Make Docker instantiatable, add tests

2021-03-30 22:37:24 +02:00 · 2021-03-30 22:37:24 +02:00 · dc01c9bf8b
parent 98e257790f
commit dc01c9bf8b
5 changed files with 76 additions and 6 deletions
--- a/services-agnostic/constructors.nix
+++ b/services-agnostic/constructors.nix
@ -63,7 +63,7 @@ in
  };

  docker = import ./docker {
-    inherit createManagedProcess;
+    inherit createManagedProcess runtimeDir libDir;
    inherit (pkgs) docker kmod;
  };

--- a/services-agnostic/docker/default.nix
+++ b/services-agnostic/docker/default.nix
@ -1,13 +1,23 @@
-{createManagedProcess, docker, kmod}:
+{createManagedProcess, docker, kmod, runtimeDir, libDir}:
+{instanceSuffix ? "", instanceName ? "docker${instanceSuffix}", extraArgs ? []}:

 let
-  user = "docker";
-  group = "docker";
+  user = instanceName;
+  group = instanceName;
 in
 createManagedProcess {
-  name = "docker";
+  inherit instanceName;
  foregroundProcess = "${docker}/bin/dockerd";
-  args = [ "--group=${group}" "--host=unix://" "--log-driver=json-file" ];
+  args = [
+    "--group=${group}"
+    "--host=unix://${runtimeDir}/${instanceName}.sock"
+    # Add -alt suffix. We only need PID files for the backends that requires processes to daemonize on their own.
+    # The `daemon` command will create PID files for them. Without the -alt suffix they will conflict causing the Docker daemon to refuse to start.
+    "--pidfile=${runtimeDir}/${instanceName}-alt.pid"
+    "--data-root=${libDir}/${instanceName}"
+    "--exec-root=${runtimeDir}/${instanceName}"
+    "--log-driver=json-file"
+  ] ++ extraArgs;
  path = [ kmod ];

  credentials = {
--- a/tests/default.nix
+++ b/tests/default.nix
@ -23,6 +23,10 @@ in
    inherit pkgs processManagers profiles testService;
  };

+  docker = import ./docker {
+    inherit pkgs processManagers profiles testService;
+  };
+
  influxdb = import ./influxdb {
    inherit pkgs processManagers profiles testService;
  };
--- a/tests/docker/default.nix
+++ b/tests/docker/default.nix
@ -0,0 +1,26 @@
+{ pkgs, testService, processManagers, profiles }:
+
+testService {
+  exprFile = ./processes.nix;
+  systemPackages = [ pkgs.docker ];
+
+  readiness = {instanceName, instance, runtimeDir, ...}:
+    ''
+      machine.wait_for_file("${runtimeDir}/${instanceName}.sock")
+    '';
+
+  tests = {instanceName, instance, stateDir, runtimeDir, forceDisableUserChange, ...}:
+    # The primary instance should be connectible with the default parameters
+    if instanceName == "docker" && !forceDisableUserChange then ''
+      machine.succeed("docker info | grep 'Docker Root Dir: ${stateDir}/lib/${instanceName}'")
+    '' else ''
+      machine.succeed(
+          "docker --host=unix://${runtimeDir}/${instanceName}.sock info | grep 'Docker Root Dir: ${stateDir}/lib/${instanceName}'"
+      )
+    '';
+
+  inherit processManagers;
+
+  # There's an experimental rootless feature for Docker, but a hassle to setup. As a result, we disable unprivileged mode
+  profiles = builtins.filter (profile: profile == "privileged") profiles;
+}
--- a/tests/docker/processes.nix
+++ b/tests/docker/processes.nix
@ -0,0 +1,30 @@
+{ pkgs ? import <nixpkgs> { inherit system; }
+, system ? builtins.currentSystem
+, stateDir ? "/var"
+, runtimeDir ? "${stateDir}/run"
+, logDir ? "${stateDir}/log"
+, spoolDir ? "${stateDir}/spool"
+, cacheDir ? "${stateDir}/cache"
+, libDir ? "${stateDir}/lib"
+, tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
+, forceDisableUserChange ? false
+, processManager
+}:
+
+let
+  constructors = import ../../services-agnostic/constructors.nix {
+    inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir libDir spoolDir forceDisableUserChange processManager;
+  };
+in
+rec {
+  docker = {
+    pkg = constructors.docker {};
+  };
+
+  docker-secondary = rec {
+    pkg = constructors.docker {
+      instanceSuffix = "-secondary";
+      extraArgs = [ "--iptables=false" ]; # Avoids conflicting NAT settings with the primary instances
+    };
+  };
+}