Test DNS

Closes: #443

Test DNS
b9440e19 · Varac · ce8f6997 · b9440e19 · b9440e19 · b9440e19
Unverified Commit b9440e19 authored 4 years ago by Varac
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -49,6 +49,7 @@ include:
 stages:
  - build
  - create-vps
+  - test-dns
  - setup-cluster
  - helm-release
  - apps-ready
@@ -142,6 +143,13 @@ create-vps:
    on_stop: terminate-droplet
    auto_stop_in: 1 week

+# Stage: test-dns
+test-dns:
+  stage: test-dns
+  script:
+    - *debug_information
+    - cd ansible/
+    - pytest -v -s -m 'dns' --connection=ansible --ansible-inventory=${CLUSTER_DIR}/inventory.yml --hosts='ansible://*'

 # Stage: setup-cluster
 # ====================

--- a/requirements.in
+++ b/requirements.in
@@ -7,6 +7,8 @@
 #
 # ansible>=2.9.10 is needed for using the `k8s` resource
 ansible>=2.9.10,<2.10
+# needed for test_dns.py
+dnspython>=2.1.0
 # Needed for ansible k8s resource
 openshift>=0.12.0
 # Needed for testinfra using the ansible module
@@ -15,6 +17,8 @@ psutil>=5.5.0
 pyopenssl>=19.0.0
 pytest-rerunfailures>=8.0
 testinfra>=3.0.0
+# needed for test_dns.py
+tld>=0.12.5
 setuptools>=40.6.2
 wheel>=0.33.1
 -e git+https://open.greenhost.net/greenhost/cloud-api#egg=greenhost_cloud

--- a/requirements.txt
+++ b/requirements.txt
@@ -36,14 +36,12 @@ cryptography==3.4.6
    #   ansible
    #   paramiko
    #   pyopenssl
+dnspython==2.1.0
+    # via -r requirements.in
 google-auth==1.27.1
    # via kubernetes
 idna==2.10
    # via requests
-importlib-metadata==3.7.3
-    # via
-    #   pluggy
-    #   pytest
 iniconfig==1.1.1
    # via pytest
 jinja2==2.11.3
@@ -139,10 +137,10 @@ tabulate==0.8.9
    # via greenhost-cloud
 testinfra==6.0.0
    # via -r requirements.in
+tld==0.12.5
+    # via -r requirements.in
 toml==0.10.2
    # via pytest
-typing-extensions==3.7.4.3
-    # via importlib-metadata
 urllib3==1.26.4
    # via
    #   kubernetes
@@ -152,8 +150,6 @@ websocket-client==0.58.0
    # via kubernetes
 wheel==0.36.2
    # via -r requirements.in
-zipp==3.4.1
-    # via importlib-metadata

 # The following packages are considered to be unsafe in a requirements file:
 # setuptools
--- a/test/pytest.ini
+++ b/test/pytest.ini
@@ -6,6 +6,7 @@ markers =
    prometheus: Test prometheus
    helmreleases: Test deployed helmreleases installed by flux
    apps_running: Test if all the pods for the helmreleases are running
+    dns: Check if cluster domain resolves at all nameservers

 # https://docs.pytest.org/en/latest/warnings.html
 filterwarnings =

--- a/test/pytest/test_dns.py
+++ b/test/pytest/test_dns.py
+"""
+Test if main domain of cluster is resolvable at all authorative nameservers,
+and also external ones, and check if all nameservers return the same result.
+"""
+
+import os
+import dns.resolver
+import pytest
+import tld
+
+@pytest.mark.testinfra
+@pytest.mark.dns
+def test_dns(host):
+    """Get domain from ansible vars, resolve it against all nameservers and
+    check if all results are the same.
+    """
+
+    def test_nameserver(nameserver: str, domain: str):
+        """Resolve domain at given nameserver."""
+        my_resolver = dns.resolver.Resolver()
+        my_resolver.nameservers = [nameserver]
+        answer = my_resolver.resolve(domain)
+        addr = answer[0].address
+        print(f"{domain} @{nameserver}: {addr}")
+        return addr
+
+    # Get ansible domain
+    ansible_vars = host.ansible.get_variables()
+    assert 'domain' in ansible_vars
+    domain = ansible_vars['domain']
+
+    # Get FLD and authorative nameservers for domain
+    fld = tld.get_fld(domain, fix_protocol=True)
+    authorative_nameservers_raw = dns.resolver.resolve(fld, 'NS')
+    authorative_nameservers = []
+    for nameserver in authorative_nameservers_raw:
+        ips = dns.resolver.resolve(nameserver.to_text())
+        authorative_nameservers.append(ips[0].address)
+
+    system_nameservers = dns.resolver.get_default_resolver()
+    external_nameservers = ['1.1.1.1', '8.8.8.8']
+
+    results = []
+    print('\nTesting authorative nameservers:')
+    print(authorative_nameservers)
+    for i in authorative_nameservers:
+        print(i)
+        results.append(test_nameserver(i, domain))
+        results.append(test_nameserver(i, "*." + domain))
+
+    print('\nTesting system nameservers:')
+    for i in system_nameservers.nameservers:
+        results.append(test_nameserver(i, domain))
+        results.append(test_nameserver(i, "*." + domain))
+
+    print('\nTesting external nameservers')
+    for i in external_nameservers:
+        results.append(test_nameserver(i, domain))
+        results.append(test_nameserver(i, "*." + domain))
+
+    unique = set(results)
+    print(f'\nResults: {unique}')
+    assert len(unique) == 1
+
+
+if __name__ == "__main__":
+    test_dns('localhost')