diff --git a/chapter-04/Vagrantfile b/chapter-04/Vagrantfile index 1f4eb39..f4b19f3 100644 --- a/chapter-04/Vagrantfile +++ b/chapter-04/Vagrantfile @@ -26,6 +26,11 @@ Vagrant.configure("2") do |config| ansible.playbook = "playbook.yaml" ansible.groups = groups end + host.vm.provision "test", type: "ansible", run: "never" do |ansible| + ansible.limit = "all" + ansible.playbook = "test.yaml" + ansible.groups = groups + end end end end diff --git a/chapter-04/test.yaml b/chapter-04/test.yaml new file mode 100644 index 0000000..ac29f13 --- /dev/null +++ b/chapter-04/test.yaml @@ -0,0 +1,12 @@ +--- +- hosts: remote + become: yes + pre_tasks: + - name: install tests + ansible.builtin.copy: + src: tests + dest: /opt + owner: root + group: root + roles: + - test diff --git a/chapter-04/tests/basic.bats b/chapter-04/tests/basic.bats new file mode 100644 index 0000000..3c5a175 --- /dev/null +++ b/chapter-04/tests/basic.bats @@ -0,0 +1,13 @@ +# bats file_tags=host01 + +setup() { + BATS_LIB_PATH=/usr/local/lib/node_modules + bats_load_library bats-support + bats_load_library bats-assert + bats_require_minimum_version 1.5.0 +} + +@test 'available commands' { + run -0 which lsns + run -0 which brctl +} diff --git a/chapter-04/tests/busybox.bats b/chapter-04/tests/busybox.bats new file mode 100644 index 0000000..28a44c9 --- /dev/null +++ b/chapter-04/tests/busybox.bats @@ -0,0 +1,35 @@ +# bats file_tags=host01 + +setup() { + BATS_LIB_PATH=/usr/local/lib/node_modules + bats_load_library bats-support + bats_load_library bats-assert + bats_require_minimum_version 1.5.0 +} + +@test 'busybox container' { + run -0 /bin/bash -ec '\ + cd /opt + source busybox.sh + crictl ps + crictl exec $B1C_ID /bin/sh -c "ip addr" + crictl exec $B1C_ID /bin/sh -c "ping -c 1 192.168.61.11" + crictl exec $B1C_ID /bin/sh -c "ip route" + JQ_PATH=".info.runtimeSpec.linux.namespaces[]|select(.type==\"network\").path" + NETNS_PATH=$(crictl inspectp $B1P_ID | jq -r $JQ_PATH) + echo $NETNS_PATH + NETNS=$(basename $NETNS_PATH) + ip netns exec $NETNS ip addr' + assert_output --partial 'busybox' + assert_output --partial 'inet 10.85.0' + assert_output --partial '64 bytes from 192.168.61.11' + assert_output --partial 'default via 10.85.0.1' + assert_output --partial '/var/run/netns' + run -0 lsns -t net + assert_output --partial '/pause' +} + +teardown() { + crictl rm -a -f + crictl rmp -a -f +} diff --git a/chapter-04/tests/netns.bats b/chapter-04/tests/netns.bats new file mode 100644 index 0000000..15918aa --- /dev/null +++ b/chapter-04/tests/netns.bats @@ -0,0 +1,60 @@ +# bats file_tags=host01 + +setup() { + BATS_LIB_PATH=/usr/local/lib/node_modules + bats_load_library bats-support + bats_load_library bats-assert + bats_require_minimum_version 1.5.0 +} + +@test 'create and manipulate a network namespace' { + ip netns add myns + run -0 ip netns list + assert_output --partial 'myns' + run -0 ip netns exec myns ip addr + assert_output --partial 'DOWN' + ip netns exec myns ip link set dev lo up + run -0 ip netns exec myns ip addr + assert_output --partial 'UP' + ip link add myveth-host type veth peer myveth-myns netns myns + run -0 ip addr + assert_output --partial 'myveth-host' + run -0 ip netns exec myns ip addr + assert_output --partial 'myveth-myns' + ip netns exec myns ip addr add 10.85.0.254/16 dev myveth-myns + ip netns exec myns ip link set dev myveth-myns up + ip link set dev myveth-host up + run -0 ip netns exec myns ip addr + assert_output --partial '10.85.0.254' + run -0 ip netns exec myns ping -c 1 10.85.0.254 + assert_output --partial '64 bytes from 10.85.0.254' + run -1 ping -c 1 10.85.0.254 + assert_output --partial 'Destination Host Unreachable' + brctl addif cni0 myveth-host + run -0 brctl show + assert_output --partial 'myveth-host' + run -0 ping -c 1 10.85.0.254 + assert_output --partial '64 bytes from 10.85.0.254' + run -2 ip netns exec myns ping -c 1 192.168.61.11 + assert_output --partial 'Network is unreachable' + ip netns exec myns ip route add default via 10.85.0.1 + run -0 ip netns exec myns ping -c 1 192.168.61.11 + assert_output --partial '64 bytes from 192.168.61.11' + run -1 ip netns exec myns ping -c 1 192.168.61.12 + assert_output --partial '0 received' + iptables -t nat -N chain-myns + iptables -t nat -A chain-myns -d 10.85.0.0/16 -j ACCEPT + iptables -t nat -A chain-myns ! -d 224.0.0.0/4 -j MASQUERADE + iptables -t nat -A POSTROUTING -s 10.85.0.254 -j chain-myns + run -0 iptables -t nat -n -L + assert_output --partial 'chain-myns' + run -0 ip netns exec myns ping -c 1 192.168.61.12 + assert_output --partial '64 bytes from 192.168.61.12' +} + +teardown() { + ip -all netns delete + iptables -t nat -D POSTROUTING -s 10.85.0.254 -j chain-myns + iptables -t nat -F chain-myns + iptables -t nat -X chain-myns +} \ No newline at end of file diff --git a/chapter-04/tests/nginx.bats b/chapter-04/tests/nginx.bats new file mode 100644 index 0000000..3653669 --- /dev/null +++ b/chapter-04/tests/nginx.bats @@ -0,0 +1,25 @@ +# bats file_tags=host01 + +setup() { + BATS_LIB_PATH=/usr/local/lib/node_modules + bats_load_library bats-support + bats_load_library bats-assert + bats_require_minimum_version 1.5.0 +} + +@test 'nginx containers' { + run -0 /bin/bash -ec '\ + cd /opt + source nginx.sh + crictl ps + crictl exec $N1C_ID cat /proc/net/tcp + crictl exec $N2C_ID cat /proc/net/tcp' + assert_output --partial 'nginx1' + assert_output --partial 'nginx2' + assert_output --partial '0050' +} + +teardown() { + crictl rm -a -f + crictl rmp -a -f +}