nixos/tests/containers-extra_veth.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / containers-extra_veth.nix
at master 3.3 kB view raw
  1{ pkgs, lib, ... }:
  2{
  3  name = "containers-extra_veth";
  4  meta = {
  5    maintainers = with lib.maintainers; [ kampfschlaefer ];
  6  };
  7
  8  nodes.machine =
  9    { pkgs, ... }:
 10    {
 11      imports = [ ../modules/installer/cd-dvd/channel.nix ];
 12      virtualisation.writableStore = true;
 13      virtualisation.vlans = [ ];
 14
 15      networking.useDHCP = false;
 16      networking.bridges = {
 17        br0 = {
 18          interfaces = [ ];
 19        };
 20        br1 = {
 21          interfaces = [ ];
 22        };
 23      };
 24      networking.interfaces = {
 25        br0 = {
 26          ipv4.addresses = [
 27            {
 28              address = "192.168.0.1";
 29              prefixLength = 24;
 30            }
 31          ];
 32          ipv6.addresses = [
 33            {
 34              address = "fc00::1";
 35              prefixLength = 7;
 36            }
 37          ];
 38        };
 39        br1 = {
 40          ipv4.addresses = [
 41            {
 42              address = "192.168.1.1";
 43              prefixLength = 24;
 44            }
 45          ];
 46        };
 47      };
 48
 49      containers.webserver = {
 50        autoStart = true;
 51        privateNetwork = true;
 52        hostBridge = "br0";
 53        localAddress = "192.168.0.100/24";
 54        localAddress6 = "fc00::2/7";
 55        extraVeths = {
 56          veth1 = {
 57            hostBridge = "br1";
 58            localAddress = "192.168.1.100/24";
 59          };
 60          veth2 = {
 61            hostAddress = "192.168.2.1";
 62            localAddress = "192.168.2.100";
 63          };
 64        };
 65        config = {
 66          networking.firewall.allowedTCPPorts = [ 80 ];
 67        };
 68      };
 69
 70      virtualisation.additionalPaths = [ pkgs.stdenv ];
 71    };
 72
 73  testScript = ''
 74    machine.wait_for_unit("default.target")
 75    assert "webserver" in machine.succeed("nixos-container list")
 76
 77    with subtest("Status of the webserver container is up"):
 78        assert "up" in machine.succeed("nixos-container status webserver")
 79
 80    with subtest("Ensure that the veths are inside the container"):
 81        assert "state UP" in machine.succeed(
 82            "nixos-container run webserver -- ip link show veth1"
 83        )
 84        assert "state UP" in machine.succeed(
 85            "nixos-container run webserver -- ip link show veth2"
 86        )
 87
 88    with subtest("Ensure the presence of the extra veths"):
 89        assert "state UP" in machine.succeed("ip link show veth1")
 90        assert "state UP" in machine.succeed("ip link show veth2")
 91
 92    with subtest("Ensure the veth1 is part of br1 on the host"):
 93        assert "master br1" in machine.succeed("ip link show veth1")
 94
 95    with subtest("Ping on main veth"):
 96        machine.succeed("ping -n -c 1 192.168.0.100")
 97        machine.succeed("ping -n -c 1 fc00::2")
 98
 99    with subtest("Ping on the first extra veth"):
100        machine.succeed("ping -n -c 1 192.168.1.100 >&2")
101
102    with subtest("Ping on the second extra veth"):
103        machine.succeed("ping -n -c 1 192.168.2.100 >&2")
104
105    with subtest("Container can be stopped"):
106        machine.succeed("nixos-container stop webserver")
107        machine.fail("ping -n -c 1 192.168.1.100 >&2")
108        machine.fail("ping -n -c 1 192.168.2.100 >&2")
109
110    with subtest("Destroying a declarative container should fail"):
111        machine.fail("nixos-container destroy webserver")
112  '';
113}