diff options
| author | Adam C. Stephens <2071575+adamcstephens@users.noreply.github.com> | 2024-02-28 13:34:48 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-02-28 13:34:48 -0500 |
| commit | 6b834b5e9a04b8b077ed80e7c467930bef9dc19f (patch) | |
| tree | 8476fcf2717bed90d3acec54fc580d25b7404b12 /nixos/tests | |
| parent | 18a2629c281a47ca54e55405aeabac23f85aa12b (diff) | |
| parent | 5f1b65f75fd893933bcea6f74598f6990bebb115 (diff) | |
Merge pull request #290570 from adamcstephens/lxc/sysctl
nixos/lxc/generator: remove sysctl error handling
Diffstat (limited to 'nixos/tests')
| -rw-r--r-- | nixos/tests/incus/container.nix | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/nixos/tests/incus/container.nix b/nixos/tests/incus/container.nix index 0f42d16f133d6..eb00429e53fe1 100644 --- a/nixos/tests/incus/container.nix +++ b/nixos/tests/incus/container.nix @@ -5,6 +5,8 @@ let configuration = { # Building documentation makes the test unnecessarily take a longer time: documentation.enable = lib.mkForce false; + + boot.kernel.sysctl."net.ipv4.ip_forward" = "1"; } // extra; }; @@ -40,6 +42,12 @@ in with machine.nested("Waiting for instance to start and be usable"): retry(instance_is_up) + def check_sysctl(instance): + with subtest("systemd sysctl settings are applied"): + machine.succeed(f"incus exec {instance} -- systemctl status systemd-sysctl") + sysctl = machine.succeed(f"incus exec {instance} -- sysctl net.ipv4.ip_forward").strip().split(" ")[-1] + assert "1" == sysctl, f"systemd-sysctl configuration not correctly applied, {sysctl} != 1" + machine.wait_for_unit("incus.service") # no preseed should mean no service @@ -83,6 +91,7 @@ in with subtest("lxc-container generator configures plain container"): # reuse the existing container to save some time machine.succeed("incus exec container test -- -e /run/systemd/system/service.d/zzz-lxc-service.conf") + check_sysctl("container") with subtest("lxc-container generator configures nested container"): machine.execute("incus delete --force container") @@ -94,6 +103,8 @@ in target = machine.succeed("incus exec container readlink -- -f /run/systemd/system/systemd-binfmt.service").strip() assert target == "/dev/null", "lxc generator did not correctly mask /run/systemd/system/systemd-binfmt.service" + check_sysctl("container") + with subtest("lxc-container generator configures privileged container"): machine.execute("incus delete --force container") machine.succeed("incus launch nixos container --config security.privileged=true") @@ -101,5 +112,7 @@ in retry(instance_is_up) machine.succeed("incus exec container test -- -e /run/systemd/system/service.d/zzz-lxc-service.conf") + + check_sysctl("container") ''; }) |