public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nixpkgs/nixos/tests/nat.nix

80 lines
2.6 KiB
Nix
Raw Normal View History

* Allow more complex network topologies in distributed tests. Each machine can now declare an option `virtualisation.vlans' that causes it to have network interfaces connected to each listed virtual network. For instance, virtualisation.vlans = [ 1 2 ]; causes the machine to have two interfaces (in addition to eth0, used by the test driver to control the machine): eth1 connected to network 1 with IP address 192.168.1.<i>, and eth2 connected to network 2 with address 192.168.2.<i> (where <i> is the index of the machine in the `nodes' attribute set). On the other hand, virtualisation.vlans = [ 2 ]; causes the machine to only have an eth1 connected to network 2 with address 192.168.2.<i>. So each virtual network <n> is assigned the IP range 192.168.<n>.0/24. Each virtual network is implemented using a separate multicast address on the host, so guests really cannot talk to networks to which they are not connected. * Added a simple NAT test to demonstrate this. * Added an option `virtualisation.qemu.options' to specify QEMU command-line options. Used to factor out some commonality between the test driver script and the interactive test script. svn path=/nixos/trunk/; revision=21928
2010-05-20 21:07:32 +00:00
# This is a simple distributed test involving a topology with two
# separate virtual networks - the "inside" and the "outside" - with a
# client on the inside network, a server on the outside network, and a
# router connected to both that performs Network Address Translation
# for the client.
Make it easier to run the tests You can now run a test in the nixos/tests directory directly using nix-build, e.g. $ nix-build '<nixos/tests/login.nix>' -A test This gets rid of having to add the test to nixos/tests/default.nix. (Of course, you still need to add it to nixos/release.nix if you want Hydra to run the test.)
2014-04-14 14:02:44 +02:00
import ./make-test.nix {
name nixos tests, close #3078
2014-06-28 16:04:49 +02:00
name = "nat";
* Allow more complex network topologies in distributed tests. Each machine can now declare an option `virtualisation.vlans' that causes it to have network interfaces connected to each listed virtual network. For instance, virtualisation.vlans = [ 1 2 ]; causes the machine to have two interfaces (in addition to eth0, used by the test driver to control the machine): eth1 connected to network 1 with IP address 192.168.1.<i>, and eth2 connected to network 2 with address 192.168.2.<i> (where <i> is the index of the machine in the `nodes' attribute set). On the other hand, virtualisation.vlans = [ 2 ]; causes the machine to only have an eth1 connected to network 2 with address 192.168.2.<i>. So each virtual network <n> is assigned the IP range 192.168.<n>.0/24. Each virtual network is implemented using a separate multicast address on the host, so guests really cannot talk to networks to which they are not connected. * Added a simple NAT test to demonstrate this. * Added an option `virtualisation.qemu.options' to specify QEMU command-line options. Used to factor out some commonality between the test driver script and the interactive test script. svn path=/nixos/trunk/; revision=21928
2010-05-20 21:07:32 +00:00
nodes =
strip trailing whitespace; no functional change svn path=/nixos/trunk/; revision=29285
2011-09-14 18:20:50 +00:00
{ client =
* Expose networking.interfaces as an attribute set keyed on the interface name through the derived option networking.ifaces. This makes it easier to get information about specific interfaces (e.g. `nodes.router.config.networking.ifaces.eth2.ipAddress'). Really networking.interfaces should be an attribute set. svn path=/nixos/trunk/; revision=21938
2010-05-21 14:12:03 +00:00
{ config, pkgs, nodes, ... }:
* Allow more complex network topologies in distributed tests. Each machine can now declare an option `virtualisation.vlans' that causes it to have network interfaces connected to each listed virtual network. For instance, virtualisation.vlans = [ 1 2 ]; causes the machine to have two interfaces (in addition to eth0, used by the test driver to control the machine): eth1 connected to network 1 with IP address 192.168.1.<i>, and eth2 connected to network 2 with address 192.168.2.<i> (where <i> is the index of the machine in the `nodes' attribute set). On the other hand, virtualisation.vlans = [ 2 ]; causes the machine to only have an eth1 connected to network 2 with address 192.168.2.<i>. So each virtual network <n> is assigned the IP range 192.168.<n>.0/24. Each virtual network is implemented using a separate multicast address on the host, so guests really cannot talk to networks to which they are not connected. * Added a simple NAT test to demonstrate this. * Added an option `virtualisation.qemu.options' to specify QEMU command-line options. Used to factor out some commonality between the test driver script and the interactive test script. svn path=/nixos/trunk/; revision=21928
2010-05-20 21:07:32 +00:00
{ virtualisation.vlans = [ 1 ];
Fix tests broken due to the firewall being enabled by default
2014-04-11 17:15:56 +02:00
networking.firewall.allowPing = true;
* Expose networking.interfaces as an attribute set keyed on the interface name through the derived option networking.ifaces. This makes it easier to get information about specific interfaces (e.g. `nodes.router.config.networking.ifaces.eth2.ipAddress'). Really networking.interfaces should be an attribute set. svn path=/nixos/trunk/; revision=21938
2010-05-21 14:12:03 +00:00
networking.defaultGateway =
Turn networking.interfaces into an attribute set Thus networking.interfaces = [ { name = "eth0"; ipAddress = "192.168.15.1"; } ]; can now be written as networking.interfaces.eth0.ipAddress = "192.168.15.1"; The old notation still works though.
2012-11-02 17:08:11 +01:00
nodes.router.config.networking.interfaces.eth2.ipAddress;
* Allow more complex network topologies in distributed tests. Each machine can now declare an option `virtualisation.vlans' that causes it to have network interfaces connected to each listed virtual network. For instance, virtualisation.vlans = [ 1 2 ]; causes the machine to have two interfaces (in addition to eth0, used by the test driver to control the machine): eth1 connected to network 1 with IP address 192.168.1.<i>, and eth2 connected to network 2 with address 192.168.2.<i> (where <i> is the index of the machine in the `nodes' attribute set). On the other hand, virtualisation.vlans = [ 2 ]; causes the machine to only have an eth1 connected to network 2 with address 192.168.2.<i>. So each virtual network <n> is assigned the IP range 192.168.<n>.0/24. Each virtual network is implemented using a separate multicast address on the host, so guests really cannot talk to networks to which they are not connected. * Added a simple NAT test to demonstrate this. * Added an option `virtualisation.qemu.options' to specify QEMU command-line options. Used to factor out some commonality between the test driver script and the interactive test script. svn path=/nixos/trunk/; revision=21928
2010-05-20 21:07:32 +00:00
};
strip trailing whitespace; no functional change svn path=/nixos/trunk/; revision=29285
2011-09-14 18:20:50 +00:00
router =
* Allow more complex network topologies in distributed tests. Each machine can now declare an option `virtualisation.vlans' that causes it to have network interfaces connected to each listed virtual network. For instance, virtualisation.vlans = [ 1 2 ]; causes the machine to have two interfaces (in addition to eth0, used by the test driver to control the machine): eth1 connected to network 1 with IP address 192.168.1.<i>, and eth2 connected to network 2 with address 192.168.2.<i> (where <i> is the index of the machine in the `nodes' attribute set). On the other hand, virtualisation.vlans = [ 2 ]; causes the machine to only have an eth1 connected to network 2 with address 192.168.2.<i>. So each virtual network <n> is assigned the IP range 192.168.<n>.0/24. Each virtual network is implemented using a separate multicast address on the host, so guests really cannot talk to networks to which they are not connected. * Added a simple NAT test to demonstrate this. * Added an option `virtualisation.qemu.options' to specify QEMU command-line options. Used to factor out some commonality between the test driver script and the interactive test script. svn path=/nixos/trunk/; revision=21928
2010-05-20 21:07:32 +00:00
{ config, pkgs, ... }:
{ virtualisation.vlans = [ 2 1 ];
Fix tests broken due to the firewall being enabled by default
2014-04-11 17:15:56 +02:00
networking.firewall.allowPing = true;
* Add a module for doing Network Address Translation. svn path=/nixos/trunk/; revision=26246
2011-03-10 12:08:39 +00:00
networking.nat.enable = true;
Add lots of missing option types
2013-10-30 17:37:45 +01:00
networking.nat.internalIPs = [ "192.168.1.0/24" ];
* Add a module for doing Network Address Translation. svn path=/nixos/trunk/; revision=26246
2011-03-10 12:08:39 +00:00
networking.nat.externalInterface = "eth1";
* Allow more complex network topologies in distributed tests. Each machine can now declare an option `virtualisation.vlans' that causes it to have network interfaces connected to each listed virtual network. For instance, virtualisation.vlans = [ 1 2 ]; causes the machine to have two interfaces (in addition to eth0, used by the test driver to control the machine): eth1 connected to network 1 with IP address 192.168.1.<i>, and eth2 connected to network 2 with address 192.168.2.<i> (where <i> is the index of the machine in the `nodes' attribute set). On the other hand, virtualisation.vlans = [ 2 ]; causes the machine to only have an eth1 connected to network 2 with address 192.168.2.<i>. So each virtual network <n> is assigned the IP range 192.168.<n>.0/24. Each virtual network is implemented using a separate multicast address on the host, so guests really cannot talk to networks to which they are not connected. * Added a simple NAT test to demonstrate this. * Added an option `virtualisation.qemu.options' to specify QEMU command-line options. Used to factor out some commonality between the test driver script and the interactive test script. svn path=/nixos/trunk/; revision=21928
2010-05-20 21:07:32 +00:00
};
strip trailing whitespace; no functional change svn path=/nixos/trunk/; revision=29285
2011-09-14 18:20:50 +00:00
server =
* Allow more complex network topologies in distributed tests. Each machine can now declare an option `virtualisation.vlans' that causes it to have network interfaces connected to each listed virtual network. For instance, virtualisation.vlans = [ 1 2 ]; causes the machine to have two interfaces (in addition to eth0, used by the test driver to control the machine): eth1 connected to network 1 with IP address 192.168.1.<i>, and eth2 connected to network 2 with address 192.168.2.<i> (where <i> is the index of the machine in the `nodes' attribute set). On the other hand, virtualisation.vlans = [ 2 ]; causes the machine to only have an eth1 connected to network 2 with address 192.168.2.<i>. So each virtual network <n> is assigned the IP range 192.168.<n>.0/24. Each virtual network is implemented using a separate multicast address on the host, so guests really cannot talk to networks to which they are not connected. * Added a simple NAT test to demonstrate this. * Added an option `virtualisation.qemu.options' to specify QEMU command-line options. Used to factor out some commonality between the test driver script and the interactive test script. svn path=/nixos/trunk/; revision=21928
2010-05-20 21:07:32 +00:00
{ config, pkgs, ... }:
{ virtualisation.vlans = [ 2 ];
Fix tests broken due to the firewall being enabled by default
2014-04-11 17:15:56 +02:00
networking.firewall.enable = false;
* Allow more complex network topologies in distributed tests. Each machine can now declare an option `virtualisation.vlans' that causes it to have network interfaces connected to each listed virtual network. For instance, virtualisation.vlans = [ 1 2 ]; causes the machine to have two interfaces (in addition to eth0, used by the test driver to control the machine): eth1 connected to network 1 with IP address 192.168.1.<i>, and eth2 connected to network 2 with address 192.168.2.<i> (where <i> is the index of the machine in the `nodes' attribute set). On the other hand, virtualisation.vlans = [ 2 ]; causes the machine to only have an eth1 connected to network 2 with address 192.168.2.<i>. So each virtual network <n> is assigned the IP range 192.168.<n>.0/24. Each virtual network is implemented using a separate multicast address on the host, so guests really cannot talk to networks to which they are not connected. * Added a simple NAT test to demonstrate this. * Added an option `virtualisation.qemu.options' to specify QEMU command-line options. Used to factor out some commonality between the test driver script and the interactive test script. svn path=/nixos/trunk/; revision=21928
2010-05-20 21:07:32 +00:00
services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
* NAT module: support active FTP. svn path=/nixos/trunk/; revision=26247
2011-03-10 13:03:47 +00:00
services.vsftpd.enable = true;
services.vsftpd.anonymousUser = true;
* Allow more complex network topologies in distributed tests. Each machine can now declare an option `virtualisation.vlans' that causes it to have network interfaces connected to each listed virtual network. For instance, virtualisation.vlans = [ 1 2 ]; causes the machine to have two interfaces (in addition to eth0, used by the test driver to control the machine): eth1 connected to network 1 with IP address 192.168.1.<i>, and eth2 connected to network 2 with address 192.168.2.<i> (where <i> is the index of the machine in the `nodes' attribute set). On the other hand, virtualisation.vlans = [ 2 ]; causes the machine to only have an eth1 connected to network 2 with address 192.168.2.<i>. So each virtual network <n> is assigned the IP range 192.168.<n>.0/24. Each virtual network is implemented using a separate multicast address on the host, so guests really cannot talk to networks to which they are not connected. * Added a simple NAT test to demonstrate this. * Added an option `virtualisation.qemu.options' to specify QEMU command-line options. Used to factor out some commonality between the test driver script and the interactive test script. svn path=/nixos/trunk/; revision=21928
2010-05-20 21:07:32 +00:00
};
};
testScript =
* Optionally pass the computed `nodes' to the test script as a function argument, so that the test script can refer to computed values such as the assigned IP addresses of the virtual machines. svn path=/nixos/trunk/; revision=21939
2010-05-21 14:31:05 +00:00
{ nodes, ... }:
* Allow more complex network topologies in distributed tests. Each machine can now declare an option `virtualisation.vlans' that causes it to have network interfaces connected to each listed virtual network. For instance, virtualisation.vlans = [ 1 2 ]; causes the machine to have two interfaces (in addition to eth0, used by the test driver to control the machine): eth1 connected to network 1 with IP address 192.168.1.<i>, and eth2 connected to network 2 with address 192.168.2.<i> (where <i> is the index of the machine in the `nodes' attribute set). On the other hand, virtualisation.vlans = [ 2 ]; causes the machine to only have an eth1 connected to network 2 with address 192.168.2.<i>. So each virtual network <n> is assigned the IP range 192.168.<n>.0/24. Each virtual network is implemented using a separate multicast address on the host, so guests really cannot talk to networks to which they are not connected. * Added a simple NAT test to demonstrate this. * Added an option `virtualisation.qemu.options' to specify QEMU command-line options. Used to factor out some commonality between the test driver script and the interactive test script. svn path=/nixos/trunk/; revision=21928
2010-05-20 21:07:32 +00:00
''
startAll;
# The router should have access to the server.
In the tests, don't start agetty on /dev/ttyS0 Running agetty on ttyS0 interferes with the backdoor, which uses ttyS0 as its standard error. After agetty starts, writes to the stderr file descriptor will return EIO (though doing "exec 2>/proc/self/fd/2" will miracuously fix this). http://hydra.nixos.org/build/3252782
2012-10-29 21:01:36 +01:00
$server->waitForUnit("network.target");
Tests: global search/replace of obsolete functions
2012-10-24 18:22:53 +02:00
$server->waitForUnit("httpd");
$router->waitForUnit("network.target");
* Add a module for doing Network Address Translation. svn path=/nixos/trunk/; revision=26246
2011-03-10 12:08:39 +00:00
$router->succeed("curl --fail http://server/ >&2");
# The client should be also able to connect via the NAT router.
Tests: global search/replace of obsolete functions
2012-10-24 18:22:53 +02:00
$router->waitForUnit("nat");
$client->waitForUnit("network.target");
* Add a module for doing Network Address Translation. svn path=/nixos/trunk/; revision=26246
2011-03-10 12:08:39 +00:00
$client->succeed("curl --fail http://server/ >&2");
$client->succeed("ping -c 1 server >&2");
strip trailing whitespace; no functional change svn path=/nixos/trunk/; revision=29285
2011-09-14 18:20:50 +00:00
* NAT module: support active FTP. svn path=/nixos/trunk/; revision=26247
2011-03-10 13:03:47 +00:00
# Test whether passive FTP works.
Tests: global search/replace of obsolete functions
2012-10-24 18:22:53 +02:00
$server->waitForUnit("vsftpd");
* NAT module: support active FTP. svn path=/nixos/trunk/; revision=26247
2011-03-10 13:03:47 +00:00
$server->succeed("echo Hello World > /home/ftp/foo.txt");
$client->succeed("curl -v ftp://server/foo.txt >&2");
strip trailing whitespace; no functional change svn path=/nixos/trunk/; revision=29285
2011-09-14 18:20:50 +00:00
* NAT module: support active FTP. svn path=/nixos/trunk/; revision=26247
2011-03-10 13:03:47 +00:00
# Test whether active FTP works.
$client->succeed("curl -v -P - ftp://server/foo.txt >&2");
# Test ICMP.
$client->succeed("ping -c 1 router >&2");
$router->succeed("ping -c 1 client >&2");
strip trailing whitespace; no functional change svn path=/nixos/trunk/; revision=29285
2011-09-14 18:20:50 +00:00
* Add a module for doing Network Address Translation. svn path=/nixos/trunk/; revision=26246
2011-03-10 12:08:39 +00:00
# If we turn off NAT, the client shouldn't be able to reach the server.
Update some tests for systemd
2012-10-24 18:11:21 +02:00
$router->stopJob("nat");
* Add a module for doing Network Address Translation. svn path=/nixos/trunk/; revision=26246
2011-03-10 12:08:39 +00:00
$client->fail("curl --fail --connect-timeout 5 http://server/ >&2");
$client->fail("ping -c 1 server >&2");
# And make sure that restarting the NAT job works.
In the tests, don't start agetty on /dev/ttyS0 Running agetty on ttyS0 interferes with the backdoor, which uses ttyS0 as its standard error. After agetty starts, writes to the stderr file descriptor will return EIO (though doing "exec 2>/proc/self/fd/2" will miracuously fix this). http://hydra.nixos.org/build/3252782
2012-10-29 21:01:36 +01:00
$router->succeed("systemctl start nat");
* Add a module for doing Network Address Translation. svn path=/nixos/trunk/; revision=26246
2011-03-10 12:08:39 +00:00
$client->succeed("curl --fail http://server/ >&2");
$client->succeed("ping -c 1 server >&2");
* Allow more complex network topologies in distributed tests. Each machine can now declare an option `virtualisation.vlans' that causes it to have network interfaces connected to each listed virtual network. For instance, virtualisation.vlans = [ 1 2 ]; causes the machine to have two interfaces (in addition to eth0, used by the test driver to control the machine): eth1 connected to network 1 with IP address 192.168.1.<i>, and eth2 connected to network 2 with address 192.168.2.<i> (where <i> is the index of the machine in the `nodes' attribute set). On the other hand, virtualisation.vlans = [ 2 ]; causes the machine to only have an eth1 connected to network 2 with address 192.168.2.<i>. So each virtual network <n> is assigned the IP range 192.168.<n>.0/24. Each virtual network is implemented using a separate multicast address on the host, so guests really cannot talk to networks to which they are not connected. * Added a simple NAT test to demonstrate this. * Added an option `virtualisation.qemu.options' to specify QEMU command-line options. Used to factor out some commonality between the test driver script and the interactive test script. svn path=/nixos/trunk/; revision=21928
2010-05-20 21:07:32 +00:00
'';
}
Reference in New Issue Copy Permalink