nixos/tests/containers-extra_veth.nix at 18.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / containers-extra_veth.nix
at 18.09-beta 3.5 kB view raw
  1# Test for NixOS' container support.
  2
  3import ./make-test.nix ({ pkgs, ...} : {
  4  name = "containers-bridge";
  5  meta = with pkgs.stdenv.lib.maintainers; {
  6    maintainers = [ kampfschlaefer ];
  7  };
  8
  9  machine =
 10    { pkgs, ... }:
 11    { imports = [ ../modules/installer/cd-dvd/channel.nix ];
 12      virtualisation.writableStore = true;
 13      virtualisation.memorySize = 768;
 14      virtualisation.vlans = [];
 15
 16      networking.bridges = {
 17        br0 = {
 18          interfaces = [];
 19        };
 20        br1 = { interfaces = []; };
 21      };
 22      networking.interfaces = {
 23        br0 = {
 24          ipv4.addresses = [{ address = "192.168.0.1"; prefixLength = 24; }];
 25          ipv6.addresses = [{ address = "fc00::1"; prefixLength = 7; }];
 26        };
 27        br1 = {
 28          ipv4.addresses = [{ address = "192.168.1.1"; prefixLength = 24; }];
 29        };
 30      };
 31
 32      containers.webserver =
 33        {
 34          autoStart = true;
 35          privateNetwork = true;
 36          hostBridge = "br0";
 37          localAddress = "192.168.0.100/24";
 38          localAddress6 = "fc00::2/7";
 39          extraVeths = {
 40            veth1 = { hostBridge = "br1"; localAddress = "192.168.1.100/24"; };
 41            veth2 = { hostAddress = "192.168.2.1"; localAddress = "192.168.2.100"; };
 42          };
 43          config =
 44            {
 45              networking.firewall.allowedTCPPorts = [ 80 ];
 46              networking.firewall.allowPing = true;
 47            };
 48        };
 49
 50      virtualisation.pathsInNixDB = [ pkgs.stdenv ];
 51    };
 52
 53  testScript =
 54    ''
 55      $machine->waitForUnit("default.target");
 56      $machine->succeed("nixos-container list") =~ /webserver/ or die;
 57
 58      # Status of the webserver container.
 59      $machine->succeed("nixos-container status webserver") =~ /up/ or die;
 60
 61      # Debug
 62      #$machine->succeed("nixos-container run webserver -- ip link >&2");
 63
 64      # Ensure that the veths are inside the container
 65      $machine->succeed("nixos-container run webserver -- ip link show veth1") =~ /state UP/ or die;
 66      $machine->succeed("nixos-container run webserver -- ip link show veth2") =~ /state UP/ or die;
 67
 68      # Debug
 69      #$machine->succeed("ip link >&2");
 70
 71      # Ensure the presence of the extra veths
 72      $machine->succeed("ip link show veth1") =~ /state UP/ or die;
 73      $machine->succeed("ip link show veth2") =~ /state UP/ or die;
 74
 75      # Ensure the veth1 is part of br1 on the host
 76      $machine->succeed("ip link show veth1") =~ /master br1/ or die;
 77
 78      # Debug
 79      #$machine->succeed("ip -4 a >&2");
 80      #$machine->succeed("ip -4 r >&2");
 81      #$machine->succeed("nixos-container run webserver -- ip link >&2");
 82      #$machine->succeed("nixos-container run webserver -- ip -4 a >&2");
 83      #$machine->succeed("nixos-container run webserver -- ip -4 r >&2");
 84
 85      # Ping on main veth
 86      $machine->succeed("ping -n -c 1 192.168.0.100");
 87      $machine->succeed("ping -n -c 1 fc00::2");
 88
 89      # Ping on the first extra veth
 90      $machine->succeed("ping -n -c 1 192.168.1.100 >&2");
 91
 92      # Ping on the second extra veth
 93      $machine->succeed("ping -n -c 1 192.168.2.100 >&2");
 94
 95      # Stop the container.
 96      $machine->succeed("nixos-container stop webserver");
 97      $machine->fail("ping -n -c 1 192.168.1.100 >&2");
 98      $machine->fail("ping -n -c 1 192.168.2.100 >&2");
 99
100      # Destroying a declarative container should fail.
101      $machine->fail("nixos-container destroy webserver");
102    '';
103})