scottk/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-03-22 06:41:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
abfd378fe9500a97e5fdc28450735440a2ce46ff
firezone/scripts/tests/systemd/dns-systemd-resolved.sh
Reactor Scram 6862213cc2 fix(headless-client/linux): only notify systemd that we're up after Resources are available (#6026) 
Closes #5912

Before this, I had the `--exit` CLI flag and the `sd_notify` call
hanging off the wrong callback.
2024-07-26 18:53:08 +00:00

65 lines
2.0 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Test Linux DNS control using `systemd-resolved` directly inside the CI runner
# This needs Docker Compose so we can run httpbin.
source "./scripts/tests/lib.sh"
BINARY_NAME=firezone-headless-client
SERVICE_NAME=firezone-client-headless
debug_exit() {
echo "Bailing out. Waiting a couple seconds for things to settle..."
sleep 5
resolvectl dns tun-firezone || true
systemctl status "$SERVICE_NAME" || true
exit 1
}
# Copy the Linux Client out of its container
docker compose cp client:/bin/"$BINARY_NAME" "$BINARY_NAME"
chmod u+x "$BINARY_NAME"
sudo chown root:root "$BINARY_NAME"
sudo mv "$BINARY_NAME" "/usr/bin/$BINARY_NAME"
create_token_file
sudo cp "scripts/tests/systemd/$SERVICE_NAME.service" /usr/lib/systemd/system/
HTTPBIN=dns.httpbin
# I'm assuming the docker iface name is relatively constant
DOCKER_IFACE="docker0"
FZ_IFACE="tun-firezone"
echo "# Make sure gateway can reach httpbin by DNS"
gateway sh -c "curl --fail $HTTPBIN/get"
echo "# Accessing a resource should fail before the client is up"
# Force curl to try the Firezone interface. I can't block off the Docker interface yet
# because it may be needed for the client to reach the portal.
curl --interface "$FZ_IFACE" $HTTPBIN/get && exit 1
echo "# Start Firezone"
resolvectl dns tun-firezone && exit 1
stat "/usr/bin/$BINARY_NAME"
sudo systemctl start "$SERVICE_NAME" || debug_exit
# TODO: Remove after #6026 goes into the next release. Until then, the compat tests will need the `sleep 3` to keep passing
# This is needed for the compatibility tests to pass, but once #6026
# is in `main`, it should be redundant
sleep 3
resolvectl dns tun-firezone
resolvectl query "$HTTPBIN" || debug_exit
# Accessing a resource should succeed after the client is up
# Block off Docker's DNS.
sudo resolvectl dns "$DOCKER_IFACE" ""
curl -v $HTTPBIN/get
# Make sure it's going through the tunnel
nslookup "$HTTPBIN" | grep "100\\.96\\.0\\."
# Print some debug info
resolvectl status
Reference in New Issue View Git Blame Copy Permalink