[ovs-dev] [PATCHv2 1/2] IPsec: refactor out some code in OVS_MONITOR_IPSEC_START macro
Ansis Atteka
aatteka at ovn.org
Tue Jul 19 21:25:54 UTC 2016
This OVS_MONITOR_IPSEC_START macro will be helpful in the next
patch where it will be used also from tests/tunnel.at file to test
that skb marking happens correctly. Otherwise, without ovs-monitor-ipsec
running the ovs-vswitchd would refuse to configure ipsec_XXX tunnels.
Signed-off-by: Ansis Atteka <aatteka at ovn.org>
---
tests/ofproto-macros.at | 44 ++++++++++++++++++++++++++++++++
tests/ovs-monitor-ipsec.at | 63 ++++++++--------------------------------------
2 files changed, 54 insertions(+), 53 deletions(-)
diff --git a/tests/ofproto-macros.at b/tests/ofproto-macros.at
index da49eb2..2d65f28 100644
--- a/tests/ofproto-macros.at
+++ b/tests/ofproto-macros.at
@@ -465,3 +465,47 @@ m4_define([WAIT_FOR_DUMMY_PORTS], \
[ \
OVS_WAIT_WHILE([ovs-appctl netdev-dummy/conn-state dummy_port \
| grep 'unknown\|disconnected'])])])
+
+# OVS_MONITOR_IPSEC_START()
+#
+# Starts ovs-monitor-ipsec daemon. Use this macro only after testing
+# that python is present on the system.
+m4_define([OVS_MONITOR_IPSEC_START],
+[
+cp "$top_srcdir/vswitchd/vswitch.ovsschema" .
+
+on_exit 'kill `cat pid ovs-monitor-ipsec.pid`'
+
+mkdir etc etc/init.d etc/racoon etc/racoon/certs
+mkdir usr usr/sbin
+
+AT_DATA([etc/init.d/racoon], [dnl
+#! /bin/sh
+echo "racoon: @S|@@" >&3
+exit 0
+])
+chmod +x etc/init.d/racoon
+
+AT_DATA([usr/sbin/setkey], [dnl
+#! /bin/sh
+exec >&3
+echo "setkey:"
+while read line; do
+ echo "> $line"
+done
+])
+chmod +x usr/sbin/setkey
+
+touch etc/racoon/certs/ovs-stale.pem
+
+###
+### Start ovs-monitor-ipsec and wait for it to delete the stale cert.
+###
+AT_CHECK(
+ [$PYTHON $top_srcdir/debian/ovs-monitor-ipsec "--root-prefix=`pwd`" \
+ "--pidfile=`pwd`/ovs-monitor-ipsec.pid" \
+ unix:$OVS_RUNDIR/db.sock 2>log 3>actions &])
+AT_CAPTURE_FILE([log])
+AT_CAPTURE_FILE([actions])
+OVS_WAIT_UNTIL([test ! -f etc/racoon/certs/ovs-stale.pem])
+])
diff --git a/tests/ovs-monitor-ipsec.at b/tests/ovs-monitor-ipsec.at
index 7f13444..206db8c 100644
--- a/tests/ovs-monitor-ipsec.at
+++ b/tests/ovs-monitor-ipsec.at
@@ -4,60 +4,17 @@ AT_SETUP([ovs-monitor-ipsec])
AT_SKIP_IF([test $HAVE_PYTHON = no])
AT_SKIP_IF([$non_ascii_cwd])
-cp "$top_srcdir/vswitchd/vswitch.ovsschema" .
-
-on_exit 'kill `cat pid ovs-monitor-ipsec.pid`'
-
-mkdir etc etc/init.d etc/racoon etc/racoon/certs
-mkdir usr usr/sbin
-
-AT_DATA([etc/init.d/racoon], [dnl
-#! /bin/sh
-echo "racoon: $@" >&3
-exit 0
-])
-chmod +x etc/init.d/racoon
-
-AT_DATA([usr/sbin/setkey], [dnl
-#! /bin/sh
-exec >&3
-echo "setkey:"
-while read line; do
- echo "> $line"
-done
-])
-chmod +x usr/sbin/setkey
-
-touch etc/racoon/certs/ovs-stale.pem
-
-ovs_vsctl () {
- ovs-vsctl --no-wait -vreconnect:emer --db=unix:socket "$@"
-}
trim () { # Removes blank lines and lines starting with # from input.
sed -e '/^#/d' -e '/^[ ]*$/d' "$@"
}
-###
-### Start ovsdb-server.
-###
-OVS_VSCTL_SETUP
-
-###
-### Start ovs-monitor-ipsec and wait for it to delete the stale cert.
-###
-AT_CHECK(
- [$PYTHON $top_srcdir/debian/ovs-monitor-ipsec "--root-prefix=`pwd`" \
- "--pidfile=`pwd`/ovs-monitor-ipsec.pid" \
- unix:socket 2>log 3>actions &])
-AT_CAPTURE_FILE([log])
-AT_CAPTURE_FILE([actions])
-OVS_WAIT_UNTIL([test ! -f etc/racoon/certs/ovs-stale.pem])
+OVS_VSWITCHD_START([])
+OVS_MONITOR_IPSEC_START
###
### Add an ipsec_gre psk interface and check what ovs-monitor-ipsec does
###
-AT_CHECK([ovs_vsctl \
- -- add-br br0 \
+AT_CHECK([ovs-vsctl --no-wait -vreconnect:emer \
-- add-port br0 gre0 \
-- set interface gre0 type=ipsec_gre \
options:remote_ip=1.2.3.4 \
@@ -101,7 +58,7 @@ sainfo anonymous {
###
### Delete the ipsec_gre interface and check what ovs-monitor-ipsec does
###
-AT_CHECK([ovs_vsctl del-port gre0])
+AT_CHECK([ovs-vsctl del-port gre0])
OVS_WAIT_UNTIL([test `wc -l < actions` -ge 17])
AT_CHECK([sed '1,9d' actions], [0], [dnl
racoon: reload
@@ -139,7 +96,7 @@ AT_DATA([key.pem], [dnl
(not a real private key)
-----END RSA PRIVATE KEY-----
])
-AT_CHECK([ovs_vsctl \
+AT_CHECK([ovs-vsctl \
-- add-port br0 gre1 \
-- set Interface gre1 type=ipsec_gre \
options:remote_ip=2.3.4.5 \
@@ -193,7 +150,7 @@ AT_CHECK([cat etc/racoon/certs/ovs-2.3.4.5.pem], [0], [dnl
###
### Delete the ipsec_gre certificate interface.
###
-AT_CHECK([ovs_vsctl del-port gre1])
+AT_CHECK([ovs-vsctl del-port gre1])
OVS_WAIT_UNTIL([test `wc -l < actions` -ge 29])
AT_CHECK([sed '1,21d' actions], [0], [dnl
racoon: reload
@@ -229,7 +186,7 @@ AT_DATA([ssl-cacert.pem], [dnl
(not a real CA certificate)
-----END CERTIFICATE-----
])
-AT_CHECK([ovs_vsctl set-ssl /ssl-key.pem /ssl-cert.pem /ssl-cacert.pem \
+AT_CHECK([ovs-vsctl set-ssl /ssl-key.pem /ssl-cert.pem /ssl-cacert.pem \
-- add-port br0 gre2 \
-- set Interface gre2 type=ipsec_gre \
options:remote_ip=3.4.5.6 \
@@ -282,7 +239,7 @@ AT_CHECK([cat etc/racoon/certs/ovs-3.4.5.6.pem], [0], [dnl
###
### Delete the SSL certificate interface.
###
-AT_CHECK([ovs_vsctl del-port gre2])
+AT_CHECK([ovs-vsctl del-port gre2])
OVS_WAIT_UNTIL([test `wc -l < actions` -ge 41])
AT_CHECK([sed '1,33d' actions], [0], [dnl
racoon: reload
@@ -308,6 +265,6 @@ sainfo anonymous {
])
AT_CHECK([test ! -f etc/racoon/certs/ovs-3.4.5.6.pem])
-OVSDB_SERVER_SHUTDOWN
-
+dnl Skip SSL errors reported by Open vSwitch
+OVS_VSWITCHD_STOP(["/stream_ssl/d"])
AT_CLEANUP
--
2.7.4
More information about the dev
mailing list