diff options
author | Maximilian Bosch <maximilian@mbosch.me> | 2019-07-09 02:01:43 +0200 |
---|---|---|
committer | Maximilian Bosch <maximilian@mbosch.me> | 2019-07-09 23:57:45 +0200 |
commit | 16d0b8dcbd6a8a6be12a2732c7174529c3828051 (patch) | |
tree | 520017943d3730cbf391027267528d95b24dba21 /nixos/tests/graylog.nix | |
parent | 60ed1f425b3d9a024239e86d6ac8566381576d69 (diff) |
nixos/graylog: add test
Basic test which confirms new inputs can be created and that messages can be sent to a UDP-GELF input using `netcat`. This test requires 4GB of RAM to avoid issues due insufficient memory (please refer to `nixos/tests/elk.nix` for a detailed explanation of the issue) for elasticsearch. Also it's ensured that elasticsearch has an open HTTP port for communication when starting `graylog`. This is a workaround to ensure that all services are started in proper order, even in test environments with less power. However this shouldn't be implemented in the `nixos/graylog` module as this might be harmful when using elasticsearch clusters that require e.g. authentication and/or run on different servers.
Diffstat (limited to 'nixos/tests/graylog.nix')
-rw-r--r-- | nixos/tests/graylog.nix | 111 |
1 files changed, 111 insertions, 0 deletions
diff --git a/nixos/tests/graylog.nix b/nixos/tests/graylog.nix new file mode 100644 index 0000000000000..dc54afd1d26d7 --- /dev/null +++ b/nixos/tests/graylog.nix @@ -0,0 +1,111 @@ +import ./make-test.nix ({ pkgs, lib, ... }: { + name = "graylog"; + meta.maintainers = with lib.maintainers; [ ma27 ]; + + machine = { pkgs, ... }: { + virtualisation.memorySize = 4096; + virtualisation.diskSize = 4096; + + services.mongodb.enable = true; + services.elasticsearch.enable = true; + services.elasticsearch.package = pkgs.elasticsearch-oss; + services.elasticsearch.extraConf = '' + network.publish_host: 127.0.0.1 + network.bind_host: 127.0.0.1 + ''; + + services.graylog = { + enable = true; + passwordSecret = "YGhZ59wXMrYOojx5xdgEpBpDw2N6FbhM4lTtaJ1KPxxmKrUvSlDbtWArwAWMQ5LKx1ojHEVrQrBMVRdXbRyZLqffoUzHfssc"; + elasticsearchHosts = [ "http://localhost:9200" ]; + + # `echo -n "nixos" | shasum -a 256` + rootPasswordSha2 = "6ed332bcfa615381511d4d5ba44a293bb476f368f7e9e304f0dff50230d1a85b"; + }; + + environment.systemPackages = [ pkgs.jq ]; + + systemd.services.graylog.path = [ pkgs.netcat ]; + systemd.services.graylog.preStart = '' + until nc -z localhost 9200; do + sleep 2 + done + ''; + }; + + testScript = let + payloads.login = pkgs.writeText "login.json" (builtins.toJSON { + host = "127.0.0.1:9000"; + username = "admin"; + password = "nixos"; + }); + + payloads.input = pkgs.writeText "input.json" (builtins.toJSON { + title = "Demo"; + global = false; + type = "org.graylog2.inputs.gelf.udp.GELFUDPInput"; + node = "@node@"; + configuration = { + bind_address = "0.0.0.0"; + decompress_size_limit = 8388608; + number_worker_threads = 1; + override_source = null; + port = 12201; + recv_buffer_size = 262144; + }; + }); + + payloads.gelf_message = pkgs.writeText "gelf.json" (builtins.toJSON { + host = "example.org"; + short_message = "A short message"; + full_message = "A long message"; + version = "1.1"; + level = 5; + facility = "Test"; + }); + in '' + $machine->start; + $machine->waitForUnit("graylog.service"); + $machine->waitForOpenPort(9000); + $machine->succeed("curl -sSfL http://127.0.0.1:9000/"); + + my $session = $machine->succeed("curl -X POST " + . "-sSfL http://127.0.0.1:9000/api/system/sessions " + . "-d \$(cat ${payloads.login}) " + . "-H 'Content-Type: application/json' " + . "-H 'Accept: application/json' " + . "-H 'x-requested-by: cli' " + . "| jq .session_id | xargs echo" + ); + + chomp($session); + + $machine->succeed("curl -X POST " + . "-sSfL http://127.0.0.1:9000/api/system/inputs -u $session:session " + . "-d \$(cat ${payloads.input} | sed -e \"s,\@node\@,\$(cat /var/lib/graylog/server/node-id),\") " + . "-H 'Accept: application/json' " + . "-H 'Content-Type: application/json' " + . "-H 'x-requested-by: cli' " + ); + + $machine->waitUntilSucceeds("test \"\$(curl -sSfL 'http://127.0.0.1:9000/api/cluster/inputstates' " + . "-u $session:session " + . "-H 'Accept: application/json' " + . "-H 'Content-Type: application/json' " + . "-H 'x-requested-by: cli'" + . "| jq 'to_entries[]|.value|.[0]|.state' | xargs echo" + . ")\" = \"RUNNING\"" + ); + + $machine->succeed("echo -n \$(cat ${payloads.gelf_message}) | nc -w10 -u 127.0.0.1 12201"); + + $machine->succeed("test \"\$(curl -X GET " + . "-sSfL 'http://127.0.0.1:9000/api/search/universal/relative?query=*' " + . "-u $session:session " + . "-H 'Accept: application/json' " + . "-H 'Content-Type: application/json' " + . "-H 'x-requested-by: cli'" + . " | jq '.total_results' | xargs echo)\" = \"1\"" + ); + ''; +}) |