pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / systemd.nix
at 24.11-pre 8.2 kB view raw
1import ./make-test-python.nix ({ pkgs, ... }: { 2 name = "systemd"; 3 4 nodes.machine = { config, lib, ... }: { 5 imports = [ common/user-account.nix common/x11.nix ]; 6 7 virtualisation.emptyDiskImages = [ 512 512 ]; 8 9 environment.systemPackages = [ pkgs.cryptsetup ]; 10 11 virtualisation.fileSystems = { 12 "/test-x-initrd-mount" = { 13 device = "/dev/vdb"; 14 fsType = "ext2"; 15 autoFormat = true; 16 noCheck = true; 17 options = [ "x-initrd.mount" ]; 18 }; 19 }; 20 21 systemd.extraConfig = "DefaultEnvironment=\"XXX_SYSTEM=foo\""; 22 systemd.user.extraConfig = "DefaultEnvironment=\"XXX_USER=bar\""; 23 services.journald.extraConfig = "Storage=volatile"; 24 test-support.displayManager.auto.user = "alice"; 25 26 systemd.shutdown.test = pkgs.writeScript "test.shutdown" '' 27 #!${pkgs.runtimeShell} 28 PATH=${lib.makeBinPath (with pkgs; [ util-linux coreutils ])} 29 mount -t 9p shared -o trans=virtio,version=9p2000.L /tmp/shared 30 touch /tmp/shared/shutdown-test 31 umount /tmp/shared 32 ''; 33 34 systemd.services.oncalendar-test = { 35 description = "calendar test"; 36 # Japan does not have DST which makes the test a little bit simpler 37 startAt = "Wed 10:00 Asia/Tokyo"; 38 script = "true"; 39 }; 40 41 systemd.services.testDependency1 = { 42 description = "Test Dependency 1"; 43 wantedBy = [ config.systemd.services."testservice1".name ]; 44 serviceConfig.Type = "oneshot"; 45 script = '' 46 true 47 ''; 48 }; 49 50 systemd.services.testservice1 = { 51 description = "Test Service 1"; 52 wantedBy = [ config.systemd.targets.multi-user.name ]; 53 serviceConfig.Type = "oneshot"; 54 script = '' 55 if [ "$XXX_SYSTEM" = foo ]; then 56 touch /system_conf_read 57 fi 58 ''; 59 }; 60 61 systemd.user.services.testservice2 = { 62 description = "Test Service 2"; 63 wantedBy = [ "default.target" ]; 64 serviceConfig.Type = "oneshot"; 65 script = '' 66 if [ "$XXX_USER" = bar ]; then 67 touch "$HOME/user_conf_read" 68 fi 69 ''; 70 }; 71 72 systemd.watchdog = { 73 device = "/dev/watchdog"; 74 runtimeTime = "30s"; 75 rebootTime = "10min"; 76 kexecTime = "5min"; 77 }; 78 }; 79 80 testScript = '' 81 import re 82 import subprocess 83 84 machine.wait_for_x() 85 # wait for user services 86 machine.wait_for_unit("default.target", "alice") 87 88 with subtest("systemctl edit suggests --runtime"): 89 # --runtime is suggested when using `systemctl edit` 90 ret, out = machine.execute("systemctl edit testservice1.service 2>&1") 91 assert ret == 1 92 assert out.rstrip("\n") == "The unit-directory '/etc/systemd/system' is read-only on NixOS, so it's not possible to edit system-units directly. Use 'systemctl edit --runtime' instead." 93 # editing w/o `--runtime` is possible for user-services, however 94 # it's not possible because we're not in a tty when grepping 95 # (i.e. hacky way to ensure that the error from above doesn't appear here). 96 _, out = machine.execute("systemctl --user edit testservice2.service 2>&1") 97 assert out.rstrip("\n") == "Cannot edit units if not on a tty." 98 99 # Regression test for https://github.com/NixOS/nixpkgs/issues/105049 100 with subtest("systemd reads timezone database in /etc/zoneinfo"): 101 timer = machine.succeed("TZ=UTC systemctl show --property=TimersCalendar oncalendar-test.timer") 102 assert re.search("next_elapse=Wed ....-..-.. 01:00:00 UTC", timer), f"got {timer.strip()}" 103 104 # Regression test for https://github.com/NixOS/nixpkgs/issues/35415 105 with subtest("configuration files are recognized by systemd"): 106 machine.succeed("test -e /system_conf_read") 107 machine.succeed("test -e /home/alice/user_conf_read") 108 machine.succeed("test -z $(ls -1 /var/log/journal)") 109 110 with subtest("regression test for https://bugs.freedesktop.org/show_bug.cgi?id=77507"): 111 retcode, output = machine.execute("systemctl status testservice1.service") 112 assert retcode in [0, 3] # https://bugs.freedesktop.org/show_bug.cgi?id=77507 113 114 # Regression test for https://github.com/NixOS/nixpkgs/issues/35268 115 with subtest("file system with x-initrd.mount is not unmounted"): 116 machine.succeed("mountpoint -q /test-x-initrd-mount") 117 machine.shutdown() 118 119 subprocess.check_call( 120 [ 121 "qemu-img", 122 "convert", 123 "-O", 124 "raw", 125 "vm-state-machine/empty0.qcow2", 126 "x-initrd-mount.raw", 127 ] 128 ) 129 extinfo = subprocess.check_output( 130 [ 131 "${pkgs.e2fsprogs}/bin/dumpe2fs", 132 "x-initrd-mount.raw", 133 ] 134 ).decode("utf-8") 135 assert ( 136 re.search(r"^Filesystem state: *clean$", extinfo, re.MULTILINE) is not None 137 ), ("File system was not cleanly unmounted: " + extinfo) 138 139 # Regression test for https://github.com/NixOS/nixpkgs/pull/91232 140 with subtest("setting transient hostnames works"): 141 machine.succeed("hostnamectl set-hostname --transient machine-transient") 142 machine.fail("hostnamectl set-hostname machine-all") 143 144 with subtest("systemd-shutdown works"): 145 machine.shutdown() 146 machine.wait_for_unit("multi-user.target") 147 machine.succeed("test -e /tmp/shared/shutdown-test") 148 149 # Test settings from /etc/sysctl.d/50-default.conf are applied 150 with subtest("systemd sysctl settings are applied"): 151 machine.wait_for_unit("multi-user.target") 152 assert "fq_codel" in machine.succeed("sysctl net.core.default_qdisc") 153 154 # Test systemd is configured to manage a watchdog 155 with subtest("systemd manages hardware watchdog"): 156 machine.wait_for_unit("multi-user.target") 157 158 # It seems that the device's path doesn't appear in 'systemctl show' so 159 # check it separately. 160 assert "WatchdogDevice=/dev/watchdog" in machine.succeed( 161 "cat /etc/systemd/system.conf" 162 ) 163 164 output = machine.succeed("systemctl show | grep Watchdog") 165 # assert "RuntimeWatchdogUSec=30s" in output 166 # for some reason RuntimeWatchdogUSec, doesn't seem to be updated in here. 167 assert "RebootWatchdogUSec=10min" in output 168 assert "KExecWatchdogUSec=5min" in output 169 170 # Test systemd cryptsetup support 171 with subtest("systemd successfully reads /etc/crypttab and unlocks volumes"): 172 # create a luks volume and put a filesystem on it 173 machine.succeed( 174 "echo -n supersecret | cryptsetup luksFormat -q /dev/vdc -", 175 "echo -n supersecret | cryptsetup luksOpen --key-file - /dev/vdc foo", 176 "mkfs.ext3 /dev/mapper/foo", 177 ) 178 179 # create a keyfile and /etc/crypttab 180 machine.succeed("echo -n supersecret > /var/lib/luks-keyfile") 181 machine.succeed("chmod 600 /var/lib/luks-keyfile") 182 machine.succeed("echo 'luks1 /dev/vdc /var/lib/luks-keyfile luks' > /etc/crypttab") 183 184 # after a reboot, systemd should unlock the volume and we should be able to mount it 185 machine.shutdown() 186 machine.succeed("systemctl status systemd-cryptsetup@luks1.service") 187 machine.succeed("mkdir -p /tmp/luks1") 188 machine.succeed("mount /dev/mapper/luks1 /tmp/luks1") 189 190 # Do some IP traffic 191 output_ping = machine.succeed( 192 "systemd-run --wait -- ping -c 1 127.0.0.1 2>&1" 193 ) 194 195 with subtest("systemd reports accounting data on system.slice"): 196 output = machine.succeed("systemctl status system.slice") 197 assert "CPU:" in output 198 assert "Memory:" in output 199 200 assert "IP:" in output 201 assert "0B in, 0B out" not in output 202 203 assert "IO:" in output 204 assert "0B read, 0B written" not in output 205 206 with subtest("systemd per-unit accounting works"): 207 assert "IP traffic received: 84B" in output_ping 208 assert "IP traffic sent: 84B" in output_ping 209 210 with subtest("systemd environment is properly set"): 211 machine.systemctl("daemon-reexec") # Rewrites /proc/1/environ 212 machine.succeed("grep -q TZDIR=/etc/zoneinfo /proc/1/environ") 213 ''; 214})