public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/tests/nat: Add tests for standalone and firewall based nat

Browse Source
This commit is contained in:
William A. Kennington III 2014-09-18 13:34:29 -07:00
parent b047f2ddec
commit 8250059a9f
3 changed files with 71 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
nixos/release-combined.nix
View File

@ -61,7 +61,8 @@ in rec {
(all nixos.tests.kde4) (all nixos.tests.kde4)
(all nixos.tests.login) (all nixos.tests.login)
(all nixos.tests.misc) (all nixos.tests.misc)
(all nixos.tests.nat) (all nixos.tests.nat.firewall)
(all nixos.tests.nat.standalone)
(all nixos.tests.nfs3) (all nixos.tests.nfs3)
(all nixos.tests.openssh) (all nixos.tests.openssh)
(all nixos.tests.printing) (all nixos.tests.printing)

3
nixos/release.nix
View File

@ -244,7 +244,8 @@ in rec {
tests.munin = callTest tests/munin.nix {}; tests.munin = callTest tests/munin.nix {};
tests.mysql = callTest tests/mysql.nix {}; tests.mysql = callTest tests/mysql.nix {};
tests.mysqlReplication = callTest tests/mysql-replication.nix {}; tests.mysqlReplication = callTest tests/mysql-replication.nix {};
tests.nat = callTest tests/nat.nix {}; tests.nat.firewall = callTest tests/nat.nix { withFirewall = true; };
tests.nat.standalone = callTest tests/nat.nix { withFirewall = false; };
tests.nfs3 = callTest tests/nfs.nix { version = 3; }; tests.nfs3 = callTest tests/nfs.nix { version = 3; };
tests.nsd = callTest tests/nsd.nix {}; tests.nsd = callTest tests/nsd.nix {};
tests.openssh = callTest tests/openssh.nix {}; tests.openssh = callTest tests/openssh.nix {};

19
nixos/tests/nat.nix
View File

@ -3,9 +3,12 @@
# client on the inside network, a server on the outside network, and a # client on the inside network, a server on the outside network, and a
# router connected to both that performs Network Address Translation # router connected to both that performs Network Address Translation
# for the client. # for the client.
import ./make-test.nix ({ withFirewall, ... }:
import ./make-test.nix { let
name = "nat"; unit = if withFirewall then "firewall" else "nat";
in
{
name = "nat${if withFirewall then "WithFirewall" else "Standalone"}";
nodes = nodes =
{ client = { client =
@ -19,6 +22,7 @@ import ./make-test.nix {
router = router =
{ config, pkgs, ... }: { config, pkgs, ... }:
{ virtualisation.vlans = [ 2 1 ]; { virtualisation.vlans = [ 2 1 ];
networking.firewall.enable = withFirewall;
networking.firewall.allowPing = true; networking.firewall.allowPing = true;
networking.nat.enable = true; networking.nat.enable = true;
networking.nat.internalIPs = [ "192.168.1.0/24" ]; networking.nat.internalIPs = [ "192.168.1.0/24" ];
@ -48,7 +52,7 @@ import ./make-test.nix {
$router->succeed("curl --fail http://server/ >&2"); $router->succeed("curl --fail http://server/ >&2");
# The client should be also able to connect via the NAT router. # The client should be also able to connect via the NAT router.
$router->waitForUnit("firewall"); # Nat leverages the firewall service $router->waitForUnit("${unit}");
$client->waitForUnit("network.target"); $client->waitForUnit("network.target");
$client->succeed("curl --fail http://server/ >&2"); $client->succeed("curl --fail http://server/ >&2");
$client->succeed("ping -c 1 server >&2"); $client->succeed("ping -c 1 server >&2");
@ -71,10 +75,9 @@ import ./make-test.nix {
$client->fail("curl --fail --connect-timeout 5 http://server/ >&2"); $client->fail("curl --fail --connect-timeout 5 http://server/ >&2");
$client->fail("ping -c 1 server >&2"); $client->fail("ping -c 1 server >&2");
# And make sure that restarting the NAT job works. # And make sure that reloading the NAT job works.
$router->succeed("systemctl reload firewall"); # Nat leverages the firewall service $router->succeed("systemctl restart ${unit}");
$client->succeed("curl --fail http://server/ >&2"); $client->succeed("curl --fail http://server/ >&2");
$client->succeed("ping -c 1 server >&2"); $client->succeed("ping -c 1 server >&2");
''; '';
})
}