Add firewall behavior assertions to testinfra testing
This attempts to exercise our firewall rules externally via the bridge host in our testinfra testing. If we like this style of rule we can add a number of tests for various firewall behaviors that we want to ensure. Change-Id: I4ee63bc6f15af9b68fc1c690c5d92f4bf9c756c3
This commit is contained in:
parent
b044cba65a
commit
53522910fb
@ -13,6 +13,7 @@
|
|||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
import json
|
import json
|
||||||
|
import util
|
||||||
|
|
||||||
|
|
||||||
testinfra_hosts = ['zk04.opendev.org']
|
testinfra_hosts = ['zk04.opendev.org']
|
||||||
@ -53,3 +54,23 @@ def test_zookeeper_statsd_running(host):
|
|||||||
out = json.loads(cmd.stdout)
|
out = json.loads(cmd.stdout)
|
||||||
assert out[0]["State"]["Status"] == "running"
|
assert out[0]["State"]["Status"] == "running"
|
||||||
assert out[0]["RestartCount"] == 0
|
assert out[0]["RestartCount"] == 0
|
||||||
|
|
||||||
|
def test_zk_2181_accessibility(host):
|
||||||
|
# Ask the host to report its own IP addresses. This will use our test
|
||||||
|
# local /etc/hosts values and not DNS.
|
||||||
|
zk = host.addr("zk04.opendev.org")
|
||||||
|
# Verify it is using our local /etc/hosts values
|
||||||
|
print(zk.ipv4_addresses)
|
||||||
|
print(zk.ipv6_addresses)
|
||||||
|
|
||||||
|
for addr in zk.ipv4_addresses + zk.ipv6_addresses:
|
||||||
|
if addr.startswith("::ffff:"):
|
||||||
|
# This is an ipv4 address mapped to ipv6 and is covered by
|
||||||
|
# the ipv4_addresses list
|
||||||
|
continue
|
||||||
|
if addr.startswith("127.") or addr == "::1":
|
||||||
|
# We don't want to talk to localhost as we are connecting
|
||||||
|
# from our test bridge instance.
|
||||||
|
continue
|
||||||
|
util.check_unreachable(addr, 2181)
|
||||||
|
util.check_unreachable(addr, 2281)
|
||||||
|
@ -121,3 +121,16 @@ def verify_iptables(host):
|
|||||||
assert snmp in ip6rules
|
assert snmp in ip6rules
|
||||||
|
|
||||||
return rules
|
return rules
|
||||||
|
|
||||||
|
|
||||||
|
def check_unreachable(addr, port, errno=113):
|
||||||
|
# errno 113 is no route to host
|
||||||
|
try:
|
||||||
|
s = socket.create_connection((addr, port), timeout=10)
|
||||||
|
except OSError as e:
|
||||||
|
# No route to host
|
||||||
|
assert e.errno == errno
|
||||||
|
else:
|
||||||
|
s.close()
|
||||||
|
# We should always error.
|
||||||
|
assert False
|
||||||
|
Loading…
Reference in New Issue
Block a user