From 79060076f217eebf8f8e5f829bd035b47adef06a Mon Sep 17 00:00:00 2001 From: Yuya Kusakabe Date: Wed, 11 Jan 2017 01:36:05 +0900 Subject: Initial commit --- .gitignore | 21 +++++++++++++++ Gemfile | 5 ++++ README.md | 12 +++++++++ Rakefile | 50 +++++++++++++++++++++++++++++++++++ spec/one_node/Vagrantfile | 28 ++++++++++++++++++++ spec/one_node/config.yaml | 2 ++ spec/one_node/vyos_script.sh | 8 ++++++ spec/one_node/vyos_spec.rb | 12 +++++++++ spec/site_to_site_vpn/Vagrantfile | 28 ++++++++++++++++++++ spec/site_to_site_vpn/config.yaml | 15 +++++++++++ spec/site_to_site_vpn/vyos1_script.sh | 28 ++++++++++++++++++++ spec/site_to_site_vpn/vyos1_spec.rb | 12 +++++++++ spec/site_to_site_vpn/vyos2_script.sh | 28 ++++++++++++++++++++ spec/site_to_site_vpn/vyos2_spec.rb | 12 +++++++++ spec/site_to_site_vpn/vyos3_script.sh | 8 ++++++ spec/site_to_site_vpn/vyos3_spec.rb | 16 +++++++++++ spec/site_to_site_vpn/vyos4_script.sh | 8 ++++++ spec/site_to_site_vpn/vyos4_spec.rb | 16 +++++++++++ spec/spec_helper.rb | 18 +++++++++++++ 19 files changed, 327 insertions(+) create mode 100644 .gitignore create mode 100644 Gemfile create mode 100644 README.md create mode 100644 Rakefile create mode 100644 spec/one_node/Vagrantfile create mode 100644 spec/one_node/config.yaml create mode 100644 spec/one_node/vyos_script.sh create mode 100644 spec/one_node/vyos_spec.rb create mode 100644 spec/site_to_site_vpn/Vagrantfile create mode 100644 spec/site_to_site_vpn/config.yaml create mode 100644 spec/site_to_site_vpn/vyos1_script.sh create mode 100644 spec/site_to_site_vpn/vyos1_spec.rb create mode 100644 spec/site_to_site_vpn/vyos2_script.sh create mode 100644 spec/site_to_site_vpn/vyos2_spec.rb create mode 100644 spec/site_to_site_vpn/vyos3_script.sh create mode 100644 spec/site_to_site_vpn/vyos3_spec.rb create mode 100644 spec/site_to_site_vpn/vyos4_script.sh create mode 100644 spec/site_to_site_vpn/vyos4_spec.rb create mode 100644 spec/spec_helper.rb diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a87d09e --- /dev/null +++ b/.gitignore @@ -0,0 +1,21 @@ +*.gem +*.rbc +.bundle +.config +.yardoc +Gemfile.lock +InstalledFiles +_yardoc +coverage +doc/ +lib/bundler/man +pkg +rdoc +spec/reports +test/tmp +test/version_tmp +tmp +.swp +.ruby-version +.rbenv-gemsets +.vagrant diff --git a/Gemfile b/Gemfile new file mode 100644 index 0000000..0c5e2c2 --- /dev/null +++ b/Gemfile @@ -0,0 +1,5 @@ +source 'https://rubygems.org' + +gem 'rake' +gem 'serverspec' +gem 'serverspec-vyos-config' diff --git a/README.md b/README.md new file mode 100644 index 0000000..5fdbb55 --- /dev/null +++ b/README.md @@ -0,0 +1,12 @@ +# vyos-integration-test + +## Setup + +* Install Vagrant +* Run `bundle` + +## Run test + +``` +rake spec +``` diff --git a/Rakefile b/Rakefile new file mode 100644 index 0000000..472f676 --- /dev/null +++ b/Rakefile @@ -0,0 +1,50 @@ +require 'rake' +require 'rspec/core/rake_task' +require 'yaml' + +spec_tasks = [] +configs = {} +tests = Dir.glob("spec/*/").map { |s| s.gsub(/spec\//, '').gsub(/\//, '') } +tests.each do |test| + spec_tasks.concat(["spec:#{test}"]) + configs[test] = YAML.load_file("spec/#{test}/config.yaml") +end + +task :spec => spec_tasks +task :all => "spec:all" + +namespace :spec do + tests.each do |test| + config = configs[test] + task test.to_sym do + puts "Running #{test} test..." + Dir.chdir("spec/#{test}") do + `vagrant up --provider=libvirt` + end + + config.keys.each do |host| + Rake::Task["spec:#{test}:#{host}"].invoke + end + + puts "Cleanup #{test} test..." + Dir.chdir("spec/#{test}") do + `vagrant destroy` + end + end + end + + tests.each do |test| + namespace test do + config = configs[test] + Dir.chdir("spec/#{test}") do + config.keys.each do |host| + RSpec::Core::RakeTask.new(host.to_sym) do |t| + ENV["TARGET_TEST"] = test + ENV["TARGET_HOST"] = host + t.pattern = "spec/#{test}/#{host}_spec.rb" + end + end + end + end + end +end diff --git a/spec/one_node/Vagrantfile b/spec/one_node/Vagrantfile new file mode 100644 index 0000000..03b9ff7 --- /dev/null +++ b/spec/one_node/Vagrantfile @@ -0,0 +1,28 @@ +require 'yaml' + +configs = YAML.load_file("config.yaml") + +Vagrant.configure("2") do |config| + config.vm.provider :libvirt do |libvirt| + libvirt.cpu_mode = 'host-passthrough' + end + configs.keys.each do |host| + config.vm.define host.to_sym do |c| + c.vm.box = "higebu/vyos" + c.vm.synced_folder "./", "/vagrant", + :owner => "vagrant", + :group => "vyattacfg", + :mount_options => ["dmode=775,fmode=775"] + c.vm.hostname = host + if !configs[host].nil? and configs[host].has_key? :networks + configs[host][:networks].keys.each do |net| + c.vm.network :private_network, + :ip => configs[host][:networks][net], + :libvirt__network_name => net, + :libvirt__dhcp_enabled => false + end + end + c.vm.provision "shell", path: "#{host}_script.sh" + end + end +end diff --git a/spec/one_node/config.yaml b/spec/one_node/config.yaml new file mode 100644 index 0000000..cbf352d --- /dev/null +++ b/spec/one_node/config.yaml @@ -0,0 +1,2 @@ +--- +vyos: diff --git a/spec/one_node/vyos_script.sh b/spec/one_node/vyos_script.sh new file mode 100644 index 0000000..edb0afe --- /dev/null +++ b/spec/one_node/vyos_script.sh @@ -0,0 +1,8 @@ +#!/bin/vbash + +source /opt/vyatta/etc/functions/script-template + +set system time-zone Asia/Tokyo + +commit +save diff --git a/spec/one_node/vyos_spec.rb b/spec/one_node/vyos_spec.rb new file mode 100644 index 0000000..ec0e11f --- /dev/null +++ b/spec/one_node/vyos_spec.rb @@ -0,0 +1,12 @@ +require_relative '../spec_helper' +require 'serverspec_vyos_config' + +File.open('spec/one_node/vyos_script.sh') do |file| + file.each_line do |l| + if l.start_with?("set") + describe vyos_config(l.gsub(/set /, '')) do + it { should be_exists } + end + end + end +end diff --git a/spec/site_to_site_vpn/Vagrantfile b/spec/site_to_site_vpn/Vagrantfile new file mode 100644 index 0000000..03b9ff7 --- /dev/null +++ b/spec/site_to_site_vpn/Vagrantfile @@ -0,0 +1,28 @@ +require 'yaml' + +configs = YAML.load_file("config.yaml") + +Vagrant.configure("2") do |config| + config.vm.provider :libvirt do |libvirt| + libvirt.cpu_mode = 'host-passthrough' + end + configs.keys.each do |host| + config.vm.define host.to_sym do |c| + c.vm.box = "higebu/vyos" + c.vm.synced_folder "./", "/vagrant", + :owner => "vagrant", + :group => "vyattacfg", + :mount_options => ["dmode=775,fmode=775"] + c.vm.hostname = host + if !configs[host].nil? and configs[host].has_key? :networks + configs[host][:networks].keys.each do |net| + c.vm.network :private_network, + :ip => configs[host][:networks][net], + :libvirt__network_name => net, + :libvirt__dhcp_enabled => false + end + end + c.vm.provision "shell", path: "#{host}_script.sh" + end + end +end diff --git a/spec/site_to_site_vpn/config.yaml b/spec/site_to_site_vpn/config.yaml new file mode 100644 index 0000000..01178dc --- /dev/null +++ b/spec/site_to_site_vpn/config.yaml @@ -0,0 +1,15 @@ +--- +vyos1: + :networks: + net1: "10.0.1.11" + net2: "10.0.2.11" +vyos2: + :networks: + net1: "10.0.1.12" + net3: "10.0.3.11" +vyos3: + :networks: + net2: "10.0.2.13" +vyos4: + :networks: + net3: "10.0.3.14" diff --git a/spec/site_to_site_vpn/vyos1_script.sh b/spec/site_to_site_vpn/vyos1_script.sh new file mode 100644 index 0000000..8033692 --- /dev/null +++ b/spec/site_to_site_vpn/vyos1_script.sh @@ -0,0 +1,28 @@ +#!/bin/vbash + +source /opt/vyatta/etc/functions/script-template + +set vpn ipsec ike-group ike-g proposal 1 encryption aes256 +set vpn ipsec ike-group ike-g proposal 1 hash sha1 +set vpn ipsec ike-group ike-g proposal 1 dh-group 2 +set vpn ipsec ike-group ike-g lifetime 28800 +set vpn ipsec ike-group ike-g dead-peer-detection action restart +set vpn ipsec ike-group ike-g dead-peer-detection interval 15 +set vpn ipsec ike-group ike-g dead-peer-detection timeout 90 + +set vpn ipsec esp-group esp-g proposal 1 encryption aes256 +set vpn ipsec esp-group esp-g proposal 1 hash sha1 +set vpn ipsec esp-group esp-g lifetime 3600 + +set vpn ipsec ipsec-interfaces interface eth1 + +set vpn ipsec site-to-site peer 10.0.1.12 authentication mode pre-shared-secret +set vpn ipsec site-to-site peer 10.0.1.12 authentication pre-shared-secret test +set vpn ipsec site-to-site peer 10.0.1.12 ike-group ike-g +set vpn ipsec site-to-site peer 10.0.1.12 default-esp-group esp-g +set vpn ipsec site-to-site peer 10.0.1.12 local-address 10.0.1.11 +set vpn ipsec site-to-site peer 10.0.1.12 tunnel 1 local prefix 10.0.2.0/24 +set vpn ipsec site-to-site peer 10.0.1.12 tunnel 1 remote prefix 10.0.3.0/24 + +commit +save diff --git a/spec/site_to_site_vpn/vyos1_spec.rb b/spec/site_to_site_vpn/vyos1_spec.rb new file mode 100644 index 0000000..6506d93 --- /dev/null +++ b/spec/site_to_site_vpn/vyos1_spec.rb @@ -0,0 +1,12 @@ +require_relative '../spec_helper' +require 'serverspec_vyos_config' + +File.open('spec/site_to_site_vpn/vyos1_script.sh') do |file| + file.each_line do |l| + if l.start_with?("set") + describe vyos_config(l.gsub(/set /, '')) do + it { should be_exists } + end + end + end +end diff --git a/spec/site_to_site_vpn/vyos2_script.sh b/spec/site_to_site_vpn/vyos2_script.sh new file mode 100644 index 0000000..2e01140 --- /dev/null +++ b/spec/site_to_site_vpn/vyos2_script.sh @@ -0,0 +1,28 @@ +#!/bin/vbash + +source /opt/vyatta/etc/functions/script-template + +set vpn ipsec ike-group ike-g proposal 1 encryption aes256 +set vpn ipsec ike-group ike-g proposal 1 hash sha1 +set vpn ipsec ike-group ike-g proposal 1 dh-group 2 +set vpn ipsec ike-group ike-g lifetime 28800 +set vpn ipsec ike-group ike-g dead-peer-detection action restart +set vpn ipsec ike-group ike-g dead-peer-detection interval 15 +set vpn ipsec ike-group ike-g dead-peer-detection timeout 90 + +set vpn ipsec esp-group esp-g proposal 1 encryption aes256 +set vpn ipsec esp-group esp-g proposal 1 hash sha1 +set vpn ipsec esp-group esp-g lifetime 3600 + +set vpn ipsec ipsec-interfaces interface eth1 + +set vpn ipsec site-to-site peer 10.0.1.11 authentication mode pre-shared-secret +set vpn ipsec site-to-site peer 10.0.1.11 authentication pre-shared-secret test +set vpn ipsec site-to-site peer 10.0.1.11 ike-group ike-g +set vpn ipsec site-to-site peer 10.0.1.11 default-esp-group esp-g +set vpn ipsec site-to-site peer 10.0.1.11 local-address 10.0.1.12 +set vpn ipsec site-to-site peer 10.0.1.11 tunnel 1 local prefix 10.0.3.0/24 +set vpn ipsec site-to-site peer 10.0.1.11 tunnel 1 remote prefix 10.0.2.0/24 + +commit +save diff --git a/spec/site_to_site_vpn/vyos2_spec.rb b/spec/site_to_site_vpn/vyos2_spec.rb new file mode 100644 index 0000000..23a0a57 --- /dev/null +++ b/spec/site_to_site_vpn/vyos2_spec.rb @@ -0,0 +1,12 @@ +require_relative '../spec_helper' +require 'serverspec_vyos_config' + +File.open('spec/site_to_site_vpn/vyos2_script.sh') do |file| + file.each_line do |l| + if l.start_with?("set") + describe vyos_config(l.gsub(/set /, '')) do + it { should be_exists } + end + end + end +end diff --git a/spec/site_to_site_vpn/vyos3_script.sh b/spec/site_to_site_vpn/vyos3_script.sh new file mode 100644 index 0000000..e443225 --- /dev/null +++ b/spec/site_to_site_vpn/vyos3_script.sh @@ -0,0 +1,8 @@ +#!/bin/vbash + +source /opt/vyatta/etc/functions/script-template + +set protocols static route 10.0.3.0/24 next-hop 10.0.2.11 + +commit +save diff --git a/spec/site_to_site_vpn/vyos3_spec.rb b/spec/site_to_site_vpn/vyos3_spec.rb new file mode 100644 index 0000000..3aa75d6 --- /dev/null +++ b/spec/site_to_site_vpn/vyos3_spec.rb @@ -0,0 +1,16 @@ +require_relative '../spec_helper' +require 'serverspec_vyos_config' + +File.open('spec/site_to_site_vpn/vyos3_script.sh') do |file| + file.each_line do |l| + if l.start_with?("set") + describe vyos_config(l.gsub(/set /, '')) do + it { should be_exists } + end + end + end +end + +describe host('10.0.3.14') do + it { should be_reachable } +end diff --git a/spec/site_to_site_vpn/vyos4_script.sh b/spec/site_to_site_vpn/vyos4_script.sh new file mode 100644 index 0000000..ec45e72 --- /dev/null +++ b/spec/site_to_site_vpn/vyos4_script.sh @@ -0,0 +1,8 @@ +#!/bin/vbash + +source /opt/vyatta/etc/functions/script-template + +set protocols static route 10.0.2.0/24 next-hop 10.0.3.11 + +commit +save diff --git a/spec/site_to_site_vpn/vyos4_spec.rb b/spec/site_to_site_vpn/vyos4_spec.rb new file mode 100644 index 0000000..2da7341 --- /dev/null +++ b/spec/site_to_site_vpn/vyos4_spec.rb @@ -0,0 +1,16 @@ +require_relative '../spec_helper' +require 'serverspec_vyos_config' + +File.open('spec/site_to_site_vpn/vyos4_script.sh') do |file| + file.each_line do |l| + if l.start_with?("set") + describe vyos_config(l.gsub(/set /, '')) do + it { should be_exists } + end + end + end +end + +describe host('10.0.2.13') do + it { should be_reachable } +end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb new file mode 100644 index 0000000..c69b823 --- /dev/null +++ b/spec/spec_helper.rb @@ -0,0 +1,18 @@ +require 'serverspec' +require 'net/ssh' +require 'tempfile' + +set :backend, :ssh +set :disable_sudo, true + +test = ENV['TARGET_TEST'] +host = ENV['TARGET_HOST'] + +Dir.chdir("spec/#{test}") do + config = Tempfile.new('', Dir.tmpdir) + `vagrant ssh-config #{host} > #{config.path}` + options = Net::SSH::Config.for(host, [config.path]) + options[:user] ||= Etc.getlogin + set :host, options[:host_name] || host + set :ssh_options, options +end -- cgit v1.2.3