fcda69e8b6
All services are reachable from the main netns, no need to enter service network namespaces. This allows us to remove extra_tests.
72 lines
2.6 KiB
Python
72 lines
2.6 KiB
Python
netns_ips = {
|
|
"bitcoind": "169.254.1.12",
|
|
"clightning": "169.254.1.13",
|
|
"lnd": "169.254.1.14",
|
|
"liquidd": "169.254.1.15",
|
|
"electrs": "169.254.1.16",
|
|
"spark-wallet": "169.254.1.17",
|
|
"lightning-charge": "169.254.1.18",
|
|
"nanopos": "169.254.1.19",
|
|
"recurring-donations": "169.254.1.20",
|
|
"nginx": "169.254.1.21",
|
|
"lightning-loop": "169.254.1.22",
|
|
"nbxplorer": "169.254.1.23",
|
|
"btcpayserver": "169.254.1.24",
|
|
}
|
|
|
|
|
|
def ip(netns):
|
|
return netns_ips[netns]
|
|
|
|
|
|
def prestop():
|
|
ping_bitcoind = "ip netns exec nb-bitcoind ping -c 1 -w 1"
|
|
ping_nanopos = "ip netns exec nb-nanopos ping -c 1 -w 1"
|
|
ping_nbxplorer = "ip netns exec nb-nbxplorer ping -c 1 -w 1"
|
|
|
|
# Positive ping tests (non-exhaustive)
|
|
machine.succeed(
|
|
"%s %s &&" % (ping_bitcoind, ip("bitcoind"))
|
|
+ "%s %s &&" % (ping_bitcoind, ip("clightning"))
|
|
+ "%s %s &&" % (ping_bitcoind, ip("lnd"))
|
|
+ "%s %s &&" % (ping_bitcoind, ip("liquidd"))
|
|
+ "%s %s &&" % (ping_bitcoind, ip("nbxplorer"))
|
|
+ "%s %s &&" % (ping_nbxplorer, ip("btcpayserver"))
|
|
+ "%s %s &&" % (ping_nanopos, ip("lightning-charge"))
|
|
+ "%s %s &&" % (ping_nanopos, ip("nanopos"))
|
|
+ "%s %s" % (ping_nanopos, ip("nginx"))
|
|
)
|
|
|
|
# Negative ping tests (non-exhaustive)
|
|
machine.fail(
|
|
"%s %s ||" % (ping_bitcoind, ip("spark-wallet"))
|
|
+ "%s %s ||" % (ping_bitcoind, ip("lightning-loop"))
|
|
+ "%s %s ||" % (ping_bitcoind, ip("lightning-charge"))
|
|
+ "%s %s ||" % (ping_bitcoind, ip("nanopos"))
|
|
+ "%s %s ||" % (ping_bitcoind, ip("recurring-donations"))
|
|
+ "%s %s ||" % (ping_bitcoind, ip("nginx"))
|
|
+ "%s %s ||" % (ping_nanopos, ip("bitcoind"))
|
|
+ "%s %s ||" % (ping_nanopos, ip("clightning"))
|
|
+ "%s %s ||" % (ping_nanopos, ip("lnd"))
|
|
+ "%s %s ||" % (ping_nanopos, ip("lightning-loop"))
|
|
+ "%s %s ||" % (ping_nanopos, ip("liquidd"))
|
|
+ "%s %s ||" % (ping_nanopos, ip("electrs"))
|
|
+ "%s %s ||" % (ping_nanopos, ip("spark-wallet"))
|
|
+ "%s %s ||" % (ping_nanopos, ip("recurring-donations"))
|
|
+ "%s %s" % (ping_nanopos, ip("btcpayserver"))
|
|
)
|
|
|
|
# test that netns-exec can't be run for unauthorized namespace
|
|
machine.fail("netns-exec nb-electrs ip a")
|
|
|
|
# test that netns-exec drops capabilities
|
|
assert_full_match(
|
|
"su operator -c 'netns-exec nb-bitcoind capsh --print | grep Current '", "Current: =\n"
|
|
)
|
|
|
|
# test that netns-exec can not be executed by users that are not operator
|
|
machine.fail("sudo -u clightning netns-exec nb-bitcoind ip a")
|
|
|
|
|
|
run_tests()
|