Skip to content

Commit

Permalink
fix[integration tests]: Improve container SSH connection validation a…
Browse files Browse the repository at this point in the history
…nd allowed ssh settings
  • Loading branch information
sidey79 committed Dec 30, 2024
1 parent 7f5a41a commit 43c323e
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 20 deletions.
30 changes: 19 additions & 11 deletions scripts/test-integration.sh
Original file line number Diff line number Diff line change
Expand Up @@ -15,14 +15,14 @@ RETURNCODE=0

for ID in $IMAGE; do
echo "Booting up container for variant $ID ..."
CONTAINER=$( docker run -d -ti --health-interval=60s --health-timeout=10s --health-start-period=150s --health-retries=5 $ID )
CONTAINER=$( docker run -d -ti --health-interval=60s --health-timeout=10s --health-start-period=150s --health-retries=5 "$ID" )
docker container ls | grep 'fhem/.*'

echo -ne "Waiting for container ..."
sleep 3
bootstate="created"
until [ $bootstate != "created" ]; do
bootstate=$( docker inspect --format="{{json .State}}" $CONTAINER 2>/dev/null | jq -r .Status )
until [ "$bootstate" != "created" ]; do
bootstate=$( docker inspect --format="{{json .State}}" "$CONTAINER" 2>/dev/null | jq -r .Status )
echo -n " ."
sleep 3
done
Expand All @@ -37,13 +37,21 @@ for ID in $IMAGE; do
if [ -z "$status" ]; then
echo -ne "\nWaiting for health status report ..."
healthstate="starting"
until [ $healthstate != "starting" ]; do
healthstate=$( docker inspect --format="{{json .State}}" $CONTAINER 2>/dev/null | jq -r .Health.Status )
until [ "$healthstate" != "starting" ]; do
healthstate=$( docker inspect --format="{{json .State}}" "$CONTAINER" 2>/dev/null | jq -r .Health.Status )
echo -n " ."
sleep 3
done
if [ -n "$healthstate" ] && [ "$healthstate" == "healthy" ]; then
status="OK"

# Check SSH connection
if ! output=$(docker container exec --user 6062 "${CONTAINER}" ssh -F .ssh/config -p 58824 fhem-va.fhem.de status 2>&1); then
status="OK"
else
echo "$output"
status="ssh-error"
fi

elif [ -n "$healthstate" ] && [ "$healthstate" != "null" ]; then
status=$healthstate
else
Expand All @@ -53,15 +61,15 @@ for ID in $IMAGE; do
fi

if [ "$status" != "OK" ]; then
echo -e "\nImage $ID did come up with unexpected state "$status". Integration test FAILED!\n\n"
docker logs $CONTAINER
docker container rm $CONTAINER --force --volumes 2>&1>/dev/null
docker rmi $ID >/dev/null
echo -e "\nImage $ID did come up with unexpected state $status. Integration test FAILED!\n\n"
docker logs "$CONTAINER"
docker container rm "$CONTAINER" --force --volumes 2>&1>/dev/null
docker rmi "$ID" >/dev/null
echo "$ID $status" >> ./failed_variants
(( RETURNCODE++ ))
else
echo -e "\nImage $ID integration test PASSED.\n\n"
docker container rm $CONTAINER --force --volumes 2>&1>/dev/null
docker container rm "$CONTAINER" --force --volumes 2>&1>/dev/null
fi
done

Expand Down
19 changes: 10 additions & 9 deletions src/entry.sh
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ generate_ssh_keys() {
if [ ! -s ${ALEXAFHEM_DIR}/.ssh/id_rsa ]; then
echo -e " - Generating SSH RSA client certificate for user 'alexa-fhem' ..."
rm -f ${ALEXAFHEM_DIR}/.ssh/id_rsa*
ssh-keygen -t rsa -b 4096 -f ${ALEXAFHEM_DIR}/.ssh/id_rsa -q -N "" -o -a 100
ssh-keygen -t rsa-sha2-512 -b 4096 -f ${ALEXAFHEM_DIR}/.ssh/id_rsa -q -N "" -o -a 100
sed -i "s/root@.*/alexa-fhem@alexa-fhem-docker/" ${ALEXAFHEM_DIR}/.ssh/id_rsa.pub
fi
chmod 600 ${ALEXAFHEM_DIR}/.ssh/id_rsa
Expand All @@ -55,14 +55,15 @@ generate_ssh_keys() {

harden_ssh_client() {
if [ ! -f ${ALEXAFHEM_DIR}/.ssh/config ]; then
echo "IdentityFile ~/.ssh/id_ed25519
IdentityFile ~/.ssh/id_rsa
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
HostKeyAlgorithms ssh-ed25519,ssh-rsa
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256
MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,umac-128-etm@openssh.com
" > "${ALEXAFHEM_DIR}"/.ssh/config
printf "%s\n" \
"IdentityFile ~/.ssh/id_ed25519" \
"IdentityFile ~/.ssh/id_rsa" \
"PubkeyAcceptedKeyTypes +ssh-rsa" \
"HostKeyAlgorithms +ssh-rsa" \
"Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-gcm@openssh.com,aes128-ctr" \
"MACs hmac-sha2-256,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com" \
"KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,gss-curve25519-sha256-,diffie-hellman-group16-sha512,gss-group16-sha512-,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256" \
"Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com" > "${ALEXAFHEM_DIR}"/.ssh/config
fi
}

Expand Down

0 comments on commit 43c323e

Please sign in to comment.