nixos/tests/systemd.nix at 21.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / systemd.nix
at 21.11-pre 6.8 kB view raw
  1import ./make-test-python.nix ({ pkgs, ... }: {
  2  name = "systemd";
  3
  4  machine = { lib, ... }: {
  5    imports = [ common/user-account.nix common/x11.nix ];
  6
  7    virtualisation.emptyDiskImages = [ 512 512 ];
  8    virtualisation.memorySize = 1024;
  9
 10    environment.systemPackages = [ pkgs.cryptsetup ];
 11
 12    virtualisation.fileSystems = {
 13      "/test-x-initrd-mount" = {
 14        device = "/dev/vdb";
 15        fsType = "ext2";
 16        autoFormat = true;
 17        noCheck = true;
 18        options = [ "x-initrd.mount" ];
 19      };
 20    };
 21
 22    systemd.extraConfig = "DefaultEnvironment=\"XXX_SYSTEM=foo\"";
 23    systemd.user.extraConfig = "DefaultEnvironment=\"XXX_USER=bar\"";
 24    services.journald.extraConfig = "Storage=volatile";
 25    test-support.displayManager.auto.user = "alice";
 26
 27    systemd.shutdown.test = pkgs.writeScript "test.shutdown" ''
 28      #!${pkgs.runtimeShell}
 29      PATH=${lib.makeBinPath (with pkgs; [ util-linux coreutils ])}
 30      mount -t 9p shared -o trans=virtio,version=9p2000.L /tmp/shared
 31      touch /tmp/shared/shutdown-test
 32      umount /tmp/shared
 33    '';
 34
 35    systemd.services.testservice1 = {
 36      description = "Test Service 1";
 37      wantedBy = [ "multi-user.target" ];
 38      serviceConfig.Type = "oneshot";
 39      script = ''
 40        if [ "$XXX_SYSTEM" = foo ]; then
 41          touch /system_conf_read
 42        fi
 43      '';
 44    };
 45
 46    systemd.user.services.testservice2 = {
 47      description = "Test Service 2";
 48      wantedBy = [ "default.target" ];
 49      serviceConfig.Type = "oneshot";
 50      script = ''
 51        if [ "$XXX_USER" = bar ]; then
 52          touch "$HOME/user_conf_read"
 53        fi
 54      '';
 55    };
 56
 57    systemd.watchdog = {
 58      device = "/dev/watchdog";
 59      runtimeTime = "30s";
 60      rebootTime = "10min";
 61      kexecTime = "5min";
 62    };
 63  };
 64
 65  testScript = ''
 66    import re
 67    import subprocess
 68
 69    machine.wait_for_x()
 70    # wait for user services
 71    machine.wait_for_unit("default.target", "alice")
 72
 73    # Regression test for https://github.com/NixOS/nixpkgs/issues/35415
 74    with subtest("configuration files are recognized by systemd"):
 75        machine.succeed("test -e /system_conf_read")
 76        machine.succeed("test -e /home/alice/user_conf_read")
 77        machine.succeed("test -z $(ls -1 /var/log/journal)")
 78
 79    # Regression test for https://github.com/NixOS/nixpkgs/issues/50273
 80    with subtest("DynamicUser actually allocates a user"):
 81        assert "iamatest" in machine.succeed(
 82            "systemd-run --pty --property=Type=oneshot --property=DynamicUser=yes --property=User=iamatest whoami"
 83        )
 84
 85    with subtest("regression test for https://bugs.freedesktop.org/show_bug.cgi?id=77507"):
 86        retcode, output = machine.execute("systemctl status testservice1.service")
 87        assert retcode in [0, 3]  # https://bugs.freedesktop.org/show_bug.cgi?id=77507
 88
 89    # Regression test for https://github.com/NixOS/nixpkgs/issues/35268
 90    with subtest("file system with x-initrd.mount is not unmounted"):
 91        machine.succeed("mountpoint -q /test-x-initrd-mount")
 92        machine.shutdown()
 93
 94        subprocess.check_call(
 95            [
 96                "qemu-img",
 97                "convert",
 98                "-O",
 99                "raw",
100                "vm-state-machine/empty0.qcow2",
101                "x-initrd-mount.raw",
102            ]
103        )
104        extinfo = subprocess.check_output(
105            [
106                "${pkgs.e2fsprogs}/bin/dumpe2fs",
107                "x-initrd-mount.raw",
108            ]
109        ).decode("utf-8")
110        assert (
111            re.search(r"^Filesystem state: *clean$", extinfo, re.MULTILINE) is not None
112        ), ("File system was not cleanly unmounted: " + extinfo)
113
114    # Regression test for https://github.com/NixOS/nixpkgs/pull/91232
115    with subtest("setting transient hostnames works"):
116        machine.succeed("hostnamectl set-hostname --transient machine-transient")
117        machine.fail("hostnamectl set-hostname machine-all")
118
119    with subtest("systemd-shutdown works"):
120        machine.shutdown()
121        machine.wait_for_unit("multi-user.target")
122        machine.succeed("test -e /tmp/shared/shutdown-test")
123
124    # Test settings from /etc/sysctl.d/50-default.conf are applied
125    with subtest("systemd sysctl settings are applied"):
126        machine.wait_for_unit("multi-user.target")
127        assert "fq_codel" in machine.succeed("sysctl net.core.default_qdisc")
128
129    # Test systemd is configured to manage a watchdog
130    with subtest("systemd manages hardware watchdog"):
131        machine.wait_for_unit("multi-user.target")
132
133        # It seems that the device's path doesn't appear in 'systemctl show' so
134        # check it separately.
135        assert "WatchdogDevice=/dev/watchdog" in machine.succeed(
136            "cat /etc/systemd/system.conf"
137        )
138
139        output = machine.succeed("systemctl show | grep Watchdog")
140        # assert "RuntimeWatchdogUSec=30s" in output
141        # for some reason RuntimeWatchdogUSec, doesn't seem to be updated in here.
142        assert "RebootWatchdogUSec=10min" in output
143        assert "KExecWatchdogUSec=5min" in output
144
145    # Test systemd cryptsetup support
146    with subtest("systemd successfully reads /etc/crypttab and unlocks volumes"):
147        # create a luks volume and put a filesystem on it
148        machine.succeed(
149            "echo -n supersecret | cryptsetup luksFormat -q /dev/vdc -",
150            "echo -n supersecret | cryptsetup luksOpen --key-file - /dev/vdc foo",
151            "mkfs.ext3 /dev/mapper/foo",
152        )
153
154        # create a keyfile and /etc/crypttab
155        machine.succeed("echo -n supersecret > /var/lib/luks-keyfile")
156        machine.succeed("chmod 600 /var/lib/luks-keyfile")
157        machine.succeed("echo 'luks1 /dev/vdc /var/lib/luks-keyfile luks' > /etc/crypttab")
158
159        # after a reboot, systemd should unlock the volume and we should be able to mount it
160        machine.shutdown()
161        machine.succeed("systemctl status systemd-cryptsetup@luks1.service")
162        machine.succeed("mkdir -p /tmp/luks1")
163        machine.succeed("mount /dev/mapper/luks1 /tmp/luks1")
164
165    # Do some IP traffic
166    output_ping = machine.succeed(
167        "systemd-run --wait -- /run/wrappers/bin/ping -c 1 127.0.0.1 2>&1"
168    )
169
170    with subtest("systemd reports accounting data on system.slice"):
171        output = machine.succeed("systemctl status system.slice")
172        assert "CPU:" in output
173        assert "Memory:" in output
174
175        assert "IP:" in output
176        assert "0B in, 0B out" not in output
177
178        assert "IO:" in output
179        assert "0B read, 0B written" not in output
180
181    with subtest("systemd per-unit accounting works"):
182        assert "IP traffic received: 84B" in output_ping
183        assert "IP traffic sent: 84B" in output_ping
184  '';
185})