Skip to content

Commit a71140e

Browse files
kylemannakylemanna
committed
test: revocation: Minor style clean ups
* Always tear down test server if it exits for any reason. * Give container + volume unique name. * Drop iptables commands, these scare me as they are mucking with the state of my machine. * Fix path to cert revocation list, the OpenVPN crl is copied at start-up and is a race condition.
1 parent 1a22f61 commit a71140e

File tree

1 file changed

+12
-16
lines changed

1 file changed

+12
-16
lines changed

test/tests/revocation/run.sh

Lines changed: 12 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,11 @@ set -e
33

44
[ -n "${DEBUG+x}" ] && set -x
55

6-
OVPN_DATA="basic-data"
6+
OVPN_DATA="ovpn-revoke-test-data"
77
CLIENT1="travis-client1"
88
CLIENT2="travis-client2"
99
IMG="kylemanna/openvpn"
10-
NAME="ovpn-test"
10+
NAME="ovpn-revoke-test"
1111
CLIENT_DIR="$(readlink -f "$(dirname "$BASH_SOURCE")/../../client")"
1212
SERV_IP="$(ip -4 -o addr show scope global | awk '{print $4}' | sed -e 's:/.*::' | head -n1)"
1313

@@ -18,18 +18,21 @@ docker volume create --name $OVPN_DATA
1818
docker run --rm -v $OVPN_DATA:/etc/openvpn $IMG ovpn_genconfig -u udp://$SERV_IP
1919
docker run --rm -v $OVPN_DATA:/etc/openvpn -it -e "EASYRSA_BATCH=1" -e "EASYRSA_REQ_CN=Travis-CI Test CA" $IMG ovpn_initpki nopass
2020

21-
#
22-
# Fire up the server.
23-
#
24-
sudo iptables -N DOCKER || echo 'Firewall already configured'
25-
sudo iptables -I FORWARD 1 -j DOCKER
26-
docker run -d -v $OVPN_DATA:/etc/openvpn --cap-add=NET_ADMIN --privileged -p 1194:1194/udp --name $NAME $IMG
21+
# Register clean-up function
22+
function finish {
23+
# Stop the server and clean up
24+
docker rm -f $NAME
25+
docker volume rm $OVPN_DATA
26+
}
27+
trap finish EXIT
2728

29+
# Put the server in the background
30+
docker run -d -v $OVPN_DATA:/etc/openvpn --cap-add=NET_ADMIN -p 1194:1194/udp --name $NAME $IMG
2831

2932
#
3033
# Test that easy_rsa generate CRLs with 'next publish' set to 3650 days.
3134
#
32-
crl_next_update="$(docker exec $NAME openssl crl -nextupdate -noout -in /etc/openvpn/crl.pem | cut -d'=' -f2 | tr -d 'GMT')"
35+
crl_next_update="$(docker exec $NAME bash -c "openssl crl -nextupdate -noout -in \$EASYRSA_PKI/crl.pem | cut -d'=' -f2 | tr -d 'GMT'")"
3336
crl_next_update="$(date -u -d "$crl_next_update" "+%s")"
3437
now="$(docker exec $NAME date "+%s")"
3538
crl_remain="$(( $crl_next_update - $now ))"
@@ -79,13 +82,6 @@ if docker run --rm -v $CLIENT_DIR:/client --cap-add=NET_ADMIN --privileged --net
7982
exit 2
8083
fi
8184

82-
#
83-
# Stop the server and clean up
84-
#
85-
docker kill $NAME && docker rm $NAME
86-
docker volume rm $OVPN_DATA
87-
sudo iptables -D FORWARD 1
88-
8985
#
9086
# Celebrate
9187
#

0 commit comments

Comments
 (0)