diff --git a/.github/workflows/smoke.yml b/.github/workflows/smoke.yml index 0b2a2f8..bcc7501 100644 --- a/.github/workflows/smoke.yml +++ b/.github/workflows/smoke.yml @@ -35,7 +35,7 @@ jobs: ${{ runner.os }}-go1.16- - name: build - run: make + run: make bin-docker - name: setup docker image working-directory: ./.github/workflows/smoke diff --git a/.github/workflows/smoke/Dockerfile b/.github/workflows/smoke/Dockerfile index db9b34f..18460b3 100644 --- a/.github/workflows/smoke/Dockerfile +++ b/.github/workflows/smoke/Dockerfile @@ -1,5 +1,7 @@ FROM debian:buster -ADD ./build / +ADD ./build /nebula -ENTRYPOINT ["/nebula"] +WORKDIR /nebula + +ENTRYPOINT ["/nebula/nebula"] diff --git a/.github/workflows/smoke/build.sh b/.github/workflows/smoke/build.sh index 6d66d67..0c20b3f 100755 --- a/.github/workflows/smoke/build.sh +++ b/.github/workflows/smoke/build.sh @@ -8,8 +8,8 @@ mkdir ./build ( cd build - cp ../../../../nebula . - cp ../../../../nebula-cert . + cp ../../../../build/linux-amd64/nebula . + cp ../../../../build/linux-amd64/nebula-cert . HOST="lighthouse1" \ AM_LIGHTHOUSE=true \ @@ -29,11 +29,11 @@ mkdir ./build OUTBOUND='[{"port": "any", "proto": "icmp", "group": "lighthouse"}]' \ ../genconfig.sh >host4.yml - ./nebula-cert ca -name "Smoke Test" - ./nebula-cert sign -name "lighthouse1" -groups "lighthouse,lighthouse1" -ip "192.168.100.1/24" - ./nebula-cert sign -name "host2" -groups "host,host2" -ip "192.168.100.2/24" - ./nebula-cert sign -name "host3" -groups "host,host3" -ip "192.168.100.3/24" - ./nebula-cert sign -name "host4" -groups "host,host4" -ip "192.168.100.4/24" + ../../../../nebula-cert ca -name "Smoke Test" + ../../../../nebula-cert sign -name "lighthouse1" -groups "lighthouse,lighthouse1" -ip "192.168.100.1/24" + ../../../../nebula-cert sign -name "host2" -groups "host,host2" -ip "192.168.100.2/24" + ../../../../nebula-cert sign -name "host3" -groups "host,host3" -ip "192.168.100.3/24" + ../../../../nebula-cert sign -name "host4" -groups "host,host4" -ip "192.168.100.4/24" ) -docker build -t nebula:smoke . +sudo docker build -t nebula:smoke . diff --git a/.github/workflows/smoke/genconfig.sh b/.github/workflows/smoke/genconfig.sh index 81ace79..700018c 100755 --- a/.github/workflows/smoke/genconfig.sh +++ b/.github/workflows/smoke/genconfig.sh @@ -33,9 +33,9 @@ lighthouse_hosts() { cat <&1 | tee logs/lighthouse1 & sleep 1 -docker run --name host2 --device /dev/net/tun:/dev/net/tun --cap-add NET_ADMIN --rm nebula:smoke -config host2.yml & +sudo docker run --name host2 --device /dev/net/tun:/dev/net/tun --cap-add NET_ADMIN --rm nebula:smoke -config host2.yml 2>&1 | tee logs/host2 & sleep 1 -docker run --name host3 --device /dev/net/tun:/dev/net/tun --cap-add NET_ADMIN --rm nebula:smoke -config host3.yml & +sudo docker run --name host3 --device /dev/net/tun:/dev/net/tun --cap-add NET_ADMIN --rm nebula:smoke -config host3.yml 2>&1 | tee logs/host3 & sleep 1 -docker run --name host4 --device /dev/net/tun:/dev/net/tun --cap-add NET_ADMIN --rm nebula:smoke -config host4.yml & +sudo docker run --name host4 --device /dev/net/tun:/dev/net/tun --cap-add NET_ADMIN --rm nebula:smoke -config host4.yml 2>&1 | tee logs/host4 & sleep 1 set +x @@ -21,35 +35,35 @@ echo echo " *** Testing ping from lighthouse1" echo set -x -docker exec lighthouse1 ping -c1 192.168.100.2 -docker exec lighthouse1 ping -c1 192.168.100.3 +sudo docker exec lighthouse1 ping -c1 192.168.100.2 +sudo docker exec lighthouse1 ping -c1 192.168.100.3 set +x echo echo " *** Testing ping from host2" echo set -x -docker exec host2 ping -c1 192.168.100.1 +sudo docker exec host2 ping -c1 192.168.100.1 # Should fail because not allowed by host3 inbound firewall -! docker exec host2 ping -c1 192.168.100.3 -w5 || exit 1 +! sudo docker exec host2 ping -c1 192.168.100.3 -w5 || exit 1 set +x echo echo " *** Testing ping from host3" echo set -x -docker exec host3 ping -c1 192.168.100.1 -docker exec host3 ping -c1 192.168.100.2 +sudo docker exec host3 ping -c1 192.168.100.1 +sudo docker exec host3 ping -c1 192.168.100.2 set +x echo echo " *** Testing ping from host4" echo set -x -docker exec host4 ping -c1 192.168.100.1 +sudo docker exec host4 ping -c1 192.168.100.1 # Should fail because not allowed by host4 outbound firewall -! docker exec host4 ping -c1 192.168.100.2 -w5 || exit 1 -! docker exec host4 ping -c1 192.168.100.3 -w5 || exit 1 +! sudo docker exec host4 ping -c1 192.168.100.2 -w5 || exit 1 +! sudo docker exec host4 ping -c1 192.168.100.3 -w5 || exit 1 set +x echo @@ -57,7 +71,13 @@ echo " *** Testing conntrack" echo set -x # host2 can ping host3 now that host3 pinged it first -docker exec host2 ping -c1 192.168.100.3 +sudo docker exec host2 ping -c1 192.168.100.3 # host4 can ping host2 once conntrack established -docker exec host2 ping -c1 192.168.100.4 -docker exec host4 ping -c1 192.168.100.2 +sudo docker exec host2 ping -c1 192.168.100.4 +sudo docker exec host4 ping -c1 192.168.100.2 + +sudo docker exec host4 sh -c 'kill 1' +sudo docker exec host3 sh -c 'kill 1' +sudo docker exec host2 sh -c 'kill 1' +sudo docker exec lighthouse1 sh -c 'kill 1' +sleep 1 diff --git a/Makefile b/Makefile index df3de7b..5159ebc 100644 --- a/Makefile +++ b/Makefile @@ -32,6 +32,8 @@ release-linux: $(ALL_LINUX:%=build/nebula-%.tar.gz) release-freebsd: build/nebula-freebsd-amd64.tar.gz +BUILD_ARGS = -trimpath + bin-windows: build/windows-amd64/nebula.exe build/windows-amd64/nebula-cert.exe mv $? . @@ -42,12 +44,12 @@ bin-freebsd: build/freebsd-amd64/nebula build/freebsd-amd64/nebula-cert mv $? . bin: - go build -trimpath -ldflags "$(LDFLAGS)" -o ./nebula ${NEBULA_CMD_PATH} - go build -trimpath -ldflags "$(LDFLAGS)" -o ./nebula-cert ./cmd/nebula-cert + go build $(BUILD_ARGS) -ldflags "$(LDFLAGS)" -o ./nebula ${NEBULA_CMD_PATH} + go build $(BUILD_ARGS) -ldflags "$(LDFLAGS)" -o ./nebula-cert ./cmd/nebula-cert install: - go install -trimpath -ldflags "$(LDFLAGS)" ${NEBULA_CMD_PATH} - go install -trimpath -ldflags "$(LDFLAGS)" ./cmd/nebula-cert + go install $(BUILD_ARGS) -ldflags "$(LDFLAGS)" ${NEBULA_CMD_PATH} + go install $(BUILD_ARGS) -ldflags "$(LDFLAGS)" ./cmd/nebula-cert build/linux-arm-%: GOENV += GOARM=$(word 3, $(subst -, ,$*)) build/linux-mips-%: GOENV += GOMIPS=$(word 3, $(subst -, ,$*)) @@ -58,12 +60,12 @@ build/linux-mips-softfloat/%: LDFLAGS += -s -w build/%/nebula: .FORCE GOOS=$(firstword $(subst -, , $*)) \ GOARCH=$(word 2, $(subst -, ,$*)) $(GOENV) \ - go build -trimpath -o $@ -ldflags "$(LDFLAGS)" ${NEBULA_CMD_PATH} + go build $(BUILD_ARGS) -o $@ -ldflags "$(LDFLAGS)" ${NEBULA_CMD_PATH} build/%/nebula-cert: .FORCE GOOS=$(firstword $(subst -, , $*)) \ GOARCH=$(word 2, $(subst -, ,$*)) $(GOENV) \ - go build -trimpath -o $@ -ldflags "$(LDFLAGS)" ./cmd/nebula-cert + go build $(BUILD_ARGS) -o $@ -ldflags "$(LDFLAGS)" ./cmd/nebula-cert build/%/nebula.exe: build/%/nebula mv $< $@ @@ -115,6 +117,15 @@ ifeq ($(words $(MAKECMDGOALS)),1) $(MAKE) service ${.DEFAULT_GOAL} --no-print-directory endif +bin-docker: bin build/linux-amd64/nebula build/linux-amd64/nebula-cert + +smoke-docker: bin-docker + cd .github/workflows/smoke/ && ./build.sh + cd .github/workflows/smoke/ && ./smoke.sh + +smoke-docker-race: BUILD_ARGS = -race +smoke-docker-race: smoke-docker + .FORCE: -.PHONY: test test-cov-html bench bench-cpu bench-cpu-long bin proto release service +.PHONY: test test-cov-html bench bench-cpu bench-cpu-long bin proto release service smoke-docker smoke-docker-race .DEFAULT_GOAL := bin