smoke.sh 2.4 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283
  1. #!/bin/bash
  2. set -e -x
  3. set -o pipefail
  4. mkdir -p logs
  5. cleanup() {
  6. set +e
  7. if [ "$(jobs -r)" ]
  8. then
  9. sudo docker kill lighthouse1 host2 host3 host4
  10. fi
  11. }
  12. trap cleanup EXIT
  13. sudo docker run --name lighthouse1 --rm nebula:smoke -config lighthouse1.yml -test
  14. sudo docker run --name host2 --rm nebula:smoke -config host2.yml -test
  15. sudo docker run --name host3 --rm nebula:smoke -config host3.yml -test
  16. sudo docker run --name host4 --rm nebula:smoke -config host4.yml -test
  17. sudo docker run --name lighthouse1 --device /dev/net/tun:/dev/net/tun --cap-add NET_ADMIN --rm nebula:smoke -config lighthouse1.yml 2>&1 | tee logs/lighthouse1 &
  18. sleep 1
  19. sudo docker run --name host2 --device /dev/net/tun:/dev/net/tun --cap-add NET_ADMIN --rm nebula:smoke -config host2.yml 2>&1 | tee logs/host2 &
  20. sleep 1
  21. sudo docker run --name host3 --device /dev/net/tun:/dev/net/tun --cap-add NET_ADMIN --rm nebula:smoke -config host3.yml 2>&1 | tee logs/host3 &
  22. sleep 1
  23. sudo docker run --name host4 --device /dev/net/tun:/dev/net/tun --cap-add NET_ADMIN --rm nebula:smoke -config host4.yml 2>&1 | tee logs/host4 &
  24. sleep 1
  25. set +x
  26. echo
  27. echo " *** Testing ping from lighthouse1"
  28. echo
  29. set -x
  30. sudo docker exec lighthouse1 ping -c1 192.168.100.2
  31. sudo docker exec lighthouse1 ping -c1 192.168.100.3
  32. set +x
  33. echo
  34. echo " *** Testing ping from host2"
  35. echo
  36. set -x
  37. sudo docker exec host2 ping -c1 192.168.100.1
  38. # Should fail because not allowed by host3 inbound firewall
  39. ! sudo docker exec host2 ping -c1 192.168.100.3 -w5 || exit 1
  40. set +x
  41. echo
  42. echo " *** Testing ping from host3"
  43. echo
  44. set -x
  45. sudo docker exec host3 ping -c1 192.168.100.1
  46. sudo docker exec host3 ping -c1 192.168.100.2
  47. set +x
  48. echo
  49. echo " *** Testing ping from host4"
  50. echo
  51. set -x
  52. sudo docker exec host4 ping -c1 192.168.100.1
  53. # Should fail because not allowed by host4 outbound firewall
  54. ! sudo docker exec host4 ping -c1 192.168.100.2 -w5 || exit 1
  55. ! sudo docker exec host4 ping -c1 192.168.100.3 -w5 || exit 1
  56. set +x
  57. echo
  58. echo " *** Testing conntrack"
  59. echo
  60. set -x
  61. # host2 can ping host3 now that host3 pinged it first
  62. sudo docker exec host2 ping -c1 192.168.100.3
  63. # host4 can ping host2 once conntrack established
  64. sudo docker exec host2 ping -c1 192.168.100.4
  65. sudo docker exec host4 ping -c1 192.168.100.2
  66. sudo docker exec host4 sh -c 'kill 1'
  67. sudo docker exec host3 sh -c 'kill 1'
  68. sudo docker exec host2 sh -c 'kill 1'
  69. sudo docker exec lighthouse1 sh -c 'kill 1'
  70. sleep 1