Class: Gitlab::QA::Scenario::Test::Instance::Airgapped

Inherits:

Gitlab::QA::Scenario::Template

• Object
• Gitlab::QA::Scenario::Template
• Gitlab::QA::Scenario::Test::Instance::Airgapped

Defined in:

lib/gitlab/qa/scenario/test/instance/airgapped.rb

Instance Attribute Summary

• #commands ⇒ Object

  Returns the value of attribute commands.

Instance Method Summary

• #initialize ⇒ Airgapped constructor

  A new instance of Airgapped.

• #perform(release, *rspec_args) ⇒ Object

Methods inherited from Gitlab::QA::Scenario::Template

perform

Constructor Details

#initialize ⇒ Airgapped

Returns a new instance of Airgapped.

# File 'lib/gitlab/qa/scenario/test/instance/airgapped.rb', line 10

def initialize
  gitlab_ip = Resolv.getaddress('registry.gitlab.com')
  @commands = <<~AIRGAP_AND_VERIFY_COMMAND.split(/\n+/)
    # Should not fail before airgapping due to eg. DNS failure
    # Ping and wget check
    apt-get update && apt-get install -y iptables netcat
    nc -zv -w 10 #{gitlab_ip} 80 && (echo \"Regular connectivity netcat check passed.\" && exit 0) || (echo \"Regular connectivity netcat check failed.\" && exit 1)
    echo "Checking regular connectivity..." \
      && wget --retry-connrefused --waitretry=1 --read-timeout=15 --timeout=10 -t 2 http://registry.gitlab.com > /dev/null 2>&1 \
      && (echo "Regular connectivity wget check passed." && exit 0) || (echo "Regular connectivity wget check failed." && exit 1)

    iptables -P INPUT DROP && iptables -P OUTPUT DROP
    iptables -A INPUT -i lo -j ACCEPT && iptables -A OUTPUT -o lo -j ACCEPT # LOOPBACK
    iptables -I INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
    iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

    # Jenkins on port 8080 and 50000
    iptables -A OUTPUT -p tcp -m tcp --dport 8080 -m state --state NEW,ESTABLISHED -j ACCEPT \
      && iptables -A OUTPUT -p tcp -m tcp --dport 50000 -m state --state NEW,ESTABLISHED -j ACCEPT
    iptables -A OUTPUT -p tcp -m tcp --sport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
    iptables -A OUTPUT -p tcp -m tcp --sport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT

    # Should now fail to ping and wget, port 80 should be open
    nc -zv -w 10 #{gitlab_ip} 80 && (echo \"Airgapped network faulty. Connectivity netcat check failed.\" && exit 1) || (echo \"Connectivity netcat check passed.\" && exit 0)
    nc -zv -w 10 127.0.0.1 22 && (echo "Airgapped connectivity port 22 check passed." && exit 0) || (echo "Airgapped connectivity port 22 check failed." && exit 1)
    nc -zv -w 10 127.0.0.1 80 && (echo "Airgapped connectivity port 80 check passed." && exit 0) || (echo "Airgapped connectivity port 80 check failed." && exit 1)
    echo "Checking airgapped connectivity..." \
      && wget --retry-connrefused --waitretry=1 --read-timeout=15 --timeout=10 -t 2 http://registry.gitlab.com > /dev/null 2>&1 \
      && (echo "Airgapped network faulty. Connectivity wget check failed." && exit 1) || (echo "Airgapped network confirmed. Connectivity wget check passed." && exit 0)
  AIRGAP_AND_VERIFY_COMMAND
end

Instance Attribute Details

#commands ⇒ Object

Returns the value of attribute commands.

# File 'lib/gitlab/qa/scenario/test/instance/airgapped.rb', line 8

def commands
  @commands
end

Instance Method Details

#perform(release, *rspec_args) ⇒ Object

# File 'lib/gitlab/qa/scenario/test/instance/airgapped.rb', line 44

def perform(release, *rspec_args)
  Component::Gitlab.perform do |gitlab|
    gitlab.release = release
    gitlab.network = 'test'
    gitlab.runner_network = 'airgapped'
    gitlab.exec_commands = @commands
    rspec_args << "--" unless rspec_args.include?('--')
    rspec_args << %w[--tag ~orchestrated]
    gitlab.instance do
      Component::Specs.perform do |specs|
        specs.suite = 'Test::Instance::Airgapped'
        specs.release = gitlab.release
        specs.network = gitlab.network
        specs.runner_network = gitlab.runner_network
        specs.args = [gitlab.address, *rspec_args]
      end
    end
  end
end