flo/nsupdate.info
1
0
Fork 0
Code Issues 1 Pull Requests 2 Packages Releases Activity

travis: test on trusty with sudo, against local bind9 dns

Browse Source
This commit is contained in:
Thomas Waldmann 2016-08-14 00:22:59 +02:00
parent c2a3d2da78
commit d7a8d9c214
8 changed files with 146 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
.travis.yml
View File

@ -1,33 +1,44 @@
sudo: required
language: python
os: linux
dist: trusty
python:
- "2.7"
- "pypy"
- "3.4"
- "3.5"
env:
global:
- SECRET_KEY=justfortravis
- DNS_RESOLVER_TIMEOUT=15.0
- DNS_UPDATE_TIMEOUT=30.0
- TEST_K="not dnstools and not ddns_client"
- TEST_K="not ddns_client"
- TEST_OPTS=""
- COVERAGE=""
matrix:
- DJANGO=1.8.1
matrix:
exclude:
- python: "2.7"
env: DJANGO=1.8.1
include:
- python: "2.7"
env: DJANGO=1.8.1 COVERAGE="coverage run -m" TEST_K="" TEST_OPTS="--pep8"
env: DJANGO=1.8.1 COVERAGE="coverage run -m" TEST_K="not ddns_client" TEST_OPTS="--pep8"
install:
- "pip install Django==$DJANGO"
- "pip install -r requirements.d/travis.txt"
- "pip install -e ."
- ./scripts/travis/install.sh
script: $COVERAGE py.test $TEST_OPTS -k "$TEST_K" -m "not requires_sequential"
after_success:
- coveralls
notifications:
email:
recipients:

2
conftest.py
View File

@ -19,7 +19,7 @@ TEST_HOST2 = FQDN('test%db' % randint(1, 1000000), TESTDOMAIN)
TEST_SECRET2 = "somethingelse"
RELATED_HOST_NAME = 'rh'
TEST_HOST_RELATED = FQDN(RELATED_HOST_NAME + '.' + TEST_HOST.host, TEST_HOST.domain)
NAMESERVER_IP = "85.10.192.104"
NAMESERVER_IP = "127.0.0.1"
NAMESERVER2_IP = NAMESERVER_IP # use same server as tests query shortly after update, too quick for secondary
NAMESERVER_UPDATE_ALGORITHM = "HMAC_SHA512"
# no problem, you can ONLY update the TESTDOMAIN with this secret, nothing else:

1
requirements.d/travis.txt
View File

@ -6,3 +6,4 @@ pytest
pytest-django
pytest-pep8
coveralls
coverage

64
scripts/travis/etc/bind/named.conf.local Normal file
View File

@ -0,0 +1,64 @@
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
logging {
channel bind.log {
file "/var/lib/bind/bind.log";
// Set the severity to dynamic to see all the debug messages.
severity debug 3;
};
category update { bind.log; };
category update-security { bind.log; };
category security { bind.log; };
category dnssec { bind.log; };
};
key "nsupdate.info." {
algorithm hmac-sha512;
secret "YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYQ==";
};
key "tests.nsupdate.info." {
algorithm hmac-sha512;
secret "YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYQ==";
};
zone "nsupdate.info" {
type master;
file "/etc/bind/zones/nsupdate.info";
update-policy {
// these "deny" entries are needed for the service domain,
// if you add another domain, you may want to check the need
// for other "deny" entries if the zone is not fully available.
// we don't allow updates to the infrastructure hosts:
deny nsupdate.info. name nsupdate.info;
deny nsupdate.info. name www.nsupdate.info;
deny nsupdate.info. name ipv4.nsupdate.info;
deny nsupdate.info. name ipv6.nsupdate.info;
// this host is for testing if the nameserver is configured correctly and reachable
grant nsupdate.info. name connectivity-test.nsupdate.info A;
// but we allow updates to any other host:
grant nsupdate.info. subdomain nsupdate.info;
};
};
zone "tests.nsupdate.info" {
type master;
file "/etc/bind/zones/tests.nsupdate.info";
update-policy {
// these "deny" entries are needed for the service domain,
// if you add another domain, you may want to check the need
// for other "deny" entries if the zone is not fully available.
// we don't allow updates to the infrastructure hosts:
deny tests.nsupdate.info. name tests.nsupdate.info;
deny tests.nsupdate.info. name www.tests.nsupdate.info;
deny tests.nsupdate.info. name ipv4.tests.nsupdate.info;
deny tests.nsupdate.info. name ipv6.tests.nsupdate.info;
// but we allow updates to any other host:
grant tests.nsupdate.info. subdomain tests.nsupdate.info;
};
};

19
scripts/travis/etc/bind/zones/nsupdate.info Normal file
View File

@ -0,0 +1,19 @@
$ORIGIN .
$TTL 3600 ; 1 hour
nsupdate.info IN SOA ns1.nsupdate.info. root.nsupdate.info. (
2016081401 ; serial
7200 ; refresh (2 hours)
1800 ; retry (30 minutes)
604800 ; expire (1 week)
60 ; minimum (1 minute)
)
NS 127.0.0.1.
A 127.0.0.1
AAAA ::1
$ORIGIN nsupdate.info.
$TTL 3600 ; 1 hour
ipv4 A 1.2.3.4
ipv6 AAAA ::1
www A 1.2.3.4
AAAA ::1

18
scripts/travis/etc/bind/zones/tests.nsupdate.info Normal file
View File

@ -0,0 +1,18 @@
$ORIGIN .
$TTL 3600 ; 1 hour
tests.nsupdate.info IN SOA ns1.tests.nsupdate.info. root.tests.nsupdate.info. (
2016081401 ; serial
7200 ; refresh (2 hours)
1800 ; retry (30 minutes)
604800 ; expire (1 week)
60 ; minimum (1 minute)
)
NS 127.0.0.1.
A 127.0.0.1
AAAA ::1
$ORIGIN tests.nsupdate.info.
ipv4 A 1.2.3.4
ipv6 AAAA ::1
www A 1.2.3.4
AAAA ::1

3
scripts/travis/etc/resolv.conf Normal file
View File

@ -0,0 +1,3 @@
nameserver 127.0.0.1
# nameserver 169.254.169.254
# search c.travis-ci-prod-5.internal google.internal

24
scripts/travis/install.sh Executable file
View File

@ -0,0 +1,24 @@
#!/bin/bash
# we install a local bind9 to run the tests against:
sudo apt-get -y install bind9 dnsutils e2fsprogs
sudo ln -s /var/lib/bind /etc/bind/zones
sudo cp scripts/travis/etc/bind/named.conf.local /etc/bind/
sudo chown bind.bind /etc/bind/named.conf.local
sudo cp scripts/travis/etc/bind/zones/* /etc/bind/zones/
sudo chown bind.bind /etc/bind/zones/*
sudo service bind9 restart
sudo dpkg -P ubuntu-minimal resolvconf
sudo rm -f /etc/resolv.conf
sudo cp scripts/travis/etc/resolv.conf /etc/
sudo chattr +i /etc/resolv.conf
#dig @127.0.0.1 nsupdate.info SOA
#dig @127.0.0.1 tests.nsupdate.info SOA
#sudo netstat -tulpen | grep 53
pip install Django==$DJANGO
pip install -r requirements.d/travis.txt
pip install -e .