From 886869a52d29be0dcebad151f521758c97e3f092 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Wed, 16 Feb 2022 16:04:57 -0500 Subject: [PATCH] tests/manual: add iptables-nft upgrade tests These are manual upgrade tests that verify various upgrade paths for iptables-nft. It's manual in that you have to update the `OCIARCHIVE_URL` to point to a URL of an ociarchive of a build with `35coreos-iptables`. Long-term, I'd like to add external tests support directly in upgrade tests so that we could have access to the artifacts vis e.g. `KOLA_EXT_DATA` or a mount. But for now, this will do. To run the tests, first update `OCIARCHIVE_URL`, and then: ``` kola run -E /path/to/tests/manual/iptables-nft-migration ext.iptables-nft-migration.* ``` --- .../tests/kola/already-migrated/config.bu | 28 +++++++++++++++++++ .../kola/already-migrated/data/common.sh | 1 + .../tests/kola/already-migrated/test.sh | 21 ++++++++++++++ .../tests/kola/data/common.sh | 22 +++++++++++++++ .../tests/kola/migrate-to-nft | 21 ++++++++++++++ .../tests/kola/stay-on-legacy.day1/config.bu | 6 ++++ .../kola/stay-on-legacy.day1/data/common.sh | 1 + .../tests/kola/stay-on-legacy.day1/test.sh | 21 ++++++++++++++ .../tests/kola/stay-on-legacy.day2 | 23 +++++++++++++++ 9 files changed, 144 insertions(+) create mode 100644 tests/manual/iptables-nft-migration/tests/kola/already-migrated/config.bu create mode 120000 tests/manual/iptables-nft-migration/tests/kola/already-migrated/data/common.sh create mode 100755 tests/manual/iptables-nft-migration/tests/kola/already-migrated/test.sh create mode 100644 tests/manual/iptables-nft-migration/tests/kola/data/common.sh create mode 100755 tests/manual/iptables-nft-migration/tests/kola/migrate-to-nft create mode 100644 tests/manual/iptables-nft-migration/tests/kola/stay-on-legacy.day1/config.bu create mode 120000 tests/manual/iptables-nft-migration/tests/kola/stay-on-legacy.day1/data/common.sh create mode 100755 tests/manual/iptables-nft-migration/tests/kola/stay-on-legacy.day1/test.sh create mode 100755 tests/manual/iptables-nft-migration/tests/kola/stay-on-legacy.day2 diff --git a/tests/manual/iptables-nft-migration/tests/kola/already-migrated/config.bu b/tests/manual/iptables-nft-migration/tests/kola/already-migrated/config.bu new file mode 100644 index 0000000000..2692db6c75 --- /dev/null +++ b/tests/manual/iptables-nft-migration/tests/kola/already-migrated/config.bu @@ -0,0 +1,28 @@ +variant: fcos +version: 1.4.0 +storage: + links: + - path: /etc/alternatives/iptables + target: /usr/sbin/iptables-nft + overwrite: true + hard: false + - path: /etc/alternatives/iptables-restore + target: /usr/sbin/iptables-nft-restore + overwrite: true + hard: false + - path: /etc/alternatives/iptables-save + target: /usr/sbin/iptables-nft-save + overwrite: true + hard: false + - path: /etc/alternatives/ip6tables + target: /usr/sbin/ip6tables-nft + overwrite: true + hard: false + - path: /etc/alternatives/ip6tables-restore + target: /usr/sbin/ip6tables-nft-restore + overwrite: true + hard: false + - path: /etc/alternatives/ip6tables-save + target: /usr/sbin/ip6tables-nft-save + overwrite: true + hard: false diff --git a/tests/manual/iptables-nft-migration/tests/kola/already-migrated/data/common.sh b/tests/manual/iptables-nft-migration/tests/kola/already-migrated/data/common.sh new file mode 120000 index 0000000000..e232e75550 --- /dev/null +++ b/tests/manual/iptables-nft-migration/tests/kola/already-migrated/data/common.sh @@ -0,0 +1 @@ +../../data/common.sh \ No newline at end of file diff --git a/tests/manual/iptables-nft-migration/tests/kola/already-migrated/test.sh b/tests/manual/iptables-nft-migration/tests/kola/already-migrated/test.sh new file mode 100755 index 0000000000..76984b55e9 --- /dev/null +++ b/tests/manual/iptables-nft-migration/tests/kola/already-migrated/test.sh @@ -0,0 +1,21 @@ +#!/bin/bash +set -xeuo pipefail + +# kola: { "tags": "needs-internet" } + +. $KOLA_EXT_DATA/common.sh + +case "${AUTOPKGTEST_REBOOT_MARK:-}" in + "") + assert_iptables_nft + assert_iptables_differs_from_default + upgrade + /tmp/autopkgtest-reboot rebooted + ;; + + rebooted) + assert_iptables_nft + assert_iptables_matches_default + ;; + *) fatal "unexpected mark: ${AUTOPKGTEST_REBOOT_MARK}";; +esac diff --git a/tests/manual/iptables-nft-migration/tests/kola/data/common.sh b/tests/manual/iptables-nft-migration/tests/kola/data/common.sh new file mode 100644 index 0000000000..7b9b98e516 --- /dev/null +++ b/tests/manual/iptables-nft-migration/tests/kola/data/common.sh @@ -0,0 +1,22 @@ +OCIARCHIVE_URL=http://192.168.0.13:8000/fedora-coreos-35.20220210.dev.0-ostree.x86_64.ociarchive + +upgrade() { + curl -Lo /var/tmp/update.ociarchive "${OCIARCHIVE_URL}" + rpm-ostree rebase --experimental ostree-unverified-image:oci-archive:/var/tmp/update.ociarchive +} + +assert_iptables_legacy() { + iptables --version | grep legacy +} + +assert_iptables_nft() { + iptables --version | grep nf_tables +} + +assert_iptables_differs_from_default() { + ostree admin config-diff | grep alternatives/iptables +} + +assert_iptables_matches_default() { + ! ostree admin config-diff | grep alternatives/iptables +} diff --git a/tests/manual/iptables-nft-migration/tests/kola/migrate-to-nft b/tests/manual/iptables-nft-migration/tests/kola/migrate-to-nft new file mode 100755 index 0000000000..919df443b1 --- /dev/null +++ b/tests/manual/iptables-nft-migration/tests/kola/migrate-to-nft @@ -0,0 +1,21 @@ +#!/bin/bash +set -xeuo pipefail + +# kola: { "tags": "needs-internet" } + +. $KOLA_EXT_DATA/common.sh + +case "${AUTOPKGTEST_REBOOT_MARK:-}" in + "") + assert_iptables_legacy + assert_iptables_matches_default + upgrade + /tmp/autopkgtest-reboot rebooted + ;; + + rebooted) + assert_iptables_nft + assert_iptables_matches_default + ;; + *) fatal "unexpected mark: ${AUTOPKGTEST_REBOOT_MARK}";; +esac diff --git a/tests/manual/iptables-nft-migration/tests/kola/stay-on-legacy.day1/config.bu b/tests/manual/iptables-nft-migration/tests/kola/stay-on-legacy.day1/config.bu new file mode 100644 index 0000000000..81e9d43319 --- /dev/null +++ b/tests/manual/iptables-nft-migration/tests/kola/stay-on-legacy.day1/config.bu @@ -0,0 +1,6 @@ +variant: fcos +version: 1.4.0 +storage: + files: + - path: /etc/coreos/iptables-legacy.stamp + mode: 0644 diff --git a/tests/manual/iptables-nft-migration/tests/kola/stay-on-legacy.day1/data/common.sh b/tests/manual/iptables-nft-migration/tests/kola/stay-on-legacy.day1/data/common.sh new file mode 120000 index 0000000000..e232e75550 --- /dev/null +++ b/tests/manual/iptables-nft-migration/tests/kola/stay-on-legacy.day1/data/common.sh @@ -0,0 +1 @@ +../../data/common.sh \ No newline at end of file diff --git a/tests/manual/iptables-nft-migration/tests/kola/stay-on-legacy.day1/test.sh b/tests/manual/iptables-nft-migration/tests/kola/stay-on-legacy.day1/test.sh new file mode 100755 index 0000000000..2d263ea1a5 --- /dev/null +++ b/tests/manual/iptables-nft-migration/tests/kola/stay-on-legacy.day1/test.sh @@ -0,0 +1,21 @@ +#!/bin/bash +set -xeuo pipefail + +# kola: { "tags": "needs-internet" } + +. $KOLA_EXT_DATA/common.sh + +case "${AUTOPKGTEST_REBOOT_MARK:-}" in + "") + assert_iptables_legacy + assert_iptables_matches_default + upgrade + /tmp/autopkgtest-reboot rebooted + ;; + + rebooted) + assert_iptables_legacy + assert_iptables_differs_from_default + ;; + *) fatal "unexpected mark: ${AUTOPKGTEST_REBOOT_MARK}";; +esac diff --git a/tests/manual/iptables-nft-migration/tests/kola/stay-on-legacy.day2 b/tests/manual/iptables-nft-migration/tests/kola/stay-on-legacy.day2 new file mode 100755 index 0000000000..85035164e3 --- /dev/null +++ b/tests/manual/iptables-nft-migration/tests/kola/stay-on-legacy.day2 @@ -0,0 +1,23 @@ +#!/bin/bash +set -xeuo pipefail + +# kola: { "tags": "needs-internet" } + +. $KOLA_EXT_DATA/common.sh + +case "${AUTOPKGTEST_REBOOT_MARK:-}" in + "") + assert_iptables_legacy + assert_iptables_matches_default + mkdir -m 755 /etc/coreos/ + touch /etc/coreos/iptables-legacy.stamp + upgrade + /tmp/autopkgtest-reboot rebooted + ;; + + rebooted) + assert_iptables_legacy + assert_iptables_differs_from_default + ;; + *) fatal "unexpected mark: ${AUTOPKGTEST_REBOOT_MARK}";; +esac