Merge pull request #74761 from mmilata/containers-python-test

nixosTests.containers*: port rest to python

nixos/tests/all-tests.nix

@@ -57,6 +57,7 @@ in
   containers-ip = handleTest ./containers-ip.nix {};
   containers-macvlans = handleTest ./containers-macvlans.nix {};
   containers-physical_interfaces = handleTest ./containers-physical_interfaces.nix {};
+  containers-portforward = handleTest ./containers-portforward.nix {};
   containers-restart_networking = handleTest ./containers-restart_networking.nix {};
   containers-tmpfs = handleTest ./containers-tmpfs.nix {};
   couchdb = handleTest ./couchdb.nix {};

nixos/tests/containers-extra_veth.nix

@@ -1,7 +1,7 @@
 # Test for NixOS' container support.
 
-import ./make-test.nix ({ pkgs, ...} : {
+import ./make-test-python.nix ({ pkgs, ...} : {
-  name = "containers-bridge";
+  name = "containers-extra_veth";
   meta = with pkgs.stdenv.lib.maintainers; {
     maintainers = [ kampfschlaefer ];
   };
@@ -52,52 +52,43 @@ import ./make-test.nix ({ pkgs, ...} : {
 
   testScript =
     ''
-      $machine->waitForUnit("default.target");
+      machine.wait_for_unit("default.target")
-      $machine->succeed("nixos-container list") =~ /webserver/ or die;
+      assert "webserver" in machine.succeed("nixos-container list")
 
-      # Status of the webserver container.
+      with subtest("Status of the webserver container is up"):
-      $machine->succeed("nixos-container status webserver") =~ /up/ or die;
+          assert "up" in machine.succeed("nixos-container status webserver")
 
-      # Debug
+      with subtest("Ensure that the veths are inside the container"):
-      #$machine->succeed("nixos-container run webserver -- ip link >&2");
+          assert "state UP" in machine.succeed(
+              "nixos-container run webserver -- ip link show veth1"
+          )
+          assert "state UP" in machine.succeed(
+              "nixos-container run webserver -- ip link show veth2"
+          )
 
-      # Ensure that the veths are inside the container
+      with subtest("Ensure the presence of the extra veths"):
-      $machine->succeed("nixos-container run webserver -- ip link show veth1") =~ /state UP/ or die;
+          assert "state UP" in machine.succeed("ip link show veth1")
-      $machine->succeed("nixos-container run webserver -- ip link show veth2") =~ /state UP/ or die;
+          assert "state UP" in machine.succeed("ip link show veth2")
 
-      # Debug
+      with subtest("Ensure the veth1 is part of br1 on the host"):
-      #$machine->succeed("ip link >&2");
+          assert "master br1" in machine.succeed("ip link show veth1")
 
-      # Ensure the presence of the extra veths
+      with subtest("Ping on main veth"):
-      $machine->succeed("ip link show veth1") =~ /state UP/ or die;
+          machine.succeed("ping -n -c 1 192.168.0.100")
-      $machine->succeed("ip link show veth2") =~ /state UP/ or die;
+          machine.succeed("ping -n -c 1 fc00::2")
 
-      # Ensure the veth1 is part of br1 on the host
+      with subtest("Ping on the first extra veth"):
-      $machine->succeed("ip link show veth1") =~ /master br1/ or die;
+          machine.succeed("ping -n -c 1 192.168.1.100 >&2")
 
-      # Debug
+      with subtest("Ping on the second extra veth"):
-      #$machine->succeed("ip -4 a >&2");
+          machine.succeed("ping -n -c 1 192.168.2.100 >&2")
-      #$machine->succeed("ip -4 r >&2");
-      #$machine->succeed("nixos-container run webserver -- ip link >&2");
-      #$machine->succeed("nixos-container run webserver -- ip -4 a >&2");
-      #$machine->succeed("nixos-container run webserver -- ip -4 r >&2");
 
-      # Ping on main veth
+      with subtest("Container can be stopped"):
-      $machine->succeed("ping -n -c 1 192.168.0.100");
+          machine.succeed("nixos-container stop webserver")
-      $machine->succeed("ping -n -c 1 fc00::2");
+          machine.fail("ping -n -c 1 192.168.1.100 >&2")
+          machine.fail("ping -n -c 1 192.168.2.100 >&2")
 
-      # Ping on the first extra veth
+      with subtest("Destroying a declarative container should fail"):
-      $machine->succeed("ping -n -c 1 192.168.1.100 >&2");
+          machine.fail("nixos-container destroy webserver")
-
-      # Ping on the second extra veth
-      $machine->succeed("ping -n -c 1 192.168.2.100 >&2");
-
-      # Stop the container.
-      $machine->succeed("nixos-container stop webserver");
-      $machine->fail("ping -n -c 1 192.168.1.100 >&2");
-      $machine->fail("ping -n -c 1 192.168.2.100 >&2");
-
-      # Destroying a declarative container should fail.
-      $machine->fail("nixos-container destroy webserver");
     '';
 })

nixos/tests/containers-macvlans.nix

@@ -6,7 +6,7 @@ let
   containerIp2 = "192.168.1.254";
 in
 
-import ./make-test.nix ({ pkgs, ...} : {
+import ./make-test-python.nix ({ pkgs, ...} : {
   name = "containers-macvlans";
   meta = with pkgs.stdenv.lib.maintainers; {
     maintainers = [ montag451 ];
@@ -64,19 +64,23 @@ import ./make-test.nix ({ pkgs, ...} : {
   };
 
   testScript = ''
-    startAll;
+    start_all()
-    $machine1->waitForUnit("default.target");
+    machine1.wait_for_unit("default.target")
-    $machine2->waitForUnit("default.target");
+    machine2.wait_for_unit("default.target")
 
-    # Ping between containers to check that macvlans are created in bridge mode
+    with subtest(
-    $machine1->succeed("nixos-container run test1 -- ping -n -c 1 ${containerIp2}");
+        "Ping between containers to check that macvlans are created in bridge mode"
+    ):
+        machine1.succeed("nixos-container run test1 -- ping -n -c 1 ${containerIp2}")
 
-    # Ping containers from the host (machine1)
+    with subtest("Ping containers from the host (machine1)"):
-    $machine1->succeed("ping -n -c 1 ${containerIp1}");
+        machine1.succeed("ping -n -c 1 ${containerIp1}")
-    $machine1->succeed("ping -n -c 1 ${containerIp2}");
+        machine1.succeed("ping -n -c 1 ${containerIp2}")
 
-    # Ping containers from the second machine to check that containers are reachable from the outside
+    with subtest(
-    $machine2->succeed("ping -n -c 1 ${containerIp1}");
+        "Ping containers from the second machine to check that containers are reachable from the outside"
-    $machine2->succeed("ping -n -c 1 ${containerIp2}");
+    ):
+        machine2.succeed("ping -n -c 1 ${containerIp1}")
+        machine2.succeed("ping -n -c 1 ${containerIp2}")
   '';
 })

nixos/tests/containers-physical_interfaces.nix

@@ -1,5 +1,5 @@
 
-import ./make-test.nix ({ pkgs, ...} : {
+import ./make-test-python.nix ({ pkgs, ...} : {
   name = "containers-physical_interfaces";
   meta = with pkgs.stdenv.lib.maintainers; {
     maintainers = [ kampfschlaefer ];
@@ -86,48 +86,51 @@ import ./make-test.nix ({ pkgs, ...} : {
   };
 
   testScript = ''
-    startAll;
+    start_all()
 
-    subtest "prepare server", sub {
+    with subtest("Prepare server"):
-      $server->waitForUnit("default.target");
+        server.wait_for_unit("default.target")
-      $server->succeed("ip link show dev eth1 >&2");
+        server.succeed("ip link show dev eth1 >&2")
-    };
 
-    subtest "simple physical interface", sub {
+    with subtest("Simple physical interface is up"):
-      $server->succeed("nixos-container start server");
+        server.succeed("nixos-container start server")
-      $server->waitForUnit("container\@server");
+        server.wait_for_unit("container@server")
-      $server->succeed("systemctl -M server list-dependencies network-addresses-eth1.service >&2");
+        server.succeed(
+            "systemctl -M server list-dependencies network-addresses-eth1.service >&2"
+        )
 
-      # The other tests will ping this container on its ip. Here we just check
+        # The other tests will ping this container on its ip. Here we just check
-      # that the device is present in the container.
+        # that the device is present in the container.
-      $server->succeed("nixos-container run server -- ip a show dev eth1 >&2");
+        server.succeed("nixos-container run server -- ip a show dev eth1 >&2")
-    };
 
-    subtest "physical device in bridge in container", sub {
+    with subtest("Physical device in bridge in container can ping server"):
-      $bridged->waitForUnit("default.target");
+        bridged.wait_for_unit("default.target")
-      $bridged->succeed("nixos-container start bridged");
+        bridged.succeed("nixos-container start bridged")
-      $bridged->waitForUnit("container\@bridged");
+        bridged.wait_for_unit("container@bridged")
-      $bridged->succeed("systemctl -M bridged list-dependencies network-addresses-br0.service >&2");
+        bridged.succeed(
-      $bridged->succeed("systemctl -M bridged status -n 30 -l network-addresses-br0.service");
+            "systemctl -M bridged list-dependencies network-addresses-br0.service >&2",
-      $bridged->succeed("nixos-container run bridged -- ping -w 10 -c 1 -n 10.10.0.1");
+            "systemctl -M bridged status -n 30 -l network-addresses-br0.service",
-    };
+            "nixos-container run bridged -- ping -w 10 -c 1 -n 10.10.0.1",
+        )
 
-    subtest "physical device in bond in container", sub {
+    with subtest("Physical device in bond in container can ping server"):
-      $bonded->waitForUnit("default.target");
+        bonded.wait_for_unit("default.target")
-      $bonded->succeed("nixos-container start bonded");
+        bonded.succeed("nixos-container start bonded")
-      $bonded->waitForUnit("container\@bonded");
+        bonded.wait_for_unit("container@bonded")
-      $bonded->succeed("systemctl -M bonded list-dependencies network-addresses-bond0 >&2");
+        bonded.succeed(
-      $bonded->succeed("systemctl -M bonded status -n 30 -l network-addresses-bond0 >&2");
+            "systemctl -M bonded list-dependencies network-addresses-bond0 >&2",
-      $bonded->succeed("nixos-container run bonded -- ping -w 10 -c 1 -n 10.10.0.1");
+            "systemctl -M bonded status -n 30 -l network-addresses-bond0 >&2",
-    };
+            "nixos-container run bonded -- ping -w 10 -c 1 -n 10.10.0.1",
+        )
 
-    subtest "physical device in bond in bridge in container", sub {
+    with subtest("Physical device in bond in bridge in container can ping server"):
-      $bridgedbond->waitForUnit("default.target");
+        bridgedbond.wait_for_unit("default.target")
-      $bridgedbond->succeed("nixos-container start bridgedbond");
+        bridgedbond.succeed("nixos-container start bridgedbond")
-      $bridgedbond->waitForUnit("container\@bridgedbond");
+        bridgedbond.wait_for_unit("container@bridgedbond")
-      $bridgedbond->succeed("systemctl -M bridgedbond list-dependencies network-addresses-br0.service >&2");
+        bridgedbond.succeed(
-      $bridgedbond->succeed("systemctl -M bridgedbond status -n 30 -l network-addresses-br0.service");
+            "systemctl -M bridgedbond list-dependencies network-addresses-br0.service >&2",
-      $bridgedbond->succeed("nixos-container run bridgedbond -- ping -w 10 -c 1 -n 10.10.0.1");
+            "systemctl -M bridgedbond status -n 30 -l network-addresses-br0.service",
-    };
+            "nixos-container run bridgedbond -- ping -w 10 -c 1 -n 10.10.0.1",
+        )
   '';
 })

nixos/tests/containers-portforward.nix

@@ -7,7 +7,7 @@ let
   containerPort = 80;
 in 
 
-import ./make-test.nix ({ pkgs, ...} : {
+import ./make-test-python.nix ({ pkgs, ...} : {
   name = "containers-portforward";
   meta = with pkgs.stdenv.lib.maintainers; {
     maintainers = [ aristid aszlig eelco kampfschlaefer ianwookim ];
@@ -36,27 +36,27 @@ import ./make-test.nix ({ pkgs, ...} : {
 
   testScript =
     ''
-      $machine->succeed("nixos-container list") =~ /webserver/ or die;
+      container_list = machine.succeed("nixos-container list")
+      assert "webserver" in container_list
 
       # Start the webserver container.
-      $machine->succeed("nixos-container start webserver");
+      machine.succeed("nixos-container start webserver")
 
       # wait two seconds for the container to start and the network to be up
-      sleep 2;
+      machine.sleep(2)
 
       # Since "start" returns after the container has reached
       # multi-user.target, we should now be able to access it.
-      #my $ip = $machine->succeed("nixos-container show-ip webserver");
+      # ip = machine.succeed("nixos-container show-ip webserver").strip()
-      #chomp $ip;
+      machine.succeed("ping -n -c1 ${hostIp}")
-      $machine->succeed("ping -n -c1 ${hostIp}");
+      machine.succeed("curl --fail http://${hostIp}:${toString hostPort}/ > /dev/null")
-      $machine->succeed("curl --fail http://${hostIp}:${toString hostPort}/ > /dev/null");
 
       # Stop the container.
-      $machine->succeed("nixos-container stop webserver");
+      machine.succeed("nixos-container stop webserver")
-      $machine->fail("curl --fail --connect-timeout 2 http://${hostIp}:${toString hostPort}/ > /dev/null");
+      machine.fail("curl --fail --connect-timeout 2 http://${hostIp}:${toString hostPort}/ > /dev/null")
 
       # Destroying a declarative container should fail.
-      $machine->fail("nixos-container destroy webserver");
+      machine.fail("nixos-container destroy webserver")
     '';
 
 })

nixos/tests/containers-restart_networking.nix

@@ -16,7 +16,7 @@ let
       };
     };
   };
-in import ./make-test.nix ({ pkgs, ...} :
+in import ./make-test-python.nix ({ pkgs, ...} :
 {
   name = "containers-restart_networking";
   meta = with pkgs.stdenv.lib.maintainers; {
@@ -64,50 +64,52 @@ in import ./make-test.nix ({ pkgs, ...} :
     eth1_bridged = nodes.client_eth1.config.system.build.toplevel;
     eth1_rstp = nodes.client_eth1_rstp.config.system.build.toplevel;
   in ''
-    $client->start();
+    client.start()
 
-    $client->waitForUnit("default.target");
+    client.wait_for_unit("default.target")
 
-    subtest "initial state", sub {
+    with subtest("Initial configuration connectivity check"):
-      $client->succeed("ping 192.168.1.122 -c 1 -n >&2");
+        client.succeed("ping 192.168.1.122 -c 1 -n >&2")
-      $client->succeed("nixos-container run webserver -- ping -c 1 -n 192.168.1.1 >&2");
+        client.succeed("nixos-container run webserver -- ping -c 1 -n 192.168.1.1 >&2")
 
-      $client->fail("ip l show eth1 |grep \"master br0\" >&2");
+        client.fail("ip l show eth1 |grep 'master br0' >&2")
-      $client->fail("grep eth1 /run/br0.interfaces >&2");
+        client.fail("grep eth1 /run/br0.interfaces >&2")
-    };
 
-    subtest "interfaces without stp", sub {
+    with subtest("Bridged configuration without STP preserves connectivity"):
-      $client->succeed("${eth1_bridged}/bin/switch-to-configuration test >&2");
+        client.succeed(
+            "${eth1_bridged}/bin/switch-to-configuration test >&2"
+        )
 
-      $client->succeed("ping 192.168.1.122 -c 1 -n >&2");
+        client.succeed(
-      $client->succeed("nixos-container run webserver -- ping -c 1 -n 192.168.1.2 >&2");
+            "ping 192.168.1.122 -c 1 -n >&2",
+            "nixos-container run webserver -- ping -c 1 -n 192.168.1.2 >&2",
+            "ip l show eth1 |grep 'master br0' >&2",
+            "grep eth1 /run/br0.interfaces >&2",
+        )
 
-      $client->succeed("ip l show eth1 |grep \"master br0\" >&2");
+    #  activating rstp needs another service, therefore the bridge will restart and the container will lose its connectivity
-      $client->succeed("grep eth1 /run/br0.interfaces >&2");
+    # with subtest("Bridged configuration with STP"):
-    };
+    #     client.succeed("${eth1_rstp}/bin/switch-to-configuration test >&2")
-
+    #     client.execute("ip -4 a >&2")
-    # activating rstp needs another service, therefor the bridge will restart and the container will loose its connectivity
+    #     client.execute("ip l >&2")
-    #subtest "interfaces with rstp", sub {
-    #  $client->succeed("${eth1_rstp}/bin/switch-to-configuration test >&2");
-    #  $client->execute("ip -4 a >&2");
-    #  $client->execute("ip l >&2");
     #
-    #  $client->succeed("ping 192.168.1.122 -c 1 -n >&2");
+    #     client.succeed(
-    #  $client->succeed("nixos-container run webserver -- ping -c 1 -n 192.168.1.2 >&2");
+    #         "ping 192.168.1.122 -c 1 -n >&2",
-    #
+    #         "nixos-container run webserver -- ping -c 1 -n 192.168.1.2 >&2",
-    #  $client->succeed("ip l show eth1 |grep \"master br0\" >&2");
+    #         "ip l show eth1 |grep 'master br0' >&2",
-    #  $client->succeed("grep eth1 /run/br0.interfaces >&2");
+    #         "grep eth1 /run/br0.interfaces >&2",
-    #};
+    #     )
 
-    subtest "back to no interfaces and no stp", sub {
+    with subtest("Reverting to initial configuration preserves connectivity"):
-      $client->succeed("${originalSystem}/bin/switch-to-configuration test >&2");
+        client.succeed(
+            "${originalSystem}/bin/switch-to-configuration test >&2"
+        )
 
-      $client->succeed("ping 192.168.1.122 -c 1 -n >&2");
+        client.succeed("ping 192.168.1.122 -c 1 -n >&2")
-      $client->succeed("nixos-container run webserver -- ping -c 1 -n 192.168.1.1 >&2");
+        client.succeed("nixos-container run webserver -- ping -c 1 -n 192.168.1.1 >&2")
 
-      $client->fail("ip l show eth1 |grep \"master br0\" >&2");
+        client.fail("ip l show eth1 |grep 'master br0' >&2")
-      $client->fail("grep eth1 /run/br0.interfaces >&2");
+        client.fail("grep eth1 /run/br0.interfaces >&2")
-    };
   '';
 
 })