Write unit tests for releng networks

RESOLVED FIXED

Status

Infrastructure & Operations
RelOps
RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: dustin, Assigned: dustin)

Tracking

Details

fwunit has given us the ability to reason about firewall configs.

To support bug 1026112, we'll write tests to verify that desired flows are in place, and undesired flows are not allowed.

These will be stored in the private repo from bug 1044034, and updates will be synchronized with switch configs so that the tests are always passing.  This gets us:

 * a human-readable document describing all releng-related flows
 * verification that the document is accurate (by running the tests)
 * a change history of the document, including readable diffs and comments
 * a way to verify that all flows still work after any config refactors
Blocks: 1026102
I have a set of tests for puppetmasters written and passing, but with a handful of workarounds for flow issues I discovered while writing them.  I've filed bugs for all of those issues.
I'm going to close this bug up after writing tests for buildmasters.  We can add others once the process is defined.
Notes from my meeting with dividehex, ben, Callek, jlund, and pmoore:

* tests should use hostnames where possible (so, yes for hosts, no for netblocks)
OK, buildbot master tests are written.

I knocked out the use-hostnames bit (with a local cache so I can run the analysis off-network) a few days ago.

So, I'm calling this done.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.