Blame - metropolis/cli/takeover/e2e/main_test.go - monogon

blob: c86a48d54633efa3d637fc3285c718bb7e4adf25 [file] [log] [blame]

Tim Windelschmidt	6d33a43	2025-02-04 14:34:25 +0100	[diff] [blame]	1	// Copyright The Monogon Project Authors.
				2	// SPDX-License-Identifier: Apache-2.0
				3
Tim Windelschmidt	7a1b27d	2024-02-22 23:54:58 +0100	[diff] [blame]	4	package e2e
				5
				6	import (
				7	"bufio"
Tim Windelschmidt	7a1b27d	2024-02-22 23:54:58 +0100	[diff] [blame]	8	"crypto/ed25519"
				9	"crypto/rand"
				10	"encoding/json"
Jan Schär	ec61a47	2025-03-24 18:54:00 +0000	[diff] [blame]	11	"errors"
Tim Windelschmidt	7a1b27d	2024-02-22 23:54:58 +0100	[diff] [blame]	12	"fmt"
Jan Schär	ec61a47	2025-03-24 18:54:00 +0000	[diff] [blame]	13	"io"
Tim Windelschmidt	7a1b27d	2024-02-22 23:54:58 +0100	[diff] [blame]	14	"net"
				15	"os"
				16	"os/exec"
Tim Windelschmidt	4bd25e8	2025-07-11 19:36:28 +0200	[diff] [blame]	17	"path/filepath"
Tim Windelschmidt	7a1b27d	2024-02-22 23:54:58 +0100	[diff] [blame]	18	"strings"
				19	"testing"
				20	"time"
				21
				22	"github.com/bazelbuild/rules_go/go/runfiles"
				23	xssh "golang.org/x/crypto/ssh"
Jan Schär	ec61a47	2025-03-24 18:54:00 +0000	[diff] [blame]	24	"golang.org/x/crypto/ssh/agent"
Tim Windelschmidt	7a1b27d	2024-02-22 23:54:58 +0100	[diff] [blame]	25	"golang.org/x/sys/unix"
Tim Windelschmidt	7a1b27d	2024-02-22 23:54:58 +0100	[diff] [blame]	26
Tim Windelschmidt	7a1b27d	2024-02-22 23:54:58 +0100	[diff] [blame]	27	"source.monogon.dev/osbase/fat32"
Jan Schär	c1b6df4	2025-03-20 08:52:18 +0000	[diff] [blame]	28	"source.monogon.dev/osbase/structfs"
Jan Schär	341cd42	2025-09-04 10:33:21 +0200	[diff] [blame]	29	"source.monogon.dev/osbase/test/freeport"
Tim Windelschmidt	7a1b27d	2024-02-22 23:54:58 +0100	[diff] [blame]	30	)
				31
				32	var (
				33	// These are filled by bazel at linking time with the canonical path of
				34	// their corresponding file. Inside the init function we resolve it
				35	// with the rules_go runfiles package to the real path.
Jan Schär	5fdca56	2025-04-14 11:33:29 +0000	[diff] [blame]	36	xImagePath string
Tim Windelschmidt	7a1b27d	2024-02-22 23:54:58 +0100	[diff] [blame]	37	xOvmfVarsPath string
				38	xOvmfCodePath string
				39	xCloudImagePath string
				40	xTakeoverPath string
Jan Schär	ec61a47	2025-03-24 18:54:00 +0000	[diff] [blame]	41	xMetroctlPath string
Tim Windelschmidt	8f1efe9	2025-04-01 01:28:43 +0200	[diff] [blame]	42	xQEMUPath string
Tim Windelschmidt	7a1b27d	2024-02-22 23:54:58 +0100	[diff] [blame]	43	)
				44
				45	func init() {
				46	var err error
				47	for _, path := range []*string{
				48	&xCloudImagePath, &xOvmfVarsPath, &xOvmfCodePath,
Jan Schär	5fdca56	2025-04-14 11:33:29 +0000	[diff] [blame]	49	&xTakeoverPath, &xImagePath, &xMetroctlPath,
Tim Windelschmidt	8f1efe9	2025-04-01 01:28:43 +0200	[diff] [blame]	50	&xQEMUPath,
Tim Windelschmidt	7a1b27d	2024-02-22 23:54:58 +0100	[diff] [blame]	51	} {
				52	path, err = runfiles.Rlocation(path)
				53	if err != nil {
				54	panic(err)
				55	}
				56	}
Tim Windelschmidt	4bd25e8	2025-07-11 19:36:28 +0200	[diff] [blame]	57	// When running QEMU with snapshot=on set, QEMU creates a copy of the
				58	// provided file in $TMPDIR. If $TMPDIR is set to /tmp, it will always
				59	// be overridden to /var/tmp. This creates an issue for us, as the
				60	// bazel tests only wire up /tmp, with /var/tmp being unaccessible
				61	// because of permissions. Bazel provides $TEST_TMPDIR for this
				62	// usecase, which we resolve to an absolute path and then override
				63	// $TMPDIR.
				64	tmpDir, err := filepath.Abs(os.Getenv("TEST_TMPDIR"))
				65	if err != nil {
				66	panic(err)
				67	}
				68	os.Setenv("TMPDIR", tmpDir)
Tim Windelschmidt	7a1b27d	2024-02-22 23:54:58 +0100	[diff] [blame]	69	}
				70
				71	const GiB = 1024 * 1024 * 1024
				72
				73	func TestE2E(t *testing.T) {
				74	pubKey, privKey, err := ed25519.GenerateKey(rand.Reader)
				75	if err != nil {
				76	t.Fatal(err)
				77	}
				78
				79	sshPubKey, err := xssh.NewPublicKey(pubKey)
				80	if err != nil {
				81	t.Fatal(err)
				82	}
				83
Jan Schär	ec61a47	2025-03-24 18:54:00 +0000	[diff] [blame]	84	keyring := agent.NewKeyring()
				85	err = keyring.Add(agent.AddedKey{
				86	PrivateKey: privKey,
				87	})
Tim Windelschmidt	7a1b27d	2024-02-22 23:54:58 +0100	[diff] [blame]	88	if err != nil {
				89	t.Fatal(err)
				90	}
				91
Jan Schär	ec61a47	2025-03-24 18:54:00 +0000	[diff] [blame]	92	// Create the socket directory. We keep it in /tmp because of socket path limits.
				93	socketDir, err := os.MkdirTemp("/tmp", "test-sockets-*")
				94	if err != nil {
				95	t.Fatalf("Failed to create socket directory: %v", err)
				96	}
				97	defer os.RemoveAll(socketDir)
				98
				99	// Start ssh agent server.
				100	sshAuthSock := socketDir + "/ssh-auth"
				101	agentListener, err := net.ListenUnix("unix", &net.UnixAddr{Name: sshAuthSock, Net: "unix"})
				102	if err != nil {
				103	t.Fatal(err)
				104	}
				105	go func() {
				106	for {
				107	conn, err := agentListener.AcceptUnix()
				108	if err != nil {
				109	return
				110	}
				111	err = agent.ServeAgent(keyring, conn)
				112	if err != nil && !errors.Is(err, io.EOF) {
				113	t.Logf("ServeAgent error: %v", err)
				114	}
				115	conn.Close()
				116	}
				117	}()
				118
Tim Windelschmidt	7a1b27d	2024-02-22 23:54:58 +0100	[diff] [blame]	119	// CloudConfig doesn't really have a rigid spec, so just put things into it
				120	cloudConfig := make(map[string]any)
				121	cloudConfig["ssh_authorized_keys"] = []string{
				122	strings.TrimSuffix(string(xssh.MarshalAuthorizedKey(sshPubKey)), "\n"),
				123	}
Jan Schär	ec61a47	2025-03-24 18:54:00 +0000	[diff] [blame]	124	cloudConfig["disable_root"] = false
Tim Windelschmidt	7a1b27d	2024-02-22 23:54:58 +0100	[diff] [blame]	125
				126	userData, err := json.Marshal(cloudConfig)
				127	if err != nil {
				128	t.Fatal(err)
				129	}
				130
Jan Schär	c1b6df4	2025-03-20 08:52:18 +0000	[diff] [blame]	131	root := structfs.Tree{
				132	structfs.File("user-data", structfs.Bytes("#cloud-config\n"+string(userData))),
				133	structfs.File("meta-data", structfs.Bytes("")),
Tim Windelschmidt	7a1b27d	2024-02-22 23:54:58 +0100	[diff] [blame]	134	}
				135	cloudInitDataFile, err := os.CreateTemp("", "cidata*.img")
				136	if err != nil {
				137	t.Fatal(err)
				138	}
				139	defer os.Remove(cloudInitDataFile.Name())
Jan Schär	c1b6df4	2025-03-20 08:52:18 +0000	[diff] [blame]	140	if err := fat32.WriteFS(cloudInitDataFile, root, fat32.Options{Label: "cidata"}); err != nil {
Tim Windelschmidt	7a1b27d	2024-02-22 23:54:58 +0100	[diff] [blame]	141	t.Fatal(err)
				142	}
				143
				144	rootDisk, err := os.CreateTemp("", "rootdisk")
				145	if err != nil {
				146	t.Fatal(err)
				147	}
				148	// Create a 10GiB sparse root disk
				149	if err := unix.Ftruncate(int(rootDisk.Fd()), 10*GiB); err != nil {
				150	t.Fatalf("ftruncate failed: %v", err)
				151	}
				152
				153	defer os.Remove(rootDisk.Name())
				154
				155	sshPort, sshPortCloser, err := freeport.AllocateTCPPort()
				156	if err != nil {
				157	t.Fatal(err)
				158	}
				159
				160	qemuArgs := []string{
				161	"-machine", "q35", "-accel", "kvm", "-nographic", "-nodefaults", "-m", "1024",
				162	"-cpu", "host", "-smp", "sockets=1,cpus=1,cores=2,threads=2,maxcpus=4",
				163	"-drive", "if=pflash,format=raw,readonly=on,file=" + xOvmfCodePath,
				164	"-drive", "if=pflash,format=raw,snapshot=on,file=" + xOvmfVarsPath,
				165	"-drive", "if=none,format=raw,cache=unsafe,id=root,file=" + rootDisk.Name(),
				166	"-drive", "if=none,format=qcow2,snapshot=on,id=cloud,cache=unsafe,file=" + xCloudImagePath,
				167	"-device", "virtio-blk-pci,drive=root,bootindex=1",
				168	"-device", "virtio-blk-pci,drive=cloud,bootindex=2",
				169	"-drive", "if=virtio,format=raw,snapshot=on,file=" + cloudInitDataFile.Name(),
				170	"-netdev", fmt.Sprintf("user,id=net0,net=10.42.0.0/24,dhcpstart=10.42.0.10,hostfwd=tcp::%d-:22", sshPort),
				171	"-device", "virtio-net-pci,netdev=net0,mac=22:d5:8e:76:1d:07",
				172	"-device", "virtio-rng-pci",
				173	"-serial", "stdio",
				174	}
Tim Windelschmidt	8f1efe9	2025-04-01 01:28:43 +0200	[diff] [blame]	175	qemuCmd := exec.Command(xQEMUPath, qemuArgs...)
Tim Windelschmidt	7a1b27d	2024-02-22 23:54:58 +0100	[diff] [blame]	176	stdoutPipe, err := qemuCmd.StdoutPipe()
				177	if err != nil {
				178	t.Fatal(err)
				179	}
Jan Schär	ec61a47	2025-03-24 18:54:00 +0000	[diff] [blame]	180	sshdStarted := make(chan struct{})
Tim Windelschmidt	7a1b27d	2024-02-22 23:54:58 +0100	[diff] [blame]	181	installSucceed := make(chan struct{})
				182	go func() {
				183	s := bufio.NewScanner(stdoutPipe)
				184	for s.Scan() {
Jan Schär	ec61a47	2025-03-24 18:54:00 +0000	[diff] [blame]	185	t.Logf("VM: %q", s.Text())
				186	if strings.Contains(s.Text(), "Started") &&
				187	strings.Contains(s.Text(), "Secure Shell server") {
				188	sshdStarted <- struct{}{}
				189	break
				190	}
				191	}
				192	for s.Scan() {
				193	t.Logf("VM: %q", s.Text())
Tim Windelschmidt	7a1b27d	2024-02-22 23:54:58 +0100	[diff] [blame]	194	if strings.Contains(s.Text(), "_TESTOS_LAUNCH_SUCCESS_") {
				195	installSucceed <- struct{}{}
				196	break
				197	}
				198	}
				199	qemuCmd.Wait()
				200	}()
				201	qemuCmd.Stderr = os.Stderr
				202	sshPortCloser.Close()
				203	if err := qemuCmd.Start(); err != nil {
				204	t.Fatal(err)
				205	}
				206	defer qemuCmd.Process.Kill()
				207
Jan Schär	ec61a47	2025-03-24 18:54:00 +0000	[diff] [blame]	208	select {
				209	case <-sshdStarted:
				210	case <-time.After(30 * time.Second):
				211	t.Fatal("Waiting for sshd start timed out")
Tim Windelschmidt	7a1b27d	2024-02-22 23:54:58 +0100	[diff] [blame]	212	}
				213
Tim Windelschmidt	0a2a940	2025-07-08 01:55:59 +0200	[diff] [blame]	214	// Create the config directory. We keep it in /tmp because of sandbox limitations.
				215	configDir, err := os.MkdirTemp("/tmp", "test-configs-*")
				216	if err != nil {
				217	t.Fatalf("Failed to create config directory: %v", err)
				218	}
				219	defer os.RemoveAll(configDir)
				220
Jan Schär	ec61a47	2025-03-24 18:54:00 +0000	[diff] [blame]	221	installArgs := []string{
				222	"install", "ssh",
				223	fmt.Sprintf("root@localhost:%d", sshPort),
				224	"--disk", "vda",
				225	"--bootstrap",
				226	"--cluster", "cluster.internal",
				227	"--takeover", xTakeoverPath,
Jan Schär	5fdca56	2025-04-14 11:33:29 +0000	[diff] [blame]	228	"--image", xImagePath,
Tim Windelschmidt	0a2a940	2025-07-08 01:55:59 +0200	[diff] [blame]	229	"--config", configDir,
Tim Windelschmidt	7a1b27d	2024-02-22 23:54:58 +0100	[diff] [blame]	230	}
Jan Schär	ec61a47	2025-03-24 18:54:00 +0000	[diff] [blame]	231	installCmd := exec.Command(xMetroctlPath, installArgs...)
				232	installCmd.Env = append(installCmd.Environ(), fmt.Sprintf("SSH_AUTH_SOCK=%s", sshAuthSock))
				233	installCmd.Stdout = os.Stdout
				234	installCmd.Stderr = os.Stderr
				235	t.Logf("Running %s", installCmd.String())
				236	if err := installCmd.Run(); err != nil {
Tim Windelschmidt	7a1b27d	2024-02-22 23:54:58 +0100	[diff] [blame]	237	t.Fatal(err)
				238	}
				239
Tim Windelschmidt	7a1b27d	2024-02-22 23:54:58 +0100	[diff] [blame]	240	select {
				241	case <-installSucceed:
				242	// Done, test passed
				243	case <-time.After(30 * time.Second):
				244	t.Fatal("Waiting for installation timed out")
				245	}
				246	}