nixpkgs/nixos/tests/lxd.nix

import ./make-test-python.nix ({ pkgs, ...} :

let
  # Since we don't have access to the internet during the tests, we have to
  # pre-fetch lxd containers beforehand.
  #
  # I've chosen to import Alpine Linux, because its image is turbo-tiny and,
  # generally, sufficient for our tests.
  alpine-meta = pkgs.fetchurl {
    url = "https://tarballs.nixos.org/alpine/3.12/lxd.tar.xz";
    hash = "sha256-1tcKaO9lOkvqfmG/7FMbfAEToAuFy2YMewS8ysBKuLA=";
  };

  alpine-rootfs = pkgs.fetchurl {
    url = "https://tarballs.nixos.org/alpine/3.12/rootfs.tar.xz";
    hash = "sha256-Tba9sSoaiMtQLY45u7p5DMqXTSDgs/763L/SQp0bkCA=";
  };

  lxd-config = pkgs.writeText "config.yaml" ''
    storage_pools:
      - name: default
        driver: dir
        config:
          source: /var/lxd-pool

    networks:
      - name: lxdbr0
        type: bridge
        config:
          ipv4.address: auto
          ipv6.address: none

    profiles:
      - name: default
        devices:
          eth0:
            name: eth0
            network: lxdbr0
            type: nic
          root:
            path: /
            pool: default
            type: disk
  '';


in {
  name = "lxd";

  meta = with pkgs.stdenv.lib.maintainers; {
    maintainers = [ patryk27 ];
  };

  machine = { lib, ... }: {
    virtualisation = {
      # Since we're testing `limits.cpu`, we've gotta have a known number of
      # cores to lean on
      cores = 2;

      # Ditto, for `limits.memory`
      memorySize = 512;

      lxc.lxcfs.enable = true;
      lxd.enable = true;
    };
  };

  testScript = ''
    machine.wait_for_unit("sockets.target")
    machine.wait_for_unit("lxd.service")
    machine.wait_for_file("/var/lib/lxd/unix.socket")

    # It takes additional second for lxd to settle
    machine.sleep(1)

    # lxd expects the pool's directory to already exist
    machine.succeed("mkdir /var/lxd-pool")

    machine.succeed(
        "cat ${lxd-config} | lxd init --preseed"
    )

    machine.succeed(
        "lxc image import ${alpine-meta} ${alpine-rootfs} --alias alpine"
    )

    with subtest("Containers can be launched and destroyed"):
        machine.succeed("lxc launch alpine test")
        machine.succeed("lxc exec test true")
        machine.succeed("lxc delete -f test")

    with subtest("Containers are being mounted with lxcfs inside"):
        machine.succeed("lxc launch alpine test")

        ## ---------- ##
        ## limits.cpu ##

        machine.succeed("lxc config set test limits.cpu 1")

        # Since Alpine doesn't have `nproc` pre-installed, we've gotta resort
        # to the primal methods
        assert (
            "1"
            == machine.succeed("lxc exec test grep -- -c ^processor /proc/cpuinfo").strip()
        )

        machine.succeed("lxc config set test limits.cpu 2")

        assert (
            "2"
            == machine.succeed("lxc exec test grep -- -c ^processor /proc/cpuinfo").strip()
        )

        ## ------------- ##
        ## limits.memory ##

        machine.succeed("lxc config set test limits.memory 64MB")

        assert (
            "MemTotal:          62500 kB"
            == machine.succeed("lxc exec test grep -- MemTotal /proc/meminfo").strip()
        )

        machine.succeed("lxc config set test limits.memory 128MB")

        assert (
            "MemTotal:         125000 kB"
            == machine.succeed("lxc exec test grep -- MemTotal /proc/meminfo").strip()
        )

        machine.succeed("lxc delete -f test")

    with subtest("Unless explicitly changed, lxd leans on iptables"):
        machine.succeed("lsmod | grep ip_tables")
        machine.fail("lsmod | grep nf_tables")
  '';
})
lxd: Add tests 2020-06-08 21:33:21 +02:00			`import ./make-test-python.nix ({ pkgs, ...} :`

			`let`
			`# Since we don't have access to the internet during the tests, we have to`
			`# pre-fetch lxd containers beforehand.`
			`#`
			`# I've chosen to import Alpine Linux, because its image is turbo-tiny and,`
			`# generally, sufficient for our tests.`
			`alpine-meta = pkgs.fetchurl {`
lxd: use stable URL for Alpine's image 2020-09-09 17:25:27 +02:00			`url = "https://tarballs.nixos.org/alpine/3.12/lxd.tar.xz";`
lxd: s/sha256/hash 2020-09-09 20:07:17 +02:00			`hash = "sha256-1tcKaO9lOkvqfmG/7FMbfAEToAuFy2YMewS8ysBKuLA=";`
lxd: Add tests 2020-06-08 21:33:21 +02:00			`};`

			`alpine-rootfs = pkgs.fetchurl {`
lxd: use stable URL for Alpine's image 2020-09-09 17:25:27 +02:00			`url = "https://tarballs.nixos.org/alpine/3.12/rootfs.tar.xz";`
lxd: s/sha256/hash 2020-09-09 20:07:17 +02:00			`hash = "sha256-Tba9sSoaiMtQLY45u7p5DMqXTSDgs/763L/SQp0bkCA=";`
lxd: Add tests 2020-06-08 21:33:21 +02:00			`};`

			`lxd-config = pkgs.writeText "config.yaml" ''`
			`storage_pools:`
			`- name: default`
			`driver: dir`
			`config:`
			`source: /var/lxd-pool`

			`networks:`
			`- name: lxdbr0`
			`type: bridge`
			`config:`
			`ipv4.address: auto`
			`ipv6.address: none`

			`profiles:`
			`- name: default`
			`devices:`
			`eth0:`
			`name: eth0`
			`network: lxdbr0`
			`type: nic`
			`root:`
			`path: /`
			`pool: default`
			`type: disk`
			`'';`

lxd: use stable URL for Alpine's image 2020-09-09 17:25:27 +02:00
lxd: Add tests 2020-06-08 21:33:21 +02:00			`in {`
			`name = "lxd";`
lxd: use stable URL for Alpine's image 2020-09-09 17:25:27 +02:00
lxd: Add tests 2020-06-08 21:33:21 +02:00			`meta = with pkgs.stdenv.lib.maintainers; {`
			`maintainers = [ patryk27 ];`
			`};`

			`machine = { lib, ... }: {`
			`virtualisation = {`
			# Since we're testing `limits.cpu`, we've gotta have a known number of
lxd: use stable URL for Alpine's image 2020-09-09 17:25:27 +02:00			`# cores to lean on`
lxd: Add tests 2020-06-08 21:33:21 +02:00			`cores = 2;`

			# Ditto, for `limits.memory`
			`memorySize = 512;`

			`lxc.lxcfs.enable = true;`
			`lxd.enable = true;`
			`};`
			`};`

			`testScript = ''`
			`machine.wait_for_unit("sockets.target")`
			`machine.wait_for_unit("lxd.service")`
lxd: add `wait_for_file()` to ensure LXD is actually running 2020-09-09 19:46:21 +02:00			`machine.wait_for_file("/var/lib/lxd/unix.socket")`
lxd: Add tests 2020-06-08 21:33:21 +02:00
			`# It takes additional second for lxd to settle`
			`machine.sleep(1)`

			`# lxd expects the pool's directory to already exist`
			`machine.succeed("mkdir /var/lxd-pool")`

			`machine.succeed(`
			`"cat ${lxd-config} \| lxd init --preseed"`
			`)`

			`machine.succeed(`
			`"lxc image import ${alpine-meta} ${alpine-rootfs} --alias alpine"`
			`)`

			`with subtest("Containers can be launched and destroyed"):`
			`machine.succeed("lxc launch alpine test")`
			`machine.succeed("lxc exec test true")`
			`machine.succeed("lxc delete -f test")`

			`with subtest("Containers are being mounted with lxcfs inside"):`
			`machine.succeed("lxc launch alpine test")`

			`## ---------- ##`
			`## limits.cpu ##`

			`machine.succeed("lxc config set test limits.cpu 1")`

			# Since Alpine doesn't have `nproc` pre-installed, we've gotta resort
			`# to the primal methods`
			`assert (`
			`"1"`
			`== machine.succeed("lxc exec test grep -- -c ^processor /proc/cpuinfo").strip()`
			`)`

			`machine.succeed("lxc config set test limits.cpu 2")`

			`assert (`
			`"2"`
			`== machine.succeed("lxc exec test grep -- -c ^processor /proc/cpuinfo").strip()`
			`)`

			`## ------------- ##`
			`## limits.memory ##`

			`machine.succeed("lxc config set test limits.memory 64MB")`

			`assert (`
			`"MemTotal: 62500 kB"`
			`== machine.succeed("lxc exec test grep -- MemTotal /proc/meminfo").strip()`
			`)`

			`machine.succeed("lxc config set test limits.memory 128MB")`

			`assert (`
			`"MemTotal: 125000 kB"`
			`== machine.succeed("lxc exec test grep -- MemTotal /proc/meminfo").strip()`
			`)`

			`machine.succeed("lxc delete -f test")`

			`with subtest("Unless explicitly changed, lxd leans on iptables"):`
			`machine.succeed("lsmod \| grep ip_tables")`
			`machine.fail("lsmod \| grep nf_tables")`
			`'';`
			`})`