nixos/tests/web-apps/netbox-upgrade.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / web-apps / netbox-upgrade.nix
at 25.11-pre 3.5 kB view raw
  1import ../make-test-python.nix (
  2  { lib, pkgs, ... }:
  3  let
  4    oldNetbox = "netbox_4_1";
  5    newNetbox = "netbox_4_2";
  6
  7    apiVersion =
  8      version:
  9      lib.pipe version [
 10        (lib.splitString ".")
 11        (lib.take 2)
 12        (lib.concatStringsSep ".")
 13      ];
 14    oldApiVersion = apiVersion pkgs."${oldNetbox}".version;
 15    newApiVersion = apiVersion pkgs."${newNetbox}".version;
 16  in
 17  {
 18    name = "netbox-upgrade";
 19
 20    meta = with lib.maintainers; {
 21      maintainers = [
 22        minijackson
 23        raitobezarius
 24      ];
 25    };
 26
 27    nodes.machine =
 28      { config, pkgs, ... }:
 29      {
 30        virtualisation.memorySize = 2048;
 31        services.netbox = {
 32          enable = true;
 33          # Pick the NetBox package from this config's "pkgs" argument,
 34          # so that `nixpkgs.config.permittedInsecurePackages` works
 35          package = pkgs."${oldNetbox}";
 36          secretKeyFile = pkgs.writeText "secret" ''
 37            abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
 38          '';
 39        };
 40
 41        services.nginx = {
 42          enable = true;
 43
 44          recommendedProxySettings = true;
 45
 46          virtualHosts.netbox = {
 47            default = true;
 48            locations."/".proxyPass = "http://localhost:${toString config.services.netbox.port}";
 49            locations."/static/".alias = "/var/lib/netbox/static/";
 50          };
 51        };
 52
 53        users.users.nginx.extraGroups = [ "netbox" ];
 54
 55        networking.firewall.allowedTCPPorts = [ 80 ];
 56
 57        nixpkgs.config.permittedInsecurePackages = [ pkgs."${oldNetbox}".name ];
 58
 59        specialisation.upgrade.configuration.services.netbox.package = lib.mkForce pkgs."${newNetbox}";
 60      };
 61
 62    testScript =
 63      { nodes, ... }:
 64      ''
 65        start_all()
 66        machine.wait_for_unit("netbox.target")
 67        machine.wait_for_unit("nginx.service")
 68        machine.wait_until_succeeds("journalctl --since -1m --unit netbox --grep Listening")
 69
 70        def api_version(headers):
 71            header = [header for header in headers.splitlines() if header.startswith("API-Version:")][0]
 72            return header.split()[1]
 73
 74        def check_api_version(version):
 75            # Returns 403 with NetBox >= 4.0,
 76            # but we still get the API version in the headers
 77            headers = machine.succeed(
 78              "curl -sSL http://localhost/api/ --head -H 'Content-Type: application/json'"
 79            )
 80            assert api_version(headers) == version
 81
 82        with subtest("NetBox version is the old one"):
 83            check_api_version("${oldApiVersion}")
 84
 85        # Somehow, even though netbox-housekeeping.service has After=netbox.service,
 86        # netbox-housekeeping.service and netbox.service still get started at the
 87        # same time, making netbox-housekeeping fail (can't really do some house
 88        # keeping job if the database is not correctly formed).
 89        #
 90        # So we don't check that the upgrade went well, we just check that
 91        # netbox.service is active, and that netbox-housekeeping can be run
 92        # successfully afterwards.
 93        #
 94        # This is not good UX, but the system should be working nonetheless.
 95        machine.execute("${nodes.machine.system.build.toplevel}/specialisation/upgrade/bin/switch-to-configuration test >&2")
 96
 97        machine.wait_for_unit("netbox.service")
 98        machine.succeed("systemctl start netbox-housekeeping.service")
 99
100        with subtest("NetBox version is the new one"):
101            check_api_version("${newApiVersion}")
102      '';
103  }
104)