Merge branch 'tkrizek/system-tests-fixes-v9_18' into 'v9_18'

Update various system tests and add them to default test suite [v9_18]

See merge request isc-projects/bind9!6949

bin/tests/system/Makefile.am

@@ -105,10 +105,12 @@ TESTS +=			\
 	checknames		\
 	checkzone		\
 	database		\
+	dialup			\
 	dlzexternal		\
 	dns64			\
 	dscp			\
 	dsdigest		\
+	dupsigs			\
 	dyndb			\
 	ecdsa			\
 	eddsa			\
@@ -170,12 +172,6 @@ TESTS +=			\
 	xferquota		\
 	zonechecks
 
-# The "stress" test is not run by default since it creates enough
-# load on the machine to make it unusable to other users.
-# The "dialup" and "dupsigs" tests are also not run by
-# default because they take a very long time to complete.
-# TESTS += dialup dupsigs stress
-
 if HAVE_LMDB
 TESTS += nzd2nzf
 endif # HAVE_LMDB
@@ -188,6 +184,7 @@ TESTS +=		\
 	nsupdate	\
 	resolver	\
 	statistics	\
+	stress		\
 	upforwd		\
 	zero
 

bin/tests/system/common/controls.conf

@@ -1,22 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * SPDX-License-Identifier: MPL-2.0
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0.  If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-key rndc_key {
-	secret "1234abcd8765";
-	algorithm hmac-sha256;
-};
-
-controls {
-	inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; };
-};
-

bin/tests/system/conf.sh.common

@@ -26,11 +26,6 @@ export LANG=C
 #
 # Common lists of system tests to run.
 #
-# The "stress" test is not run by default since it creates enough
-# load on the machine to make it unusable to other users.
-# The "dialup" and "dupsigs" tests are also not run by
-# default because they take a very long time to complete.
-#
 # The following tests are hard-coded to use ports 5300 and 9953. For
 # this reason, these must be run sequentially.
 #
@@ -51,7 +46,10 @@ SEQUENTIAL_COMMON=""
 # rpzrecurse are scheduled first, in order to get more benefit from
 # parallelism.
 #
-PARALLEL_COMMON="rpzrecurse serve-stale
+PARALLEL_COMMON="
+rpzrecurse
+serve-stale
+dupsigs
 acl
 additional
 addzone

bin/tests/system/dialup/clean.sh

@@ -14,3 +14,5 @@
 rm -f ns2/example.bk
 rm -f ns3/example.bk
 rm -f */named.memstats */named.run
+rm -f ns*/named.conf
+rm -f ns*/named.lock

bin/tests/system/dialup/ns1/named.conf.in

@@ -17,7 +17,7 @@ options {
 	query-source address 10.53.0.1;
 	notify-source 10.53.0.1;
 	transfer-source 10.53.0.1;
-	port 5300;
+	port @PORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.1; };
 	listen-on-v6 { none; };

bin/tests/system/dialup/ns2/named.conf.in

@@ -17,7 +17,7 @@ options {
 	query-source address 10.53.0.2;
 	notify-source 10.53.0.2;
 	transfer-source 10.53.0.2;
-	port 5300;
+	port @PORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.2; };
 	listen-on-v6 { none; };

bin/tests/system/dialup/ns3/named.conf.in

@@ -17,7 +17,7 @@ options {
 	query-source address 10.53.0.3;
 	notify-source 10.53.0.3;
 	transfer-source 10.53.0.3;
-	port 5300;
+	port @PORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.3; };
 	listen-on-v6 { none; };

bin/tests/system/dialup/setup.sh

@@ -0,0 +1,19 @@
+#!/bin/sh
+
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+# shellcheck source=conf.sh
+. ../conf.sh
+
+copy_setports ns1/named.conf.in ns1/named.conf
+copy_setports ns2/named.conf.in ns2/named.conf
+copy_setports ns3/named.conf.in ns3/named.conf

bin/tests/system/dialup/tests.sh

@@ -17,7 +17,7 @@ status=0
 
 rm -f dig.out.*
 
-DIGOPTS="+norec +tcp +noadd +nosea +nostat +noquest +nocmd -p 5300"
+DIGOPTS="+norec +tcp +noadd +nosea +nostat +noquest +nocmd -p ${PORT}"
 
 # Check the example. domain
 

bin/tests/system/digdelv/tests.sh

@@ -1023,7 +1023,7 @@ if [ -x "$DIG" ] ; then
   echo_i "check that dig tries the next server after a UDP socket network unreachable error ($n)"
   ret=0
   dig_with_opts @192.0.2.128 @10.53.0.3 a.example > dig.out.test$n 2>&1 || ret=1
-  test $(grep -F -e "connection refused" -e "timed out" -e "network unreachable" dig.out.test$n | wc -l) -eq 3 || ret=1
+  test $(grep -F -e "connection refused" -e "timed out" -e "network unreachable" -e "host unreachable" dig.out.test$n | wc -l) -eq 3 || ret=1
   grep -F "status: NOERROR" dig.out.test$n > /dev/null || ret=1
   if [ $ret -ne 0 ]; then echo_i "failed"; fi
   status=$((status+ret))
@@ -1032,7 +1032,7 @@ if [ -x "$DIG" ] ; then
   echo_i "check that dig tries the next server after a TCP socket network unreachable error ($n)"
   ret=0
   dig_with_opts +tcp @192.0.2.128 @10.53.0.3 a.example > dig.out.test$n 2>&1 || ret=1
-  test $(grep -F -e "connection refused" -e "timed out" -e "network unreachable" dig.out.test$n | wc -l) -eq 3 || ret=1
+  test $(grep -F -e "connection refused" -e "timed out" -e "network unreachable" -e "host unreachable" dig.out.test$n | wc -l) -eq 3 || ret=1
   grep -F "status: NOERROR" dig.out.test$n > /dev/null || ret=1
   if [ $ret -ne 0 ]; then echo_i "failed"; fi
   status=$((status+ret))

bin/tests/system/dupsigs/check_journal.pl

@@ -197,11 +197,6 @@ if( @changeset ) {
             if( $n_signing_keys == 0 ) {
                 print "at serial $newserial $rrsig_id went unsigned\n";
             }
-            elsif( $rrsig_id =~ /:DNSKEY$/ ) {
-                if( $n_signing_keys != 2 ) {
-                    print "at serial $newserial $rrsig_id was signed $n_signing_keys time(s) when it should have been signed twice\n";
-                }
-            }
             elsif( $n_signing_keys > 1 ) {
                 my @signing_keys = sort { $a <=> $b } keys %{ $rrsig_db{$rrsig_id} };
                 print "at serial $newserial $rrsig_id was signed too many times, keys (@signing_keys)\n";

bin/tests/system/dupsigs/clean.sh

@@ -9,6 +9,7 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 
+rm -f dig.out*
 rm -f ns1/named.conf
 rm -f ns1/named.lock
 rm -f ns1/named.memstats

bin/tests/system/dupsigs/ns1/named.conf.in

@@ -29,5 +29,5 @@ zone "signing.test" {
 	key-directory "keys/signing.test";
 	inline-signing yes;
 	auto-dnssec maintain;
-	sig-validity-interval 120 30;
+	sig-validity-interval 20 5;
 };

bin/tests/system/dupsigs/ns1/reset_keys.sh

@@ -11,7 +11,7 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 
-. ../conf.sh
+. ../../conf.sh
 
 zone=signing.test
 rm -rf keys/signing.test
@@ -52,14 +52,14 @@ $SETTIME -P $BASET -A $BASET $KEYDIR/$KSK
 $SETTIME -P $BASET -A $BASET $KEYDIR/$ZSK0
 
 # schedule the first roll
-R1=`expr $BASE + 300`
+R1=`expr $BASE + 50`
 R1T=`timetodnssec $R1`
 
 $SETTIME -I $R1T $KEYDIR/$ZSK0
 $SETTIME -P $BASET -A $R1T $KEYDIR/$ZSK1
 
 # schedule the second roll (which includes the delete of the first key)
-R2=`expr $R1 + 300`
+R2=`expr $R1 + 50`
 R2T=`timetodnssec $R2`
 DT=$R2
 DTT=`timetodnssec $DT`
@@ -69,8 +69,7 @@ $SETTIME -I $R2T $KEYDIR/$ZSK1
 $SETTIME -P $R1T -A $R2T $KEYDIR/$ZSK2
 
 # schedule the third roll
-# this isn't long enough for the signing to complete
-R3=`expr $R2 + 60`
+R3=`expr $R2 + 25`
 R3T=`timetodnssec $R3`
 
 $SETTIME -D $R3T $KEYDIR/$ZSK1
@@ -89,8 +88,10 @@ echo ZSK4=$ZSK4
 exit
 
 # schedule the fourth roll
-# this isn't long enough for the signing to complete
-R4=`expr $R3 + 30`
+# this isn't long enough for the signing to complete and would result in
+# duplicate signatures, see
+# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/231#note_9597
+R4=`expr $R3 + 10`
 R4T=`timetodnssec $R4`
 
 $SETTIME -D $R4T $KEYDIR/$ZSK2

bin/tests/system/dupsigs/ns1/signing.test.db.in

@@ -15,4 +15,4 @@ $TTL 3600
 ns   A    127.0.0.1
 ns   AAAA ::1
 
-$GENERATE 0-1999 a${0,4,d} AAAA ::$
+$GENERATE 0-499 a${0,4,d} AAAA ::$

bin/tests/system/dupsigs/tests.sh

@@ -13,22 +13,23 @@
 
 status=0
 start=`date +%s`
-end=`expr $start + 1200`
-now=$start
+end=`expr $start + 150`
+sleep 10  # wait for a bit for the initial signing
+now=`expr $start + 10`
 while test $now -lt $end
 do
 	et=`expr $now - $start`
 	echo "=============== $et ============"
 	$JOURNALPRINT ns1/signing.test.db.signed.jnl | $PERL check_journal.pl
-	$DIG axfr signing.test -p 5300 @10.53.0.1 > dig.out.at$et
+	$DIG axfr signing.test -p ${PORT} @10.53.0.1 > dig.out.at$et
 	awk '$4 == "RRSIG" { print $11 }' dig.out.at$et | sort | uniq -c
 	lines=`awk '$4 == "RRSIG" { print}' dig.out.at$et | wc -l`
-	if [ ${et} -ne 0 -a ${lines} -ne 4009 ]
+	if [ ${et} -ne 0 -a ${lines} -ne 1008 ]
 	then
 		echo_i "failed"
 		status=`expr $status + 1`
 	fi
-	sleep 20
+	sleep 5
 	now=`date +%s`
 done
 

bin/tests/system/rrl/broken.conf.in

@@ -17,7 +17,7 @@ options {
 	query-source address 10.53.0.5;
 	notify-source 10.53.0.5;
 	transfer-source 10.53.0.5;
-	port 5300;
+	port @PORT@;
 	pid-file "named.pid";
 	statistics-file	"named.stats";
 	listen-on { 10.53.0.5; };
@@ -41,6 +41,6 @@ key rndc_key {
 	algorithm hmac-sha256;
 };
 controls {
-	inet 10.53.0.5 port 9953 allow { any; } keys { rndc_key; };
+	inet 10.53.0.5 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };
 

bin/tests/system/rrl/clean.sh

@@ -16,5 +16,6 @@ rm -f  */named.memstats */named.run */named.stats */log-* */session.key
 rm -f ns3/bl*.db */*.jnl */*.core */*.pid
 rm -f ns*/named.lock
 rm -f ns*/named.conf
+rm -f broken.conf
 rm -f broken.out
 rm -f ns*/managed-keys.bind*

bin/tests/system/rrl/setup.sh

@@ -15,6 +15,7 @@
 
 $SHELL clean.sh
 
+copy_setports broken.conf.in broken.conf
 copy_setports ns1/named.conf.in ns1/named.conf
 copy_setports ns2/named.conf.in ns2/named.conf
 copy_setports ns3/named.conf.in ns3/named.conf

bin/tests/system/stress/clean.sh

@@ -17,9 +17,12 @@ rm -f ns?/zones.conf
 rm -f ns?/zone*.bk
 
 rm -f ns1/delegations.db
+rm -f ns1/root.db
 
 rm -f ns2/zone0*.db
 rm -f ns2/zone0*.jnl
 rm -f */named.memstats
 rm -f ns*/named.lock
 rm -f ns*/managed-keys.bind*
+rm -f ns*/named.run
+rm -f ns*/named.conf

bin/tests/system/stress/ns1/named.conf.in

@@ -17,7 +17,7 @@ options {
 	query-source address 10.53.0.1;
 	notify-source 10.53.0.1;
 	transfer-source 10.53.0.1;
-	port 5300;
+	port @PORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.1; };
 	listen-on-v6 { none; };

bin/tests/system/stress/ns2/named.conf.in

@@ -17,7 +17,7 @@ options {
 	query-source address 10.53.0.2;
 	notify-source 10.53.0.2;
 	transfer-source 10.53.0.2;
-	port 5300;
+	port @PORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.2; };
 	listen-on-v6 { none; };

bin/tests/system/stress/ns3/named.conf.in

@@ -17,7 +17,7 @@ options {
 	query-source address 10.53.0.3;
 	notify-source 10.53.0.3;
 	transfer-source 10.53.0.3;
-	port 5300;
+	port @PORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.3; };
 	listen-on-v6 { none; };
@@ -32,7 +32,7 @@ key rndc_key {
 };
 
 controls {
-	inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; };
+	inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };
 
 zone "." {

bin/tests/system/stress/ns4/named.conf.in

@@ -17,7 +17,7 @@ options {
 	query-source address 10.53.0.4;
 	notify-source 10.53.0.4;
 	transfer-source 10.53.0.4;
-	port 5300;
+	port @PORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.4; };
 	listen-on-v6 { none; };

bin/tests/system/stress/setup.sh

@@ -19,3 +19,8 @@
 #
 
 $PERL setup.pl
+
+copy_setports ns1/named.conf.in ns1/named.conf
+copy_setports ns2/named.conf.in ns2/named.conf
+copy_setports ns3/named.conf.in ns3/named.conf
+copy_setports ns4/named.conf.in ns4/named.conf

bin/tests/system/stress/tests.sh

@@ -17,7 +17,7 @@ status=0
 
 (
 $SHELL -c "while true
-           do $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reload 2>&1 |
+           do $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p $CONTROLPORT reload 2>&1 |
 	       sed 's/^/I:ns3 /';
 	   sleep 1
        done" & echo $! >reload.pid
@@ -25,7 +25,7 @@ $SHELL -c "while true
 
 for i in 0 1 2 3 4
 do
-       $PERL update.pl -s 10.53.0.2 -p 5300 zone00000$i.example. &
+       $PERL update.pl -s 10.53.0.2 -p $PORT zone00000$i.example. &
 done
 
 echo_i "waiting for background processes to finish"
@@ -34,5 +34,9 @@ wait
 echo_i "killing reload loop"
 kill `cat reload.pid`
 
+# If the test has run to completion without named crashing, it has succeeded.
+# Otherwise, the crash will be detected by the test framework and the test will
+# fail.
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1

bin/tests/system/synthfromdnssec/ns4/named.conf.in

@@ -46,4 +46,3 @@ zone "." {
 };
 
 include "../ns1/trusted.conf";
-// include "../../common/controls.conf";