]>
git.ipfire.org Git - thirdparty/pdns.git/blob - tasks.py
1 from invoke
import task
2 from invoke
.exceptions
import Failure
, UnexpectedExit
31 auth_build_deps
= [ # FIXME: perhaps we should be stealing these from the debian (Ubuntu) control file
32 'default-libmysqlclient-dev',
34 'libcurl4-openssl-dev',
68 dnsdist_build_deps
= [
80 auth_test_deps
= [ # FIXME: we should be generating some of these from shlibdeps in build
85 'default-jre-headless',
90 'libboost-serialization1.71.0',
119 c
.sudo('apt-get update')
120 c
.sudo('apt-get dist-upgrade')
123 def install_clang(c
):
125 install clang-12 and llvm-12
127 c
.sudo('apt-get -qq -y --no-install-recommends install clang-12 llvm-12')
130 def install_clang_runtime(c
):
131 # this gives us the symbolizer, for symbols in asan/ubsan traces
132 c
.sudo('apt-get -qq -y --no-install-recommends install clang-12')
135 def install_auth_build_deps(c
):
136 c
.sudo('apt-get install -qq -y --no-install-recommends ' + ' '.join(all_build_deps
+ git_build_deps
+ auth_build_deps
))
138 def setup_authbind(c
):
139 c
.sudo('touch /etc/authbind/byport/53')
140 c
.sudo('chmod 755 /etc/authbind/byport/53')
142 auth_backend_test_deps
= dict(
143 gsqlite3
=['sqlite3'],
144 gmysql
=['default-libmysqlclient-dev'],
145 gpgsql
=['libpq-dev'],
155 @task(help={'backend': 'Backend to install test deps for, e.g. gsqlite3; can be repeated'}, iterable
=['backend'], optional
=['backend'])
156 def install_auth_test_deps(c
, backend
): # FIXME: rename this, we do way more than apt-get
159 extra
.extend(auth_backend_test_deps
[b
])
160 c
.sudo('apt-get -y -qq install ' + ' '.join(extra
+auth_test_deps
))
162 c
.run('chmod +x /opt/pdns-auth/bin/* /opt/pdns-auth/sbin/*')
163 # c.run('''if [ ! -e $HOME/bin/jdnssec-verifyzone ]; then
164 # wget https://github.com/dblacka/jdnssec-tools/releases/download/0.14/jdnssec-tools-0.14.tar.gz
165 # tar xfz jdnssec-tools-0.14.tar.gz -C $HOME
166 # rm jdnssec-tools-0.14.tar.gz
168 # echo 'export PATH=$HOME/jdnssec-tools-0.14/bin:$PATH' >> $BASH_ENV''') # FIXME: why did this fail with no error?
169 c
.run('touch regression-tests/tests/verify-dnssec-zone/allow-missing regression-tests.nobackend/rectify-axfr/allow-missing') # FIXME: can this go?
170 # FIXME we may want to start a background recursor here to make ALIAS tests more robust
174 def install_rec_bulk_deps(c
): # FIXME: rename this, we do way more than apt-get
175 c
.sudo('apt-get --no-install-recommends -qq -y install ' + ' '.join(rec_bulk_deps
))
176 c
.run('chmod +x /opt/pdns-recursor/bin/* /opt/pdns-recursor/sbin/*')
179 def install_rec_test_deps(c
): # FIXME: rename this, we do way more than apt-get
180 c
.sudo('apt-get --no-install-recommends install -qq -y ' + ' '.join(rec_bulk_deps
) + ' \
181 pdns-server pdns-backend-bind daemontools \
182 jq libfaketime lua-posix lua-socket bc authbind \
183 python3-venv python3-dev default-libmysqlclient-dev libpq-dev \
184 protobuf-compiler snmpd prometheus')
186 c
.run('chmod +x /opt/pdns-recursor/bin/* /opt/pdns-recursor/sbin/*')
190 c
.run('sed "s/agentxperms 0700 0755 recursor/agentxperms 0777 0755/g" regression-tests.recursor-dnssec/snmpd.conf | sudo tee /etc/snmp/snmpd.conf')
191 c
.sudo('systemctl restart snmpd')
193 c
.sudo('chmod 755 /var/agentx')
196 def install_dnsdist_test_deps(c
): # FIXME: rename this, we do way more than apt-get
197 c
.sudo('apt-get install -qq -y \
202 libcurl4-openssl-dev \
214 python3-venv snmpd prometheus')
215 c
.run('sed "s/agentxperms 0700 0755 dnsdist/agentxperms 0777 0755/g" regression-tests.dnsdist/snmpd.conf | sudo tee /etc/snmp/snmpd.conf')
216 c
.sudo('systemctl restart snmpd')
218 c
.sudo('chmod 755 /var/agentx')
221 def install_rec_build_deps(c
):
222 c
.sudo('apt-get install -qq -y --no-install-recommends ' + ' '.join(all_build_deps
+ git_build_deps
+ rec_build_deps
))
225 def install_dnsdist_build_deps(c
):
226 c
.sudo('apt-get install -qq -y --no-install-recommends ' + ' '.join(all_build_deps
+ git_build_deps
+ dnsdist_build_deps
))
230 c
.run('BUILDER_VERSION=0.0.0-git1 autoreconf -vfi')
233 def ci_auth_configure(c
):
234 res
= c
.run('''CFLAGS="-O1 -Werror=vla -Werror=shadow -Wformat=2 -Werror=format-security -Werror=string-plus-int" \
235 CXXFLAGS="-O1 -Werror=vla -Werror=shadow -Wformat=2 -Werror=format-security -Werror=string-plus-int -Wp,-D_GLIBCXX_ASSERTIONS" \
239 --enable-option-checking=fatal \
240 --with-modules='bind geoip gmysql godbc gpgsql gsqlite3 ldap lmdb lua2 pipe remote tinydns' \
243 --enable-unit-tests \
244 --enable-backend-unit-tests \
245 --enable-fuzz-targets \
246 --enable-experimental-pkcs11 \
247 --enable-remotebackend-zeromq \
250 --prefix=/opt/pdns-auth \
253 --enable-ubsan''', warn
=True)
255 c
.run('cat config.log')
256 raise UnexpectedExit(res
)
258 def ci_rec_configure(c
):
259 res
= c
.run(''' CFLAGS="-O1 -Werror=vla -Werror=shadow -Wformat=2 -Werror=format-security -Werror=string-plus-int" \
260 CXXFLAGS="-O1 -Werror=vla -Werror=shadow -Wformat=2 -Werror=format-security -Werror=string-plus-int -Wp,-D_GLIBCXX_ASSERTIONS" \
264 --enable-option-checking=fatal \
265 --enable-unit-tests \
268 --prefix=/opt/pdns-recursor \
273 --enable-dns-over-tls \
275 --enable-ubsan''', warn
=True)
277 c
.run('cat config.log')
278 raise UnexpectedExit(res
)
281 def ci_dnsdist_configure(c
):
282 sanitizers
= ' '.join('--enable-'+x
for x
in os
.getenv('SANITIZERS').split('+'))
283 res
= c
.run('''CFLAGS="-O1 -Werror=vla -Werror=shadow -Wformat=2 -Werror=format-security -Werror=string-plus-int" \
284 CXXFLAGS="-O1 -Werror=vla -Werror=shadow -Wformat=2 -Werror=format-security -Werror=string-plus-int -Wp,-D_GLIBCXX_ASSERTIONS" \
288 --enable-option-checking=fatal \
289 --enable-unit-tests \
292 --enable-dns-over-tls \
293 --enable-dns-over-https \
295 --prefix=/opt/dnsdist \
301 --with-re2 ''' + sanitizers
, warn
=True)
303 c
.run('cat config.log')
304 raise UnexpectedExit(res
)
308 c
.run('make -j8 -k V=1')
312 c
.run('make -j8 -k V=1')
315 def ci_dnsdist_make(c
):
316 c
.run('make -j4 -k V=1')
319 def ci_auth_install_remotebackend_ruby_deps(c
):
320 with c
.cd('modules/remotebackend'):
321 # c.run('bundle config set path vendor/bundle')
322 c
.run('sudo ruby -S bundle install')
325 def ci_auth_run_unit_tests(c
):
326 res
= c
.run('make check', warn
=True)
328 c
.run('cat pdns/test-suite.log', warn
=True)
329 c
.run('cat modules/remotebackend/test-suite.log', warn
=True)
330 raise UnexpectedExit(res
)
333 def ci_rec_run_unit_tests(c
):
334 res
= c
.run('make check', warn
=True)
336 c
.run('cat test-suite.log')
337 raise UnexpectedExit(res
)
340 def ci_dnsdist_run_unit_tests(c
):
341 res
= c
.run('make check', warn
=True)
343 c
.run('cat test-suite.log')
344 raise UnexpectedExit(res
)
347 def ci_make_install(c
):
348 res
= c
.run('make install') # FIXME: this builds auth docs - again
351 def add_auth_repo(c
):
352 dist
= 'ubuntu' # FIXME take these from the caller?
356 c
.sudo('apt-get install -qq -y curl gnupg2')
357 if version
== 'master':
358 c
.sudo('curl -s -o /etc/apt/trusted.gpg.d/pdns-repo.asc https://repo.powerdns.com/CBC8B383-pub.asc')
360 c
.sudo('curl -s -o /etc/apt/trusted.gpg.d/pdns-repo.asc https://repo.powerdns.com/FD380FBB-pub.asc')
361 c
.run(f
"echo 'deb [arch=amd64] http://repo.powerdns.com/{dist} {release}-auth-{version} main' | sudo tee /etc/apt/sources.list.d/pdns.list")
362 c
.run("echo 'Package: pdns-*' | sudo tee /etc/apt/preferences.d/pdns")
363 c
.run("echo 'Pin: origin repo.powerdns.com' | sudo tee -a /etc/apt/preferences.d/pdns")
364 c
.run("echo 'Pin-Priority: 600' | sudo tee -a /etc/apt/preferences.d/pdns")
365 c
.sudo('apt-get update')
368 def test_api(c
, product
, backend
=''):
369 if product
== 'recursor':
370 with c
.cd('regression-tests.api'):
371 c
.run(f
'PDNSRECURSOR=/opt/pdns-recursor/sbin/pdns_recursor ./runtests recursor {backend}')
372 elif product
== 'auth':
373 with c
.cd('regression-tests.api'):
374 c
.run(f
'PDNSSERVER=/opt/pdns-auth/sbin/pdns_server PDNSUTIL=/opt/pdns-auth/bin/pdnsutil SDIG=/opt/pdns-auth/bin/sdig MYSQL_HOST="127.0.0.1" PGHOST="127.0.0.1" PGPORT="5432" ./runtests authoritative {backend}')
376 raise Failure('unknown product')
378 backend_regress_tests
= dict(
382 'bind-dnssec-nsec3-both',
383 'bind-dnssec-nsec3-optout-both',
384 'bind-dnssec-nsec3-narrow',
385 # FIXME 'bind-dnssec-pkcs11'
390 # FIXME: also run this with the mmdb we ship
400 'remotebackend-pipe',
401 'remotebackend-unix',
402 'remotebackend-http',
403 'remotebackend-zeromq',
404 'remotebackend-pipe-dnssec',
405 'remotebackend-unix-dnssec',
406 'remotebackend-http-dnssec',
407 'remotebackend-zeromq-dnssec'
410 'lmdb-nodnssec-both',
413 'lmdb-nsec3-optout-both',
416 gmysql
= ['gmysql', 'gmysql-nodnssec-both', 'gmysql-nsec3-both', 'gmysql-nsec3-optout-both', 'gmysql-nsec3-narrow', 'gmysql_sp-both'],
417 gpgsql
= ['gpgsql', 'gpgsql-nodnssec-both', 'gpgsql-nsec3-both', 'gpgsql-nsec3-optout-both', 'gpgsql-nsec3-narrow', 'gpgsql_sp-both'],
418 gsqlite3
= ['gsqlite3', 'gsqlite3-nodnssec-both', 'gsqlite3-nsec3-both', 'gsqlite3-nsec3-optout-both', 'gsqlite3-nsec3-narrow'],
422 def test_auth_backend(c
, backend
):
423 if backend
== 'remote':
424 ci_auth_install_remotebackend_ruby_deps(c
)
426 if backend
== 'authpy':
427 with c
.cd('regression-tests.auth-py'):
428 c
.run(f
'PDNS=/opt/pdns-auth/sbin/pdns_server PDNS2=/opt/pdns-auth/sbin/pdns_server SDIG=/opt/pdns-auth/bin/sdig NOTIFY=/opt/pdns-auth/bin/pdns_notify NSEC3DIG=/opt/pdns-auth/bin/nsec3dig SAXFR=/opt/pdns-auth/bin/saxfr ZONE2SQL=/opt/pdns-auth/bin/zone2sql ZONE2LDAP=/opt/pdns-auth/bin/zone2ldap ZONE2JSON=/opt/pdns-auth/bin/zone2json PDNSUTIL=/opt/pdns-auth/bin/pdnsutil PDNSCONTROL=/opt/pdns-auth/bin/pdns_control PDNSSERVER=/opt/pdns-auth/sbin/pdns_server SDIG=/opt/pdns-auth/bin/sdig GMYSQLHOST=127.0.0.1 GMYSQL2HOST=127.0.0.1 MYSQL_HOST="127.0.0.1" PGHOST="127.0.0.1" PGPORT="5432" ./runtests')
431 with c
.cd('regression-tests'):
432 if backend
== 'lua2':
433 c
.run('touch trustedkeys') # avoid silly error during cleanup
434 for variant
in backend_regress_tests
[backend
]:
435 # FIXME this long line is terrible
436 c
.run(f
'PDNS=/opt/pdns-auth/sbin/pdns_server PDNS2=/opt/pdns-auth/sbin/pdns_server SDIG=/opt/pdns-auth/bin/sdig NOTIFY=/opt/pdns-auth/bin/pdns_notify NSEC3DIG=/opt/pdns-auth/bin/nsec3dig SAXFR=/opt/pdns-auth/bin/saxfr ZONE2SQL=/opt/pdns-auth/bin/zone2sql ZONE2LDAP=/opt/pdns-auth/bin/zone2ldap ZONE2JSON=/opt/pdns-auth/bin/zone2json PDNSUTIL=/opt/pdns-auth/bin/pdnsutil PDNSCONTROL=/opt/pdns-auth/bin/pdns_control PDNSSERVER=/opt/pdns-auth/sbin/pdns_server SDIG=/opt/pdns-auth/bin/sdig GMYSQLHOST=127.0.0.1 GMYSQL2HOST=127.0.0.1 MYSQL_HOST="127.0.0.1" PGHOST="127.0.0.1" PGPORT="5432" ./start-test-stop 5300 {variant}')
438 if backend
== 'gsqlite3':
439 with c
.cd('regression-tests.nobackend'):
440 c
.run(f
'PDNS=/opt/pdns-auth/sbin/pdns_server PDNS2=/opt/pdns-auth/sbin/pdns_server SDIG=/opt/pdns-auth/bin/sdig NOTIFY=/opt/pdns-auth/bin/pdns_notify NSEC3DIG=/opt/pdns-auth/bin/nsec3dig SAXFR=/opt/pdns-auth/bin/saxfr ZONE2SQL=/opt/pdns-auth/bin/zone2sql ZONE2LDAP=/opt/pdns-auth/bin/zone2ldap ZONE2JSON=/opt/pdns-auth/bin/zone2json PDNSUTIL=/opt/pdns-auth/bin/pdnsutil PDNSCONTROL=/opt/pdns-auth/bin/pdns_control PDNSSERVER=/opt/pdns-auth/sbin/pdns_server SDIG=/opt/pdns-auth/bin/sdig GMYSQLHOST=127.0.0.1 GMYSQL2HOST=127.0.0.1 MYSQL_HOST="127.0.0.1" PGHOST="127.0.0.1" PGPORT="5432" ./runtests')
441 c
.run('/opt/pdns-auth/bin/pdnsutil test-algorithms')
445 def test_ixfrdist(c
):
446 with c
.cd('regression-tests.ixfrdist'):
447 c
.run('IXFRDISTBIN=/opt/pdns-auth/bin/ixfrdist ./runtests')
451 c
.run('chmod +x /opt/dnsdist/bin/*')
452 c
.run('ls -ald /var /var/agentx /var/agentx/master')
453 c
.run('ls -al /var/agentx/master')
454 with c
.cd('regression-tests.dnsdist'):
455 c
.run('DNSDISTBIN=/opt/dnsdist/bin/dnsdist ./runtests')
458 def test_regression_recursor(c
):
459 c
.run('/opt/pdns-recursor/sbin/pdns_recursor --version')
460 c
.run('PDNSRECURSOR=/opt/pdns-recursor/sbin/pdns_recursor RECCONTROL=/opt/pdns-recursor/bin/rec_control SKIP_IPV6_TESTS=y LIBFAKETIME=/bin/false ./build-scripts/test-recursor test_RecDnstap.py')
461 c
.run('PDNSRECURSOR=/opt/pdns-recursor/sbin/pdns_recursor RECCONTROL=/opt/pdns-recursor/bin/rec_control SKIP_IPV6_TESTS=y ./build-scripts/test-recursor -I test_RecDnstap.py')
464 def test_bulk_recursor(c
, threads
, mthreads
, shards
):
465 # We run an extremely small version of the bulk test, as GH does not seem to be able to handle the UDP load
466 with c
.cd('regression-tests'):
467 c
.run('curl -LO http://s3-us-west-1.amazonaws.com/umbrella-static/top-1m.csv.zip')
468 c
.run('unzip top-1m.csv.zip -d .')
469 c
.run('chmod +x /opt/pdns-recursor/bin/* /opt/pdns-recursor/sbin/*')
470 c
.run(f
'DNSBULKTEST=/usr/bin/dnsbulktest RECURSOR=/opt/pdns-recursor/sbin/pdns_recursor RECCONTROL=/opt/pdns-recursor/bin/rec_control THRESHOLD=95 TRACE=no ./timestamp ./recursor-test 5300 100 {threads} {mthreads} {shards}')
474 if '/usr/lib/ccache' not in os
.environ
['PATH']:
475 os
.environ
['PATH']='/usr/lib/ccache:'+os
.environ
['PATH']