From de52b2b49e9f3f6632d3a286e37a4e7fdc9f2e1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6gler?= Date: Tue, 12 Mar 2024 23:03:10 +0100 Subject: [PATCH 1/3] nixos/tests/machinectl: Make network routable --- nixos/tests/systemd-machinectl.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/nixos/tests/systemd-machinectl.nix b/nixos/tests/systemd-machinectl.nix index b8ed0c33e8e4..bbddb2e25155 100644 --- a/nixos/tests/systemd-machinectl.nix +++ b/nixos/tests/systemd-machinectl.nix @@ -52,6 +52,11 @@ import ./make-test-python.nix ({ pkgs, ... }: ]; overrideStrategy = "asDropin"; }; + + # open DHCP for container + networking.firewall.extraCommands = '' + ${pkgs.iptables}/bin/iptables -A nixos-fw -i ve-+ -p udp -m udp --dport 67 -j nixos-fw-accept + ''; }; testScript = '' @@ -77,6 +82,12 @@ import ./make-test-python.nix ({ pkgs, ... }: # Test nss_mymachines via nscd machine.succeed("getent hosts ${containerName}"); + # Test systemd-nspawn network configuration to container + machine.succeed("networkctl --json=short status ve-${containerName} | ${pkgs.jq}/bin/jq -e '.OperationalState == \"routable\"'"); + + # Test systemd-nspawn network configuration to host + machine.succeed("machinectl shell ${containerName} /run/current-system/sw/bin/networkctl --json=short status host0 | ${pkgs.jq}/bin/jq -r '.OperationalState == \"routable\"'"); + # Test systemd-nspawn network configuration machine.succeed("ping -n -c 1 ${containerName}"); From bdd7e48646795b3239e2c53e475612402d7d3c01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6gler?= Date: Tue, 12 Mar 2024 23:22:56 +0100 Subject: [PATCH 2/3] nixos/test/machinectl: Add test for shared nix store --- nixos/tests/systemd-machinectl.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/nixos/tests/systemd-machinectl.nix b/nixos/tests/systemd-machinectl.nix index bbddb2e25155..b6698e45bd96 100644 --- a/nixos/tests/systemd-machinectl.nix +++ b/nixos/tests/systemd-machinectl.nix @@ -63,8 +63,17 @@ import ./make-test-python.nix ({ pkgs, ... }: start_all() machine.wait_for_unit("default.target"); - # Install container + # create containers root machine.succeed("mkdir -p ${containerRoot}"); + + # start container with shared nix store by using same arguments as for systemd-nspawn@.service + machine.succeed("systemd-run systemd-nspawn --machine=${containerName} --network-veth -U --bind-ro=/nix/store ${containerSystem}/init") + machine.wait_until_succeeds("systemctl -M ${containerName} is-active default.target"); + + # Test machinectl stop + machine.succeed("machinectl stop ${containerName}"); + + # Install container # Workaround for nixos-install machine.succeed("chmod o+rx /var/lib/machines"); machine.succeed("nixos-install --root ${containerRoot} --system ${containerSystem} --no-channel-copy --no-root-passwd"); From f4f99bf8cc1b1ede7b3cd7274348d302701166f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6gler?= Date: Thu, 14 Mar 2024 22:07:27 +0100 Subject: [PATCH 3/3] nixos/tests/machinectl: Add declarative shared container --- nixos/tests/systemd-machinectl.nix | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/nixos/tests/systemd-machinectl.nix b/nixos/tests/systemd-machinectl.nix index b6698e45bd96..02b4d9c590b5 100644 --- a/nixos/tests/systemd-machinectl.nix +++ b/nixos/tests/systemd-machinectl.nix @@ -42,8 +42,18 @@ import ./make-test-python.nix ({ pkgs, ... }: virtualisation.additionalPaths = [ containerSystem ]; - # not needed, but we want to test the nspawn file generation - systemd.nspawn.${containerName} = { }; + systemd.tmpfiles.rules = [ + "d /var/lib/machines/shared-decl 0755 root root - -" + ]; + systemd.nspawn.shared-decl = { + execConfig = { + Boot = false; + Parameters = "${containerSystem}/init"; + }; + filesConfig = { + BindReadOnly = "/nix/store"; + }; + }; systemd.services."systemd-nspawn@${containerName}" = { serviceConfig.Environment = [ @@ -63,6 +73,11 @@ import ./make-test-python.nix ({ pkgs, ... }: start_all() machine.wait_for_unit("default.target"); + # Test machinectl start stop of shared-decl + machine.succeed("machinectl start shared-decl"); + machine.wait_until_succeeds("systemctl -M shared-decl is-active default.target"); + machine.succeed("machinectl stop shared-decl"); + # create containers root machine.succeed("mkdir -p ${containerRoot}");