pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / podman / default.nix
at 23.05-pre 5.6 kB view raw
1import ../make-test-python.nix ( 2 { pkgs, lib, ... }: { 3 name = "podman"; 4 meta = { 5 maintainers = lib.teams.podman.members; 6 }; 7 8 nodes = { 9 podman = { pkgs, ... }: { 10 virtualisation.podman.enable = true; 11 12 users.users.alice = { 13 isNormalUser = true; 14 }; 15 }; 16 docker = { pkgs, ... }: { 17 virtualisation.podman.enable = true; 18 19 virtualisation.podman.dockerSocket.enable = true; 20 21 environment.systemPackages = [ 22 pkgs.docker-client 23 ]; 24 25 users.users.alice = { 26 isNormalUser = true; 27 extraGroups = [ "podman" ]; 28 }; 29 30 users.users.mallory = { 31 isNormalUser = true; 32 }; 33 }; 34 }; 35 36 testScript = '' 37 import shlex 38 39 40 def su_cmd(cmd, user = "alice"): 41 cmd = shlex.quote(cmd) 42 return f"su {user} -l -c {cmd}" 43 44 45 podman.wait_for_unit("sockets.target") 46 docker.wait_for_unit("sockets.target") 47 start_all() 48 49 with subtest("Run container as root with runc"): 50 podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg") 51 podman.succeed( 52 "podman run --runtime=runc -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" 53 ) 54 podman.succeed("podman ps | grep sleeping") 55 podman.succeed("podman stop sleeping") 56 podman.succeed("podman rm sleeping") 57 58 with subtest("Run container as root with crun"): 59 podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg") 60 podman.succeed( 61 "podman run --runtime=crun -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" 62 ) 63 podman.succeed("podman ps | grep sleeping") 64 podman.succeed("podman stop sleeping") 65 podman.succeed("podman rm sleeping") 66 67 with subtest("Run container as root with the default backend"): 68 podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg") 69 podman.succeed( 70 "podman run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" 71 ) 72 podman.succeed("podman ps | grep sleeping") 73 podman.succeed("podman stop sleeping") 74 podman.succeed("podman rm sleeping") 75 76 # start systemd session for rootless 77 podman.succeed("loginctl enable-linger alice") 78 podman.succeed(su_cmd("whoami")) 79 podman.sleep(1) 80 81 with subtest("Run container rootless with runc"): 82 podman.succeed(su_cmd("tar cv --files-from /dev/null | podman import - scratchimg")) 83 podman.succeed( 84 su_cmd( 85 "podman run --runtime=runc -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" 86 ) 87 ) 88 podman.succeed(su_cmd("podman ps | grep sleeping")) 89 podman.succeed(su_cmd("podman stop sleeping")) 90 podman.succeed(su_cmd("podman rm sleeping")) 91 92 with subtest("Run container rootless with crun"): 93 podman.succeed(su_cmd("tar cv --files-from /dev/null | podman import - scratchimg")) 94 podman.succeed( 95 su_cmd( 96 "podman run --runtime=crun -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" 97 ) 98 ) 99 podman.succeed(su_cmd("podman ps | grep sleeping")) 100 podman.succeed(su_cmd("podman stop sleeping")) 101 podman.succeed(su_cmd("podman rm sleeping")) 102 103 with subtest("Run container rootless with the default backend"): 104 podman.succeed(su_cmd("tar cv --files-from /dev/null | podman import - scratchimg")) 105 podman.succeed( 106 su_cmd( 107 "podman run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" 108 ) 109 ) 110 podman.succeed(su_cmd("podman ps | grep sleeping")) 111 podman.succeed(su_cmd("podman stop sleeping")) 112 podman.succeed(su_cmd("podman rm sleeping")) 113 114 with subtest("Run container with init"): 115 podman.succeed( 116 "tar cv -C ${pkgs.pkgsStatic.busybox} . | podman import - busybox" 117 ) 118 pid = podman.succeed("podman run --rm busybox readlink /proc/self").strip() 119 assert pid == "1" 120 pid = podman.succeed("podman run --rm --init busybox readlink /proc/self").strip() 121 assert pid == "2" 122 123 with subtest("A podman member can use the docker cli"): 124 docker.succeed(su_cmd("docker version")) 125 126 with subtest("Run container via docker cli"): 127 docker.succeed("docker network create default") 128 docker.succeed("tar cv --files-from /dev/null | podman import - scratchimg") 129 docker.succeed( 130 "docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin localhost/scratchimg /bin/sleep 10" 131 ) 132 docker.succeed("docker ps | grep sleeping") 133 docker.succeed("podman ps | grep sleeping") 134 docker.succeed("docker stop sleeping") 135 docker.succeed("docker rm sleeping") 136 docker.succeed("docker network rm default") 137 138 with subtest("A podman non-member can not use the docker cli"): 139 docker.fail(su_cmd("docker version", user="mallory")) 140 141 # TODO: add docker-compose test 142 143 ''; 144 } 145)