From 410a3c9087b0c2ca01cf55a23c5875e66195c90f Mon Sep 17 00:00:00 2001 From: Tim Kimber Date: Wed, 5 Feb 2020 12:51:43 +0000 Subject: [PATCH 1/5] Fix epoch_date for busybox and json_awk for gawk v5 --- getssl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/getssl b/getssl index 810a30a..c1bb890 100755 --- a/getssl +++ b/getssl @@ -716,7 +716,7 @@ date_epoc() { # convert the date into epoch time elif [[ "$os" == "mac" ]]; then date -j -f "%b %d %T %Y %Z" "$1" +%s elif [[ "$os" == "busybox" ]]; then - de_ld=$(echo "$1" | awk '{print $1 $2 $3 $4}') + de_ld=$(echo "$1" | awk '{print $1 " " $2 " " $3 " " $4}') date -D "%b %d %T %Y" -d "$de_ld" +%s else date -d "$1" +%s @@ -1174,7 +1174,7 @@ function scream(msg) { function tokenize(a1,pq,pb,ESCAPE,CHAR,STRING,NUMBER,KEYWORD,SPACE) { SPACE="[[:space:]]+" - gsub(/\"[^[:cntrl:]\"\\]*((\\[^u[:cntrl:]]|\\u[0-9a-fA-F]{4})[^[:cntrl:]\"\\]*)*\"|-?(0|[1-9][0-9]*)([.][0-9]*)?([eE][+-]?[0-9]*)?|null|false|true|[[:space:]]+|./, "\n&", a1) + gsub(/"[^[:cntrl:]"\\]*((\\[^u[:cntrl:]]|\\u[0-9a-fA-F]{4})[^[:cntrl:]"\\]*)*"|-?(0|[1-9][0-9]*)([.][0-9]*)?([eE][+-]?[0-9]*)?|null|false|true|[[:space:]]+|./, "\n&", a1) gsub("\n" SPACE, "\n", a1) sub(/^\n/, "", a1) ITOKENS=0 # get_token() helper From 886b456ae338a7bfa800ea27d697e68ce39ed6f7 Mon Sep 17 00:00:00 2001 From: Tim Kimber Date: Wed, 5 Feb 2020 12:52:25 +0000 Subject: [PATCH 2/5] Test improvements and add Alpine Linux --- docker-compose.yml | 33 ++++++++++++++++++--- test/Dockerfile-alpine | 20 +++++++++++++ test/Dockerfile-centos6 | 2 +- test/Dockerfile-ubuntu18 | 2 +- test/Dockerfile-ubuntu18-no-gawk | 2 +- test/alpine-supervisord.conf | 14 +++++++++ test/restart-nginx | 8 +++++ test/test-config/getssl-dns01.cfg | 29 +++--------------- test/test-config/getssl-http01-10-hosts.cfg | 8 ++--- test/test-config/getssl-http01.cfg | 30 ++----------------- test/test_helper.bash | 3 +- 11 files changed, 86 insertions(+), 65 deletions(-) create mode 100644 test/Dockerfile-alpine create mode 100644 test/alpine-supervisord.conf create mode 100644 test/restart-nginx diff --git a/docker-compose.yml b/docker-compose.yml index 97bb1e5..ebd5369 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,8 +7,6 @@ services: environment: # with Go 1.13.x which defaults TLS 1.3 to on GODEBUG: "tls13=1" - # Don't re-use authorisations (breaks force renew test scripts) - # PEBBLE_AUTHZREUSE: "0" ports: - 14000:14000 # HTTPS ACME API - 15000:15000 # HTTPS Management API @@ -77,6 +75,33 @@ services: - i.centos6.getssl.test - j.centos6.getssl.test - k.centos6.getssl.test + getssl-alpine: + build: + context: . + dockerfile: test/Dockerfile-alpine + container_name: getssl-alpine + volumes: + - .:/getssl + environment: + GETSSL_HOST: alpine.getssl.test + GETSSL_IP: 10.30.50.6 + NGINX_CONFIG: /etc/nginx/conf.d/default.conf + networks: + acmenet: + ipv4_address: 10.30.50.6 + aliases: + - alpine.getssl.test + - a.alpine.getssl.test + - b.alpine.getssl.test + - c.alpine.getssl.test + - d.alpine.getssl.test + - e.alpine.getssl.test + - f.alpine.getssl.test + - g.alpine.getssl.test + - h.alpine.getssl.test + - i.alpine.getssl.test + - j.alpine.getssl.test + - k.alpine.getssl.test getssl-ubuntu18-no-gawk: build: context: . @@ -86,12 +111,12 @@ services: - .:/getssl environment: GETSSL_HOST: ubuntu18-no-gawk.getssl.test - GETSSL_IP: 10.30.50.6 + GETSSL_IP: 10.30.50.7 NGINX_CONFIG: /etc/nginx/sites-enabled/default TEST_AWK: "yes" networks: acmenet: - ipv4_address: 10.30.50.6 + ipv4_address: 10.30.50.7 aliases: - ubuntu18-no-gawk.getssl.test diff --git a/test/Dockerfile-alpine b/test/Dockerfile-alpine new file mode 100644 index 0000000..e9ee6c3 --- /dev/null +++ b/test/Dockerfile-alpine @@ -0,0 +1,20 @@ +FROM alpine:latest + +RUN apk --no-cache add supervisor openssl git curl bind-tools wget gawk nginx bash +# RUN apk --no-cache add vim dos2unix # for debugging + +WORKDIR /root +RUN mkdir /run/nginx +RUN mkdir /etc/nginx/pki +RUN mkdir /etc/nginx/pki/private +COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default +COPY ./test/alpine-supervisord.conf /etc/supervisord.conf + +# BATS (Bash Automated Testings) +RUN git clone https://github.com/bats-core/bats-core.git /bats-core +RUN git clone https://github.com/jasonkarns/bats-support /bats-support +RUN git clone https://github.com/jasonkarns/bats-assert-1 /bats-assert +RUN /bats-core/install.sh /usr/local + +# Use supervisord to run nginx in the background +ENTRYPOINT /usr/bin/supervisord -c /etc/supervisord.conf diff --git a/test/Dockerfile-centos6 b/test/Dockerfile-centos6 index f370a0b..a82bf1f 100644 --- a/test/Dockerfile-centos6 +++ b/test/Dockerfile-centos6 @@ -19,4 +19,4 @@ RUN /bats-core/install.sh /usr/local EXPOSE 80 443 # Run eternal loop - for testing -CMD ["/bin/bash", "-c", "while :; do sleep 10; done"] +CMD tail -f /dev/null diff --git a/test/Dockerfile-ubuntu18 b/test/Dockerfile-ubuntu18 index 1b3765c..31554cd 100644 --- a/test/Dockerfile-ubuntu18 +++ b/test/Dockerfile-ubuntu18 @@ -25,4 +25,4 @@ RUN /bats-core/install.sh /usr/local EXPOSE 80 443 # Run eternal loop - for testing -CMD ["/bin/bash", "-c", "while :; do sleep 10; done"] +CMD tail -f /dev/null diff --git a/test/Dockerfile-ubuntu18-no-gawk b/test/Dockerfile-ubuntu18-no-gawk index 809708a..3eb9732 100644 --- a/test/Dockerfile-ubuntu18-no-gawk +++ b/test/Dockerfile-ubuntu18-no-gawk @@ -14,4 +14,4 @@ RUN git clone https://github.com/jasonkarns/bats-assert-1 /bats-assert RUN /bats-core/install.sh /usr/local # Run eternal loop - for testing -CMD ["/bin/bash", "-c", "while :; do sleep 10; done"] +CMD tail -f /dev/null diff --git a/test/alpine-supervisord.conf b/test/alpine-supervisord.conf new file mode 100644 index 0000000..8eec585 --- /dev/null +++ b/test/alpine-supervisord.conf @@ -0,0 +1,14 @@ +[supervisord] +nodaemon=true +logfile=/tmp/supervisord.log +childlogdir=/tmp +pidfile = /tmp/supervisord.pid + +[program:nginx] +command=nginx -g 'daemon off;' +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 +autorestart=false +startretries=0 diff --git a/test/restart-nginx b/test/restart-nginx new file mode 100644 index 0000000..d35f60f --- /dev/null +++ b/test/restart-nginx @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +if [ "$GETSSL_HOST" = "alpine.getssl.test" ]; then + killall -HUP nginx >&3- + sleep 5 +else + service nginx restart >&3- +fi diff --git a/test/test-config/getssl-dns01.cfg b/test/test-config/getssl-dns01.cfg index 790dee2..98637b0 100644 --- a/test/test-config/getssl-dns01.cfg +++ b/test/test-config/getssl-dns01.cfg @@ -2,35 +2,17 @@ # see https://github.com/srvrco/getssl/wiki/Config-variables for details # see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs # -# The staging server is best for testing -#CA="https://acme-staging.api.letsencrypt.org" -# This server issues full certificates, however has rate limits -#CA="https://acme-v01.api.letsencrypt.org" CA="https://pebble:14000/dir" VALIDATE_VIA_DNS=true DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_challtestsrv" DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_challtestsrv" -# AUTH_DNS_SERVER=10.30.50.3 - -#PRIVATE_KEY_ALG="rsa" # Additional domains - this could be multiple domains / subdomains in a comma separated list -# Note: this is Additional domains - so should not include the primary domain. SANS="" # Acme Challenge Location. The first line for the domain, the following ones for each additional domain. -# If these start with ssh: then the next variable is assumed to be the hostname and the rest the location. -# An ssh key will be needed to provide you with access to the remote server. -# Optionally, you can specify a different userid for ssh/scp to use on the remote server before the @ sign. -# If left blank, the username on the local server will be used to authenticate against the remote server. -# If these start with ftp: then the next variables are ftpuserid:ftppassword:servername:ACL_location -# These should be of the form "/path/to/your/website/folder/.well-known/acme-challenge" -# where "/path/to/your/website/folder/" is the path, on your web server, to the web root for your domain. ACL=('/var/www/html/.well-known/acme-challenge') -# 'ssh:server5:/var/www/getssltest.hopto.org/web/.well-known/acme-challenge' -# 'ssh:sshuserid@server5:/var/www/getssltest.hopto.org/web/.well-known/acme-challenge' -# 'ftp:ftpuserid:ftppassword:getssltest.hopto.org:/web/.well-known/acme-challenge') #Set USE_SINGLE_ACL="true" to use a single ACL for all checks USE_SINGLE_ACL="false" @@ -44,11 +26,8 @@ DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert # The command needed to reload apache / nginx or whatever you use -RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && service nginx restart >&3-" +RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx" -# Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp, -# smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which -# will be checked for certificate expiry and also will be checked after -# an update to confirm correct certificate is running (if CHECK_REMOTE) is set to true -#SERVER_TYPE="https" -#CHECK_REMOTE="true" +# Define the server type and confirm correct certificate is installed +SERVER_TYPE="https" +CHECK_REMOTE="true" diff --git a/test/test-config/getssl-http01-10-hosts.cfg b/test/test-config/getssl-http01-10-hosts.cfg index f521d52..d5c364e 100644 --- a/test/test-config/getssl-http01-10-hosts.cfg +++ b/test/test-config/getssl-http01-10-hosts.cfg @@ -5,7 +5,6 @@ CA="https://pebble:14000/dir" # Additional domains - this could be multiple domains / subdomains in a comma separated list -# Note: this is Additional domains - so should not include the primary domain. SANS="a.${GETSSL_HOST},b.${GETSSL_HOST},c.${GETSSL_HOST},d.${GETSSL_HOST},e.${GETSSL_HOST},f.${GETSSL_HOST},g.${GETSSL_HOST},h.${GETSSL_HOST},i.${GETSSL_HOST},j.${GETSSL_HOST},k.${GETSSL_HOST}" # Acme Challenge Location. @@ -22,7 +21,8 @@ DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert # The command needed to reload apache / nginx or whatever you use -RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && service nginx restart >&3-" +RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx" -#SERVER_TYPE="https" -#CHECK_REMOTE="true" +# Define the server type and confirm correct certificate is installed +SERVER_TYPE="https" +CHECK_REMOTE="true" diff --git a/test/test-config/getssl-http01.cfg b/test/test-config/getssl-http01.cfg index 305dd49..f7d75ea 100644 --- a/test/test-config/getssl-http01.cfg +++ b/test/test-config/getssl-http01.cfg @@ -2,34 +2,13 @@ # see https://github.com/srvrco/getssl/wiki/Config-variables for details # see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs # -# The staging server is best for testing -#CA="https://acme-staging.api.letsencrypt.org" -# This server issues full certificates, however has rate limits -#CA="https://acme-v01.api.letsencrypt.org" CA="https://pebble:14000/dir" -#VALIDATE_VIA_DNS=true -#DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_challtestsrv" -#DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_challtestsrv" - -#PRIVATE_KEY_ALG="rsa" - # Additional domains - this could be multiple domains / subdomains in a comma separated list -# Note: this is Additional domains - so should not include the primary domain. SANS="" -# Acme Challenge Location. The first line for the domain, the following ones for each additional domain. -# If these start with ssh: then the next variable is assumed to be the hostname and the rest the location. -# An ssh key will be needed to provide you with access to the remote server. -# Optionally, you can specify a different userid for ssh/scp to use on the remote server before the @ sign. -# If left blank, the username on the local server will be used to authenticate against the remote server. -# If these start with ftp: then the next variables are ftpuserid:ftppassword:servername:ACL_location -# These should be of the form "/path/to/your/website/folder/.well-known/acme-challenge" -# where "/path/to/your/website/folder/" is the path, on your web server, to the web root for your domain. +# Acme Challenge Location. ACL=('/var/www/html/.well-known/acme-challenge') -# 'ssh:server5:/var/www/getssltest.hopto.org/web/.well-known/acme-challenge' -# 'ssh:sshuserid@server5:/var/www/getssltest.hopto.org/web/.well-known/acme-challenge' -# 'ftp:ftpuserid:ftppassword:getssltest.hopto.org:/web/.well-known/acme-challenge') #Set USE_SINGLE_ACL="true" to use a single ACL for all checks USE_SINGLE_ACL="false" @@ -43,11 +22,8 @@ DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert # The command needed to reload apache / nginx or whatever you use -RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && service nginx restart >&3-" +RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx" -# Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp, -# smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which -# will be checked for certificate expiry and also will be checked after -# an update to confirm correct certificate is running (if CHECK_REMOTE) is set to true +# Define the server type and confirm correct certificate is installed SERVER_TYPE="https" CHECK_REMOTE="true" diff --git a/test/test_helper.bash b/test/test_helper.bash index 6f506fd..0ac9a43 100644 --- a/test/test_helper.bash +++ b/test/test_helper.bash @@ -19,7 +19,7 @@ setup_environment() { curl -X POST -d '{"host":"'"$GETSSL_HOST"'", "addresses":["'"$GETSSL_IP"'"]}' http://10.30.50.3:8055/add-a cp ${CODE_DIR}/test/test-config/nginx-ubuntu-no-ssl ${NGINX_CONFIG} - service nginx restart >&3- + /getssl/test/restart-nginx } @@ -40,5 +40,4 @@ create_certificate() { # Create certificate cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg" run ${CODE_DIR}/getssl "$GETSSL_HOST" - #!FIXME test certificate has been placed in the expected location } From 978de4bda0a088478a447d80f802e3f48565d66e Mon Sep 17 00:00:00 2001 From: Robert de Bath Date: Thu, 6 Feb 2020 06:30:34 +0000 Subject: [PATCH 3/5] Change -debug=1 to -debug for nslookup Debian dnsutils 1:9.11.5.P4+dfsg-5.1 errors on -debug=1 Dnsutils version 1:9.10.3.dfsg.P4-12.3+deb9u4 and version 1:9.2.1-2.woody.2 (from 2003) accept both -debug=1 and -debug so I've changed this globally. --- getssl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/getssl b/getssl index c1bb890..2f1a26b 100755 --- a/getssl +++ b/getssl @@ -813,7 +813,7 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n return fi - res=$(nslookup -debug=1 -type=soa -type=ns "$gad_d" ${gad_s}) + res=$(nslookup -debug -type=soa -type=ns "$gad_d" ${gad_s}) if [[ "$(echo "$res" | grep -c "Non-authoritative")" -gt 0 ]]; then # this is a Non-authoritative server, need to check for an authoritative one. @@ -826,9 +826,9 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n fi if [[ -z "$gad_s" ]]; then - res=$(nslookup -debug=1 -type=soa -type=ns "$gad_d") + res=$(nslookup -debug -type=soa -type=ns "$gad_d") else - res=$(nslookup -debug=1 -type=soa -type=ns "$gad_d" "${gad_s}") + res=$(nslookup -debug -type=soa -type=ns "$gad_d" "${gad_s}") fi if [[ "$(echo "$res" | grep -c "canonical name")" -gt 0 ]]; then From 86e27920189e42ee41dcba1038541b4cb23e0c70 Mon Sep 17 00:00:00 2001 From: Robert de Bath Date: Thu, 6 Feb 2020 14:13:10 +0000 Subject: [PATCH 4/5] Fix regex for non-gnu versions of awk. Recent versions of gawk have upgraded the regex processing with l10n based character classes. Replace use of these so other versions of awk can be used. --- getssl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/getssl b/getssl index 2f1a26b..b7b9094 100755 --- a/getssl +++ b/getssl @@ -1027,7 +1027,7 @@ info() { # write out info as long as the quiet flag has not been set. json_awk() { # AWK json converter used for API2 - needs tidying up ;) # shellcheck disable=SC2086 -echo $1 | awk ' +echo "$1" | tr -d '\n' | awk ' { tokenize($0) # while(get_token()) {print TOKEN} if (0 == parse()) { @@ -1173,8 +1173,8 @@ function scream(msg) { } function tokenize(a1,pq,pb,ESCAPE,CHAR,STRING,NUMBER,KEYWORD,SPACE) { - SPACE="[[:space:]]+" - gsub(/"[^[:cntrl:]"\\]*((\\[^u[:cntrl:]]|\\u[0-9a-fA-F]{4})[^[:cntrl:]"\\]*)*"|-?(0|[1-9][0-9]*)([.][0-9]*)?([eE][+-]?[0-9]*)?|null|false|true|[[:space:]]+|./, "\n&", a1) + SPACE="[ \t\n]+" + gsub(/"[^\001-\037"\\]*((\\[^u\001-\037]|\\u[0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F])[^\001-\037"\\]*)*"|-?(0|[1-9][0-9]*)([.][0-9]*)?([eE][+-]?[0-9]*)?|null|false|true|[ \t\n]+|./, "\n&", a1) gsub("\n" SPACE, "\n", a1) sub(/^\n/, "", a1) ITOKENS=0 # get_token() helper From 6b17701cdce2de30b8408b08d7d121271904943f Mon Sep 17 00:00:00 2001 From: Tim Kimber Date: Thu, 6 Feb 2020 17:25:30 +0000 Subject: [PATCH 5/5] Use default awk on most images, add debian:latest and ubuntu:latest --- docker-compose.yml | 135 +++++++++++------- test/5-old-awk-error.bats | 24 ---- test/Dockerfile-alpine | 10 +- test/Dockerfile-centos6 | 2 + ...ile-ubuntu18-no-gawk => Dockerfile-debian} | 10 +- test/Dockerfile-ubuntu | 23 +++ test/Dockerfile-ubuntu18 | 9 +- test/run-all-tests.sh | 4 +- test/test_helper.bash | 2 +- 9 files changed, 134 insertions(+), 85 deletions(-) delete mode 100644 test/5-old-awk-error.bats rename test/{Dockerfile-ubuntu18-no-gawk => Dockerfile-debian} (71%) create mode 100644 test/Dockerfile-ubuntu diff --git a/docker-compose.yml b/docker-compose.yml index ebd5369..09a4264 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -21,33 +21,33 @@ services: networks: acmenet: ipv4_address: 10.30.50.3 - getssl-ubuntu18: + getssl-alpine: build: context: . - dockerfile: test/Dockerfile-ubuntu18 - container_name: getssl-ubuntu18 + dockerfile: test/Dockerfile-alpine + container_name: getssl-alpine volumes: - .:/getssl environment: - GETSSL_HOST: ubuntu18.getssl.test - GETSSL_IP: 10.30.50.4 - NGINX_CONFIG: /etc/nginx/sites-enabled/default + GETSSL_HOST: alpine.getssl.test + GETSSL_IP: 10.30.50.10 + NGINX_CONFIG: /etc/nginx/conf.d/default.conf networks: acmenet: - ipv4_address: 10.30.50.4 + ipv4_address: 10.30.50.10 aliases: - - ubuntu18.getssl.test - - a.ubuntu18.getssl.test - - b.ubuntu18.getssl.test - - c.ubuntu18.getssl.test - - d.ubuntu18.getssl.test - - e.ubuntu18.getssl.test - - f.ubuntu18.getssl.test - - g.ubuntu18.getssl.test - - h.ubuntu18.getssl.test - - i.ubuntu18.getssl.test - - j.ubuntu18.getssl.test - - k.ubuntu18.getssl.test + - alpine.getssl.test + - a.alpine.getssl.test + - b.alpine.getssl.test + - c.alpine.getssl.test + - d.alpine.getssl.test + - e.alpine.getssl.test + - f.alpine.getssl.test + - g.alpine.getssl.test + - h.alpine.getssl.test + - i.alpine.getssl.test + - j.alpine.getssl.test + - k.alpine.getssl.test getssl-centos6: build: context: . @@ -57,11 +57,11 @@ services: - .:/getssl environment: GETSSL_HOST: centos6.getssl.test - GETSSL_IP: 10.30.50.5 + GETSSL_IP: 10.30.50.11 NGINX_CONFIG: /etc/nginx/conf.d/default.conf networks: acmenet: - ipv4_address: 10.30.50.5 + ipv4_address: 10.30.50.11 aliases: - centos6.getssl.test - a.centos6.getssl.test @@ -75,50 +75,89 @@ services: - i.centos6.getssl.test - j.centos6.getssl.test - k.centos6.getssl.test - getssl-alpine: + getssl-debian: build: context: . - dockerfile: test/Dockerfile-alpine - container_name: getssl-alpine + dockerfile: test/Dockerfile-debian + container_name: getssl-debian volumes: - .:/getssl environment: - GETSSL_HOST: alpine.getssl.test - GETSSL_IP: 10.30.50.6 - NGINX_CONFIG: /etc/nginx/conf.d/default.conf + GETSSL_HOST: debian.getssl.test + GETSSL_IP: 10.30.50.12 + NGINX_CONFIG: /etc/nginx/sites-enabled/default networks: acmenet: - ipv4_address: 10.30.50.6 + ipv4_address: 10.30.50.12 aliases: - - alpine.getssl.test - - a.alpine.getssl.test - - b.alpine.getssl.test - - c.alpine.getssl.test - - d.alpine.getssl.test - - e.alpine.getssl.test - - f.alpine.getssl.test - - g.alpine.getssl.test - - h.alpine.getssl.test - - i.alpine.getssl.test - - j.alpine.getssl.test - - k.alpine.getssl.test - getssl-ubuntu18-no-gawk: + - debian.getssl.test + - a.debian.getssl.test + - b.debian.getssl.test + - c.debian.getssl.test + - d.debian.getssl.test + - e.debian.getssl.test + - f.debian.getssl.test + - g.debian.getssl.test + - h.debian.getssl.test + - i.debian.getssl.test + - j.debian.getssl.test + - k.debian.getssl.test + getssl-ubuntu: build: context: . - dockerfile: test/Dockerfile-ubuntu18-no-gawk - container_name: getssl-ubuntu18-no-gawk + dockerfile: test/Dockerfile-ubuntu + container_name: getssl-ubuntu volumes: - .:/getssl environment: - GETSSL_HOST: ubuntu18-no-gawk.getssl.test - GETSSL_IP: 10.30.50.7 + GETSSL_HOST: ubuntu.getssl.test + GETSSL_IP: 10.30.50.13 NGINX_CONFIG: /etc/nginx/sites-enabled/default - TEST_AWK: "yes" networks: acmenet: - ipv4_address: 10.30.50.7 + ipv4_address: 10.30.50.13 aliases: - - ubuntu18-no-gawk.getssl.test + - ubuntu.getssl.test + - a.ubuntu.getssl.test + - b.ubuntu.getssl.test + - c.ubuntu.getssl.test + - d.ubuntu.getssl.test + - e.ubuntu.getssl.test + - f.ubuntu.getssl.test + - g.ubuntu.getssl.test + - h.ubuntu.getssl.test + - i.ubuntu.getssl.test + - j.ubuntu.getssl.test + - k.ubuntu.getssl.test + getssl-ubuntu18: + build: + context: . + dockerfile: test/Dockerfile-ubuntu18 + container_name: getssl-ubuntu18 + volumes: + - .:/getssl + environment: + GETSSL_HOST: ubuntu18.getssl.test + GETSSL_IP: 10.30.50.14 + NGINX_CONFIG: /etc/nginx/sites-enabled/default + networks: + acmenet: + ipv4_address: 10.30.50.14 + aliases: + - ubuntu18.getssl.test + - a.ubuntu18.getssl.test + - b.ubuntu18.getssl.test + - c.ubuntu18.getssl.test + - d.ubuntu18.getssl.test + - e.ubuntu18.getssl.test + - f.ubuntu18.getssl.test + - g.ubuntu18.getssl.test + - h.ubuntu18.getssl.test + - i.ubuntu18.getssl.test + - j.ubuntu18.getssl.test + - k.ubuntu18.getssl.test + + networks: acmenet: diff --git a/test/5-old-awk-error.bats b/test/5-old-awk-error.bats deleted file mode 100644 index 0f234a2..0000000 --- a/test/5-old-awk-error.bats +++ /dev/null @@ -1,24 +0,0 @@ -#! /usr/bin/env bats - -load '/bats-support/load.bash' -load '/bats-assert/load.bash' -load '/getssl/test/test_helper.bash' - - -# This is run for every test -setup() { - export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt -} - - -@test "Check getssl fails if an old version of awk is installed" { - CONFIG_FILE="getssl-http01.cfg" - # Make sure this test only runs on an image running an old version of awk - if [[ "$TEST_AWK" != "" ]]; then - setup_environment - init_getssl - create_certificate - assert_failure - assert_output "getssl: Your version of awk does not work with json_awk (see http://github.com/step-/JSON.awk/issues/6), please install a newer version of mawk or gawk" - fi -} diff --git a/test/Dockerfile-alpine b/test/Dockerfile-alpine index e9ee6c3..ff69490 100644 --- a/test/Dockerfile-alpine +++ b/test/Dockerfile-alpine @@ -1,14 +1,15 @@ FROM alpine:latest -RUN apk --no-cache add supervisor openssl git curl bind-tools wget gawk nginx bash -# RUN apk --no-cache add vim dos2unix # for debugging +# Note this image uses busybox awk instead of gawk + +RUN apk --no-cache add supervisor openssl git curl bind-tools wget nginx bash WORKDIR /root + +# Create nginx directories in standard places RUN mkdir /run/nginx RUN mkdir /etc/nginx/pki RUN mkdir /etc/nginx/pki/private -COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default -COPY ./test/alpine-supervisord.conf /etc/supervisord.conf # BATS (Bash Automated Testings) RUN git clone https://github.com/bats-core/bats-core.git /bats-core @@ -17,4 +18,5 @@ RUN git clone https://github.com/jasonkarns/bats-assert-1 /bats-assert RUN /bats-core/install.sh /usr/local # Use supervisord to run nginx in the background +COPY ./test/alpine-supervisord.conf /etc/supervisord.conf ENTRYPOINT /usr/bin/supervisord -c /etc/supervisord.conf diff --git a/test/Dockerfile-centos6 b/test/Dockerfile-centos6 index a82bf1f..9149dad 100644 --- a/test/Dockerfile-centos6 +++ b/test/Dockerfile-centos6 @@ -1,5 +1,7 @@ FROM centos:centos6 +# Note this image uses gawk + # Update and install required software RUN yum -y update RUN yum -y install epel-release diff --git a/test/Dockerfile-ubuntu18-no-gawk b/test/Dockerfile-debian similarity index 71% rename from test/Dockerfile-ubuntu18-no-gawk rename to test/Dockerfile-debian index 3eb9732..c4c88a1 100644 --- a/test/Dockerfile-ubuntu18-no-gawk +++ b/test/Dockerfile-debian @@ -1,11 +1,17 @@ -FROM ubuntu:bionic -# bionic = latest 18 version +FROM debian:latest + +# Note this image uses mawk 1.3 # Update and install required software RUN apt-get update --fix-missing RUN apt-get install -y git curl dnsutils wget nginx-light WORKDIR /root +RUN mkdir /etc/nginx/pki +RUN mkdir /etc/nginx/pki/private + +# Prevent "Can't load /root/.rnd into RNG" error from openssl +# RUN touch /root/.rnd # BATS (Bash Automated Testings) RUN git clone https://github.com/bats-core/bats-core.git /bats-core diff --git a/test/Dockerfile-ubuntu b/test/Dockerfile-ubuntu new file mode 100644 index 0000000..290100d --- /dev/null +++ b/test/Dockerfile-ubuntu @@ -0,0 +1,23 @@ +FROM ubuntu:latest + +# Note this image uses mawk1.3 + +# Update and install required software +RUN apt-get update --fix-missing +RUN apt-get install -y git curl dnsutils wget nginx-light +RUN apt-get install -y vim dos2unix # for debugging +# TODO test with drill, dig, host + +WORKDIR /root + +# Prevent "Can't load /root/.rnd into RNG" error from openssl +RUN touch /root/.rnd + +# BATS (Bash Automated Testings) +RUN git clone https://github.com/bats-core/bats-core.git /bats-core +RUN git clone https://github.com/jasonkarns/bats-support /bats-support +RUN git clone https://github.com/jasonkarns/bats-assert-1 /bats-assert +RUN /bats-core/install.sh /usr/local + +# Run eternal loop - for testing +CMD tail -f /dev/null diff --git a/test/Dockerfile-ubuntu18 b/test/Dockerfile-ubuntu18 index 31554cd..ebe7607 100644 --- a/test/Dockerfile-ubuntu18 +++ b/test/Dockerfile-ubuntu18 @@ -1,12 +1,11 @@ FROM ubuntu:bionic -# bionic = latest 18 version +# bionic = 18 LTS (long term support) + +# Note this image uses gawk # Update and install required software RUN apt-get update --fix-missing -# TODO work out why default version of awk fails -RUN apt-get install -y git curl dnsutils wget gawk nginx-light # linux-libc-dev make gcc binutils -RUN apt-get install -y vim dos2unix # for debugging -# TODO test with drill, dig, host +RUN apt-get install -y git curl dnsutils wget gawk nginx-light WORKDIR /root RUN mkdir /etc/nginx/pki diff --git a/test/run-all-tests.sh b/test/run-all-tests.sh index 7372e5b..b526c63 100644 --- a/test/run-all-tests.sh +++ b/test/run-all-tests.sh @@ -1,5 +1,7 @@ #!/usr/bin/env bash +docker exec -it getssl-alpine bats /getssl/test docker exec -it getssl-centos6 bats /getssl/test +docker exec -it getssl-debian bats /getssl/test +docker exec -it getssl-ubuntu bats /getssl/test docker exec -it getssl-ubuntu18 bats /getssl/test -docker exec -it getssl-ubuntu18-no-gawk bats /getssl/test/5-old-awk-error.bats diff --git a/test/test_helper.bash b/test/test_helper.bash index 0ac9a43..b33ee0b 100644 --- a/test/test_helper.bash +++ b/test/test_helper.bash @@ -18,7 +18,7 @@ setup_environment() { fi curl -X POST -d '{"host":"'"$GETSSL_HOST"'", "addresses":["'"$GETSSL_IP"'"]}' http://10.30.50.3:8055/add-a - cp ${CODE_DIR}/test/test-config/nginx-ubuntu-no-ssl ${NGINX_CONFIG} + cp ${CODE_DIR}/test/test-config/nginx-ubuntu-no-ssl "${NGINX_CONFIG}" /getssl/test/restart-nginx }