Add Disnix testcases, fix loading unprivileged daemons

nixproc/create-managed-process/agnostic/generate-process-script.nix

@@ -31,14 +31,14 @@ let
   _path = basePackages ++ [ daemonPkg ] ++ path;
 
   _environment = {
-    PATH = builtins.concatStringsSep ":" (map(package: "${package}/bin" ) _path);
+    PATH = builtins.concatStringsSep ":" (map (package: "${package}/bin") _path) + ":$PATH";
   } // environment;
 
   _pidFile =
     if pidFile == null
       then if instanceName == null
         then null
-        else if user == null || user == "root" || forceDisableUserChange
+        else if user == null || user == "root"
           then "${runtimeDir}/${instanceName}.pid"
           else "${tmpDir}/${instanceName}.pid"
     else pidFile;
@@ -59,7 +59,7 @@ createProcessScript (stdenv.lib.recursiveUpdate ({
           value = builtins.getAttr name _environment;
         in
         ''
-          export ${name}=${stdenv.lib.escapeShellArg value}
+          export ${name}=${if name == "PATH" then value else stdenv.lib.escapeShellArg value}
         ''
       ) (builtins.attrNames _environment)
     + stdenv.lib.optionalString (umask != null) ''

nixproc/create-managed-process/disnix/build-disnix-env.nix

@@ -6,7 +6,7 @@
 , tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
 , forceDisableUserChange ? false
 , clientInterface ? (if builtins.getEnv "DISNIX_CLIENT_INTERFACE" == "" then "disnix-run-activity" else builtins.getEnv "DISNIX_CLIENT_INTERFACE")
-, disnixPath ? (if builtins.getEnv "DISNIX_PATH" == "" then throw "Set DISNIX_PATH to the data directory of Disnix" else builtins.getEnv "DISNIX_PATH")
+, disnixDataDir ? (if builtins.getEnv "DISNIX_DATA_DIR" == "" then throw "Set DISNIX_DATA_DIR to the data directory of Disnix" else builtins.getEnv "DISNIX_DATA_DIR")
 , extraParams ? {}
 , exprFile
 }@args:
@@ -46,7 +46,7 @@ let
       inherit services;
     };
 
-  manifest = import "${disnixPath}/manifest.nix";
+  manifest = import "${disnixDataDir}/manifest.nix";
 in
 manifest.generateManifestFromArchitectureFun {
   inherit pkgs clientInterface architectureFun;

tests/webapps-agnostic-disnix.nix

@@ -0,0 +1,173 @@
+{nixpkgs ? <nixpkgs>}:
+
+with import "${nixpkgs}/nixos/lib/testing-python.nix" { system = builtins.currentSystem; };
+
+let
+  disnixDataDir = "${pkgs.disnix}/share/disnix";
+
+  processesEnvForeground = import ../nixproc/create-managed-process/disnix/build-disnix-env.nix {
+    inherit disnixDataDir;
+    exprFile = ../examples/webapps-agnostic/processes.nix;
+    extraParams = {
+      webappMode = "foreground";
+    };
+  };
+
+  processesEnvDaemon = import ../nixproc/create-managed-process/disnix/build-disnix-env.nix {
+    inherit disnixDataDir;
+    exprFile = ../examples/webapps-agnostic/processes.nix;
+    extraParams = {
+      webappMode = "daemon";
+    };
+  };
+
+  processesEnvAuto = import ../nixproc/create-managed-process/disnix/build-disnix-env.nix {
+    inherit disnixDataDir;
+    exprFile = ../examples/webapps-agnostic/processes.nix;
+  };
+
+  processesEnvAdvanced = import ../nixproc/create-managed-process/disnix/build-disnix-env.nix {
+    inherit disnixDataDir;
+    exprFile = ../examples/webapps-agnostic/processes-advanced.nix;
+  };
+
+  processesEnvNoUserChange = import ../nixproc/create-managed-process/disnix/build-disnix-env.nix {
+    inherit disnixDataDir;
+    exprFile = ../examples/webapps-agnostic/processes.nix;
+    forceDisableUserChange = true;
+  };
+
+  processesEnvEmpty = import ../nixproc/create-managed-process/disnix/build-disnix-env.nix {
+    inherit disnixDataDir;
+    exprFile = ../examples/webapps-agnostic/processes-empty.nix;
+  };
+
+  tools = import ../tools {};
+
+  nix-processmgmt = ./..;
+
+  env = "NIX_PATH=nixpkgs=${nixpkgs} DISNIX_DATA_DIR=${disnixDataDir}";
+in
+makeTest {
+  machine =
+    {pkgs, ...}:
+
+    {
+      virtualisation.pathsInNixDB = [ pkgs.stdenv ] ++ pkgs.coreutils.all ++ [ processesEnvForeground processesEnvDaemon processesEnvAuto processesEnvAdvanced processesEnvNoUserChange processesEnvEmpty ];
+      virtualisation.writableStore = true;
+      virtualisation.memorySize = 1024;
+
+      users.extraUsers = {
+        unprivileged = {
+          uid = 1000;
+          group = "users";
+          shell = "/bin/sh";
+          description = "Unprivileged user";
+          home = "/home/unprivileged";
+          createHome = true;
+        };
+      };
+
+      # We can't download any substitutes in a test environment. To make tests
+      # faster, we disable substitutes so that Nix does not waste any time by
+      # attempting to download them.
+      nix.extraOptions = ''
+        substitute = false
+      '';
+
+      environment.systemPackages = [
+        pkgs.stdenv
+        pkgs.dysnomia
+        pkgs.disnix
+        tools.build
+        tools.systemd
+        tools.disnix
+      ];
+    };
+
+  testScript = ''
+    def check_nginx_redirection():
+        machine.succeed(
+            "curl --fail -H 'Host: webapp.local' http://localhost:8080 | grep 'listening on port: 5000'"
+        )
+
+
+    def check_system_unavailable():
+        machine.fail("curl --fail http://localhost:8080")
+        machine.fail("pgrep -f '/bin/webapp'")
+
+
+    def check_nginx_multi_instance_redirection():
+        machine.succeed(
+            "curl --fail -H 'Host: webapp1.local' http://localhost:8080 | grep 'listening on port: 5000'"
+        )
+        machine.succeed(
+            "curl --fail -H 'Host: webapp5.local' http://localhost:8081 | grep 'listening on port: 6002'"
+        )
+
+
+    start_all()
+
+    # Deploy the system with foreground webapp processes
+
+    machine.succeed(
+        '${env} nixproc-disnix-switch ${nix-processmgmt}/examples/webapps-agnostic/processes.nix --extra-params \'{ "webappMode" = "foreground"; }\'${""}'
+    )
+
+    machine.succeed("sleep 1")
+    machine.succeed("pgrep -u webapp -f '/bin/webapp$'")
+
+    check_nginx_redirection()
+
+    # Deploy the system with daemon webapp processes
+
+    machine.succeed(
+        '${env} nixproc-disnix-switch ${nix-processmgmt}/examples/webapps-agnostic/processes.nix --extra-params \'{ "webappMode" = "daemon"; }\'${""}'
+    )
+
+    machine.succeed("sleep 1")
+    machine.succeed("pgrep -u webapp -f '/bin/webapp -D$'")
+
+    check_nginx_redirection()
+
+    # Deploy the entire system in auto mode. Should result in daemon webapp processes
+
+    machine.succeed(
+        "${env} nixproc-disnix-switch ${nix-processmgmt}/examples/webapps-agnostic/processes.nix"
+    )
+
+    machine.succeed("sleep 1")
+    machine.succeed("pgrep -u webapp -f '/bin/webapp -D$'")
+
+    check_nginx_redirection()
+
+    # Deploy the advanced example with multiple instances and see if it works
+
+    machine.succeed(
+        "${env} nixproc-disnix-switch ${nix-processmgmt}/examples/webapps-agnostic/processes-advanced.nix"
+    )
+
+    machine.succeed("sleep 1")
+
+    check_nginx_multi_instance_redirection()
+
+    # Deploy an instance without changing user privileges
+
+    machine.succeed(
+        "${env} nixproc-disnix-switch ${nix-processmgmt}/examples/webapps-agnostic/processes.nix --force-disable-user-change"
+    )
+
+    machine.succeed("sleep 1")
+    machine.succeed("pgrep -u root -f '/bin/webapp -D$'")
+
+    check_nginx_redirection()
+
+    # Undeploy the system
+
+    machine.succeed(
+        "${env} nixproc-disnix-switch ${nix-processmgmt}/examples/webapps-agnostic/processes-empty.nix"
+    )
+
+    check_system_unavailable()
+  '';
+}

tools/disnix/nixproc-disnix-switch.in

@@ -107,7 +107,7 @@ checkNixStateDir
 checkProfile
 
 # Determine the Disnix data directory from the executable
-export DISNIX_PATH="$(readlink -f "$(dirname $(readlink -f $(type -p disnix-deploy)))/../share/disnix")"
+export DISNIX_DATA_DIR="$(readlink -f "$(dirname $(readlink -f $(type -p disnix-deploy)))/../share/disnix")"
 
 # Build the environment resulting in a Disnix manifest file
 buildProfile disnix