| 
									
										
										
										
											2016-01-31 21:45:05 +01:00
										 |  |  | # Test for NixOS' container support. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | let | 
					
						
							|  |  |  |   hostIp = "192.168.0.1"; | 
					
						
							|  |  |  |   containerIp = "192.168.0.100/24"; | 
					
						
							|  |  |  |   hostIp6 = "fc00::1"; | 
					
						
							|  |  |  |   containerIp6 = "fc00::2/7"; | 
					
						
							|  |  |  | in | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-11-26 00:43:52 +01:00
										 |  |  | import ./make-test-python.nix ({ pkgs, ...} : { | 
					
						
							| 
									
										
										
										
											2016-01-31 21:45:05 +01:00
										 |  |  |   name = "containers-bridge"; | 
					
						
							|  |  |  |   meta = with pkgs.stdenv.lib.maintainers; { | 
					
						
							| 
									
										
										
										
											2019-02-22 16:14:13 +01:00
										 |  |  |     maintainers = [ aristid aszlig eelco kampfschlaefer ]; | 
					
						
							| 
									
										
										
										
											2016-01-31 21:45:05 +01:00
										 |  |  |   }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   machine = | 
					
						
							| 
									
										
										
										
											2018-07-20 20:56:59 +00:00
										 |  |  |     { pkgs, ... }: | 
					
						
							| 
									
										
										
										
											2016-01-31 21:45:05 +01:00
										 |  |  |     { imports = [ ../modules/installer/cd-dvd/channel.nix ]; | 
					
						
							|  |  |  |       virtualisation.writableStore = true; | 
					
						
							|  |  |  |       virtualisation.memorySize = 768; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       networking.bridges = { | 
					
						
							|  |  |  |         br0 = { | 
					
						
							|  |  |  |           interfaces = []; | 
					
						
							|  |  |  |         }; | 
					
						
							|  |  |  |       }; | 
					
						
							|  |  |  |       networking.interfaces = { | 
					
						
							|  |  |  |         br0 = { | 
					
						
							| 
									
										
										
										
											2017-12-03 05:14:54 +01:00
										 |  |  |           ipv4.addresses = [{ address = hostIp; prefixLength = 24; }]; | 
					
						
							|  |  |  |           ipv6.addresses = [{ address = hostIp6; prefixLength = 7; }]; | 
					
						
							| 
									
										
										
										
											2016-01-31 21:45:05 +01:00
										 |  |  |         }; | 
					
						
							|  |  |  |       }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       containers.webserver = | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |           autoStart = true; | 
					
						
							|  |  |  |           privateNetwork = true; | 
					
						
							|  |  |  |           hostBridge = "br0"; | 
					
						
							|  |  |  |           localAddress = containerIp; | 
					
						
							|  |  |  |           localAddress6 = containerIp6; | 
					
						
							|  |  |  |           config = | 
					
						
							|  |  |  |             { services.httpd.enable = true; | 
					
						
							|  |  |  |               services.httpd.adminAddr = "foo@example.org"; | 
					
						
							|  |  |  |               networking.firewall.allowedTCPPorts = [ 80 ]; | 
					
						
							|  |  |  |             }; | 
					
						
							|  |  |  |         }; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-01-04 22:24:13 +01:00
										 |  |  |       containers.web-noip = | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |           autoStart = true; | 
					
						
							|  |  |  |           privateNetwork = true; | 
					
						
							|  |  |  |           hostBridge = "br0"; | 
					
						
							|  |  |  |           config = | 
					
						
							|  |  |  |             { services.httpd.enable = true; | 
					
						
							|  |  |  |               services.httpd.adminAddr = "foo@example.org"; | 
					
						
							|  |  |  |               networking.firewall.allowedTCPPorts = [ 80 ]; | 
					
						
							|  |  |  |             }; | 
					
						
							|  |  |  |         }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-01-31 21:45:05 +01:00
										 |  |  |       virtualisation.pathsInNixDB = [ pkgs.stdenv ]; | 
					
						
							|  |  |  |     }; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-11-26 00:43:52 +01:00
										 |  |  |   testScript = ''
 | 
					
						
							|  |  |  |     machine.wait_for_unit("default.target") | 
					
						
							|  |  |  |     assert "webserver" in machine.succeed("nixos-container list") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     with subtest("Start the webserver container"): | 
					
						
							|  |  |  |         assert "up" in machine.succeed("nixos-container status webserver") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     with subtest("Bridges exist inside containers"): | 
					
						
							|  |  |  |         machine.succeed( | 
					
						
							|  |  |  |             "nixos-container run webserver -- ip link show eth0", | 
					
						
							|  |  |  |             "nixos-container run web-noip -- ip link show eth0", | 
					
						
							|  |  |  |         ) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     ip = "${containerIp}".split("/")[0] | 
					
						
							|  |  |  |     machine.succeed(f"ping -n -c 1 {ip}") | 
					
						
							|  |  |  |     machine.succeed(f"curl --fail http://{ip}/ > /dev/null") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     ip6 = "${containerIp6}".split("/")[0] | 
					
						
							|  |  |  |     machine.succeed(f"ping -n -c 1 {ip6}") | 
					
						
							|  |  |  |     machine.succeed(f"curl --fail http://[{ip6}]/ > /dev/null") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     with subtest( | 
					
						
							|  |  |  |         "nixos-container show-ip works in case of an ipv4 address " | 
					
						
							|  |  |  |         + "with subnetmask in CIDR notation." | 
					
						
							|  |  |  |     ): | 
					
						
							|  |  |  |         result = machine.succeed("nixos-container show-ip webserver").rstrip() | 
					
						
							|  |  |  |         assert result == ip | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     with subtest("Stop the container"): | 
					
						
							|  |  |  |         machine.succeed("nixos-container stop webserver") | 
					
						
							|  |  |  |         machine.fail( | 
					
						
							|  |  |  |             f"curl --fail --connect-timeout 2 http://{ip}/ > /dev/null", | 
					
						
							|  |  |  |             f"curl --fail --connect-timeout 2 http://[{ip6}]/ > /dev/null", | 
					
						
							|  |  |  |         ) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     # Destroying a declarative container should fail. | 
					
						
							|  |  |  |     machine.fail("nixos-container destroy webserver") | 
					
						
							|  |  |  |   '';
 | 
					
						
							| 
									
										
										
										
											2016-01-31 21:45:05 +01:00
										 |  |  | }) |