]>
git.ipfire.org Git - thirdparty/systemd.git/blob - test/networkd-test.py
3 # networkd integration test
4 # This uses temporary configuration in /run and temporary veth devices, and
5 # does not write anything on disk or change any system configuration;
6 # but it assumes (and checks at the beginning) that networkd is not currently
9 # This can be run on a normal installation, in QEMU, nspawn (with
10 # --private-network), LXD (with "--config raw.lxc=lxc.aa_profile=unconfined"),
11 # or LXC system containers. You need at least the "ip" tool from the iproute
12 # package; it is recommended to install dnsmasq too to get full test coverage.
14 # ATTENTION: This uses the *installed* networkd, not the one from the built
17 # (C) 2015 Canonical Ltd.
18 # Author: Martin Pitt <martin.pitt@ubuntu.com>
20 # systemd is free software; you can redistribute it and/or modify it
21 # under the terms of the GNU Lesser General Public License as published by
22 # the Free Software Foundation; either version 2.1 of the License, or
23 # (at your option) any later version.
25 # systemd is distributed in the hope that it will be useful, but
26 # WITHOUT ANY WARRANTY; without even the implied warranty of
27 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
28 # Lesser General Public License for more details.
30 # You should have received a copy of the GNU Lesser General Public License
31 # along with systemd; If not, see <http://www.gnu.org/licenses/>.
41 networkd_active
= subprocess
.call(['systemctl', 'is-active', '--quiet',
42 'systemd-networkd']) == 0
43 have_dnsmasq
= shutil
.which('dnsmasq')
45 RESOLV_CONF
= '/run/systemd/resolve/resolv.conf'
48 @unittest.skipIf(networkd_active
,
49 'networkd is already active')
52 self
.iface
= 'test_eth42'
53 self
.if_router
= 'router_eth42'
54 self
.workdir_obj
= tempfile
.TemporaryDirectory()
55 self
.workdir
= self
.workdir_obj
.name
56 self
.config
= '/run/systemd/network/test_eth42.network'
58 # avoid "Failed to open /dev/tty" errors in containers
59 os
.environ
['SYSTEMD_LOG_TARGET'] = 'journal'
61 # determine path to systemd-networkd-wait-online
62 for p
in ['/usr/lib/systemd/systemd-networkd-wait-online',
63 '/lib/systemd/systemd-networkd-wait-online']:
65 self
.networkd_wait_online
= p
68 self
.fail('systemd-networkd-wait-online not found')
70 # get current journal cursor
71 out
= subprocess
.check_output(['journalctl', '-b', '--quiet',
72 '--no-pager', '-n0', '--show-cursor'],
73 universal_newlines
=True)
74 self
.assertTrue(out
.startswith('-- cursor:'))
75 self
.journal_cursor
= out
.split()[-1]
79 subprocess
.call(['systemctl', 'stop', 'systemd-networkd'])
81 def writeConfig(self
, fname
, contents
):
82 os
.makedirs(os
.path
.dirname(fname
), exist_ok
=True)
83 with
open(fname
, 'w') as f
:
85 self
.addCleanup(os
.remove
, fname
)
87 def show_journal(self
, unit
):
88 '''Show journal of given unit since start of the test'''
90 print('---- %s ----' % unit
)
92 subprocess
.call(['journalctl', '-b', '--no-pager', '--quiet',
93 '--cursor', self
.journal_cursor
, '-u', unit
])
95 def create_iface(self
, ipv6
=False):
96 '''Create test interface with DHCP server behind it'''
98 raise NotImplementedError('must be implemented by a subclass')
100 def shutdown_iface(self
):
101 '''Remove test interface and stop DHCP server'''
103 raise NotImplementedError('must be implemented by a subclass')
105 def print_server_log(self
):
106 '''Print DHCP server log for debugging failures'''
108 raise NotImplementedError('must be implemented by a subclass')
110 def do_test(self
, coldplug
=True, ipv6
=False, extra_opts
='',
111 online_timeout
=10, dhcp_mode
='yes'):
112 subprocess
.check_call(['systemctl', 'start', 'systemd-resolved'])
113 self
.writeConfig(self
.config
, '''\
118 %s''' % (self
.iface
, dhcp_mode
, extra_opts
))
121 # create interface first, then start networkd
122 self
.create_iface(ipv6
=ipv6
)
123 subprocess
.check_call(['systemctl', 'start', 'systemd-networkd'])
125 # start networkd first, then create interface
126 subprocess
.check_call(['systemctl', 'start', 'systemd-networkd'])
127 self
.create_iface(ipv6
=ipv6
)
130 subprocess
.check_call([self
.networkd_wait_online
, '--interface',
131 self
.iface
, '--timeout=%i' % online_timeout
])
134 # check iface state and IP 6 address; FIXME: we need to wait a bit
135 # longer, as the iface is "configured" already with IPv4 *or*
136 # IPv6, but we want to wait for both
137 for timeout
in range(10):
138 out
= subprocess
.check_output(['ip', 'a', 'show', 'dev', self
.iface
])
139 if b
'state UP' in out
and b
'inet6 2600' in out
and b
'inet 192.168' in out
:
143 self
.fail('timed out waiting for IPv6 configuration')
145 self
.assertRegex(out
, b
'inet6 2600::.* scope global .*dynamic')
146 self
.assertRegex(out
, b
'inet6 fe80::.* scope link')
148 # should have link-local address on IPv6 only
149 out
= subprocess
.check_output(['ip', '-6', 'a', 'show', 'dev', self
.iface
])
150 self
.assertRegex(out
, b
'inet6 fe80::.* scope link')
151 self
.assertNotIn(b
'scope global', out
)
153 # should have IPv4 address
154 out
= subprocess
.check_output(['ip', '-4', 'a', 'show', 'dev', self
.iface
])
155 self
.assertIn(b
'state UP', out
)
156 self
.assertRegex(out
, b
'inet 192.168.5.\d+/.* scope global dynamic')
158 # check networkctl state
159 out
= subprocess
.check_output(['networkctl'])
160 self
.assertRegex(out
, ('%s\s+ether\s+routable\s+unmanaged' % self
.if_router
).encode())
161 self
.assertRegex(out
, ('%s\s+ether\s+routable\s+configured' % self
.iface
).encode())
163 out
= subprocess
.check_output(['networkctl', 'status', self
.iface
])
164 self
.assertRegex(out
, b
'Type:\s+ether')
165 self
.assertRegex(out
, b
'State:\s+routable.*configured')
166 self
.assertRegex(out
, b
'Address:\s+192.168.5.\d+')
168 self
.assertRegex(out
, b
'2600::')
170 self
.assertNotIn(b
'2600::', out
)
171 self
.assertRegex(out
, b
'fe80::')
172 self
.assertRegex(out
, b
'Gateway:\s+192.168.5.1')
173 self
.assertRegex(out
, b
'DNS:\s+192.168.5.1')
174 except (AssertionError, subprocess
.CalledProcessError
):
175 # show networkd status, journal, and DHCP server log on failure
176 with
open(self
.config
) as f
:
177 print('\n---- %s ----\n%s' % (self
.config
, f
.read()))
178 print('---- interface status ----')
180 subprocess
.call(['ip', 'a', 'show', 'dev', self
.iface
])
181 print('---- networkctl status %s ----' % self
.iface
)
183 subprocess
.call(['networkctl', 'status', self
.iface
])
184 self
.show_journal('systemd-networkd.service')
185 self
.print_server_log()
188 for timeout
in range(50):
189 with
open(RESOLV_CONF
) as f
:
191 if 'nameserver 192.168.5.1\n' in contents
:
195 self
.fail('nameserver 192.168.5.1 not found in ' + RESOLV_CONF
)
198 # check post-down.d hook
199 self
.shutdown_iface()
201 def test_coldplug_dhcp_yes_ip4(self
):
202 # we have a 12s timeout on RA, so we need to wait longer
203 self
.do_test(coldplug
=True, ipv6
=False, online_timeout
=15)
205 def test_coldplug_dhcp_yes_ip4_no_ra(self
):
206 # with disabling RA explicitly things should be fast
207 self
.do_test(coldplug
=True, ipv6
=False,
208 extra_opts
='IPv6AcceptRA=False')
210 def test_coldplug_dhcp_ip4_only(self
):
211 # we have a 12s timeout on RA, so we need to wait longer
212 self
.do_test(coldplug
=True, ipv6
=False, dhcp_mode
='ipv4',
215 def test_coldplug_dhcp_ip4_only_no_ra(self
):
216 # with disabling RA explicitly things should be fast
217 self
.do_test(coldplug
=True, ipv6
=False, dhcp_mode
='ipv4',
218 extra_opts
='IPv6AcceptRA=False')
220 def test_coldplug_dhcp_ip6(self
):
221 self
.do_test(coldplug
=True, ipv6
=True)
223 def test_hotplug_dhcp_ip4(self
):
224 # With IPv4 only we have a 12s timeout on RA, so we need to wait longer
225 self
.do_test(coldplug
=False, ipv6
=False, online_timeout
=15)
227 def test_hotplug_dhcp_ip6(self
):
228 self
.do_test(coldplug
=False, ipv6
=True)
230 def test_route_only_dns(self
):
231 self
.writeConfig('/run/systemd/network/myvpn.netdev', '''\
235 MACAddress=12:34:56:78:9a:bc''')
236 self
.writeConfig('/run/systemd/network/myvpn.network', '''\
240 Address=192.168.42.100
242 Domains= ~company''')
244 self
.do_test(coldplug
=True, ipv6
=False,
245 extra_opts
='IPv6AcceptRouterAdvertisements=False')
247 with
open(RESOLV_CONF
) as f
:
249 # ~company is not a search domain, only a routing domain
250 self
.assertNotRegex(contents
, 'search.*company')
251 # our global server should appear
252 self
.assertIn('nameserver 192.168.5.1\n', contents
)
253 # should not have domain-restricted server as global server
254 self
.assertNotIn('nameserver 192.168.42.1\n', contents
)
256 def test_route_only_dns_all_domains(self
):
257 with
open('/run/systemd/network/myvpn.netdev', 'w') as f
:
261 MACAddress=12:34:56:78:9a:bc''')
262 with
open('/run/systemd/network/myvpn.network', 'w') as f
:
266 Address=192.168.42.100
268 Domains= ~company ~.''')
269 self
.addCleanup(os
.remove
, '/run/systemd/network/myvpn.netdev')
270 self
.addCleanup(os
.remove
, '/run/systemd/network/myvpn.network')
272 self
.do_test(coldplug
=True, ipv6
=False,
273 extra_opts
='IPv6AcceptRouterAdvertisements=False')
275 with
open(RESOLV_CONF
) as f
:
278 # ~company is not a search domain, only a routing domain
279 self
.assertNotRegex(contents
, 'search.*company')
281 # our global server should appear
282 self
.assertIn('nameserver 192.168.5.1\n', contents
)
283 # should have company server as global server due to ~.
284 self
.assertIn('nameserver 192.168.42.1\n', contents
)
287 @unittest.skipUnless(have_dnsmasq
, 'dnsmasq not installed')
288 class DnsmasqClientTest(ClientTestBase
, unittest
.TestCase
):
289 '''Test networkd client against dnsmasq'''
295 def create_iface(self
, ipv6
=False, dnsmasq_opts
=None):
296 '''Create test interface with DHCP server behind it'''
299 subprocess
.check_call(['ip', 'link', 'add', 'name', self
.iface
, 'type',
300 'veth', 'peer', 'name', self
.if_router
])
302 # give our router an IP
303 subprocess
.check_call(['ip', 'a', 'flush', 'dev', self
.if_router
])
304 subprocess
.check_call(['ip', 'a', 'add', '192.168.5.1/24', 'dev', self
.if_router
])
306 subprocess
.check_call(['ip', 'a', 'add', '2600::1/64', 'dev', self
.if_router
])
307 subprocess
.check_call(['ip', 'link', 'set', self
.if_router
, 'up'])
310 self
.dnsmasq_log
= os
.path
.join(self
.workdir
, 'dnsmasq.log')
311 lease_file
= os
.path
.join(self
.workdir
, 'dnsmasq.leases')
313 extra_opts
= ['--enable-ra', '--dhcp-range=2600::10,2600::20']
317 extra_opts
+= dnsmasq_opts
318 self
.dnsmasq
= subprocess
.Popen(
319 ['dnsmasq', '--keep-in-foreground', '--log-queries',
320 '--log-facility=' + self
.dnsmasq_log
, '--conf-file=/dev/null',
321 '--dhcp-leasefile=' + lease_file
, '--bind-interfaces',
322 '--interface=' + self
.if_router
, '--except-interface=lo',
323 '--dhcp-range=192.168.5.10,192.168.5.200'] + extra_opts
)
325 def shutdown_iface(self
):
326 '''Remove test interface and stop DHCP server'''
329 subprocess
.check_call(['ip', 'link', 'del', 'dev', self
.if_router
])
330 self
.if_router
= None
336 def print_server_log(self
):
337 '''Print DHCP server log for debugging failures'''
339 with
open(self
.dnsmasq_log
) as f
:
340 sys
.stdout
.write('\n\n---- dnsmasq log ----\n%s\n------\n\n' % f
.read())
342 def test_resolved_domain_restricted_dns(self
):
343 '''resolved: domain-restricted DNS servers'''
345 # create interface for generic connections; this will map all DNS names
347 self
.create_iface(dnsmasq_opts
=['--address=/#/192.168.42.1'])
348 self
.writeConfig('/run/systemd/network/general.network', '''\
353 IPv6AcceptRA=False''' % self
.iface
)
355 # create second device/dnsmasq for a .company/.lab VPN interface
356 # static IPs for simplicity
357 subprocess
.check_call(['ip', 'link', 'add', 'name', 'testvpnclient', 'type',
358 'veth', 'peer', 'name', 'testvpnrouter'])
359 self
.addCleanup(subprocess
.call
, ['ip', 'link', 'del', 'dev', 'testvpnrouter'])
360 subprocess
.check_call(['ip', 'a', 'flush', 'dev', 'testvpnrouter'])
361 subprocess
.check_call(['ip', 'a', 'add', '10.241.3.1/24', 'dev', 'testvpnrouter'])
362 subprocess
.check_call(['ip', 'link', 'set', 'testvpnrouter', 'up'])
364 vpn_dnsmasq_log
= os
.path
.join(self
.workdir
, 'dnsmasq-vpn.log')
365 vpn_dnsmasq
= subprocess
.Popen(
366 ['dnsmasq', '--keep-in-foreground', '--log-queries',
367 '--log-facility=' + vpn_dnsmasq_log
, '--conf-file=/dev/null',
368 '--dhcp-leasefile=/dev/null', '--bind-interfaces',
369 '--interface=testvpnrouter', '--except-interface=lo',
370 '--address=/math.lab/10.241.3.3', '--address=/cantina.company/10.241.4.4'])
371 self
.addCleanup(vpn_dnsmasq
.wait
)
372 self
.addCleanup(vpn_dnsmasq
.kill
)
374 self
.writeConfig('/run/systemd/network/vpn.network', '''\
379 Address=10.241.3.2/24
381 Domains= ~company ~lab''')
383 subprocess
.check_call(['systemctl', 'start', 'systemd-networkd'])
384 subprocess
.check_call([self
.networkd_wait_online
, '--interface', self
.iface
,
385 '--interface=testvpnclient', '--timeout=20'])
387 # ensure we start fresh with every test
388 subprocess
.check_call(['systemctl', 'restart', 'systemd-resolved'])
390 # test vpnclient specific domains; these should *not* be answered by
392 out
= subprocess
.check_output(['systemd-resolve', 'math.lab'])
393 self
.assertIn(b
'math.lab: 10.241.3.3', out
)
394 out
= subprocess
.check_output(['systemd-resolve', 'kettle.cantina.company'])
395 self
.assertIn(b
'kettle.cantina.company: 10.241.4.4', out
)
397 # test general domains
398 out
= subprocess
.check_output(['systemd-resolve', 'megasearch.net'])
399 self
.assertIn(b
'megasearch.net: 192.168.42.1', out
)
401 with
open(self
.dnsmasq_log
) as f
:
402 general_log
= f
.read()
403 with
open(vpn_dnsmasq_log
) as f
:
406 # VPN domains should only be sent to VPN DNS
407 self
.assertRegex(vpn_log
, 'query.*math.lab')
408 self
.assertRegex(vpn_log
, 'query.*cantina.company')
409 self
.assertNotIn('lab', general_log
)
410 self
.assertNotIn('company', general_log
)
412 # general domains should not be sent to the VPN DNS
413 self
.assertRegex(general_log
, 'query.*megasearch.net')
414 self
.assertNotIn('megasearch.net', vpn_log
)
417 class NetworkdClientTest(ClientTestBase
, unittest
.TestCase
):
418 '''Test networkd client against networkd server'''
424 def create_iface(self
, ipv6
=False):
425 '''Create test interface with DHCP server behind it'''
427 # run "router-side" networkd in own mount namespace to shield it from
428 # "client-side" configuration and networkd
429 (fd
, script
) = tempfile
.mkstemp(prefix
='networkd-router.sh')
430 self
.addCleanup(os
.remove
, script
)
431 with os
.fdopen(fd
, 'w+') as f
:
434 mkdir -p /run/systemd/network
435 mkdir -p /run/systemd/netif
436 mount -t tmpfs none /run/systemd/network
437 mount -t tmpfs none /run/systemd/netif
438 [ ! -e /run/dbus ] || mount -t tmpfs none /run/dbus
439 # create router/client veth pair
440 cat << EOF > /run/systemd/network/test.netdev
449 cat << EOF > /run/systemd/network/test.network
454 Address=192.168.5.1/24
464 # run networkd as in systemd-networkd.service
465 exec $(systemctl cat systemd-networkd.service | sed -n '/^ExecStart=/ { s/^.*=//; p}')
466 ''' % {'ifr': self
.if_router
, 'ifc': self
.iface
, 'addr6': ipv6
and 'Address=2600::1/64' or ''})
470 subprocess
.check_call(['systemd-run', '--unit=networkd-test-router.service',
471 '-p', 'InaccessibleDirectories=-/etc/systemd/network',
472 '-p', 'InaccessibleDirectories=-/run/systemd/network',
473 '-p', 'InaccessibleDirectories=-/run/systemd/netif',
474 '--service-type=notify', script
])
476 # wait until devices got created
477 for timeout
in range(50):
478 out
= subprocess
.check_output(['ip', 'a', 'show', 'dev', self
.if_router
])
479 if b
'state UP' in out
and b
'scope global' in out
:
483 def shutdown_iface(self
):
484 '''Remove test interface and stop DHCP server'''
487 subprocess
.check_call(['systemctl', 'stop', 'networkd-test-router.service'])
488 # ensure failed transient unit does not stay around
489 subprocess
.call(['systemctl', 'reset-failed', 'networkd-test-router.service'])
490 subprocess
.call(['ip', 'link', 'del', 'dev', self
.if_router
])
491 self
.if_router
= None
493 def print_server_log(self
):
494 '''Print DHCP server log for debugging failures'''
496 self
.show_journal('networkd-test-router.service')
498 @unittest.skip('networkd does not have DHCPv6 server support')
499 def test_hotplug_dhcp_ip6(self
):
502 @unittest.skip('networkd does not have DHCPv6 server support')
503 def test_coldplug_dhcp_ip6(self
):
506 def test_search_domains(self
):
508 # we don't use this interface for this test
509 self
.if_router
= None
511 self
.writeConfig('/run/systemd/network/test.netdev', '''\
515 MACAddress=12:34:56:78:9a:bc''')
516 self
.writeConfig('/run/systemd/network/test.network', '''\
520 Address=192.168.42.100
522 Domains= one two three four five six seven eight nine ten''')
524 subprocess
.check_call(['systemctl', 'start', 'systemd-networkd'])
526 for timeout
in range(50):
527 with
open(RESOLV_CONF
) as f
:
529 if ' one' in contents
:
532 self
.assertRegex(contents
, 'search .*one two three four')
533 self
.assertNotIn('seven\n', contents
)
534 self
.assertIn('# Too many search domains configured, remaining ones ignored.\n', contents
)
536 def test_search_domains_too_long(self
):
538 # we don't use this interface for this test
539 self
.if_router
= None
541 name_prefix
= 'a' * 60
543 self
.writeConfig('/run/systemd/network/test.netdev', '''\
547 MACAddress=12:34:56:78:9a:bc''')
548 self
.writeConfig('/run/systemd/network/test.network', '''\
552 Address=192.168.42.100
554 Domains={p}0 {p}1 {p}2 {p}3 {p}4'''.format(p
=name_prefix
))
556 subprocess
.check_call(['systemctl', 'start', 'systemd-networkd'])
558 for timeout
in range(50):
559 with
open(RESOLV_CONF
) as f
:
561 if ' one' in contents
:
564 self
.assertRegex(contents
, 'search .*{p}0 {p}1 {p}2'.format(p
=name_prefix
))
565 self
.assertIn('# Total length of all search domains is too long, remaining ones ignored.', contents
)
567 def test_dropin(self
):
568 # we don't use this interface for this test
569 self
.if_router
= None
571 self
.writeConfig('/run/systemd/network/test.netdev', '''\
575 MACAddress=12:34:56:78:9a:bc''')
576 self
.writeConfig('/run/systemd/network/test.network', '''\
580 Address=192.168.42.100
582 self
.writeConfig('/run/systemd/network/test.network.d/dns.conf', '''\
586 subprocess
.check_call(['systemctl', 'start', 'systemd-networkd'])
588 for timeout
in range(50):
589 with
open(RESOLV_CONF
) as f
:
591 if ' 127.0.0.1' in contents
:
594 self
.assertIn('nameserver 192.168.42.1\n', contents
)
595 self
.assertIn('nameserver 127.0.0.1\n', contents
)
597 if __name__
== '__main__':
598 unittest
.main(testRunner
=unittest
.TextTestRunner(stream
=sys
.stdout
,