nixos/tests/containers-ip.nix at 21.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / containers-ip.nix
at 21.11-pre 2.5 kB view raw
 1let
 2  webserverFor = hostAddress: localAddress: {
 3    inherit hostAddress localAddress;
 4    privateNetwork = true;
 5    config = {
 6      services.httpd = {
 7        enable = true;
 8        adminAddr = "foo@example.org";
 9      };
10      networking.firewall.allowedTCPPorts = [ 80 ];
11    };
12  };
13
14in import ./make-test-python.nix ({ pkgs, lib, ... }: {
15  name = "containers-ipv4-ipv6";
16  meta = {
17    maintainers = with lib.maintainers; [ aristid aszlig eelco kampfschlaefer ];
18  };
19
20  machine =
21    { pkgs, ... }: {
22      imports = [ ../modules/installer/cd-dvd/channel.nix ];
23      virtualisation = {
24        writableStore = true;
25        memorySize = 768;
26      };
27
28      containers.webserver4 = webserverFor "10.231.136.1" "10.231.136.2";
29      containers.webserver6 = webserverFor "fc00::2" "fc00::1";
30      virtualisation.pathsInNixDB = [ pkgs.stdenv ];
31    };
32
33  testScript = { nodes, ... }: ''
34    import time
35
36
37    def curl_host(ip):
38        # put [] around ipv6 addresses for curl
39        host = ip if ":" not in ip else f"[{ip}]"
40        return f"curl --fail --connect-timeout 2 http://{host}/ > /dev/null"
41
42
43    def get_ip(container):
44        # need to distinguish because show-ip won't work for ipv6
45        if container == "webserver4":
46            ip = machine.succeed(f"nixos-container show-ip {container}").rstrip()
47            assert ip == "${nodes.machine.config.containers.webserver4.localAddress}"
48            return ip
49        return "${nodes.machine.config.containers.webserver6.localAddress}"
50
51
52    for container in "webserver4", "webserver6":
53        assert container in machine.succeed("nixos-container list")
54
55        with subtest(f"Start container {container}"):
56            machine.succeed(f"nixos-container start {container}")
57            # wait 2s for container to start and network to be up
58            time.sleep(2)
59
60        # Since "start" returns after the container has reached
61        # multi-user.target, we should now be able to access it.
62
63        ip = get_ip(container)
64        with subtest(f"{container} reacts to pings and HTTP requests"):
65            machine.succeed(f"ping -n -c1 {ip}")
66            machine.succeed(curl_host(ip))
67
68        with subtest(f"Stop container {container}"):
69            machine.succeed(f"nixos-container stop {container}")
70            machine.fail(curl_host(ip))
71
72        # Destroying a declarative container should fail.
73        machine.fail(f"nixos-container destroy {container}")
74  '';
75})