|
Server : Apache System : Linux server.mata-lashes.com 3.10.0-1160.90.1.el7.x86_64 #1 SMP Thu May 4 15:21:22 UTC 2023 x86_64 User : matalashes ( 1004) PHP Version : 8.1.29 Disable Function : NONE Directory : /proc/17567/root/usr/src/cloud-init/tests/integration_tests/modules/ |
Upload File : |
"""Integration test for the wireguard module."""
import pytest
from pycloudlib.lxd.instance import LXDInstance
from cloudinit.subp import subp
from tests.integration_tests.instances import IntegrationInstance
from tests.integration_tests.integration_settings import PLATFORM
from tests.integration_tests.releases import IS_UBUNTU
ASCII_TEXT = "ASCII text"
USER_DATA = """\
#cloud-config
wireguard:
interfaces:
- name: wg0
config_path: /etc/wireguard/wg0.conf
content: |
[Interface]
Address = 192.168.254.1/32
ListenPort = 51820
PrivateKey = iNlmgtGo6yiFhD9TuVnx/qJSp+C5Cwg4wwPmOJwlZXI=
[Peer]
PublicKey = 6PewunPjxlUq/0xvbVxklN2p73YIytfjxpoIEohCukY=
AllowedIPs = 192.168.254.2/32
- name: wg1
config_path: /etc/wireguard/wg1.conf
content: |
[Interface]
PrivateKey = GGLU4+5vIcK9lGyfz4AJn9fR5/FN/6sf4Fd5chZ16Vc=
Address = 192.168.254.2/24
[Peer]
PublicKey = 2as8z3EDjSsfFEkvOQGVnJ1Hv+h1jRAh2BKJg+DHvGk=
Endpoint = 127.0.0.1:51820
AllowedIPs = 0.0.0.0/0
readinessprobe:
- ping -qc 5 192.168.254.1 2>&1 > /dev/null
- echo $? > /tmp/ping
# wg-quick configures the system interfaces and routes, but we need to ssh in
# stop the service at the end of cloud-init
runcmd:
- [systemctl, stop, wg-quick@wg0.service]
- [systemctl, stop, wg-quick@wg1.service]
"""
def load_wireguard_kernel_module_lxd(instance: LXDInstance):
subp(
"lxc config set {} linux.kernel_modules wireguard".format(
instance.name
).split()
)
@pytest.mark.ci
@pytest.mark.user_data(USER_DATA)
@pytest.mark.skipif(
not IS_UBUNTU, reason="Hasn't been tested on other distros"
)
@pytest.mark.skipif(
PLATFORM not in ["lxd_vm", "gce", "ec2", "azure", "openstack", "oci"],
reason=f"Test hasn't been tested on {PLATFORM}",
)
class TestWireguard:
@pytest.mark.parametrize(
"cmd,expected_out",
(
# check if wireguard module is loaded
("lsmod | grep '^wireguard' | awk '{print $1}'", "wireguard"),
# test if file was written for wg0
(
"stat -c '%N' /etc/wireguard/wg0.conf",
r"'/etc/wireguard/wg0.conf'",
),
# check permissions for wg0
("stat -c '%U %a' /etc/wireguard/wg0.conf", r"root 600"),
# ASCII check wg1
("file /etc/wireguard/wg1.conf", ASCII_TEXT),
# md5sum check wg1
(
"md5sum </etc/wireguard/wg1.conf",
"cff31c9879da0967313d3f561aed766b",
),
# sha256sum check
(
"sha256sum </etc/wireguard/wg1.conf",
"8443055d1442d051588beb03f7895b58"
"269196eb9916617969dc5220c1a90d54",
),
# check if systemd started wg0
(
"systemctl is-failed wg-quick@wg0; test $? -eq 1",
"inactive",
),
# check if systemd started wg1
(
"systemctl is-failed wg-quick@wg1; test $? -eq 1",
"inactive",
),
# check readiness probe (ping wg0)
("cat /tmp/ping", "0"),
),
)
def test_wireguard(
self, cmd, expected_out, class_client: IntegrationInstance
):
result = class_client.execute(cmd)
assert result.ok
assert expected_out in result.stdout
def test_wireguard_tools_installed(
self, class_client: IntegrationInstance
):
"""Test that 'wg version' succeeds, indicating installation."""
assert class_client.execute("wg version").ok
@pytest.mark.ci
@pytest.mark.user_data(USER_DATA)
@pytest.mark.lxd_setup.with_args(load_wireguard_kernel_module_lxd)
@pytest.mark.skipif(
PLATFORM != "lxd_container", reason=f"Not testing on {PLATFORM}"
)
@pytest.mark.skipif(not IS_UBUNTU, reason="Has only been tested on Ubuntu")
class TestWireguardWithoutKmod:
def test_wireguard_tools_installed(
self, class_client: IntegrationInstance
):
"""Test that 'wg version' succeeds, indicating installation."""
assert class_client.execute("wg version").ok