Add test support for airgapped environments

Use airgapped network for runner This will allow the runner to run in an airgapped network that is shared with the main GitLab container Add an Instance scenario for Airgapped Add an airgap check of an initial wget to prove that DNS is functioning, ping commands to show initial connectivity and then airgap, and a netcat check of port 80

Add test support for airgapped environments
Use airgapped network for runner This will allow the runner to run in an airgapped network that is shared with the main GitLab container Add an Instance scenario for Airgapped Add an airgap check of an initial wget to prove that DNS is functioning, ping commands to show initial connectivity and then airgap, and a netcat check of port 80
0cf136b6 · Tanya Pazitny · Mark Lapierre · bcbb02dd · 0cf136b6 · 0cf136b6
Commit 0cf136b6 authored Jun 14, 2020 by Tanya Pazitny Committed by Mark Lapierre Jun 14, 2020
6 changed files
--- a/qa/qa.rb
+++ b/qa/qa.rb
@@ -137,6 +137,7 @@ module QA
      module Instance
        autoload :All, 'qa/scenario/test/instance/all'
        autoload :Smoke, 'qa/scenario/test/instance/smoke'
+        autoload :Airgapped, 'qa/scenario/test/instance/airgapped'
      end

      module Integration

--- a/qa/qa/scenario/test/instance/airgapped.rb
+++ b/qa/qa/scenario/test/instance/airgapped.rb
+# frozen_string_literal: true
+
+module QA
+  module Scenario
+    module Test
+      module Instance
+        class Airgapped < Template
+          include Bootable
+          include SharedAttributes
+          def perform(address, *rspec_options)
+            Runtime::Scenario.define(:runner_network, 'airgapped')
+
+            super
+          end
+        end
+      end
+    end
+  end
+end
--- a/qa/qa/service/docker_run/base.rb
+++ b/qa/qa/service/docker_run/base.rb
@@ -8,6 +8,7 @@ module QA

        def initialize
          @network = Runtime::Scenario.attributes[:network] || 'test'
+          @runner_network = Runtime::Scenario.attributes[:runner_network] || @network
        end

        def network
@@ -18,6 +19,14 @@ module QA
          @network
        end

+        def runner_network
+          shell "docker network inspect #{@runner_network}"
+        rescue CommandError
+          network
+        else
+          @runner_network
+        end
+
        def pull
          shell "docker pull #{@image}"
        end

--- a/qa/qa/service/docker_run/gitlab_runner.rb
+++ b/qa/qa/service/docker_run/gitlab_runner.rb
 # frozen_string_literal: true

+require 'resolv'
 require 'securerandom'

 module QA
@@ -38,11 +39,16 @@ module QA
        def register!
          shell <<~CMD.tr("\n", ' ')
            docker run -d --rm --entrypoint=/bin/sh
-            --network #{network} --name #{@name}
+            --network #{runner_network} --name #{@name}
            #{'-v /var/run/docker.sock:/var/run/docker.sock' if @executor == :docker}
            --privileged
            #{@image} -c "#{register_command}"
          CMD
+
+          # Prove airgappedness
+          if runner_network == 'airgapped'
+            shell("docker exec #{@name} sh -c '#{prove_airgap}'")
+          end
        end

        def tags=(tags)
@@ -85,6 +91,17 @@ module QA
            gitlab-runner run
          CMD
        end
+
+        # Ping CloudFlare DNS, should fail
+        # Ping Registry, should fail to resolve
+        def prove_airgap
+          gitlab_ip = Resolv.getaddress 'registry.gitlab.com'
+          <<~CMD
+            echo "Checking airgapped connectivity..."
+            nc -zv -w 10 #{gitlab_ip} 80 && (echo "Airgapped network faulty. Connectivity netcat check failed." && exit 1) || (echo "Connectivity netcat check passed." && exit 0)
+            wget --retry-connrefused --waitretry=1 --read-timeout=15 --timeout=10 -t 2 http://registry.gitlab.com > /dev/null 2>&1 && (echo "Airgapped network faulty. Connectivity wget check failed." && exit 1) || (echo "Airgapped network confirmed. Connectivity wget check passed." && exit 0)
+          CMD
+        end
      end
    end
  end

--- a/qa/qa/service/docker_run/jenkins.rb
+++ b/qa/qa/service/docker_run/jenkins.rb
@@ -16,7 +16,9 @@ module QA
        end

        def host_name
-          return 'localhost' unless QA::Runtime::Env.running_in_ci?
+          if !QA::Runtime::Env.running_in_ci? && !runner_network.equal?('airgapped')
+            'localhost'
+          end

          super
        end
@@ -33,7 +35,9 @@ module QA
            #{@image}
          CMD

-          command.gsub!("--network #{network} ", '') unless QA::Runtime::Env.running_in_ci?
+          if !QA::Runtime::Env.running_in_ci? && !runner_network.equal?('airgapped')
+            command.gsub!("--network #{network} ", '')
+          end

          shell command
        end

--- a/qa/spec/scenario/test/instance/airgapped_spec.rb
+++ b/qa/spec/scenario/test/instance/airgapped_spec.rb
+# frozen_string_literal: true
+
+describe QA::Scenario::Test::Instance::Airgapped do
+  describe '#perform' do
+    it_behaves_like 'a QA scenario class' do
+    end
+  end
+end