pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / podman.nix
at 22.05-pre 5.8 kB view raw
1# This test runs podman and checks if simple container starts 2 3import ./make-test-python.nix ( 4 { pkgs, lib, ... }: { 5 name = "podman"; 6 meta = { 7 maintainers = lib.teams.podman.members; 8 }; 9 10 nodes = { 11 podman = 12 { pkgs, ... }: 13 { 14 virtualisation.podman.enable = true; 15 16 # To test docker socket support 17 virtualisation.podman.dockerSocket.enable = true; 18 environment.systemPackages = [ 19 pkgs.docker-client 20 ]; 21 22 users.users.alice = { 23 isNormalUser = true; 24 home = "/home/alice"; 25 description = "Alice Foobar"; 26 extraGroups = [ "podman" ]; 27 }; 28 29 users.users.mallory = { 30 isNormalUser = true; 31 home = "/home/mallory"; 32 description = "Mallory Foobar"; 33 }; 34 35 }; 36 }; 37 38 testScript = '' 39 import shlex 40 41 42 def su_cmd(cmd, user = "alice"): 43 cmd = shlex.quote(cmd) 44 return f"su {user} -l -c {cmd}" 45 46 47 podman.wait_for_unit("sockets.target") 48 start_all() 49 50 with subtest("Run container as root with runc"): 51 podman.succeed("tar cvf scratchimg.tar --files-from /dev/null && podman import scratchimg.tar scratchimg") 52 podman.succeed( 53 "podman run --runtime=runc -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" 54 ) 55 podman.succeed("podman ps | grep sleeping") 56 podman.succeed("podman stop sleeping") 57 podman.succeed("podman rm sleeping") 58 59 with subtest("Run container as root with crun"): 60 podman.succeed("tar cvf scratchimg.tar --files-from /dev/null && podman import scratchimg.tar scratchimg") 61 podman.succeed( 62 "podman run --runtime=crun -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" 63 ) 64 podman.succeed("podman ps | grep sleeping") 65 podman.succeed("podman stop sleeping") 66 podman.succeed("podman rm sleeping") 67 68 with subtest("Run container as root with the default backend"): 69 podman.succeed("tar cvf scratchimg.tar --files-from /dev/null && podman import scratchimg.tar scratchimg") 70 podman.succeed( 71 "podman run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" 72 ) 73 podman.succeed("podman ps | grep sleeping") 74 podman.succeed("podman stop sleeping") 75 podman.succeed("podman rm sleeping") 76 77 # create systemd session for rootless 78 podman.succeed("loginctl enable-linger alice") 79 80 with subtest("Run container rootless with runc"): 81 podman.succeed(su_cmd("tar cvf scratchimg.tar --files-from /dev/null && podman import scratchimg.tar scratchimg")) 82 podman.succeed( 83 su_cmd( 84 "podman run --runtime=runc -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" 85 ) 86 ) 87 podman.succeed(su_cmd("podman ps | grep sleeping")) 88 podman.succeed(su_cmd("podman stop sleeping")) 89 podman.succeed(su_cmd("podman rm sleeping")) 90 91 with subtest("Run container rootless with crun"): 92 podman.succeed(su_cmd("tar cvf scratchimg.tar --files-from /dev/null && podman import scratchimg.tar scratchimg")) 93 podman.succeed( 94 su_cmd( 95 "podman run --runtime=crun -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" 96 ) 97 ) 98 podman.succeed(su_cmd("podman ps | grep sleeping")) 99 podman.succeed(su_cmd("podman stop sleeping")) 100 podman.succeed(su_cmd("podman rm sleeping")) 101 102 with subtest("Run container rootless with the default backend"): 103 podman.succeed(su_cmd("tar cvf scratchimg.tar --files-from /dev/null && podman import scratchimg.tar scratchimg")) 104 podman.succeed( 105 su_cmd( 106 "podman run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" 107 ) 108 ) 109 podman.succeed(su_cmd("podman ps | grep sleeping")) 110 podman.succeed(su_cmd("podman stop sleeping")) 111 podman.succeed(su_cmd("podman rm sleeping")) 112 113 with subtest("Run container with init"): 114 podman.succeed( 115 "tar cvf busybox.tar -C ${pkgs.pkgsStatic.busybox} . && podman import busybox.tar busybox" 116 ) 117 pid = podman.succeed("podman run --rm busybox readlink /proc/self").strip() 118 assert pid == "1" 119 pid = podman.succeed("podman run --rm --init busybox readlink /proc/self").strip() 120 assert pid == "2" 121 122 with subtest("A podman member can use the docker cli"): 123 podman.succeed(su_cmd("docker version")) 124 125 with subtest("Run container via docker cli"): 126 podman.succeed("docker network create default") 127 podman.succeed("tar cvf scratchimg.tar --files-from /dev/null && podman import scratchimg.tar scratchimg") 128 podman.succeed( 129 "docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" 130 ) 131 podman.succeed("docker ps | grep sleeping") 132 podman.succeed("podman ps | grep sleeping") 133 podman.succeed("docker stop sleeping") 134 podman.succeed("docker rm sleeping") 135 podman.succeed("docker network rm default") 136 137 with subtest("A podman non-member can not use the docker cli"): 138 podman.fail(su_cmd("docker version", user="mallory")) 139 140 # TODO: add docker-compose test 141 142 ''; 143 } 144)