---
- envvars:
  - FLOATING_IP_VM: "dev.toolforge.org"
    TOOLFORGE_BASTION: "login.toolforge.org"
    NO_FLOATING_VM: "tools-k8s-worker-30.tools.eqiad1.wikimedia.cloud"
    TOOLS_PUPPETMASTER: "tools-puppetmaster-02.tools.eqiad1.wikimedia.cloud"
    TOOLSBETA_PUPPETMASTER: "toolsbeta-puppetmaster-04.toolsbeta.eqiad1.wikimedia.cloud"
---
# cloudgw pre-migration checklist!
- name: basic ping to neutron addresses (DNS name)
  tests:
    - cmd: timeout -k5s 10s ping -c1 cloudinstances2b-gw.openstack.eqiad1.wikimediacloud.org >/dev/null
      stdout: ""
      retcode: 0
      stderr: ""

- name: basic ping to neutron addresses (raw address)
  tests:
    - cmd: timeout -k5s 10s ping -c1 185.15.56.244 >/dev/null
      stdout: ""
      retcode: 0
      stderr: ""

- name: VM (no floating IP) contacting the internet gets NAT'd using routing_source_ip
  tests:
    - cmd: ssh $NO_FLOATING_VM "curl -s ifconfig.me ; echo "
      # this is routing_source_ip
      stdout: "185.15.56.1"
      retcode: 0
      stderr: ""

- name: VM (no floating IP) contacting an address covered by dmz_cidr doesn't get NAT'd
  tests:
    - cmd: ssh $NO_FLOATING_VM "curl -Is https://es.wikipedia.org | grep x-client-ip"
      # this is the internal VM address
      stdout: "x-client-ip: 172.16.0.241"
      retcode: 0
      stderr: ""

- name: VM (using floating IP) is properly affected by dmz_cidr
  tests:
    - cmd: ssh $FLOATING_IP_VM "curl -s ifconfig.me ; echo"
      # this is the VM floating IP address
      stdout: "185.15.56.50"
      retcode: 0
      stderr: ""
    - cmd: ssh $FLOATING_IP_VM "curl -Is https://es.wikipedia.org | grep x-client-ip"
      # this is the VM private address
      stdout: "x-client-ip: 172.16.3.190"
      retcode: 0
      stderr: ""

- name: VM (no floating IP) can contact auth DNS server
  tests:
    - cmd: ssh $NO_FLOATING_VM "dig +short toolforge.org @208.80.154.11"
      # this the A apex record in the toolforge.org DNS domain zone
      stdout: "185.15.56.11"
      retcode: 0
      stderr: ""

- name: VM (no floating IP) can contact recursor DNS server
  tests:
    - cmd: ssh $NO_FLOATING_VM "dig +short www.basket.com @208.80.154.143 | wc -l"
      # this a somewhat random IPv4 on the internet, so only check that we get "something"
      stdout: "1"
      retcode: 0
      stderr: ""

- name: VM (using floating IP) can contact auth DNS server
  tests:
    - cmd: ssh $FLOATING_IP_VM "dig +short toolforge.org @208.80.154.11"
      # this the A apex record in the toolforge.org DNS domain zone
      stdout: "185.15.56.11"
      retcode: 0
      stderr: ""

- name: VM (using floating IP) can contact recursor DNS server
  tests:
    - cmd: ssh $FLOATING_IP_VM "dig +short www.basket.com @208.80.154.143 | wc -l"
      # this a somewhat random IPv4 on the internet, so only check that we get "something"
      stdout: "1"
      retcode: 0
      stderr: ""

- name: VM (using floating IP) can contact LDAP server
  tests:
    - cmd: ssh $FLOATING_IP_VM 'ldapsearch -x whatever | grep -q ^"# numResponses"'
      # grep is happy, we are too
      stdout: ""
      retcode: 0
      stderr: ""

- name: VM (not using floating IP) can contact LDAP server
  tests:
    - cmd: ssh $NO_FLOATING_VM 'ldapsearch -x whatever | grep -q ^"# numResponses"'
      # grep is happy, we are too
      stdout: ""
      retcode: 0
      stderr: ""

- name: VM (using floating IP) can connect to wikireplicas
  tests:
    - cmd: ssh $FLOATING_IP_VM 'sudo -iu tools.arturo-test-tool sql enwiki "select * from page limit 2;" | grep page_id | wc -l'
      stdout: "1"
      retcode: 0
      stderr: ""

- name: Toolforge webservice can be accessed from the internet
  tests:
    - cmd: curl -f --no-progress-meter https://network-tests.toolforge.org/files/1MB.bin --output - | file -
      stdout: "/dev/stdin: data"
      retcode: 0
      stderr: ""

- name: Toolforge bastions see herald file on project NFS
  tests:
    - cmd: timeout -k5s 60s ssh $FLOATING_IP_VM "file /mnt/nfs/labstore-secondary-tools-project/herald"
      stdout: "/mnt/nfs/labstore-secondary-tools-project/herald: ASCII text"
      retcode: 0
      stderr: ""
    - cmd: timeout -k5s 60s ssh $TOOLFORGE_BASTION "file /mnt/nfs/labstore-secondary-tools-project/herald"
      stdout: "/mnt/nfs/labstore-secondary-tools-project/herald: ASCII text"
      retcode: 0
      stderr: ""

- name: VM (using floating IP) can contact openstack API
  tests:
    - cmd: ssh $FLOATING_IP_VM 'curl -s http://openstack.eqiad1.wikimediacloud.org:5000/v3 | grep -qo identity'
      # grep is happy, we are too
      stdout: ""
      retcode: 0
      stderr: ""

- name: VM (no floating IP) can contact openstack API
  tests:
    - cmd: ssh $NO_FLOATING_VM 'curl -s http://openstack.eqiad1.wikimediacloud.org:5000/v3 | grep -qo identity'
      # grep is happy, we are too
      stdout: ""
      retcode: 0
      stderr: ""

- name: puppetmasters can sync git tree
  tests:
    - cmd: ssh $TOOLS_PUPPETMASTER 'sudo git-sync-upstream 2>&1 | grep -q Up-to-date'
      # grep is happy, we are too
      stdout: ""
      retcode: 0
      stderr: ""
    - cmd: ssh $TOOLSBETA_PUPPETMASTER 'sudo git-sync-upstream 2>&1 | grep -q Up-to-date'
      # grep is happy, we are too
      stdout: ""
      retcode: 0
      stderr: ""

- name: VM (using floating IP) can read dumps NFS
  tests:
    - cmd: ssh $FLOATING_IP_VM 'file /mnt/nfs/dumps-labstore1006.wikimedia.org/index.html | grep -q HTML'
      stdout: ""
      retcode: 0
      stderr: ""

- name: VM (no floating IP) can read dumps NFS
  tests:
    - cmd: ssh $NO_FLOATING_VM 'file /mnt/nfs/dumps-labstore1006.wikimedia.org/index.html | grep -q HTML'
      stdout: ""
      retcode: 0
      stderr: ""