Merge pull request #79696 from tfc/port-ec2-test

nixosTests.ec2: Port tests that depend on common/ec2.nix
This commit is contained in:
Florian Klink 2020-08-23 10:35:28 +02:00 committed by GitHub
commit 4460cda6b5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 143 additions and 122 deletions

View File

@ -86,8 +86,7 @@ in
documize = handleTest ./documize.nix {}; documize = handleTest ./documize.nix {};
dokuwiki = handleTest ./dokuwiki.nix {}; dokuwiki = handleTest ./dokuwiki.nix {};
dovecot = handleTest ./dovecot.nix {}; dovecot = handleTest ./dovecot.nix {};
# ec2-config doesn't work in a sandbox as the simulated ec2 instance needs network access ec2-config = (handleTestOn ["x86_64-linux"] ./ec2.nix {}).boot-ec2-config or {};
#ec2-config = (handleTestOn ["x86_64-linux"] ./ec2.nix {}).boot-ec2-config or {};
ec2-nixops = (handleTestOn ["x86_64-linux"] ./ec2.nix {}).boot-ec2-nixops or {}; ec2-nixops = (handleTestOn ["x86_64-linux"] ./ec2.nix {}).boot-ec2-nixops or {};
ecryptfs = handleTest ./ecryptfs.nix {}; ecryptfs = handleTest ./ecryptfs.nix {};
ejabberd = handleTest ./xmpp/ejabberd.nix {}; ejabberd = handleTest ./xmpp/ejabberd.nix {};

View File

@ -20,30 +20,44 @@ with pkgs.lib;
in makeTest { in makeTest {
name = "ec2-" + name; name = "ec2-" + name;
nodes = {}; nodes = {};
testScript = testScript = ''
'' import os
my $imageDir = ($ENV{'TMPDIR'} // "/tmp") . "/vm-state-machine"; import subprocess
mkdir $imageDir, 0700;
my $diskImage = "$imageDir/machine.qcow2";
system("qemu-img create -f qcow2 -o backing_file=${image} $diskImage") == 0 or die;
system("qemu-img resize $diskImage 10G") == 0 or die;
# Note: we use net=169.0.0.0/8 rather than image_dir = os.path.join(
# net=169.254.0.0/16 to prevent dhcpcd from getting horribly os.environ.get("TMPDIR", tempfile.gettempdir()), "tmp", "vm-state-machine"
# confused. (It would get a DHCP lease in the 169.254.* )
# range, which it would then configure and prompty delete os.makedirs(image_dir, mode=0o700, exist_ok=True)
# again when it deletes link-local addresses.) Ideally we'd disk_image = os.path.join(image_dir, "machine.qcow2")
# turn off the DHCP server, but qemu does not have an option subprocess.check_call(
# to do that. [
my $startCommand = "qemu-kvm -m 1024"; "qemu-img",
$startCommand .= " -device virtio-net-pci,netdev=vlan0"; "create",
$startCommand .= " -netdev 'user,id=vlan0,net=169.0.0.0/8,guestfwd=tcp:169.254.169.254:80-cmd:${pkgs.micro-httpd}/bin/micro_httpd ${metaData}'"; "-f",
$startCommand .= " -drive file=$diskImage,if=virtio,werror=report"; "qcow2",
$startCommand .= " \$QEMU_OPTS"; "-o",
"backing_file=${image}",
disk_image,
]
)
subprocess.check_call(["qemu-img", "resize", disk_image, "10G"])
my $machine = createMachine({ startCommand => $startCommand }); # Note: we use net=169.0.0.0/8 rather than
# net=169.254.0.0/16 to prevent dhcpcd from getting horribly
# confused. (It would get a DHCP lease in the 169.254.*
# range, which it would then configure and prompty delete
# again when it deletes link-local addresses.) Ideally we'd
# turn off the DHCP server, but qemu does not have an option
# to do that.
start_command = (
"qemu-kvm -m 1024"
+ " -device virtio-net-pci,netdev=vlan0"
+ " -netdev 'user,id=vlan0,net=169.0.0.0/8,guestfwd=tcp:169.254.169.254:80-cmd:${pkgs.micro-httpd}/bin/micro_httpd ${metaData}'"
+ f" -drive file={disk_image},if=virtio,werror=report"
+ " $QEMU_OPTS"
)
${script} machine = create_machine({"startCommand": start_command})
''; '' + script;
}; };
} }

View File

@ -3,58 +3,58 @@
pkgs ? import ../.. { inherit system config; } pkgs ? import ../.. { inherit system config; }
}: }:
with import ../lib/testing.nix { inherit system pkgs; }; with import ../lib/testing-python.nix { inherit system pkgs; };
with pkgs.lib; with pkgs.lib;
with import common/ec2.nix { inherit makeTest pkgs; }; with import common/ec2.nix { inherit makeTest pkgs; };
let let
imageCfg = imageCfg = (import ../lib/eval-config.nix {
(import ../lib/eval-config.nix { inherit system;
inherit system; modules = [
modules = [ ../maintainers/scripts/ec2/amazon-image.nix
../maintainers/scripts/ec2/amazon-image.nix ../modules/testing/test-instrumentation.nix
../modules/testing/test-instrumentation.nix ../modules/profiles/qemu-guest.nix
../modules/profiles/qemu-guest.nix {
{ ec2.hvm = true; ec2.hvm = true;
# Hack to make the partition resizing work in QEMU. # Hack to make the partition resizing work in QEMU.
boot.initrd.postDeviceCommands = mkBefore boot.initrd.postDeviceCommands = mkBefore ''
'' ln -s vda /dev/xvda
ln -s vda /dev/xvda ln -s vda1 /dev/xvda1
ln -s vda1 /dev/xvda1 '';
'';
# Needed by nixos-rebuild due to the lack of network # Needed by nixos-rebuild due to the lack of network
# access. Determined by trial and error. # access. Determined by trial and error.
system.extraDependencies = system.extraDependencies = with pkgs; ( [
with pkgs; ( # Needed for a nixos-rebuild.
[ busybox
# Needed for a nixos-rebuild. cloud-utils
busybox desktop-file-utils
stdenv libxslt.bin
stdenvNoCC mkinitcpio-nfs-utils
mkinitcpio-nfs-utils stdenv
unionfs-fuse stdenvNoCC
cloud-utils texinfo
desktop-file-utils unionfs-fuse
texinfo xorg.lndir
libxslt.bin
xorg.lndir
# These are used in the configure-from-userdata tests # These are used in the configure-from-userdata tests
# for EC2. Httpd and valgrind are requested by the # for EC2. Httpd and valgrind are requested by the
# configuration. # configuration.
apacheHttpd apacheHttpd.doc apacheHttpd.man valgrind.doc apacheHttpd
] apacheHttpd.doc
); apacheHttpd.man
} valgrind.doc
]; ]);
}).config; }
];
}).config;
image = "${imageCfg.system.build.amazonImage}/${imageCfg.amazonImage.name}.vhd"; image = "${imageCfg.system.build.amazonImage}/${imageCfg.amazonImage.name}.vhd";
sshKeys = import ./ssh-keys.nix pkgs; sshKeys = import ./ssh-keys.nix pkgs;
snakeOilPrivateKey = sshKeys.snakeOilPrivateKey.text; snakeOilPrivateKey = sshKeys.snakeOilPrivateKey.text;
snakeOilPrivateKeyFile = pkgs.writeText "private-key" snakeOilPrivateKey;
snakeOilPublicKey = sshKeys.snakeOilPublicKey; snakeOilPublicKey = sshKeys.snakeOilPublicKey;
in { in {
@ -68,43 +68,47 @@ in {
SSH_HOST_ED25519_KEY:${replaceStrings ["\n"] ["|"] snakeOilPrivateKey} SSH_HOST_ED25519_KEY:${replaceStrings ["\n"] ["|"] snakeOilPrivateKey}
''; '';
script = '' script = ''
$machine->start; machine.start()
$machine->waitForFile("/etc/ec2-metadata/user-data"); machine.wait_for_file("/etc/ec2-metadata/user-data")
$machine->waitForUnit("sshd.service"); machine.wait_for_unit("sshd.service")
$machine->succeed("grep unknown /etc/ec2-metadata/ami-manifest-path"); machine.succeed("grep unknown /etc/ec2-metadata/ami-manifest-path")
# We have no keys configured on the client side yet, so this should fail # We have no keys configured on the client side yet, so this should fail
$machine->fail("ssh -o BatchMode=yes localhost exit"); machine.fail("ssh -o BatchMode=yes localhost exit")
# Let's install our client private key # Let's install our client private key
$machine->succeed("mkdir -p ~/.ssh"); machine.succeed("mkdir -p ~/.ssh")
$machine->succeed("echo '${snakeOilPrivateKey}' > ~/.ssh/id_ed25519"); machine.copy_from_host_via_shell(
$machine->succeed("chmod 600 ~/.ssh/id_ed25519"); "${snakeOilPrivateKeyFile}", "~/.ssh/id_ed25519"
)
machine.succeed("chmod 600 ~/.ssh/id_ed25519")
# We haven't configured the host key yet, so this should still fail # We haven't configured the host key yet, so this should still fail
$machine->fail("ssh -o BatchMode=yes localhost exit"); machine.fail("ssh -o BatchMode=yes localhost exit")
# Add the host key; ssh should finally succeed # Add the host key; ssh should finally succeed
$machine->succeed("echo localhost,127.0.0.1 ${snakeOilPublicKey} > ~/.ssh/known_hosts"); machine.succeed(
$machine->succeed("ssh -o BatchMode=yes localhost exit"); "echo localhost,127.0.0.1 ${snakeOilPublicKey} > ~/.ssh/known_hosts"
)
machine.succeed("ssh -o BatchMode=yes localhost exit")
# Test whether the root disk was resized. # Test whether the root disk was resized.
my $blocks = $machine->succeed("stat -c %b -f /"); blocks, block_size = map(int, machine.succeed("stat -c %b:%S -f /").split(":"))
my $bsize = $machine->succeed("stat -c %S -f /"); GB = 1024 ** 3
my $size = $blocks * $bsize; assert 9.7 * GB <= blocks * block_size <= 10 * GB
die "wrong free space $size" if $size < 9.7 * 1024 * 1024 * 1024 || $size > 10 * 1024 * 1024 * 1024;
# Just to make sure resizing is idempotent. # Just to make sure resizing is idempotent.
$machine->shutdown; machine.shutdown()
$machine->start; machine.start()
$machine->waitForFile("/etc/ec2-metadata/user-data"); machine.wait_for_file("/etc/ec2-metadata/user-data")
''; '';
}; };
boot-ec2-config = makeEc2Test { boot-ec2-config = makeEc2Test {
name = "config-userdata"; name = "config-userdata";
meta.broken = true; # amazon-init wants to download from the internet while building the system
inherit image; inherit image;
sshPublicKey = snakeOilPublicKey; sshPublicKey = snakeOilPublicKey;
@ -133,17 +137,17 @@ in {
} }
''; '';
script = '' script = ''
$machine->start; machine.start()
# amazon-init must succeed. if it fails, make the test fail # amazon-init must succeed. if it fails, make the test fail
# immediately instead of timing out in waitForFile. # immediately instead of timing out in wait_for_file.
$machine->waitForUnit('amazon-init.service'); machine.wait_for_unit("amazon-init.service")
$machine->waitForFile("/etc/testFile"); machine.wait_for_file("/etc/testFile")
$machine->succeed("cat /etc/testFile | grep -q 'whoa'"); assert "whoa" in machine.succeed("cat /etc/testFile")
$machine->waitForUnit("httpd.service"); machine.wait_for_unit("httpd.service")
$machine->succeed("curl http://localhost | grep Valgrind"); assert "Valgrind" in machine.succeed("curl http://localhost")
''; '';
}; };
} }

View File

@ -3,30 +3,30 @@
pkgs ? import ../.. { inherit system config; } pkgs ? import ../.. { inherit system config; }
}: }:
with import ../lib/testing.nix { inherit system pkgs; }; with import ../lib/testing-python.nix { inherit system pkgs; };
with pkgs.lib; with pkgs.lib;
with import common/ec2.nix { inherit makeTest pkgs; }; with import common/ec2.nix { inherit makeTest pkgs; };
let let
image = image = (import ../lib/eval-config.nix {
(import ../lib/eval-config.nix { inherit system;
inherit system; modules = [
modules = [ ../maintainers/scripts/openstack/openstack-image.nix
../maintainers/scripts/openstack/openstack-image.nix ../modules/testing/test-instrumentation.nix
../modules/testing/test-instrumentation.nix ../modules/profiles/qemu-guest.nix
../modules/profiles/qemu-guest.nix {
{ # Needed by nixos-rebuild due to lack of network access.
# Needed by nixos-rebuild due to lack of network access. system.extraDependencies = with pkgs; [
system.extraDependencies = with pkgs; [ stdenv
stdenv ];
]; }
} ];
]; }).config.system.build.openstackImage + "/nixos.qcow2";
}).config.system.build.openstackImage + "/nixos.qcow2";
sshKeys = import ./ssh-keys.nix pkgs; sshKeys = import ./ssh-keys.nix pkgs;
snakeOilPrivateKey = sshKeys.snakeOilPrivateKey.text; snakeOilPrivateKey = sshKeys.snakeOilPrivateKey.text;
snakeOilPrivateKeyFile = pkgs.writeText "private-key" snakeOilPrivateKey;
snakeOilPublicKey = sshKeys.snakeOilPublicKey; snakeOilPublicKey = sshKeys.snakeOilPublicKey;
in { in {
@ -39,32 +39,36 @@ in {
SSH_HOST_ED25519_KEY:${replaceStrings ["\n"] ["|"] snakeOilPrivateKey} SSH_HOST_ED25519_KEY:${replaceStrings ["\n"] ["|"] snakeOilPrivateKey}
''; '';
script = '' script = ''
$machine->start; machine.start()
$machine->waitForFile("/etc/ec2-metadata/user-data"); machine.wait_for_file("/etc/ec2-metadata/user-data")
$machine->waitForUnit("sshd.service"); machine.wait_for_unit("sshd.service")
$machine->succeed("grep unknown /etc/ec2-metadata/ami-manifest-path"); machine.succeed("grep unknown /etc/ec2-metadata/ami-manifest-path")
# We have no keys configured on the client side yet, so this should fail # We have no keys configured on the client side yet, so this should fail
$machine->fail("ssh -o BatchMode=yes localhost exit"); machine.fail("ssh -o BatchMode=yes localhost exit")
# Let's install our client private key # Let's install our client private key
$machine->succeed("mkdir -p ~/.ssh"); machine.succeed("mkdir -p ~/.ssh")
$machine->succeed("echo '${snakeOilPrivateKey}' > ~/.ssh/id_ed25519"); machine.copy_from_host_via_shell(
$machine->succeed("chmod 600 ~/.ssh/id_ed25519"); "${snakeOilPrivateKeyFile}", "~/.ssh/id_ed25519"
)
machine.succeed("chmod 600 ~/.ssh/id_ed25519")
# We haven't configured the host key yet, so this should still fail # We haven't configured the host key yet, so this should still fail
$machine->fail("ssh -o BatchMode=yes localhost exit"); machine.fail("ssh -o BatchMode=yes localhost exit")
# Add the host key; ssh should finally succeed # Add the host key; ssh should finally succeed
$machine->succeed("echo localhost,127.0.0.1 ${snakeOilPublicKey} > ~/.ssh/known_hosts"); machine.succeed(
$machine->succeed("ssh -o BatchMode=yes localhost exit"); "echo localhost,127.0.0.1 ${snakeOilPublicKey} > ~/.ssh/known_hosts"
)
machine.succeed("ssh -o BatchMode=yes localhost exit")
# Just to make sure resizing is idempotent. # Just to make sure resizing is idempotent.
$machine->shutdown; machine.shutdown()
$machine->start; machine.start()
$machine->waitForFile("/etc/ec2-metadata/user-data"); machine.wait_for_file("/etc/ec2-metadata/user-data")
''; '';
}; };
@ -86,9 +90,9 @@ in {
} }
''; '';
script = '' script = ''
$machine->start; machine.start()
$machine->waitForFile("/etc/testFile"); machine.wait_for_file("/etc/testFile")
$machine->succeed("cat /etc/testFile | grep -q 'whoa'"); assert "whoa" in machine.succeed("cat /etc/testFile")
''; '';
}; };
} }