Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 08:58:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 111

Changes for migration TUF QA (#25468)

Browse source
This commit is contained in:
Lucas Manuel Rodriguez 2025-01-15 18:36:53 -03:00 committed by GitHub
parent 498ddca753
commit 70096e86ac
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 13 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
tools/tuf/test/migration/README.md
View file

@ -1,34 +1,27 @@
# `migration_test.sh`
This script is used to test the migration from one local TUF repository to a new local TUF repository (with new roots).
The "old" TUF will be hosted on port 8081, and the new TUF will be hosted on port 8082.
> Currently supports running on macOS only.
The script is interactive and assumes the user will use a Windows and Ubuntu VM to install fleetd and test the changes on those platforms too.
Usage:
- `FLEET_URL`: The Fleet server will be hosted on https://localhost:8080, tunneled via ngrok to e.g. https://s123ssfsdgsdf.ngrok.app.
- `OLD_TUF_URL`: The "old" TUF will be hosted on http://localhost:8081, tunneled via ngrok to e.g. https://121e9b4a4dab.ngrok.app.
- `NEW_TUF_URL`: The "new" TUF will be hosted on http://localhost:8082, tunneled via ngrok to e.g. https://12oe8b5b3cc6.ngrok.app.
- `SIMULATE_NEW_TUF_OUTAGE=1`: Simulates an outage of the new TUF server during the migration.
- `ORBIT_PATCH_IN_OLD_TUF=1`: Simulates an outage of the new TUF server during the migration and a "need" to patch orbit on the old repository.
- `WINDOWS_HOST_HOSTNAME`: Hostname of the Windows VM to install fleetd (as reported by osquery/Fleet).
- `LINUX_HOST_HOSTNAME`: Hostname of the Ubuntu VM to install fleetd (as reported by osquery/Fleet).
- `NO_TEAM_ENROLL_SECRET`: Enroll secret of "No team" on your Fleet instance.
```sh
FLEET_URL=https://host.docker.internal:8080 \
FLEET_URL=https://s123ssfsdgsdf.ngrok.app \
OLD_TUF_URL=https://121e9b4a4dab.ngrok.app \
NEW_TUF_URL=https://12oe8b5b3cc6.ngrok.app \
NO_TEAM_ENROLL_SECRET=... \
WINDOWS_HOST_HOSTNAME=DESKTOP-USFLJ3H \
LINUX_HOST_HOSTNAME=foobar-ubuntu \
./tools/tuf/test/migration/migration_test.sh
```
To test TUFs with HTTPS instead of HTTP with two ngrok tunnels that connect to 8081/8082:
```sh
OLD_TUF_URL=https://121e9b4a4dab.ngrok.app \
NEW_TUF_URL=https://12oe8b5b3cc6.ngrok.app \
```
To simulate an outage of the new TUF server during the migration run the above with:
```sh
SIMULATE_NEW_TUF_OUTAGE=1 \
```
To simulate an outage of the new TUF server during the migration and a "need" to patch orbit on the old repository:
```sh
SIMULATE_NEW_TUF_OUTAGE=1 \
ORBIT_PATCH_IN_OLD_TUF=1 \
```
./tools/tuf/test/migration/migration_test.sh
```

3
tools/tuf/test/migration/migration_test.sh
View file

@ -138,7 +138,6 @@ for pkgType in "${pkgTypes[@]}"; do
--fleet-desktop \
--fleet-url="$FLEET_URL" \
--enroll-secret="$NO_TEAM_ENROLL_SECRET" \
--fleet-certificate=./tools/osquery/fleet.crt \
--debug \
--update-roots="$ROOT_KEYS1" \
--update-url=$OLD_TUF_URL \
@ -434,7 +433,6 @@ for pkgType in "${pkgTypes[@]}"; do
--fleet-desktop \
--fleet-url="$FLEET_URL" \
--enroll-secret="$NO_TEAM_ENROLL_SECRET" \
--fleet-certificate=./tools/osquery/fleet.crt \
--debug \
--update-roots="$ROOT_KEYS1" \
--update-url=$OLD_TUF_URL \
@ -545,7 +543,6 @@ for pkgType in "${pkgTypes[@]}"; do
--fleet-desktop \
--fleet-url="$FLEET_URL" \
--enroll-secret="$NO_TEAM_ENROLL_SECRET" \
--fleet-certificate=./tools/osquery/fleet.crt \
--debug \
--disable-open-folder \
--disable-keystore \