Add basic testcases for Disnix
This commit is contained in:
parent
32e6e10b86
commit
f47e62ed63
|
@ -9,6 +9,7 @@
|
||||||
, tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
|
, tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
|
||||||
, forceDisableUserChange ? false
|
, forceDisableUserChange ? false
|
||||||
, processManager
|
, processManager
|
||||||
|
, enablePAM ? false
|
||||||
}:
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
|
@ -19,9 +20,13 @@ let
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
rec {
|
rec {
|
||||||
sshd = {
|
sshd = rec {
|
||||||
|
port = 22;
|
||||||
|
|
||||||
pkg = constructors.sshd {
|
pkg = constructors.sshd {
|
||||||
extraSSHDConfig = ''
|
inherit port;
|
||||||
|
|
||||||
|
extraSSHDConfig = pkgs.lib.optionalString enablePAM ''
|
||||||
UsePAM yes
|
UsePAM yes
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
@ -9,6 +9,7 @@
|
||||||
, tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
|
, tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
|
||||||
, forceDisableUserChange ? false
|
, forceDisableUserChange ? false
|
||||||
, processManager
|
, processManager
|
||||||
|
, enablePAM ? false
|
||||||
}:
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
|
@ -23,9 +24,13 @@ let
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
rec {
|
rec {
|
||||||
sshd = {
|
sshd = rec {
|
||||||
|
port = 22;
|
||||||
|
|
||||||
pkg = constructors.sshd {
|
pkg = constructors.sshd {
|
||||||
extraSSHDConfig = ''
|
inherit port;
|
||||||
|
|
||||||
|
extraSSHDConfig = pkgs.lib.optionalString enablePAM ''
|
||||||
UsePAM yes
|
UsePAM yes
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
@ -9,6 +9,7 @@
|
||||||
, tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
|
, tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
|
||||||
, forceDisableUserChange ? false
|
, forceDisableUserChange ? false
|
||||||
, processManager
|
, processManager
|
||||||
|
, enablePAM ? false
|
||||||
}:
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
|
@ -23,9 +24,13 @@ let
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
rec {
|
rec {
|
||||||
sshd = {
|
sshd = rec {
|
||||||
|
port = 22;
|
||||||
|
|
||||||
pkg = constructors.sshd {
|
pkg = constructors.sshd {
|
||||||
extraSSHDConfig = ''
|
inherit port;
|
||||||
|
|
||||||
|
extraSSHDConfig = pkgs.lib.optionalString enablePAM ''
|
||||||
UsePAM yes
|
UsePAM yes
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
@ -9,6 +9,7 @@
|
||||||
, tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
|
, tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
|
||||||
, forceDisableUserChange ? false
|
, forceDisableUserChange ? false
|
||||||
, processManager
|
, processManager
|
||||||
|
, enablePAM ? false
|
||||||
}:
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
|
@ -23,9 +24,13 @@ let
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
rec {
|
rec {
|
||||||
sshd = {
|
sshd = rec {
|
||||||
|
port = 22;
|
||||||
|
|
||||||
pkg = constructors.sshd {
|
pkg = constructors.sshd {
|
||||||
extraSSHDConfig = ''
|
inherit port;
|
||||||
|
|
||||||
|
extraSSHDConfig = pkgs.lib.optionalString enablePAM ''
|
||||||
UsePAM yes
|
UsePAM yes
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -52,8 +57,12 @@ rec {
|
||||||
properties.requiresUniqueIdsFor = [ "uids" "gids" ];
|
properties.requiresUniqueIdsFor = [ "uids" "gids" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
apache = {
|
apache = rec {
|
||||||
|
port = 80;
|
||||||
|
|
||||||
pkg = constructors.basicAuthReverseProxyApache {
|
pkg = constructors.basicAuthReverseProxyApache {
|
||||||
|
inherit port;
|
||||||
|
|
||||||
dependency = tomcat;
|
dependency = tomcat;
|
||||||
serverAdmin = "admin@localhost";
|
serverAdmin = "admin@localhost";
|
||||||
targetProtocol = "ajp";
|
targetProtocol = "ajp";
|
||||||
|
|
|
@ -60,7 +60,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
disnix-service = import ./disnix-service {
|
disnix-service = import ./disnix-service {
|
||||||
inherit createManagedProcess processManager nix-processmgmt ids;
|
inherit createManagedProcess nix-processmgmt ids processManager;
|
||||||
inherit (pkgs) stdenv lib writeTextFile nix disnix dysnomia inetutils findutils;
|
inherit (pkgs) stdenv lib writeTextFile nix disnix dysnomia inetutils findutils;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -27,7 +27,10 @@ createManagedProcess {
|
||||||
inherit stdenv lib writeTextFile nix-processmgmt processManager dysnomiaProperties dysnomiaContainers containerProviders extraDysnomiaContainersPath processManagerContainerSettings;
|
inherit stdenv lib writeTextFile nix-processmgmt processManager dysnomiaProperties dysnomiaContainers containerProviders extraDysnomiaContainersPath processManagerContainerSettings;
|
||||||
};
|
};
|
||||||
daemonExtraArgs = [ "--daemon" ];
|
daemonExtraArgs = [ "--daemon" ];
|
||||||
dependencies = lib.optional (dbus-daemon != null) dbus-daemon.pkg
|
dependencies =
|
||||||
|
# If we use systemd, we should not add dbus-daemon as a dependency. It causes infinite recursion.
|
||||||
|
# Moreover, since D-Bus is already enabled for systemd, there is no reason to wait for it anyway.
|
||||||
|
lib.optional (dbus-daemon != null && processManager != "systemd") dbus-daemon.pkg
|
||||||
++ map (containerProvider: containerProvider.pkg) containerProviders;
|
++ map (containerProvider: containerProvider.pkg) containerProviders;
|
||||||
|
|
||||||
credentials = {
|
credentials = {
|
||||||
|
|
|
@ -23,6 +23,22 @@ in
|
||||||
inherit pkgs processManagers profiles testService;
|
inherit pkgs processManagers profiles testService;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
disnix = import ./disnix/bare {
|
||||||
|
inherit pkgs processManagers profiles testService;
|
||||||
|
};
|
||||||
|
|
||||||
|
disnix-with-apache-mysql = import ./disnix/apache-mysql {
|
||||||
|
inherit pkgs processManagers profiles testService;
|
||||||
|
};
|
||||||
|
|
||||||
|
disnix-with-tomcat-mysql = import ./disnix/tomcat-mysql {
|
||||||
|
inherit pkgs processManagers profiles testService;
|
||||||
|
};
|
||||||
|
|
||||||
|
disnix-with-tomcat-mysql-multi-instance = import ./disnix/tomcat-mysql-multi-instance {
|
||||||
|
inherit pkgs processManagers profiles testService;
|
||||||
|
};
|
||||||
|
|
||||||
docker = import ./docker {
|
docker = import ./docker {
|
||||||
inherit pkgs processManagers profiles testService;
|
inherit pkgs processManagers profiles testService;
|
||||||
};
|
};
|
||||||
|
|
|
@ -0,0 +1,45 @@
|
||||||
|
{ pkgs, testService, processManagers, profiles }:
|
||||||
|
|
||||||
|
let
|
||||||
|
env = "NIX_PATH='nixpkgs=${<nixpkgs>}' SSH_OPTS='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' DISNIX_REMOTE_CLIENT=disnix-client";
|
||||||
|
in
|
||||||
|
testService {
|
||||||
|
exprFile = ../../../example-deployments/disnix/processes-with-apache-mysql.nix;
|
||||||
|
systemPackages = [ pkgs.disnix ];
|
||||||
|
|
||||||
|
initialTests = {forceDisableUserChange, ...}:
|
||||||
|
let
|
||||||
|
homeDir = if forceDisableUserChange then "/home/unprivileged" else "/root";
|
||||||
|
in
|
||||||
|
''
|
||||||
|
machine.succeed("cd ${homeDir}")
|
||||||
|
machine.succeed('ssh-keygen -t ecdsa -f key -N ""')
|
||||||
|
machine.succeed("mkdir -m 700 ${homeDir}/.ssh")
|
||||||
|
machine.succeed("cp key.pub ${homeDir}/.ssh/authorized_keys")
|
||||||
|
machine.succeed("chmod 600 ${homeDir}/.ssh/authorized_keys")
|
||||||
|
machine.succeed("cp key ${homeDir}/.ssh/id_dsa")
|
||||||
|
machine.succeed("chmod 600 ${homeDir}/.ssh/id_dsa")
|
||||||
|
'';
|
||||||
|
|
||||||
|
readiness = {instanceName, instance, ...}:
|
||||||
|
pkgs.lib.optionalString (instanceName == "sshd") ''
|
||||||
|
machine.wait_for_open_port(${toString instance.port})
|
||||||
|
'';
|
||||||
|
|
||||||
|
tests = {instanceName, instance, forceDisableUserChange, ...}:
|
||||||
|
pkgs.lib.optionalString (instanceName == "disnix-service") ''
|
||||||
|
machine.succeed(
|
||||||
|
"${env} disnix-capture-infra ${../infra-bootstrap.nix} > infrastructure.nix"
|
||||||
|
)
|
||||||
|
|
||||||
|
# Check if the container services are present
|
||||||
|
machine.succeed("grep 'process = {' infrastructure.nix")
|
||||||
|
machine.succeed("grep 'apache-webapplication = {' infrastructure.nix")
|
||||||
|
machine.succeed("grep 'mysql-database = {' infrastructure.nix")
|
||||||
|
'';
|
||||||
|
|
||||||
|
inherit processManagers;
|
||||||
|
|
||||||
|
# We don't support unprivileged multi-user deployments
|
||||||
|
profiles = builtins.filter (profile: profile == "privileged") profiles;
|
||||||
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
{ pkgs, testService, processManagers, profiles }:
|
||||||
|
|
||||||
|
let
|
||||||
|
env = "NIX_PATH='nixpkgs=${<nixpkgs>}' SSH_OPTS='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' DISNIX_REMOTE_CLIENT=disnix-client";
|
||||||
|
in
|
||||||
|
testService {
|
||||||
|
exprFile = ../../../example-deployments/disnix/processes-bare.nix;
|
||||||
|
systemPackages = [ pkgs.disnix ];
|
||||||
|
|
||||||
|
initialTests = {forceDisableUserChange, ...}:
|
||||||
|
let
|
||||||
|
homeDir = if forceDisableUserChange then "/home/unprivileged" else "/root";
|
||||||
|
in
|
||||||
|
''
|
||||||
|
machine.succeed("cd ${homeDir}")
|
||||||
|
machine.succeed('ssh-keygen -t ecdsa -f key -N ""')
|
||||||
|
machine.succeed("mkdir -m 700 ${homeDir}/.ssh")
|
||||||
|
machine.succeed("cp key.pub ${homeDir}/.ssh/authorized_keys")
|
||||||
|
machine.succeed("chmod 600 ${homeDir}/.ssh/authorized_keys")
|
||||||
|
machine.succeed("cp key ${homeDir}/.ssh/id_dsa")
|
||||||
|
machine.succeed("chmod 600 ${homeDir}/.ssh/id_dsa")
|
||||||
|
'';
|
||||||
|
|
||||||
|
readiness = {instanceName, instance, ...}:
|
||||||
|
pkgs.lib.optionalString (instanceName == "sshd") ''
|
||||||
|
machine.wait_for_open_port(${toString instance.port})
|
||||||
|
'';
|
||||||
|
|
||||||
|
tests = {instanceName, instance, forceDisableUserChange, ...}:
|
||||||
|
pkgs.lib.optionalString (instanceName == "disnix-service") ''
|
||||||
|
machine.succeed(
|
||||||
|
"${env} disnix-capture-infra ${../infra-bootstrap.nix} | grep 'process = {'"
|
||||||
|
)
|
||||||
|
'';
|
||||||
|
|
||||||
|
inherit processManagers;
|
||||||
|
|
||||||
|
# We don't support unprivileged multi-user deployments
|
||||||
|
profiles = builtins.filter (profile: profile == "privileged") profiles;
|
||||||
|
}
|
|
@ -0,0 +1,3 @@
|
||||||
|
{
|
||||||
|
localhost.properties.hostname = "localhost";
|
||||||
|
}
|
|
@ -0,0 +1,47 @@
|
||||||
|
{ pkgs, testService, processManagers, profiles }:
|
||||||
|
|
||||||
|
let
|
||||||
|
env = "NIX_PATH='nixpkgs=${<nixpkgs>}' SSH_OPTS='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' DISNIX_REMOTE_CLIENT=disnix-client";
|
||||||
|
in
|
||||||
|
testService {
|
||||||
|
exprFile = ../../../example-deployments/disnix/processes-with-tomcat-mysql-multi-instance.nix;
|
||||||
|
systemPackages = [ pkgs.disnix ];
|
||||||
|
|
||||||
|
initialTests = {forceDisableUserChange, ...}:
|
||||||
|
let
|
||||||
|
homeDir = if forceDisableUserChange then "/home/unprivileged" else "/root";
|
||||||
|
in
|
||||||
|
''
|
||||||
|
machine.succeed("cd ${homeDir}")
|
||||||
|
machine.succeed('ssh-keygen -t ecdsa -f key -N ""')
|
||||||
|
machine.succeed("mkdir -m 700 ${homeDir}/.ssh")
|
||||||
|
machine.succeed("cp key.pub ${homeDir}/.ssh/authorized_keys")
|
||||||
|
machine.succeed("chmod 600 ${homeDir}/.ssh/authorized_keys")
|
||||||
|
machine.succeed("cp key ${homeDir}/.ssh/id_dsa")
|
||||||
|
machine.succeed("chmod 600 ${homeDir}/.ssh/id_dsa")
|
||||||
|
'';
|
||||||
|
|
||||||
|
readiness = {instanceName, instance, ...}:
|
||||||
|
pkgs.lib.optionalString (instanceName == "sshd") ''
|
||||||
|
machine.wait_for_open_port(${toString instance.port})
|
||||||
|
'';
|
||||||
|
|
||||||
|
tests = {instanceName, instance, forceDisableUserChange, ...}:
|
||||||
|
pkgs.lib.optionalString (instanceName == "disnix-service") ''
|
||||||
|
machine.succeed(
|
||||||
|
"${env} disnix-capture-infra ${../infra-bootstrap.nix} > infrastructure.nix"
|
||||||
|
)
|
||||||
|
|
||||||
|
# Check if the container services are present
|
||||||
|
machine.succeed("grep 'process = {' infrastructure.nix")
|
||||||
|
machine.succeed("grep 'tomcat-webapplication-primary = {' infrastructure.nix")
|
||||||
|
machine.succeed("grep 'tomcat-webapplication-secondary = {' infrastructure.nix")
|
||||||
|
machine.succeed("grep 'mysql-database-primary = {' infrastructure.nix")
|
||||||
|
machine.succeed("grep 'mysql-database-secondary = {' infrastructure.nix")
|
||||||
|
'';
|
||||||
|
|
||||||
|
inherit processManagers;
|
||||||
|
|
||||||
|
# We don't support unprivileged multi-user deployments
|
||||||
|
profiles = builtins.filter (profile: profile == "privileged") profiles;
|
||||||
|
}
|
|
@ -0,0 +1,31 @@
|
||||||
|
{ pkgs, testService, processManagers, profiles }:
|
||||||
|
|
||||||
|
let
|
||||||
|
env = "NIX_PATH='nixpkgs=${<nixpkgs>}' DISNIX_CLIENT_INTERFACE=disnix-soap-client DISNIX_TARGET_PROPERTY=targetEPR DISNIX_SOAP_CLIENT_USERNAME=admin DISNIX_SOAP_CLIENT_PASSWORD=secret";
|
||||||
|
in
|
||||||
|
testService {
|
||||||
|
exprFile = ../../../example-deployments/disnix/processes-with-tomcat-mysql.nix;
|
||||||
|
systemPackages = [ pkgs.disnix pkgs.DisnixWebService ];
|
||||||
|
|
||||||
|
readiness = {instanceName, instance, ...}:
|
||||||
|
pkgs.lib.optionalString (instanceName == "sshd" || instanceName == "apache") ''
|
||||||
|
machine.wait_for_open_port(${toString instance.port})
|
||||||
|
'';
|
||||||
|
|
||||||
|
tests = {instanceName, instance, forceDisableUserChange, ...}:
|
||||||
|
pkgs.lib.optionalString (instanceName == "disnix-service") ''
|
||||||
|
machine.succeed(
|
||||||
|
"${env} disnix-capture-infra ${./infra-bootstrap.nix} > infrastructure.nix"
|
||||||
|
)
|
||||||
|
|
||||||
|
# Check if the container services are present
|
||||||
|
machine.succeed("grep 'process = {' infrastructure.nix")
|
||||||
|
machine.succeed("grep 'tomcat-webapplication = {' infrastructure.nix")
|
||||||
|
machine.succeed("grep 'mysql-database = {' infrastructure.nix")
|
||||||
|
'';
|
||||||
|
|
||||||
|
inherit processManagers;
|
||||||
|
|
||||||
|
# We don't support unprivileged multi-user deployments
|
||||||
|
profiles = builtins.filter (profile: profile == "privileged") profiles;
|
||||||
|
}
|
|
@ -0,0 +1,3 @@
|
||||||
|
{
|
||||||
|
localhost.properties.targetEPR = "http://localhost/DisnixWebService/services/DisnixWebService";
|
||||||
|
}
|
Loading…
Reference in New Issue