diff options
| author | Félix Baylac-Jacqué <felix@alternativebit.fr> | 2020-08-30 20:37:39 +0200 |
|---|---|---|
| committer | Félix Baylac-Jacqué <felix@alternativebit.fr> | 2020-08-30 21:03:27 +0200 |
| commit | f63c842f1ef7b58eaae49b1f9e7d57e450769741 (patch) | |
| tree | 5f9b6bbb21a8f0d8b3d90be16e344d101892fb8d /nixos/tests/systemd-networkd.nix | |
| parent | fe3d667a0f0088303b4cacfbfddd487f5bf4ecfb (diff) | |
nixosTests.systemd-networkd: fix test flakiness
The original idea for this test was, on top of providing a networkd test, to provide newcomers with a sample configuration they could use to get started with networkd. That's precisely why we were doing this systemd tmpfile dance in the first place. It was a convenient way to create a runtime file with a specific mode and owner. Sadly, this tmpfile rule made the test flaky. There's a race condition between the wireguard interface configured by systemd-networkd and systemd-tmpfiles-setup. Sometimes, networkd is going to try loading the wireguard private key file *before* the said file gets created by systemd-tmpfiles. A perfect solution here would be to create a "After" dependency between wg0.netdev and systemd-tmpfiles-setup.service. Sadly, it is currently impossible to create such a dependency between a networkd-specific unit and a service. We're removing this tmp file in favor of pointing networkd directly to the Nix store. This is clearly something that shouldn't be done in the real world for a private file: the store is world-readable. However, this is the only way I found to fix this test flakiness for now.
Diffstat (limited to 'nixos/tests/systemd-networkd.nix')
| -rw-r--r-- | nixos/tests/systemd-networkd.nix | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/nixos/tests/systemd-networkd.nix b/nixos/tests/systemd-networkd.nix index 162970e675375..d5fb2431dbad5 100644 --- a/nixos/tests/systemd-networkd.nix +++ b/nixos/tests/systemd-networkd.nix @@ -7,16 +7,17 @@ let generateNodeConf = { lib, pkgs, config, privk, pubk, peerId, nodeId, ...}: { virtualisation.vlans = [ 1 ]; environment.systemPackages = with pkgs; [ wireguard-tools ]; boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ]; - systemd.tmpfiles.rules = [ - "f /run/wg_priv 0640 root systemd-network - ${privk}" - ]; systemd.network = { enable = true; netdevs = { "90-wg0" = { netdevConfig = { Kind = "wireguard"; Name = "wg0"; }; wireguardConfig = { - PrivateKeyFile = "/run/wg_priv"; + # NOTE: we're storing the wireguard private key in the + # store for this test. Do not do this in the real + # world. Keep in mind the nix store is + # world-readable. + PrivateKeyFile = pkgs.writeText "wg0-priv" privk; ListenPort = 51820; FirewallMark = 42; }; |