Skip to content

Traffic control for Eden-SDN (#880) #26

Traffic control for Eden-SDN (#880)

Traffic control for Eden-SDN (#880) #26

Workflow file for this run

---
name: EdenGCP
on: # yamllint disable-line rule:truthy
push:
branches: [master]
# yamllint disable rule:line-length
jobs:
check-secrets:
runs-on: ubuntu-22.04
outputs:
available: ${{ steps.secrets.outputs.defined }}
steps:
- id: secrets
if: ${{ (env.OVPN_FILE != '') && (env.GCP_PROJECT_ID != '') && (env.GCP_SA_KEY != '') }}
run: echo "defined=true" >> $GITHUB_OUTPUT
env:
OVPN_FILE: ${{ secrets.OVPN_FILE }}
GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }}
GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }}
integration:
name: Integration GCP test (${{ matrix.hv }};${{ matrix.fs }})
runs-on: ubuntu-22.04
needs: [check-secrets]
if: needs.check-secrets.outputs.available == 'true'
strategy:
fail-fast: false
matrix:
hv: ["kvm", "xen"]
fs: ["zfs", "ext4"]
steps:
- name: get eden
uses: actions/checkout@v3
- name: setup go
uses: actions/setup-go@v3
with:
go-version: '1.18'
- name: Check
run: |
for addr in $(ip addr list|sed -En -e 's/.*inet ([0-9.]+).*/\1/p')
do
if echo "$addr" | grep -q -E "10.11.(12|13).[0-9]+"; then
echo "$addr overlaps with test"; exit 1
fi
if echo "$addr" | grep -q -E "10.8.0.[0-9]+"; then
echo "$addr overlaps with vpn"; exit 1
fi
done
sudo df -h
sudo swapoff -a
sudo free
- name: Public IP
id: ip
run: |
PUBLIC_IP=$(curl -s https://api.ipify.org/?format=text)
if [[ ! $PUBLIC_IP =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then exit 1; fi
echo "ipv4=$PUBLIC_IP" >> $GITHUB_OUTPUT
- name: setup packages
run: |
sudo apt update
sudo apt install -y qemu-utils openvpn jq
echo "$OVPN_FILE" | base64 -d > ./config.ovpn
env:
OVPN_FILE: ${{ secrets.OVPN_FILE }}
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v0.6.0
with:
project_id: ${{ secrets.GCP_PROJECT_ID }}
- id: 'gcpauth'
name: Auth to Google Cloud SDK
uses: google-github-actions/auth@v0.8.2
with:
project_id: ${{ secrets.GCP_PROJECT_ID }}
credentials_json: ${{ secrets.GCP_SA_KEY }}
create_credentials_file: true
- name: set firewall & clean
run: |
gcloud compute instances delete eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -q --zone=us-west1-a || echo "not exists"
gcloud compute images delete eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -q || echo "not exists"
- name: Connect VPN
id: connect_vpn
timeout-minutes: 1
run: |
sudo openvpn --config ./config.ovpn --daemon
until ip -f inet addr show tun0; do sleep 5; ip a; done
echo "tunnel_ip=$(ip -f inet addr show tun0 | sed -En -e 's/.*inet ([0-9.]+).*/\1/p')" >> $GITHUB_OUTPUT
- name: build eden
run: |
make build
make build-tests
- name: pre-setup
run: |
./eden config add default --devmodel GCP
./eden config set default --key adam.eve-ip --value ${{ steps.connect_vpn.outputs.tunnel_ip }}
./eden config set default --key registry.ip --value ${{ steps.connect_vpn.outputs.tunnel_ip }}
./eden config set default --key eve.hv --value ${{ matrix.hv }}
./eden config set default --key eve.tpm --value true
./eden utils gcp firewall --source-range ${{ steps.ip.outputs.ipv4 }}/32 --name eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -k "${{ steps.gcpauth.outputs.credentials_file_path }}"
- name: setup-ext4
if: matrix.fs == 'ext4'
run: ./eden setup -v debug
- name: setup-zfs
if: matrix.fs == 'zfs'
run: |
./eden config set default --key=eve.disks --value=4
./eden setup -v debug --grub-options='set_global dom0_extra_args "$dom0_extra_args eve_install_zfs_with_raid_level "'
- name: clean-docker
run: docker system prune -f -a
- name: post-setup
run: |
./eden utils gcp image --image-name eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -k "${{ steps.gcpauth.outputs.credentials_file_path }}" upload
./eden utils gcp vm --image-name eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} --vm-name eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -k "${{ steps.gcpauth.outputs.credentials_file_path }}" run
./eden start
sleep 100
BWD=$(./eden utils gcp vm get-ip --vm-name eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -k "${{ steps.gcpauth.outputs.credentials_file_path }}") || { echo "cannot obtain IP"; exit 1; }
echo "the IP is $BWD"
./eden utils gcp firewall -k "${{ steps.gcpauth.outputs.credentials_file_path }}" --source-range $BWD --name eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} || { echo "cannot set firewall"; exit 1; }
./eden eve onboard
echo > tests/workflow/testdata/eden_stop.txt
- name: Test
run: |
EDEN_TEST=gcp ./eden test tests/workflow -v debug
- name: Collect info
if: ${{ failure() }}
uses: ./.github/actions/collect-info
- name: Collect logs
if: ${{ always() }}
run: |
./eden log --format json > trace.log || echo "no log"
./eden info --format json > info.log || echo "no info"
./eden metric --format json > metric.log || echo "no metric"
./eden netstat --format json > netstat.log || echo "no netstat"
docker logs eden_adam > adam.log 2>&1 || echo "no adam log"
./eden utils gcp vm log --vm-name eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -k "${{ steps.gcpauth.outputs.credentials_file_path }}" > console.log || echo "no device log"
- name: Clean
if: ${{ always() }}
run: |
gcloud compute firewall-rules delete eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} || echo "not exists"
gcloud compute firewall-rules delete eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} || echo "not exists"
gcloud compute instances delete eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -q --zone=us-west1-a || echo "not exists"
gcloud compute images delete eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -q || echo "not exists"
gsutil -o "Credentials:gs_service_key_file=${{ steps.gcpauth.outputs.credentials_file_path }}" rm gs://eve-live/eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}}.img.tar.gz || echo "not exists"
- name: Log counting
if: ${{ always() }}
run: |
echo "::group::Total errors"
echo "$(jq '.severity' trace.log|grep err|wc -l)"
echo "::endgroup::"
echo "::group::Errors by source"
echo "errors by source: $(jq -s 'map(select(.severity|contains("err")))|group_by(.source)|map({"source": .[0].source, "total":length})|sort_by(.total)|reverse[]' trace.log)"
echo "::endgroup::"
echo "::group::Error log content duplicates"
echo "$(jq -s 'map(select(.severity | contains("err")))|group_by(.content)|map(select(length>1))' trace.log)"
echo "::endgroup::"
echo "::group::Error log function filename duplicates"
echo "$(jq -s 'map(select(.severity | contains("err")))|group_by(.filename)|map(select(length>10))|map({"source": .[0].source, "filename": .[0].filename, "function": .[0].function, "content": [.[].content], "total":length})|sort_by(.total)| reverse[]' trace.log)"
echo "::endgroup::"
echo "::group::Segfaults"
echo "$(jq -s 'map(select(.content | contains("segfault at")))' trace.log)"|tee segfaults.log
[ "$(jq length segfaults.log)" -gt 0 ] && echo "::warning::segfaults found, you can see them in Log counting->Segfaults section"
echo "::endgroup::"
- name: Store raw test results
if: ${{ always() }}
uses: actions/upload-artifact@v3
with:
name: eden-report-${{ matrix.hv }}-${{ matrix.fs }}
path: |
${{ github.workspace }}/eve-info.tar.gz
${{ github.workspace }}/trace.log
${{ github.workspace }}/info.log
${{ github.workspace }}/adam.log
${{ github.workspace }}/netstat.log
${{ github.workspace }}/metric.log
${{ github.workspace }}/console.log