commit 4491dfaa0c863679cd8e707274f98c2fed62d6c6 · pyrox.dev/nixpkgs

+1 -1

nixos/tests/all-tests.nix

···

       1262
        
         saunafs = runTest ./saunafs.nix;

     

       1263
        
         scaphandre = handleTest ./scaphandre.nix { };

     

       1264
        
         schleuder = runTest ./schleuder.nix;

     

       1265
       -
         scion-freestanding-deployment = handleTest ./scion/freestanding-deployment { };

     

       1266
        
         scrutiny = runTest ./scrutiny.nix;

     

       1267
        
         scx = runTest ./scx/default.nix;

     

       1268
        
         sddm = import ./sddm.nix { inherit runTest; };

···

       1262
        
         saunafs = runTest ./saunafs.nix;

     

       1263
        
         scaphandre = handleTest ./scaphandre.nix { };

     

       1264
        
         schleuder = runTest ./schleuder.nix;

     

       1265
       +
         scion-freestanding-deployment = runTest ./scion/freestanding-deployment;

     

       1266
        
         scrutiny = runTest ./scrutiny.nix;

     

       1267
        
         scx = runTest ./scx/default.nix;

     

       1268
        
         sddm = import ./sddm.nix { inherit runTest; };

+172 -184

nixos/tests/scion/freestanding-deployment/default.nix

···

       1
        
       # implements https://github.com/scionproto/scion/blob/27983125bccac6b84d1f96f406853aab0e460405/doc/tutorials/deploy.rst

     

       2
       -
       import ../../make-test-python.nix (

     

       3
       -
         { pkgs, ... }:

     

       4
       -
         let

     

       5
       -
           trust-root-configuration-keys = pkgs.runCommand "generate-trc-keys.sh" {

     

       6
       -
             buildInputs = [

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       7
        
               pkgs.scion

     

       8
        
             ];

     

       9
       -
           } (builtins.readFile ./bootstrap.sh);

     

       10
       -
       

     

       11
       -
           imports = hostId: [

     

       12
       -
             ({

     

       13
       -
               services.scion = {

     

       14
       -
                 enable = true;

     

       15
       -
                 bypassBootstrapWarning = true;

     

       16
       -
               };

     

       17
       -
               networking = {

     

       18
       -
                 useNetworkd = true;

     

       19
       -
                 useDHCP = false;

     

       20
       -
               };

     

       21
       -
               systemd.network.networks."01-eth1" = {

     

       22
       -
                 name = "eth1";

     

       23
       -
                 networkConfig.Address = "192.168.1.${toString hostId}/24";

     

       24
       -
               };

     

       25
       -
               environment.etc = {

     

       26
       -
                 "scion/topology.json".source = ./topology + "${toString hostId}.json";

     

       27
       -
                 "scion/crypto/as".source = trust-root-configuration-keys + "/AS${toString hostId}";

     

       28
       -
                 "scion/certs/ISD42-B1-S1.trc".source = trust-root-configuration-keys + "/ISD42-B1-S1.trc";

     

       29
       -
                 "scion/keys/master0.key".text = "U${toString hostId}v4k23ZXjGDwDofg/Eevw==";

     

       30
       -
                 "scion/keys/master1.key".text = "dBMko${toString hostId}qMS8DfrN/zP2OUdA==";

     

       31
       -
               };

     

       32
       -
               environment.systemPackages = [

     

       33
       -
                 pkgs.scion

     

       34
       -
               ];

     

       35
       -
             })

     

       36
       -
           ];

     

       37
       -
         in

     

       38
       -
         {

     

       39
       -
           name = "scion-test";

     

       40
       -
           nodes = {

     

       41
       -
             scion01 =

     

       42
       -
               { ... }:

     

       43
       -
               {

     

       44
       -
                 imports = (imports 1);

     

       45
       -
               };

     

       46
       -
             scion02 =

     

       47
       -
               { ... }:

     

       48
       -
               {

     

       49
       -
                 imports = (imports 2);

     

       50
       -
               };

     

       51
       -
             scion03 =

     

       52
       -
               { ... }:

     

       53
        
               {

     

       54
       -
                 imports = (imports 3);

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       55
        
               };

     

       56
       -
             scion04 =

     

       57
       -
               { ... }:

     

       58
       -
               {

     

       59
       -
                 imports = (imports 4);

     

       60
       -
                 networking.interfaces."lo".ipv4.addresses = [

     

       61
       -
                   {

     

       62
       -
                     address = "172.16.1.1";

     

       63
       -
                     prefixLength = 32;

     

       64
       -
                   }

     

       65
       -
                 ];

     

       66
       -
                 services.scion.scion-ip-gateway = {

     

       67
       -
                   enable = true;

     

       68
       -
                   config = {

     

       69
       -
                     tunnel = {

     

       70
       -
                       src_ipv4 = "172.16.1.1";

     

       71
       -
                     };

     

       72
       -
                   };

     

       73
       -
                   trafficConfig = {

     

       74
       -
                     ASes = {

     

       75
       -
                       "42-ffaa:1:5" = {

     

       76
       -
                         Nets = [

     

       77
       -
                           "172.16.100.0/24"

     

       78
       -
                         ];

     

       79
       -
                       };

     

       80
       -
                     };

     

       81
       -
                     ConfigVersion = 9001;

     

       82
        
                   };

     

       83
        
                 };

     

       0
        
       
     

       84
        
               };

     

       85
       -
             scion05 =

     

       86
       -
               { ... }:

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       87
        
               {

     

       88
       -
                 imports = (imports 5);

     

       89
       -
                 networking.interfaces."lo".ipv4.addresses = [

     

       90
       -
                   {

     

       91
       -
                     address = "172.16.100.1";

     

       92
       -
                     prefixLength = 32;

     

       93
       -
                   }

     

       94
       -
                 ];

     

       95
       -
                 services.scion.scion-ip-gateway = {

     

       96
       -
                   enable = true;

     

       97
       -
                   config = {

     

       98
       -
                     tunnel = {

     

       99
       -
                       src_ipv4 = "172.16.100.1";

     

       100
       -
                     };

     

       101
       -
                   };

     

       102
       -
                   trafficConfig = {

     

       103
       -
                     ASes = {

     

       104
       -
                       "42-ffaa:1:4" = {

     

       105
       -
                         Nets = [

     

       106
       -
                           "172.16.1.0/24"

     

       107
       -
                         ];

     

       108
       -
                       };

     

       109
       -
                     };

     

       110
       -
                     ConfigVersion = 9001;

     

       111
        
                   };

     

       112
        
                 };

     

       0
        
       
     

       113
        
               };

     

       0
        
       
     

       114
        
           };

     

       115
       -
           testScript =

     

       116
       -
             let

     

       117
       -
               pingAll = pkgs.writeShellScript "ping-all-scion.sh" ''

     

       118
       -
                 addresses="42-ffaa:1:1 42-ffaa:1:2 42-ffaa:1:3 42-ffaa:1:4 42-ffaa:1:5"

     

       119
       -
                 timeout=100

     

       120
       -
                 wait_for_all() {

     

       121
       -
                   ret=0

     

       122
       -
                   for as in "$@"

     

       123
       -
                   do

     

       124
       -
                     scion showpaths $as --no-probe > /dev/null

     

       125
       -
                     ret=$?

     

       126
       -
                     if [ "$ret" -ne "0" ]; then

     

       127
       -
                       break

     

       128
       -
                     fi

     

       129
       -
                   done

     

       130
       -
                   return $ret

     

       131
       -
                 }

     

       132
       -
                 ping_all() {

     

       133
       -
                   ret=0

     

       134
       -
                   for as in "$@"

     

       135
       -
                   do

     

       136
       -
                     scion ping "$as,127.0.0.1" -c 3

     

       137
       -
                     ret=$?

     

       138
       -
                     if [ "$ret" -ne "0" ]; then

     

       139
       -
                       break

     

       140
       -
                     fi

     

       141
       -
                   done

     

       142
       -
                   return $ret

     

       143
       -
                 }

     

       144
       -
                 for i in $(seq 0 $timeout); do

     

       145
       -
                   sleep 1

     

       146
       -
                   wait_for_all $addresses || continue

     

       147
       -
                   ping_all $addresses && exit 0

     

       148
        
                 done

     

       149
       -
                 exit 1

     

       150
       -
               '';

     

       151
       -
             in

     

       152
       -
             ''

     

       153
       -
               # List of AS instances

     

       154
       -
               machines = [scion01, scion02, scion03, scion04, scion05]

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       155
        
       

     

       156
       -
               # Functions to avoid many for loops

     

       157
       -
               def start(allow_reboot=False):

     

       158
       -
                   for i in machines:

     

       159
       -
                       i.start(allow_reboot=allow_reboot)

     

       160
        
       

     

       161
       -
               def wait_for_unit(service_name):

     

       162
       -
                   for i in machines:

     

       163
       -
                       i.wait_for_unit(service_name)

     

       164
        
       

     

       165
       -
               def succeed(command):

     

       166
       -
                   for i in machines:

     

       167
       -
                       i.succeed(command)

     

       168
        
       

     

       169
       -
               def reboot():

     

       170
       -
                   for i in machines:

     

       171
       -
                       i.reboot()

     

       172
        
       

     

       173
       -
               def crash():

     

       174
       -
                   for i in machines:

     

       175
       -
                       i.crash()

     

       176
        
       

     

       177
       -
               # Start all machines, allowing reboot for later

     

       178
       -
               start(allow_reboot=True)

     

       179
        
       

     

       180
       -
               # Wait for scion-control.service on all instances

     

       181
       -
               wait_for_unit("scion-control.service")

     

       182
        
       

     

       183
       -
               # Ensure cert is valid against TRC

     

       184
       -
               succeed("scion-pki certificate verify --trc /etc/scion/certs/*.trc /etc/scion/crypto/as/*.pem >&2")

     

       185
        
       

     

       186
       -
               # Execute pingAll command on all instances

     

       187
       -
               succeed("${pingAll} >&2")

     

       188
        
       

     

       189
       -
               # Execute ICMP pings across scion-ip-gateway

     

       190
       -
               scion04.succeed("ping -c 3 172.16.100.1 >&2")

     

       191
       -
               scion05.succeed("ping -c 3 172.16.1.1 >&2")

     

       192
        
       

     

       193
       -
               # Restart all scion services and ping again to test robustness

     

       194
       -
               succeed("systemctl restart scion-* >&2")

     

       195
       -
               succeed("${pingAll} >&2")

     

       196
        
       

     

       197
       -
               # Reboot machines, wait for service, and ping again

     

       198
       -
               reboot()

     

       199
       -
               wait_for_unit("scion-control.service")

     

       200
       -
               succeed("${pingAll} >&2")

     

       201
        
       

     

       202
       -
               # Crash, start, wait for service, and ping again

     

       203
       -
               crash()

     

       204
       -
               start()

     

       205
       -
               wait_for_unit("scion-control.service")

     

       206
       -
               succeed("pkill -9 scion-* >&2")

     

       207
       -
               wait_for_unit("scion-control.service")

     

       208
       -
               succeed("${pingAll} >&2")

     

       209
       -
             '';

     

       210
       -
         }

     

       211
       -
       )

···

       1
        
       # implements https://github.com/scionproto/scion/blob/27983125bccac6b84d1f96f406853aab0e460405/doc/tutorials/deploy.rst

     

       2
       +
       { pkgs, ... }:

     

       3
       +
       let

     

       4
       +
         trust-root-configuration-keys = pkgs.runCommand "generate-trc-keys.sh" {

     

       5
       +
           buildInputs = [

     

       6
       +
             pkgs.scion

     

       7
       +
           ];

     

       8
       +
         } (builtins.readFile ./bootstrap.sh);

     

       9
       +
       

     

       10
       +
         imports = hostId: [

     

       11
       +
           {

     

       12
       +
             services.scion = {

     

       13
       +
               enable = true;

     

       14
       +
               bypassBootstrapWarning = true;

     

       15
       +
             };

     

       16
       +
             networking = {

     

       17
       +
               useNetworkd = true;

     

       18
       +
               useDHCP = false;

     

       19
       +
             };

     

       20
       +
             systemd.network.networks."01-eth1" = {

     

       21
       +
               name = "eth1";

     

       22
       +
               networkConfig.Address = "192.168.1.${toString hostId}/24";

     

       23
       +
             };

     

       24
       +
             environment.etc = {

     

       25
       +
               "scion/topology.json".source = ./topology + "${toString hostId}.json";

     

       26
       +
               "scion/crypto/as".source = trust-root-configuration-keys + "/AS${toString hostId}";

     

       27
       +
               "scion/certs/ISD42-B1-S1.trc".source = trust-root-configuration-keys + "/ISD42-B1-S1.trc";

     

       28
       +
               "scion/keys/master0.key".text = "U${toString hostId}v4k23ZXjGDwDofg/Eevw==";

     

       29
       +
               "scion/keys/master1.key".text = "dBMko${toString hostId}qMS8DfrN/zP2OUdA==";

     

       30
       +
             };

     

       31
       +
             environment.systemPackages = [

     

       32
        
               pkgs.scion

     

       33
        
             ];

     

       34
       +
           }

     

       35
       +
         ];

     

       36
       +
       in

     

       37
       +
       {

     

       38
       +
         name = "scion-test";

     

       39
       +
         nodes = {

     

       40
       +
           scion01 = {

     

       41
       +
             imports = (imports 1);

     

       42
       +
           };

     

       43
       +
           scion02 = {

     

       44
       +
             imports = (imports 2);

     

       45
       +
           };

     

       46
       +
           scion03 = {

     

       47
       +
             imports = (imports 3);

     

       48
       +
           };

     

       49
       +
           scion04 = {

     

       50
       +
             imports = (imports 4);

     

       51
       +
             networking.interfaces."lo".ipv4.addresses = [

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       52
        
               {

     

       53
       +
                 address = "172.16.1.1";

     

       54
       +
                 prefixLength = 32;

     

       55
       +
               }

     

       56
       +
             ];

     

       57
       +
             services.scion.scion-ip-gateway = {

     

       58
       +
               enable = true;

     

       59
       +
               config = {

     

       60
       +
                 tunnel = {

     

       61
       +
                   src_ipv4 = "172.16.1.1";

     

       62
       +
                 };

     

       63
        
               };

     

       64
       +
               trafficConfig = {

     

       65
       +
                 ASes = {

     

       66
       +
                   "42-ffaa:1:5" = {

     

       67
       +
                     Nets = [

     

       68
       +
                       "172.16.100.0/24"

     

       69
       +
                     ];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       70
        
                   };

     

       71
        
                 };

     

       72
       +
                 ConfigVersion = 9001;

     

       73
        
               };

     

       74
       +
             };

     

       75
       +
           };

     

       76
       +
           scion05 = {

     

       77
       +
             imports = (imports 5);

     

       78
       +
             networking.interfaces."lo".ipv4.addresses = [

     

       79
        
               {

     

       80
       +
                 address = "172.16.100.1";

     

       81
       +
                 prefixLength = 32;

     

       82
       +
               }

     

       83
       +
             ];

     

       84
       +
             services.scion.scion-ip-gateway = {

     

       85
       +
               enable = true;

     

       86
       +
               config = {

     

       87
       +
                 tunnel = {

     

       88
       +
                   src_ipv4 = "172.16.100.1";

     

       89
       +
                 };

     

       90
       +
               };

     

       91
       +
               trafficConfig = {

     

       92
       +
                 ASes = {

     

       93
       +
                   "42-ffaa:1:4" = {

     

       94
       +
                     Nets = [

     

       95
       +
                       "172.16.1.0/24"

     

       96
       +
                     ];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       97
        
                   };

     

       98
        
                 };

     

       99
       +
                 ConfigVersion = 9001;

     

       100
        
               };

     

       101
       +
             };

     

       102
        
           };

     

       103
       +
         };

     

       104
       +
         testScript =

     

       105
       +
           let

     

       106
       +
             pingAll = pkgs.writeShellScript "ping-all-scion.sh" ''

     

       107
       +
               addresses="42-ffaa:1:1 42-ffaa:1:2 42-ffaa:1:3 42-ffaa:1:4 42-ffaa:1:5"

     

       108
       +
               timeout=100

     

       109
       +
               wait_for_all() {

     

       110
       +
                 ret=0

     

       111
       +
                 for as in "$@"

     

       112
       +
                 do

     

       113
       +
                   scion showpaths $as --no-probe > /dev/null

     

       114
       +
                   ret=$?

     

       115
       +
                   if [ "$ret" -ne "0" ]; then

     

       116
       +
                     break

     

       117
       +
                   fi

     

       118
       +
                 done

     

       119
       +
                 return $ret

     

       120
       +
               }

     

       121
       +
               ping_all() {

     

       122
       +
                 ret=0

     

       123
       +
                 for as in "$@"

     

       124
       +
                 do

     

       125
       +
                   scion ping "$as,127.0.0.1" -c 3

     

       126
       +
                   ret=$?

     

       127
       +
                   if [ "$ret" -ne "0" ]; then

     

       128
       +
                     break

     

       129
       +
                   fi

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       130
        
                 done

     

       131
       +
                 return $ret

     

       132
       +
               }

     

       133
       +
               for i in $(seq 0 $timeout); do

     

       134
       +
                 sleep 1

     

       135
       +
                 wait_for_all $addresses || continue

     

       136
       +
                 ping_all $addresses && exit 0

     

       137
       +
               done

     

       138
       +
               exit 1

     

       139
       +
             '';

     

       140
       +
           in

     

       141
       +
           ''

     

       142
       +
             # List of AS instances

     

       143
       +
             machines = [scion01, scion02, scion03, scion04, scion05]

     

       144
        
       

     

       145
       +
             # Functions to avoid many for loops

     

       146
       +
             def start(allow_reboot=False):

     

       147
       +
                 for i in machines:

     

       148
       +
                     i.start(allow_reboot=allow_reboot)

     

       149
        
       

     

       150
       +
             def wait_for_unit(service_name):

     

       151
       +
                 for i in machines:

     

       152
       +
                     i.wait_for_unit(service_name)

     

       153
        
       

     

       154
       +
             def succeed(command):

     

       155
       +
                 for i in machines:

     

       156
       +
                     i.succeed(command)

     

       157
        
       

     

       158
       +
             def reboot():

     

       159
       +
                 for i in machines:

     

       160
       +
                     i.reboot()

     

       161
        
       

     

       162
       +
             def crash():

     

       163
       +
                 for i in machines:

     

       164
       +
                     i.crash()

     

       165
        
       

     

       166
       +
             # Start all machines, allowing reboot for later

     

       167
       +
             start(allow_reboot=True)

     

       168
        
       

     

       169
       +
             # Wait for scion-control.service on all instances

     

       170
       +
             wait_for_unit("scion-control.service")

     

       171
        
       

     

       172
       +
             # Ensure cert is valid against TRC

     

       173
       +
             succeed("scion-pki certificate verify --trc /etc/scion/certs/*.trc /etc/scion/crypto/as/*.pem >&2")

     

       174
        
       

     

       175
       +
             # Execute pingAll command on all instances

     

       176
       +
             succeed("${pingAll} >&2")

     

       177
        
       

     

       178
       +
             # Execute ICMP pings across scion-ip-gateway

     

       179
       +
             scion04.succeed("ping -c 3 172.16.100.1 >&2")

     

       180
       +
             scion05.succeed("ping -c 3 172.16.1.1 >&2")

     

       181
        
       

     

       182
       +
             # Restart all scion services and ping again to test robustness

     

       183
       +
             succeed("systemctl restart scion-* >&2")

     

       184
       +
             succeed("${pingAll} >&2")

     

       185
        
       

     

       186
       +
             # Reboot machines, wait for service, and ping again

     

       187
       +
             reboot()

     

       188
       +
             wait_for_unit("scion-control.service")

     

       189
       +
             succeed("${pingAll} >&2")

     

       190
        
       

     

       191
       +
             # Crash, start, wait for service, and ping again

     

       192
       +
             crash()

     

       193
       +
             start()

     

       194
       +
             wait_for_unit("scion-control.service")

     

       195
       +
             succeed("pkill -9 scion-* >&2")

     

       196
       +
             wait_for_unit("scion-control.service")

     

       197
       +
             succeed("${pingAll} >&2")

     

       198
       +
           '';

     

       199
       +
       }

     

       0