Retry drill if the output contains SERVFAIL to fix test instability

1 year ago · ffdfb09577
--- a/+ 9
+++ b/+ 9
@ -1622,9 +1622,15 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n

    # Query for NS records
    if [[ -z "$res" ]]; then
      debug Using "$HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS ${gad_s} NS ${gad_d}" to find primary nameserver
      # shellcheck disable=SC2086
      res=$($HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS ${gad_s} NS "${gad_d}"| grep -E "IN\W(NS|SOA)\W")
      out="SERVFAIL"
      i=0
      while [[ "$out" == *"SERVFAIL"* ]] && [[ $i -lt 5 ]]; do
        debug Using "$HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS ${gad_s} NS ${gad_d}" to find primary nameserver
        # shellcheck disable=SC2086
        out=$($HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS ${gad_s} NS "${gad_d}")
        res=$(echo "$out"| grep -E "IN\W(NS|SOA)\W")
        ((i++))
      done
    fi

    if [[ -n "$res" ]]; then
--- a/test/24-wildcard-sans.bats
+++ b/test/24-wildcard-sans.bats
@ -50,7 +50,6 @@ teardown_file() {
    check_output_for_errors
    run openssl x509 -noout -text -in "${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.crt"
    # verify certificate is for wildcard domain with non-wildcard domain in the Subject Alternative Name list
    assert_output --regexp "Subject: CN[ ]?=[ ]?\*.wild-${GETSSL_HOST}"
    assert_output --partial "DNS:${GETSSL_HOST}"
 }

@ -69,6 +68,5 @@ teardown_file() {
    check_output_for_errors
    run openssl x509 -noout -text -in "${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.crt"
    # verify certificate is for non-wildcard domain with wildcard domain in the Subject Alternative Name list
    assert_output --regexp "Subject: CN[ ]?=[ ]?${GETSSL_HOST}"
    assert_output --partial "DNS:*.wild-${GETSSL_HOST}"
 }
--- a/test/README-Testing.md
+++ b/test/README-Testing.md
@ -15,34 +15,35 @@ Tests can also be triggered manually from the GitHub website.
 For dynamic DNS tests, you need accounts on duckdns.org and dynu.com, and need to create 4 domain names in each account.

 For duckdns.org:

 - Add DUCKDNS_TOKEN to your repository's environment secrets.  The value is your account's token
 - Add domains <reponame>-centos7-getssl.duckdns.org, wild-<reponame>-centos7.duckdns.org, <reponame>-ubuntu-getssl.duckdns.org, and wild-<reponame>-ubuntu-getssl.duckdns.org
 - Add domains \<reponame>-centos7-getssl.duckdns.org, wild-\<reponame>-centos7.duckdns.org, \<reponame>-ubuntu-getssl.duckdns.org, and wild-\<reponame>-ubuntu-getssl.duckdns.org

 For dynu.com:
 - Add DYNU_API_KEY to your repository's environment secrets.  The value is your account's API Key.
 - Add domains <reponame>-centos7-getssl.freedns.org, wild-<reponame>-centos7.freedns.org, <reponame>-ubuntu-getssl.freedns.org, and wild-<reponame>-ubuntu-getssl.freedns.org

 To run dynamic DNS tests outside the CI environment, you need accounts without <reponame> in the domain names.  Export the environment variable corresponding to the secrets (with the same values).
 - Add DYNU_API_KEY to your repository's environment secrets.  The value is your account's API Key.
 - Add domains \<reponame>-centos7-getssl.freedns.org, wild-\<reponame>-centos7.freedns.org, \<reponame>-ubuntu-getssl.freedns.org, and wild-\<reponame>-ubuntu-getssl.freedns.org

 For individual accounts, <reponame> is your github account name.
 To run dynamic DNS tests outside the CI environment, you need accounts without \<reponame> in the domain names.  Export the environment variable corresponding to the secrets (with the same values).

 For individual accounts, \<reponame> is your github account name.

 ## To run all the tests on a single OS

 1. Start `pebble` and `challtestsrv` using ```docker-compose up -d --build```
 2. Run the test suite ```test/run-test.sh [<os>]```
 2. Run the test suite ```test/run-test.sh [\<os>]```
 3. eg. `test/run-test.sh ubuntu16`

 ## To run a single bats test on a single OS

 1. Start `pebble` and `challtestsrv` using ```docker-compose up -d --build```
 2. ```test/run-test.sh <os> bats <bats test script>```
 2. ```test/run-test.sh \<os> bats \<bats test script>```
 3. e.g. `test/run-test.sh ubuntu bats /getssl/test/1-simple-http01.bats`

 ## To debug a test

 1. Start `pebble` and `challtestsrv` using ```docker-compose up -d --build```
 2. ```run-test.sh <os> /getssl/test/debug-test.sh <getssl config file>```
 2. ```run-test.sh \<os> /getssl/test/debug-test.sh \<getssl config file>```
 3. e.g. `test/run-test.sh ubuntu /getssl/test/debug-test.sh -d /getssl/test/test-config/getssl-http01-cfg`

 ## TODO
--- a/test/run-test.sh
+++ b/test/run-test.sh
@ -10,6 +10,20 @@ OS=$1
 if [ $# -gt 1 ]; then
  shift
  COMMAND=$*
  if [[ $COMMAND != bash ]]; then
    if [[ $COMMAND != "bats /getssl/test"* ]]; then
      if [[ $COMMAND == /getssl/test* ]]; then
        COMMAND="bats $COMMAND"
      elif [[ $COMMAND == test/* ]]; then
        COMMAND="bats /getssl/$COMMAND"
      else
        COMMAND="bats /getssl/test/$COMMAND"
      fi
    fi
    if [[ $COMMAND != *.bats ]]; then
      COMMAND="${COMMAND}.bats"
    fi
  fi
 else
  COMMAND="bats /getssl/test --timing"
 fi
--- a/test/u2-test-get_auth_dns-drill.bats
+++ b/test/u2-test-get_auth_dns-drill.bats
@ -66,14 +66,14 @@ teardown() {
    run get_auth_dns ubuntu-getssl.ignorelist.com

    # Assert that we've found the primary_ns server
    assert_output --regexp 'set primary_ns = ns[1-3]+\.afraid\.org'
    assert_output --regexp 'set primary_ns = ns[1-4]+\.afraid\.org'
    # Assert that we had to use drill NS
    assert_line --regexp 'Using drill.* NS'

    # Check all Authoritive DNS servers are returned if requested
    CHECK_ALL_AUTH_DNS=true
    run get_auth_dns ubuntu-getssl.ignorelist.com
    assert_output --regexp 'set primary_ns = (ns[1-3]+\.afraid\.org ?)+'
    assert_output --regexp 'set primary_ns = (ns[1-4]+\.afraid\.org ?)+'
 }