2019-11-25 23:44:12 +00:00
|
|
|
let
|
|
|
|
webserverFor = hostAddress: localAddress: {
|
|
|
|
inherit hostAddress localAddress;
|
|
|
|
privateNetwork = true;
|
|
|
|
config = {
|
|
|
|
services.httpd = {
|
|
|
|
enable = true;
|
|
|
|
adminAddr = "foo@example.org";
|
|
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2021-02-26 15:03:49 +00:00
|
|
|
in import ./make-test-python.nix ({ pkgs, lib, ... }: {
|
2019-11-25 23:44:12 +00:00
|
|
|
name = "containers-ipv4-ipv6";
|
2021-02-26 15:03:49 +00:00
|
|
|
meta = {
|
2024-04-21 08:15:22 +01:00
|
|
|
maintainers = with lib.maintainers; [ aristid aszlig kampfschlaefer ];
|
2019-11-25 23:44:12 +00:00
|
|
|
};
|
|
|
|
|
2022-03-20 23:15:30 +00:00
|
|
|
nodes.machine =
|
2019-11-25 23:44:12 +00:00
|
|
|
{ pkgs, ... }: {
|
2023-11-23 09:54:31 +00:00
|
|
|
virtualisation.writableStore = true;
|
2019-11-25 23:44:12 +00:00
|
|
|
|
|
|
|
containers.webserver4 = webserverFor "10.231.136.1" "10.231.136.2";
|
|
|
|
containers.webserver6 = webserverFor "fc00::2" "fc00::1";
|
2021-10-06 18:19:29 +01:00
|
|
|
virtualisation.additionalPaths = [ pkgs.stdenv ];
|
2019-11-25 23:44:12 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
testScript = { nodes, ... }: ''
|
|
|
|
import time
|
|
|
|
|
|
|
|
|
|
|
|
def curl_host(ip):
|
|
|
|
# put [] around ipv6 addresses for curl
|
|
|
|
host = ip if ":" not in ip else f"[{ip}]"
|
|
|
|
return f"curl --fail --connect-timeout 2 http://{host}/ > /dev/null"
|
|
|
|
|
|
|
|
|
|
|
|
def get_ip(container):
|
|
|
|
# need to distinguish because show-ip won't work for ipv6
|
|
|
|
if container == "webserver4":
|
|
|
|
ip = machine.succeed(f"nixos-container show-ip {container}").rstrip()
|
|
|
|
assert ip == "${nodes.machine.config.containers.webserver4.localAddress}"
|
|
|
|
return ip
|
|
|
|
return "${nodes.machine.config.containers.webserver6.localAddress}"
|
|
|
|
|
|
|
|
|
|
|
|
for container in "webserver4", "webserver6":
|
|
|
|
assert container in machine.succeed("nixos-container list")
|
|
|
|
|
|
|
|
with subtest(f"Start container {container}"):
|
|
|
|
machine.succeed(f"nixos-container start {container}")
|
|
|
|
# wait 2s for container to start and network to be up
|
|
|
|
time.sleep(2)
|
|
|
|
|
|
|
|
# Since "start" returns after the container has reached
|
|
|
|
# multi-user.target, we should now be able to access it.
|
|
|
|
|
|
|
|
ip = get_ip(container)
|
|
|
|
with subtest(f"{container} reacts to pings and HTTP requests"):
|
|
|
|
machine.succeed(f"ping -n -c1 {ip}")
|
|
|
|
machine.succeed(curl_host(ip))
|
|
|
|
|
|
|
|
with subtest(f"Stop container {container}"):
|
|
|
|
machine.succeed(f"nixos-container stop {container}")
|
|
|
|
machine.fail(curl_host(ip))
|
|
|
|
|
|
|
|
# Destroying a declarative container should fail.
|
|
|
|
machine.fail(f"nixos-container destroy {container}")
|
|
|
|
'';
|
|
|
|
})
|