Add option to deployer user service with systemd
This commit is contained in:
parent
5b114573df
commit
27ee798da9
|
@ -45,7 +45,6 @@ makeTest {
|
|||
pkgs.dysnomia
|
||||
tools.build
|
||||
tools.generate-config
|
||||
tools.sysvinit
|
||||
];
|
||||
};
|
||||
|
||||
|
|
|
@ -0,0 +1,127 @@
|
|||
{nixpkgs ? <nixpkgs>}:
|
||||
|
||||
with import "${nixpkgs}/nixos/lib/testing-python.nix" { system = builtins.currentSystem; };
|
||||
|
||||
let
|
||||
processesEnvAuto = import ../nixproc/create-managed-process/systemd/build-systemd-env.nix {
|
||||
exprFile = ../examples/webapps-agnostic/processes.nix;
|
||||
stateDir = "/home/unprivileged/var";
|
||||
forceDisableUserChange = true;
|
||||
};
|
||||
|
||||
processesEnvEmpty = import ../nixproc/create-managed-process/systemd/build-systemd-env.nix {
|
||||
exprFile = ../examples/webapps-agnostic/processes-empty.nix;
|
||||
stateDir = "/home/unprivileged/var";
|
||||
forceDisableUserChange = true;
|
||||
};
|
||||
|
||||
tools = import ../tools {};
|
||||
|
||||
nix-processmgmt = ./..;
|
||||
|
||||
env = "NIX_PATH=nixpkgs=${nixpkgs} XDG_RUNTIME_DIR=/run/user/1000";
|
||||
in
|
||||
makeTest {
|
||||
machine =
|
||||
{pkgs, lib, ...}:
|
||||
|
||||
{
|
||||
virtualisation.pathsInNixDB = [ pkgs.stdenv ] ++ pkgs.coreutils.all ++ [ processesEnvAuto processesEnvEmpty ];
|
||||
virtualisation.writableStore = true;
|
||||
virtualisation.memorySize = 1024;
|
||||
|
||||
# We can't download any substitutes in a test environment. To make tests
|
||||
# faster, we disable substitutes so that Nix does not waste any time by
|
||||
# attempting to download them.
|
||||
nix.extraOptions = ''
|
||||
substitute = false
|
||||
'';
|
||||
|
||||
users.extraUsers = {
|
||||
unprivileged = {
|
||||
uid = 1000;
|
||||
group = "users";
|
||||
shell = "/bin/sh";
|
||||
description = "Unprivileged user";
|
||||
home = "/home/unprivileged";
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
};
|
||||
};
|
||||
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
|
||||
displayManager.lightdm = {
|
||||
enable = true;
|
||||
autoLogin = {
|
||||
enable = true;
|
||||
user = "unprivileged";
|
||||
};
|
||||
};
|
||||
|
||||
# Use IceWM as the window manager.
|
||||
# Don't use a desktop manager.
|
||||
displayManager.defaultSession = lib.mkDefault "none+icewm";
|
||||
windowManager.icewm.enable = true;
|
||||
};
|
||||
|
||||
# lightdm by default doesn't allow auto login for root, which is
|
||||
# required by some nixos tests. Override it here.
|
||||
security.pam.services.lightdm-autologin.text = lib.mkForce ''
|
||||
auth requisite pam_nologin.so
|
||||
auth required pam_succeed_if.so quiet
|
||||
auth required pam_permit.so
|
||||
|
||||
account include lightdm
|
||||
|
||||
password include lightdm
|
||||
|
||||
session include lightdm
|
||||
'';
|
||||
|
||||
environment.systemPackages = [
|
||||
pkgs.stdenv
|
||||
pkgs.dysnomia
|
||||
tools.build
|
||||
tools.systemd
|
||||
];
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
def check_nginx_redirection():
|
||||
machine.succeed(
|
||||
"curl --fail -H 'Host: webapp.local' http://localhost:8080 | grep 'listening on port: 5000'"
|
||||
)
|
||||
|
||||
|
||||
def check_system_unavailable():
|
||||
machine.fail("curl --fail http://localhost:8080")
|
||||
machine.fail("pgrep -f '/bin/webapp'")
|
||||
|
||||
|
||||
start_all()
|
||||
machine.wait_for_unit("display-manager.service")
|
||||
|
||||
machine.succeed('su - unprivileged -c "mkdir -p /home/unprivileged/var"')
|
||||
|
||||
# Deploy the entire system in auto mode. Should result in foreground webapp processes
|
||||
|
||||
machine.succeed(
|
||||
'su - unprivileged -c "${env} nixproc-systemd-switch --user --state-dir /home/unprivileged/var --force-disable-user-change ${nix-processmgmt}/examples/webapps-agnostic/processes.nix"'
|
||||
)
|
||||
|
||||
machine.succeed("sleep 1")
|
||||
machine.succeed("pgrep -u unprivileged -f '/bin/webapp$'")
|
||||
|
||||
check_nginx_redirection()
|
||||
|
||||
# Undeploy the system
|
||||
|
||||
machine.succeed(
|
||||
'su - unprivileged -c "${env} nixproc-systemd-switch --user --state-dir /home/unprivileged/var --force-disable-user-change ${nix-processmgmt}/examples/webapps-agnostic/processes-empty.nix"'
|
||||
)
|
||||
|
||||
check_system_unavailable()
|
||||
'';
|
||||
}
|
|
@ -29,12 +29,14 @@ Options:
|
|||
--extra-params=PARAMS
|
||||
A string with an attribute set in the Nix expression
|
||||
language propagating extra parameters to the input models
|
||||
--user Deploy the units as systemd user services
|
||||
-h, --help Shows the usage of this command
|
||||
|
||||
Environment:
|
||||
NIX_STATE_DIR Overrides the location of the Nix state directory
|
||||
SYSTEMD_TARGET_DIR Directory in which the unit configuration files are
|
||||
managed (defaults to: /etc/systemd/system)
|
||||
managed (defaults to: /etc/systemd/system or
|
||||
~/.config/systemd/user)
|
||||
NIXPROC_STATE_DIR Changes the directory in which the state of the
|
||||
processes is stored
|
||||
NIXPROC_RUNTIME_DIR Changes the directory in which the PID files are stored
|
||||
|
@ -48,7 +50,7 @@ EOF
|
|||
|
||||
# Parse valid argument options
|
||||
|
||||
PARAMS=`@getopt@ -n $0 -o p:o:h -l profile:,old-profile:,state-dir:,runtime-dir:,log-dir:,tmp-dir:,force-disable-user-change,show-trace,extra-params:,help -- "$@"`
|
||||
PARAMS=`@getopt@ -n $0 -o p:o:h -l profile:,old-profile:,state-dir:,runtime-dir:,log-dir:,tmp-dir:,force-disable-user-change,show-trace,extra-params:,user,help -- "$@"`
|
||||
|
||||
if [ $? != 0 ]
|
||||
then
|
||||
|
@ -90,6 +92,10 @@ do
|
|||
--extra-params)
|
||||
extraParamsArg=("--extra-params" "$2")
|
||||
;;
|
||||
--user)
|
||||
systemdUserServices=1
|
||||
systemdUserArg="--user"
|
||||
;;
|
||||
-h|--help)
|
||||
showUsage
|
||||
exit 0
|
||||
|
@ -105,7 +111,13 @@ path="$1"
|
|||
|
||||
# Validate the given options
|
||||
|
||||
SYSTEMD_TARGET_DIR=${SYSTEMD_TARGET_DIR:-/etc/systemd/system}
|
||||
if [ "$systemdUserServices" = "1" ]
|
||||
then
|
||||
SYSTEMD_TARGET_DIR=${SYSTEMD_TARGET_DIR:-~/.config/systemd/user}
|
||||
mkdir -p "$SYSTEMD_TARGET_DIR"
|
||||
else
|
||||
SYSTEMD_TARGET_DIR=${SYSTEMD_TARGET_DIR:-/etc/systemd/system}
|
||||
fi
|
||||
|
||||
source @commonchecks@
|
||||
|
||||
|
@ -151,7 +163,7 @@ then
|
|||
do
|
||||
if ! containsElement "$(readlink -f "$i")" "${newunits[@]}"
|
||||
then
|
||||
systemctl stop "$(basename "$i")"
|
||||
systemctl $systemdUserArg stop "$(basename "$i")"
|
||||
fi
|
||||
done
|
||||
|
||||
|
@ -188,12 +200,12 @@ do
|
|||
done
|
||||
|
||||
# Reload the systemd configuration
|
||||
systemctl daemon-reload
|
||||
systemctl $systemdUserArg daemon-reload
|
||||
|
||||
# Start all units in the new configuration
|
||||
for i in $profilePath/etc/systemd/system/*.service
|
||||
do
|
||||
systemctl start "$(basename "$i")"
|
||||
systemctl $systemdUserArg start "$(basename "$i")"
|
||||
done
|
||||
|
||||
# Delete obsolete users and groups
|
||||
|
|
Loading…
Reference in New Issue