hs-test: add nginx+quic test

Type: test Change-Id: I15e4f2fb84cb4f34b6fea95978db000854a63e78 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2023-06-15 10:06:57 +02:00
parent fe965a3a17
commit 31eaea9eef
18 changed files with 235 additions and 5 deletions
--- a/extras/hs-test/Makefile
+++ b/extras/hs-test/Makefile
@ -44,8 +44,11 @@ help:
 	@echo " fixstyle             - format .go source files"
 	@echo " list-tests           - list all tests"
 	@echo
-	@echo "Make arguments:"
+	@echo "make build arguments:"
 	@echo " UBUNTU_VERSION           - ubuntu version for docker image"
+	@echo " HST_EXTENDED_TESTS	 - build extended tests"
+	@echo
+	@echo "make test arguments:"
 	@echo " PERSIST=[true|false]     - whether clean up topology and dockers after test"
 	@echo " VERBOSE=[true|false]     - verbose output"
 	@echo " UNCONFIGURE=[true|false] - unconfigure selected test"
@ -76,12 +79,12 @@ build-go:

 build: .deps.ok build-vpp-release build-go
 	@rm -f .build.vpp
-	bash ./script/build.sh release
+	bash ./script/build_hst.sh release
 	@touch .build.vpp

 build-debug: .deps.ok build-vpp-debug build-go
 	@rm -f .build.vpp
-	bash ./script/build.sh debug
+	bash ./script/build_hst.sh debug
 	@touch .build.vpp

 .deps.ok:
--- a/extras/hs-test/docker/Dockerfile.build
+++ b/extras/hs-test/docker/Dockerfile.build
@ -0,0 +1,8 @@
+ARG UBUNTU_VERSION
+
+FROM ubuntu:${UBUNTU_VERSION}
+
+RUN apt-get update \
+ && apt-get install -y gcc git make autoconf libtool pkg-config cmake ninja-build golang \
+ && rm -rf /var/lib/apt/lists/*
+
--- a/extras/hs-test/docker/Dockerfile.curl
+++ b/extras/hs-test/docker/Dockerfile.curl
@ -0,0 +1,7 @@
+FROM hs-test/build
+
+COPY script/build_curl.sh /build_curl.sh
+RUN git clone https://github.com/curl/curl
+RUN /build_curl.sh
+
+CMD ["/bin/sh"]
--- a/extras/hs-test/docker/Dockerfile.nginx
+++ b/extras/hs-test/docker/Dockerfile.nginx
@ -17,4 +17,4 @@ ENV LDP_DEBUG=0
 ENV VCL_DEBUG=0
 ENV LDP_SID_BIT=8

-ENTRYPOINT ["nginx_ldp.sh", "-c", "/nginx.conf"]
+ENTRYPOINT ["nginx_ldp.sh", "nginx", "-c", "/nginx.conf"]
--- a/extras/hs-test/docker/Dockerfile.nginx-http3
+++ b/extras/hs-test/docker/Dockerfile.nginx-http3
@ -0,0 +1,24 @@
+FROM hs-test/build
+
+COPY script/build_boringssl.sh /build_boringssl.sh
+RUN git clone https://boringssl.googlesource.com/boringssl
+RUN ./build_boringssl.sh
+
+COPY script/build_nginx.sh /build_nginx.sh
+RUN git clone https://github.com/nginx/nginx
+RUN ./build_nginx.sh
+
+COPY vpp-data/lib/* /usr/lib/
+COPY resources/nginx/vcl.conf /vcl.conf
+COPY resources/nginx/nginx_http3.conf /nginx.conf
+COPY script/nginx_ldp.sh /usr/bin/nginx_ldp.sh
+
+COPY resources/nginx/html/index.html /usr/share/nginx/index.html
+
+ENV VCL_CONFIG=/vcl.conf
+ENV LDP=/usr/lib/libvcl_ldpreload.so
+ENV LDP_DEBUG=0
+ENV VCL_DEBUG=0
+ENV LDP_SID_BIT=8
+
+ENTRYPOINT ["nginx_ldp.sh", "/usr/local/nginx/sbin/nginx", "-c", "/nginx.conf"]
--- a/extras/hs-test/hst_suite.go
+++ b/extras/hs-test/hst_suite.go
@ -4,6 +4,8 @@ import (
 	"flag"
 	"io/ioutil"
 	"os"
+	"os/exec"
+	"strings"
 	"time"

 	"github.com/edwarnicke/exechelper"
@ -162,6 +164,20 @@ func (s *HstSuite) SkipIfMultiWorker(args ...any) {
 	}
 }

+func (s *HstSuite) SkipUnlessExtendedTestsBuilt() {
+	imageName := "hs-test/nginx-http3"
+
+	cmd := exec.Command("docker", "images", imageName)
+	byteOutput, err := cmd.CombinedOutput()
+	if err != nil {
+		s.log("error while searching for docker image")
+		return
+	}
+	if !strings.Contains(string(byteOutput), imageName) {
+		s.skip("extended tests not built")
+	}
+}
+
 func (s *HstSuite) resetContainers() {
 	for _, container := range s.containers {
 		container.stop()
--- a/extras/hs-test/http_test.go
+++ b/extras/hs-test/http_test.go
@ -40,6 +40,26 @@ func (s *VethsSuite) TestHttpCli() {
 	s.assertContains(o, "<html>", "<html> not found in the result!")
 }

+func (s *NoTopoSuite) TestNginxHttp3() {
+	s.SkipUnlessExtendedTestsBuilt()
+
+	query := "index.html"
+	nginxCont := s.getContainerByName("nginx-http3")
+	s.assertNil(nginxCont.run())
+
+	vpp := s.getContainerByName("vpp").vppInstance
+	vpp.waitForApp("nginx-", 5)
+	serverAddress := s.netInterfaces[tapInterfaceName].peer.ip4AddressString()
+
+	defer func() { os.Remove(query) }()
+	curlCont := s.getContainerByName("curl")
+	args := fmt.Sprintf("curl --noproxy '*' --http3-only -k https://%s:8443/%s", serverAddress, query)
+	curlCont.extraRunningArgs = args
+	o, err := curlCont.combinedOutput()
+	s.assertNil(err)
+	s.assertContains(o, "<http>", "<http> not found in the result!")
+}
+
 func (s *NoTopoSuite) TestNginxAsServer() {
 	query := "return_ok"
 	finished := make(chan error, 1)
--- a/extras/hs-test/resources/cert/localhost.crt
+++ b/extras/hs-test/resources/cert/localhost.crt
@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDZTCCAk2gAwIBAgIUF116CAipHqQBCyAEvNesV0u4u0swDQYJKoZIhvcNAQEL
+BQAwQjELMAkGA1UEBhMCU0sxEDAOBgNVBAgMB1ZwcExhbmQxITAfBgNVBAoMGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMzA1MjkxMDI0MjhaFw0yNDA1Mjgx
+MDI0MjhaMEIxCzAJBgNVBAYTAlNLMRAwDgYDVQQIDAdWcHBMYW5kMSEwHwYDVQQK
+DBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCy40rDzrrHPGIyhP24hOBQefEgKD5uUGgSUyJTCur4yB/r2PGt
+LlfipKwDmNArmZuFOgKh8evipu2jYaxf4GHQmi7PGLddvPkqo5FWtVW8oAVJMcp+
+fwfs7OgkqtYD6Y7qjmjfXb9+rMpPN8WZ7cKbJwZpF3lf8GGaLqRmPiQg2j8qzcVy
+nz8cIwBZP8BJVclA9GIagijY7Zcmz0HnTPrPoLMeyLJOTqPMfkUYA2H2eHeISkQP
+BeoFoiwCI5eM35UiWiLyiv9Kojn4BHx6MLrfKBjV13WtcRMgYm5VftsWOZ92lmHm
+bpj9mGgtd84JWtWxs33oG4mNRSAeujf9AE5VAgMBAAGjUzBRMB0GA1UdDgQWBBTj
+s+A5M/Cao+0Phgg6xFBKIPxLqjAfBgNVHSMEGDAWgBTjs+A5M/Cao+0Phgg6xFBK
+IPxLqjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB3EcGDby5u
+cEGjgAFR18kH4ztnYUdZUrPI72sOFfjRLtJpx00n759SBawqNW1Y2a1QRd+GgUBK
+YpYd2gzWYFjf/4c5BN4SrjeZGnQ8N0YomqqGKvOQO0YdYK4i/lWJjLRaLiVBn9EX
+Z+odYhGqQgoAJHnm5Mmqhx9ts8qxZLbdsh+T93mKvj+/yuai2Is+AJfLgZpdKPQN
+bCoZemRm+nghRvEP8aX/469wiz7SOLqUzxrTOtXV48wTU5LWLDCs1lF9ZdGHR9/r
+vj8unnEHIZiH3ZjN7OgaAoNHZE26Ywbmllc/a0vPw8iHdrLe7+Wtp4zXe2rcxhW7
+b+X1/yRCZ+Wg
+-----END CERTIFICATE-----
--- a/extras/hs-test/resources/cert/localhost.key
+++ b/extras/hs-test/resources/cert/localhost.key
@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCy40rDzrrHPGIy
+hP24hOBQefEgKD5uUGgSUyJTCur4yB/r2PGtLlfipKwDmNArmZuFOgKh8evipu2j
+Yaxf4GHQmi7PGLddvPkqo5FWtVW8oAVJMcp+fwfs7OgkqtYD6Y7qjmjfXb9+rMpP
+N8WZ7cKbJwZpF3lf8GGaLqRmPiQg2j8qzcVynz8cIwBZP8BJVclA9GIagijY7Zcm
+z0HnTPrPoLMeyLJOTqPMfkUYA2H2eHeISkQPBeoFoiwCI5eM35UiWiLyiv9Kojn4
+BHx6MLrfKBjV13WtcRMgYm5VftsWOZ92lmHmbpj9mGgtd84JWtWxs33oG4mNRSAe
+ujf9AE5VAgMBAAECggEANwiZ/bdh2t2G0Ef9zoCCif+Z4OzAmCuAePK+gpG/TB41
+Q9eQMlkpjH5gtRKUKHWvVMNOAAhvK2FzhmoMH8rmDMkCUZAnCV2TwjxkACr1X3xT
+Y/s/cr8d7xPLL0ynXrjB0QNS3DT5Lr111/0ue3acAiN1Y2tnWc6YGFj1FsdTUg+O
+zRysrpNUp3LAK+MXIhAXMCGKOOLxpjeyrcnUokH0I8e06of1AfAHX8jTn65MG5Ex
+n9wBYPl+u2J3SjILHoqBKjcSoNILUfBN9mQGeXhoqCzwcnygDtOxIu9xgu2nCcJr
+C1R/WXoQ8Jr6wa1n0aEVXDJeOEK9kKXLTt2/I4HB2QKBgQDemLy+o2/tbFwlU2Xy
+8/tZa30kfLCAZ+kq+lE3Kkfqt3pPYzH+lfO7u/UWtavKRQRdsKsNKbpe/EdGq7c4
+YN3L1KG5JiIo3TxilUPilYacGHklfMMbEK7cs8Jebsl6rL7BgnKuqlXGY0HEEx8L
+XqIKN1RdzL04WLOiA8qDGwYp7wKBgQDNu3DECCTkTa+mZdNDRntoffkgyd0AnwPA
+PEf43BHORpKcfGwFIrf8QWRXcLdh72Yrc9o3D53GCq+NSYGPL2OiY+/3HoAy1mH1
+EBgS08qfkZBKr6+VGjWuVAlD2m2jW+AhGXMS+Lu4yzK3V+0EzlAu4WZVBUngg1//
+6ZtyvXLf+wKBgQCozmO0nvUutFJc7BYQXP5sHZvVo8mmVyb4NMSKdUH8ug/DTJKJ
+YuZnpG6FPlh9GEHrWyMc5Fw11FOpQGe+FZeeEC5k3ophOwWkLVZB6useTWDyEN9V
+Ex3IuXnZa2LX6VDwJyEZXIuX24XwUB/m22k/Hh6Y079bj8kKQJ2/NytBeQKBgQCZ
+RGMmJ8sUKqwJEyLoo8GcfvzyaHC03cI1nLMhuxGo0vq2ihsPWGYpD65pVhfIZkl/
+ZbfT/VZVC/DtGS3kNjHL8Rf8ykRHm18u6uaEYDQ73H3apjfwpK4JSaH9YuT7Jp87
+CXKpV5TCft8xp9d0FR+3TUSnYmE/WaBTTv335RuHsQKBgCFLyxzs0hM/MhCLHJ6b
+AqyNPz36Xcwsgit1Svhwm1IC6FqkSJl3cRKhp1AP5w6ktUfUGNpF/TYI3x2jCg/m
+c0nwmqi/3Cha64XKJcI4iT2+lyuE8jXovMdNiJEEKCDalpyYJbhzRaLsoSFSbiD1
+mFDl8/aNVaQKDDboSuj9AkKs
+-----END PRIVATE KEY-----
--- a/extras/hs-test/resources/nginx/html/index.html
+++ b/extras/hs-test/resources/nginx/html/index.html
@ -0,0 +1,6 @@
+<http>
+    <title>nginx docker with quic</title>
+<body>
+    <p>Greetings!</p>
+</body>
+</http>
--- a/extras/hs-test/resources/nginx/nginx_http3.conf
+++ b/extras/hs-test/resources/nginx/nginx_http3.conf
@ -0,0 +1,25 @@
+master_process off;
+daemon off;
+
+events {
+   use epoll;
+   accept_mutex       off;
+   multi_accept       off;
+}
+
+http {
+  quic_gso on;
+  quic_retry on;
+
+  access_log logs/access.log;
+  keepalive_timeout 300s;
+  sendfile on;
+  server {
+    listen 0.0.0.0:8443 quic;
+    listen 0.0.0.0:8443 ssl;
+    root /usr/share/nginx;
+    ssl_certificate     /etc/nginx/ssl/localhost.crt;
+    ssl_certificate_key /etc/nginx/ssl/localhost.key;
+    index index.html index.htm;
+  }
+}
--- a/extras/hs-test/script/build_boringssl.sh
+++ b/extras/hs-test/script/build_boringssl.sh
@ -0,0 +1,4 @@
+#!/bin/bash
+cd boringssl
+cmake -GNinja -B build
+ninja -C build
--- a/extras/hs-test/script/build_curl.sh
+++ b/extras/hs-test/script/build_curl.sh
@ -0,0 +1,36 @@
+#!/bin/bash
+
+dir1=/tmp/dir1
+dir2=/tmp/dir2
+dir3=/tmp/dir3
+
+git clone --depth 1 -b openssl-3.0.9+quic https://github.com/quictls/openssl
+cd openssl
+echo "install path ${dir1}"
+./config enable-tls1_3 --prefix=${dir1}
+make
+make install
+
+cd ..
+git clone -b v0.12.0 https://github.com/ngtcp2/nghttp3
+cd nghttp3
+autoreconf -fi
+./configure --prefix=${dir2} --enable-lib-only
+make
+make install
+
+cd ..
+git clone -b v0.16.0 https://github.com/ngtcp2/ngtcp2
+cd ngtcp2
+autoreconf -fi
+./configure PKG_CONFIG_PATH=${dir1}/lib64/pkgconfig:${dir2}/lib/pkgconfig LDFLAGS="-Wl,-rpath,${dir1}/lib64" --prefix=${dir3} --enable-lib-only
+make
+make install
+
+cd ..
+git clone https://github.com/curl/curl
+cd curl
+autoreconf -fi
+LDFLAGS="-Wl,-rpath,${dir1}/lib64" ./configure --with-openssl=${dir1} --with-nghttp3=${dir2} --with-ngtcp2=${dir3}
+make
+make install
--- a/extras/hs-test/script/build_hst.sh
+++ b/extras/hs-test/script/build_hst.sh
@ -62,6 +62,11 @@ docker_build () {
 docker_build hs-test/vpp vpp
 docker_build hs-test/nginx-ldp nginx
 docker_build hs-test/nginx-server nginx-server
+docker_build hs-test/build build
+if [ "$HST_EXTENDED_TESTS" = true ] ; then
+    docker_build hs-test/nginx-http3 nginx-http3
+    docker_build hs-test/curl curl
+fi

 # cleanup detached images
 images=$(docker images --filter "dangling=true" -q --no-trunc)
--- a/extras/hs-test/script/build_nginx.sh
+++ b/extras/hs-test/script/build_nginx.sh
@ -0,0 +1,5 @@
+#!/bin/bash
+cd nginx
+./auto/configure --with-debug --with-http_v3_module --with-cc-opt="-I../boringssl/include" --with-ld-opt="-L../boringssl/build/ssl -L../boringssl/build/crypto" --without-http_rewrite_module --without-http_gzip_module
+make
+make install
--- a/extras/hs-test/script/nginx_ldp.sh
+++ b/extras/hs-test/script/nginx_ldp.sh
@ -1,3 +1,3 @@
 #!/usr/bin/env bash

-LD_PRELOAD=$LDP nginx $@ 2>&1 > /proc/1/fd/1
+LD_PRELOAD=$LDP $@ 2>&1 > /proc/1/fd/1
--- a/extras/hs-test/topo-containers/single.yaml
+++ b/extras/hs-test/topo-containers/single.yaml
@ -9,6 +9,7 @@ containers:
      - <<: *shared-vol
        container-dir: "/tmp/vpp"
        is-default-work-dir: true
+
  - name: "nginx"
    volumes:
      - <<: *shared-vol
@ -16,11 +17,31 @@ containers:
        is-default-work-dir: true
    image: "hs-test/nginx-ldp"
    is-optional: true
+
+  - name: "nginx-http3"
+    volumes:
+      - <<: *shared-vol
+        container-dir: "/tmp/nginx"
+        is-default-work-dir: true
+      - host-dir: $HST_DIR/resources/cert
+        container-dir: "/etc/nginx/ssl"
+    image: "hs-test/nginx-http3"
+    is-optional: true
+
  - name: "ab"
    image: "jordi/ab"
    is-optional: true
    run-detached: false
+
  - name: "wrk"
    image: "skandyla/wrk"
    is-optional: true
+    run-detached: false
+
+  - name: "curl"
+    vars:
+    - name: LD_LIBRARY_PATH
+      value: "/usr/local/lib"
+    image: "hs-test/curl"
+    is-optional: true
    run-detached: false
--- a/extras/hs-test/vars
+++ b/extras/hs-test/vars
@ -4,3 +4,4 @@ export HST_LDPRELOAD=${VPP_WS}/build-root/build-vpp-native/vpp/lib/x86_64-linux-
 export PATH=${VPP_WS}/build-root/build-vpp-native/vpp/bin:$PATH

 export UBUNTU_VERSION=$(lsb_release -rs)
+export HST_EXTENDED_TESTS=false