nixpkgs/nixos/tests/containers-bridge.nix

# Test for NixOS' container support.

let
  hostIp = "192.168.0.1";
  containerIp = "192.168.0.100/24";
  hostIp6 = "fc00::1";
  containerIp6 = "fc00::2/7";
in

import ./make-test.nix ({ pkgs, ...} : {
  name = "containers-bridge";
  meta = with pkgs.stdenv.lib.maintainers; {
    maintainers = [ aristid aszlig eelco chaoflow kampfschlaefer ];
  };

  machine =
    { pkgs, ... }:
    { imports = [ ../modules/installer/cd-dvd/channel.nix ];
      virtualisation.writableStore = true;
      virtualisation.memorySize = 768;

      networking.bridges = {
        br0 = {
          interfaces = [];
        };
      };
      networking.interfaces = {
        br0 = {
          ipv4.addresses = [{ address = hostIp; prefixLength = 24; }];
          ipv6.addresses = [{ address = hostIp6; prefixLength = 7; }];
        };
      };

      containers.webserver =
        {
          autoStart = true;
          privateNetwork = true;
          hostBridge = "br0";
          localAddress = containerIp;
          localAddress6 = containerIp6;
          config =
            { services.httpd.enable = true;
              services.httpd.adminAddr = "foo@example.org";
              networking.firewall.allowedTCPPorts = [ 80 ];
              networking.firewall.allowPing = true;
            };
        };

      virtualisation.pathsInNixDB = [ pkgs.stdenv ];
    };

  testScript =
    ''
      $machine->waitForUnit("default.target");
      $machine->succeed("nixos-container list") =~ /webserver/ or die;

      # Start the webserver container.
      $machine->succeed("nixos-container status webserver") =~ /up/ or die;

      "${containerIp}" =~ /([^\/]+)\/([0-9+])/;
      my $ip = $1;
      chomp $ip;
      $machine->succeed("ping -n -c 1 $ip");
      $machine->succeed("curl --fail http://$ip/ > /dev/null");

      "${containerIp6}" =~ /([^\/]+)\/([0-9+])/;
      my $ip6 = $1;
      chomp $ip6;
      $machine->succeed("ping -n -c 1 $ip6");
      $machine->succeed("curl --fail http://[$ip6]/ > /dev/null");

      # Check that nixos-container show-ip works in case of an ipv4 address with
      # subnetmask in CIDR notation.
      my $result = $machine->succeed("nixos-container show-ip webserver");
      chomp $result;
      $result eq $ip or die;

      # Stop the container.
      $machine->succeed("nixos-container stop webserver");
      $machine->fail("curl --fail --connect-timeout 2 http://$ip/ > /dev/null");
      $machine->fail("curl --fail --connect-timeout 2 http://[$ip6]/ > /dev/null");

      # Destroying a declarative container should fail.
      $machine->fail("nixos-container destroy webserver");
    '';

})
containers: Add more tests for ipv6 and hostbridge A testcase each for - declarative ipv6-only container Seems odd to define the container IPs with their prefix length attached. There should be a better way… - declarative bridged container Also fix the ping test by waiting for the container to start When the ping was executed, the container might not have finished starting. Or the host-side of the container wasn't finished with config. Waiting for 2 seconds in between fixes this. 2016-01-31 21:45:05 +01:00			`# Test for NixOS' container support.`

			`let`
			`hostIp = "192.168.0.1";`
			`containerIp = "192.168.0.100/24";`
			`hostIp6 = "fc00::1";`
			`containerIp6 = "fc00::2/7";`
			`in`

			`import ./make-test.nix ({ pkgs, ...} : {`
			`name = "containers-bridge";`
			`meta = with pkgs.stdenv.lib.maintainers; {`
containers: add myself to the maintainers of the tests Seems like the right thing to do. 2016-05-16 13:06:40 +02:00			`maintainers = [ aristid aszlig eelco chaoflow kampfschlaefer ];`
containers: Add more tests for ipv6 and hostbridge A testcase each for - declarative ipv6-only container Seems odd to define the container IPs with their prefix length attached. There should be a better way… - declarative bridged container Also fix the ping test by waiting for the container to start When the ping was executed, the container might not have finished starting. Or the host-side of the container wasn't finished with config. Waiting for 2 seconds in between fixes this. 2016-01-31 21:45:05 +01:00			`};`

			`machine =`
[bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00			`{ pkgs, ... }:`
containers: Add more tests for ipv6 and hostbridge A testcase each for - declarative ipv6-only container Seems odd to define the container IPs with their prefix length attached. There should be a better way… - declarative bridged container Also fix the ping test by waiting for the container to start When the ping was executed, the container might not have finished starting. Or the host-side of the container wasn't finished with config. Waiting for 2 seconds in between fixes this. 2016-01-31 21:45:05 +01:00			`{ imports = [ ../modules/installer/cd-dvd/channel.nix ];`
			`virtualisation.writableStore = true;`
			`virtualisation.memorySize = 768;`

			`networking.bridges = {`
			`br0 = {`
			`interfaces = [];`
			`};`
			`};`
			`networking.interfaces = {`
			`br0 = {`
nixos/tests: rename IP addresses/routes options 2017-12-03 05:14:54 +01:00			`ipv4.addresses = [{ address = hostIp; prefixLength = 24; }];`
			`ipv6.addresses = [{ address = hostIp6; prefixLength = 7; }];`
containers: Add more tests for ipv6 and hostbridge A testcase each for - declarative ipv6-only container Seems odd to define the container IPs with their prefix length attached. There should be a better way… - declarative bridged container Also fix the ping test by waiting for the container to start When the ping was executed, the container might not have finished starting. Or the host-side of the container wasn't finished with config. Waiting for 2 seconds in between fixes this. 2016-01-31 21:45:05 +01:00			`};`
			`};`

			`containers.webserver =`
			`{`
			`autoStart = true;`
			`privateNetwork = true;`
			`hostBridge = "br0";`
			`localAddress = containerIp;`
			`localAddress6 = containerIp6;`
			`config =`
			`{ services.httpd.enable = true;`
			`services.httpd.adminAddr = "foo@example.org";`
			`networking.firewall.allowedTCPPorts = [ 80 ];`
			`networking.firewall.allowPing = true;`
			`};`
			`};`

			`virtualisation.pathsInNixDB = [ pkgs.stdenv ];`
			`};`

			`testScript =`
			`''`
			`$machine->waitForUnit("default.target");`
			`$machine->succeed("nixos-container list") =~ /webserver/ or die;`

			`# Start the webserver container.`
			`$machine->succeed("nixos-container status webserver") =~ /up/ or die;`

			`"${containerIp}" =~ /([^\/]+)\/([0-9+])/;`
			`my $ip = $1;`
			`chomp $ip;`
			`$machine->succeed("ping -n -c 1 $ip");`
			`$machine->succeed("curl --fail http://$ip/ > /dev/null");`

			`"${containerIp6}" =~ /([^\/]+)\/([0-9+])/;`
			`my $ip6 = $1;`
			`chomp $ip6;`
replace ping6 with ping reason: after the upgrade of iputils from 20151218 to 20161105 functionality of ping6 and tracepath6 was merged into ping and tracepath. Ping is now mostly a drop-in replacment for ping6, except that selecting a specific interface is done by encoding it into the address (ex.: fe80::1%eth0) rather then specifing it with the `-I` flag. 2017-02-15 11:05:50 +01:00			`$machine->succeed("ping -n -c 1 $ip6");`
containers: Add more tests for ipv6 and hostbridge A testcase each for - declarative ipv6-only container Seems odd to define the container IPs with their prefix length attached. There should be a better way… - declarative bridged container Also fix the ping test by waiting for the container to start When the ping was executed, the container might not have finished starting. Or the host-side of the container wasn't finished with config. Waiting for 2 seconds in between fixes this. 2016-01-31 21:45:05 +01:00			`$machine->succeed("curl --fail http://[$ip6]/ > /dev/null");`

nixos-container: Modify existing test to cover show-ip command Modified the existing test to check that the 'nixos-container show-ip' command can handle ipv4 addresses with submask in CIDR notation. 2017-11-16 14:54:13 +01:00			`# Check that nixos-container show-ip works in case of an ipv4 address with`
			`# subnetmask in CIDR notation.`
			`my $result = $machine->succeed("nixos-container show-ip webserver");`
			`chomp $result;`
			`$result eq $ip or die;`

containers: Add more tests for ipv6 and hostbridge A testcase each for - declarative ipv6-only container Seems odd to define the container IPs with their prefix length attached. There should be a better way… - declarative bridged container Also fix the ping test by waiting for the container to start When the ping was executed, the container might not have finished starting. Or the host-side of the container wasn't finished with config. Waiting for 2 seconds in between fixes this. 2016-01-31 21:45:05 +01:00			`# Stop the container.`
			`$machine->succeed("nixos-container stop webserver");`
			`$machine->fail("curl --fail --connect-timeout 2 http://$ip/ > /dev/null");`
			`$machine->fail("curl --fail --connect-timeout 2 http://[$ip6]/ > /dev/null");`

			`# Destroying a declarative container should fail.`
			`$machine->fail("nixos-container destroy webserver");`
			`'';`

			`})`