nixos/tests/systemd-nspawn-configfile: init
Test for presence of all specified options in the generated .nspawn config file. Additionally test for absence of misspelled and fixed option MachineID.
This commit is contained in:
parent
7ccb7998d0
commit
f86645566d
@ -744,6 +744,7 @@ in {
|
||||
systemd-networkd-vrf = handleTest ./systemd-networkd-vrf.nix {};
|
||||
systemd-no-tainted = handleTest ./systemd-no-tainted.nix {};
|
||||
systemd-nspawn = handleTest ./systemd-nspawn.nix {};
|
||||
systemd-nspawn-configfile = handleTest ./systemd-nspawn-configfile.nix {};
|
||||
systemd-oomd = handleTest ./systemd-oomd.nix {};
|
||||
systemd-portabled = handleTest ./systemd-portabled.nix {};
|
||||
systemd-repart = handleTest ./systemd-repart.nix {};
|
||||
|
128
nixos/tests/systemd-nspawn-configfile.nix
Normal file
128
nixos/tests/systemd-nspawn-configfile.nix
Normal file
@ -0,0 +1,128 @@
|
||||
import ./make-test-python.nix ({ lib, ... }:
|
||||
let
|
||||
execOptions = [
|
||||
"Boot"
|
||||
"ProcessTwo"
|
||||
"Parameters"
|
||||
"Environment"
|
||||
"User"
|
||||
"WorkingDirectory"
|
||||
"PivotRoot"
|
||||
"Capability"
|
||||
"DropCapability"
|
||||
"NoNewPrivileges"
|
||||
"KillSignal"
|
||||
"Personality"
|
||||
"MachineID"
|
||||
"PrivateUsers"
|
||||
"NotifyReady"
|
||||
"SystemCallFilter"
|
||||
"LimitCPU"
|
||||
"LimitFSIZE"
|
||||
"LimitDATA"
|
||||
"LimitSTACK"
|
||||
"LimitCORE"
|
||||
"LimitRSS"
|
||||
"LimitNOFILE"
|
||||
"LimitAS"
|
||||
"LimitNPROC"
|
||||
"LimitMEMLOCK"
|
||||
"LimitLOCKS"
|
||||
"LimitSIGPENDING"
|
||||
"LimitMSGQUEUE"
|
||||
"LimitNICE"
|
||||
"LimitRTPRIO"
|
||||
"LimitRTTIME"
|
||||
"OOMScoreAdjust"
|
||||
"CPUAffinity"
|
||||
"Hostname"
|
||||
"ResolvConf"
|
||||
"Timezone"
|
||||
"LinkJournal"
|
||||
"Ephemeral"
|
||||
"AmbientCapability"
|
||||
];
|
||||
|
||||
filesOptions = [
|
||||
"ReadOnly"
|
||||
"Volatile"
|
||||
"Bind"
|
||||
"BindReadOnly"
|
||||
"TemporaryFileSystem"
|
||||
"Overlay"
|
||||
"OverlayReadOnly"
|
||||
"PrivateUsersChown"
|
||||
"BindUser"
|
||||
"Inaccessible"
|
||||
"PrivateUsersOwnership"
|
||||
];
|
||||
|
||||
networkOptions = [
|
||||
"Private"
|
||||
"VirtualEthernet"
|
||||
"VirtualEthernetExtra"
|
||||
"Interface"
|
||||
"MACVLAN"
|
||||
"IPVLAN"
|
||||
"Bridge"
|
||||
"Zone"
|
||||
"Port"
|
||||
];
|
||||
|
||||
optionsToConfig = opts: builtins.listToAttrs (map (n: lib.nameValuePair n "testdata") opts);
|
||||
|
||||
grepForOptions = opts: ''node.succeed(
|
||||
"for o in ${builtins.concatStringsSep " " opts} ; do grep --quiet $o ${configFile} || exit 1 ; done"
|
||||
)'';
|
||||
|
||||
unitName = "options-test";
|
||||
configFile = "/etc/systemd/nspawn/${unitName}.nspawn";
|
||||
|
||||
in
|
||||
{
|
||||
name = "systemd-nspawn-configfile";
|
||||
|
||||
nodes = {
|
||||
node = { pkgs, ... }: {
|
||||
systemd.nspawn."${unitName}" = {
|
||||
enable = true;
|
||||
|
||||
execConfig = optionsToConfig execOptions // {
|
||||
Boot = true;
|
||||
ProcessTwo = true;
|
||||
NotifyReady = true;
|
||||
};
|
||||
|
||||
filesConfig = optionsToConfig filesOptions // {
|
||||
ReadOnly = true;
|
||||
Volatile = "state";
|
||||
PrivateUsersChown = true;
|
||||
PrivateUsersOwnership = "auto";
|
||||
};
|
||||
|
||||
networkConfig = optionsToConfig networkOptions // {
|
||||
Private = true;
|
||||
VirtualEthernet = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
start_all()
|
||||
|
||||
node.wait_for_file("${configFile}")
|
||||
|
||||
with subtest("Test for presence of all specified options in config file"):
|
||||
${grepForOptions execOptions}
|
||||
${grepForOptions filesOptions}
|
||||
${grepForOptions networkOptions}
|
||||
|
||||
with subtest("Test for absence of misspelled option 'MachineId' (instead of 'MachineID')"):
|
||||
node.fail("grep --quiet MachineId ${configFile}")
|
||||
'';
|
||||
|
||||
meta.maintainers = [
|
||||
lib.maintainers.zi3m5f
|
||||
];
|
||||
})
|
Loading…
Reference in New Issue
Block a user