From 53c8c0f139d2882cf3a38dcd2d936dd7265b9445 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Tue, 29 Sep 2020 21:23:23 +0200 Subject: [PATCH] tests: added reproducer for drain-server-ms failure Signed-off-by: Nikos Mavrogiannopoulos --- tests/Makefile.am | 2 +- tests/drain-server-fail | 91 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 92 insertions(+), 1 deletion(-) create mode 100755 tests/drain-server-fail diff --git a/tests/Makefile.am b/tests/Makefile.am index fd96c40f..edb7217d 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -91,7 +91,7 @@ dist_check_SCRIPTS += test-pass test-pass-cert test-cert test-group-pass \ test-gssapi test-pass-opt-cert test-cert-opt-pass test-gssapi-opt-pass \ test-gssapi-opt-cert haproxy-auth test-maintenance resumption \ test-group-name flowcontrol banner invalid-configs haproxy-proxyproto \ - haproxy-proxyproto-v1 drain-server + haproxy-proxyproto-v1 drain-server drain-server-fail if HAVE_CWRAP_PAM dist_check_SCRIPTS += test-pam test-pam-noauth diff --git a/tests/drain-server-fail b/tests/drain-server-fail new file mode 100755 index 00000000..40a2ed01 --- /dev/null +++ b/tests/drain-server-fail @@ -0,0 +1,91 @@ +#!/bin/bash +# +# Copyright (C) 2020 Nikos Mavrogiannopoulos +# +# This file is part of ocserv. +# +# ocserv is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2 of the License, or (at +# your option) any later version. +# +# ocserv is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +SERV="${SERV:-../src/ocserv}" +OCCTL="${OCCTL:-../src/occtl/occtl}" +srcdir=${srcdir:-.} +NO_NEED_ROOT=1 +PIDFILE=ocserv-pid.$$.tmp +OCCTL_SOCKET=./occtl-drain-$$.socket + +. `dirname $0`/common.sh + +eval "${GETPORT}" + +echo "Testing server-drain-ms when sec-mod abruptively fails..." + +function finish { + set +e + echo " * Cleaning up..." + test -n "${CONFIG}" && rm -f "${CONFIG}" >/dev/null 2>&1 + test -n "${PID}" && kill "${PID}" >/dev/null 2>&1 +} +trap finish EXIT + +update_config test1.config +echo server-drain-ms=15000 >> ${CONFIG} +echo "occtl-socket-file = $OCCTL_SOCKET" >> ${CONFIG} +echo "use-occtl = true" >> ${CONFIG} + +launch_simple_sr_server -d 3 -p ${PIDFILE} -f -c ${CONFIG} & PID=$! +wait_server $PID + +echo "Connecting to obtain cookie... " +( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly ) || + fail $PID "Could not receive cookie from server" + +if ! test -f ${PIDFILE};then + fail $PID "Could not find pid file ${PIDFILE}" +fi + + +SPID=$(${OCCTL} -s ${OCCTL_SOCKET} show status|grep -i "Sec-mod PID"|cut -d ':' -f 2) +if test -z "${SPID}";then + echo "Could not detect sec-mod PID" + ${OCCTL} -s ${OCCTL_SOCKET} show status + exit 1 +fi + +echo "Killing sec-mod" +kill -15 ${SPID} + +function wait_ocserv { + local max_time=$1 + local time=0 + + while [ ${time} -lt ${max_time} ] + do + sleep 5 + test -e ${OCCTL_SOCKET} + if ! test $? = 0;then + echo "ocserv is down" + return 0 + fi + let time+=5 + done + + #timeout + echo "ocserv did not get offline after ${time} secs" + kill -9 $(cat $PIDFILE) + exit 1 +} + +wait_ocserv 30 + +exit 0