Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: reload on resetting to defaults #159

Merged
merged 25 commits into from
Jul 21, 2023
Merged

fix: reload on resetting to defaults #159

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
511690b
fix: reload on resetting to defaults
BrennanPaciorek Jul 18, 2023
ba943d7
test: reload on previous replaced quality test
BrennanPaciorek Jul 20, 2023
a79e91b
tests - fix linter issues
BrennanPaciorek Jul 20, 2023
0289da2
test: ignore ansible test shebang check
BrennanPaciorek Jul 20, 2023
e363271
Update tests/files/test_ping.sh
BrennanPaciorek Jul 20, 2023
3344e93
Update tests/files/test_ping.sh
BrennanPaciorek Jul 20, 2023
1262395
Update tests/files/test_ping.sh
BrennanPaciorek Jul 20, 2023
15dd90f
Update tests/files/test_ping.sh
BrennanPaciorek Jul 20, 2023
b4e21d2
Update .sanity-ansible-ignore-2.12.txt
BrennanPaciorek Jul 20, 2023
1517156
Update .sanity-ansible-ignore-2.13.txt
BrennanPaciorek Jul 20, 2023
68d20ab
Update .sanity-ansible-ignore-2.14.txt
BrennanPaciorek Jul 20, 2023
c2d7d22
Update .sanity-ansible-ignore-2.15.txt
BrennanPaciorek Jul 20, 2023
eea02b2
Update .sanity-ansible-ignore-2.12.txt
BrennanPaciorek Jul 20, 2023
2dd12c5
Update .sanity-ansible-ignore-2.13.txt
BrennanPaciorek Jul 20, 2023
233158e
Update .sanity-ansible-ignore-2.14.txt
BrennanPaciorek Jul 20, 2023
454c89c
Update .sanity-ansible-ignore-2.15.txt
BrennanPaciorek Jul 20, 2023
1e94a3d
Update .sanity-ansible-ignore-2.9.txt
BrennanPaciorek Jul 20, 2023
6513678
test: change order in which ping tests are run
BrennanPaciorek Jul 20, 2023
05fc94b
fix - change systemctl reload to firewall-cmd --reload
BrennanPaciorek Jul 20, 2023
e3cad3e
tests: make shellcheck not fail
BrennanPaciorek Jul 20, 2023
0098fa8
test - debug script, reduce pings and add timeout
BrennanPaciorek Jul 21, 2023
d6d80d2
files: remove unnecessary variable from reset script args
BrennanPaciorek Jul 21, 2023
cee01c7
ci: skip tests/tests_reload_on_reset.yml on EL7
BrennanPaciorek Jul 21, 2023
05b0bbd
test: modify tests/files/test_ping.sh parameters
BrennanPaciorek Jul 21, 2023
29a1126
test: remove trailing spaces (ansiblelint)
BrennanPaciorek Jul 21, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .sanity-ansible-ignore-2.12.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,4 @@ plugins/modules/firewall_lib.py validate-modules:missing-gplv3-license
plugins/modules/firewall_lib_facts.py validate-modules:missing-gplv3-license
plugins/modules/firewall_lib.py validate-modules:missing-examples
roles/firewall/files/get_files_checksums.sh shebang!skip
files/test_ping.sh shebang!skip
BrennanPaciorek marked this conversation as resolved.
Show resolved Hide resolved
1 change: 1 addition & 0 deletions .sanity-ansible-ignore-2.13.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,4 @@ plugins/modules/firewall_lib.py validate-modules:missing-gplv3-license
plugins/modules/firewall_lib_facts.py validate-modules:missing-gplv3-license
plugins/modules/firewall_lib.py validate-modules:missing-examples
roles/firewall/files/get_files_checksums.sh shebang!skip
files/test_ping.sh shebang!skip
1 change: 1 addition & 0 deletions .sanity-ansible-ignore-2.14.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,4 @@ plugins/modules/firewall_lib.py validate-modules:missing-gplv3-license
plugins/modules/firewall_lib_facts.py validate-modules:missing-gplv3-license
plugins/modules/firewall_lib.py validate-modules:missing-examples
roles/firewall/files/get_files_checksums.sh shebang!skip
files/test_ping.sh shebang!skip
1 change: 1 addition & 0 deletions .sanity-ansible-ignore-2.15.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,4 @@ plugins/modules/firewall_lib.py validate-modules:missing-gplv3-license
plugins/modules/firewall_lib_facts.py validate-modules:missing-gplv3-license
plugins/modules/firewall_lib.py validate-modules:missing-examples
roles/firewall/files/get_files_checksums.sh shebang!skip
files/test_ping.sh shebang!skip
1 change: 1 addition & 0 deletions .sanity-ansible-ignore-2.9.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,4 @@ plugins/modules/firewall_lib.py validate-modules:missing-gplv3-license
plugins/modules/firewall_lib_facts.py validate-modules:missing-gplv3-license
plugins/modules/firewall_lib.py validate-modules:missing-examples
roles/firewall/files/get_files_checksums.sh shebang!skip
files/test_ping.sh shebang!skip
2 changes: 1 addition & 1 deletion files/get_files_checksums.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ if [ "${remove:-false}" = true ]; then
find "$firewall_conf_root" -name \*.xml -exec rm -f {} \;
rm -f "$firewall_conf_root/firewalld.conf"
if [ -s "$listfile" ] ; then
systemctl restart "$firewall_service"
systemctl reload "$firewall_service"
fi
fi

Expand Down
51 changes: 51 additions & 0 deletions tests/files/test_ping.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
#!/bin/bash
# Author - Brennan Paciorek <[email protected]>
# Description - Benchmark firewalld downtime while reloading and while restarting
# by measuring how many packets are dropped while firewalld is restarting/reloading

BrennanPaciorek marked this conversation as resolved.
Show resolved Hide resolved
cat > /tmp/Containerfile << EOF
FROM quay.io/centos/centos:stream8
RUN dnf -y install systemd
RUN dnf -y install firewalld nc
EXPOSE 31337
CMD /usr/lib/systemd/systemd
EOF

trap "rm -f /tmp/Containerfile" EXIT

# Initial container setup #
{
podman network create --subnet 172.16.1.0/24 --gateway 172.16.1.1 --interface-name podmanbr0 podmanbr0
trap "podman network rm podmanbr0" EXIT
BrennanPaciorek marked this conversation as resolved.
Show resolved Hide resolved
imageid=$(podman build -q /tmp)
podman run -d --privileged --net podmanbr0 --ip 172.16.1.2 --name test-firewalld --rm "$imageid" /usr/lib/systemd/systemd || exit 1
Copy link
Collaborator Author

@BrennanPaciorek BrennanPaciorek Jul 20, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The --rm option was already provided, should I move it?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sorry, I missed that

trap "podman stop test-firewalld" EXIT
sleep 5 # Wait reasonable amount of time for container to start services

# Firewall rule setup #
podman exec test-firewalld firewall-cmd --permanent --add-icmp-block "echo-request"
# firewall-cmd reload waits for dbus response, systemctl will not
podman exec test-firewalld firewall-cmd --reload
} > /dev/null 2>/dev/null
# The following ping should have 100% packet loss
ping -c 500 -i 0.01 172.16.1.2 1>/tmp/ping0 2>/dev/null
BrennanPaciorek marked this conversation as resolved.
Show resolved Hide resolved
trap "rm -f /tmp/ping0" EXIT

# Begin downtime comparision #
ping -c 500 -i 0.01 172.16.1.2 1>/tmp/ping1 2>/dev/null &
BrennanPaciorek marked this conversation as resolved.
Show resolved Hide resolved
pid=$!
BrennanPaciorek marked this conversation as resolved.
Show resolved Hide resolved
trap "rm -f /tmp/ping1" EXIT
podman exec test-firewalld systemctl restart firewalld.service
wait $pid
BrennanPaciorek marked this conversation as resolved.
Show resolved Hide resolved

ping -c 500 -i 0.01 172.16.1.2 1>/tmp/ping2 2>/dev/null &
pid=$!
BrennanPaciorek marked this conversation as resolved.
Show resolved Hide resolved
trap "rm -f /tmp/ping2" EXIT
podman exec test-firewalld systemctl reload firewalld.service
wait $pid
BrennanPaciorek marked this conversation as resolved.
Show resolved Hide resolved

# Print Results
tail -2 /tmp/ping0 | head -1 | awk '{print $4}'
BrennanPaciorek marked this conversation as resolved.
Show resolved Hide resolved
tail -2 /tmp/ping1 | head -1 | awk '{print $4}'
tail -2 /tmp/ping2 | head -1 | awk '{print $4}'

25 changes: 25 additions & 0 deletions tests/tests_reload_on_reset.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
---
- name: Setup a vm with podman on it
hosts: all
BrennanPaciorek marked this conversation as resolved.
Show resolved Hide resolved
tasks:
- name: Install podman
package:
name: podman
state: present

- name: Run test
script:
cmd: files/test_ping.sh
executable: /bin/bash
register: test_results

- name: Process test results
vars:
coherence_check: "{{ test_results.stdout_lines[0] }}"
restart_check: "{{ test_results.stdout_lines[1] }}"
reload_check: "{{ test_results.stdout_lines[2] }}"
fail:
msg: Either coherence check or benchmark failed
when: >-
coherence_check | int != 0
or restart_check | int < reload_check | int