Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixing Test related to SRL 23.10 #1709

Merged
merged 4 commits into from
Nov 12, 2023
Merged

Fixing Test related to SRL 23.10 #1709

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
fc92c61
remove srl ssh key filter
steiler Nov 10, 2023
603c32d
bring back filtering function for older srl releases
hellt Nov 10, 2023
fb861f2
polishing test case
hellt Nov 10, 2023
81b5e2b
Revert "bring back filtering function for older srl releases"
hellt Nov 12, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions nodes/srl/srl.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -598,12 +598,15 @@ func (n *srl) addDefaultConfig(ctx context.Context) error {
DNSServers: n.Config().DNS.Servers,
}

n.filterSSHPubKeys()

// in srlinux >= v23.10+ linuxadmin and admin user ssh keys can only be configured via the cli
// so we add the keys to the template data for rendering.
if len(n.sshPubKeys) > 0 && (semver.Compare(n.swVersion.String(), "v23.10") >= 0 || n.swVersion.major == "0") {
tplData.SSHPubKeys = catenateKeys(n.sshPubKeys)
} else {
// prior to 23.10.1 only rsa keys are supported
// this function filters out non-rsa keys from the
// list of ssh public keys found on the system/agent
n.filterSSHPubKeys()
}
Copy link
Member

@hellt hellt Nov 10, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@steiler I brought back the filtering function since it is required for SRL < 23.10.1

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am dumb. Filtering is not needed as now we support all types of keys in the config in 23.10, and older releases use mounted files, where, again, all keys can be put.


// set MgmtMTU to the MTU value of the runtime management network
Expand Down
46 changes: 37 additions & 9 deletions tests/02-basic-srl/01-two-srls.robot
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,17 +10,25 @@ Suite Teardown Run Keyword Cleanup
${lab-name} 02-01-two-srls
${lab-file-name} 02-srl02.clab.yml
${runtime} docker
${key-name} test
${key-name} clab-test-key


*** Test Cases ***
Create SSH keypair
Set key-path Variable
${key-path} = OperatingSystem.Normalize Path ~/.ssh/${key-name}
Log ${key-path}
Set Suite Variable ${key-path}
# Using ed25519 algo because of paramiko https://github.com/paramiko/paramiko/issues/1915

Create SSH keypair - RSA
${rc} ${output} = Run And Return Rc And Output
... ssh-keygen -t rsa -N "" -f ${key-path}-rsa

Create SSH keypair - ED25519
${rc} ${output} = Run And Return Rc And Output
... ssh-keygen -t ed25519 -N "" -f ${key-path}-ed25519

Create SSH keypair - ecdsa512
${rc} ${output} = Run And Return Rc And Output
... ssh-keygen -t ed25519 -N "" -f ${key-path}
... ssh-keygen -t ecdsa -b 521 -N "" -f ${key-path}-ecdsa512

Deploy ${lab-name} lab
Log ${CURDIR}
Expand Down Expand Up @@ -74,17 +82,37 @@ Ensure srl1 is reachable over ssh
... password=NokiaSrl1!
... try_for=10

Ensure srl1 is reachable over ssh with public key auth
Ensure srl1 is reachable over ssh with public key RSA auth
Login via SSH with public key
... address=clab-${lab-name}-srl1
... username=admin
... keyfile=${key-path}-rsa
... try_for=10

# This test is expected to fail on SR Linux < 23.10.1 since only RSA keys are supported
# on older systems

Ensure srl1 is reachable over ssh with public key ED25519 auth
Login via SSH with public key
... address=clab-${lab-name}-srl1
... username=admin
... keyfile=${key-path}-ed25519
... try_for=10

# This test is expected to fail on SR Linux < 23.10.1 since only RSA keys are supported
# on older systems

Ensure srl1 is reachable over ssh with public key ECDSA512 auth
Login via SSH with public key
... address=clab-${lab-name}-srl1
... username=admin
... keyfile=${key-path}
... keyfile=${key-path}-ecdsa512
... try_for=10

Ensure srl1 can ping srl2 over ethernet-1/1 interface
Sleep 5s give some time for networking stack to settle
${rc} ${output} = Run And Return Rc And Output
... sudo -E ${CLAB_BIN} --runtime ${runtime} exec -t ${CURDIR}/${lab-file-name} --label clab-node-name\=srl1 --cmd "ip netns exec srbase-default ping 192.168.0.1 -c2 -w 3s"
... sudo -E ${CLAB_BIN} --runtime ${runtime} exec -t ${CURDIR}/${lab-file-name} --label clab-node-name\=srl1 --cmd "ip netns exec srbase-default ping 192.168.0.1 -c2 -w 3"
Log ${output}
Should Be Equal As Integers ${rc} 0
Should Contain ${output} 0% packet loss
Expand Down Expand Up @@ -114,4 +142,4 @@ Verify TLS works with JSON-RPC, certificate check and IP address as SAN
*** Keywords ***
Cleanup
Run sudo -E ${CLAB_BIN} --runtime ${runtime} destroy -t ${CURDIR}/${lab-file-name} --cleanup
Run rm -f ${key-path}
Run rm -f ${key-path}*
2 changes: 1 addition & 1 deletion tests/02-basic-srl/03-srl-bgp.robot
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ Verify e1-1 interface have been admin enabled on srl1
Ensure srl1 can ping srl2 over ethernet-1/1 interface
Sleep 5s give some time for networking stack to settle
${rc} ${output} = Run And Return Rc And Output
... sudo -E ${CLAB_BIN} --runtime ${runtime} exec -t ${CURDIR}/${lab-file-name} --label clab-node-name\=srl1 --cmd "ip netns exec srbase-default ping 192.168.0.1 -c2 -w 3s"
... sudo -E ${CLAB_BIN} --runtime ${runtime} exec -t ${CURDIR}/${lab-file-name} --label clab-node-name\=srl1 --cmd "ip netns exec srbase-default ping 192.168.0.1 -c2 -w 3"
Log ${output}
Should Be Equal As Integers ${rc} 0
Should Contain ${output} 0% packet loss
Expand Down