Verified Commit 4853090a authored by Loïc Dachary's avatar Loïc Dachary Committed by Loïc Dachary

openvpn: test the client from the host

parent e738425c
......@@ -5,3 +5,5 @@ venv
**/__pycache__
**/*.pyc
**/*.pyo
inventory/group_vars/all/clouds.yml
inventory/group_vars/all/domain.yml
......@@ -8,6 +8,8 @@ inventories/common/01-hosts.yml
*.pyc
/infrastructure_key*
secret
tests/domain.yml
tests/clouds.yml
inventory/group_vars/all/domain.yml
inventory/group_vars/all/clouds.yml
openrc.sh
......
---
jobs:
script: tests/run-tests.sh
script: SKIP_OPENSTACK_INTEGRATION_TESTS=true tests/run-tests.sh
FROM debian:buster
ARG USER_NAME
ENV USER_NAME ${USER_NAME:-root}
ARG DOCKER_GID
ENV DOCKER_GID ${DOCKER_GID:-999}
ARG USER_ID
ENV USER_ID ${USER_ID:-0}
RUN apt-get update && \
apt-get install --quiet -y curl virtualenv python3 gcc libffi-dev libssl-dev python3-dev make git rsync \
systemd systemd-sysv \
systemd systemd-sysv sudo \
openssh-server
RUN curl -fsSL https://get.docker.com -o get-docker.sh && sh get-docker.sh
RUN curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose && chmod +x /usr/local/bin/docker-compose
RUN if test $USER_NAME != root ; then useradd --no-create-home --home-dir /tmp --uid $USER_ID --groups $DOCKER_GID $USER_NAME && echo "$USER_NAME ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers ; fi
ENV REQUESTS_CA_BUNDLE /etc/ssl/certs
WORKDIR /opt
......
......@@ -36,6 +36,7 @@ def make_config_dir(domain, cache):
os.makedirs(config_dir)
return config_dir
def prepare_config_dir(domain, cache):
os.environ['ENOUGH_DOMAIN'] = domain
config_dir = make_config_dir(domain, cache)
......
---
openvpn_active_clients:
- openvpnclientname
- openvpnclient-host
- localhost
openvpn_server_conf: |
push "route 10.11.12.0 255.255.255.0"
---
- name: create openvpnclientname
hosts: openvpnclient-host
- name: create openvpn client
hosts: openvpnclient-host,localhost
become: true
tasks:
- name: apt-get install openvpn
apt:
name: [openvpn]
state: present
- name: mkdir -p /etc/openvpn
file:
state: directory
path: /etc/openvpn
- name: copy client credentials
copy:
src: "{{ openvpn_local_directory }}/openvpnclientname.tar.gz"
dest: "/etc/openvpn/openvpnclientname.tar.gz"
src: "{{ openvpn_local_directory }}/{{ inventory_hostname }}.tar.gz"
dest: "/etc/openvpn/{{ inventory_hostname }}.tar.gz"
- name: cd /etc/openvpn ; tar zxvf openvpnclientname.tar.gz
- name: cd /etc/openvpn ; tar zxvf {{ inventory_hostname }}.tar.gz
shell: |
set -ex
tar zxvf openvpnclientname.tar.gz
tar zxvf {{ inventory_hostname }}.tar.gz
args:
chdir: /etc/openvpn
- name: systemctl enable openvpn@openvpnclientname ; systemctl start openvpn@openvpnclientname
- name: run openvpn on openvpnclient-host
hosts: openvpnclient-host
become: true
tasks:
- name: apt-get install openvpn
apt:
name: [openvpn]
state: present
- name: systemctl enable openvpn@{{ inventory_hostname }} ; systemctl start openvpn@{{ inventory_hostname }}
systemd:
name: openvpn@openvpnclientname
name: openvpn@{{ inventory_hostname }}
state: restarted
enabled: yes
from enough.common import retry
import sh
def test_localhost_vpn_route():
sh.sudo('apt-get', 'install', '-y', 'openvpn')
sh.sudo.openvpn('/etc/openvpn/localhost.conf',
_cwd='/etc/openvpn', _bg=True, _truncate_exc=False)
@retry.retry(AssertionError, tries=5)
def check_route():
output = sh.ip.route()
assert '10.11.12' in output
check_route()
#!/bin/bash
set -ex
# ENOUGH_API_TOKEN=abc tests/run-tests.sh tox -e openvpn -- --enough-no-create --enough-no-tests playbooks/openvpn/tests
name=enough-tox-$(date +%s)
set -ex
trap "docker rm -f $name >& /dev/null || true ; docker rmi --no-prune $name >& /dev/null || true" EXIT
function prepare_environment() {
if test $(id -u) != 0 ; then
SUDO=sudo
fi
$SUDO apt-get update
$SUDO apt-get install -y git
}
cat > inventory/group_vars/all/clouds.yml <<EOF
function prepare_inventory() {
if ! test -f inventory/group_vars/all/clouds.yml ; then
cat > tests/clouds.yml <<EOF
---
clouds:
ovh:
......@@ -19,15 +27,73 @@ clouds:
password: "$OS_PASSWORD"
region_name: "$OS_REGION_NAME"
EOF
else
cat inventory/group_vars/all/clouds.yml > tests/clouds.yml
fi
cat > inventory/group_vars/all/domain.yml <<EOF
if ! test -f inventory/group_vars/all/domain.yml ; then
cat > tests/domain.yml <<EOF
---
domain: enough.community
EOF
else
cat inventory/group_vars/all/domain.yml > tests/domain.yml
fi
}
function image_name() {
if test "$GITLAB_CI" ; then
echo enough-tox-$(date +%s)
trap "docker rm -f $name >& /dev/null || true ; docker rmi --no-prune $name >& /dev/null || true" EXIT
else
echo enough-tox
fi
}
function build_image() {
local name="$1"
(
cat enough/common/data/base.dockerfile
cat tests/tox.dockerfile
) | docker build --build-arg=USER_ID="$(id -u)" --build-arg=DOCKER_GID="$(getent group docker | cut -d: -f3)" --build-arg=USER_NAME="${USER:-root}" --tag $name -f - .
}
function run_tests_on_ref() {
:
}
function run_tests() {
local name="$1"
shift
local d="$1"
shift
find $d \( -name '*.pyc' -o -name '*.pyo' -o -name __pycache__ \) -delete
if test "$SKIP_OPENSTACK_INTEGRATION_TESTS" ; then
skip="-e SKIP_OPENSTACK_INTEGRATION_TESTS=true"
fi
if test "$GITLAB_CI" ; then
args="--workdir /opt"
else
args="--volume ${d}:${d} --workdir ${d} --volume $HOME/.enough:$HOME/.enough"
fi
docker run --rm --device=/dev/net/tun --dns=8.8.8.8 --name $name --user "${USER:-root}" -e ENOUGH_API_TOKEN=$ENOUGH_API_TOKEN $skip --cap-add=NET_ADMIN $args --volume /var/run/docker.sock:/var/run/docker.sock $name "${@:-tox}"
}
(
cat enough/common/data/base.dockerfile
cat tests/tox.dockerfile
) | docker build --tag $name -f - .
function main() {
prepare_environment
prepare_inventory
local name=$(image_name "$@")
build_image $name
local toplevel=$(git rev-parse --show-toplevel)
if test "$1" = "--upgrade" ; then
shift
local ref="$1"
shift
run_tests_on_ref $ref $name $toplevel "$@"
fi
run_tests $name $toplevel "$@"
}
docker run --rm --name $name -e SKIP_OPENSTACK_INTEGRATION_TESTS=true -v /var/run/docker.sock:/var/run/docker.sock $name tox
main "$@"
......@@ -3,4 +3,6 @@ RUN git init
COPY requirements-dev.txt tox.ini setup.cfg setup.py README.md /opt/
RUN tox --notest
COPY . /opt
COPY tests/clouds.yml /opt/inventory/group_vars/all/clouds.yml
COPY tests/domain.yml /opt/inventory/group_vars/all/domain.yml
RUN cd /opt && git add . && git config user.email "you@example.com" && git config user.name "Your Name" && git commit -a -m 'for tests'
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment