stupid portforwarding tricks for local testing

Tom Maher · Tom Maher · commit 9bab5a5d49bf · 2016-08-22T20:48:18.000-07:00
diff --git a/script/install-openldap b/script/install-openldap
@@ -79,6 +79,15 @@ signing_key
 expiration_days = 3650
 EOF"
 
+# The integration server may be accessed by IP address, in which case
+# we want some of the IPs included in the cert. We skip loopback (127.0.0.1)
+# because that's the IP we use in the integration test for cert name mismatches.
+ADDRS=$(ifconfig -a | grep 'inet addr:' | cut -f 2 -d : | cut -f 1 -d ' ')
+for ip in $ADDRS; do
+  if [ "x$ip" = 'x127.0.0.1' ]; then continue; fi
+  echo "ip_address = $ip" >> /etc/ssl/ldap01.info
+done
+
 # Create the server certificate
 certtool --generate-certificate \
   --load-privkey /etc/ssl/private/ldap01_slapd_key.pem \
@@ -114,6 +123,9 @@ chmod o-r /etc/ssl/private/ldap01_slapd_key.pem
 # Drop packets on a secondary port used to specific timeout tests
 iptables -A INPUT -p tcp -j DROP --dport 8389
 
+# Forward a port for Vagrant
+iptables -t nat -A PREROUTING -p tcp --dport 9389 -j REDIRECT --to-port 389
+
 # fix up /etc/hosts for cert validation
 grep ldap01 /etc/hosts || echo "127.0.0.1 ldap01.example.com" >> /etc/hosts
 grep ldap02 /etc/hosts || echo "127.0.0.1 ldap02.example.com" >> /etc/hosts
diff --git a/test/support/vm/openldap/Vagrantfile b/test/support/vm/openldap/Vagrantfile
@@ -10,6 +10,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
   config.vm.box = "hashicorp/precise64"
 
   config.vm.network "private_network", type: :dhcp
+  config.vm.network "forwarded_port", guest: 389, host: 9389
 
   config.ssh.forward_agent = true
 
