#!/bin/bash trap 'echo "\nCaught signal, exiting...\n"; exit 1' SIGINT SIGTERM : ${UPDATE_EXPECTED_DATA:=false} CALICOCTL="calicoctl --allow-version-mismatch" # Execute the suite of tests. It is assumed the following environment variables will # have been set up beforehand: # - DATASTORE_TYPE + other calico datastore envs # - LOGPATH execute_test_suite() { # This is needed for two reasons: # - to substitute for "NODENAME" in some of the cond TOML files # - for the confd Calico client to select which node to listen to for key events. export NODENAME="kube-master" # Make sure the log and rendered templates paths are created and old test run data is # deleted. mkdir -p $LOGPATH mkdir -p $LOGPATH/rendered rm $LOGPATH/log* || true rm $LOGPATH/rendered/*.cfg || true if [ "$DATASTORE_TYPE" = kubernetes ]; then run_extra_test test_node_mesh_bgp_password run_extra_test test_bgp_password_deadlock run_extra_test test_bgp_ttl_security run_extra_test test_bgp_ignored_interfaces run_extra_test test_bgp_reachable_by run_extra_test test_bgp_filters run_extra_test test_bgp_local_bgp_peer run_extra_test test_bgp_next_hop_mode run_extra_test test_bgp_reverse_peering fi if [ "$DATASTORE_TYPE" = etcdv3 ]; then run_extra_test test_node_mesh_bgp_password run_extra_test test_bgp_password run_extra_test test_bgp_sourceaddr_gracefulrestart run_extra_test test_node_deletion run_extra_test test_idle_peers run_extra_test test_router_id_hash run_extra_test test_bgp_ttl_security run_extra_test test_bgp_ignored_interfaces run_extra_test test_bgp_reachable_by run_extra_test test_bgp_filters run_extra_test test_bgp_next_hop_mode echo "Extra etcdv3 tests passed" fi # Run the set of tests using confd in oneshot mode. echo "Execute oneshot-mode tests" execute_tests_oneshot echo "Oneshot-mode tests passed" # Now run a set of tests with confd running continuously. # Note that changes to the node to node mesh config option will result in a restart of # confd, so order the tests accordingly. We'll start with a set of tests that use the # node mesh enabled, so turn it on now before we start confd. echo "Execute daemon-mode tests" turn_mesh_on for i in $(seq 1 2); do execute_tests_daemon done echo "Daemon-mode tests passed" } run_extra_test() { test_fn=$1 echo echo "Run test: $1" echo "===============================" eval $1 echo "===============================" } test_bgp_password() { # Run confd as a background process. echo "Running confd as background process" NODENAME=node1 BGP_LOGSEVERITYSCREEN="debug" confd -confdir=/etc/calico/confd >$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off. turn_mesh_off # Create 4 nodes with various password peerings. $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Expect BIRD config to be generated. test_confd_templates password-deadlock # Kill confd. kill -9 $CONFD_PID # Kill Typha. kill_typha # Turn the node-mesh back on. turn_mesh_on # Delete resources. kubectl delete secret my-secrets-1 -n kube-system for ii in `seq 1 $SCALE`; do $CALICOCTL delete bgppeer bgppeer-$ii kubectl delete node node$ii done } test_node_deletion() { # Run confd as a background process. echo "Running confd as background process" NODENAME=node1 BGP_LOGSEVERITYSCREEN="debug" confd -confdir=/etc/calico/confd >$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off. turn_mesh_off # Create 4 nodes with a mesh of peerings. $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off. turn_mesh_off # Create 2 nodes, a global peering between them, and a node-specific peering between them. $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Run the node-mesh-enabled tests. for i in $(seq 1 2); do run_individual_test 'mesh/bgp-export' run_individual_test 'mesh/ipip-always' run_individual_test 'mesh/ipip-cross-subnet' run_individual_test 'mesh/ipip-off' run_individual_test 'mesh/route-reflector-mesh-enabled' run_individual_test 'mesh/static-routes' run_individual_test 'mesh/static-routes-exclude-node' run_individual_test 'mesh/communities' run_individual_test 'mesh/restart-time' done # Turn the node-mesh off. turn_mesh_off # Run the explicit peering tests. for i in $(seq 1 2); do run_individual_test 'explicit_peering/global' run_individual_test 'explicit_peering/global-external' run_individual_test 'explicit_peering/global-ipv6' run_individual_test 'explicit_peering/specific_node' run_individual_test 'explicit_peering/selectors' run_individual_test 'explicit_peering/route_reflector' run_individual_test 'explicit_peering/keepnexthop' run_individual_test 'explicit_peering/keepnexthop-global' run_individual_test 'explicit_peering/local-as-ipv6' run_individual_test 'explicit_peering/local-as-global-ipv6' run_individual_test 'explicit_peering/local-as' run_individual_test 'explicit_peering/local-as-global' done # Turn the node-mesh back on. turn_mesh_on # Kill confd. kill -9 $CONFD_PID # For KDD, kill Typha. if [ "$DATASTORE_TYPE" = kubernetes ]; then kill_typha fi } # Execute a set of tests using oneshot mode. execute_tests_oneshot() { # Note that changes to the node to node mesh config option will result in a restart of # confd, so order the tests accordingly. Since the default nodeToNodeMeshEnabled setting # is true, perform the mesh tests first. Then run the explicit peering tests - we should # see confd terminate when we turn of the mesh. for i in $(seq 1 2); do run_individual_test_oneshot 'mesh/bgp-export' run_individual_test_oneshot 'mesh/ipip-always' run_individual_test_oneshot 'mesh/ipip-cross-subnet' run_individual_test_oneshot 'mesh/ipip-off' run_individual_test_oneshot 'mesh/vxlan-always' run_individual_test_oneshot 'explicit_peering/global' run_individual_test_oneshot 'explicit_peering/specific_node' run_individual_test_oneshot 'explicit_peering/selectors' run_individual_test_oneshot 'explicit_peering/route_reflector' run_individual_test_oneshot 'explicit_peering/route_reflector_v6_by_ip' run_individual_test_oneshot 'mesh/static-routes' run_individual_test_oneshot 'mesh/static-routes-exclude-node' run_individual_test_oneshot 'mesh/communities' run_individual_test_oneshot 'mesh/restart-time' run_individual_test_oneshot 'explicit_peering/keepnexthop' run_individual_test_oneshot 'explicit_peering/keepnexthop-global' export CALICO_ROUTER_ID=10.10.10.10 run_individual_test_oneshot 'mesh/static-routes-no-ipv4-address' export -n CALICO_ROUTER_ID unset CALICO_ROUTER_ID done } # Turn the node-to-node mesh off. turn_mesh_off() { $CALICOCTL apply -f - <$LOGPATH/logss 2>&1 || true # Check the confd templates are updated. test_confd_templates $testdir # For KDD, kill Typha. if [ "$DATASTORE_TYPE" = kubernetes ]; then kill_typha fi # Remove any resource that does not need to be persisted due to test environment # limitations. echo "Preparing Calico data for next test" if [[ -f /tests/mock_data/calicoctl/${testdir}/kubectl-delete.yaml ]]; then KUBECONFIG=/home/user/certs/kubeconfig kubectl delete -f /tests/mock_data/calicoctl/${testdir}/kubectl-delete.yaml fi $CALICOCTL delete -f /tests/mock_data/calicoctl/${testdir}/delete.yaml } start_typha() { echo "Starting Typha" TYPHA_DATASTORETYPE=kubernetes \ KUBECONFIG=/home/user/certs/kubeconfig \ TYPHA_LOGSEVERITYSCREEN=debug \ TYPHA_LOGSEVERITYSYS=none \ TYPHA_LOGFILEPATH=none \ typha >$LOGPATH/typha 2>&1 & TYPHA_PID=$! # Set variables needed for confd to connect to Typha. export FELIX_TYPHAADDR=127.0.0.1:5473 export FELIX_TYPHAREADTIMEOUT=50 # Allow a little time for Typha to start up and start listening. # # If Typha isn't ready when confd tries to connect to it, confd drops a FATAL # log and exits. You might think that confd should retry, but our general # design (e.g. what Felix also does) here is to exit and be restarted by the # surrounding service framework. sleep 0.25 # Avoid getting bash's "Killed" message in the output when we kill Typha. disown %?typha } kill_typha() { echo "Killing Typha" kill -9 $TYPHA_PID 2>/dev/null } # Tests that confd generates the required set of templates for the test. # $1 would be the tests you want to run e.g. mesh/global test_confd_templates() { # Compare the templates until they match (for a max of 10s). testdir=$1 echo "Comparing with templates in $testdir" for i in $(seq 1 10); do echo "comparing templates attempt $i" && compare_templates $testdir 0 false && break || sleep 1; done compare_templates $testdir 1 ${UPDATE_EXPECTED_DATA} } # Compares the generated templates against the known good templates # $1 would be the tests you want to run e.g. mesh/global # $2 is whether or not we should output the diff results (0=no) compare_templates() { # Check the generated templates against known compiled templates. testdir=$1 output=$2 record=$3 rc=0 for f in `ls /tests/compiled_templates/${testdir}`; do if [ $f = step2 ]; then # Some tests have a "step2" subdirectory. If so, the BIRD # config in that subdir will be used when # compare_templates is called again with ${testdir}/step2. # This time through, we should skip "step2" because there # is nothing matching it in the actual generated config at # /etc/calico/confd/config/. continue fi expected=/tests/compiled_templates/${testdir}/${f} actual=/etc/calico/confd/config/${f} if ! diff --ignore-blank-lines -q ${expected} ${actual} 1>/dev/null 2>&1; then if ! $record; then rc=1; fi if [ $output -ne 0 ]; then echo "Failed: $f templates do not match, showing diff of expected vs received" set +e diff ${expected} ${actual} if $record; then echo "Updating expected result..." cp ${actual} ${expected} else echo "Copying confd rendered output to ${LOGPATH}/rendered/${f}" cp ${actual} ${LOGPATH}/rendered/${f} set -e rc=2 fi fi fi done if [ $rc -eq 2 ]; then echo "Recording failed testcase directory to ${LOGPATH}/testcase_directory.txt" echo "${testdir}" > ${LOGPATH}/testcase_directory.txt echo "Copying nodes to ${LOGPATH}/nodes.yaml" $CALICOCTL get nodes -o yaml > ${LOGPATH}/nodes.yaml echo "Copying bgp config to ${LOGPATH}/bgpconfig.yaml" $CALICOCTL get bgpconfigs -o yaml > ${LOGPATH}/bgpconfig.yaml echo "Copying bgp peers to ${LOGPATH}/bgppeers.yaml" $CALICOCTL get bgppeers -o yaml > ${LOGPATH}/bgppeers.yaml echo "Copying bgp filters to ${LOGPATH}/bgpfilters.yaml" $CALICOCTL get bgpfilters -o yaml > ${LOGPATH}/bgpfilters.yaml echo "Copying ip pools to ${LOGPATH}/ippools.yaml" $CALICOCTL get ippools -o yaml > ${LOGPATH}/ippools.yaml echo "Listing running processes" ps fi return $rc } test_router_id_hash() { export CALICO_ROUTER_ID=hash run_individual_test_oneshot 'mesh/hash' export -n CALICO_ROUTER_ID unset CALICO_ROUTER_ID } test_bgp_sourceaddr_gracefulrestart() { # Run confd as a background process. echo "Running confd as background process" NODENAME=node1 BGP_LOGSEVERITYSCREEN="debug" confd -confdir=/etc/calico/confd >$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off. turn_mesh_off # Create 2 nodes with IPs directly on a local subnet, and a # peering between them. $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Create 3 nodes and enable node mesh BGP password $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off turn_mesh_off # Create 3 nodes and peer them with TTL security $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off turn_mesh_off # Create 3 nodes and peer them using a peer selector with TTL security $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off turn_mesh_off # Create 3 nodes and peer them globally with TTL security $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Specify additional interfaces need to be ignored $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off turn_mesh_off $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off turn_mesh_off $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off turn_mesh_off # Create 3 nodes and a BGPFilter then globally pair the nodes all using the same filter $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off turn_mesh_off # Create 3 nodes, 2 BGPFilters, and 2 peerings that each use one of the filters $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off turn_mesh_off # Create 3 nodes and 2 BGPFilters then globally pair the nodes all using the same 2 filters $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off turn_mesh_off # Create 3 nodes and 2 BGPFilters then pair kube-master with each of the other 2 nodes with each peering using # both filters $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh on turn_mesh_on # Create 3 nodes and a BGPFilter $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off turn_mesh_off # Create 3 nodes and a BGPFilter then globally pair the nodes all using the same filter $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off turn_mesh_off # Create 3 nodes and a BGPFilter then globally pair the nodes all using the same filter $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off turn_mesh_off # Create 3 nodes and a BGPFilter then globally pair the nodes all using the same filter $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off turn_mesh_off # Create 3 nodes and a BGPFilter then globally pair the nodes all using the same filter $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off turn_mesh_off # Create 3 nodes and a BGPFilter then globally pair the nodes all using the same filter that contains # a very long filter name with all possible characters (eg. '.' and '-'). The significance of 45 here is # that BIRD symbol names max out at 64 chars, so 45 is the maximum filter name size after subtracting our # boilerplate content eg. "bgp_" + "[ex | im]portFilterV[4 | 6]" $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off turn_mesh_off # Create 3 nodes, 2 BGPFilters, and 2 peerings that each use one of the filters $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off turn_mesh_off # Create 3 nodes and a BGPFilter then globally pair the nodes all using the same filter $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off turn_mesh_off # Create 3 nodes, 2 BGPFilters, and 2 peerings that each use one of the filters $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off turn_mesh_off # Create 3 nodes and a BGPFilter then globally pair the nodes all using the same filter $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off turn_mesh_off # Create 3 nodes, 2 BGPFilters, and 2 peerings that each use one of the filters $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off turn_mesh_off # Create 3 nodes and a BGPFilter then globally pair the nodes all using the same filter $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off turn_mesh_off # Create 3 nodes, 2 BGPFilters, and 2 peerings that each use one of the filters $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off turn_mesh_off # Create 3 nodes and a BGPFilter then globally pair the nodes all using the same filter $CALICOCTL apply -f - < /etc/calico/confd/endpoint-status/pod1 {"ifaceName":"cali97e1defe654","ipv4Nets":["192.168.162.134/32"],"ipv6Nets":["fd00:10:244:0:586d:4461:e980:a284/128"],"bgpPeerName":"test-global-peer-with-filter"} EOF cat < /etc/calico/confd/endpoint-status/pod2 {"ifaceName":"cali97e1defe656","ipv4Nets":["192.168.162.136/32"],"ipv6Nets":["fd00:10:244:0:586d:4461:e980:a286/128"],"bgpPeerName":"test-node-peer-with-filter"} EOF # Run confd as a background process. echo "Running confd as background process" NODENAME=kube-master BGP_LOGSEVERITYSCREEN="debug" CALICO_ENDPOINT_STATUS_PATH_PREFIX="/etc/calico/confd" confd -confdir=/etc/calico/confd >$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off turn_mesh_off # Create 3 nodes and a BGPFilter then globally pair the nodes all using the same filter $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off turn_mesh_off $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off turn_mesh_off $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off turn_mesh_off $CALICOCTL apply -f - <$LOGPATH/logd1 2>&1 & CONFD_PID=$! echo "Running with PID " $CONFD_PID # Turn the node-mesh off turn_mesh_off $CALICOCTL apply -f - <