nixosTests.scion-freestanding-deployment: handleTest -> runTest
This commit is contained in:
parent
f693e18323
commit
4491dfaa0c
@ -1262,7 +1262,7 @@ in
|
||||
saunafs = runTest ./saunafs.nix;
|
||||
scaphandre = handleTest ./scaphandre.nix { };
|
||||
schleuder = runTest ./schleuder.nix;
|
||||
scion-freestanding-deployment = handleTest ./scion/freestanding-deployment { };
|
||||
scion-freestanding-deployment = runTest ./scion/freestanding-deployment;
|
||||
scrutiny = runTest ./scrutiny.nix;
|
||||
scx = runTest ./scx/default.nix;
|
||||
sddm = import ./sddm.nix { inherit runTest; };
|
||||
|
@ -1,211 +1,199 @@
|
||||
# implements https://github.com/scionproto/scion/blob/27983125bccac6b84d1f96f406853aab0e460405/doc/tutorials/deploy.rst
|
||||
import ../../make-test-python.nix (
|
||||
{ pkgs, ... }:
|
||||
let
|
||||
trust-root-configuration-keys = pkgs.runCommand "generate-trc-keys.sh" {
|
||||
buildInputs = [
|
||||
{ pkgs, ... }:
|
||||
let
|
||||
trust-root-configuration-keys = pkgs.runCommand "generate-trc-keys.sh" {
|
||||
buildInputs = [
|
||||
pkgs.scion
|
||||
];
|
||||
} (builtins.readFile ./bootstrap.sh);
|
||||
|
||||
imports = hostId: [
|
||||
{
|
||||
services.scion = {
|
||||
enable = true;
|
||||
bypassBootstrapWarning = true;
|
||||
};
|
||||
networking = {
|
||||
useNetworkd = true;
|
||||
useDHCP = false;
|
||||
};
|
||||
systemd.network.networks."01-eth1" = {
|
||||
name = "eth1";
|
||||
networkConfig.Address = "192.168.1.${toString hostId}/24";
|
||||
};
|
||||
environment.etc = {
|
||||
"scion/topology.json".source = ./topology + "${toString hostId}.json";
|
||||
"scion/crypto/as".source = trust-root-configuration-keys + "/AS${toString hostId}";
|
||||
"scion/certs/ISD42-B1-S1.trc".source = trust-root-configuration-keys + "/ISD42-B1-S1.trc";
|
||||
"scion/keys/master0.key".text = "U${toString hostId}v4k23ZXjGDwDofg/Eevw==";
|
||||
"scion/keys/master1.key".text = "dBMko${toString hostId}qMS8DfrN/zP2OUdA==";
|
||||
};
|
||||
environment.systemPackages = [
|
||||
pkgs.scion
|
||||
];
|
||||
} (builtins.readFile ./bootstrap.sh);
|
||||
|
||||
imports = hostId: [
|
||||
({
|
||||
services.scion = {
|
||||
enable = true;
|
||||
bypassBootstrapWarning = true;
|
||||
};
|
||||
networking = {
|
||||
useNetworkd = true;
|
||||
useDHCP = false;
|
||||
};
|
||||
systemd.network.networks."01-eth1" = {
|
||||
name = "eth1";
|
||||
networkConfig.Address = "192.168.1.${toString hostId}/24";
|
||||
};
|
||||
environment.etc = {
|
||||
"scion/topology.json".source = ./topology + "${toString hostId}.json";
|
||||
"scion/crypto/as".source = trust-root-configuration-keys + "/AS${toString hostId}";
|
||||
"scion/certs/ISD42-B1-S1.trc".source = trust-root-configuration-keys + "/ISD42-B1-S1.trc";
|
||||
"scion/keys/master0.key".text = "U${toString hostId}v4k23ZXjGDwDofg/Eevw==";
|
||||
"scion/keys/master1.key".text = "dBMko${toString hostId}qMS8DfrN/zP2OUdA==";
|
||||
};
|
||||
environment.systemPackages = [
|
||||
pkgs.scion
|
||||
];
|
||||
})
|
||||
];
|
||||
in
|
||||
{
|
||||
name = "scion-test";
|
||||
nodes = {
|
||||
scion01 =
|
||||
{ ... }:
|
||||
{
|
||||
imports = (imports 1);
|
||||
};
|
||||
scion02 =
|
||||
{ ... }:
|
||||
{
|
||||
imports = (imports 2);
|
||||
};
|
||||
scion03 =
|
||||
{ ... }:
|
||||
{
|
||||
imports = (imports 3);
|
||||
};
|
||||
scion04 =
|
||||
{ ... }:
|
||||
{
|
||||
imports = (imports 4);
|
||||
networking.interfaces."lo".ipv4.addresses = [
|
||||
{
|
||||
address = "172.16.1.1";
|
||||
prefixLength = 32;
|
||||
}
|
||||
];
|
||||
services.scion.scion-ip-gateway = {
|
||||
enable = true;
|
||||
config = {
|
||||
tunnel = {
|
||||
src_ipv4 = "172.16.1.1";
|
||||
};
|
||||
};
|
||||
trafficConfig = {
|
||||
ASes = {
|
||||
"42-ffaa:1:5" = {
|
||||
Nets = [
|
||||
"172.16.100.0/24"
|
||||
];
|
||||
};
|
||||
};
|
||||
ConfigVersion = 9001;
|
||||
};
|
||||
};
|
||||
};
|
||||
scion05 =
|
||||
{ ... }:
|
||||
{
|
||||
imports = (imports 5);
|
||||
networking.interfaces."lo".ipv4.addresses = [
|
||||
{
|
||||
address = "172.16.100.1";
|
||||
prefixLength = 32;
|
||||
}
|
||||
];
|
||||
services.scion.scion-ip-gateway = {
|
||||
enable = true;
|
||||
config = {
|
||||
tunnel = {
|
||||
src_ipv4 = "172.16.100.1";
|
||||
};
|
||||
};
|
||||
trafficConfig = {
|
||||
ASes = {
|
||||
"42-ffaa:1:4" = {
|
||||
Nets = [
|
||||
"172.16.1.0/24"
|
||||
];
|
||||
};
|
||||
};
|
||||
ConfigVersion = 9001;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
in
|
||||
{
|
||||
name = "scion-test";
|
||||
nodes = {
|
||||
scion01 = {
|
||||
imports = (imports 1);
|
||||
};
|
||||
testScript =
|
||||
let
|
||||
pingAll = pkgs.writeShellScript "ping-all-scion.sh" ''
|
||||
addresses="42-ffaa:1:1 42-ffaa:1:2 42-ffaa:1:3 42-ffaa:1:4 42-ffaa:1:5"
|
||||
timeout=100
|
||||
wait_for_all() {
|
||||
ret=0
|
||||
for as in "$@"
|
||||
do
|
||||
scion showpaths $as --no-probe > /dev/null
|
||||
ret=$?
|
||||
if [ "$ret" -ne "0" ]; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
return $ret
|
||||
}
|
||||
ping_all() {
|
||||
ret=0
|
||||
for as in "$@"
|
||||
do
|
||||
scion ping "$as,127.0.0.1" -c 3
|
||||
ret=$?
|
||||
if [ "$ret" -ne "0" ]; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
return $ret
|
||||
}
|
||||
for i in $(seq 0 $timeout); do
|
||||
sleep 1
|
||||
wait_for_all $addresses || continue
|
||||
ping_all $addresses && exit 0
|
||||
scion02 = {
|
||||
imports = (imports 2);
|
||||
};
|
||||
scion03 = {
|
||||
imports = (imports 3);
|
||||
};
|
||||
scion04 = {
|
||||
imports = (imports 4);
|
||||
networking.interfaces."lo".ipv4.addresses = [
|
||||
{
|
||||
address = "172.16.1.1";
|
||||
prefixLength = 32;
|
||||
}
|
||||
];
|
||||
services.scion.scion-ip-gateway = {
|
||||
enable = true;
|
||||
config = {
|
||||
tunnel = {
|
||||
src_ipv4 = "172.16.1.1";
|
||||
};
|
||||
};
|
||||
trafficConfig = {
|
||||
ASes = {
|
||||
"42-ffaa:1:5" = {
|
||||
Nets = [
|
||||
"172.16.100.0/24"
|
||||
];
|
||||
};
|
||||
};
|
||||
ConfigVersion = 9001;
|
||||
};
|
||||
};
|
||||
};
|
||||
scion05 = {
|
||||
imports = (imports 5);
|
||||
networking.interfaces."lo".ipv4.addresses = [
|
||||
{
|
||||
address = "172.16.100.1";
|
||||
prefixLength = 32;
|
||||
}
|
||||
];
|
||||
services.scion.scion-ip-gateway = {
|
||||
enable = true;
|
||||
config = {
|
||||
tunnel = {
|
||||
src_ipv4 = "172.16.100.1";
|
||||
};
|
||||
};
|
||||
trafficConfig = {
|
||||
ASes = {
|
||||
"42-ffaa:1:4" = {
|
||||
Nets = [
|
||||
"172.16.1.0/24"
|
||||
];
|
||||
};
|
||||
};
|
||||
ConfigVersion = 9001;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
testScript =
|
||||
let
|
||||
pingAll = pkgs.writeShellScript "ping-all-scion.sh" ''
|
||||
addresses="42-ffaa:1:1 42-ffaa:1:2 42-ffaa:1:3 42-ffaa:1:4 42-ffaa:1:5"
|
||||
timeout=100
|
||||
wait_for_all() {
|
||||
ret=0
|
||||
for as in "$@"
|
||||
do
|
||||
scion showpaths $as --no-probe > /dev/null
|
||||
ret=$?
|
||||
if [ "$ret" -ne "0" ]; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
exit 1
|
||||
'';
|
||||
in
|
||||
''
|
||||
# List of AS instances
|
||||
machines = [scion01, scion02, scion03, scion04, scion05]
|
||||
|
||||
# Functions to avoid many for loops
|
||||
def start(allow_reboot=False):
|
||||
for i in machines:
|
||||
i.start(allow_reboot=allow_reboot)
|
||||
|
||||
def wait_for_unit(service_name):
|
||||
for i in machines:
|
||||
i.wait_for_unit(service_name)
|
||||
|
||||
def succeed(command):
|
||||
for i in machines:
|
||||
i.succeed(command)
|
||||
|
||||
def reboot():
|
||||
for i in machines:
|
||||
i.reboot()
|
||||
|
||||
def crash():
|
||||
for i in machines:
|
||||
i.crash()
|
||||
|
||||
# Start all machines, allowing reboot for later
|
||||
start(allow_reboot=True)
|
||||
|
||||
# Wait for scion-control.service on all instances
|
||||
wait_for_unit("scion-control.service")
|
||||
|
||||
# Ensure cert is valid against TRC
|
||||
succeed("scion-pki certificate verify --trc /etc/scion/certs/*.trc /etc/scion/crypto/as/*.pem >&2")
|
||||
|
||||
# Execute pingAll command on all instances
|
||||
succeed("${pingAll} >&2")
|
||||
|
||||
# Execute ICMP pings across scion-ip-gateway
|
||||
scion04.succeed("ping -c 3 172.16.100.1 >&2")
|
||||
scion05.succeed("ping -c 3 172.16.1.1 >&2")
|
||||
|
||||
# Restart all scion services and ping again to test robustness
|
||||
succeed("systemctl restart scion-* >&2")
|
||||
succeed("${pingAll} >&2")
|
||||
|
||||
# Reboot machines, wait for service, and ping again
|
||||
reboot()
|
||||
wait_for_unit("scion-control.service")
|
||||
succeed("${pingAll} >&2")
|
||||
|
||||
# Crash, start, wait for service, and ping again
|
||||
crash()
|
||||
start()
|
||||
wait_for_unit("scion-control.service")
|
||||
succeed("pkill -9 scion-* >&2")
|
||||
wait_for_unit("scion-control.service")
|
||||
succeed("${pingAll} >&2")
|
||||
return $ret
|
||||
}
|
||||
ping_all() {
|
||||
ret=0
|
||||
for as in "$@"
|
||||
do
|
||||
scion ping "$as,127.0.0.1" -c 3
|
||||
ret=$?
|
||||
if [ "$ret" -ne "0" ]; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
return $ret
|
||||
}
|
||||
for i in $(seq 0 $timeout); do
|
||||
sleep 1
|
||||
wait_for_all $addresses || continue
|
||||
ping_all $addresses && exit 0
|
||||
done
|
||||
exit 1
|
||||
'';
|
||||
}
|
||||
)
|
||||
in
|
||||
''
|
||||
# List of AS instances
|
||||
machines = [scion01, scion02, scion03, scion04, scion05]
|
||||
|
||||
# Functions to avoid many for loops
|
||||
def start(allow_reboot=False):
|
||||
for i in machines:
|
||||
i.start(allow_reboot=allow_reboot)
|
||||
|
||||
def wait_for_unit(service_name):
|
||||
for i in machines:
|
||||
i.wait_for_unit(service_name)
|
||||
|
||||
def succeed(command):
|
||||
for i in machines:
|
||||
i.succeed(command)
|
||||
|
||||
def reboot():
|
||||
for i in machines:
|
||||
i.reboot()
|
||||
|
||||
def crash():
|
||||
for i in machines:
|
||||
i.crash()
|
||||
|
||||
# Start all machines, allowing reboot for later
|
||||
start(allow_reboot=True)
|
||||
|
||||
# Wait for scion-control.service on all instances
|
||||
wait_for_unit("scion-control.service")
|
||||
|
||||
# Ensure cert is valid against TRC
|
||||
succeed("scion-pki certificate verify --trc /etc/scion/certs/*.trc /etc/scion/crypto/as/*.pem >&2")
|
||||
|
||||
# Execute pingAll command on all instances
|
||||
succeed("${pingAll} >&2")
|
||||
|
||||
# Execute ICMP pings across scion-ip-gateway
|
||||
scion04.succeed("ping -c 3 172.16.100.1 >&2")
|
||||
scion05.succeed("ping -c 3 172.16.1.1 >&2")
|
||||
|
||||
# Restart all scion services and ping again to test robustness
|
||||
succeed("systemctl restart scion-* >&2")
|
||||
succeed("${pingAll} >&2")
|
||||
|
||||
# Reboot machines, wait for service, and ping again
|
||||
reboot()
|
||||
wait_for_unit("scion-control.service")
|
||||
succeed("${pingAll} >&2")
|
||||
|
||||
# Crash, start, wait for service, and ping again
|
||||
crash()
|
||||
start()
|
||||
wait_for_unit("scion-control.service")
|
||||
succeed("pkill -9 scion-* >&2")
|
||||
wait_for_unit("scion-control.service")
|
||||
succeed("${pingAll} >&2")
|
||||
'';
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user