From e13c532dbf6342c275eee95380f00b5b3eeb6d7b Mon Sep 17 00:00:00 2001 From: Jonas Nick Date: Sun, 2 Aug 2020 20:59:11 +0000 Subject: [PATCH 1/6] tests: move common code of scenarios python scripts to the top --- test/scenarios/default.py | 39 ++++++--- test/scenarios/withnetns.py | 154 ++++++++++++++++++++---------------- 2 files changed, 114 insertions(+), 79 deletions(-) diff --git a/test/scenarios/default.py b/test/scenarios/default.py index 76c9fcb..7de4c0a 100644 --- a/test/scenarios/default.py +++ b/test/scenarios/default.py @@ -18,7 +18,6 @@ machine.wait_until_succeeds( ) assert_running("electrs") -machine.wait_for_open_port(4224) # prometeus metrics provider # Check RPC connection to bitcoind machine.wait_until_succeeds(log_has_string("electrs", "NetworkInfo")) assert_running("nginx") @@ -35,17 +34,11 @@ assert_matches("su operator -c 'lightning-cli getinfo' | jq", '"id"') assert_running("spark-wallet") spark_auth = re.search("login=(.*)", succeed("cat /secrets/spark-wallet-login"))[1] -machine.wait_for_open_port(9737) -assert_matches(f"curl -s {spark_auth}@localhost:9737", "Spark") assert_running("lightning-charge") charge_auth = re.search("API_TOKEN=(.*)", succeed("cat /secrets/lightning-charge-env"))[1] -machine.wait_for_open_port(9112) -assert_matches(f"curl -s api-token:{charge_auth}@localhost:9112/info | jq", '"id"') assert_running("nanopos") -machine.wait_for_open_port(9116) -assert_matches("curl localhost:9116", "tshirt") assert_running("onion-chef") @@ -53,9 +46,6 @@ assert_running("onion-chef") # to incomplete unit dependencies. # 'create-web-index' implicitly tests 'nodeinfo'. machine.wait_for_unit("create-web-index") -machine.wait_for_open_port(80) -assert_matches("curl localhost", "nix-bitcoin") -assert_matches("curl -L localhost/store", "tshirt") machine.wait_until_succeeds(log_has_string("bitcoind-import-banlist", "Importing node banlist")) assert_no_failure("bitcoind-import-banlist") @@ -84,7 +74,8 @@ assert_no_failure("bitcoind-import-banlist") ### Test lnd -succeed("systemctl stop nanopos lightning-charge spark-wallet clightning") +stopped_services = "nanopos lightning-charge spark-wallet clightning" +succeed("systemctl stop " + stopped_services) succeed("systemctl start lnd") assert_matches("su operator -c 'lncli getinfo' | jq", '"version"') assert_no_failure("lnd") @@ -98,3 +89,29 @@ assert_matches("su operator -c 'loop --version'", "version") machine.wait_until_succeeds( log_has_string("lightning-loop", "chain notifier RPC isstill in the process of starting") ) + +### Stop lnd and restart clightning +succeed("systemctl stop lnd") +succeed("systemctl start " + stopped_services) + +## electrs +# the main test body stops electrs +succeed("systemctl start electrs") +machine.wait_for_open_port(4224) # prometeus metrics provider + +## spark-wallet +machine.wait_for_open_port(9737) +assert_matches(f"curl -s {spark_auth}@localhost:9737", "Spark") + +## lightning-charge +machine.wait_for_open_port(9112) +assert_matches(f"curl -s api-token:{charge_auth}@localhost:9112/info | jq", '"id"') + +## nanopos +machine.wait_for_open_port(9116) +assert_matches("curl localhost:9116", "tshirt") + +## web index +machine.wait_for_open_port(80) +assert_matches("curl localhost", "nix-bitcoin") +assert_matches("curl -L localhost/store", "tshirt") diff --git a/test/scenarios/withnetns.py b/test/scenarios/withnetns.py index 06567c3..0cf8e64 100644 --- a/test/scenarios/withnetns.py +++ b/test/scenarios/withnetns.py @@ -1,15 +1,3 @@ -# netns IP addresses -bitcoind_ip = "169.254.1.12" -clightning_ip = "169.254.1.13" -lnd_ip = "169.254.1.14" -liquidd_ip = "169.254.1.15" -electrs_ip = "169.254.1.16" -sparkwallet_ip = "169.254.1.17" -lightningcharge_ip = "169.254.1.18" -nanopos_ip = "169.254.1.19" -recurringdonations_ip = "169.254.1.20" -nginx_ip = "169.254.1.21" - ### Tests assert_running("setup-secrets") @@ -30,9 +18,6 @@ machine.wait_until_succeeds( ) assert_running("electrs") -machine.wait_until_succeeds( - "ip netns exec nb-electrs nc -z localhost 4224" -) # prometeus metrics provider # Check RPC connection to bitcoind machine.wait_until_succeeds(log_has_string("electrs", "NetworkInfo")) assert_running("nginx") @@ -49,23 +34,11 @@ assert_matches("su operator -c 'lightning-cli getinfo' | jq", '"id"') assert_running("spark-wallet") spark_auth = re.search("login=(.*)", succeed("cat /secrets/spark-wallet-login"))[1] -machine.wait_until_succeeds("ip netns exec nb-spark-wallet nc -z %s 9737" % sparkwallet_ip) -assert_matches( - f"ip netns exec nb-spark-wallet curl -s {spark_auth}@%s:9737" % sparkwallet_ip, "Spark" -) assert_running("lightning-charge") charge_auth = re.search("API_TOKEN=(.*)", succeed("cat /secrets/lightning-charge-env"))[1] -machine.wait_until_succeeds("ip netns exec nb-nanopos nc -z %s 9112" % lightningcharge_ip) -assert_matches( - f"ip netns exec nb-nanopos curl -s api-token:{charge_auth}@%s:9112/info | jq" - % lightningcharge_ip, - '"id"', -) assert_running("nanopos") -machine.wait_until_succeeds("ip netns exec nb-lightning-charge nc -z %s 9116" % nanopos_ip) -assert_matches("ip netns exec nb-lightning-charge curl %s:9116" % nanopos_ip, "tshirt") assert_running("onion-chef") @@ -73,12 +46,96 @@ assert_running("onion-chef") # to incomplete unit dependencies. # 'create-web-index' implicitly tests 'nodeinfo'. machine.wait_for_unit("create-web-index") + +machine.wait_until_succeeds(log_has_string("bitcoind-import-banlist", "Importing node banlist")) +assert_no_failure("bitcoind-import-banlist") + +# test that `systemctl status` can't leak credentials +assert_matches( + "sudo -u electrs systemctl status clightning 2>&1 >/dev/null", + "Failed to dump process list for 'clightning.service', ignoring: Access denied", +) +machine.succeed("grep -Fq hidepid=2 /proc/mounts") + +### Additional tests + +# Current time in µs +pre_restart = succeed("date +%s.%6N").rstrip() + +# Sanity-check system by restarting all services +succeed("systemctl restart bitcoind clightning spark-wallet lightning-charge nanopos liquidd") + +# Now that the bitcoind restart triggered a banlist import restart, check that +# re-importing already banned addresses works +machine.wait_until_succeeds( + log_has_string(f"bitcoind-import-banlist --since=@{pre_restart}", "Importing node banlist") +) +assert_no_failure("bitcoind-import-banlist") + +### Test lnd + +stopped_services = "nanopos lightning-charge spark-wallet clightning" +succeed("systemctl stop " + stopped_services) +succeed("systemctl start lnd") +assert_matches("su operator -c 'lncli getinfo' | jq", '"version"') +assert_no_failure("lnd") + +### Test loopd + +succeed("systemctl start lightning-loop") +assert_matches("su operator -c 'loop --version'", "version") +# Check that lightning-loop fails with the right error, making sure +# lightning-loop can connect to lnd +machine.wait_until_succeeds( + log_has_string("lightning-loop", "chain notifier RPC isstill in the process of starting") +) + +### Stop lnd and restart clightning +succeed("systemctl stop lnd") +succeed("systemctl start " + stopped_services) + +# netns IP addresses +bitcoind_ip = "169.254.1.12" +clightning_ip = "169.254.1.13" +lnd_ip = "169.254.1.14" +liquidd_ip = "169.254.1.15" +electrs_ip = "169.254.1.16" +sparkwallet_ip = "169.254.1.17" +lightningcharge_ip = "169.254.1.18" +nanopos_ip = "169.254.1.19" +recurringdonations_ip = "169.254.1.20" +nginx_ip = "169.254.1.21" + +## electrs +# the main test body stops electrs +succeed("systemctl start electrs") +machine.wait_until_succeeds( + "ip netns exec nb-electrs nc -z localhost 4224" +) # prometeus metrics provider + +## spark-wallet +machine.wait_until_succeeds("ip netns exec nb-spark-wallet nc -z %s 9737" % sparkwallet_ip) +assert_matches( + f"ip netns exec nb-spark-wallet curl -s {spark_auth}@%s:9737" % sparkwallet_ip, "Spark" +) + +## lightning-charge +machine.wait_until_succeeds("ip netns exec nb-nanopos nc -z %s 9112" % lightningcharge_ip) +assert_matches( + f"ip netns exec nb-nanopos curl -s api-token:{charge_auth}@%s:9112/info | jq" + % lightningcharge_ip, + '"id"', +) + +## nanopos +machine.wait_until_succeeds("ip netns exec nb-lightning-charge nc -z %s 9116" % nanopos_ip) +assert_matches("ip netns exec nb-lightning-charge curl %s:9116" % nanopos_ip, "tshirt") + +## webindex machine.wait_until_succeeds("ip netns exec nb-nginx nc -z localhost 80") assert_matches("ip netns exec nb-nginx curl localhost", "nix-bitcoin") assert_matches("ip netns exec nb-nginx curl -L localhost/store", "tshirt") -machine.wait_until_succeeds(log_has_string("bitcoind-import-banlist", "Importing node banlist")) -assert_no_failure("bitcoind-import-banlist") ### Security tests @@ -121,42 +178,3 @@ assert_matches_exactly( # test that netns-exec can not be executed by users that are not operator machine.fail("sudo -u clightning netns-exec nb-bitcoind ip a") - -# test that `systemctl status` can't leak credentials -assert_matches( - "sudo -u electrs systemctl status clightning 2>&1 >/dev/null", - "Failed to dump process list for 'clightning.service', ignoring: Access denied", -) -machine.succeed("grep -Fq hidepid=2 /proc/mounts") - -### Additional tests - -# Current time in µs -pre_restart = succeed("date +%s.%6N").rstrip() - -# Sanity-check system by restarting all services -succeed("systemctl restart bitcoind clightning spark-wallet lightning-charge nanopos liquidd") - -# Now that the bitcoind restart triggered a banlist import restart, check that -# re-importing already banned addresses works -machine.wait_until_succeeds( - log_has_string(f"bitcoind-import-banlist --since=@{pre_restart}", "Importing node banlist") -) -assert_no_failure("bitcoind-import-banlist") - -### Test lnd - -succeed("systemctl stop nanopos lightning-charge spark-wallet clightning") -succeed("systemctl start lnd") -assert_matches("su operator -c 'lncli getinfo' | jq", '"version"') -assert_no_failure("lnd") - -### Test loopd - -succeed("systemctl start lightning-loop") -assert_matches("su operator -c 'loop --version'", "version") -# Check that lightning-loop fails with the right error, making sure -# lightning-loop can connect to lnd -machine.wait_until_succeeds( - log_has_string("lightning-loop", "chain notifier RPC isstill in the process of starting") -) From 3d2b3661563d4887d25f5ff1f5b57f27aca973b6 Mon Sep 17 00:00:00 2001 From: Jonas Nick Date: Sun, 2 Aug 2020 21:12:45 +0000 Subject: [PATCH 2/6] tests: move common code in tests to lib --- test/scenarios/default.py | 96 ------------------------------------- test/scenarios/lib.py | 96 +++++++++++++++++++++++++++++++++++++ test/scenarios/withnetns.py | 96 ------------------------------------- 3 files changed, 96 insertions(+), 192 deletions(-) diff --git a/test/scenarios/default.py b/test/scenarios/default.py index 7de4c0a..09aaaa2 100644 --- a/test/scenarios/default.py +++ b/test/scenarios/default.py @@ -1,99 +1,3 @@ -### Tests - -assert_running("setup-secrets") -# Unused secrets should be inaccessible -succeed('[[ $(stat -c "%U:%G %a" /secrets/dummy) = "root:root 440" ]]') - -assert_running("bitcoind") -machine.wait_until_succeeds("bitcoin-cli getnetworkinfo") -assert_matches("su operator -c 'bitcoin-cli getnetworkinfo' | jq", '"version"') -# Test RPC Whitelist -machine.wait_until_succeeds("su operator -c 'bitcoin-cli help'") -# Restating rpcuser & rpcpassword overrides privileged credentials -machine.fail( - "bitcoin-cli -rpcuser=publicrpc -rpcpassword=$(cat /secrets/bitcoin-rpcpassword-public) help" -) -machine.wait_until_succeeds( - log_has_string("bitcoind", "RPC User publicrpc not allowed to call method help") -) - -assert_running("electrs") -# Check RPC connection to bitcoind -machine.wait_until_succeeds(log_has_string("electrs", "NetworkInfo")) -assert_running("nginx") -# Stop electrs from spamming the test log with 'wait for bitcoind sync' messages -succeed("systemctl stop electrs") - -assert_running("liquidd") -machine.wait_until_succeeds("elements-cli getnetworkinfo") -assert_matches("su operator -c 'elements-cli getnetworkinfo' | jq", '"version"') -succeed("su operator -c 'liquidswap-cli --help'") - -assert_running("clightning") -assert_matches("su operator -c 'lightning-cli getinfo' | jq", '"id"') - -assert_running("spark-wallet") -spark_auth = re.search("login=(.*)", succeed("cat /secrets/spark-wallet-login"))[1] - -assert_running("lightning-charge") -charge_auth = re.search("API_TOKEN=(.*)", succeed("cat /secrets/lightning-charge-env"))[1] - -assert_running("nanopos") - -assert_running("onion-chef") - -# FIXME: use 'wait_for_unit' because 'create-web-index' always fails during startup due -# to incomplete unit dependencies. -# 'create-web-index' implicitly tests 'nodeinfo'. -machine.wait_for_unit("create-web-index") - -machine.wait_until_succeeds(log_has_string("bitcoind-import-banlist", "Importing node banlist")) -assert_no_failure("bitcoind-import-banlist") - -# test that `systemctl status` can't leak credentials -assert_matches( - "sudo -u electrs systemctl status clightning 2>&1 >/dev/null", - "Failed to dump process list for 'clightning.service', ignoring: Access denied", -) -machine.succeed("grep -Fq hidepid=2 /proc/mounts") - -### Additional tests - -# Current time in µs -pre_restart = succeed("date +%s.%6N").rstrip() - -# Sanity-check system by restarting all services -succeed("systemctl restart bitcoind clightning spark-wallet lightning-charge nanopos liquidd") - -# Now that the bitcoind restart triggered a banlist import restart, check that -# re-importing already banned addresses works -machine.wait_until_succeeds( - log_has_string(f"bitcoind-import-banlist --since=@{pre_restart}", "Importing node banlist") -) -assert_no_failure("bitcoind-import-banlist") - -### Test lnd - -stopped_services = "nanopos lightning-charge spark-wallet clightning" -succeed("systemctl stop " + stopped_services) -succeed("systemctl start lnd") -assert_matches("su operator -c 'lncli getinfo' | jq", '"version"') -assert_no_failure("lnd") - -### Test loopd - -succeed("systemctl start lightning-loop") -assert_matches("su operator -c 'loop --version'", "version") -# Check that lightning-loop fails with the right error, making sure -# lightning-loop can connect to lnd -machine.wait_until_succeeds( - log_has_string("lightning-loop", "chain notifier RPC isstill in the process of starting") -) - -### Stop lnd and restart clightning -succeed("systemctl stop lnd") -succeed("systemctl start " + stopped_services) - ## electrs # the main test body stops electrs succeed("systemctl start electrs") diff --git a/test/scenarios/lib.py b/test/scenarios/lib.py index 6fe4487..7e8dc6c 100644 --- a/test/scenarios/lib.py +++ b/test/scenarios/lib.py @@ -32,3 +32,99 @@ def assert_running(unit): # Don't execute the following test suite when this script is running in interactive mode if "is_interactive" in vars(): raise Exception() + +### Tests + +assert_running("setup-secrets") +# Unused secrets should be inaccessible +succeed('[[ $(stat -c "%U:%G %a" /secrets/dummy) = "root:root 440" ]]') + +assert_running("bitcoind") +machine.wait_until_succeeds("bitcoin-cli getnetworkinfo") +assert_matches("su operator -c 'bitcoin-cli getnetworkinfo' | jq", '"version"') +# Test RPC Whitelist +machine.wait_until_succeeds("su operator -c 'bitcoin-cli help'") +# Restating rpcuser & rpcpassword overrides privileged credentials +machine.fail( + "bitcoin-cli -rpcuser=publicrpc -rpcpassword=$(cat /secrets/bitcoin-rpcpassword-public) help" +) +machine.wait_until_succeeds( + log_has_string("bitcoind", "RPC User publicrpc not allowed to call method help") +) + +assert_running("electrs") +# Check RPC connection to bitcoind +machine.wait_until_succeeds(log_has_string("electrs", "NetworkInfo")) +assert_running("nginx") +# Stop electrs from spamming the test log with 'wait for bitcoind sync' messages +succeed("systemctl stop electrs") + +assert_running("liquidd") +machine.wait_until_succeeds("elements-cli getnetworkinfo") +assert_matches("su operator -c 'elements-cli getnetworkinfo' | jq", '"version"') +succeed("su operator -c 'liquidswap-cli --help'") + +assert_running("clightning") +assert_matches("su operator -c 'lightning-cli getinfo' | jq", '"id"') + +assert_running("spark-wallet") +spark_auth = re.search("login=(.*)", succeed("cat /secrets/spark-wallet-login"))[1] + +assert_running("lightning-charge") +charge_auth = re.search("API_TOKEN=(.*)", succeed("cat /secrets/lightning-charge-env"))[1] + +assert_running("nanopos") + +assert_running("onion-chef") + +# FIXME: use 'wait_for_unit' because 'create-web-index' always fails during startup due +# to incomplete unit dependencies. +# 'create-web-index' implicitly tests 'nodeinfo'. +machine.wait_for_unit("create-web-index") + +machine.wait_until_succeeds(log_has_string("bitcoind-import-banlist", "Importing node banlist")) +assert_no_failure("bitcoind-import-banlist") + +# test that `systemctl status` can't leak credentials +assert_matches( + "sudo -u electrs systemctl status clightning 2>&1 >/dev/null", + "Failed to dump process list for 'clightning.service', ignoring: Access denied", +) +machine.succeed("grep -Fq hidepid=2 /proc/mounts") + +### Additional tests + +# Current time in µs +pre_restart = succeed("date +%s.%6N").rstrip() + +# Sanity-check system by restarting all services +succeed("systemctl restart bitcoind clightning spark-wallet lightning-charge nanopos liquidd") + +# Now that the bitcoind restart triggered a banlist import restart, check that +# re-importing already banned addresses works +machine.wait_until_succeeds( + log_has_string(f"bitcoind-import-banlist --since=@{pre_restart}", "Importing node banlist") +) +assert_no_failure("bitcoind-import-banlist") + +### Test lnd + +stopped_services = "nanopos lightning-charge spark-wallet clightning" +succeed("systemctl stop " + stopped_services) +succeed("systemctl start lnd") +assert_matches("su operator -c 'lncli getinfo' | jq", '"version"') +assert_no_failure("lnd") + +### Test loopd + +succeed("systemctl start lightning-loop") +assert_matches("su operator -c 'loop --version'", "version") +# Check that lightning-loop fails with the right error, making sure +# lightning-loop can connect to lnd +machine.wait_until_succeeds( + log_has_string("lightning-loop", "chain notifier RPC isstill in the process of starting") +) + +### Stop lnd and restart clightning +succeed("systemctl stop lnd") +succeed("systemctl start " + stopped_services) diff --git a/test/scenarios/withnetns.py b/test/scenarios/withnetns.py index 0cf8e64..d2f102f 100644 --- a/test/scenarios/withnetns.py +++ b/test/scenarios/withnetns.py @@ -1,99 +1,3 @@ -### Tests - -assert_running("setup-secrets") -# Unused secrets should be inaccessible -succeed('[[ $(stat -c "%U:%G %a" /secrets/dummy) = "root:root 440" ]]') - -assert_running("bitcoind") -machine.wait_until_succeeds("bitcoin-cli getnetworkinfo") -assert_matches("su operator -c 'bitcoin-cli getnetworkinfo' | jq", '"version"') -# Test RPC Whitelist -machine.wait_until_succeeds("su operator -c 'bitcoin-cli help'") -# Restating rpcuser & rpcpassword overrides privileged credentials -machine.fail( - "bitcoin-cli -rpcuser=publicrpc -rpcpassword=$(cat /secrets/bitcoin-rpcpassword-public) help" -) -machine.wait_until_succeeds( - log_has_string("bitcoind", "RPC User publicrpc not allowed to call method help") -) - -assert_running("electrs") -# Check RPC connection to bitcoind -machine.wait_until_succeeds(log_has_string("electrs", "NetworkInfo")) -assert_running("nginx") -# Stop electrs from spamming the test log with 'wait for bitcoind sync' messages -succeed("systemctl stop electrs") - -assert_running("liquidd") -machine.wait_until_succeeds("elements-cli getnetworkinfo") -assert_matches("su operator -c 'elements-cli getnetworkinfo' | jq", '"version"') -succeed("su operator -c 'liquidswap-cli --help'") - -assert_running("clightning") -assert_matches("su operator -c 'lightning-cli getinfo' | jq", '"id"') - -assert_running("spark-wallet") -spark_auth = re.search("login=(.*)", succeed("cat /secrets/spark-wallet-login"))[1] - -assert_running("lightning-charge") -charge_auth = re.search("API_TOKEN=(.*)", succeed("cat /secrets/lightning-charge-env"))[1] - -assert_running("nanopos") - -assert_running("onion-chef") - -# FIXME: use 'wait_for_unit' because 'create-web-index' always fails during startup due -# to incomplete unit dependencies. -# 'create-web-index' implicitly tests 'nodeinfo'. -machine.wait_for_unit("create-web-index") - -machine.wait_until_succeeds(log_has_string("bitcoind-import-banlist", "Importing node banlist")) -assert_no_failure("bitcoind-import-banlist") - -# test that `systemctl status` can't leak credentials -assert_matches( - "sudo -u electrs systemctl status clightning 2>&1 >/dev/null", - "Failed to dump process list for 'clightning.service', ignoring: Access denied", -) -machine.succeed("grep -Fq hidepid=2 /proc/mounts") - -### Additional tests - -# Current time in µs -pre_restart = succeed("date +%s.%6N").rstrip() - -# Sanity-check system by restarting all services -succeed("systemctl restart bitcoind clightning spark-wallet lightning-charge nanopos liquidd") - -# Now that the bitcoind restart triggered a banlist import restart, check that -# re-importing already banned addresses works -machine.wait_until_succeeds( - log_has_string(f"bitcoind-import-banlist --since=@{pre_restart}", "Importing node banlist") -) -assert_no_failure("bitcoind-import-banlist") - -### Test lnd - -stopped_services = "nanopos lightning-charge spark-wallet clightning" -succeed("systemctl stop " + stopped_services) -succeed("systemctl start lnd") -assert_matches("su operator -c 'lncli getinfo' | jq", '"version"') -assert_no_failure("lnd") - -### Test loopd - -succeed("systemctl start lightning-loop") -assert_matches("su operator -c 'loop --version'", "version") -# Check that lightning-loop fails with the right error, making sure -# lightning-loop can connect to lnd -machine.wait_until_succeeds( - log_has_string("lightning-loop", "chain notifier RPC isstill in the process of starting") -) - -### Stop lnd and restart clightning -succeed("systemctl stop lnd") -succeed("systemctl start " + stopped_services) - # netns IP addresses bitcoind_ip = "169.254.1.12" clightning_ip = "169.254.1.13" From 6f9349b0a4db775b9d538938573874e8a40e214c Mon Sep 17 00:00:00 2001 From: Jonas Nick Date: Sun, 2 Aug 2020 21:20:51 +0000 Subject: [PATCH 3/6] tests: create run_tests() function in the scenario lib --- test/scenarios/default.py | 4 + test/scenarios/lib.py | 146 ++++++++++++++++++------------------ test/scenarios/withnetns.py | 4 + 3 files changed, 81 insertions(+), 73 deletions(-) diff --git a/test/scenarios/default.py b/test/scenarios/default.py index 09aaaa2..59427d8 100644 --- a/test/scenarios/default.py +++ b/test/scenarios/default.py @@ -1,3 +1,5 @@ +run_tests() + ## electrs # the main test body stops electrs succeed("systemctl start electrs") @@ -5,10 +7,12 @@ machine.wait_for_open_port(4224) # prometeus metrics provider ## spark-wallet machine.wait_for_open_port(9737) +spark_auth = re.search("login=(.*)", succeed("cat /secrets/spark-wallet-login"))[1] assert_matches(f"curl -s {spark_auth}@localhost:9737", "Spark") ## lightning-charge machine.wait_for_open_port(9112) +charge_auth = re.search("API_TOKEN=(.*)", succeed("cat /secrets/lightning-charge-env"))[1] assert_matches(f"curl -s api-token:{charge_auth}@localhost:9112/info | jq", '"id"') ## nanopos diff --git a/test/scenarios/lib.py b/test/scenarios/lib.py index 7e8dc6c..7d7e777 100644 --- a/test/scenarios/lib.py +++ b/test/scenarios/lib.py @@ -35,96 +35,96 @@ if "is_interactive" in vars(): ### Tests -assert_running("setup-secrets") -# Unused secrets should be inaccessible -succeed('[[ $(stat -c "%U:%G %a" /secrets/dummy) = "root:root 440" ]]') -assert_running("bitcoind") -machine.wait_until_succeeds("bitcoin-cli getnetworkinfo") -assert_matches("su operator -c 'bitcoin-cli getnetworkinfo' | jq", '"version"') -# Test RPC Whitelist -machine.wait_until_succeeds("su operator -c 'bitcoin-cli help'") -# Restating rpcuser & rpcpassword overrides privileged credentials -machine.fail( - "bitcoin-cli -rpcuser=publicrpc -rpcpassword=$(cat /secrets/bitcoin-rpcpassword-public) help" -) -machine.wait_until_succeeds( - log_has_string("bitcoind", "RPC User publicrpc not allowed to call method help") -) +def run_tests(): + assert_running("setup-secrets") + # Unused secrets should be inaccessible + succeed('[[ $(stat -c "%U:%G %a" /secrets/dummy) = "root:root 440" ]]') -assert_running("electrs") -# Check RPC connection to bitcoind -machine.wait_until_succeeds(log_has_string("electrs", "NetworkInfo")) -assert_running("nginx") -# Stop electrs from spamming the test log with 'wait for bitcoind sync' messages -succeed("systemctl stop electrs") + assert_running("bitcoind") + machine.wait_until_succeeds("bitcoin-cli getnetworkinfo") + assert_matches("su operator -c 'bitcoin-cli getnetworkinfo' | jq", '"version"') + # Test RPC Whitelist + machine.wait_until_succeeds("su operator -c 'bitcoin-cli help'") + # Restating rpcuser & rpcpassword overrides privileged credentials + machine.fail( + "bitcoin-cli -rpcuser=publicrpc -rpcpassword=$(cat /secrets/bitcoin-rpcpassword-public) help" + ) + machine.wait_until_succeeds( + log_has_string("bitcoind", "RPC User publicrpc not allowed to call method help") + ) -assert_running("liquidd") -machine.wait_until_succeeds("elements-cli getnetworkinfo") -assert_matches("su operator -c 'elements-cli getnetworkinfo' | jq", '"version"') -succeed("su operator -c 'liquidswap-cli --help'") + assert_running("electrs") + # Check RPC connection to bitcoind + machine.wait_until_succeeds(log_has_string("electrs", "NetworkInfo")) + assert_running("nginx") + # Stop electrs from spamming the test log with 'wait for bitcoind sync' messages + succeed("systemctl stop electrs") -assert_running("clightning") -assert_matches("su operator -c 'lightning-cli getinfo' | jq", '"id"') + assert_running("liquidd") + machine.wait_until_succeeds("elements-cli getnetworkinfo") + assert_matches("su operator -c 'elements-cli getnetworkinfo' | jq", '"version"') + succeed("su operator -c 'liquidswap-cli --help'") -assert_running("spark-wallet") -spark_auth = re.search("login=(.*)", succeed("cat /secrets/spark-wallet-login"))[1] + assert_running("clightning") + assert_matches("su operator -c 'lightning-cli getinfo' | jq", '"id"') -assert_running("lightning-charge") -charge_auth = re.search("API_TOKEN=(.*)", succeed("cat /secrets/lightning-charge-env"))[1] + assert_running("spark-wallet") -assert_running("nanopos") + assert_running("lightning-charge") -assert_running("onion-chef") + assert_running("nanopos") -# FIXME: use 'wait_for_unit' because 'create-web-index' always fails during startup due -# to incomplete unit dependencies. -# 'create-web-index' implicitly tests 'nodeinfo'. -machine.wait_for_unit("create-web-index") + assert_running("onion-chef") -machine.wait_until_succeeds(log_has_string("bitcoind-import-banlist", "Importing node banlist")) -assert_no_failure("bitcoind-import-banlist") + # FIXME: use 'wait_for_unit' because 'create-web-index' always fails during startup due + # to incomplete unit dependencies. + # 'create-web-index' implicitly tests 'nodeinfo'. + machine.wait_for_unit("create-web-index") -# test that `systemctl status` can't leak credentials -assert_matches( - "sudo -u electrs systemctl status clightning 2>&1 >/dev/null", - "Failed to dump process list for 'clightning.service', ignoring: Access denied", -) -machine.succeed("grep -Fq hidepid=2 /proc/mounts") + machine.wait_until_succeeds(log_has_string("bitcoind-import-banlist", "Importing node banlist")) + assert_no_failure("bitcoind-import-banlist") -### Additional tests + # test that `systemctl status` can't leak credentials + assert_matches( + "sudo -u electrs systemctl status clightning 2>&1 >/dev/null", + "Failed to dump process list for 'clightning.service', ignoring: Access denied", + ) + machine.succeed("grep -Fq hidepid=2 /proc/mounts") -# Current time in µs -pre_restart = succeed("date +%s.%6N").rstrip() + ### Additional tests -# Sanity-check system by restarting all services -succeed("systemctl restart bitcoind clightning spark-wallet lightning-charge nanopos liquidd") + # Current time in µs + pre_restart = succeed("date +%s.%6N").rstrip() -# Now that the bitcoind restart triggered a banlist import restart, check that -# re-importing already banned addresses works -machine.wait_until_succeeds( - log_has_string(f"bitcoind-import-banlist --since=@{pre_restart}", "Importing node banlist") -) -assert_no_failure("bitcoind-import-banlist") + # Sanity-check system by restarting all services + succeed("systemctl restart bitcoind clightning spark-wallet lightning-charge nanopos liquidd") -### Test lnd + # Now that the bitcoind restart triggered a banlist import restart, check that + # re-importing already banned addresses works + machine.wait_until_succeeds( + log_has_string(f"bitcoind-import-banlist --since=@{pre_restart}", "Importing node banlist") + ) + assert_no_failure("bitcoind-import-banlist") -stopped_services = "nanopos lightning-charge spark-wallet clightning" -succeed("systemctl stop " + stopped_services) -succeed("systemctl start lnd") -assert_matches("su operator -c 'lncli getinfo' | jq", '"version"') -assert_no_failure("lnd") + ### Test lnd -### Test loopd + stopped_services = "nanopos lightning-charge spark-wallet clightning" + succeed("systemctl stop " + stopped_services) + succeed("systemctl start lnd") + assert_matches("su operator -c 'lncli getinfo' | jq", '"version"') + assert_no_failure("lnd") -succeed("systemctl start lightning-loop") -assert_matches("su operator -c 'loop --version'", "version") -# Check that lightning-loop fails with the right error, making sure -# lightning-loop can connect to lnd -machine.wait_until_succeeds( - log_has_string("lightning-loop", "chain notifier RPC isstill in the process of starting") -) + ### Test loopd -### Stop lnd and restart clightning -succeed("systemctl stop lnd") -succeed("systemctl start " + stopped_services) + succeed("systemctl start lightning-loop") + assert_matches("su operator -c 'loop --version'", "version") + # Check that lightning-loop fails with the right error, making sure + # lightning-loop can connect to lnd + machine.wait_until_succeeds( + log_has_string("lightning-loop", "chain notifier RPC isstill in the process of starting") + ) + + ### Stop lnd and restart clightning + succeed("systemctl stop lnd") + succeed("systemctl start " + stopped_services) diff --git a/test/scenarios/withnetns.py b/test/scenarios/withnetns.py index d2f102f..6ab7721 100644 --- a/test/scenarios/withnetns.py +++ b/test/scenarios/withnetns.py @@ -1,3 +1,5 @@ +run_tests() + # netns IP addresses bitcoind_ip = "169.254.1.12" clightning_ip = "169.254.1.13" @@ -19,12 +21,14 @@ machine.wait_until_succeeds( ## spark-wallet machine.wait_until_succeeds("ip netns exec nb-spark-wallet nc -z %s 9737" % sparkwallet_ip) +spark_auth = re.search("login=(.*)", succeed("cat /secrets/spark-wallet-login"))[1] assert_matches( f"ip netns exec nb-spark-wallet curl -s {spark_auth}@%s:9737" % sparkwallet_ip, "Spark" ) ## lightning-charge machine.wait_until_succeeds("ip netns exec nb-nanopos nc -z %s 9112" % lightningcharge_ip) +charge_auth = re.search("API_TOKEN=(.*)", succeed("cat /secrets/lightning-charge-env"))[1] assert_matches( f"ip netns exec nb-nanopos curl -s api-token:{charge_auth}@%s:9112/info | jq" % lightningcharge_ip, From 5fa0602a1891cbdb1a7362e2d0b6ccf4b0172601 Mon Sep 17 00:00:00 2001 From: Jonas Nick Date: Sun, 2 Aug 2020 21:36:08 +0000 Subject: [PATCH 4/6] tests: add extra_tests argument to scenario lib run_tests() --- test/scenarios/default.py | 51 +++++++++++++++++----------- test/scenarios/lib.py | 13 +++++-- test/scenarios/withnetns.py | 67 +++++++++++++++++++++---------------- 3 files changed, 81 insertions(+), 50 deletions(-) diff --git a/test/scenarios/default.py b/test/scenarios/default.py index 59427d8..8bfcd5b 100644 --- a/test/scenarios/default.py +++ b/test/scenarios/default.py @@ -1,25 +1,36 @@ -run_tests() +def electrs(): + machine.wait_for_open_port(4224) # prometeus metrics provider -## electrs -# the main test body stops electrs -succeed("systemctl start electrs") -machine.wait_for_open_port(4224) # prometeus metrics provider -## spark-wallet -machine.wait_for_open_port(9737) -spark_auth = re.search("login=(.*)", succeed("cat /secrets/spark-wallet-login"))[1] -assert_matches(f"curl -s {spark_auth}@localhost:9737", "Spark") +def spark_wallet(): + machine.wait_for_open_port(9737) + spark_auth = re.search("login=(.*)", succeed("cat /secrets/spark-wallet-login"))[1] + assert_matches(f"curl -s {spark_auth}@localhost:9737", "Spark") -## lightning-charge -machine.wait_for_open_port(9112) -charge_auth = re.search("API_TOKEN=(.*)", succeed("cat /secrets/lightning-charge-env"))[1] -assert_matches(f"curl -s api-token:{charge_auth}@localhost:9112/info | jq", '"id"') -## nanopos -machine.wait_for_open_port(9116) -assert_matches("curl localhost:9116", "tshirt") +def lightning_charge(): + machine.wait_for_open_port(9112) + charge_auth = re.search("API_TOKEN=(.*)", succeed("cat /secrets/lightning-charge-env"))[1] + assert_matches(f"curl -s api-token:{charge_auth}@localhost:9112/info | jq", '"id"') -## web index -machine.wait_for_open_port(80) -assert_matches("curl localhost", "nix-bitcoin") -assert_matches("curl -L localhost/store", "tshirt") + +def nanopos(): + machine.wait_for_open_port(9116) + assert_matches("curl localhost:9116", "tshirt") + + +def web_index(): + machine.wait_for_open_port(80) + assert_matches("curl localhost", "nix-bitcoin") + assert_matches("curl -L localhost/store", "tshirt") + + +extra_tests = { + "electrs": electrs, + "spark-wallet": spark_wallet, + "lightning-charge": lightning_charge, + "nanopos": nanopos, + "web-index": web_index, +} + +run_tests(extra_tests) diff --git a/test/scenarios/lib.py b/test/scenarios/lib.py index 7d7e777..32602e6 100644 --- a/test/scenarios/lib.py +++ b/test/scenarios/lib.py @@ -35,8 +35,9 @@ if "is_interactive" in vars(): ### Tests - -def run_tests(): +# The argument extra_tests is a dictionary from strings to functions. The string +# determines at which point of run_tests the corresponding function is executed. +def run_tests(extra_tests): assert_running("setup-secrets") # Unused secrets should be inaccessible succeed('[[ $(stat -c "%U:%G %a" /secrets/dummy) = "root:root 440" ]]') @@ -55,6 +56,7 @@ def run_tests(): ) assert_running("electrs") + extra_tests.pop("electrs")() # Check RPC connection to bitcoind machine.wait_until_succeeds(log_has_string("electrs", "NetworkInfo")) assert_running("nginx") @@ -70,10 +72,13 @@ def run_tests(): assert_matches("su operator -c 'lightning-cli getinfo' | jq", '"id"') assert_running("spark-wallet") + extra_tests.pop("spark-wallet")() assert_running("lightning-charge") + extra_tests.pop("lightning-charge")() assert_running("nanopos") + extra_tests.pop("nanopos")() assert_running("onion-chef") @@ -81,6 +86,7 @@ def run_tests(): # to incomplete unit dependencies. # 'create-web-index' implicitly tests 'nodeinfo'. machine.wait_for_unit("create-web-index") + extra_tests.pop("web-index")() machine.wait_until_succeeds(log_has_string("bitcoind-import-banlist", "Importing node banlist")) assert_no_failure("bitcoind-import-banlist") @@ -128,3 +134,6 @@ def run_tests(): ### Stop lnd and restart clightning succeed("systemctl stop lnd") succeed("systemctl start " + stopped_services) + + ### Check that all extra_tests have been run + assert len(extra_tests) == 0 diff --git a/test/scenarios/withnetns.py b/test/scenarios/withnetns.py index 6ab7721..26ecbe4 100644 --- a/test/scenarios/withnetns.py +++ b/test/scenarios/withnetns.py @@ -1,5 +1,3 @@ -run_tests() - # netns IP addresses bitcoind_ip = "169.254.1.12" clightning_ip = "169.254.1.13" @@ -13,38 +11,51 @@ recurringdonations_ip = "169.254.1.20" nginx_ip = "169.254.1.21" ## electrs -# the main test body stops electrs -succeed("systemctl start electrs") -machine.wait_until_succeeds( - "ip netns exec nb-electrs nc -z localhost 4224" -) # prometeus metrics provider +def electrs(): + machine.wait_until_succeeds( + "ip netns exec nb-electrs nc -z localhost 4224" + ) # prometeus metrics provider -## spark-wallet -machine.wait_until_succeeds("ip netns exec nb-spark-wallet nc -z %s 9737" % sparkwallet_ip) -spark_auth = re.search("login=(.*)", succeed("cat /secrets/spark-wallet-login"))[1] -assert_matches( - f"ip netns exec nb-spark-wallet curl -s {spark_auth}@%s:9737" % sparkwallet_ip, "Spark" -) -## lightning-charge -machine.wait_until_succeeds("ip netns exec nb-nanopos nc -z %s 9112" % lightningcharge_ip) -charge_auth = re.search("API_TOKEN=(.*)", succeed("cat /secrets/lightning-charge-env"))[1] -assert_matches( - f"ip netns exec nb-nanopos curl -s api-token:{charge_auth}@%s:9112/info | jq" - % lightningcharge_ip, - '"id"', -) +def spark_wallet(): + machine.wait_until_succeeds("ip netns exec nb-spark-wallet nc -z %s 9737" % sparkwallet_ip) + spark_auth = re.search("login=(.*)", succeed("cat /secrets/spark-wallet-login"))[1] + assert_matches( + f"ip netns exec nb-spark-wallet curl -s {spark_auth}@%s:9737" % sparkwallet_ip, "Spark" + ) -## nanopos -machine.wait_until_succeeds("ip netns exec nb-lightning-charge nc -z %s 9116" % nanopos_ip) -assert_matches("ip netns exec nb-lightning-charge curl %s:9116" % nanopos_ip, "tshirt") -## webindex -machine.wait_until_succeeds("ip netns exec nb-nginx nc -z localhost 80") -assert_matches("ip netns exec nb-nginx curl localhost", "nix-bitcoin") -assert_matches("ip netns exec nb-nginx curl -L localhost/store", "tshirt") +def lightning_charge(): + machine.wait_until_succeeds("ip netns exec nb-nanopos nc -z %s 9112" % lightningcharge_ip) + charge_auth = re.search("API_TOKEN=(.*)", succeed("cat /secrets/lightning-charge-env"))[1] + assert_matches( + f"ip netns exec nb-nanopos curl -s api-token:{charge_auth}@%s:9112/info | jq" + % lightningcharge_ip, + '"id"', + ) +def nanopos(): + machine.wait_until_succeeds("ip netns exec nb-lightning-charge nc -z %s 9116" % nanopos_ip) + assert_matches("ip netns exec nb-lightning-charge curl %s:9116" % nanopos_ip, "tshirt") + + +def web_index(): + machine.wait_until_succeeds("ip netns exec nb-nginx nc -z localhost 80") + assert_matches("ip netns exec nb-nginx curl localhost", "nix-bitcoin") + assert_matches("ip netns exec nb-nginx curl -L localhost/store", "tshirt") + + +extra_tests = { + "electrs": electrs, + "spark-wallet": spark_wallet, + "lightning-charge": lightning_charge, + "nanopos": nanopos, + "web-index": web_index, +} + +run_tests(extra_tests) + ### Security tests ping_bitcoind = "ip netns exec nb-bitcoind ping -c 1 -w 1" From 5c0170c6b8ea01a439a6f2bb0437d36343089243 Mon Sep 17 00:00:00 2001 From: Jonas Nick Date: Sun, 2 Aug 2020 22:02:09 +0000 Subject: [PATCH 5/6] tests: add post-clightning extra tests to scenarios --- test/scenarios/default.py | 5 +++ test/scenarios/lib.py | 6 +-- test/scenarios/withnetns.py | 87 +++++++++++++++++++------------------ 3 files changed, 51 insertions(+), 47 deletions(-) diff --git a/test/scenarios/default.py b/test/scenarios/default.py index 8bfcd5b..9efb3c6 100644 --- a/test/scenarios/default.py +++ b/test/scenarios/default.py @@ -25,12 +25,17 @@ def web_index(): assert_matches("curl -L localhost/store", "tshirt") +def post_clightning(): + pass + + extra_tests = { "electrs": electrs, "spark-wallet": spark_wallet, "lightning-charge": lightning_charge, "nanopos": nanopos, "web-index": web_index, + "post-clightning": post_clightning, } run_tests(extra_tests) diff --git a/test/scenarios/lib.py b/test/scenarios/lib.py index 32602e6..2951a67 100644 --- a/test/scenarios/lib.py +++ b/test/scenarios/lib.py @@ -113,6 +113,8 @@ def run_tests(extra_tests): ) assert_no_failure("bitcoind-import-banlist") + extra_tests.pop("post-clightning")() + ### Test lnd stopped_services = "nanopos lightning-charge spark-wallet clightning" @@ -131,9 +133,5 @@ def run_tests(extra_tests): log_has_string("lightning-loop", "chain notifier RPC isstill in the process of starting") ) - ### Stop lnd and restart clightning - succeed("systemctl stop lnd") - succeed("systemctl start " + stopped_services) - ### Check that all extra_tests have been run assert len(extra_tests) == 0 diff --git a/test/scenarios/withnetns.py b/test/scenarios/withnetns.py index 26ecbe4..3ae3f0c 100644 --- a/test/scenarios/withnetns.py +++ b/test/scenarios/withnetns.py @@ -10,7 +10,7 @@ nanopos_ip = "169.254.1.19" recurringdonations_ip = "169.254.1.20" nginx_ip = "169.254.1.21" -## electrs + def electrs(): machine.wait_until_succeeds( "ip netns exec nb-electrs nc -z localhost 4224" @@ -46,54 +46,55 @@ def web_index(): assert_matches("ip netns exec nb-nginx curl -L localhost/store", "tshirt") +def post_clightning(): + ping_bitcoind = "ip netns exec nb-bitcoind ping -c 1 -w 1" + ping_nanopos = "ip netns exec nb-nanopos ping -c 1 -w 1" + + # Positive ping tests (non-exhaustive) + machine.succeed( + "%s %s &&" % (ping_bitcoind, bitcoind_ip) + + "%s %s &&" % (ping_bitcoind, clightning_ip) + + "%s %s &&" % (ping_bitcoind, liquidd_ip) + + "%s %s &&" % (ping_nanopos, lightningcharge_ip) + + "%s %s &&" % (ping_nanopos, nanopos_ip) + + "%s %s" % (ping_nanopos, nginx_ip) + ) + + # Negative ping tests (non-exhaustive) + machine.fail( + "%s %s ||" % (ping_bitcoind, sparkwallet_ip) + + "%s %s ||" % (ping_bitcoind, lightningcharge_ip) + + "%s %s ||" % (ping_bitcoind, nanopos_ip) + + "%s %s ||" % (ping_bitcoind, recurringdonations_ip) + + "%s %s ||" % (ping_bitcoind, nginx_ip) + + "%s %s ||" % (ping_nanopos, bitcoind_ip) + + "%s %s ||" % (ping_nanopos, clightning_ip) + + "%s %s ||" % (ping_nanopos, lnd_ip) + + "%s %s ||" % (ping_nanopos, liquidd_ip) + + "%s %s ||" % (ping_nanopos, electrs_ip) + + "%s %s ||" % (ping_nanopos, sparkwallet_ip) + + "%s %s" % (ping_nanopos, recurringdonations_ip) + ) + + # test that netns-exec can't be run for unauthorized namespace + machine.fail("netns-exec nb-electrs ip a") + + # test that netns-exec drops capabilities + assert_matches_exactly( + "su operator -c 'netns-exec nb-bitcoind capsh --print | grep Current '", "Current: =\n" + ) + + # test that netns-exec can not be executed by users that are not operator + machine.fail("sudo -u clightning netns-exec nb-bitcoind ip a") + + extra_tests = { "electrs": electrs, "spark-wallet": spark_wallet, "lightning-charge": lightning_charge, "nanopos": nanopos, "web-index": web_index, + "post-clightning": post_clightning, } run_tests(extra_tests) - -### Security tests - -ping_bitcoind = "ip netns exec nb-bitcoind ping -c 1 -w 1" -ping_nanopos = "ip netns exec nb-nanopos ping -c 1 -w 1" - -# Positive ping tests (non-exhaustive) -machine.succeed( - "%s %s &&" % (ping_bitcoind, bitcoind_ip) - + "%s %s &&" % (ping_bitcoind, clightning_ip) - + "%s %s &&" % (ping_bitcoind, liquidd_ip) - + "%s %s &&" % (ping_nanopos, lightningcharge_ip) - + "%s %s &&" % (ping_nanopos, nanopos_ip) - + "%s %s" % (ping_nanopos, nginx_ip) -) - -# Negative ping tests (non-exhaustive) -machine.fail( - "%s %s ||" % (ping_bitcoind, sparkwallet_ip) - + "%s %s ||" % (ping_bitcoind, lightningcharge_ip) - + "%s %s ||" % (ping_bitcoind, nanopos_ip) - + "%s %s ||" % (ping_bitcoind, recurringdonations_ip) - + "%s %s ||" % (ping_bitcoind, nginx_ip) - + "%s %s ||" % (ping_nanopos, bitcoind_ip) - + "%s %s ||" % (ping_nanopos, clightning_ip) - + "%s %s ||" % (ping_nanopos, lnd_ip) - + "%s %s ||" % (ping_nanopos, liquidd_ip) - + "%s %s ||" % (ping_nanopos, electrs_ip) - + "%s %s ||" % (ping_nanopos, sparkwallet_ip) - + "%s %s" % (ping_nanopos, recurringdonations_ip) -) - -# test that netns-exec can't be run for unauthorized namespace -machine.fail("netns-exec nb-electrs ip a") - -# test that netns-exec drops capabilities -assert_matches_exactly( - "su operator -c 'netns-exec nb-bitcoind capsh --print | grep Current '", "Current: =\n" -) - -# test that netns-exec can not be executed by users that are not operator -machine.fail("sudo -u clightning netns-exec nb-bitcoind ip a") From 4ece2da8db5940fbaad73773d8f073bc08ab8fff Mon Sep 17 00:00:00 2001 From: Jonas Nick Date: Tue, 4 Aug 2020 12:17:15 +0000 Subject: [PATCH 6/6] tests: move nginx check in scenarios lib --- test/scenarios/lib.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/scenarios/lib.py b/test/scenarios/lib.py index 2951a67..7346dd8 100644 --- a/test/scenarios/lib.py +++ b/test/scenarios/lib.py @@ -59,7 +59,6 @@ def run_tests(extra_tests): extra_tests.pop("electrs")() # Check RPC connection to bitcoind machine.wait_until_succeeds(log_has_string("electrs", "NetworkInfo")) - assert_running("nginx") # Stop electrs from spamming the test log with 'wait for bitcoind sync' messages succeed("systemctl stop electrs") @@ -86,6 +85,7 @@ def run_tests(extra_tests): # to incomplete unit dependencies. # 'create-web-index' implicitly tests 'nodeinfo'. machine.wait_for_unit("create-web-index") + assert_running("nginx") extra_tests.pop("web-index")() machine.wait_until_succeeds(log_has_string("bitcoind-import-banlist", "Importing node banlist"))