snappy-hwe-snaps

Merge ~gary-wzl77/snappy-hwe-snaps/+git/engineering-tests:easy-openvpn into ~snappy-hwe-team/snappy-hwe-snaps/+git/engineering-tests:master

  1. Git
  2. lp:~gary-wzl77/snappy-hwe-snaps/+git/engineering-tests
  3. easy-openvpn
  4. Merge into master
Proposed by Gary.Wang
Status: Merged
Approved by: Alfonso Sanchez-Beato
Approved revision: 53ec5065fae589ae616a84ae32fa2f33c1973360
Merged at revision: 60e757725a6379b1a1f8aaf71c48f1c6754249f0
Proposed branch: ~gary-wzl77/snappy-hwe-snaps/+git/engineering-tests:easy-openvpn
Merge into: ~snappy-hwe-team/snappy-hwe-snaps/+git/engineering-tests:master
Diff against target: 335 lines (+225/-8)
12 files modified
README.md (+7/-0)
bin/run-alsa-utils-tests (+5/-0)
bin/run-captive-redirect-tests (+5/-0)
bin/run-easy-openvpn-tests (+5/-0)
bin/run-media-hub-tests (+5/-0)
bin/run-serial-vault-tests (+5/-0)
bin/run-snapweb-tests (+5/-0)
bin/run-upower-tests (+5/-0)
bin/run-wifi-connect-tests (+5/-0)
bin/run-wpa-supplicant-tests (+5/-0)
com.canonical.se:engineering-tests/units/easy-openvpn/easy-openvpn.pxu (+163/-0)
snapcraft.yaml (+10/-8)
Reviewer Review Type Date Requested Status
Alfonso Sanchez-Beato Approve
Simon Fels Approve
System Enablement Bot continuous-integration Approve
Review via email: mp+330325@code.launchpad.net

This proposal supersedes a proposal from 2017-09-07.

Commit message

*.Add easy-openvpn plainbox test cases.
*.Unify tests launch command.

Description of the change

*.Add easy-openvpn plainbox test cases.
*.Unify tests launch command.

To post a comment you must log in.
Revision history for this message
System Enablement Bot (system-enablement-ci-bot) wrote :

PASSED: Continuous integration, rev:53ec5065fae589ae616a84ae32fa2f33c1973360
https://jenkins.canonical.com/system-enablement/job/generic-build-snap/1940/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/system-enablement/job/generic-build-snap-worker/3359
    None: https://jenkins.canonical.com/system-enablement/job/generic-update-snap-mp/1848/console
    SUCCESS: https://jenkins.canonical.com/system-enablement/job/generic-test-snap/3619
    None: https://jenkins.canonical.com/system-enablement/job/generic-cleanup-snap/2814/console

Click here to trigger a rebuild:
https://jenkins.canonical.com/system-enablement/job/generic-build-snap/1940/rebuild

review: Approve (continuous-integration)
Revision history for this message
Simon Fels (morphis) wrote :

LGTM

review: Approve
Revision history for this message
Alfonso Sanchez-Beato (alfonsosanchezbeato) wrote :

LGTM

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/README.md b/README.md
2index 5ab766a..50ee19e 100644
3--- a/README.md
4+++ b/README.md
5@@ -22,6 +22,11 @@ It currently covers test cases for the following snaps
6 * wifi-connect
7 * wireless-tools
8 * wpa-supplicant
9+ * media-hub
10+ * snapweb
11+ * serial-vault
12+ * easy-openvpn
13+
14
15 ## How can I run the tests?
16
17@@ -56,6 +61,8 @@ categories related to the command's name.
18 $ /snap/bin/canonical-se-engineering-tests.wifi-ap
19 $ /snap/bin/canonical-se-engineering-tests.wifi-connect
20 $ /snap/bin/canonical-se-engineering-tests.wireless-tools
21+ $ /snap/bin/canonical-se-engineering-tests.snapweb
22+ $ /snap/bin/canonical-se-engineering-tests.easy-openvpn
23
24 ## How can I contribute new tests?
25
26diff --git a/bin/run-alsa-utils-tests b/bin/run-alsa-utils-tests
27new file mode 100755
28index 0000000..d22e3cb
29--- /dev/null
30+++ b/bin/run-alsa-utils-tests
31@@ -0,0 +1,5 @@
32+#!/bin/sh
33+export PATH="$PATH:$SNAP/usr/sbin"
34+exec python3 $(which plainbox) \
35+ run -i '2017.com.canonical.se::alsa_utils.*' \
36+ "$@"
37diff --git a/bin/run-captive-redirect-tests b/bin/run-captive-redirect-tests
38new file mode 100755
39index 0000000..3887d71
40--- /dev/null
41+++ b/bin/run-captive-redirect-tests
42@@ -0,0 +1,5 @@
43+#!/bin/sh
44+export PATH="$PATH:$SNAP/usr/sbin"
45+exec python3 $(which plainbox) \
46+ run -i '2017.com.canonical.se::captive_redirect.*' \
47+ "$@"
48diff --git a/bin/run-easy-openvpn-tests b/bin/run-easy-openvpn-tests
49new file mode 100755
50index 0000000..1a5f2ae
51--- /dev/null
52+++ b/bin/run-easy-openvpn-tests
53@@ -0,0 +1,5 @@
54+#!/bin/sh
55+export PATH="$PATH:$SNAP/usr/sbin"
56+exec python3 $(which plainbox) \
57+ run -i '2017.com.canonical.se::easy_openvpn.*' \
58+ "$@"
59diff --git a/bin/run-media-hub-tests b/bin/run-media-hub-tests
60new file mode 100755
61index 0000000..295c791
62--- /dev/null
63+++ b/bin/run-media-hub-tests
64@@ -0,0 +1,5 @@
65+#!/bin/sh
66+export PATH="$PATH:$SNAP/usr/sbin"
67+exec python3 $(which plainbox) \
68+ run -i '2017.com.canonical.se::media_hub.*' \
69+ "$@"
70diff --git a/bin/run-serial-vault-tests b/bin/run-serial-vault-tests
71new file mode 100755
72index 0000000..06537aa
73--- /dev/null
74+++ b/bin/run-serial-vault-tests
75@@ -0,0 +1,5 @@
76+#!/bin/sh
77+export PATH="$PATH:$SNAP/usr/sbin"
78+exec python3 $(which plainbox) \
79+ run -i '2017.com.canonical.se::serial_vault.*' \
80+ "$@"
81diff --git a/bin/run-snapweb-tests b/bin/run-snapweb-tests
82new file mode 100755
83index 0000000..fcb1791
84--- /dev/null
85+++ b/bin/run-snapweb-tests
86@@ -0,0 +1,5 @@
87+#!/bin/sh
88+export PATH="$PATH:$SNAP/usr/sbin"
89+exec python3 $(which plainbox) \
90+ run -i '2017.com.canonical.se::snapweb.*' \
91+ "$@"
92diff --git a/bin/run-upower-tests b/bin/run-upower-tests
93new file mode 100755
94index 0000000..9bb3b9e
95--- /dev/null
96+++ b/bin/run-upower-tests
97@@ -0,0 +1,5 @@
98+#!/bin/sh
99+export PATH="$PATH:$SNAP/usr/sbin"
100+exec python3 $(which plainbox) \
101+ run -i '2017.com.canonical.se::upower.*' \
102+ "$@"
103diff --git a/bin/run-wifi-connect-tests b/bin/run-wifi-connect-tests
104new file mode 100755
105index 0000000..58776f1
106--- /dev/null
107+++ b/bin/run-wifi-connect-tests
108@@ -0,0 +1,5 @@
109+#!/bin/sh
110+export PATH="$PATH:$SNAP/usr/sbin"
111+exec python3 $(which plainbox) \
112+ run -i '2017.com.canonical.se::wifi-connect.*' \
113+ "$@"
114diff --git a/bin/run-wpa-supplicant-tests b/bin/run-wpa-supplicant-tests
115new file mode 100755
116index 0000000..7251334
117--- /dev/null
118+++ b/bin/run-wpa-supplicant-tests
119@@ -0,0 +1,5 @@
120+#!/bin/sh
121+export PATH="$PATH:$SNAP/usr/sbin"
122+exec python3 $(which plainbox) \
123+ run -i '2017.com.canonical.se::wpa_supplicant.*' \
124+ "$@"
125diff --git a/com.canonical.se:engineering-tests/units/easy-openvpn/easy-openvpn.pxu b/com.canonical.se:engineering-tests/units/easy-openvpn/easy-openvpn.pxu
126new file mode 100644
127index 0000000..c6f8336
128--- /dev/null
129+++ b/com.canonical.se:engineering-tests/units/easy-openvpn/easy-openvpn.pxu
130@@ -0,0 +1,163 @@
131+# Copyright 2017 Canonical Ltd.
132+# All rights reserved.
133+#
134+# Written by:
135+# Gary Wang <gary.wang@canonical.com>
136+
137+unit: category
138+id: easy_openvpn
139+_name: An easy-to-manage OpenVPN deployment.
140+
141+id: easy_openvpn/setup/ensure_interface_connection
142+category_id: easy_openvpn
143+_description: Ensure the easy-openvpn interfaces are connected
144+plugin: manual
145+_steps:
146+ 1. If the easy-openvpn snap is already installed remove it via
147+ .
148+ $ snap remove easy-openvpn
149+ .
150+ 2. Install easy-openvpn from the store.
151+ .
152+ $ snap install easy-openvpn
153+ .
154+_verification:
155+ Verify that you see the following when running snap interfaces:
156+ :network easy-openvpn
157+ :network-bind easy-openvpn
158+ :network-control easy-openvpn
159+ :firewall-control easy-openvpn
160+
161+id: easy_openvpn/setup/launch_server
162+category_id: easy_openvpn
163+plugin: manual
164+depends: easy_openvpn/setup/ensure_interface_connection
165+_summary: Setup and launch an openvpn Server
166+_purpose:
167+ Check if an openvpn server is up and running after it's configured.
168+_steps:
169+ 1. Enable IP forwarding firstly.
170+ Note: On ubuntu core, IP forwarding is disabled by default.
171+ .
172+ $ sudo sysctl -w net.ipv4.ip_forward=1
173+ .
174+ 2. Set correct nat device according to your server connection.
175+ Typically, the nat device is 'eth0' (default value) if
176+ the connection is over an ethernet connection. You need to set
177+ it to 'wlan0' if a wireless connection is established.
178+ Note: This fits the scenario where people usually setup a
179+ wireless connection on ubuntu core at the first boot.
180+ .
181+ $ sudo snap set easy-openvpn natdevice=wlan0
182+ .
183+ 3. Find IP address if host machine via ifconfig or hostname:
184+ .
185+ $ hostname -I | cut -f1 -d' '
186+ .
187+ 4. Configure the server with host machine IP address:
188+ Note: PEM pass phrase is mandatory.
189+ .
190+ $ sudo easy-openvpn.setup -u "udp://SERVER_IP"
191+ .
192+ 5. Launch the openvpn server:
193+ .
194+ sudo service snap.easy-openvpn.easy-openvpn start
195+ .
196+_verification:
197+ Run the following command to check journal logs of easy-openvpn:
198+ .
199+ $ sudo journalctl -n 10 --no-pager -u snap.easy-openvpn.easy-openvpn
200+ .
201+ Verify if logs contain the following information like:
202+ 'Initialization Sequence Completed'
203+
204+id: easy_openvpn/setup/add_client
205+category_id: easy_openvpn
206+plugin: manual
207+depends: easy_openvpn/setup/launch_server
208+_summary: Adding an openvpn client.
209+_purpose:
210+ Check if a newly added client can be found at the client list of server.
211+_steps:
212+ 1. Add an openvpn client named 'foo' and output corresponding
213+ client config file(foo.ovpn).
214+ .
215+ $ sudo easy-openvpn.add-client foo > foo.ovpn
216+ .
217+_verification:
218+ Verify if the newly added client(foo) can be found at client list
219+ Run the following command to view the client list of the openvpn server.
220+ .
221+ $ sudo easy-openvpn.clients
222+ .
223+
224+id: easy_openvpn/setup/connect_server
225+category_id: easy_openvpn
226+plugin: manual
227+depends: easy_openvpn/setup/launch_server
228+_summary: Connecting an openvpn server.
229+_purpose:
230+ Check if an end user can connect to an openvpn server from another host machine.
231+_steps:
232+ 1. Install this snap on another machine acting as an openvpn client.
233+ Copy the generated foo.ovpn from server to read/write location on this client.
234+ Remember to change the owner of foo.ovpn to 'root' to overcome
235+ dac_override denied in snappy world.
236+ .
237+ $ sudo chown root.root foo.ovpn
238+ .
239+ 2. Open a terminal and connect the server by running:
240+ .
241+ $ sudo easy-openvpn.connect-server foo.ovpn
242+ .
243+_verification:
244+ Verify if the client logging output contains the following information.
245+ ' openvpn.* Initialization Sequence Completed'
246+
247+id: easy_openvpn/setup/monitor_status
248+category_id: easy_openvpn
249+plugin: manual
250+depends: easy_openvpn/setup/connect_server
251+_summary: Monitor client's status.
252+_purpose:
253+ Monitor clients connection status i.e. traffic information and router table.
254+_steps:
255+ 1. On client side
256+ After vpn connection is established, open a web browser
257+ and navigate to any website.
258+ 2. On server side, run the following command:
259+ .
260+ $ sudo easy-openvpn.status
261+ .
262+_verification:
263+ Verify if there's internet connection after connection is established.
264+ Observing network traffic, especially for bytes received, bytes sent
265+ from the logging output and Ensure the values are not zero.
266+
267+id: easy_openvpn/setup/revoke_client
268+category_id: easy_openvpn
269+plugin: manual
270+depends: easy_openvpn/setup/monitor_status
271+_summary: Revoking an openvpn client.
272+_purpose:
273+ Check if a client can connect to server after the certificate is revoked.
274+_steps:
275+ On the server side:
276+ 1. Remove a known client on the server i.e. 'foo'
277+ .
278+ $ sudo easy-openvpn.revoke-client foo
279+ .
280+ 2. Check if the client is marked as 'REVOKED'
281+ .
282+ $ sudo easy-openvpn.clients | MATCH "foo.*REVOKED"
283+ .
284+ On the client side:
285+ 1. Kill the openvpn client if it's running.
286+ 2. Connect to server again.
287+ .
288+ $ sudo easy-openvpn.connect-server foo.ovpn
289+ .
290+_verification:
291+ Verify if VPN connection fails after the client is revoked on the server end
292+ and the client logging output contains the following information
293+ "TLS Error: TLS handshake failed"
294diff --git a/snapcraft.yaml b/snapcraft.yaml
295index a48c2c8..5be0981 100644
296--- a/snapcraft.yaml
297+++ b/snapcraft.yaml
298@@ -26,27 +26,29 @@ apps:
299 wifi-ap:
300 command: bin/run-wifi-ap-tests
301 wifi-connect:
302- command: bin/plainbox-wrapper run -i '2017.com.canonical.se::wifi-connect.*'
303+ command: bin/run-wifi-connect-tests
304 wireless-tools:
305 command: bin/run-wireless-tools-tests
306 pulseaudio:
307 command: bin/run-pulseaudio-tests
308 snapweb:
309- command: bin/plainbox-wrapper run -i '2017.com.canonical.se::snapweb.*'
310+ command: bin/run-snapweb-tests
311 upower:
312- command: bin/plainbox-wrapper run -i '2017.com.canonical.se::upower.*'
313+ command: bin/run-upower-tests
314 udisks2:
315 command: bin/run-udisks2-tests
316 alsa-utils:
317- command: bin/plainbox-wrapper run -i '2017.com.canonical.se::alsa_utils.*'
318+ command: bin/run-alsa-utils-tests
319 media-hub:
320- command: bin/plainbox-wrapper run -i '2017.com.canonical.se::media_hub.*'
321+ command: bin/run-media-hub-tests
322 captive-redirect:
323- command: bin/plainbox-wrapper run -i '2017.com.canonical.se::captive_redirect.*'
324+ command: bin/run-captive-redirect-tests
325 wpa-supplicant:
326- command: bin/plainbox-wrapper run -i '2017.com.canonical.se::wpa_supplicant.*'
327+ command: bin/run-wpa-supplicant-tests
328 serial-vault:
329- command: bin/plainbox-wrapper run -i '2017.com.canonical.se::serial_vault.*'
330+ command: bin/run-serial-vault-tests
331+ easy-openvpn:
332+ command: bin/run-easy-openvpn-tests
333
334 parts:
335 common:

Subscribers

People subscribed via source and target branches

to all changes: