nixpkgs/nixos/tests/containers-physical_interfaces.nix

import ./make-test-python.nix ({ pkgs, lib, ... }: {
  name = "containers-physical_interfaces";
  meta = {
    maintainers = with lib.maintainers; [ kampfschlaefer ];
  };

  nodes = {
    server = { ... }:
      {
        virtualisation.memorySize = 256;
        virtualisation.vlans = [ 1 ];

        containers.server = {
          privateNetwork = true;
          interfaces = [ "eth1" ];

          config = {
            networking.interfaces.eth1.ipv4.addresses = [
              { address = "10.10.0.1"; prefixLength = 24; }
            ];
            networking.firewall.enable = false;
          };
        };
      };
    bridged = { ... }: {
      virtualisation.memorySize = 128;
      virtualisation.vlans = [ 1 ];

      containers.bridged = {
        privateNetwork = true;
        interfaces = [ "eth1" ];

        config = {
          networking.bridges.br0.interfaces = [ "eth1" ];
          networking.interfaces.br0.ipv4.addresses = [
            { address = "10.10.0.2"; prefixLength = 24; }
          ];
          networking.firewall.enable = false;
        };
      };
    };

    bonded = { ... }: {
      virtualisation.memorySize = 128;
      virtualisation.vlans = [ 1 ];

      containers.bonded = {
        privateNetwork = true;
        interfaces = [ "eth1" ];

        config = {
          networking.bonds.bond0 = {
            interfaces = [ "eth1" ];
            driverOptions.mode = "active-backup";
          };
          networking.interfaces.bond0.ipv4.addresses = [
            { address = "10.10.0.3"; prefixLength = 24; }
          ];
          networking.firewall.enable = false;
        };
      };
    };

    bridgedbond = { ... }: {
      virtualisation.memorySize = 128;
      virtualisation.vlans = [ 1 ];

      containers.bridgedbond = {
        privateNetwork = true;
        interfaces = [ "eth1" ];

        config = {
          networking.bonds.bond0 = {
            interfaces = [ "eth1" ];
            driverOptions.mode = "active-backup";
          };
          networking.bridges.br0.interfaces = [ "bond0" ];
          networking.interfaces.br0.ipv4.addresses = [
            { address = "10.10.0.4"; prefixLength = 24; }
          ];
          networking.firewall.enable = false;
        };
      };
    };
  };

  testScript = ''
    start_all()

    with subtest("Prepare server"):
        server.wait_for_unit("default.target")
        server.succeed("ip link show dev eth1 >&2")

    with subtest("Simple physical interface is up"):
        server.succeed("nixos-container start server")
        server.wait_for_unit("container@server")
        server.succeed(
            "systemctl -M server list-dependencies network-addresses-eth1.service >&2"
        )

        # The other tests will ping this container on its ip. Here we just check
        # that the device is present in the container.
        server.succeed("nixos-container run server -- ip a show dev eth1 >&2")

    with subtest("Physical device in bridge in container can ping server"):
        bridged.wait_for_unit("default.target")
        bridged.succeed("nixos-container start bridged")
        bridged.wait_for_unit("container@bridged")
        bridged.succeed(
            "systemctl -M bridged list-dependencies network-addresses-br0.service >&2",
            "systemctl -M bridged status -n 30 -l network-addresses-br0.service",
            "nixos-container run bridged -- ping -w 10 -c 1 -n 10.10.0.1",
        )

    with subtest("Physical device in bond in container can ping server"):
        bonded.wait_for_unit("default.target")
        bonded.succeed("nixos-container start bonded")
        bonded.wait_for_unit("container@bonded")
        bonded.succeed(
            "systemctl -M bonded list-dependencies network-addresses-bond0 >&2",
            "systemctl -M bonded status -n 30 -l network-addresses-bond0 >&2",
            "nixos-container run bonded -- ping -w 10 -c 1 -n 10.10.0.1",
        )

    with subtest("Physical device in bond in bridge in container can ping server"):
        bridgedbond.wait_for_unit("default.target")
        bridgedbond.succeed("nixos-container start bridgedbond")
        bridgedbond.wait_for_unit("container@bridgedbond")
        bridgedbond.succeed(
            "systemctl -M bridgedbond list-dependencies network-addresses-br0.service >&2",
            "systemctl -M bridgedbond status -n 30 -l network-addresses-br0.service",
            "nixos-container run bridgedbond -- ping -w 10 -c 1 -n 10.10.0.1",
        )
  '';
})
nixos/containers: styling improvements 2021-02-26 16:03:49 +01:00			`import ./make-test-python.nix ({ pkgs, lib, ... }: {`
containers: Do not wait for udev for network devices Test that adding physical devices to containers works, find that network setup then doesn't work because there is no udev in the container to tell systemd that the device is present. Fixed by not depending on the device in the container. Activate the new container test for release Bonds, bridges and other network devices need the underlying not as dependency when used inside the container. Because the device is already there. But the address configuration needs the aggregated device itself. 2016-09-30 10:45:48 +02:00			`name = "containers-physical_interfaces";`
nixos/containers: styling improvements 2021-02-26 16:03:49 +01:00			`meta = {`
			`maintainers = with lib.maintainers; [ kampfschlaefer ];`
containers: Do not wait for udev for network devices Test that adding physical devices to containers works, find that network setup then doesn't work because there is no udev in the container to tell systemd that the device is present. Fixed by not depending on the device in the container. Activate the new container test for release Bonds, bridges and other network devices need the underlying not as dependency when used inside the container. Because the device is already there. But the address configuration needs the aggregated device itself. 2016-09-30 10:45:48 +02:00			`};`

			`nodes = {`
[bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00			`server = { ... }:`
containers: Do not wait for udev for network devices Test that adding physical devices to containers works, find that network setup then doesn't work because there is no udev in the container to tell systemd that the device is present. Fixed by not depending on the device in the container. Activate the new container test for release Bonds, bridges and other network devices need the underlying not as dependency when used inside the container. Because the device is already there. But the address configuration needs the aggregated device itself. 2016-09-30 10:45:48 +02:00			`{`
			`virtualisation.memorySize = 256;`
			`virtualisation.vlans = [ 1 ];`

			`containers.server = {`
			`privateNetwork = true;`
			`interfaces = [ "eth1" ];`

			`config = {`
nixos/tests: rename IP addresses/routes options 2017-12-03 05:14:54 +01:00			`networking.interfaces.eth1.ipv4.addresses = [`
			`{ address = "10.10.0.1"; prefixLength = 24; }`
			`];`
containers: Do not wait for udev for network devices Test that adding physical devices to containers works, find that network setup then doesn't work because there is no udev in the container to tell systemd that the device is present. Fixed by not depending on the device in the container. Activate the new container test for release Bonds, bridges and other network devices need the underlying not as dependency when used inside the container. Because the device is already there. But the address configuration needs the aggregated device itself. 2016-09-30 10:45:48 +02:00			`networking.firewall.enable = false;`
			`};`
			`};`
			`};`
[bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00			`bridged = { ... }: {`
containers: Improve device dependency tracking Now the tracking works with aggregated devices on aggregated devices. So container with physical device where the device is put in a bond which is the basis for a bridge is now handled correctly. 2016-09-30 14:52:46 +02:00			`virtualisation.memorySize = 128;`
containers: Do not wait for udev for network devices Test that adding physical devices to containers works, find that network setup then doesn't work because there is no udev in the container to tell systemd that the device is present. Fixed by not depending on the device in the container. Activate the new container test for release Bonds, bridges and other network devices need the underlying not as dependency when used inside the container. Because the device is already there. But the address configuration needs the aggregated device itself. 2016-09-30 10:45:48 +02:00			`virtualisation.vlans = [ 1 ];`

containers: Improve device dependency tracking Now the tracking works with aggregated devices on aggregated devices. So container with physical device where the device is put in a bond which is the basis for a bridge is now handled correctly. 2016-09-30 14:52:46 +02:00			`containers.bridged = {`
containers: Do not wait for udev for network devices Test that adding physical devices to containers works, find that network setup then doesn't work because there is no udev in the container to tell systemd that the device is present. Fixed by not depending on the device in the container. Activate the new container test for release Bonds, bridges and other network devices need the underlying not as dependency when used inside the container. Because the device is already there. But the address configuration needs the aggregated device itself. 2016-09-30 10:45:48 +02:00			`privateNetwork = true;`
			`interfaces = [ "eth1" ];`

			`config = {`
			`networking.bridges.br0.interfaces = [ "eth1" ];`
nixos/tests: rename IP addresses/routes options 2017-12-03 05:14:54 +01:00			`networking.interfaces.br0.ipv4.addresses = [`
			`{ address = "10.10.0.2"; prefixLength = 24; }`
			`];`
containers: Do not wait for udev for network devices Test that adding physical devices to containers works, find that network setup then doesn't work because there is no udev in the container to tell systemd that the device is present. Fixed by not depending on the device in the container. Activate the new container test for release Bonds, bridges and other network devices need the underlying not as dependency when used inside the container. Because the device is already there. But the address configuration needs the aggregated device itself. 2016-09-30 10:45:48 +02:00			`networking.firewall.enable = false;`
			`};`
			`};`
			`};`
containers: Improve device dependency tracking Now the tracking works with aggregated devices on aggregated devices. So container with physical device where the device is put in a bond which is the basis for a bridge is now handled correctly. 2016-09-30 14:52:46 +02:00
[bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00			`bonded = { ... }: {`
containers: Improve device dependency tracking Now the tracking works with aggregated devices on aggregated devices. So container with physical device where the device is put in a bond which is the basis for a bridge is now handled correctly. 2016-09-30 14:52:46 +02:00			`virtualisation.memorySize = 128;`
			`virtualisation.vlans = [ 1 ];`

			`containers.bonded = {`
			`privateNetwork = true;`
			`interfaces = [ "eth1" ];`

			`config = {`
			`networking.bonds.bond0 = {`
			`interfaces = [ "eth1" ];`
nixos/containers-physical_interfaces: use new bond option interface 2018-03-31 18:59:55 +01:00			`driverOptions.mode = "active-backup";`
containers: Improve device dependency tracking Now the tracking works with aggregated devices on aggregated devices. So container with physical device where the device is put in a bond which is the basis for a bridge is now handled correctly. 2016-09-30 14:52:46 +02:00			`};`
nixos/tests: rename IP addresses/routes options 2017-12-03 05:14:54 +01:00			`networking.interfaces.bond0.ipv4.addresses = [`
			`{ address = "10.10.0.3"; prefixLength = 24; }`
			`];`
containers: Improve device dependency tracking Now the tracking works with aggregated devices on aggregated devices. So container with physical device where the device is put in a bond which is the basis for a bridge is now handled correctly. 2016-09-30 14:52:46 +02:00			`networking.firewall.enable = false;`
			`};`
			`};`
			`};`

[bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00			`bridgedbond = { ... }: {`
containers: Improve device dependency tracking Now the tracking works with aggregated devices on aggregated devices. So container with physical device where the device is put in a bond which is the basis for a bridge is now handled correctly. 2016-09-30 14:52:46 +02:00			`virtualisation.memorySize = 128;`
			`virtualisation.vlans = [ 1 ];`

			`containers.bridgedbond = {`
			`privateNetwork = true;`
			`interfaces = [ "eth1" ];`

			`config = {`
			`networking.bonds.bond0 = {`
			`interfaces = [ "eth1" ];`
nixos/containers-physical_interfaces: use new bond option interface 2018-03-31 18:59:55 +01:00			`driverOptions.mode = "active-backup";`
containers: Improve device dependency tracking Now the tracking works with aggregated devices on aggregated devices. So container with physical device where the device is put in a bond which is the basis for a bridge is now handled correctly. 2016-09-30 14:52:46 +02:00			`};`
			`networking.bridges.br0.interfaces = [ "bond0" ];`
nixos/tests: rename IP addresses/routes options 2017-12-03 05:14:54 +01:00			`networking.interfaces.br0.ipv4.addresses = [`
			`{ address = "10.10.0.4"; prefixLength = 24; }`
			`];`
containers: Improve device dependency tracking Now the tracking works with aggregated devices on aggregated devices. So container with physical device where the device is put in a bond which is the basis for a bridge is now handled correctly. 2016-09-30 14:52:46 +02:00			`networking.firewall.enable = false;`
			`};`
			`};`
			`};`
containers: Do not wait for udev for network devices Test that adding physical devices to containers works, find that network setup then doesn't work because there is no udev in the container to tell systemd that the device is present. Fixed by not depending on the device in the container. Activate the new container test for release Bonds, bridges and other network devices need the underlying not as dependency when used inside the container. Because the device is already there. But the address configuration needs the aggregated device itself. 2016-09-30 10:45:48 +02:00			`};`

			`testScript = ''`
nixosTests.containers*: port rest to python 2019-12-01 02:29:24 +01:00			`start_all()`

			`with subtest("Prepare server"):`
			`server.wait_for_unit("default.target")`
			`server.succeed("ip link show dev eth1 >&2")`

			`with subtest("Simple physical interface is up"):`
			`server.succeed("nixos-container start server")`
			`server.wait_for_unit("container@server")`
			`server.succeed(`
			`"systemctl -M server list-dependencies network-addresses-eth1.service >&2"`
			`)`

			`# The other tests will ping this container on its ip. Here we just check`
			`# that the device is present in the container.`
			`server.succeed("nixos-container run server -- ip a show dev eth1 >&2")`

			`with subtest("Physical device in bridge in container can ping server"):`
			`bridged.wait_for_unit("default.target")`
			`bridged.succeed("nixos-container start bridged")`
			`bridged.wait_for_unit("container@bridged")`
			`bridged.succeed(`
			`"systemctl -M bridged list-dependencies network-addresses-br0.service >&2",`
			`"systemctl -M bridged status -n 30 -l network-addresses-br0.service",`
			`"nixos-container run bridged -- ping -w 10 -c 1 -n 10.10.0.1",`
			`)`

			`with subtest("Physical device in bond in container can ping server"):`
			`bonded.wait_for_unit("default.target")`
			`bonded.succeed("nixos-container start bonded")`
			`bonded.wait_for_unit("container@bonded")`
			`bonded.succeed(`
			`"systemctl -M bonded list-dependencies network-addresses-bond0 >&2",`
			`"systemctl -M bonded status -n 30 -l network-addresses-bond0 >&2",`
			`"nixos-container run bonded -- ping -w 10 -c 1 -n 10.10.0.1",`
			`)`

			`with subtest("Physical device in bond in bridge in container can ping server"):`
			`bridgedbond.wait_for_unit("default.target")`
			`bridgedbond.succeed("nixos-container start bridgedbond")`
			`bridgedbond.wait_for_unit("container@bridgedbond")`
			`bridgedbond.succeed(`
			`"systemctl -M bridgedbond list-dependencies network-addresses-br0.service >&2",`
			`"systemctl -M bridgedbond status -n 30 -l network-addresses-br0.service",`
			`"nixos-container run bridgedbond -- ping -w 10 -c 1 -n 10.10.0.1",`
			`)`
containers: Do not wait for udev for network devices Test that adding physical devices to containers works, find that network setup then doesn't work because there is no udev in the container to tell systemd that the device is present. Fixed by not depending on the device in the container. Activate the new container test for release Bonds, bridges and other network devices need the underlying not as dependency when used inside the container. Because the device is already there. But the address configuration needs the aggregated device itself. 2016-09-30 10:45:48 +02:00			`'';`
			`})`