Merge pull request #274 from ThomasWaldmann/travis-with-bind

travis: test on trusty with sudo, against local bind9 dns

.travis.yml

@@ -1,33 +1,44 @@
+sudo: required
+
 language: python
+
+os: linux
+
+dist: trusty
+
 python:
     - "2.7"
     - "pypy"
     - "3.4"
     - "3.5"
+
 env:
     global:
       - SECRET_KEY=justfortravis
       - DNS_RESOLVER_TIMEOUT=15.0
       - DNS_UPDATE_TIMEOUT=30.0
-      - TEST_K="not dnstools and not ddns_client"
+      - TEST_K="not ddns_client"
       - TEST_OPTS=""
       - COVERAGE=""
     matrix:
       - DJANGO=1.8.1
+
 matrix:
   exclude:
     - python: "2.7"
       env: DJANGO=1.8.1
   include:
     - python: "2.7"
-      env: DJANGO=1.8.1 COVERAGE="coverage run -m" TEST_K="" TEST_OPTS="--pep8"
+      env: DJANGO=1.8.1 COVERAGE="coverage run -m" TEST_K="not ddns_client" TEST_OPTS="--pep8"
+
 install:
-    - "pip install Django==$DJANGO"
+    - ./scripts/travis/install.sh
-    - "pip install -r requirements.d/travis.txt"
+
-    - "pip install -e ."
 script: $COVERAGE py.test $TEST_OPTS -k "$TEST_K" -m "not requires_sequential"
+
 after_success:
     - coveralls
+
 notifications:
     email:
         recipients:

conftest.py

@@ -19,7 +19,7 @@ TEST_HOST2 = FQDN('test%db' % randint(1, 1000000), TESTDOMAIN)
 TEST_SECRET2 = "somethingelse"
 RELATED_HOST_NAME = 'rh'
 TEST_HOST_RELATED = FQDN(RELATED_HOST_NAME + '.' + TEST_HOST.host, TEST_HOST.domain)
-NAMESERVER_IP = "85.10.192.104"
+NAMESERVER_IP = "127.0.0.1"
 NAMESERVER2_IP = NAMESERVER_IP  # use same server as tests query shortly after update, too quick for secondary
 NAMESERVER_UPDATE_ALGORITHM = "HMAC_SHA512"
 # no problem, you can ONLY update the TESTDOMAIN with this secret, nothing else:

requirements.d/travis.txt

@@ -6,3 +6,4 @@ pytest
 pytest-django
 pytest-pep8
 coveralls
+coverage

scripts/travis/etc/bind/named.conf.local

@@ -0,0 +1,64 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+logging {
+    channel bind.log {
+        file "/var/lib/bind/bind.log";
+        // Set the severity to dynamic to see all the debug messages.
+        severity debug 3;
+    };
+    category update { bind.log; };
+    category update-security { bind.log; };
+    category security { bind.log; };
+    category dnssec { bind.log; };
+};
+
+key "nsupdate.info." {
+        algorithm hmac-sha512;
+        secret "YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYQ==";
+};
+
+key "tests.nsupdate.info." {
+        algorithm hmac-sha512;
+        secret "YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYQ==";
+};
+
+zone "nsupdate.info" {
+        type master;
+        file "/etc/bind/zones/nsupdate.info";
+        update-policy {
+            // these "deny" entries are needed for the service domain,
+            // if you add another domain, you may want to check the need
+            // for other "deny" entries if the zone is not fully available.
+            // we don't allow updates to the infrastructure hosts:
+            deny  nsupdate.info.      name      nsupdate.info;
+            deny  nsupdate.info.      name  www.nsupdate.info;
+            deny  nsupdate.info.      name ipv4.nsupdate.info;
+            deny  nsupdate.info.      name ipv6.nsupdate.info;
+            // this host is for testing if the nameserver is configured correctly and reachable
+            grant nsupdate.info.      name connectivity-test.nsupdate.info A;
+            // but we allow updates to any other host:
+            grant nsupdate.info. subdomain nsupdate.info;
+        };
+};
+
+zone "tests.nsupdate.info" {
+        type master;
+        file "/etc/bind/zones/tests.nsupdate.info";
+        update-policy {
+            // these "deny" entries are needed for the service domain,
+            // if you add another domain, you may want to check the need
+            // for other "deny" entries if the zone is not fully available.
+            // we don't allow updates to the infrastructure hosts:
+            deny  tests.nsupdate.info.      name      tests.nsupdate.info;
+            deny  tests.nsupdate.info.      name  www.tests.nsupdate.info;
+            deny  tests.nsupdate.info.      name ipv4.tests.nsupdate.info;
+            deny  tests.nsupdate.info.      name ipv6.tests.nsupdate.info;
+            // but we allow updates to any other host:
+            grant tests.nsupdate.info. subdomain tests.nsupdate.info;
+        };
+};

scripts/travis/etc/bind/zones/nsupdate.info

@@ -0,0 +1,19 @@
+$ORIGIN .
+$TTL 3600	; 1 hour
+nsupdate.info		IN SOA	ns1.nsupdate.info. root.nsupdate.info. (
+				2016081401 ; serial
+				7200       ; refresh (2 hours)
+				1800       ; retry (30 minutes)
+				604800     ; expire (1 week)
+				60         ; minimum (1 minute)
+				)
+			NS	127.0.0.1.
+			A	127.0.0.1
+			AAAA	::1
+
+$ORIGIN nsupdate.info.
+$TTL 3600	; 1 hour
+ipv4			A	1.2.3.4
+ipv6			AAAA	::1
+www	    		A	1.2.3.4
+		    	AAAA	::1

scripts/travis/etc/bind/zones/tests.nsupdate.info

@@ -0,0 +1,18 @@
+$ORIGIN .
+$TTL 3600	; 1 hour
+tests.nsupdate.info	IN SOA	ns1.tests.nsupdate.info. root.tests.nsupdate.info. (
+				2016081401 ; serial
+				7200       ; refresh (2 hours)
+				1800       ; retry (30 minutes)
+				604800     ; expire (1 week)
+				60         ; minimum (1 minute)
+				)
+			NS	127.0.0.1.
+			A	127.0.0.1
+			AAAA	::1
+
+$ORIGIN tests.nsupdate.info.
+ipv4			A	1.2.3.4
+ipv6			AAAA	::1
+www	    		A	1.2.3.4
+		    	AAAA	::1

scripts/travis/etc/resolv.conf

@@ -0,0 +1,3 @@
+nameserver 127.0.0.1
+# nameserver 169.254.169.254
+# search c.travis-ci-prod-5.internal google.internal

scripts/travis/install.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# we install a local bind9 to run the tests against:
+sudo apt-get -y install bind9 dnsutils e2fsprogs
+
+sudo ln -s /var/lib/bind /etc/bind/zones
+sudo cp scripts/travis/etc/bind/named.conf.local /etc/bind/
+sudo chown bind.bind /etc/bind/named.conf.local
+sudo cp scripts/travis/etc/bind/zones/* /etc/bind/zones/
+sudo chown bind.bind /etc/bind/zones/*
+sudo service bind9 restart
+
+sudo dpkg -P ubuntu-minimal resolvconf
+sudo rm -f /etc/resolv.conf
+sudo cp scripts/travis/etc/resolv.conf /etc/
+sudo chattr +i /etc/resolv.conf
+
+#dig @127.0.0.1 nsupdate.info SOA
+#dig @127.0.0.1 tests.nsupdate.info SOA
+#sudo netstat -tulpen | grep 53
+
+pip install Django==$DJANGO
+pip install -r requirements.d/travis.txt
+pip install -e .