nixos/tests/containers-extra_veth.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / containers-extra_veth.nix
at 25.11-pre 3.5 kB view raw
  1import ./make-test-python.nix (
  2  { pkgs, lib, ... }:
  3  {
  4    name = "containers-extra_veth";
  5    meta = {
  6      maintainers = with lib.maintainers; [ kampfschlaefer ];
  7    };
  8
  9    nodes.machine =
 10      { pkgs, ... }:
 11      {
 12        imports = [ ../modules/installer/cd-dvd/channel.nix ];
 13        virtualisation.writableStore = true;
 14        virtualisation.vlans = [ ];
 15
 16        networking.useDHCP = false;
 17        networking.bridges = {
 18          br0 = {
 19            interfaces = [ ];
 20          };
 21          br1 = {
 22            interfaces = [ ];
 23          };
 24        };
 25        networking.interfaces = {
 26          br0 = {
 27            ipv4.addresses = [
 28              {
 29                address = "192.168.0.1";
 30                prefixLength = 24;
 31              }
 32            ];
 33            ipv6.addresses = [
 34              {
 35                address = "fc00::1";
 36                prefixLength = 7;
 37              }
 38            ];
 39          };
 40          br1 = {
 41            ipv4.addresses = [
 42              {
 43                address = "192.168.1.1";
 44                prefixLength = 24;
 45              }
 46            ];
 47          };
 48        };
 49
 50        containers.webserver = {
 51          autoStart = true;
 52          privateNetwork = true;
 53          hostBridge = "br0";
 54          localAddress = "192.168.0.100/24";
 55          localAddress6 = "fc00::2/7";
 56          extraVeths = {
 57            veth1 = {
 58              hostBridge = "br1";
 59              localAddress = "192.168.1.100/24";
 60            };
 61            veth2 = {
 62              hostAddress = "192.168.2.1";
 63              localAddress = "192.168.2.100";
 64            };
 65          };
 66          config = {
 67            networking.firewall.allowedTCPPorts = [ 80 ];
 68          };
 69        };
 70
 71        virtualisation.additionalPaths = [ pkgs.stdenv ];
 72      };
 73
 74    testScript = ''
 75      machine.wait_for_unit("default.target")
 76      assert "webserver" in machine.succeed("nixos-container list")
 77
 78      with subtest("Status of the webserver container is up"):
 79          assert "up" in machine.succeed("nixos-container status webserver")
 80
 81      with subtest("Ensure that the veths are inside the container"):
 82          assert "state UP" in machine.succeed(
 83              "nixos-container run webserver -- ip link show veth1"
 84          )
 85          assert "state UP" in machine.succeed(
 86              "nixos-container run webserver -- ip link show veth2"
 87          )
 88
 89      with subtest("Ensure the presence of the extra veths"):
 90          assert "state UP" in machine.succeed("ip link show veth1")
 91          assert "state UP" in machine.succeed("ip link show veth2")
 92
 93      with subtest("Ensure the veth1 is part of br1 on the host"):
 94          assert "master br1" in machine.succeed("ip link show veth1")
 95
 96      with subtest("Ping on main veth"):
 97          machine.succeed("ping -n -c 1 192.168.0.100")
 98          machine.succeed("ping -n -c 1 fc00::2")
 99
100      with subtest("Ping on the first extra veth"):
101          machine.succeed("ping -n -c 1 192.168.1.100 >&2")
102
103      with subtest("Ping on the second extra veth"):
104          machine.succeed("ping -n -c 1 192.168.2.100 >&2")
105
106      with subtest("Container can be stopped"):
107          machine.succeed("nixos-container stop webserver")
108          machine.fail("ping -n -c 1 192.168.1.100 >&2")
109          machine.fail("ping -n -c 1 192.168.2.100 >&2")
110
111      with subtest("Destroying a declarative container should fail"):
112          machine.fail("nixos-container destroy webserver")
113    '';
114  }
115)