blob: 57ef95c2725fed06eb867e79d719953988f97e50 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
import ./make-test-python.nix (
let
container = {
# We re-use the NixOS container option ...
boot.isContainer = true;
# ... and revert unwanted defaults
networking.useHostResolvConf = false;
# use networkd to obtain systemd network setup
networking.useNetworkd = true;
networking.useDHCP = false;
# systemd-nspawn expects /sbin/init
boot.loader.initScript.enable = true;
imports = [ ../modules/profiles/minimal.nix ];
};
containerSystem = (import ../lib/eval-config.nix {
modules = [ container ];
}).config.system.build.toplevel;
containerName = "container";
containerRoot = "/var/lib/machines/${containerName}";
in
{
name = "systemd-machinectl";
nodes.machine = { lib, ... }: {
# use networkd to obtain systemd network setup
networking.useNetworkd = true;
networking.useDHCP = false;
# do not try to access cache.nixos.org
nix.settings.substituters = lib.mkForce [ ];
# auto-start container
systemd.targets.machines.wants = [ "systemd-nspawn@${containerName}.service" ];
virtualisation.additionalPaths = [ containerSystem ];
};
testScript = ''
start_all()
machine.wait_for_unit("default.target");
# Install container
machine.succeed("mkdir -p ${containerRoot}");
# Workaround for nixos-install
machine.succeed("chmod o+rx /var/lib/machines");
machine.succeed("nixos-install --root ${containerRoot} --system ${containerSystem} --no-channel-copy --no-root-passwd");
# Allow systemd-nspawn to apply user namespace on immutable files
machine.succeed("chattr -i ${containerRoot}/var/empty");
# Test machinectl start
machine.succeed("machinectl start ${containerName}");
machine.wait_until_succeeds("systemctl -M ${containerName} is-active default.target");
# Test nss_mymachines without nscd
machine.succeed('LD_LIBRARY_PATH="/run/current-system/sw/lib" getent -s hosts:mymachines hosts ${containerName}');
# Test failing nss_mymachines via nscd
# nscd has not enough rights to connect to systemd bus
# via sd_bus_open_system() in
# https://github.com/systemd/systemd/blob/main/src/nss-mymachines/nss-mymachines.c#L287
machine.fail("getent hosts ${containerName}");
# Test systemd-nspawn network configuration
machine.succeed("systemctl stop nscd");
machine.succeed('LD_LIBRARY_PATH="/run/current-system/sw/lib" ping -n -c 1 ${containerName}');
machine.succeed("systemctl start nscd");
# Test systemd-nspawn uses a user namespace
machine.succeed("test $(machinectl status ${containerName} | grep 'UID Shift: ' | wc -l) = 1")
# Test systemd-nspawn reboot
machine.succeed("machinectl shell ${containerName} /run/current-system/sw/bin/reboot");
machine.wait_until_succeeds("systemctl -M ${containerName} is-active default.target");
# Test machinectl reboot
machine.succeed("machinectl reboot ${containerName}");
machine.wait_until_succeeds("systemctl -M ${containerName} is-active default.target");
# Restart machine
machine.shutdown()
machine.start()
machine.wait_for_unit("default.target");
# Test auto-start
machine.succeed("machinectl show ${containerName}")
# Test machinectl stop
machine.succeed("machinectl stop ${containerName}");
machine.wait_until_succeeds("test $(systemctl is-active systemd-nspawn@${containerName}) = inactive");
# Show to to delete the container
machine.succeed("chattr -i ${containerRoot}/var/empty");
machine.succeed("rm -rf ${containerRoot}");
'';
}
)
|