-
Notifications
You must be signed in to change notification settings - Fork 48
/
test.sh
70 lines (57 loc) · 2.5 KB
/
test.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
#!/usr/bin/env bash
#
#TEST: change TTL of key to something shorter and see if the enforcer
# would consider the current published TTL.
# method:
# - add zone, roll in key
# - stop, change TTL
# - start update policy
# - key rollover -t ZSK
# - see how long it takes for the new DNSKEY to become omnipresent
#runtime: about 11 seconds
if [ -n "$HAVE_MYSQL" ]; then
ods_setup_conf conf.xml conf-mysql.xml
fi &&
ods_reset_env -i &&
ods_start_enforcer &&
echo "################## ZONE ADD 1" &&
echo -n "LINE: ${LINENO} " && ods-enforcer zone add --zone ods1 &&
ods_enforcer_idle &&
ods-enforcer zone list &&
echo "################## LEAP TO OMNIPRESENT ZSK DNSKEY" &&
echo -n "LINE: ${LINENO} " && ods_enforcer_leap_over 120 &&
echo "################## LOWER TTL AND RESTART" &&
echo -n "LINE: ${LINENO} " && cp kasp-short-ttl.xml "$INSTALL_ROOT/etc/opendnssec/kasp.xml" &&
echo -n "LINE: ${LINENO} " && ods-enforcer policy import &&
echo "################## START ZSK ROLL" &&
echo -n "LINE: ${LINENO} " && ods-enforcer key rollover -t ZSK -z ods1 &&
echo "################## TESTING 2ND ZSK IS NOT ACTIVE FOR ENOUGH TIME" &&
echo -n "LINE: ${LINENO} " && ods_enforcer_leap_to 3600 &&
ods-enforcer key list -d -p | grep ZSK &&
COUNT=`ods-enforcer key list -d -p |grep ZSK|cut -f 4 -d ";" |grep -c omnipresent` &&
[ $COUNT -eq 1 ] &&
echo "################## BUT A MOMENT LATER IT IS" &&
echo -n "LINE: ${LINENO} " && ods-enforcer time leap &&
COUNT=`ods-enforcer key list -d -p |grep ZSK|cut -f 4 -d ";" |grep -c omnipresent` &&
[ $COUNT -eq 2 ] &&
###############################################################################
## NOTICE: we would expect roughly an hour + a minute here. (Old TTL + margins)
## If we would botch it up we expect a minute + a minute. (New TTL + margin)
## However somehow in reality we see an hour + an hour + a minute (2x old TTL
## + margin). Likely this is some sort of side effect of time leap or
## inconsistent handling of timestamps wrt timezones. This test is written
## so it will still succeed if we once fix that bug. (i.e. anything more than
## an hour is okay)
###############################################################################
echo "################## TEST TEARDOWN" &&
echo -n "LINE: ${LINENO} " && ods_stop_enforcer &&
exit 0
echo "################## ERROR: CURRENT STATE" &&
echo "DEBUG: " && ods-enforcer key list -d -p
echo "DEBUG: " && ods-enforcer key list -v
echo "DEBUG: " && ods-enforcer queue
echo
echo "************error******************"
echo
ods_kill
return 1