Add automated StrongSwan test

server/site_linux_server.py

 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 import logging, re, time
 from autotest_lib.client.common_lib import error
 
 class LinuxServer(object):
     """
     Linux Server: A machine which hosts network services.
 
     """
 
     def __init__(self, server, params):
-        self.server   = server    # Server host.
-        self.vpn_kind = None
-        self.conf     = {}
+        self.server                      = server    # Server host.
+        self.vpn_kind                    = None
+        self.openvpn_config              = {}
+        self.strongswan_config_templates = {}
+
+    def vpn_strongswan_config_templates(self, params):
+        for k, v in params.iteritems():
+            self.strongswan_config_templates[k] = v
 
     def vpn_server_config(self, params):
         """ Configure & launch the server side of the VPN.
 
             Parameters, in 'params':
 
                kind  : required
 
                        The kind of VPN which should be configured and
                        launched.
 
                        Valid values:
 
                           openvpn
+                          l2tpipsec (StrongSwan PSK or certificates)
 
                config: required
 
                        The configuration information associated with
                        the VPN server.
 
                        This is a dict which contains key/value pairs
                        representing the VPN's configuration.
 
           The values stored in the 'config' param must all be
           supported by the specified VPN kind.
         """
         self.vpn_server_kill({}) # Must be first.  Relies on self.vpn_kind.
-
         self.vpn_kind = params.get('kind', None)
 
-        # Read configuration information & create server configuration file.
-        #
-        #    As VPN kinds other than 'openvpn' are supported, and
-        #    since 'self.conf' is cummulative, perhaps there should be
-        #    a method which will clear 'self.conf'; different types of
-        #    VPN will likely not have the same configuration
-        #    parameters.  This is only really needed if a test is
-        #    written to switch between two differents kinds of VPN.
-        for k, v in params.get('config', {}).iteritems():
-            self.conf[k] = v
-        self.server.run("cat <<EOF >%s\n%s\nEOF\n" %
-                        ('/tmp/vpn-server.conf', '\n'.join(
-                    "%s %s" % kv for kv in self.conf.iteritems())))
-
         # Launch specified VPN server.
         if self.vpn_kind is None:
-            raise error.TestFail('No VPN kind specified for this test.');
+            raise error.TestFail('No VPN kind specified for this test.')
         elif self.vpn_kind == 'openvpn':
-            self.server.run("/usr/sbin/openvpn --config /tmp/vpn-server.conf &")
+            # Read config information & create server configuration file.
+            for k, v in params.get('config', {}).iteritems():
+                self.openvpn_config[k] = v
+            self.server.run("cat <<EOF >/tmp/vpn-server.conf\n%s\nEOF\n" %
+                            ('\n'.join( "%s %s" % kv for kv in
+                                        self.openvpn_config.iteritems())))
+            self.server.run("/usr/sbin/openvpn "
+                            "--config /tmp/vpn-server.conf &")
+        elif self.vpn_kind == 'l2tpipsec':  # aka 'strongswan'
+            # The replacement values in 'replacements' must match the
+            # template set with vpn_strongswan_config_templates().
+            replacements = params.get("replacements", None)
+            if replacements is not None:
+                replacements["@ipsecrets-ip@"] = self.server.ip
+            for cfg, template in self.strongswan_config_templates.iteritems():
+                contents = template
+                if replacements is not None:
+                    for k, v in replacements.iteritems():
+                        contents = contents.replace(k, v)
+                self.server.run("cat <<EOF >%s\n%s\nEOF\n" % (cfg, contents))
+
+            self.server.run("/usr/sbin/ipsec start")
+
+            # Restart xl2tpd to ensure use of newly-created config files.
+            self.server.run("sh /etc/init.d/xl2tpd restart")
         else:
             raise error.TestFail('(internal error): No config case '
                                  'for VPN kind (%s)' % self.vpn_kind)
 
     def vpn_server_kill(self, params):
         """ Kill the VPN server. """
         if self.vpn_kind is not None:
             if self.vpn_kind == 'openvpn':
                 self.server.run("pkill /usr/sbin/openvpn")
+            elif self.vpn_kind == 'l2tpipsec': # aka 'strongswan'
+                self.server.run("pkill /usr/sbin/ipsec")
+                self.server.run("pkill /usr/lib/ipsec/charon")
+                self.server.run("pkill /usr/lib/ipsec/pluto")
             else:
                 raise error.TestFail('(internal error): No kill case '
                                      'for VPN kind (%s)' % self.vpn_kind)
-            self.vpn_kind = None;
+            self.vpn_kind = None