Initial commit

19 files changed, 327 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..a87d09e
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,21 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+.swp
+.ruby-version
+.rbenv-gemsets
+.vagrant
diff --git a/Gemfile b/Gemfile
new file mode 100644
index 0000000..0c5e2c2
--- /dev/null
+++ b/Gemfile
@@ -0,0 +1,5 @@
+source 'https://rubygems.org'
+
+gem 'rake'
+gem 'serverspec'
+gem 'serverspec-vyos-config'
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..5fdbb55
--- /dev/null
+++ b/README.md
@@ -0,0 +1,12 @@
+# vyos-integration-test
+
+## Setup
+
+* Install Vagrant
+* Run `bundle`
+
+## Run test
+
+```
+rake spec
+```
diff --git a/Rakefile b/Rakefile
new file mode 100644
index 0000000..472f676
--- /dev/null
+++ b/Rakefile
@@ -0,0 +1,50 @@
+require 'rake'
+require 'rspec/core/rake_task'
+require 'yaml'
+
+spec_tasks = []
+configs = {}
+tests = Dir.glob("spec/*/").map { |s| s.gsub(/spec\//, '').gsub(/\//, '') }
+tests.each do |test|
+  spec_tasks.concat(["spec:#{test}"])
+  configs[test] = YAML.load_file("spec/#{test}/config.yaml")
+end
+
+task :spec => spec_tasks
+task :all => "spec:all"
+
+namespace :spec do
+  tests.each do |test|
+    config = configs[test]
+    task test.to_sym do
+      puts "Running #{test} test..."
+      Dir.chdir("spec/#{test}") do
+        `vagrant up --provider=libvirt`
+      end
+
+      config.keys.each do |host|
+        Rake::Task["spec:#{test}:#{host}"].invoke
+      end
+
+      puts "Cleanup #{test} test..."
+      Dir.chdir("spec/#{test}") do
+        `vagrant destroy`
+      end
+    end
+  end
+
+  tests.each do |test|
+    namespace test do
+      config = configs[test]
+      Dir.chdir("spec/#{test}") do
+        config.keys.each do |host|
+          RSpec::Core::RakeTask.new(host.to_sym) do |t|
+            ENV["TARGET_TEST"] = test
+            ENV["TARGET_HOST"] = host
+            t.pattern = "spec/#{test}/#{host}_spec.rb"
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/spec/one_node/Vagrantfile b/spec/one_node/Vagrantfile
new file mode 100644
index 0000000..03b9ff7
--- /dev/null
+++ b/spec/one_node/Vagrantfile
@@ -0,0 +1,28 @@
+require 'yaml'
+
+configs = YAML.load_file("config.yaml")
+
+Vagrant.configure("2") do |config|
+  config.vm.provider :libvirt do |libvirt|
+    libvirt.cpu_mode = 'host-passthrough'
+  end
+  configs.keys.each do |host|
+    config.vm.define host.to_sym do |c|
+      c.vm.box = "higebu/vyos"
+      c.vm.synced_folder "./", "/vagrant",
+        :owner => "vagrant",
+        :group => "vyattacfg",
+        :mount_options => ["dmode=775,fmode=775"]
+      c.vm.hostname = host
+      if !configs[host].nil? and configs[host].has_key? :networks
+        configs[host][:networks].keys.each do |net|
+          c.vm.network :private_network,
+            :ip => configs[host][:networks][net],
+            :libvirt__network_name => net,
+            :libvirt__dhcp_enabled => false
+        end
+      end
+      c.vm.provision "shell", path: "#{host}_script.sh"
+    end
+  end
+end
diff --git a/spec/one_node/config.yaml b/spec/one_node/config.yaml
new file mode 100644
index 0000000..cbf352d
--- /dev/null
+++ b/spec/one_node/config.yaml
@@ -0,0 +1,2 @@
+---
+vyos:
diff --git a/spec/one_node/vyos_script.sh b/spec/one_node/vyos_script.sh
new file mode 100644
index 0000000..edb0afe
--- /dev/null
+++ b/spec/one_node/vyos_script.sh
@@ -0,0 +1,8 @@
+#!/bin/vbash
+
+source /opt/vyatta/etc/functions/script-template
+
+set system time-zone Asia/Tokyo
+
+commit
+save
diff --git a/spec/one_node/vyos_spec.rb b/spec/one_node/vyos_spec.rb
new file mode 100644
index 0000000..ec0e11f
--- /dev/null
+++ b/spec/one_node/vyos_spec.rb
@@ -0,0 +1,12 @@
+require_relative '../spec_helper'
+require 'serverspec_vyos_config'
+
+File.open('spec/one_node/vyos_script.sh') do |file|
+  file.each_line do |l|
+    if l.start_with?("set")
+      describe vyos_config(l.gsub(/set /, '')) do
+        it { should be_exists }
+      end
+    end
+  end
+end
diff --git a/spec/site_to_site_vpn/Vagrantfile b/spec/site_to_site_vpn/Vagrantfile
new file mode 100644
index 0000000..03b9ff7
--- /dev/null
+++ b/spec/site_to_site_vpn/Vagrantfile
@@ -0,0 +1,28 @@
+require 'yaml'
+
+configs = YAML.load_file("config.yaml")
+
+Vagrant.configure("2") do |config|
+  config.vm.provider :libvirt do |libvirt|
+    libvirt.cpu_mode = 'host-passthrough'
+  end
+  configs.keys.each do |host|
+    config.vm.define host.to_sym do |c|
+      c.vm.box = "higebu/vyos"
+      c.vm.synced_folder "./", "/vagrant",
+        :owner => "vagrant",
+        :group => "vyattacfg",
+        :mount_options => ["dmode=775,fmode=775"]
+      c.vm.hostname = host
+      if !configs[host].nil? and configs[host].has_key? :networks
+        configs[host][:networks].keys.each do |net|
+          c.vm.network :private_network,
+            :ip => configs[host][:networks][net],
+            :libvirt__network_name => net,
+            :libvirt__dhcp_enabled => false
+        end
+      end
+      c.vm.provision "shell", path: "#{host}_script.sh"
+    end
+  end
+end
diff --git a/spec/site_to_site_vpn/config.yaml b/spec/site_to_site_vpn/config.yaml
new file mode 100644
index 0000000..01178dc
--- /dev/null
+++ b/spec/site_to_site_vpn/config.yaml
@@ -0,0 +1,15 @@
+---
+vyos1:
+  :networks:
+    net1: "10.0.1.11"
+    net2: "10.0.2.11"
+vyos2:
+  :networks:
+    net1: "10.0.1.12"
+    net3: "10.0.3.11"
+vyos3:
+  :networks:
+    net2: "10.0.2.13"
+vyos4:
+  :networks:
+    net3: "10.0.3.14"
diff --git a/spec/site_to_site_vpn/vyos1_script.sh b/spec/site_to_site_vpn/vyos1_script.sh
new file mode 100644
index 0000000..8033692
--- /dev/null
+++ b/spec/site_to_site_vpn/vyos1_script.sh
@@ -0,0 +1,28 @@
+#!/bin/vbash
+
+source /opt/vyatta/etc/functions/script-template
+
+set vpn ipsec ike-group ike-g proposal 1 encryption aes256
+set vpn ipsec ike-group ike-g proposal 1 hash sha1
+set vpn ipsec ike-group ike-g proposal 1 dh-group 2
+set vpn ipsec ike-group ike-g lifetime 28800
+set vpn ipsec ike-group ike-g dead-peer-detection action restart
+set vpn ipsec ike-group ike-g dead-peer-detection interval 15
+set vpn ipsec ike-group ike-g dead-peer-detection timeout 90
+
+set vpn ipsec esp-group esp-g proposal 1 encryption aes256
+set vpn ipsec esp-group esp-g proposal 1 hash sha1
+set vpn ipsec esp-group esp-g lifetime 3600
+
+set vpn ipsec ipsec-interfaces interface eth1
+
+set vpn ipsec site-to-site peer 10.0.1.12 authentication mode pre-shared-secret
+set vpn ipsec site-to-site peer 10.0.1.12 authentication pre-shared-secret test
+set vpn ipsec site-to-site peer 10.0.1.12 ike-group ike-g
+set vpn ipsec site-to-site peer 10.0.1.12 default-esp-group esp-g
+set vpn ipsec site-to-site peer 10.0.1.12 local-address 10.0.1.11
+set vpn ipsec site-to-site peer 10.0.1.12 tunnel 1 local prefix 10.0.2.0/24
+set vpn ipsec site-to-site peer 10.0.1.12 tunnel 1 remote prefix 10.0.3.0/24
+
+commit
+save
diff --git a/spec/site_to_site_vpn/vyos1_spec.rb b/spec/site_to_site_vpn/vyos1_spec.rb
new file mode 100644
index 0000000..6506d93
--- /dev/null
+++ b/spec/site_to_site_vpn/vyos1_spec.rb
@@ -0,0 +1,12 @@
+require_relative '../spec_helper'
+require 'serverspec_vyos_config'
+
+File.open('spec/site_to_site_vpn/vyos1_script.sh') do |file|
+  file.each_line do |l|
+    if l.start_with?("set")
+      describe vyos_config(l.gsub(/set /, '')) do
+        it { should be_exists }
+      end
+    end
+  end
+end
diff --git a/spec/site_to_site_vpn/vyos2_script.sh b/spec/site_to_site_vpn/vyos2_script.sh
new file mode 100644
index 0000000..2e01140
--- /dev/null
+++ b/spec/site_to_site_vpn/vyos2_script.sh
@@ -0,0 +1,28 @@
+#!/bin/vbash
+
+source /opt/vyatta/etc/functions/script-template
+
+set vpn ipsec ike-group ike-g proposal 1 encryption aes256
+set vpn ipsec ike-group ike-g proposal 1 hash sha1
+set vpn ipsec ike-group ike-g proposal 1 dh-group 2
+set vpn ipsec ike-group ike-g lifetime 28800
+set vpn ipsec ike-group ike-g dead-peer-detection action restart
+set vpn ipsec ike-group ike-g dead-peer-detection interval 15
+set vpn ipsec ike-group ike-g dead-peer-detection timeout 90
+
+set vpn ipsec esp-group esp-g proposal 1 encryption aes256
+set vpn ipsec esp-group esp-g proposal 1 hash sha1
+set vpn ipsec esp-group esp-g lifetime 3600
+
+set vpn ipsec ipsec-interfaces interface eth1
+
+set vpn ipsec site-to-site peer 10.0.1.11 authentication mode pre-shared-secret
+set vpn ipsec site-to-site peer 10.0.1.11 authentication pre-shared-secret test
+set vpn ipsec site-to-site peer 10.0.1.11 ike-group ike-g
+set vpn ipsec site-to-site peer 10.0.1.11 default-esp-group esp-g
+set vpn ipsec site-to-site peer 10.0.1.11 local-address 10.0.1.12
+set vpn ipsec site-to-site peer 10.0.1.11 tunnel 1 local prefix 10.0.3.0/24
+set vpn ipsec site-to-site peer 10.0.1.11 tunnel 1 remote prefix 10.0.2.0/24
+
+commit
+save
diff --git a/spec/site_to_site_vpn/vyos2_spec.rb b/spec/site_to_site_vpn/vyos2_spec.rb
new file mode 100644
index 0000000..23a0a57
--- /dev/null
+++ b/spec/site_to_site_vpn/vyos2_spec.rb
@@ -0,0 +1,12 @@
+require_relative '../spec_helper'
+require 'serverspec_vyos_config'
+
+File.open('spec/site_to_site_vpn/vyos2_script.sh') do |file|
+  file.each_line do |l|
+    if l.start_with?("set")
+      describe vyos_config(l.gsub(/set /, '')) do
+        it { should be_exists }
+      end
+    end
+  end
+end
diff --git a/spec/site_to_site_vpn/vyos3_script.sh b/spec/site_to_site_vpn/vyos3_script.sh
new file mode 100644
index 0000000..e443225
--- /dev/null
+++ b/spec/site_to_site_vpn/vyos3_script.sh
@@ -0,0 +1,8 @@
+#!/bin/vbash
+
+source /opt/vyatta/etc/functions/script-template
+
+set protocols static route 10.0.3.0/24 next-hop 10.0.2.11
+
+commit
+save
diff --git a/spec/site_to_site_vpn/vyos3_spec.rb b/spec/site_to_site_vpn/vyos3_spec.rb
new file mode 100644
index 0000000..3aa75d6
--- /dev/null
+++ b/spec/site_to_site_vpn/vyos3_spec.rb
@@ -0,0 +1,16 @@
+require_relative '../spec_helper'
+require 'serverspec_vyos_config'
+
+File.open('spec/site_to_site_vpn/vyos3_script.sh') do |file|
+  file.each_line do |l|
+    if l.start_with?("set")
+      describe vyos_config(l.gsub(/set /, '')) do
+        it { should be_exists }
+      end
+    end
+  end
+end
+
+describe host('10.0.3.14') do
+  it { should be_reachable }
+end
diff --git a/spec/site_to_site_vpn/vyos4_script.sh b/spec/site_to_site_vpn/vyos4_script.sh
new file mode 100644
index 0000000..ec45e72
--- /dev/null
+++ b/spec/site_to_site_vpn/vyos4_script.sh
@@ -0,0 +1,8 @@
+#!/bin/vbash
+
+source /opt/vyatta/etc/functions/script-template
+
+set protocols static route 10.0.2.0/24 next-hop 10.0.3.11
+
+commit
+save
diff --git a/spec/site_to_site_vpn/vyos4_spec.rb b/spec/site_to_site_vpn/vyos4_spec.rb
new file mode 100644
index 0000000..2da7341
--- /dev/null
+++ b/spec/site_to_site_vpn/vyos4_spec.rb
@@ -0,0 +1,16 @@
+require_relative '../spec_helper'
+require 'serverspec_vyos_config'
+
+File.open('spec/site_to_site_vpn/vyos4_script.sh') do |file|
+  file.each_line do |l|
+    if l.start_with?("set")
+      describe vyos_config(l.gsub(/set /, '')) do
+        it { should be_exists }
+      end
+    end
+  end
+end
+
+describe host('10.0.2.13') do
+  it { should be_reachable }
+end
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
new file mode 100644
index 0000000..c69b823
--- /dev/null
+++ b/spec/spec_helper.rb
@@ -0,0 +1,18 @@
+require 'serverspec'
+require 'net/ssh'
+require 'tempfile'
+
+set :backend, :ssh
+set :disable_sudo, true
+
+test = ENV['TARGET_TEST']
+host = ENV['TARGET_HOST']
+
+Dir.chdir("spec/#{test}") do
+  config = Tempfile.new('', Dir.tmpdir)
+  `vagrant ssh-config #{host} > #{config.path}`
+  options = Net::SSH::Config.for(host, [config.path])
+  options[:user] ||= Etc.getlogin
+  set :host,        options[:host_name] || host
+  set :ssh_options, options
+end