nixos/tests/ec2.nix at 21.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / ec2.nix
at 21.11-pre 4.8 kB view raw
  1{ system ? builtins.currentSystem,
  2  config ? {},
  3  pkgs ? import ../.. { inherit system config; }
  4}:
  5
  6with import ../lib/testing-python.nix { inherit system pkgs; };
  7with pkgs.lib;
  8
  9with import common/ec2.nix { inherit makeTest pkgs; };
 10
 11let
 12  imageCfg = (import ../lib/eval-config.nix {
 13    inherit system;
 14    modules = [
 15      ../maintainers/scripts/ec2/amazon-image.nix
 16      ../modules/testing/test-instrumentation.nix
 17      ../modules/profiles/qemu-guest.nix
 18      {
 19        ec2.hvm = true;
 20
 21        # Hack to make the partition resizing work in QEMU.
 22        boot.initrd.postDeviceCommands = mkBefore ''
 23          ln -s vda /dev/xvda
 24          ln -s vda1 /dev/xvda1
 25        '';
 26
 27        # Needed by nixos-rebuild due to the lack of network
 28        # access. Determined by trial and error.
 29        system.extraDependencies = with pkgs; ( [
 30          # Needed for a nixos-rebuild.
 31          busybox
 32          cloud-utils
 33          desktop-file-utils
 34          libxslt.bin
 35          mkinitcpio-nfs-utils
 36          stdenv
 37          stdenvNoCC
 38          texinfo
 39          unionfs-fuse
 40          xorg.lndir
 41
 42          # These are used in the configure-from-userdata tests
 43          # for EC2. Httpd and valgrind are requested by the
 44          # configuration.
 45          apacheHttpd
 46          apacheHttpd.doc
 47          apacheHttpd.man
 48          valgrind.doc
 49        ]);
 50      }
 51    ];
 52  }).config;
 53  image = "${imageCfg.system.build.amazonImage}/${imageCfg.amazonImage.name}.vhd";
 54
 55  sshKeys = import ./ssh-keys.nix pkgs;
 56  snakeOilPrivateKey = sshKeys.snakeOilPrivateKey.text;
 57  snakeOilPrivateKeyFile = pkgs.writeText "private-key" snakeOilPrivateKey;
 58  snakeOilPublicKey = sshKeys.snakeOilPublicKey;
 59
 60in {
 61  boot-ec2-nixops = makeEc2Test {
 62    name         = "nixops-userdata";
 63    inherit image;
 64    sshPublicKey = snakeOilPublicKey; # That's right folks! My user's key is also the host key!
 65
 66    userData = ''
 67      SSH_HOST_ED25519_KEY_PUB:${snakeOilPublicKey}
 68      SSH_HOST_ED25519_KEY:${replaceStrings ["\n"] ["|"] snakeOilPrivateKey}
 69    '';
 70    script = ''
 71      machine.start()
 72      machine.wait_for_file("/etc/ec2-metadata/user-data")
 73      machine.wait_for_unit("sshd.service")
 74
 75      machine.succeed("grep unknown /etc/ec2-metadata/ami-manifest-path")
 76
 77      # We have no keys configured on the client side yet, so this should fail
 78      machine.fail("ssh -o BatchMode=yes localhost exit")
 79
 80      # Let's install our client private key
 81      machine.succeed("mkdir -p ~/.ssh")
 82
 83      machine.copy_from_host_via_shell(
 84          "${snakeOilPrivateKeyFile}", "~/.ssh/id_ed25519"
 85      )
 86      machine.succeed("chmod 600 ~/.ssh/id_ed25519")
 87
 88      # We haven't configured the host key yet, so this should still fail
 89      machine.fail("ssh -o BatchMode=yes localhost exit")
 90
 91      # Add the host key; ssh should finally succeed
 92      machine.succeed(
 93          "echo localhost,127.0.0.1 ${snakeOilPublicKey} > ~/.ssh/known_hosts"
 94      )
 95      machine.succeed("ssh -o BatchMode=yes localhost exit")
 96
 97      # Test whether the root disk was resized.
 98      blocks, block_size = map(int, machine.succeed("stat -c %b:%S -f /").split(":"))
 99      GB = 1024 ** 3
100      assert 9.7 * GB <= blocks * block_size <= 10 * GB
101
102      # Just to make sure resizing is idempotent.
103      machine.shutdown()
104      machine.start()
105      machine.wait_for_file("/etc/ec2-metadata/user-data")
106    '';
107  };
108
109  boot-ec2-config = makeEc2Test {
110    name         = "config-userdata";
111    meta.broken = true; # amazon-init wants to download from the internet while building the system
112    inherit image;
113    sshPublicKey = snakeOilPublicKey;
114
115    # ### https://nixos.org/channels/nixos-unstable nixos
116    userData = ''
117      { pkgs, ... }:
118
119      {
120        imports = [
121          <nixpkgs/nixos/modules/virtualisation/amazon-image.nix>
122          <nixpkgs/nixos/modules/testing/test-instrumentation.nix>
123          <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
124        ];
125        environment.etc.testFile = {
126          text = "whoa";
127        };
128
129        networking.hostName = "ec2-test-vm"; # required by services.httpd
130
131        services.httpd = {
132          enable = true;
133          adminAddr = "test@example.org";
134          virtualHosts.localhost.documentRoot = "''${pkgs.valgrind.doc}/share/doc/valgrind/html";
135        };
136        networking.firewall.allowedTCPPorts = [ 80 ];
137      }
138    '';
139    script = ''
140      machine.start()
141
142      # amazon-init must succeed. if it fails, make the test fail
143      # immediately instead of timing out in wait_for_file.
144      machine.wait_for_unit("amazon-init.service")
145
146      machine.wait_for_file("/etc/testFile")
147      assert "whoa" in machine.succeed("cat /etc/testFile")
148
149      machine.wait_for_unit("httpd.service")
150      assert "Valgrind" in machine.succeed("curl http://localhost")
151    '';
152  };
153}