nixos/tests/containers-macvlans.nix at 18.03-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / containers-macvlans.nix
at 18.03-beta 2.3 kB view raw
 1# Test for NixOS' container support.
 2
 3let
 4  # containers IP on VLAN 1
 5  containerIp1 = "192.168.1.253";
 6  containerIp2 = "192.168.1.254";
 7in
 8
 9import ./make-test.nix ({ pkgs, ...} : {
10  name = "containers-macvlans";
11  meta = with pkgs.stdenv.lib.maintainers; {
12    maintainers = [ montag451 ];
13  };
14
15  nodes = {
16
17    machine1 =
18      { config, pkgs, lib, ... }:
19      {
20        virtualisation.memorySize = 256;
21        virtualisation.vlans = [ 1 ];
22
23        # To be able to ping containers from the host, it is necessary
24        # to create a macvlan on the host on the VLAN 1 network.
25        networking.macvlans.mv-eth1-host = {
26          interface = "eth1";
27          mode = "bridge";
28        };
29        networking.interfaces.eth1.ipv4.addresses = lib.mkForce [];
30        networking.interfaces.mv-eth1-host = {
31          ipv4.addresses = [ { address = "192.168.1.1"; prefixLength = 24; } ];
32        };
33
34        containers.test1 = {
35          autoStart = true;
36          macvlans = [ "eth1" ];
37
38          config = {
39            networking.interfaces.mv-eth1 = {
40              ipv4.addresses = [ { address = containerIp1; prefixLength = 24; } ];
41            };
42          };
43        };
44
45        containers.test2 = {
46          autoStart = true;
47          macvlans = [ "eth1" ];
48
49          config = {
50            networking.interfaces.mv-eth1 = {
51              ipv4.addresses = [ { address = containerIp2; prefixLength = 24; } ];
52            };
53          };
54        };
55      };
56
57    machine2 =
58      { config, pkgs, ... }:
59      {
60        virtualisation.memorySize = 256;
61        virtualisation.vlans = [ 1 ];
62      };
63
64  };
65
66  testScript = ''
67    startAll;
68    $machine1->waitForUnit("default.target");
69    $machine2->waitForUnit("default.target");
70
71    # Ping between containers to check that macvlans are created in bridge mode
72    $machine1->succeed("nixos-container run test1 -- ping -n -c 1 ${containerIp2}");
73
74    # Ping containers from the host (machine1)
75    $machine1->succeed("ping -n -c 1 ${containerIp1}");
76    $machine1->succeed("ping -n -c 1 ${containerIp2}");
77
78    # Ping containers from the second machine to check that containers are reachable from the outside
79    $machine2->succeed("ping -n -c 1 ${containerIp1}");
80    $machine2->succeed("ping -n -c 1 ${containerIp2}");
81  '';
82})