github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
0fbd40fcb21747d49bdc33c1848bca54f45aa4e9
firezone/scripts/tests/systemd/dns-systemd-resolved.sh
Reactor Scram 0fbd40fcb2 feat(linux): Notify systemd when we've started (#3628) 
Regardless of `FIREZONE_DNS_CONTROL`, always try to notify systemd that
we've started.

I had accidentally conflated the idea of running as a systemd service
with the idea of using systemd to control DNS. They're separate, but
I'll keep the service unit in here and always use `sd-notify` since it
should be harmless to use even in Alpine.

~~If `FIREZONE_DNS_CONTROL` is `systemd-resolved`, try to notify systemd
that we've finished startup and the tunnel is ready.~~

Also adds a CI test, including a systemd service file that is **not**
ready for general use.
Ready for review once it's green.

---------

Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
2024-02-15 20:12:37 +00:00

40 lines
1.2 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Test Linux DNS control using `systemd-resolved` directly inside the CI runner
set -euo pipefail
BINARY_NAME=firezone-linux-client
docker compose exec client cat firezone-linux-client > "$BINARY_NAME"
chmod u+x "$BINARY_NAME"
sudo mv "$BINARY_NAME" "/usr/bin/$BINARY_NAME"
# TODO: Check whether this is redundant with the systemd service file
sudo setcap cap_net_admin+eip "/usr/bin/$BINARY_NAME"
sudo cp scripts/tests/systemd/firezone-client.service /etc/systemd/system/
systemd-analyze security firezone-client
# TODO: Use DNS and not IP
# HTTPBIN_DNS=172.21.0.100
HTTPBIN_IP=172.20.0.100
IFACE_NAME="tun-firezone"
echo "# Accessing a resource should fail before the client is up"
# TODO: For now I'm cheating and forcing curl to try the tunnel iface.
# This doesn't test that Firezone is adding the routes.
# If I don't do this, curl just connects through the Docker bridge.
curl --interface "$IFACE_NAME" $HTTPBIN_IP/get && exit 1
echo "# Start Firezone"
resolvectl dns tun-firezone && exit 1
if ! sudo systemctl start firezone-client
then
sudo systemctl status firezone-client
exit 1
fi
resolvectl dns tun-firezone
echo "# Accessing a resource should succeed after the client is up"
curl --interface "$IFACE_NAME" $HTTPBIN_IP/get
Reference in New Issue View Git Blame Copy Permalink