nixos/tests/containers-macvlans.nix at 21.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / containers-macvlans.nix
at 21.11-pre 2.3 kB view raw
 1let
 2  # containers IP on VLAN 1
 3  containerIp1 = "192.168.1.253";
 4  containerIp2 = "192.168.1.254";
 5in
 6
 7import ./make-test-python.nix ({ pkgs, lib, ... }: {
 8  name = "containers-macvlans";
 9  meta = {
10    maintainers = with lib.maintainers; [ montag451 ];
11  };
12
13  nodes = {
14
15    machine1 =
16      { lib, ... }:
17      {
18        virtualisation.memorySize = 256;
19        virtualisation.vlans = [ 1 ];
20
21        # To be able to ping containers from the host, it is necessary
22        # to create a macvlan on the host on the VLAN 1 network.
23        networking.macvlans.mv-eth1-host = {
24          interface = "eth1";
25          mode = "bridge";
26        };
27        networking.interfaces.eth1.ipv4.addresses = lib.mkForce [];
28        networking.interfaces.mv-eth1-host = {
29          ipv4.addresses = [ { address = "192.168.1.1"; prefixLength = 24; } ];
30        };
31
32        containers.test1 = {
33          autoStart = true;
34          macvlans = [ "eth1" ];
35
36          config = {
37            networking.interfaces.mv-eth1 = {
38              ipv4.addresses = [ { address = containerIp1; prefixLength = 24; } ];
39            };
40          };
41        };
42
43        containers.test2 = {
44          autoStart = true;
45          macvlans = [ "eth1" ];
46
47          config = {
48            networking.interfaces.mv-eth1 = {
49              ipv4.addresses = [ { address = containerIp2; prefixLength = 24; } ];
50            };
51          };
52        };
53      };
54
55    machine2 =
56      { ... }:
57      {
58        virtualisation.memorySize = 256;
59        virtualisation.vlans = [ 1 ];
60      };
61
62  };
63
64  testScript = ''
65    start_all()
66    machine1.wait_for_unit("default.target")
67    machine2.wait_for_unit("default.target")
68
69    with subtest(
70        "Ping between containers to check that macvlans are created in bridge mode"
71    ):
72        machine1.succeed("nixos-container run test1 -- ping -n -c 1 ${containerIp2}")
73
74    with subtest("Ping containers from the host (machine1)"):
75        machine1.succeed("ping -n -c 1 ${containerIp1}")
76        machine1.succeed("ping -n -c 1 ${containerIp2}")
77
78    with subtest(
79        "Ping containers from the second machine to check that containers are reachable from the outside"
80    ):
81        machine2.succeed("ping -n -c 1 ${containerIp1}")
82        machine2.succeed("ping -n -c 1 ${containerIp2}")
83  '';
84})