nixos/tests/containers-ip.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / containers-ip.nix
at 25.11-pre 2.6 kB view raw
 1let
 2  webserverFor = hostAddress: localAddress: {
 3    inherit hostAddress localAddress;
 4    privateNetwork = true;
 5    config = {
 6      services.httpd = {
 7        enable = true;
 8        adminAddr = "foo@example.org";
 9      };
10      networking.firewall.allowedTCPPorts = [ 80 ];
11    };
12  };
13
14in
15import ./make-test-python.nix (
16  { pkgs, lib, ... }:
17  {
18    name = "containers-ipv4-ipv6";
19    meta = {
20      maintainers = with lib.maintainers; [
21        aristid
22        aszlig
23        kampfschlaefer
24      ];
25    };
26
27    nodes.machine =
28      { pkgs, ... }:
29      {
30        virtualisation.writableStore = true;
31
32        containers.webserver4 = webserverFor "10.231.136.1" "10.231.136.2";
33        containers.webserver6 = webserverFor "fc00::2" "fc00::1";
34        virtualisation.additionalPaths = [ pkgs.stdenv ];
35      };
36
37    testScript =
38      { nodes, ... }:
39      ''
40        import time
41
42
43        def curl_host(ip):
44            # put [] around ipv6 addresses for curl
45            host = ip if ":" not in ip else f"[{ip}]"
46            return f"curl --fail --connect-timeout 2 http://{host}/ > /dev/null"
47
48
49        def get_ip(container):
50            # need to distinguish because show-ip won't work for ipv6
51            if container == "webserver4":
52                ip = machine.succeed(f"nixos-container show-ip {container}").rstrip()
53                assert ip == "${nodes.machine.config.containers.webserver4.localAddress}"
54                return ip
55            return "${nodes.machine.config.containers.webserver6.localAddress}"
56
57
58        for container in "webserver4", "webserver6":
59            assert container in machine.succeed("nixos-container list")
60
61            with subtest(f"Start container {container}"):
62                machine.succeed(f"nixos-container start {container}")
63                # wait 2s for container to start and network to be up
64                time.sleep(2)
65
66            # Since "start" returns after the container has reached
67            # multi-user.target, we should now be able to access it.
68
69            ip = get_ip(container)
70            with subtest(f"{container} reacts to pings and HTTP requests"):
71                machine.succeed(f"ping -n -c1 {ip}")
72                machine.succeed(curl_host(ip))
73
74            with subtest(f"Stop container {container}"):
75                machine.succeed(f"nixos-container stop {container}")
76                machine.fail(curl_host(ip))
77
78            # Destroying a declarative container should fail.
79            machine.fail(f"nixos-container destroy {container}")
80      '';
81  }
82)