diff --git a/services-agnostic/constructors.nix b/services-agnostic/constructors.nix index 7e7c646..291455c 100644 --- a/services-agnostic/constructors.nix +++ b/services-agnostic/constructors.nix @@ -63,7 +63,7 @@ in }; docker = import ./docker { - inherit createManagedProcess; + inherit createManagedProcess runtimeDir libDir; inherit (pkgs) docker kmod; }; diff --git a/services-agnostic/docker/default.nix b/services-agnostic/docker/default.nix index 16e3f13..c98cc2d 100644 --- a/services-agnostic/docker/default.nix +++ b/services-agnostic/docker/default.nix @@ -1,13 +1,23 @@ -{createManagedProcess, docker, kmod}: +{createManagedProcess, docker, kmod, runtimeDir, libDir}: +{instanceSuffix ? "", instanceName ? "docker${instanceSuffix}", extraArgs ? []}: let - user = "docker"; - group = "docker"; + user = instanceName; + group = instanceName; in createManagedProcess { - name = "docker"; + inherit instanceName; foregroundProcess = "${docker}/bin/dockerd"; - args = [ "--group=${group}" "--host=unix://" "--log-driver=json-file" ]; + args = [ + "--group=${group}" + "--host=unix://${runtimeDir}/${instanceName}.sock" + # Add -alt suffix. We only need PID files for the backends that requires processes to daemonize on their own. + # The `daemon` command will create PID files for them. Without the -alt suffix they will conflict causing the Docker daemon to refuse to start. + "--pidfile=${runtimeDir}/${instanceName}-alt.pid" + "--data-root=${libDir}/${instanceName}" + "--exec-root=${runtimeDir}/${instanceName}" + "--log-driver=json-file" + ] ++ extraArgs; path = [ kmod ]; credentials = { diff --git a/tests/default.nix b/tests/default.nix index fc46fe4..a01d118 100644 --- a/tests/default.nix +++ b/tests/default.nix @@ -23,6 +23,10 @@ in inherit pkgs processManagers profiles testService; }; + docker = import ./docker { + inherit pkgs processManagers profiles testService; + }; + influxdb = import ./influxdb { inherit pkgs processManagers profiles testService; }; diff --git a/tests/docker/default.nix b/tests/docker/default.nix new file mode 100644 index 0000000..e68dd08 --- /dev/null +++ b/tests/docker/default.nix @@ -0,0 +1,26 @@ +{ pkgs, testService, processManagers, profiles }: + +testService { + exprFile = ./processes.nix; + systemPackages = [ pkgs.docker ]; + + readiness = {instanceName, instance, runtimeDir, ...}: + '' + machine.wait_for_file("${runtimeDir}/${instanceName}.sock") + ''; + + tests = {instanceName, instance, stateDir, runtimeDir, forceDisableUserChange, ...}: + # The primary instance should be connectible with the default parameters + if instanceName == "docker" && !forceDisableUserChange then '' + machine.succeed("docker info | grep 'Docker Root Dir: ${stateDir}/lib/${instanceName}'") + '' else '' + machine.succeed( + "docker --host=unix://${runtimeDir}/${instanceName}.sock info | grep 'Docker Root Dir: ${stateDir}/lib/${instanceName}'" + ) + ''; + + inherit processManagers; + + # There's an experimental rootless feature for Docker, but a hassle to setup. As a result, we disable unprivileged mode + profiles = builtins.filter (profile: profile == "privileged") profiles; +} diff --git a/tests/docker/processes.nix b/tests/docker/processes.nix new file mode 100644 index 0000000..4f839e7 --- /dev/null +++ b/tests/docker/processes.nix @@ -0,0 +1,30 @@ +{ pkgs ? import { inherit system; } +, system ? builtins.currentSystem +, stateDir ? "/var" +, runtimeDir ? "${stateDir}/run" +, logDir ? "${stateDir}/log" +, spoolDir ? "${stateDir}/spool" +, cacheDir ? "${stateDir}/cache" +, libDir ? "${stateDir}/lib" +, tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp") +, forceDisableUserChange ? false +, processManager +}: + +let + constructors = import ../../services-agnostic/constructors.nix { + inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir libDir spoolDir forceDisableUserChange processManager; + }; +in +rec { + docker = { + pkg = constructors.docker {}; + }; + + docker-secondary = rec { + pkg = constructors.docker { + instanceSuffix = "-secondary"; + extraArgs = [ "--iptables=false" ]; # Avoids conflicting NAT settings with the primary instances + }; + }; +}