(context=ssl_ctx)
+
+    opener = urllib.build_opener(https_handler, basic_auth_handler)
 
     status_code = opener.open(no_auth_url, timeout=timeout).getcode()
     if status_code != 200:

kubemarine/thirdparties.py

@@ -345,7 +345,7 @@ def install_thirdparty(filter_group: NodeGroup, destination: str) -> Optional[Ru
             # if hash equal, then stop further actions immediately! unpack should not be performed too
             remote_commands += ' && FILE_HASH=$(sudo openssl sha1 %s | sed "s/^.* //"); ' \
                                '[ "%s" == "${FILE_HASH}" ] && exit 0 || true ' % (destination, config['sha1'])
-        remote_commands += (' && sudo rm -f %s && sudo curl --max-time %d -f -g -L %s -o %s && '
+        remote_commands += (' && sudo rm -f %s && sudo curl --max-time %d -k -f -g -L %s -o %s && '
                             % (destination, cluster.inventory['globals']['timeout_download'], config['source'], destination))
     else:
         cluster.log.verbose('Installation via sftp upload detected')