Add basic testcases for Disnix
This commit is contained in:
parent
32e6e10b86
commit
f47e62ed63
|
@ -9,6 +9,7 @@
|
|||
, tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
|
||||
, forceDisableUserChange ? false
|
||||
, processManager
|
||||
, enablePAM ? false
|
||||
}:
|
||||
|
||||
let
|
||||
|
@ -19,9 +20,13 @@ let
|
|||
};
|
||||
in
|
||||
rec {
|
||||
sshd = {
|
||||
sshd = rec {
|
||||
port = 22;
|
||||
|
||||
pkg = constructors.sshd {
|
||||
extraSSHDConfig = ''
|
||||
inherit port;
|
||||
|
||||
extraSSHDConfig = pkgs.lib.optionalString enablePAM ''
|
||||
UsePAM yes
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -9,6 +9,7 @@
|
|||
, tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
|
||||
, forceDisableUserChange ? false
|
||||
, processManager
|
||||
, enablePAM ? false
|
||||
}:
|
||||
|
||||
let
|
||||
|
@ -23,9 +24,13 @@ let
|
|||
};
|
||||
in
|
||||
rec {
|
||||
sshd = {
|
||||
sshd = rec {
|
||||
port = 22;
|
||||
|
||||
pkg = constructors.sshd {
|
||||
extraSSHDConfig = ''
|
||||
inherit port;
|
||||
|
||||
extraSSHDConfig = pkgs.lib.optionalString enablePAM ''
|
||||
UsePAM yes
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -9,6 +9,7 @@
|
|||
, tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
|
||||
, forceDisableUserChange ? false
|
||||
, processManager
|
||||
, enablePAM ? false
|
||||
}:
|
||||
|
||||
let
|
||||
|
@ -23,9 +24,13 @@ let
|
|||
};
|
||||
in
|
||||
rec {
|
||||
sshd = {
|
||||
sshd = rec {
|
||||
port = 22;
|
||||
|
||||
pkg = constructors.sshd {
|
||||
extraSSHDConfig = ''
|
||||
inherit port;
|
||||
|
||||
extraSSHDConfig = pkgs.lib.optionalString enablePAM ''
|
||||
UsePAM yes
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -9,6 +9,7 @@
|
|||
, tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
|
||||
, forceDisableUserChange ? false
|
||||
, processManager
|
||||
, enablePAM ? false
|
||||
}:
|
||||
|
||||
let
|
||||
|
@ -23,9 +24,13 @@ let
|
|||
};
|
||||
in
|
||||
rec {
|
||||
sshd = {
|
||||
sshd = rec {
|
||||
port = 22;
|
||||
|
||||
pkg = constructors.sshd {
|
||||
extraSSHDConfig = ''
|
||||
inherit port;
|
||||
|
||||
extraSSHDConfig = pkgs.lib.optionalString enablePAM ''
|
||||
UsePAM yes
|
||||
'';
|
||||
};
|
||||
|
@ -52,8 +57,12 @@ rec {
|
|||
properties.requiresUniqueIdsFor = [ "uids" "gids" ];
|
||||
};
|
||||
|
||||
apache = {
|
||||
apache = rec {
|
||||
port = 80;
|
||||
|
||||
pkg = constructors.basicAuthReverseProxyApache {
|
||||
inherit port;
|
||||
|
||||
dependency = tomcat;
|
||||
serverAdmin = "admin@localhost";
|
||||
targetProtocol = "ajp";
|
||||
|
|
|
@ -60,7 +60,7 @@ in
|
|||
};
|
||||
|
||||
disnix-service = import ./disnix-service {
|
||||
inherit createManagedProcess processManager nix-processmgmt ids;
|
||||
inherit createManagedProcess nix-processmgmt ids processManager;
|
||||
inherit (pkgs) stdenv lib writeTextFile nix disnix dysnomia inetutils findutils;
|
||||
};
|
||||
|
||||
|
|
|
@ -27,7 +27,10 @@ createManagedProcess {
|
|||
inherit stdenv lib writeTextFile nix-processmgmt processManager dysnomiaProperties dysnomiaContainers containerProviders extraDysnomiaContainersPath processManagerContainerSettings;
|
||||
};
|
||||
daemonExtraArgs = [ "--daemon" ];
|
||||
dependencies = lib.optional (dbus-daemon != null) dbus-daemon.pkg
|
||||
dependencies =
|
||||
# If we use systemd, we should not add dbus-daemon as a dependency. It causes infinite recursion.
|
||||
# Moreover, since D-Bus is already enabled for systemd, there is no reason to wait for it anyway.
|
||||
lib.optional (dbus-daemon != null && processManager != "systemd") dbus-daemon.pkg
|
||||
++ map (containerProvider: containerProvider.pkg) containerProviders;
|
||||
|
||||
credentials = {
|
||||
|
|
|
@ -23,6 +23,22 @@ in
|
|||
inherit pkgs processManagers profiles testService;
|
||||
};
|
||||
|
||||
disnix = import ./disnix/bare {
|
||||
inherit pkgs processManagers profiles testService;
|
||||
};
|
||||
|
||||
disnix-with-apache-mysql = import ./disnix/apache-mysql {
|
||||
inherit pkgs processManagers profiles testService;
|
||||
};
|
||||
|
||||
disnix-with-tomcat-mysql = import ./disnix/tomcat-mysql {
|
||||
inherit pkgs processManagers profiles testService;
|
||||
};
|
||||
|
||||
disnix-with-tomcat-mysql-multi-instance = import ./disnix/tomcat-mysql-multi-instance {
|
||||
inherit pkgs processManagers profiles testService;
|
||||
};
|
||||
|
||||
docker = import ./docker {
|
||||
inherit pkgs processManagers profiles testService;
|
||||
};
|
||||
|
|
|
@ -0,0 +1,45 @@
|
|||
{ pkgs, testService, processManagers, profiles }:
|
||||
|
||||
let
|
||||
env = "NIX_PATH='nixpkgs=${<nixpkgs>}' SSH_OPTS='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' DISNIX_REMOTE_CLIENT=disnix-client";
|
||||
in
|
||||
testService {
|
||||
exprFile = ../../../example-deployments/disnix/processes-with-apache-mysql.nix;
|
||||
systemPackages = [ pkgs.disnix ];
|
||||
|
||||
initialTests = {forceDisableUserChange, ...}:
|
||||
let
|
||||
homeDir = if forceDisableUserChange then "/home/unprivileged" else "/root";
|
||||
in
|
||||
''
|
||||
machine.succeed("cd ${homeDir}")
|
||||
machine.succeed('ssh-keygen -t ecdsa -f key -N ""')
|
||||
machine.succeed("mkdir -m 700 ${homeDir}/.ssh")
|
||||
machine.succeed("cp key.pub ${homeDir}/.ssh/authorized_keys")
|
||||
machine.succeed("chmod 600 ${homeDir}/.ssh/authorized_keys")
|
||||
machine.succeed("cp key ${homeDir}/.ssh/id_dsa")
|
||||
machine.succeed("chmod 600 ${homeDir}/.ssh/id_dsa")
|
||||
'';
|
||||
|
||||
readiness = {instanceName, instance, ...}:
|
||||
pkgs.lib.optionalString (instanceName == "sshd") ''
|
||||
machine.wait_for_open_port(${toString instance.port})
|
||||
'';
|
||||
|
||||
tests = {instanceName, instance, forceDisableUserChange, ...}:
|
||||
pkgs.lib.optionalString (instanceName == "disnix-service") ''
|
||||
machine.succeed(
|
||||
"${env} disnix-capture-infra ${../infra-bootstrap.nix} > infrastructure.nix"
|
||||
)
|
||||
|
||||
# Check if the container services are present
|
||||
machine.succeed("grep 'process = {' infrastructure.nix")
|
||||
machine.succeed("grep 'apache-webapplication = {' infrastructure.nix")
|
||||
machine.succeed("grep 'mysql-database = {' infrastructure.nix")
|
||||
'';
|
||||
|
||||
inherit processManagers;
|
||||
|
||||
# We don't support unprivileged multi-user deployments
|
||||
profiles = builtins.filter (profile: profile == "privileged") profiles;
|
||||
}
|
|
@ -0,0 +1,40 @@
|
|||
{ pkgs, testService, processManagers, profiles }:
|
||||
|
||||
let
|
||||
env = "NIX_PATH='nixpkgs=${<nixpkgs>}' SSH_OPTS='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' DISNIX_REMOTE_CLIENT=disnix-client";
|
||||
in
|
||||
testService {
|
||||
exprFile = ../../../example-deployments/disnix/processes-bare.nix;
|
||||
systemPackages = [ pkgs.disnix ];
|
||||
|
||||
initialTests = {forceDisableUserChange, ...}:
|
||||
let
|
||||
homeDir = if forceDisableUserChange then "/home/unprivileged" else "/root";
|
||||
in
|
||||
''
|
||||
machine.succeed("cd ${homeDir}")
|
||||
machine.succeed('ssh-keygen -t ecdsa -f key -N ""')
|
||||
machine.succeed("mkdir -m 700 ${homeDir}/.ssh")
|
||||
machine.succeed("cp key.pub ${homeDir}/.ssh/authorized_keys")
|
||||
machine.succeed("chmod 600 ${homeDir}/.ssh/authorized_keys")
|
||||
machine.succeed("cp key ${homeDir}/.ssh/id_dsa")
|
||||
machine.succeed("chmod 600 ${homeDir}/.ssh/id_dsa")
|
||||
'';
|
||||
|
||||
readiness = {instanceName, instance, ...}:
|
||||
pkgs.lib.optionalString (instanceName == "sshd") ''
|
||||
machine.wait_for_open_port(${toString instance.port})
|
||||
'';
|
||||
|
||||
tests = {instanceName, instance, forceDisableUserChange, ...}:
|
||||
pkgs.lib.optionalString (instanceName == "disnix-service") ''
|
||||
machine.succeed(
|
||||
"${env} disnix-capture-infra ${../infra-bootstrap.nix} | grep 'process = {'"
|
||||
)
|
||||
'';
|
||||
|
||||
inherit processManagers;
|
||||
|
||||
# We don't support unprivileged multi-user deployments
|
||||
profiles = builtins.filter (profile: profile == "privileged") profiles;
|
||||
}
|
|
@ -0,0 +1,3 @@
|
|||
{
|
||||
localhost.properties.hostname = "localhost";
|
||||
}
|
|
@ -0,0 +1,47 @@
|
|||
{ pkgs, testService, processManagers, profiles }:
|
||||
|
||||
let
|
||||
env = "NIX_PATH='nixpkgs=${<nixpkgs>}' SSH_OPTS='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' DISNIX_REMOTE_CLIENT=disnix-client";
|
||||
in
|
||||
testService {
|
||||
exprFile = ../../../example-deployments/disnix/processes-with-tomcat-mysql-multi-instance.nix;
|
||||
systemPackages = [ pkgs.disnix ];
|
||||
|
||||
initialTests = {forceDisableUserChange, ...}:
|
||||
let
|
||||
homeDir = if forceDisableUserChange then "/home/unprivileged" else "/root";
|
||||
in
|
||||
''
|
||||
machine.succeed("cd ${homeDir}")
|
||||
machine.succeed('ssh-keygen -t ecdsa -f key -N ""')
|
||||
machine.succeed("mkdir -m 700 ${homeDir}/.ssh")
|
||||
machine.succeed("cp key.pub ${homeDir}/.ssh/authorized_keys")
|
||||
machine.succeed("chmod 600 ${homeDir}/.ssh/authorized_keys")
|
||||
machine.succeed("cp key ${homeDir}/.ssh/id_dsa")
|
||||
machine.succeed("chmod 600 ${homeDir}/.ssh/id_dsa")
|
||||
'';
|
||||
|
||||
readiness = {instanceName, instance, ...}:
|
||||
pkgs.lib.optionalString (instanceName == "sshd") ''
|
||||
machine.wait_for_open_port(${toString instance.port})
|
||||
'';
|
||||
|
||||
tests = {instanceName, instance, forceDisableUserChange, ...}:
|
||||
pkgs.lib.optionalString (instanceName == "disnix-service") ''
|
||||
machine.succeed(
|
||||
"${env} disnix-capture-infra ${../infra-bootstrap.nix} > infrastructure.nix"
|
||||
)
|
||||
|
||||
# Check if the container services are present
|
||||
machine.succeed("grep 'process = {' infrastructure.nix")
|
||||
machine.succeed("grep 'tomcat-webapplication-primary = {' infrastructure.nix")
|
||||
machine.succeed("grep 'tomcat-webapplication-secondary = {' infrastructure.nix")
|
||||
machine.succeed("grep 'mysql-database-primary = {' infrastructure.nix")
|
||||
machine.succeed("grep 'mysql-database-secondary = {' infrastructure.nix")
|
||||
'';
|
||||
|
||||
inherit processManagers;
|
||||
|
||||
# We don't support unprivileged multi-user deployments
|
||||
profiles = builtins.filter (profile: profile == "privileged") profiles;
|
||||
}
|
|
@ -0,0 +1,31 @@
|
|||
{ pkgs, testService, processManagers, profiles }:
|
||||
|
||||
let
|
||||
env = "NIX_PATH='nixpkgs=${<nixpkgs>}' DISNIX_CLIENT_INTERFACE=disnix-soap-client DISNIX_TARGET_PROPERTY=targetEPR DISNIX_SOAP_CLIENT_USERNAME=admin DISNIX_SOAP_CLIENT_PASSWORD=secret";
|
||||
in
|
||||
testService {
|
||||
exprFile = ../../../example-deployments/disnix/processes-with-tomcat-mysql.nix;
|
||||
systemPackages = [ pkgs.disnix pkgs.DisnixWebService ];
|
||||
|
||||
readiness = {instanceName, instance, ...}:
|
||||
pkgs.lib.optionalString (instanceName == "sshd" || instanceName == "apache") ''
|
||||
machine.wait_for_open_port(${toString instance.port})
|
||||
'';
|
||||
|
||||
tests = {instanceName, instance, forceDisableUserChange, ...}:
|
||||
pkgs.lib.optionalString (instanceName == "disnix-service") ''
|
||||
machine.succeed(
|
||||
"${env} disnix-capture-infra ${./infra-bootstrap.nix} > infrastructure.nix"
|
||||
)
|
||||
|
||||
# Check if the container services are present
|
||||
machine.succeed("grep 'process = {' infrastructure.nix")
|
||||
machine.succeed("grep 'tomcat-webapplication = {' infrastructure.nix")
|
||||
machine.succeed("grep 'mysql-database = {' infrastructure.nix")
|
||||
'';
|
||||
|
||||
inherit processManagers;
|
||||
|
||||
# We don't support unprivileged multi-user deployments
|
||||
profiles = builtins.filter (profile: profile == "privileged") profiles;
|
||||
}
|
|
@ -0,0 +1,3 @@
|
|||
{
|
||||
localhost.properties.targetEPR = "http://localhost/DisnixWebService/services/DisnixWebService";
|
||||
}
|
Loading…
Reference in New Issue