diff options
author | Jan Tojnar <jtojnar@gmail.com> | 2020-04-16 10:09:43 +0200 |
---|---|---|
committer | Jan Tojnar <jtojnar@gmail.com> | 2020-04-16 10:09:43 +0200 |
commit | 3d8e43691731037672c36129cbecb2fe43ffad7e (patch) | |
tree | c7f5fe5732dd22a66330d041ee7b0139f75b412d /nixos/tests | |
parent | a04625379a9e842cb987197c4f273de1bea807b7 (diff) | |
parent | 342eaba9ebbc68923c1028a56be1c94e74862832 (diff) | |
download | nixlib-3d8e43691731037672c36129cbecb2fe43ffad7e.tar nixlib-3d8e43691731037672c36129cbecb2fe43ffad7e.tar.gz nixlib-3d8e43691731037672c36129cbecb2fe43ffad7e.tar.bz2 nixlib-3d8e43691731037672c36129cbecb2fe43ffad7e.tar.lz nixlib-3d8e43691731037672c36129cbecb2fe43ffad7e.tar.xz nixlib-3d8e43691731037672c36129cbecb2fe43ffad7e.tar.zst nixlib-3d8e43691731037672c36129cbecb2fe43ffad7e.zip |
Merge branch 'master' into staging-next
Diffstat (limited to 'nixos/tests')
-rw-r--r-- | nixos/tests/all-tests.nix | 2 | ||||
-rw-r--r-- | nixos/tests/flannel.nix | 37 | ||||
-rw-r--r-- | nixos/tests/iodine.nix | 5 | ||||
-rw-r--r-- | nixos/tests/networking.nix | 50 | ||||
-rw-r--r-- | nixos/tests/traefik.nix | 87 |
5 files changed, 142 insertions, 39 deletions
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 5819879b30e9..4f60892488ab 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -303,6 +303,8 @@ in timezone = handleTest ./timezone.nix {}; tinydns = handleTest ./tinydns.nix {}; tor = handleTest ./tor.nix {}; + # traefik test relies on docker-containers + traefik = handleTestOn ["x86_64-linux"] ./traefik.nix {}; transmission = handleTest ./transmission.nix {}; trac = handleTest ./trac.nix {}; trilium-server = handleTestOn ["x86_64-linux"] ./trilium-server.nix {}; diff --git a/nixos/tests/flannel.nix b/nixos/tests/flannel.nix index 9991c5eaa329..7615732c20ca 100644 --- a/nixos/tests/flannel.nix +++ b/nixos/tests/flannel.nix @@ -1,20 +1,24 @@ -import ./make-test.nix ({ pkgs, ...} : { +import ./make-test-python.nix ({ lib, ...} : { name = "flannel"; - meta = with pkgs.stdenv.lib.maintainers; { + meta = with lib.maintainers; { maintainers = [ offline ]; }; nodes = let - flannelConfig = { + flannelConfig = { pkgs, ... } : { services.flannel = { enable = true; + backend = { + Type = "udp"; + Port = 8285; + }; network = "10.1.0.0/16"; iface = "eth1"; etcd.endpoints = ["http://etcd:2379"]; }; - networking.firewall.allowedUDPPorts = [ 8472 ]; + networking.firewall.allowedUDPPorts = [ 8285 ]; }; in { etcd = { ... }: { @@ -32,25 +36,22 @@ import ./make-test.nix ({ pkgs, ...} : { networking.firewall.allowedTCPPorts = [ 2379 ]; }; - node1 = { ... }: { - require = [flannelConfig]; - }; - - node2 = { ... }: { - require = [flannelConfig]; - }; + node1 = flannelConfig; + node2 = flannelConfig; }; testScript = '' - startAll; + start_all() - $node1->waitForUnit("flannel.service"); - $node2->waitForUnit("flannel.service"); + node1.wait_for_unit("flannel.service") + node2.wait_for_unit("flannel.service") - my $ip1 = $node1->succeed("ip -4 addr show flannel.1 | grep -oP '(?<=inet).*(?=/)'"); - my $ip2 = $node2->succeed("ip -4 addr show flannel.1 | grep -oP '(?<=inet).*(?=/)'"); + node1.wait_until_succeeds("ip l show dev flannel0") + ip1 = node1.succeed("ip -4 addr show flannel0 | grep -oP '(?<=inet).*(?=/)'") + node2.wait_until_succeeds("ip l show dev flannel0") + ip2 = node2.succeed("ip -4 addr show flannel0 | grep -oP '(?<=inet).*(?=/)'") - $node1->waitUntilSucceeds("ping -c 1 $ip2"); - $node2->waitUntilSucceeds("ping -c 1 $ip1"); + node1.wait_until_succeeds(f"ping -c 1 {ip2}") + node2.wait_until_succeeds(f"ping -c 1 {ip1}") ''; }) diff --git a/nixos/tests/iodine.nix b/nixos/tests/iodine.nix index 8bd9603a6d6c..41fb2e7778d4 100644 --- a/nixos/tests/iodine.nix +++ b/nixos/tests/iodine.nix @@ -1,6 +1,7 @@ import ./make-test-python.nix ( { pkgs, ... }: let domain = "whatever.example.com"; + password = "false;foo;exit;withspecialcharacters"; in { name = "iodine"; @@ -21,7 +22,7 @@ import ./make-test-python.nix ( services.iodine.server = { enable = true; ip = "10.53.53.1/24"; - passwordFile = "${builtins.toFile "password" "foo"}"; + passwordFile = "${builtins.toFile "password" password}"; inherit domain; }; @@ -41,7 +42,7 @@ import ./make-test-python.nix ( server = domain; }; systemd.tmpfiles.rules = [ - "f /root/pw 0666 root root - foo" + "f /root/pw 0666 root root - ${password}" ]; environment.systemPackages = [ pkgs.nagiosPluginsOfficial diff --git a/nixos/tests/networking.nix b/nixos/tests/networking.nix index 0a6507d2dc88..3d8ab761a446 100644 --- a/nixos/tests/networking.nix +++ b/nixos/tests/networking.nix @@ -200,6 +200,7 @@ let useDHCP = false; interfaces.eth1 = { ipv4.addresses = mkOverride 0 [ ]; + mtu = 1343; useDHCP = true; }; interfaces.eth2.ipv4.addresses = mkOverride 0 [ ]; @@ -216,6 +217,9 @@ let with subtest("Wait until we have an ip address on each interface"): client.wait_until_succeeds("ip addr show dev eth1 | grep -q '192.168.1'") + with subtest("ensure MTU is set"): + assert "mtu 1343" in client.succeed("ip link show dev eth1") + with subtest("Test vlan 1"): client.wait_until_succeeds("ping -c 1 192.168.1.1") client.wait_until_succeeds("ping -c 1 192.168.1.2") @@ -455,11 +459,14 @@ let ipv4.addresses = [ { address = "192.168.1.1"; prefixLength = 24; } ]; ipv6.addresses = [ { address = "2001:1470:fffd:2096::"; prefixLength = 64; } ]; virtual = true; + mtu = 1342; + macAddress = "02:de:ad:be:ef:01"; }; networking.interfaces.tun0 = { ipv4.addresses = [ { address = "192.168.1.2"; prefixLength = 24; } ]; ipv6.addresses = [ { address = "2001:1470:fffd:2097::"; prefixLength = 64; } ]; virtual = true; + mtu = 1343; }; }; @@ -471,7 +478,7 @@ let with subtest("Wait for networking to come up"): machine.start() - machine.wait_for_unit("network-online.target") + machine.wait_for_unit("network.target") with subtest("Test interfaces set up"): list = machine.succeed("ip tuntap list | sort").strip() @@ -486,7 +493,12 @@ let """.format( list, targetList ) - + with subtest("Test MTU and MAC Address are configured"): + assert "mtu 1342" in machine.succeed("ip link show dev tap0") + assert "mtu 1343" in machine.succeed("ip link show dev tun0") + assert "02:de:ad:be:ef:01" in machine.succeed("ip link show dev tap0") + '' # network-addresses-* only exist in scripted networking + + optionalString (!networkd) '' with subtest("Test interfaces clean up"): machine.succeed("systemctl stop network-addresses-tap0") machine.sleep(10) @@ -602,17 +614,17 @@ let }; testScript = '' - targetIPv4Table = """ - 10.0.0.0/16 proto static scope link mtu 1500 - 192.168.1.0/24 proto kernel scope link src 192.168.1.2 - 192.168.2.0/24 via 192.168.1.1 proto static - """.strip() - - targetIPv6Table = """ - 2001:1470:fffd:2097::/64 proto kernel metric 256 pref medium - 2001:1470:fffd:2098::/64 via fdfd:b3f0::1 proto static metric 1024 pref medium - fdfd:b3f0::/48 proto static metric 1024 pref medium - """.strip() + targetIPv4Table = [ + "10.0.0.0/16 proto static scope link mtu 1500", + "192.168.1.0/24 proto kernel scope link src 192.168.1.2", + "192.168.2.0/24 via 192.168.1.1 proto static", + ] + + targetIPv6Table = [ + "2001:1470:fffd:2097::/64 proto kernel metric 256 pref medium", + "2001:1470:fffd:2098::/64 via fdfd:b3f0::1 proto static metric 1024 pref medium", + "fdfd:b3f0::/48 proto static metric 1024 pref medium", + ] machine.start() machine.wait_for_unit("network.target") @@ -620,9 +632,9 @@ let with subtest("test routing tables"): ipv4Table = machine.succeed("ip -4 route list dev eth0 | head -n3").strip() ipv6Table = machine.succeed("ip -6 route list dev eth0 | head -n3").strip() - assert ( - ipv4Table == targetIPv4Table - ), """ + assert [ + l.strip() for l in ipv4Table.splitlines() + ] == targetIPv4Table, """ The IPv4 routing table does not match the expected one: Result: {} @@ -631,9 +643,9 @@ let """.format( ipv4Table, targetIPv4Table ) - assert ( - ipv6Table == targetIPv6Table - ), """ + assert [ + l.strip() for l in ipv6Table.splitlines() + ] == targetIPv6Table, """ The IPv6 routing table does not match the expected one: Result: {} diff --git a/nixos/tests/traefik.nix b/nixos/tests/traefik.nix new file mode 100644 index 000000000000..0e21a7cf8437 --- /dev/null +++ b/nixos/tests/traefik.nix @@ -0,0 +1,87 @@ +# Test Traefik as a reverse proxy of a local web service +# and a Docker container. +import ./make-test-python.nix ({ pkgs, ... }: { + name = "traefik"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ joko ]; + }; + + nodes = { + client = { config, pkgs, ... }: { + environment.systemPackages = [ pkgs.curl ]; + }; + traefik = { config, pkgs, ... }: { + docker-containers.nginx = { + extraDockerOptions = [ + "-l" "traefik.enable=true" + "-l" "traefik.http.routers.nginx.entrypoints=web" + "-l" "traefik.http.routers.nginx.rule=Host(`nginx.traefik.test`)" + ]; + image = "nginx-container"; + imageFile = pkgs.dockerTools.examples.nginx; + }; + + networking.firewall.allowedTCPPorts = [ 80 ]; + + services.traefik = { + enable = true; + + dynamicConfigOptions = { + http.routers.simplehttp = { + rule = "Host(`simplehttp.traefik.test`)"; + entryPoints = [ "web" ]; + service = "simplehttp"; + }; + + http.services.simplehttp = { + loadBalancer.servers = [{ + url = "http://127.0.0.1:8000"; + }]; + }; + }; + + staticConfigOptions = { + global = { + checkNewVersion = false; + sendAnonymousUsage = false; + }; + + entryPoints.web.address = ":80"; + + providers.docker.exposedByDefault = false; + }; + }; + + systemd.services.simplehttp = { + script = "${pkgs.python3}/bin/python -m http.server 8000"; + serviceConfig.Type = "simple"; + wantedBy = [ "multi-user.target" ]; + }; + + users.users.traefik.extraGroups = [ "docker" ]; + }; + }; + + testScript = '' + start_all() + + traefik.wait_for_unit("docker-nginx.service") + traefik.wait_until_succeeds("docker ps | grep nginx-container") + traefik.wait_for_unit("simplehttp.service") + traefik.wait_for_unit("traefik.service") + traefik.wait_for_open_port(80) + traefik.wait_for_unit("multi-user.target") + + client.wait_for_unit("multi-user.target") + + with subtest("Check that a container can be reached via Traefik"): + assert "Hello from NGINX" in client.succeed( + "curl -sSf -H Host:nginx.traefik.test http://traefik/" + ) + + with subtest("Check that dynamic configuration works"): + assert "Directory listing for " in client.succeed( + "curl -sSf -H Host:simplehttp.traefik.test http://traefik/" + ) + ''; +}) |