···

       
829
       
829
       
 
       
  systemd-initrd-networkd-openvpn = handleTest ./initrd-network-openvpn { systemdStage1 = true; };

     

       
830
       
830
       
 
       
  systemd-initrd-vlan = handleTest ./systemd-initrd-vlan.nix {};

     

       
831
       
831
       
 
       
  systemd-journal = handleTest ./systemd-journal.nix {};

     

       
832
       
832
       
+
       
  systemd-journal-gateway = handleTest ./systemd-journal-gateway.nix {};

     

       
832
       
833
       
 
       
  systemd-machinectl = handleTest ./systemd-machinectl.nix {};

     

       
833
       
834
       
 
       
  systemd-networkd = handleTest ./systemd-networkd.nix {};

     

       
834
       
835
       
 
       
  systemd-networkd-dhcpserver = handleTest ./systemd-networkd-dhcpserver.nix {};

     

···

       
1
       
1
       
+
       
import ./make-test-python.nix ({ lib, pkgs, ... }:

     

       
2
       
2
       
+
       
{

     

       
3
       
3
       
+
       
  name = "systemd-journal-gateway";

     

       
4
       
4
       
+
       
  meta = with pkgs.lib.maintainers; {

     

       
5
       
5
       
+
       
    maintainers = [ minijackson ];

     

       
6
       
6
       
+
       
  };

     

       
7
       
7
       
+
       


     

       
8
       
8
       
+
       
  # Named client for coherence with the systemd-journal-upload test, and for

     

       
9
       
9
       
+
       
  # certificate validation

     

       
10
       
10
       
+
       
  nodes.client = {

     

       
11
       
11
       
+
       
    services.journald.gateway = {

     

       
12
       
12
       
+
       
      enable = true;

     

       
13
       
13
       
+
       
      cert = "/run/secrets/client/cert.pem";

     

       
14
       
14
       
+
       
      key = "/run/secrets/client/key.pem";

     

       
15
       
15
       
+
       
      trust = "/run/secrets/ca.cert.pem";

     

       
16
       
16
       
+
       
    };

     

       
17
       
17
       
+
       
  };

     

       
18
       
18
       
+
       


     

       
19
       
19
       
+
       
  testScript = ''

     

       
20
       
20
       
+
       
    import json

     

       
21
       
21
       
+
       
    import subprocess

     

       
22
       
22
       
+
       
    import tempfile

     

       
23
       
23
       
+
       


     

       
24
       
24
       
+
       
    tmpdir_o = tempfile.TemporaryDirectory()

     

       
25
       
25
       
+
       
    tmpdir = tmpdir_o.name

     

       
26
       
26
       
+
       


     

       
27
       
27
       
+
       
    def generate_pems(domain: str):

     

       
28
       
28
       
+
       
      subprocess.run(

     

       
29
       
29
       
+
       
        [

     

       
30
       
30
       
+
       
          "${pkgs.minica}/bin/minica",

     

       
31
       
31
       
+
       
          "--ca-key=ca.key.pem",

     

       
32
       
32
       
+
       
          "--ca-cert=ca.cert.pem",

     

       
33
       
33
       
+
       
          f"--domains={domain}",

     

       
34
       
34
       
+
       
        ],

     

       
35
       
35
       
+
       
        cwd=str(tmpdir),

     

       
36
       
36
       
+
       
      )

     

       
37
       
37
       
+
       


     

       
38
       
38
       
+
       
    with subtest("Creating keys and certificates"):

     

       
39
       
39
       
+
       
      generate_pems("server")

     

       
40
       
40
       
+
       
      generate_pems("client")

     

       
41
       
41
       
+
       


     

       
42
       
42
       
+
       
    client.wait_for_unit("multi-user.target")

     

       
43
       
43
       
+
       


     

       
44
       
44
       
+
       
    def copy_pem(file: str):

     

       
45
       
45
       
+
       
      machine.copy_from_host(source=f"{tmpdir}/{file}", target=f"/run/secrets/{file}")

     

       
46
       
46
       
+
       
      machine.succeed(f"chmod 644 /run/secrets/{file}")

     

       
47
       
47
       
+
       


     

       
48
       
48
       
+
       
    with subtest("Copying keys and certificates"):

     

       
49
       
49
       
+
       
      machine.succeed("mkdir -p /run/secrets/{client,server}")

     

       
50
       
50
       
+
       
      copy_pem("server/cert.pem")

     

       
51
       
51
       
+
       
      copy_pem("server/key.pem")

     

       
52
       
52
       
+
       
      copy_pem("client/cert.pem")

     

       
53
       
53
       
+
       
      copy_pem("client/key.pem")

     

       
54
       
54
       
+
       
      copy_pem("ca.cert.pem")

     

       
55
       
55
       
+
       


     

       
56
       
56
       
+
       
    client.wait_for_unit("multi-user.target")

     

       
57
       
57
       
+
       


     

       
58
       
58
       
+
       
    curl = '${pkgs.curl}/bin/curl'

     

       
59
       
59
       
+
       
    accept_json = '--header "Accept: application/json"'

     

       
60
       
60
       
+
       
    cacert = '--cacert /run/secrets/ca.cert.pem'

     

       
61
       
61
       
+
       
    cert = '--cert /run/secrets/server/cert.pem'

     

       
62
       
62
       
+
       
    key = '--key /run/secrets/server/key.pem'

     

       
63
       
63
       
+
       
    base_url = 'https://client:19531'

     

       
64
       
64
       
+
       


     

       
65
       
65
       
+
       
    curl_cli = f"{curl} {accept_json} {cacert} {cert} {key} --fail"

     

       
66
       
66
       
+
       


     

       
67
       
67
       
+
       
    machine_info = client.succeed(f"{curl_cli} {base_url}/machine")

     

       
68
       
68
       
+
       
    assert json.loads(machine_info)["hostname"] == "client", "wrong machine name"

     

       
69
       
69
       
+
       


     

       
70
       
70
       
+
       
    # The HTTP request should have started the gateway service, triggered by

     

       
71
       
71
       
+
       
    # the .socket unit

     

       
72
       
72
       
+
       
    client.wait_for_unit("systemd-journal-gatewayd.service")

     

       
73
       
73
       
+
       


     

       
74
       
74
       
+
       
    identifier = "nixos-test"

     

       
75
       
75
       
+
       
    message = "Hello from NixOS test infrastructure"

     

       
76
       
76
       
+
       


     

       
77
       
77
       
+
       
    client.succeed(f"systemd-cat --identifier={identifier} <<< '{message}'")

     

       
78
       
78
       
+
       


     

       
79
       
79
       
+
       
    # max-time is a workaround against a bug in systemd-journal-gatewayd where

     

       
80
       
80
       
+
       
    # if TLS is enabled, the connection is never closed. Since it will timeout,

     

       
81
       
81
       
+
       
    # we ignore the return code.

     

       
82
       
82
       
+
       
    entries = client.succeed(

     

       
83
       
83
       
+
       
        f"{curl_cli} --max-time 5 {base_url}/entries?SYSLOG_IDENTIFIER={identifier} || true"

     

       
84
       
84
       
+
       
    )

     

       
85
       
85
       
+
       


     

       
86
       
86
       
+
       
    # Number of entries should be only 1

     

       
87
       
87
       
+
       
    added_entry = json.loads(entries)

     

       
88
       
88
       
+
       
    assert added_entry["SYSLOG_IDENTIFIER"] == identifier and added_entry["MESSAGE"] == message, "journal entry does not correspond"

     

       
89
       
89
       
+
       
  '';

     

       
90
       
90
       
+
       
})

     

···

       
6
       
6
       
 
       
    maintainers = [ lewo ];

     

       
7
       
7
       
 
       
  };

     

       
8
       
8
       
 
       


     

       
9
       
9
       
-
       
  nodes.machine = { pkgs, lib, ... }: {

     

       
10
       
10
       
-
       
    services.journald.enableHttpGateway = true;

     

       
11
       
11
       
-
       
  };

     

       
9
       
9
       
+
       
  nodes.machine = { };

     

       
12
       
10
       
 
       


     

       
13
       
11
       
 
       
  testScript = ''

     

       
14
       
12
       
 
       
    machine.wait_for_unit("multi-user.target")

     

       
15
       
13
       
 
       


     

       
16
       
14
       
 
       
    machine.succeed("journalctl --grep=systemd")

     

       
17
       
17
       
-
       


     

       
18
       
18
       
-
       
    machine.succeed(

     

       
19
       
19
       
-
       
        "${pkgs.curl}/bin/curl -s localhost:19531/machine | ${pkgs.jq}/bin/jq -e '.hostname == \"machine\"'"

     

       
20
       
20
       
-
       
    )

     

       
21
       
15
       
 
       
  '';

     

       
22
       
16
       
 
       
})