diff options
author | Paul Holzinger <pholzing@redhat.com> | 2023-06-26 13:38:57 +0200 |
---|---|---|
committer | Paul Holzinger <pholzing@redhat.com> | 2023-06-26 15:02:27 +0200 |
commit | 6e06b7d73bc9ce07730a3a1c2f92ac67f06fc147 (patch) | |
tree | aaaa30fc53426873cbe931043e01548d8299d6e9 /test | |
parent | bc11475f4730a7d1284a8ed80e298d8054c3dd1f (diff) |
netavark: make --config required for dns
Using /tmp as default makes no sense, all callers that need dns should
give us a proper path. Podman already does this so it should not cause
any backwards compat problems.
I had to change the teardown logic a bit as we first need to confirm if
we have network with dns before we should check if --config was given.
Also rework tests to always set --config to avoid code duplication.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Diffstat (limited to 'test')
-rw-r--r-- | test/100-bridge-iptables.bats | 70 | ||||
-rw-r--r-- | test/200-bridge-firewalld.bats | 13 | ||||
-rw-r--r-- | test/helpers.bash | 16 |
3 files changed, 14 insertions, 85 deletions
diff --git a/test/100-bridge-iptables.bats b/test/100-bridge-iptables.bats index 4178c3e..28e094d 100644 --- a/test/100-bridge-iptables.bats +++ b/test/100-bridge-iptables.bats @@ -150,19 +150,7 @@ fw_driver=iptables # get a random port directly to avoid low ports e.g. 53 would not create iptables dns_port=$((RANDOM+10000)) - # hack to make aardvark-dns run when really root or when running as user with - # podman unshare --rootless-netns; since netavark runs aardvark with systemd-run - # it needs to know if it should use systemd user instance or not. - # iptables are still setup identically. - rootless=false - if [[ ! -e "/run/dbus/system_bus_socket" ]]; then - rootless=true - fi - - mkdir -p "$NETAVARK_TMPDIR/config" - NETAVARK_DNS_PORT="$dns_port" run_netavark --file ${TESTSDIR}/testfiles/dualstack-bridge-network-container-dns-server.json \ - --rootless "$rootless" --config "$NETAVARK_TMPDIR/config" \ setup $(get_container_netns_path) # check aardvark config and running @@ -177,7 +165,6 @@ fw_driver=iptables assert "${lines[1]}" =~ ".*aardvark-dns --config $NETAVARK_TMPDIR/config/aardvark-dns -p $dns_port run" "aardvark not running or bad options" NETAVARK_DNS_PORT="$dns_port" run_netavark --file ${TESTSDIR}/testfiles/dualstack-bridge-network-container-dns-server.json \ - --rootless "$rootless" --config "$NETAVARK_TMPDIR/config" \ update podman1 --network-dns-servers 8.8.8.8 # check aardvark config and running @@ -188,7 +175,6 @@ fw_driver=iptables # remove network and check running and verify if aardvark config has no nameserver NETAVARK_DNS_PORT="$dns_port" run_netavark --file ${TESTSDIR}/testfiles/dualstack-bridge-network-container-dns-server.json \ - --rootless "$rootless" --config "$NETAVARK_TMPDIR/config" \ update podman1 --network-dns-servers "" # check aardvark config and running @@ -204,14 +190,7 @@ fw_driver=iptables # get a random port directly to avoid low ports e.g. 53 would not create iptables dns_port=$((RANDOM+10000)) - rootless=false - if [[ ! -e "/run/dbus/system_bus_socket" ]]; then - rootless=true - fi - - mkdir -p "$NETAVARK_TMPDIR/config" NETAVARK_DNS_PORT="$dns_port" run_netavark --file ${TESTSDIR}/testfiles/dualstack-bridge-network-container-dns-server.json \ - --rootless "$rootless" --config "$NETAVARK_TMPDIR/config" \ update podman1 --network-dns-servers 8.8.8.8 } @@ -281,19 +260,7 @@ fw_driver=iptables # get a random port directly to avoid low ports e.g. 53 would not create iptables dns_port=$((RANDOM+10000)) - # hack to make aardvark-dns run when really root or when running as user with - # podman unshare --rootless-netns; since netavark runs aardvark with systemd-run - # it needs to know if it should use systemd user instance or not. - # iptables are still setup identically. - rootless=false - if [[ ! -e "/run/dbus/system_bus_socket" ]]; then - rootless=true - fi - - mkdir -p "$NETAVARK_TMPDIR/config" - NETAVARK_DNS_PORT="$dns_port" run_netavark --file ${TESTSDIR}/testfiles/dualstack-bridge-custom-dns-server.json \ - --rootless "$rootless" --config "$NETAVARK_TMPDIR/config" \ setup $(get_container_netns_path) # check aardvark config and running @@ -312,19 +279,7 @@ fw_driver=iptables # get a random port directly to avoid low ports e.g. 53 would not create iptables dns_port=$((RANDOM+10000)) - # hack to make aardvark-dns run when really root or when running as user with - # podman unshare --rootless-netns; since netavark runs aardvark with systemd-run - # it needs to know if it should use systemd user instance or not. - # iptables are still setup identically. - rootless=false - if [[ ! -e "/run/dbus/system_bus_socket" ]]; then - rootless=true - fi - - mkdir -p "$NETAVARK_TMPDIR/config" - NETAVARK_DNS_PORT="$dns_port" run_netavark --file ${TESTSDIR}/testfiles/dualstack-bridge-multiple-custom-dns-server.json \ - --rootless "$rootless" --config "$NETAVARK_TMPDIR/config" \ setup $(get_container_netns_path) # check aardvark config and running @@ -343,19 +298,7 @@ fw_driver=iptables # get a random port directly to avoid low ports e.g. 53 would not create iptables dns_port=$((RANDOM+10000)) - # hack to make aardvark-dns run when really root or when running as user with - # podman unshare --rootless-netns; since netavark runs aardvark with systemd-run - # it needs to know if it should use systemd user instance or not. - # iptables are still setup identically. - rootless=false - if [[ ! -e "/run/dbus/system_bus_socket" ]]; then - rootless=true - fi - - mkdir -p "$NETAVARK_TMPDIR/config" - NETAVARK_DNS_PORT="$dns_port" run_netavark --file ${TESTSDIR}/testfiles/dualstack-bridge-network-container-dns-server.json \ - --rootless "$rootless" --config "$NETAVARK_TMPDIR/config" \ setup $(get_container_netns_path) # check aardvark config and running @@ -374,19 +317,7 @@ fw_driver=iptables # get a random port directly to avoid low ports e.g. 53 would not create iptables dns_port=$((RANDOM+10000)) - # hack to make aardvark-dns run when really root or when running as user with - # podman unshare --rootless-netns; since netavark runs aardvark with systemd-run - # it needs to know if it should use systemd user instance or not. - # iptables are still setup identically. - rootless=false - if [[ ! -e "/run/dbus/system_bus_socket" ]]; then - rootless=true - fi - - mkdir -p "$NETAVARK_TMPDIR/config" - NETAVARK_DNS_PORT="$dns_port" run_netavark --file ${TESTSDIR}/testfiles/dualstack-bridge.json \ - --rootless "$rootless" --config "$NETAVARK_TMPDIR/config" \ setup $(get_container_netns_path) # check iptables @@ -415,7 +346,6 @@ fw_driver=iptables assert "${lines[0]}" =~ "10.89.3.2" "ipv6 dns resolution works" NETAVARK_DNS_PORT="$dns_port" run_netavark --file ${TESTSDIR}/testfiles/dualstack-bridge.json \ - --rootless "$rootless" --config "$NETAVARK_TMPDIR/config" \ teardown $(get_container_netns_path) # check iptables got removed diff --git a/test/200-bridge-firewalld.bats b/test/200-bridge-firewalld.bats index 02ade71..6081cff 100644 --- a/test/200-bridge-firewalld.bats +++ b/test/200-bridge-firewalld.bats @@ -198,20 +198,8 @@ function teardown() { # get a random port directly to avoid low ports e.g. 53 would not create iptables dns_port=$((RANDOM+10000)) - # hack to make aardvark-dns run when really root or when running as user with - # podman unshare --rootless-netns; since netavark runs aardvark with systemd-run - # it needs to know if it should use systemd user instance or not. - # iptables are still setup identically. - rootless=false - if [[ ! -e "/run/dbus/system_bus_socket" ]]; then - rootless=true - fi - - mkdir -p "$NETAVARK_TMPDIR/config" - NETAVARK_FW=firewalld NETAVARK_DNS_PORT="$dns_port" \ run_netavark --file ${TESTSDIR}/testfiles/dualstack-bridge.json \ - --rootless "$rootless" --config "$NETAVARK_TMPDIR/config" \ setup $(get_container_netns_path) # check iptables @@ -242,7 +230,6 @@ function teardown() { NETAVARK_FW=firewalld NETAVARK_DNS_PORT="$dns_port" \ run_netavark --file ${TESTSDIR}/testfiles/dualstack-bridge.json \ - --rootless "$rootless" --config "$NETAVARK_TMPDIR/config" \ teardown $(get_container_netns_path) # check iptables got removed diff --git a/test/helpers.bash b/test/helpers.bash index 54b3621..6a25f06 100644 --- a/test/helpers.bash +++ b/test/helpers.bash @@ -32,6 +32,17 @@ function basic_setup() { NETAVARK_TMPDIR=$(mktemp -d --tmpdir=${BATS_TMPDIR:-/tmp} netavark_bats.XXXXXX) + # hack to make aardvark-dns run when really root or when running as user with + # podman unshare --rootless-netns; since netavark runs aardvark with systemd-run + # it needs to know if it should use systemd user instance or not. + # iptables are still setup identically. + rootless=false + if [[ ! -e "/run/dbus/system_bus_socket" ]]; then + rootless=true + fi + + mkdir -p "$NETAVARK_TMPDIR/config" + run_in_host_netns ip link set lo up } @@ -75,7 +86,8 @@ function get_container_netns_path() { # it joins the test network namespace before it invokes $NETAVARK, # which may be 'netavark' or '/some/path/netavark'. function run_netavark() { - run_in_host_netns $NETAVARK "$@" + run_in_host_netns $NETAVARK --rootless "$rootless" \ + --config "$NETAVARK_TMPDIR/config" "$@" } ################ @@ -448,7 +460,7 @@ function test_port_fw() { ], "ipv6_enabled": true, "internal": false, - "dns_enabled": true, + "dns_enabled": false, "ipam_options": { "driver": "host-local" } |