From 2bb57ef7761fc9d408bb27b2733d36c8640e0e4b Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Mon, 4 Sep 2017 19:02:05 -0400 Subject: [PATCH 1/2] docker: Allow package selection in module --- nixos/modules/virtualisation/docker.nix | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/nixos/modules/virtualisation/docker.nix b/nixos/modules/virtualisation/docker.nix index 5a8a0e27436..a9a2095499a 100644 --- a/nixos/modules/virtualisation/docker.nix +++ b/nixos/modules/virtualisation/docker.nix @@ -126,14 +126,23 @@ in ''; }; }; + + package = mkOption { + default = pkgs.docker; + type = types.package; + example = pkgs.docker-edge; + description = '' + Docker package to be used in the module. + ''; + }; }; ###### implementation config = mkIf cfg.enable (mkMerge [{ - environment.systemPackages = [ pkgs.docker ]; + environment.systemPackages = [ cfg.package ]; users.extraGroups.docker.gid = config.ids.gids.docker; - systemd.packages = [ pkgs.docker ]; + systemd.packages = [ cfg.package ]; systemd.services.docker = { wantedBy = optional cfg.enableOnBoot "multi-user.target"; @@ -142,7 +151,7 @@ in ExecStart = [ "" '' - ${pkgs.docker}/bin/dockerd \ + ${cfg.package}/bin/dockerd \ --group=docker \ --host=fd:// \ --log-driver=${cfg.logDriver} \ @@ -180,7 +189,7 @@ in serviceConfig.Type = "oneshot"; script = '' - ${pkgs.docker}/bin/docker system prune -f ${toString cfg.autoPrune.flags} + ${cfg.package}/bin/docker system prune -f ${toString cfg.autoPrune.flags} ''; startAt = optional cfg.autoPrune.enable cfg.autoPrune.dates; From 380ed98bd793b2f3cbf257b7ef9601770c4f8d48 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Mon, 4 Sep 2017 19:02:44 -0400 Subject: [PATCH 2/2] docker: Add test for docker-edge, check for proper versions in tests --- nixos/release-combined.nix | 2 ++ nixos/release.nix | 1 + nixos/tests/docker-edge.nix | 47 +++++++++++++++++++++++++++++++++++++ nixos/tests/docker.nix | 6 ++++- 4 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 nixos/tests/docker-edge.nix diff --git a/nixos/release-combined.nix b/nixos/release-combined.nix index 54fd4a15ffc..4bf5df293fe 100644 --- a/nixos/release-combined.nix +++ b/nixos/release-combined.nix @@ -81,6 +81,8 @@ in rec { (all nixos.tests.boot.uefiUsb) (all nixos.tests.boot-stage1) nixos.tests.hibernate.x86_64-linux # i686 is flaky, see #23107 + nixos.tests.docker.x86_64-linux + nixos.tests.docker-edge.x86_64-linux (all nixos.tests.ecryptfs) (all nixos.tests.ipv6) (all nixos.tests.i3wm) diff --git a/nixos/release.nix b/nixos/release.nix index ca2a164bb6c..0e56fa28c1a 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -234,6 +234,7 @@ in rec { tests.containers-hosts = callTest tests/containers-hosts.nix {}; tests.containers-macvlans = callTest tests/containers-macvlans.nix {}; tests.docker = hydraJob (import tests/docker.nix { system = "x86_64-linux"; }); + tests.docker-edge = hydraJob (import tests/docker-edge.nix { system = "x86_64-linux"; }); tests.dnscrypt-proxy = callTest tests/dnscrypt-proxy.nix { system = "x86_64-linux"; }; tests.ecryptfs = callTest tests/ecryptfs.nix {}; tests.etcd = hydraJob (import tests/etcd.nix { system = "x86_64-linux"; }); diff --git a/nixos/tests/docker-edge.nix b/nixos/tests/docker-edge.nix new file mode 100644 index 00000000000..38d25daff19 --- /dev/null +++ b/nixos/tests/docker-edge.nix @@ -0,0 +1,47 @@ +# This test runs docker and checks if simple container starts + +import ./make-test.nix ({ pkgs, ...} : { + name = "docker"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ nequissimus offline ]; + }; + + nodes = { + docker = + { config, pkgs, ... }: + { + virtualisation.docker.enable = true; + virtualisation.docker.package = pkgs.docker-edge; + + users.users = { + noprivs = { + isNormalUser = true; + description = "Can't access the docker daemon"; + password = "foobar"; + }; + + hasprivs = { + isNormalUser = true; + description = "Can access the docker daemon"; + password = "foobar"; + extraGroups = [ "docker" ]; + }; + }; + }; + }; + + testScript = '' + startAll; + + $docker->waitForUnit("sockets.target"); + $docker->succeed("tar cv --files-from /dev/null | docker import - scratchimg"); + $docker->succeed("docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"); + $docker->succeed("docker ps | grep sleeping"); + $docker->succeed("sudo -u hasprivs docker ps"); + $docker->fail("sudo -u noprivs docker ps"); + $docker->succeed("docker stop sleeping"); + + # Must match version twice to ensure client and server versions are correct + $docker->succeed('[ $(docker version | grep ${pkgs.docker-edge.version} | wc -l) = "2" ]'); + ''; +}) diff --git a/nixos/tests/docker.nix b/nixos/tests/docker.nix index 9096a5868f6..c6c8f4cdb5f 100644 --- a/nixos/tests/docker.nix +++ b/nixos/tests/docker.nix @@ -3,7 +3,7 @@ import ./make-test.nix ({ pkgs, ...} : { name = "docker"; meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ offline ]; + maintainers = [ nequissimus offline ]; }; nodes = { @@ -11,6 +11,7 @@ import ./make-test.nix ({ pkgs, ...} : { { config, pkgs, ... }: { virtualisation.docker.enable = true; + virtualisation.docker.package = pkgs.docker; users.users = { noprivs = { @@ -39,5 +40,8 @@ import ./make-test.nix ({ pkgs, ...} : { $docker->succeed("sudo -u hasprivs docker ps"); $docker->fail("sudo -u noprivs docker ps"); $docker->succeed("docker stop sleeping"); + + # Must match version twice to ensure client and server versions are correct + $docker->succeed('[ $(docker version | grep ${pkgs.docker.version} | wc -l) = "2" ]'); ''; })