[Fuego] [PATCH v3] openvpn: Add test cases of service openvpn.
Tim.Bird at sony.com
Tim.Bird at sony.com
Tue Nov 19 17:00:35 UTC 2019
> -----Original Message-----
> From: Wang Mingyu
>
> This test set is used to check if the service openvpn can be started.
> And check the process file, syslog file, tap0 can be created or not.
>
> Signed-off-by: Wang Mingyu <wangmy at cn.fujitsu.com>
> ---
> scripts/fuego_board_function_lib.sh | 14 ++++
> tests/Functional.openvpn/data/host-target.key | 22 ++++++
> tests/Functional.openvpn/data/testcli.conf | 7 ++
> tests/Functional.openvpn/data/testenv.sh | 79 +++++++++++++++++++
> tests/Functional.openvpn/data/testsrv.conf | 16 ++++
> tests/Functional.openvpn/fuego_test.sh | 21 +++++
> tests/Functional.openvpn/openvpn_test.sh | 14 ++++
> tests/Functional.openvpn/spec.json | 6 ++
> .../tests/openvpn_genkey.sh | 26 ++++++
> .../Functional.openvpn/tests/openvpn_lport.sh | 34 ++++++++
> tests/Functional.openvpn/tests/openvpn_pid.sh | 31 ++++++++
> tests/Functional.openvpn/tests/openvpn_ps.sh | 36 +++++++++
> .../tests/openvpn_syslog-ng.sh | 42 ++++++++++
> tests/Functional.openvpn/tests/openvpn_tun.sh | 27 +++++++
> 14 files changed, 375 insertions(+)
> create mode 100644 tests/Functional.openvpn/data/host-target.key
> create mode 100644 tests/Functional.openvpn/data/testcli.conf
> create mode 100644 tests/Functional.openvpn/data/testenv.sh
> create mode 100644 tests/Functional.openvpn/data/testsrv.conf
> create mode 100644 tests/Functional.openvpn/fuego_test.sh
> create mode 100755 tests/Functional.openvpn/openvpn_test.sh
> create mode 100644 tests/Functional.openvpn/spec.json
> create mode 100644 tests/Functional.openvpn/tests/openvpn_genkey.sh
> create mode 100644 tests/Functional.openvpn/tests/openvpn_lport.sh
> create mode 100644 tests/Functional.openvpn/tests/openvpn_pid.sh
> create mode 100644 tests/Functional.openvpn/tests/openvpn_ps.sh
> create mode 100644 tests/Functional.openvpn/tests/openvpn_syslog-ng.sh
> create mode 100644 tests/Functional.openvpn/tests/openvpn_tun.sh
>
> diff --git a/scripts/fuego_board_function_lib.sh
> b/scripts/fuego_board_function_lib.sh
> index a6cd842..115c615 100644
> --- a/scripts/fuego_board_function_lib.sh
> +++ b/scripts/fuego_board_function_lib.sh
> @@ -12,6 +12,7 @@
> init_manager="init_manager-not-set"
> logger_service="logger_service-not-set"
> service_status="unknown"
> +module_status="unknown"
>
> # set_init_manager:
> # detects and sets the init_manager variable, which indicates which
> @@ -100,3 +101,16 @@ get_service_logfile() {
> fi
> echo $service_logfile
> }
> +
> +# get_module_status:
> +# get status of module
> +# returns: status of module
> +get_module_status() {
> + if lsmod | grep $1
> + then
> + module_status="loaded"
> + else
> + module_status="unloaded"
> + fi
> + echo $module_status
> +}
This has already been applied as a separate patch. I'll remove this
hunk.
> diff --git a/tests/Functional.openvpn/data/host-target.key
> b/tests/Functional.openvpn/data/host-target.key
> new file mode 100644
> index 0000000..99743bf
> --- /dev/null
> +++ b/tests/Functional.openvpn/data/host-target.key
> @@ -0,0 +1,22 @@
> +#
> +# 2048 bit OpenVPN static key
> +#
> +-----BEGIN OpenVPN Static key V1-----
> +debe9557c7eb224c5cf4f3369d5211ff
> +fb9c375a4784759edf6b0f6eb8f5da31
> +bb280394d40382cc8e02d6cbb3e47492
> +3509eac6b48965078e3d317b0791dea2
> +dbcf0eddcab0fb20780fcf0908ce94cd
> +7cb65a913fea73ac6bfe0ab34f085aa3
> +a6c8b89a97d189e5145c3199955c4b34
> +6d51f864f2b49f3252d1548c3b3510ec
> +0ecd4b9f17f2039439a79f41a46f6a54
> +c0385b962b2b94fcbe73e0108b224a5b
> +2efae27d872f0efef67b244c7eb6f525
> +581e4c2b4e6aa193fb1d37798bdb46ff
> +7c6727f08e9601c10ac7478d73d731e6
> +f4b652252f3e5309cd1d6d30c7a433cc
> +134bd6dd50fa6a6fc7a843fdc058d38d
> +fb8679b48eb09745badf004fbf4a434c
> +-----END OpenVPN Static key V1-----
> +
> diff --git a/tests/Functional.openvpn/data/testcli.conf
> b/tests/Functional.openvpn/data/testcli.conf
> new file mode 100644
> index 0000000..2c252bb
> --- /dev/null
> +++ b/tests/Functional.openvpn/data/testcli.conf
> @@ -0,0 +1,7 @@
> +remote 192.168.0.1
Will this work on any machine? Does this need address to be
substituted with a valid address for the board under test?
Or does it need to avoid an address already in use by the
board?
> +port 5000
> +dev tap
> +#dev tun
> +verb 3
> +ping 60
> +
> diff --git a/tests/Functional.openvpn/data/testenv.sh
> b/tests/Functional.openvpn/data/testenv.sh
> new file mode 100644
> index 0000000..0d89191
> --- /dev/null
> +++ b/tests/Functional.openvpn/data/testenv.sh
> @@ -0,0 +1,79 @@
> +service_name="service_name-not-set"
> +config_file="config_file-not-set"
> +pid_file="pid_file-not-set"
> +module_status="unknown"
> +
> +#set the variable of service openvpn
> +set_service_file() {
> + if [ "$init_manager" == "systemd" ]
> + then
> + service_name="openvpn at loopback-server.service"
> + config_file="/etc/openvpn/loopback-server.conf"
> + pid_file="/var/run/openvpn/loopback-server.pid"
> + else
> + service_name="openvpn"
> + if [ "$test_type" == "client" ]
> + then
> + config_file="/etc/openvpn/testcli.conf"
> + pid_file="/var/run/openvpn.testcli.pid"
> + elif [ "$test_type" == "server" ]
> + then
> + config_file="/etc/openvpn/testsrv.conf"
> + pid_file="/var/run/openvpn.testsrv.pid"
> + fi
> + fi
> +}
> +
> +setup_routine() {
> + set_service_file
> + service_status=$(get_service_status $service_name)
> + module_status=$(get_module_status tun)
> + exec_service_on_target $service_name stop
> +
> + if [ -f $config_file ]
> + then
> + mv $config_file "${config_file}_bak"
> + fi
> +
> + test_type=$1
> + if [ "$test_type" = "client" ]
> + then
> + cp data/testcli.conf $config_file
> + elif [ "$test_type" = "server" ] ; then
> + cp data/testsrv.conf $config_file
> + fi
> +
> + if [ -f /etc/openvpn/host-target.key ]
> + then
> + mv /etc/openvpn/host-target.key /etc/openvpn/host-target.key_bak
> + fi
> + cp data/host-target.key /etc/openvpn/host-target.key
> +
> + if [ -d /dev/net ]
> + then
> + mv /dev/net /dev/net_bak
> + fi
> + mkdir -m 755 /dev/net
> + mknod /dev/net/tun c 10 200
> +}
> +
> +restore_routine() {
> + if [ -d /dev/net_bak ]
> + then
> + mv /dev/net_bak /dev/net
> + fi
> + rm $config_file
> + if [ -f "${config_file}_bak" ]
> + then
> + mv "${config_file}_bak" $config_file
> + fi
> + rm -r /etc/openvpn/host-target.key
> + if [ -f /etc/openvpn/host-target.key_bak ]
> + then
> + mv /etc/openvpn/host-target.key_bak /etc/openvpn/host-target.key
> + fi
> + if [ "$module_status" = "unloaded" ]
> + then
> + modprobe -r tun
> + fi
> +}
Nice. Thanks. If we use this pattern a lot, then we might want
to add some generic functions for backing up and restoring
files, starting and stopping services, and loading and unloading
modules - and add them to fuego_board_function_lib.sh
However, let's keep these local for now and see if we get more
examples of this in additional tests.
> diff --git a/tests/Functional.openvpn/data/testsrv.conf
> b/tests/Functional.openvpn/data/testsrv.conf
> new file mode 100644
> index 0000000..0c18a40
> --- /dev/null
> +++ b/tests/Functional.openvpn/data/testsrv.conf
> @@ -0,0 +1,16 @@
> +#
> +proto udp
> +port 5000
> +
> +dev tap
> +
> +secret /etc/openvpn/host-target.key
> +#link-mtu 1200
> +
> +ping 10
> +ping-restart 60
> +ping-timer-rem
> +persist-key
> +persist-tun
> +verb 3
> +
> diff --git a/tests/Functional.openvpn/fuego_test.sh
> b/tests/Functional.openvpn/fuego_test.sh
> new file mode 100644
> index 0000000..a94740e
> --- /dev/null
> +++ b/tests/Functional.openvpn/fuego_test.sh
> @@ -0,0 +1,21 @@
Probably need a NEED_ROOT=1 here.
This test does a lot of manipulation of system-wide configuration
files, loading/unloading modules and starting/stopping services.
> +function test_pre_check {
> + assert_has_program openvpn
> + assert_has_program netstat
> + assert_has_program ifconfig
> +}
> +
> +function test_deploy {
> + put $TEST_HOME/openvpn_test.sh $BOARD_TESTDIR/fuego.$TESTDIR/
> + put $FUEGO_CORE/scripts/fuego_board_function_lib.sh
> $BOARD_TESTDIR/fuego.$TESTDIR
> + put -r $TEST_HOME/tests $BOARD_TESTDIR/fuego.$TESTDIR/
> + put -r $TEST_HOME/data $BOARD_TESTDIR/fuego.$TESTDIR/
> +}
> +
> +function test_run {
> + report "cd $BOARD_TESTDIR/fuego.$TESTDIR;\
> + ./openvpn_test.sh"
> +}
> +
> +function test_processing {
> + log_compare "$TESTDIR" "0" "TEST-FAIL" "n"
> +}
> diff --git a/tests/Functional.openvpn/openvpn_test.sh
> b/tests/Functional.openvpn/openvpn_test.sh
> new file mode 100755
> index 0000000..13bcf82
> --- /dev/null
> +++ b/tests/Functional.openvpn/openvpn_test.sh
> @@ -0,0 +1,14 @@
> +#!/bin/sh
> +. ./fuego_board_function_lib.sh
> +set_init_manager
> +
> +. data/testenv.sh
> +
> +for i in tests/*.sh; do
> + if [ "$i" = "tests/openvpn_genkey.sh" ]; then
> + source $i
> + else
> + source $i client
> + source $i server
> + fi
> +done
> diff --git a/tests/Functional.openvpn/spec.json
> b/tests/Functional.openvpn/spec.json
> new file mode 100644
> index 0000000..e9fdc5a
> --- /dev/null
> +++ b/tests/Functional.openvpn/spec.json
> @@ -0,0 +1,6 @@
> +{
> + "testName": "Functional.openvpn",
> + "specs": {
> + "default": {}
> + }
> +}
> diff --git a/tests/Functional.openvpn/tests/openvpn_genkey.sh
> b/tests/Functional.openvpn/tests/openvpn_genkey.sh
> new file mode 100644
> index 0000000..90d2474
> --- /dev/null
> +++ b/tests/Functional.openvpn/tests/openvpn_genkey.sh
> @@ -0,0 +1,26 @@
> +#!/bin/sh
> +
> +# In target, run command openvpn.
> +# option: --genkey
> +
> +test="genkey"
> +
> +if [ -f /etc/openvpn/host-target.key ]
> +then
> + mv /etc/openvpn/host-target.key /etc/openvpn/host-target.key_bak
> +fi
> +
> +openvpn --genkey --secret /etc/openvpn/host-target.key
> +if [ -f /etc/openvpn/host-target.key ]
> +then
> + echo " -> $test: TEST-PASS"
> +else
> + echo " -> $test: TEST-FAIL"
> +fi
> +rm -f /etc/openvpn/host-target.key
> +
> +if [ -f /etc/openvpn/host-target.key_bak ]
> +then
> + mv /etc/openvpn/host-target.key_bak /etc/openvpn/host-target.key
> +fi
> +
> diff --git a/tests/Functional.openvpn/tests/openvpn_lport.sh
> b/tests/Functional.openvpn/tests/openvpn_lport.sh
> new file mode 100644
> index 0000000..f19659a
> --- /dev/null
> +++ b/tests/Functional.openvpn/tests/openvpn_lport.sh
> @@ -0,0 +1,34 @@
> +#!/bin/sh
> +
> +# In the target, run openvpn and check the Listening port.
> +
> +test="lport_$1"
> +
> +test_type=$1
> +
> +setup_routine $test_type
> +
> +if exec_service_on_target $service_name start
> +then
> + echo " -> $test: service start succeeded."
> +else
> + echo " -> $test: service start failed."
> + echo " -> $test: TEST-FAIL"
> + restore_routine
> + exit
> +fi
> +
> +sleep 5
> +
> +if netstat -ln | grep ":5000"
> +then
> + echo " -> $test: TEST-PASS"
> +else
> + echo " -> $test: TEST-FAIL"
> +fi
> +
> +if [ "$service_status" = "inactive" ]
> +then
> + exec_service_on_target $service_name stop
> +fi
> +restore_routine
> diff --git a/tests/Functional.openvpn/tests/openvpn_pid.sh
> b/tests/Functional.openvpn/tests/openvpn_pid.sh
> new file mode 100644
> index 0000000..dbcb61a
> --- /dev/null
> +++ b/tests/Functional.openvpn/tests/openvpn_pid.sh
> @@ -0,0 +1,31 @@
> +#!/bin/sh
> +
> +# In the target, run openvpn and check the pidfile.
> +
> +test="pid_$1"
> +
> +test_type=$1
> +
> +setup_routine $test_type
> +
> +if exec_service_on_target $service_name start
> +then
> + echo " -> $test: service start succeeded."
> +else
> + echo " -> $test: service start failed."
> + echo " -> $test: TEST-FAIL"
> + restore_routine
> + exit
> +fi
> +
> +if [ -f $pid_file ]
> +then
> + echo " -> $test: TEST-PASS"
> +else
> + echo " -> $test: TEST-FAIL"
> +fi
> +if [ "$service_status" = "inactive" ]
> +then
> + exec_service_on_target $service_name stop
> +fi
> +restore_routine
> diff --git a/tests/Functional.openvpn/tests/openvpn_ps.sh
> b/tests/Functional.openvpn/tests/openvpn_ps.sh
> new file mode 100644
> index 0000000..d8b8c52
> --- /dev/null
> +++ b/tests/Functional.openvpn/tests/openvpn_ps.sh
> @@ -0,0 +1,36 @@
> +#!/bin/sh
> +
> +# In the target, run openvpn and check the status of process.
> +
> +test="ps_$1"
> +
> +test_type=$1
> +
> +setup_routine $test_type
> +
> +exec_service_on_target $service_name start
> +
> +if ps aux | grep "[/]usr/sbin/openvpn"
> +then
> + echo " -> $test: get the process of openvpn succeeded."
> +else
> + echo " -> $test: get the process of openvpn failed."
> + echo " -> $test: TEST-FAIL"
> + exec_service_on_target $service_name stop
> + restore_routine
> + exit
> +fi
> +
> +exec_service_on_target $service_name stop
> +
> +if ! ps aux | grep "[/]usr/sbin/openvpn"
> +then
> + echo " -> $test: TEST-PASS"
> +else
> + echo " -> $test: TEST-FAIL"
> +fi
> +restore_routine
> +if [ "$service_status" = "active" -o "$service_status" = "unknown" ]
> +then
> + exec_service_on_target $service_name start
> +fi
> diff --git a/tests/Functional.openvpn/tests/openvpn_syslog-ng.sh
> b/tests/Functional.openvpn/tests/openvpn_syslog-ng.sh
> new file mode 100644
> index 0000000..8dd84ee
> --- /dev/null
> +++ b/tests/Functional.openvpn/tests/openvpn_syslog-ng.sh
> @@ -0,0 +1,42 @@
> +#!/bin/sh
> +
> +# In the target, run openvpn and check the message of syslog-ng.
> +
> +test="syslog-ng_$1"
> +
> +test_type=$1
> +
> +setup_routine $test_type
> +logger_service=$(detect_logger_service)
> +openvpn_logfile=$(get_service_logfile)
> +
> +exec_service_on_target $logger_service stop
> +
> +if [ -f $openvpn_logfile ]
> +then
> + mv $openvpn_logfile $openvpn_logfile"_bak"
> +fi
> +
> +exec_service_on_target $logger_service restart
> +
> +sleep 2
> +
> +exec_service_on_target $service_name start
> +
> +sleep 5
> +
> +if cat $openvpn_logfile | grep OpenVPN
> +then
> + echo " -> $test: TEST-PASS"
> +else
> + echo " -> $test: TEST-FAIL"
> +fi
> +
> +exec_service_on_target $service_name stop
> +
> +restore_routine
> +
> +if [ "$service_status" = "active" -o "$service_status" = "unknown" ]
> +then
> + exec_service_on_target $service_name start
> +fi
> diff --git a/tests/Functional.openvpn/tests/openvpn_tun.sh
> b/tests/Functional.openvpn/tests/openvpn_tun.sh
> new file mode 100644
> index 0000000..8902df8
> --- /dev/null
> +++ b/tests/Functional.openvpn/tests/openvpn_tun.sh
> @@ -0,0 +1,27 @@
> +#!/bin/sh
> +
> +# Verify the creation of the tun device (tap0) interface by openvpn.
> +
> +test="tun_$1"
> +
> +test_type=$1
> +
> +setup_routine $test_type
> +
> +exec_service_on_target $service_name start
> +
> +if ifconfig tap0
> +then
> + echo " -> $test: TEST-PASS"
> +else
> + echo " -> $test: TEST-FAIL"
> +fi
> +
> +exec_service_on_target $service_name stop
> +
> +restore_routine
> +
> +if [ "$service_status" = "active" -o "$service_status" = "unknown" ]
> +then
> + exec_service_on_target $service_name start
> +fi
> --
> 2.17.1
OK - this looks good.
I'm going to apply it, but please respond to my comments above.
I'll go ahead and add the NEED_ROOT=1.
Let me know about the address in the configuration file (whether that
matters for this test).
Thanks,
-- Tim
More information about the Fuego
mailing list