From 4c702fb60c0460fbd9de3254d5a9f4136e7f751b Mon Sep 17 00:00:00 2001 From: Samuel Ortiz Date: Sat, 17 Dec 2016 12:29:27 +0100 Subject: [PATCH] test: Add 2 basic networking tests We create temporary CNI networking configurations and run 2 functional tests: - Verify that the networking namespace interface has a valid CIDR - Ping the networking namespace interface from the host Signed-off-by: Samuel Ortiz --- test/helpers.bash | 74 ++++++++++++++++++++++++++++++++++++++++++++++- test/network.bats | 45 ++++++++++++++++++++++++++++ 2 files changed, 118 insertions(+), 1 deletion(-) create mode 100644 test/network.bats diff --git a/test/helpers.bash b/test/helpers.bash index 91e35a76..be4b29bb 100644 --- a/test/helpers.bash +++ b/test/helpers.bash @@ -45,9 +45,14 @@ if [ -e /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then fi OCID_SOCKET="$TESTDIR/ocid.sock" OCID_CONFIG="$TESTDIR/ocid.conf" +OCID_CNI_CONFIG="$TESTDIR/cni/net.d/" +POD_CIDR="10.88.0.0/16" +POD_CIDR_MASK="10.88.*.*" cp "$CONMON_BINARY" "$TESTDIR/conmon" +mkdir -p $OCID_CNI_CONFIG + PATH=$PATH:$TESTDIR # Run ocid using the binary specified by $OCID_BINARY. @@ -106,7 +111,7 @@ function start_ocid() { apparmor="$APPARMOR_PROFILE" fi - "$OCID_BINARY" --conmon "$CONMON_BINARY" --pause "$PAUSE_BINARY" --listen "$OCID_SOCKET" --runtime "$RUNC_BINARY" --root "$TESTDIR/ocid" --sandboxdir "$TESTDIR/sandboxes" --containerdir "$TESTDIR/ocid/containers" --seccomp-profile "$seccomp" --apparmor-profile "$apparmor" config >$OCID_CONFIG + "$OCID_BINARY" --conmon "$CONMON_BINARY" --pause "$PAUSE_BINARY" --listen "$OCID_SOCKET" --runtime "$RUNC_BINARY" --root "$TESTDIR/ocid" --sandboxdir "$TESTDIR/sandboxes" --containerdir "$TESTDIR/ocid/containers" --seccomp-profile "$seccomp" --apparmor-profile "$apparmor" --cni-config-dir "$OCID_CNI_CONFIG" config >$OCID_CONFIG "$OCID_BINARY" --debug --config "$OCID_CONFIG" & OCID_PID=$! wait_until_reachable } @@ -189,3 +194,70 @@ function is_apparmor_enabled() { fi echo 0 } + +function prepare_network_conf() { + cat >$OCID_CNI_CONFIG/10-ocid.conf <<-EOF +{ + "cniVersion": "0.2.0", + "name": "ocidnet", + "type": "bridge", + "bridge": "cni0", + "isGateway": true, + "ipMasq": true, + "ipam": { + "type": "host-local", + "subnet": "$1", + "routes": [ + { "dst": "0.0.0.0/0" } + ] + } +} +EOF + + cat >$OCID_CNI_CONFIG/99-loopback.conf <<-EOF +{ + "cniVersion": "0.2.0", + "type": "loopback" +} +EOF + + echo 0 +} + +function check_pod_cidr() { + fullnetns=`ocic pod status --id $1 | grep namespace | cut -d ' ' -f 3` + netns=`basename $fullnetns` + + ip netns exec $netns ip addr show dev eth0 scope global | grep $POD_CIDR_MASK + + echo $? +} + +function parse_pod_ip() { + for arg + do + cidr=`echo "$arg" | grep $POD_CIDR_MASK` + if [ "$cidr" == "$arg" ] + then + echo `echo "$arg" | sed "s/\/[0-9][0-9]//"` + fi + done +} + +function ping_pod() { + netns=`ocic pod status --id $1 | grep namespace | cut -d ' ' -f 3` + inet=`ip netns exec \`basename $netns\` ip addr show dev eth0 scope global | grep inet` + + IFS=" " + ip=`parse_pod_ip $inet` + + ping -W 1 -c 5 $ip + + echo $? +} + +function cleanup_network_conf() { + rm -rf $OCID_CNI_CONFIG + + echo 0 +} diff --git a/test/network.bats b/test/network.bats new file mode 100644 index 00000000..c2bd5961 --- /dev/null +++ b/test/network.bats @@ -0,0 +1,45 @@ +#!/usr/bin/env bats + +load helpers + +@test "Check for valid pod netns CIDR" { + # this test requires docker, thus it can't yet be run in a container + if [ "$TRAVIS" = "true" ]; then # instead of $TRAVIS, add a function is_containerized to skip here + skip "cannot yet run this test in a container, use sudo make localintegration" + fi + + prepare_network_conf $POD_CIDR + + start_ocid + run ocic pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + + check_pod_cidr $pod_id + + cleanup_pods + cleanup_network_conf + stop_ocid +} + +@test "Ping pod netns from the host" { + # this test requires docker, thus it can't yet be run in a container + if [ "$TRAVIS" = "true" ]; then # instead of $TRAVIS, add a function is_containerized to skip here + skip "cannot yet run this test in a container, use sudo make localintegration" + fi + + prepare_network_conf $POD_CIDR + + start_ocid + run ocic pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + + ping_pod $pod_id + + cleanup_pods + cleanup_network_conf + stop_ocid +}