Traffic control for Eden-SDN (#880) #26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: EdenGCP | |
on: # yamllint disable-line rule:truthy | |
push: | |
branches: [master] | |
# yamllint disable rule:line-length | |
jobs: | |
check-secrets: | |
runs-on: ubuntu-22.04 | |
outputs: | |
available: ${{ steps.secrets.outputs.defined }} | |
steps: | |
- id: secrets | |
if: ${{ (env.OVPN_FILE != '') && (env.GCP_PROJECT_ID != '') && (env.GCP_SA_KEY != '') }} | |
run: echo "defined=true" >> $GITHUB_OUTPUT | |
env: | |
OVPN_FILE: ${{ secrets.OVPN_FILE }} | |
GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} | |
GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }} | |
integration: | |
name: Integration GCP test (${{ matrix.hv }};${{ matrix.fs }}) | |
runs-on: ubuntu-22.04 | |
needs: [check-secrets] | |
if: needs.check-secrets.outputs.available == 'true' | |
strategy: | |
fail-fast: false | |
matrix: | |
hv: ["kvm", "xen"] | |
fs: ["zfs", "ext4"] | |
steps: | |
- name: get eden | |
uses: actions/checkout@v3 | |
- name: setup go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: '1.18' | |
- name: Check | |
run: | | |
for addr in $(ip addr list|sed -En -e 's/.*inet ([0-9.]+).*/\1/p') | |
do | |
if echo "$addr" | grep -q -E "10.11.(12|13).[0-9]+"; then | |
echo "$addr overlaps with test"; exit 1 | |
fi | |
if echo "$addr" | grep -q -E "10.8.0.[0-9]+"; then | |
echo "$addr overlaps with vpn"; exit 1 | |
fi | |
done | |
sudo df -h | |
sudo swapoff -a | |
sudo free | |
- name: Public IP | |
id: ip | |
run: | | |
PUBLIC_IP=$(curl -s https://api.ipify.org/?format=text) | |
if [[ ! $PUBLIC_IP =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then exit 1; fi | |
echo "ipv4=$PUBLIC_IP" >> $GITHUB_OUTPUT | |
- name: setup packages | |
run: | | |
sudo apt update | |
sudo apt install -y qemu-utils openvpn jq | |
echo "$OVPN_FILE" | base64 -d > ./config.ovpn | |
env: | |
OVPN_FILE: ${{ secrets.OVPN_FILE }} | |
- name: Set up Cloud SDK | |
uses: google-github-actions/setup-gcloud@v0.6.0 | |
with: | |
project_id: ${{ secrets.GCP_PROJECT_ID }} | |
- id: 'gcpauth' | |
name: Auth to Google Cloud SDK | |
uses: google-github-actions/auth@v0.8.2 | |
with: | |
project_id: ${{ secrets.GCP_PROJECT_ID }} | |
credentials_json: ${{ secrets.GCP_SA_KEY }} | |
create_credentials_file: true | |
- name: set firewall & clean | |
run: | | |
gcloud compute instances delete eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -q --zone=us-west1-a || echo "not exists" | |
gcloud compute images delete eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -q || echo "not exists" | |
- name: Connect VPN | |
id: connect_vpn | |
timeout-minutes: 1 | |
run: | | |
sudo openvpn --config ./config.ovpn --daemon | |
until ip -f inet addr show tun0; do sleep 5; ip a; done | |
echo "tunnel_ip=$(ip -f inet addr show tun0 | sed -En -e 's/.*inet ([0-9.]+).*/\1/p')" >> $GITHUB_OUTPUT | |
- name: build eden | |
run: | | |
make build | |
make build-tests | |
- name: pre-setup | |
run: | | |
./eden config add default --devmodel GCP | |
./eden config set default --key adam.eve-ip --value ${{ steps.connect_vpn.outputs.tunnel_ip }} | |
./eden config set default --key registry.ip --value ${{ steps.connect_vpn.outputs.tunnel_ip }} | |
./eden config set default --key eve.hv --value ${{ matrix.hv }} | |
./eden config set default --key eve.tpm --value true | |
./eden utils gcp firewall --source-range ${{ steps.ip.outputs.ipv4 }}/32 --name eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -k "${{ steps.gcpauth.outputs.credentials_file_path }}" | |
- name: setup-ext4 | |
if: matrix.fs == 'ext4' | |
run: ./eden setup -v debug | |
- name: setup-zfs | |
if: matrix.fs == 'zfs' | |
run: | | |
./eden config set default --key=eve.disks --value=4 | |
./eden setup -v debug --grub-options='set_global dom0_extra_args "$dom0_extra_args eve_install_zfs_with_raid_level "' | |
- name: clean-docker | |
run: docker system prune -f -a | |
- name: post-setup | |
run: | | |
./eden utils gcp image --image-name eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -k "${{ steps.gcpauth.outputs.credentials_file_path }}" upload | |
./eden utils gcp vm --image-name eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} --vm-name eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -k "${{ steps.gcpauth.outputs.credentials_file_path }}" run | |
./eden start | |
sleep 100 | |
BWD=$(./eden utils gcp vm get-ip --vm-name eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -k "${{ steps.gcpauth.outputs.credentials_file_path }}") || { echo "cannot obtain IP"; exit 1; } | |
echo "the IP is $BWD" | |
./eden utils gcp firewall -k "${{ steps.gcpauth.outputs.credentials_file_path }}" --source-range $BWD --name eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} || { echo "cannot set firewall"; exit 1; } | |
./eden eve onboard | |
echo > tests/workflow/testdata/eden_stop.txt | |
- name: Test | |
run: | | |
EDEN_TEST=gcp ./eden test tests/workflow -v debug | |
- name: Collect info | |
if: ${{ failure() }} | |
uses: ./.github/actions/collect-info | |
- name: Collect logs | |
if: ${{ always() }} | |
run: | | |
./eden log --format json > trace.log || echo "no log" | |
./eden info --format json > info.log || echo "no info" | |
./eden metric --format json > metric.log || echo "no metric" | |
./eden netstat --format json > netstat.log || echo "no netstat" | |
docker logs eden_adam > adam.log 2>&1 || echo "no adam log" | |
./eden utils gcp vm log --vm-name eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -k "${{ steps.gcpauth.outputs.credentials_file_path }}" > console.log || echo "no device log" | |
- name: Clean | |
if: ${{ always() }} | |
run: | | |
gcloud compute firewall-rules delete eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} || echo "not exists" | |
gcloud compute firewall-rules delete eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} || echo "not exists" | |
gcloud compute instances delete eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -q --zone=us-west1-a || echo "not exists" | |
gcloud compute images delete eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -q || echo "not exists" | |
gsutil -o "Credentials:gs_service_key_file=${{ steps.gcpauth.outputs.credentials_file_path }}" rm gs://eve-live/eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}}.img.tar.gz || echo "not exists" | |
- name: Log counting | |
if: ${{ always() }} | |
run: | | |
echo "::group::Total errors" | |
echo "$(jq '.severity' trace.log|grep err|wc -l)" | |
echo "::endgroup::" | |
echo "::group::Errors by source" | |
echo "errors by source: $(jq -s 'map(select(.severity|contains("err")))|group_by(.source)|map({"source": .[0].source, "total":length})|sort_by(.total)|reverse[]' trace.log)" | |
echo "::endgroup::" | |
echo "::group::Error log content duplicates" | |
echo "$(jq -s 'map(select(.severity | contains("err")))|group_by(.content)|map(select(length>1))' trace.log)" | |
echo "::endgroup::" | |
echo "::group::Error log function filename duplicates" | |
echo "$(jq -s 'map(select(.severity | contains("err")))|group_by(.filename)|map(select(length>10))|map({"source": .[0].source, "filename": .[0].filename, "function": .[0].function, "content": [.[].content], "total":length})|sort_by(.total)| reverse[]' trace.log)" | |
echo "::endgroup::" | |
echo "::group::Segfaults" | |
echo "$(jq -s 'map(select(.content | contains("segfault at")))' trace.log)"|tee segfaults.log | |
[ "$(jq length segfaults.log)" -gt 0 ] && echo "::warning::segfaults found, you can see them in Log counting->Segfaults section" | |
echo "::endgroup::" | |
- name: Store raw test results | |
if: ${{ always() }} | |
uses: actions/upload-artifact@v3 | |
with: | |
name: eden-report-${{ matrix.hv }}-${{ matrix.fs }} | |
path: | | |
${{ github.workspace }}/eve-info.tar.gz | |
${{ github.workspace }}/trace.log | |
${{ github.workspace }}/info.log | |
${{ github.workspace }}/adam.log | |
${{ github.workspace }}/netstat.log | |
${{ github.workspace }}/metric.log | |
${{ github.workspace }}/console.log |