talexander/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

nixosTests.scion-freestanding-deployment: handleTest -> runTest

Browse Source
This commit is contained in:
Sizhe Zhao 2025-07-09 12:25:54 +08:00
parent f693e18323
commit 4491dfaa0c
No known key found for this signature in database
GPG Key ID: ED1807251A7DA08F
2 changed files with 194 additions and 206 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/tests/all-tests.nix
View File

@ -1262,7 +1262,7 @@ in
saunafs = runTest ./saunafs.nix;
scaphandre = handleTest ./scaphandre.nix { };
schleuder = runTest ./schleuder.nix;
scion-freestanding-deployment = handleTest ./scion/freestanding-deployment { };
scion-freestanding-deployment = runTest ./scion/freestanding-deployment;
scrutiny = runTest ./scrutiny.nix;
scx = runTest ./scx/default.nix;
sddm = import ./sddm.nix { inherit runTest; };

398
nixos/tests/scion/freestanding-deployment/default.nix
View File

@ -1,211 +1,199 @@
# implements https://github.com/scionproto/scion/blob/27983125bccac6b84d1f96f406853aab0e460405/doc/tutorials/deploy.rst
import ../../make-test-python.nix (
{ pkgs, ... }:
let
trust-root-configuration-keys = pkgs.runCommand "generate-trc-keys.sh" {
buildInputs = [
{ pkgs, ... }:
let
trust-root-configuration-keys = pkgs.runCommand "generate-trc-keys.sh" {
buildInputs = [
pkgs.scion
];
} (builtins.readFile ./bootstrap.sh);
imports = hostId: [
{
services.scion = {
enable = true;
bypassBootstrapWarning = true;
};
networking = {
useNetworkd = true;
useDHCP = false;
};
systemd.network.networks."01-eth1" = {
name = "eth1";
networkConfig.Address = "192.168.1.${toString hostId}/24";
};
environment.etc = {
"scion/topology.json".source = ./topology + "${toString hostId}.json";
"scion/crypto/as".source = trust-root-configuration-keys + "/AS${toString hostId}";
"scion/certs/ISD42-B1-S1.trc".source = trust-root-configuration-keys + "/ISD42-B1-S1.trc";
"scion/keys/master0.key".text = "U${toString hostId}v4k23ZXjGDwDofg/Eevw==";
"scion/keys/master1.key".text = "dBMko${toString hostId}qMS8DfrN/zP2OUdA==";
};
environment.systemPackages = [
pkgs.scion
];
} (builtins.readFile ./bootstrap.sh);
imports = hostId: [
({
services.scion = {
enable = true;
bypassBootstrapWarning = true;
};
networking = {
useNetworkd = true;
useDHCP = false;
};
systemd.network.networks."01-eth1" = {
name = "eth1";
networkConfig.Address = "192.168.1.${toString hostId}/24";
};
environment.etc = {
"scion/topology.json".source = ./topology + "${toString hostId}.json";
"scion/crypto/as".source = trust-root-configuration-keys + "/AS${toString hostId}";
"scion/certs/ISD42-B1-S1.trc".source = trust-root-configuration-keys + "/ISD42-B1-S1.trc";
"scion/keys/master0.key".text = "U${toString hostId}v4k23ZXjGDwDofg/Eevw==";
"scion/keys/master1.key".text = "dBMko${toString hostId}qMS8DfrN/zP2OUdA==";
};
environment.systemPackages = [
pkgs.scion
];
})
];
in
{
name = "scion-test";
nodes = {
scion01 =
{ ... }:
{
imports = (imports 1);
};
scion02 =
{ ... }:
{
imports = (imports 2);
};
scion03 =
{ ... }:
{
imports = (imports 3);
};
scion04 =
{ ... }:
{
imports = (imports 4);
networking.interfaces."lo".ipv4.addresses = [
{
address = "172.16.1.1";
prefixLength = 32;
}
];
services.scion.scion-ip-gateway = {
enable = true;
config = {
tunnel = {
src_ipv4 = "172.16.1.1";
};
};
trafficConfig = {
ASes = {
"42-ffaa:1:5" = {
Nets = [
"172.16.100.0/24"
];
};
};
ConfigVersion = 9001;
};
};
};
scion05 =
{ ... }:
{
imports = (imports 5);
networking.interfaces."lo".ipv4.addresses = [
{
address = "172.16.100.1";
prefixLength = 32;
}
];
services.scion.scion-ip-gateway = {
enable = true;
config = {
tunnel = {
src_ipv4 = "172.16.100.1";
};
};
trafficConfig = {
ASes = {
"42-ffaa:1:4" = {
Nets = [
"172.16.1.0/24"
];
};
};
ConfigVersion = 9001;
};
};
};
}
];
in
{
name = "scion-test";
nodes = {
scion01 = {
imports = (imports 1);
};
testScript =
let
pingAll = pkgs.writeShellScript "ping-all-scion.sh" ''
addresses="42-ffaa:1:1 42-ffaa:1:2 42-ffaa:1:3 42-ffaa:1:4 42-ffaa:1:5"
timeout=100
wait_for_all() {
ret=0
for as in "$@"
do
scion showpaths $as --no-probe > /dev/null
ret=$?
if [ "$ret" -ne "0" ]; then
break
fi
done
return $ret
}
ping_all() {
ret=0
for as in "$@"
do
scion ping "$as,127.0.0.1" -c 3
ret=$?
if [ "$ret" -ne "0" ]; then
break
fi
done
return $ret
}
for i in $(seq 0 $timeout); do
sleep 1
wait_for_all $addresses || continue
ping_all $addresses && exit 0
scion02 = {
imports = (imports 2);
};
scion03 = {
imports = (imports 3);
};
scion04 = {
imports = (imports 4);
networking.interfaces."lo".ipv4.addresses = [
{
address = "172.16.1.1";
prefixLength = 32;
}
];
services.scion.scion-ip-gateway = {
enable = true;
config = {
tunnel = {
src_ipv4 = "172.16.1.1";
};
};
trafficConfig = {
ASes = {
"42-ffaa:1:5" = {
Nets = [
"172.16.100.0/24"
];
};
};
ConfigVersion = 9001;
};
};
};
scion05 = {
imports = (imports 5);
networking.interfaces."lo".ipv4.addresses = [
{
address = "172.16.100.1";
prefixLength = 32;
}
];
services.scion.scion-ip-gateway = {
enable = true;
config = {
tunnel = {
src_ipv4 = "172.16.100.1";
};
};
trafficConfig = {
ASes = {
"42-ffaa:1:4" = {
Nets = [
"172.16.1.0/24"
];
};
};
ConfigVersion = 9001;
};
};
};
};
testScript =
let
pingAll = pkgs.writeShellScript "ping-all-scion.sh" ''
addresses="42-ffaa:1:1 42-ffaa:1:2 42-ffaa:1:3 42-ffaa:1:4 42-ffaa:1:5"
timeout=100
wait_for_all() {
ret=0
for as in "$@"
do
scion showpaths $as --no-probe > /dev/null
ret=$?
if [ "$ret" -ne "0" ]; then
break
fi
done
exit 1
'';
in
''
# List of AS instances
machines = [scion01, scion02, scion03, scion04, scion05]
# Functions to avoid many for loops
def start(allow_reboot=False):
for i in machines:
i.start(allow_reboot=allow_reboot)
def wait_for_unit(service_name):
for i in machines:
i.wait_for_unit(service_name)
def succeed(command):
for i in machines:
i.succeed(command)
def reboot():
for i in machines:
i.reboot()
def crash():
for i in machines:
i.crash()
# Start all machines, allowing reboot for later
start(allow_reboot=True)
# Wait for scion-control.service on all instances
wait_for_unit("scion-control.service")
# Ensure cert is valid against TRC
succeed("scion-pki certificate verify --trc /etc/scion/certs/*.trc /etc/scion/crypto/as/*.pem >&2")
# Execute pingAll command on all instances
succeed("${pingAll} >&2")
# Execute ICMP pings across scion-ip-gateway
scion04.succeed("ping -c 3 172.16.100.1 >&2")
scion05.succeed("ping -c 3 172.16.1.1 >&2")
# Restart all scion services and ping again to test robustness
succeed("systemctl restart scion-* >&2")
succeed("${pingAll} >&2")
# Reboot machines, wait for service, and ping again
reboot()
wait_for_unit("scion-control.service")
succeed("${pingAll} >&2")
# Crash, start, wait for service, and ping again
crash()
start()
wait_for_unit("scion-control.service")
succeed("pkill -9 scion-* >&2")
wait_for_unit("scion-control.service")
succeed("${pingAll} >&2")
return $ret
}
ping_all() {
ret=0
for as in "$@"
do
scion ping "$as,127.0.0.1" -c 3
ret=$?
if [ "$ret" -ne "0" ]; then
break
fi
done
return $ret
}
for i in $(seq 0 $timeout); do
sleep 1
wait_for_all $addresses || continue
ping_all $addresses && exit 0
done
exit 1
'';
}
)
in
''
# List of AS instances
machines = [scion01, scion02, scion03, scion04, scion05]
# Functions to avoid many for loops
def start(allow_reboot=False):
for i in machines:
i.start(allow_reboot=allow_reboot)
def wait_for_unit(service_name):
for i in machines:
i.wait_for_unit(service_name)
def succeed(command):
for i in machines:
i.succeed(command)
def reboot():
for i in machines:
i.reboot()
def crash():
for i in machines:
i.crash()
# Start all machines, allowing reboot for later
start(allow_reboot=True)
# Wait for scion-control.service on all instances
wait_for_unit("scion-control.service")
# Ensure cert is valid against TRC
succeed("scion-pki certificate verify --trc /etc/scion/certs/*.trc /etc/scion/crypto/as/*.pem >&2")
# Execute pingAll command on all instances
succeed("${pingAll} >&2")
# Execute ICMP pings across scion-ip-gateway
scion04.succeed("ping -c 3 172.16.100.1 >&2")
scion05.succeed("ping -c 3 172.16.1.1 >&2")
# Restart all scion services and ping again to test robustness
succeed("systemctl restart scion-* >&2")
succeed("${pingAll} >&2")
# Reboot machines, wait for service, and ping again
reboot()
wait_for_unit("scion-control.service")
succeed("${pingAll} >&2")
# Crash, start, wait for service, and ping again
crash()
start()
wait_for_unit("scion-control.service")
succeed("pkill -9 scion-* >&2")
wait_for_unit("scion-control.service")
succeed("${pingAll} >&2")
'';
}