Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / autotest / 34217022229b755bc1ee52f83665acba76bd5044 / . / server / site_linux_server.py
blob: 8f57ed18fdecd4e19ccc60a47550a7c89cc7a8c0 [file] [log] [blame]
Taylor Hutt9963dc12011-03-08 09:52:23 -0800[diff] [blame]1# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5import logging, re, time
6from autotest_lib.client.common_lib import error
Paul Stewart2ee7fdf2011-05-19 16:29:23 -0700[diff] [blame]7from autotest_lib.server import site_linux_system
Taylor Hutt9963dc12011-03-08 09:52:23 -0800[diff] [blame]8
Paul Stewart2ee7fdf2011-05-19 16:29:23 -0700[diff] [blame]9class LinuxServer(site_linux_system.LinuxSystem):
Taylor Hutt9963dc12011-03-08 09:52:23 -0800[diff] [blame]10 """
11 Linux Server: A machine which hosts network services.
12
13 """
14
Paul Stewartfad31b12011-10-04 18:11:56 -0700[diff] [blame]15 def __init__(self, server, config):
Paul Stewart2ee7fdf2011-05-19 16:29:23 -0700[diff] [blame]16 site_linux_system.LinuxSystem.__init__(self, server, {}, "server")
17
Taylor Hutt0084cba2011-04-08 06:45:57 -0700[diff] [blame]18 self.server = server # Server host.
19 self.vpn_kind = None
Paul Stewartfad31b12011-10-04 18:11:56 -0700[diff] [blame]20 self.config = config
Taylor Hutt0084cba2011-04-08 06:45:57 -0700[diff] [blame]21 self.openvpn_config = {}
Paul Stewartfad31b12011-10-04 18:11:56 -0700[diff] [blame]22 self.radvd_config = {'file':'/tmp/radvd-test.conf',
23 'server':'/usr/sbin/radvd'}
Taylor Hutt9963dc12011-03-08 09:52:23 -0800[diff] [blame]24
25 def vpn_server_config(self, params):
26 """ Configure & launch the server side of the VPN.
27
28 Parameters, in 'params':
29
30 kind : required
31
32 The kind of VPN which should be configured and
33 launched.
34
35 Valid values:
36
37 openvpn
Taylor Hutt0084cba2011-04-08 06:45:57 -0700[diff] [blame]38 l2tpipsec (StrongSwan PSK or certificates)
Taylor Hutt9963dc12011-03-08 09:52:23 -0800[diff] [blame]39
40 config: required
41
42 The configuration information associated with
43 the VPN server.
44
45 This is a dict which contains key/value pairs
46 representing the VPN's configuration.
47
48 The values stored in the 'config' param must all be
49 supported by the specified VPN kind.
50 """
51 self.vpn_server_kill({}) # Must be first. Relies on self.vpn_kind.
Taylor Hutt9963dc12011-03-08 09:52:23 -0800[diff] [blame]52 self.vpn_kind = params.get('kind', None)
53
Taylor Hutt9963dc12011-03-08 09:52:23 -0800[diff] [blame]54 # Launch specified VPN server.
55 if self.vpn_kind is None:
Taylor Hutt0084cba2011-04-08 06:45:57 -0700[diff] [blame]56 raise error.TestFail('No VPN kind specified for this test.')
Taylor Hutt9963dc12011-03-08 09:52:23 -0800[diff] [blame]57 elif self.vpn_kind == 'openvpn':
Taylor Hutt0084cba2011-04-08 06:45:57 -0700[diff] [blame]58 # Read config information & create server configuration file.
59 for k, v in params.get('config', {}).iteritems():
60 self.openvpn_config[k] = v
61 self.server.run("cat <<EOF >/tmp/vpn-server.conf\n%s\nEOF\n" %
62 ('\n'.join( "%s %s" % kv for kv in
63 self.openvpn_config.iteritems())))
64 self.server.run("/usr/sbin/openvpn "
65 "--config /tmp/vpn-server.conf &")
James Simonsen4c154f02011-05-26 15:50:00 -0700[diff] [blame]66 elif self.vpn_kind in ('l2tpipsec-psk', 'l2tpipsec-cert'):
67 configs = {
68 "/etc/xl2tpd/xl2tpd.conf" :
69 "[global]\n"
70 "\n"
71 "[lns default]\n"
72 " ip range = 192.168.1.128-192.168.1.254\n"
73 " local ip = 192.168.1.99\n"
74 " require chap = yes\n"
75 " refuse pap = yes\n"
76 " require authentication = yes\n"
77 " name = LinuxVPNserver\n"
78 " ppp debug = yes\n"
79 " pppoptfile = /etc/ppp/options.xl2tpd\n"
80 " length bit = yes\n",
Taylor Hutt0084cba2011-04-08 06:45:57 -0700[diff] [blame]81
James Simonsen4c154f02011-05-26 15:50:00 -0700[diff] [blame]82 "/etc/xl2tpd/l2tp-secrets" :
83 "* them l2tp-secret",
Taylor Hutt0084cba2011-04-08 06:45:57 -0700[diff] [blame]84
James Simonsen4c154f02011-05-26 15:50:00 -0700[diff] [blame]85 "/etc/ppp/chap-secrets" :
86 "chapuser * chapsecret *",
Taylor Hutt0084cba2011-04-08 06:45:57 -0700[diff] [blame]87
James Simonsen4c154f02011-05-26 15:50:00 -0700[diff] [blame]88 "/etc/ppp/options.xl2tpd" :
89 "ipcp-accept-local\n"
90 "ipcp-accept-remote\n"
91 "noccp\n"
92 "auth\n"
93 "crtscts\n"
94 "idle 1800\n"
95 "mtu 1410\n"
96 "mru 1410\n"
97 "nodefaultroute\n"
98 "debug\n"
99 "lock\n"
100 "proxyarp\n"
101 "connect-delay 5000\n"
102 }
103 config_choices = {
104 'l2tpipsec-psk': {
105 "/etc/ipsec.conf" :
106 "config setup\n"
107 " charonstart=no\n"
108 " plutostart=yes\n"
109 " plutodebug=%(@plutodebug@)s\n"
Ken Mixter2c2ac6d2011-08-24 16:37:54 -0700[diff] [blame]110 " plutostderrlog=/var/log/pluto.log\n"
James Simonsen4c154f02011-05-26 15:50:00 -0700[diff] [blame]111 "conn L2TP\n"
112 " keyexchange=ikev1\n"
113 " authby=psk\n"
114 " pfs=no\n"
115 " rekey=no\n"
116 " left=%(@local-listen-ip@)s\n"
117 " leftprotoport=17/1701\n"
118 " right=%%any\n"
119 " rightprotoport=17/%%any\n"
120 " auto=add\n",
Taylor Hutt0084cba2011-04-08 06:45:57 -0700[diff] [blame]121
James Simonsen4c154f02011-05-26 15:50:00 -0700[diff] [blame]122 "/etc/ipsec.secrets" :
123 "%(@ipsec-secrets@)s %%any : PSK \"password\"",
124 },
125 'l2tpipsec-cert': {
126 "/etc/ipsec.conf" :
127 "config setup\n"
128 " charonstart=no\n"
129 " plutostart=yes\n"
130 " plutodebug=%(@plutodebug@)s\n"
Ken Mixter2c2ac6d2011-08-24 16:37:54 -0700[diff] [blame]131 " plutostderrlog=/var/log/pluto.log\n"
James Simonsen4c154f02011-05-26 15:50:00 -0700[diff] [blame]132 "conn L2TP\n"
133 " keyexchange=ikev1\n"
134 " left=%(@local-listen-ip@)s\n"
135 " leftcert=server.crt\n"
136 " leftid=\"C=US, ST=California, L=Mountain View, "
137 "CN=chromelab-wifi-testbed-server.mtv.google.com\"\n"
138 " leftprotoport=17/1701\n"
139 " right=%%any\n"
140 " rightca=\"C=US, ST=California, L=Mountain View, "
141 "CN=chromelab-wifi-testbed-root.mtv.google.com\"\n"
142 " rightprotoport=17/%%any\n"
143 " auto=add\n"
144 " pfs=no\n",
Taylor Hutt0084cba2011-04-08 06:45:57 -0700[diff] [blame]145
James Simonsen4c154f02011-05-26 15:50:00 -0700[diff] [blame]146 "/etc/ipsec.secrets" : ": RSA server.key \"\"\n",
147 },
148 }
149 configs.update(config_choices[self.vpn_kind])
Taylor Hutt0084cba2011-04-08 06:45:57 -0700[diff] [blame]150
151 replacements = params.get("replacements", {})
152 # These two replacements must match up to the same
153 # adapter, or a connection will not be established.
154 replacements["@local-listen-ip@"] = "%defaultroute"
155 replacements["@ipsec-secrets@"] = self.server.ip
156
157 for cfg, template in configs.iteritems():
158 contents = template % (replacements)
159 self.server.run("cat <<EOF >%s\n%s\nEOF\n" % (cfg, contents))
160
Ken Mixter2c2ac6d2011-08-24 16:37:54 -0700[diff] [blame]161 self.server.run("/usr/sbin/ipsec restart")
Taylor Hutt0084cba2011-04-08 06:45:57 -0700[diff] [blame]162
163 # Restart xl2tpd to ensure use of newly-created config files.
164 self.server.run("sh /etc/init.d/xl2tpd restart")
Taylor Hutt9963dc12011-03-08 09:52:23 -0800[diff] [blame]165 else:
166 raise error.TestFail('(internal error): No config case '
167 'for VPN kind (%s)' % self.vpn_kind)
168
169 def vpn_server_kill(self, params):
170 """ Kill the VPN server. """
171 if self.vpn_kind is not None:
172 if self.vpn_kind == 'openvpn':
173 self.server.run("pkill /usr/sbin/openvpn")
James Simonsen4c154f02011-05-26 15:50:00 -0700[diff] [blame]174 elif self.vpn_kind in ('l2tpipsec-psk', 'l2tpipsec-cert'):
Taylor Hutt0084cba2011-04-08 06:45:57 -0700[diff] [blame]175 self.server.run("/usr/sbin/ipsec stop")
Taylor Hutt9963dc12011-03-08 09:52:23 -0800[diff] [blame]176 else:
177 raise error.TestFail('(internal error): No kill case '
178 'for VPN kind (%s)' % self.vpn_kind)
Taylor Hutt0084cba2011-04-08 06:45:57 -0700[diff] [blame]179 self.vpn_kind = None
Paul Stewartfad31b12011-10-04 18:11:56 -0700[diff] [blame]180
181 def ipv6_server_config(self, params):
182 self.ipv6_server_kill({})
183 radvd_opts = { 'interface': self.config.get('server_dev', 'eth0'),
184 'adv_send_advert': 'on',
185 'min_adv_interval': '3',
186 'max_adv_interval': '10',
Paul Stewartab199722012-08-23 15:04:06 -0700[diff] [blame]187 # NB: Addresses below are within the 2001:0db8/32
Paul Stewartfad31b12011-10-04 18:11:56 -0700[diff] [blame]188 # "documentation only" prefix (RFC3849), which is
189 # guaranteed never to be assigned to a real network.
190 'prefix': '2001:0db8:0100:f101::/64',
191 'adv_on_link': 'on',
192 'adv_autonomous': 'on',
Paul Stewartab199722012-08-23 15:04:06 -0700[diff] [blame]193 'adv_router_addr': 'on',
194 'rdnss_servers': '2001:0db8:0100:f101::0001 '
195 '2001:0db8:0100:f101::0002',
196 'adv_rdnss_lifetime': 'infinity',
197 'dnssl_list': 'a.com b.com' }
Paul Stewartfad31b12011-10-04 18:11:56 -0700[diff] [blame]198 radvd_opts.update(params)
199
200 config = ('interface %(interface)s {\n'
201 ' AdvSendAdvert %(adv_send_advert)s;\n'
202 ' MinRtrAdvInterval %(min_adv_interval)s;\n'
203 ' MaxRtrAdvInterval %(max_adv_interval)s;\n'
204 ' prefix %(prefix)s {\n'
205 ' AdvOnLink %(adv_on_link)s;\n'
206 ' AdvAutonomous %(adv_autonomous)s;\n'
207 ' AdvRouterAddr %(adv_router_addr)s;\n'
208 ' };\n'
Paul Stewartab199722012-08-23 15:04:06 -0700[diff] [blame]209 ' RDNSS %(rdnss_servers)s {\n'
210 ' AdvRDNSSLifetime %(adv_rdnss_lifetime)s;\n'
211 ' };\n'
212 ' DNSSL %(dnssl_list)s {\n'
213 ' };\n'
Paul Stewartfad31b12011-10-04 18:11:56 -0700[diff] [blame]214 '};\n') % radvd_opts
215 cfg_file = params.get('config_file', self.radvd_config['file'])
216 self.server.run('cat <<EOF >%s\n%s\nEOF\n' % (cfg_file, config))
217 self.server.run('%s -C %s\n' % (self.radvd_config['server'], cfg_file))
218
219 def ipv6_server_kill(self, params):
220 self.server.run('pkill %s >/dev/null 2>&1' %
221 self.radvd_config['server'], ignore_status=True)