Commit a3a52bb4 authored by Loïc Dachary's avatar Loïc Dachary

Merge branch 'wip-openvpn' into 'master'

run VPN tests within a docker container

See merge request !218
parents 1f495ab6 4853090a
Pipeline #631 passed with stage
in 12 minutes and 6 seconds
......@@ -5,3 +5,5 @@ venv
**/__pycache__
**/*.pyc
**/*.pyo
inventory/group_vars/all/clouds.yml
inventory/group_vars/all/domain.yml
......@@ -8,6 +8,8 @@ inventories/common/01-hosts.yml
*.pyc
/infrastructure_key*
secret
tests/domain.yml
tests/clouds.yml
inventory/group_vars/all/domain.yml
inventory/group_vars/all/clouds.yml
openrc.sh
......
---
jobs:
script: tests/run-tests.sh
script: SKIP_OPENSTACK_INTEGRATION_TESTS=true tests/run-tests.sh
FROM debian:buster
ARG USER_NAME
ENV USER_NAME ${USER_NAME:-root}
ARG DOCKER_GID
ENV DOCKER_GID ${DOCKER_GID:-999}
ARG USER_ID
ENV USER_ID ${USER_ID:-0}
RUN apt-get update && \
apt-get install --quiet -y curl virtualenv python3 gcc libffi-dev libssl-dev python3-dev make git rsync \
systemd systemd-sysv \
systemd systemd-sysv sudo \
openssh-server
RUN curl -fsSL https://get.docker.com -o get-docker.sh && sh get-docker.sh
RUN curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose && chmod +x /usr/local/bin/docker-compose
RUN if test $USER_NAME != root ; then useradd --no-create-home --home-dir /tmp --uid $USER_ID --groups $DOCKER_GID $USER_NAME && echo "$USER_NAME ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers ; fi
ENV REQUESTS_CA_BUNDLE /etc/ssl/certs
WORKDIR /opt
......
......@@ -16,15 +16,16 @@ import sys
# Build paths inside the project like this: os.path.join(CONFIG_DIR, ...)
ENOUGH_DOMAIN = os.environ.get('ENOUGH_DOMAIN', 'enough.community')
ENOUGH_DOT = os.environ.get('ENOUGH_DOT', os.path.expanduser(f'~/.enough'))
if os.path.exists('setup.cfg'): # running from sources
if 'ENOUGH_DOMAIN' in os.environ:
CONFIG_DIR = os.path.expanduser(f'~/.enough/{ENOUGH_DOMAIN}')
CONFIG_DIR = f'{ENOUGH_DOT}/{ENOUGH_DOMAIN}'
else:
CONFIG_DIR = os.path.abspath('.')
SHARE_DIR = os.path.abspath('.')
else:
CONFIG_DIR = os.path.expanduser(f'~/.enough/{ENOUGH_DOMAIN}')
CONFIG_DIR = f'{ENOUGH_DOT}/{ENOUGH_DOMAIN}'
SHARE_DIR = f'{sys.prefix}/share/enough'
CERTS_DIR = f'{CONFIG_DIR}/certs'
......
......@@ -28,11 +28,18 @@ def pytest_configure(config):
pass
def prepare_config_dir(domain):
os.environ['ENOUGH_DOMAIN'] = domain
config_dir = os.path.expanduser(f'~/.enough/{domain}')
def make_config_dir(domain, cache):
d = cache.makedir('dotenough')
os.environ['ENOUGH_DOT'] = str(d)
config_dir = f'{d}/{domain}'
if not os.path.exists(config_dir):
os.makedirs(config_dir)
return config_dir
def prepare_config_dir(domain, cache):
os.environ['ENOUGH_DOMAIN'] = domain
config_dir = make_config_dir(domain, cache)
shutil.copy('infrastructure_key', f'{config_dir}/infrastructure_key')
shutil.copy('infrastructure_key.pub', f'{config_dir}/infrastructure_key.pub')
all_dir = f'{config_dir}/inventory/group_vars/all'
......@@ -48,12 +55,12 @@ def prepare_config_dir(domain):
def pytest_sessionstart(session):
if session.config.getoption("--enough-no-create"):
return
service_directory = session.config.getoption("--enough-service-directory")
domain = f'{service_directory}.test'
config_dir = prepare_config_dir(domain)
config_dir = prepare_config_dir(domain, session.config.cache)
if session.config.getoption("--enough-no-create"):
return
e = Enough(config_dir, '.',
domain=domain,
......@@ -87,7 +94,7 @@ def pytest_sessionfinish(session, exitstatus):
service_directory = session.config.getoption("--enough-service-directory")
names = session.config.getoption("--enough-hosts").split(',')
domain = f'{service_directory}.test'
config_dir = os.path.expanduser(f'~/.enough/{domain}')
config_dir = make_config_dir(domain, session.config.cache)
e = Enough(config_dir, '.',
domain=domain,
driver='openstack',
......
---
openvpn_active_clients:
- openvpnclientname
- openvpnclient-host
- localhost
openvpn_server_conf: |
push "route 10.11.12.0 255.255.255.0"
---
- name: create openvpnclientname
hosts: openvpnclient-host
- name: create openvpn client
hosts: openvpnclient-host,localhost
become: true
tasks:
- name: apt-get install openvpn
apt:
name: [openvpn]
state: present
- name: mkdir -p /etc/openvpn
file:
state: directory
path: /etc/openvpn
- name: copy client credentials
copy:
src: "{{ openvpn_local_directory }}/openvpnclientname.tar.gz"
dest: "/etc/openvpn/openvpnclientname.tar.gz"
src: "{{ openvpn_local_directory }}/{{ inventory_hostname }}.tar.gz"
dest: "/etc/openvpn/{{ inventory_hostname }}.tar.gz"
- name: cd /etc/openvpn ; tar zxvf openvpnclientname.tar.gz
- name: cd /etc/openvpn ; tar zxvf {{ inventory_hostname }}.tar.gz
shell: |
set -ex
tar zxvf openvpnclientname.tar.gz
tar zxvf {{ inventory_hostname }}.tar.gz
args:
chdir: /etc/openvpn
- name: systemctl enable openvpn@openvpnclientname ; systemctl start openvpn@openvpnclientname
- name: run openvpn on openvpnclient-host
hosts: openvpnclient-host
become: true
tasks:
- name: apt-get install openvpn
apt:
name: [openvpn]
state: present
- name: systemctl enable openvpn@{{ inventory_hostname }} ; systemctl start openvpn@{{ inventory_hostname }}
systemd:
name: openvpn@openvpnclientname
name: openvpn@{{ inventory_hostname }}
state: restarted
enabled: yes
from enough.common import retry
import sh
def test_localhost_vpn_route():
sh.sudo('apt-get', 'install', '-y', 'openvpn')
sh.sudo.openvpn('/etc/openvpn/localhost.conf',
_cwd='/etc/openvpn', _bg=True, _truncate_exc=False)
@retry.retry(AssertionError, tries=5)
def check_route():
output = sh.ip.route()
assert '10.11.12' in output
check_route()
#!/bin/bash
set -ex
# ENOUGH_API_TOKEN=abc tests/run-tests.sh tox -e openvpn -- --enough-no-create --enough-no-tests playbooks/openvpn/tests
name=enough-tox-$(date +%s)
set -ex
trap "docker rm -f $name >& /dev/null || true ; docker rmi --no-prune $name >& /dev/null || true" EXIT
function prepare_environment() {
if test $(id -u) != 0 ; then
SUDO=sudo
fi
$SUDO apt-get update
$SUDO apt-get install -y git
}
cat > inventory/group_vars/all/clouds.yml <<EOF
function prepare_inventory() {
if ! test -f inventory/group_vars/all/clouds.yml ; then
cat > tests/clouds.yml <<EOF
---
clouds:
ovh:
......@@ -19,15 +27,73 @@ clouds:
password: "$OS_PASSWORD"
region_name: "$OS_REGION_NAME"
EOF
else
cat inventory/group_vars/all/clouds.yml > tests/clouds.yml
fi
cat > inventory/group_vars/all/domain.yml <<EOF
if ! test -f inventory/group_vars/all/domain.yml ; then
cat > tests/domain.yml <<EOF
---
domain: enough.community
EOF
else
cat inventory/group_vars/all/domain.yml > tests/domain.yml
fi
}
function image_name() {
if test "$GITLAB_CI" ; then
echo enough-tox-$(date +%s)
trap "docker rm -f $name >& /dev/null || true ; docker rmi --no-prune $name >& /dev/null || true" EXIT
else
echo enough-tox
fi
}
function build_image() {
local name="$1"
(
cat enough/common/data/base.dockerfile
cat tests/tox.dockerfile
) | docker build --build-arg=USER_ID="$(id -u)" --build-arg=DOCKER_GID="$(getent group docker | cut -d: -f3)" --build-arg=USER_NAME="${USER:-root}" --tag $name -f - .
}
function run_tests_on_ref() {
:
}
function run_tests() {
local name="$1"
shift
local d="$1"
shift
find $d \( -name '*.pyc' -o -name '*.pyo' -o -name __pycache__ \) -delete
if test "$SKIP_OPENSTACK_INTEGRATION_TESTS" ; then
skip="-e SKIP_OPENSTACK_INTEGRATION_TESTS=true"
fi
if test "$GITLAB_CI" ; then
args="--workdir /opt"
else
args="--volume ${d}:${d} --workdir ${d} --volume $HOME/.enough:$HOME/.enough"
fi
docker run --rm --device=/dev/net/tun --dns=8.8.8.8 --name $name --user "${USER:-root}" -e ENOUGH_API_TOKEN=$ENOUGH_API_TOKEN $skip --cap-add=NET_ADMIN $args --volume /var/run/docker.sock:/var/run/docker.sock $name "${@:-tox}"
}
(
cat enough/common/data/base.dockerfile
cat tests/tox.dockerfile
) | docker build --tag $name -f - .
function main() {
prepare_environment
prepare_inventory
local name=$(image_name "$@")
build_image $name
local toplevel=$(git rev-parse --show-toplevel)
if test "$1" = "--upgrade" ; then
shift
local ref="$1"
shift
run_tests_on_ref $ref $name $toplevel "$@"
fi
run_tests $name $toplevel "$@"
}
docker run --rm --name $name -e SKIP_OPENSTACK_INTEGRATION_TESTS=true -v /var/run/docker.sock:/var/run/docker.sock $name tox
main "$@"
......@@ -3,4 +3,6 @@ RUN git init
COPY requirements-dev.txt tox.ini setup.cfg setup.py README.md /opt/
RUN tox --notest
COPY . /opt
COPY tests/clouds.yml /opt/inventory/group_vars/all/clouds.yml
COPY tests/domain.yml /opt/inventory/group_vars/all/domain.yml
RUN cd /opt && git add . && git config user.email "you@example.com" && git config user.name "Your Name" && git commit -a -m 'for tests'
......@@ -23,7 +23,7 @@ commands = flake8 {posargs}
passenv =
ENOUGH_API_TOKEN
PYTEST_ADDOPTS
commands = {envbindir}/py.test --log-cli-level INFO -s --ssh-identity-file=infrastructure_key --ansible-inventory={env:HOME}/.enough/{envname}.test/inventory {posargs:playbooks/{envname}/tests}
commands = {envbindir}/py.test --log-cli-level INFO -s --ssh-identity-file=infrastructure_key --ansible-inventory={envdir}/.pytest_cache/d/dotenough/{envname}.test/inventory {posargs:playbooks/{envname}/tests}
[testenv:enough_nginx]
passenv =
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment