pyrox.dev / nixpkgs
lol
fork atom

nixos/test-driver: exit early if /dev/vhost-vsock isn't available

Right now it wrongly seems as if you can set
`sshBackdoor.enable = true;` for each test and not only for debugging
purposes.

This is wrong however since you'd need to pass /dev/vhost-vsock into the
sandbox for this (which is also a prerequisite for #392117).

To make that clear, two things were changed:

* add a warning to the manual to communicate this.
* exit both interactive and non-interactive driver early if
/dev/vhost-vsock is missing and the ssh backdoor is enabled.

If that's the case, we pass a CLI flag to the driver already in the
interactive case. This change also sets the flag for the
non-interactive case.

That way we also get a better error if somebody tries to enable this
on a system that doesn't support that.

Maximilian Bosch c6978e8a 079ead62

options
unified split
Changed files
+28 -16
nixos
doc
manual
development
running-nixos-tests-interactively.section.md
lib
testing
run.nix
+10 -1
nixos/doc/manual/development/running-nixos-tests-interactively.section.md 
···

       
71

       
71

       
 

       
{


     

       
72

       
72

       
 

       
  name = "…";


     

       
73

       
73

       
 

       
  nodes.machines = { /* … */ };


     

       
74

       

       
-

       
  sshBackdoor.enable = true;


     

       

       
74

       
+

       
  interactive.sshBackdoor.enable = true;


     

       
75

       
75

       
 

       
}


     

       
76

       
76

       
 

       
```


     

       

       
77

       
+

       



     

       

       
78

       
+

       
::: {.warning}


     

       

       
79

       
+

       
Make sure to only enable the backdoor for interactive tests


     

       

       
80

       
+

       
(i.e. by using `interactive.sshBackdoor.enable`)! This is the only


     

       

       
81

       
+

       
supported configuration.


     

       

       
82

       
+

       



     

       

       
83

       
+

       
Running a test in a sandbox with this will fail because `/dev/vhost-vsock` isn't available


     

       

       
84

       
+

       
in the sandbox.


     

       

       
85

       
+

       
:::


     

       
77

       
86

       
 

       



     

       
78

       
87

       
 

       
This creates a [vsock socket](https://man7.org/linux/man-pages/man7/vsock.7.html)


     

       
79

       
88

       
 

       
for each VM to log in with SSH. This configures root login with an empty password.
+18 -15
nixos/lib/testing/run.nix 
···

       
43

       
43

       
 

       
  };


     

       
44

       
44

       
 

       



     

       
45

       
45

       
 

       
  config = {


     

       
46

       

       
-

       
    rawTestDerivation = hostPkgs.stdenv.mkDerivation {


     

       
47

       

       
-

       
      name = "vm-test-run-${config.name}";


     

       

       
46

       
+

       
    rawTestDerivation =


     

       

       
47

       
+

       
      assert lib.assertMsg (!config.sshBackdoor.enable)


     

       

       
48

       
+

       
        "The SSH backdoor is currently not supported for non-interactive testing! Please make sure to only set `interactive.sshBackdoor.enable = true;`!";


     

       

       
49

       
+

       
      hostPkgs.stdenv.mkDerivation {


     

       

       
50

       
+

       
        name = "vm-test-run-${config.name}";


     

       
48

       
51

       
 

       



     

       
49

       

       
-

       
      requiredSystemFeatures =


     

       
50

       

       
-

       
        [ "nixos-test" ]


     

       
51

       

       
-

       
        ++ lib.optionals hostPkgs.stdenv.hostPlatform.isLinux [ "kvm" ]


     

       
52

       

       
-

       
        ++ lib.optionals hostPkgs.stdenv.hostPlatform.isDarwin [ "apple-virt" ];


     

       

       
52

       
+

       
        requiredSystemFeatures =


     

       

       
53

       
+

       
          [ "nixos-test" ]


     

       

       
54

       
+

       
          ++ lib.optionals hostPkgs.stdenv.hostPlatform.isLinux [ "kvm" ]


     

       

       
55

       
+

       
          ++ lib.optionals hostPkgs.stdenv.hostPlatform.isDarwin [ "apple-virt" ];


     

       
53

       
56

       
 

       



     

       
54

       

       
-

       
      buildCommand = ''


     

       
55

       

       
-

       
        mkdir -p $out


     

       

       
57

       
+

       
        buildCommand = ''


     

       

       
58

       
+

       
          mkdir -p $out


     

       
56

       
59

       
 

       



     

       
57

       

       
-

       
        # effectively mute the XMLLogger


     

       
58

       

       
-

       
        export LOGFILE=/dev/null


     

       

       
60

       
+

       
          # effectively mute the XMLLogger


     

       

       
61

       
+

       
          export LOGFILE=/dev/null


     

       
59

       
62

       
 

       



     

       
60

       

       
-

       
        ${config.driver}/bin/nixos-test-driver -o $out


     

       
61

       

       
-

       
      '';


     

       

       
63

       
+

       
          ${config.driver}/bin/nixos-test-driver -o $out


     

       

       
64

       
+

       
        '';


     

       
62

       
65

       
 

       



     

       
63

       

       
-

       
      passthru = config.passthru;


     

       

       
66

       
+

       
        passthru = config.passthru;


     

       
64

       
67

       
 

       



     

       
65

       

       
-

       
      meta = config.meta;


     

       
66

       

       
-

       
    };


     

       

       
68

       
+

       
        meta = config.meta;


     

       

       
69

       
+

       
      };


     

       
67

       
70

       
 

       
    test = lib.lazyDerivation {


     

       
68

       
71

       
 

       
      # lazyDerivation improves performance when only passthru items and/or meta are used.


     

       
69

       
72

       
 

       
      derivation = config.rawTestDerivation;