talexander/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

nixosTests.scion-freestanding-deployment: handleTest -> runTest (#423697)

Browse Source
This commit is contained in:
Wolfgang Walther 2025-07-10 06:54:49 +00:00 committed by GitHub
commit c801e4b6a5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 194 additions and 206 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/tests/all-tests.nix
View File

@ -1262,7 +1262,7 @@ in
saunafs = runTest ./saunafs.nix; saunafs = runTest ./saunafs.nix;
scaphandre = runTest ./scaphandre.nix; scaphandre = runTest ./scaphandre.nix;
schleuder = runTest ./schleuder.nix; schleuder = runTest ./schleuder.nix;
scion-freestanding-deployment = handleTest ./scion/freestanding-deployment { }; scion-freestanding-deployment = runTest ./scion/freestanding-deployment;
scrutiny = runTest ./scrutiny.nix; scrutiny = runTest ./scrutiny.nix;
scx = runTest ./scx/default.nix; scx = runTest ./scx/default.nix;
sddm = import ./sddm.nix { inherit runTest; }; sddm = import ./sddm.nix { inherit runTest; };

398
nixos/tests/scion/freestanding-deployment/default.nix
View File

@ -1,211 +1,199 @@
# implements https://github.com/scionproto/scion/blob/27983125bccac6b84d1f96f406853aab0e460405/doc/tutorials/deploy.rst # implements https://github.com/scionproto/scion/blob/27983125bccac6b84d1f96f406853aab0e460405/doc/tutorials/deploy.rst
import ../../make-test-python.nix ( { pkgs, ... }:
{ pkgs, ... }: let
let trust-root-configuration-keys = pkgs.runCommand "generate-trc-keys.sh" {
trust-root-configuration-keys = pkgs.runCommand "generate-trc-keys.sh" { buildInputs = [
buildInputs = [ pkgs.scion
];
} (builtins.readFile ./bootstrap.sh);
imports = hostId: [
{
services.scion = {
enable = true;
bypassBootstrapWarning = true;
};
networking = {
useNetworkd = true;
useDHCP = false;
};
systemd.network.networks."01-eth1" = {
name = "eth1";
networkConfig.Address = "192.168.1.${toString hostId}/24";
};
environment.etc = {
"scion/topology.json".source = ./topology + "${toString hostId}.json";
"scion/crypto/as".source = trust-root-configuration-keys + "/AS${toString hostId}";
"scion/certs/ISD42-B1-S1.trc".source = trust-root-configuration-keys + "/ISD42-B1-S1.trc";
"scion/keys/master0.key".text = "U${toString hostId}v4k23ZXjGDwDofg/Eevw==";
"scion/keys/master1.key".text = "dBMko${toString hostId}qMS8DfrN/zP2OUdA==";
};
environment.systemPackages = [
pkgs.scion pkgs.scion
]; ];
} (builtins.readFile ./bootstrap.sh); }
];
imports = hostId: [ in
({ {
services.scion = { name = "scion-test";
enable = true; nodes = {
bypassBootstrapWarning = true; scion01 = {
}; imports = (imports 1);
networking = {
useNetworkd = true;
useDHCP = false;
};
systemd.network.networks."01-eth1" = {
name = "eth1";
networkConfig.Address = "192.168.1.${toString hostId}/24";
};
environment.etc = {
"scion/topology.json".source = ./topology + "${toString hostId}.json";
"scion/crypto/as".source = trust-root-configuration-keys + "/AS${toString hostId}";
"scion/certs/ISD42-B1-S1.trc".source = trust-root-configuration-keys + "/ISD42-B1-S1.trc";
"scion/keys/master0.key".text = "U${toString hostId}v4k23ZXjGDwDofg/Eevw==";
"scion/keys/master1.key".text = "dBMko${toString hostId}qMS8DfrN/zP2OUdA==";
};
environment.systemPackages = [
pkgs.scion
];
})
];
in
{
name = "scion-test";
nodes = {
scion01 =
{ ... }:
{
imports = (imports 1);
};
scion02 =
{ ... }:
{
imports = (imports 2);
};
scion03 =
{ ... }:
{
imports = (imports 3);
};
scion04 =
{ ... }:
{
imports = (imports 4);
networking.interfaces."lo".ipv4.addresses = [
{
address = "172.16.1.1";
prefixLength = 32;
}
];
services.scion.scion-ip-gateway = {
enable = true;
config = {
tunnel = {
src_ipv4 = "172.16.1.1";
};
};
trafficConfig = {
ASes = {
"42-ffaa:1:5" = {
Nets = [
"172.16.100.0/24"
];
};
};
ConfigVersion = 9001;
};
};
};
scion05 =
{ ... }:
{
imports = (imports 5);
networking.interfaces."lo".ipv4.addresses = [
{
address = "172.16.100.1";
prefixLength = 32;
}
];
services.scion.scion-ip-gateway = {
enable = true;
config = {
tunnel = {
src_ipv4 = "172.16.100.1";
};
};
trafficConfig = {
ASes = {
"42-ffaa:1:4" = {
Nets = [
"172.16.1.0/24"
];
};
};
ConfigVersion = 9001;
};
};
};
}; };
testScript = scion02 = {
let imports = (imports 2);
pingAll = pkgs.writeShellScript "ping-all-scion.sh" '' };
addresses="42-ffaa:1:1 42-ffaa:1:2 42-ffaa:1:3 42-ffaa:1:4 42-ffaa:1:5" scion03 = {
timeout=100 imports = (imports 3);
wait_for_all() { };
ret=0 scion04 = {
for as in "$@" imports = (imports 4);
do networking.interfaces."lo".ipv4.addresses = [
scion showpaths $as --no-probe > /dev/null {
ret=$? address = "172.16.1.1";
if [ "$ret" -ne "0" ]; then prefixLength = 32;
break }
fi ];
done services.scion.scion-ip-gateway = {
return $ret enable = true;
} config = {
ping_all() { tunnel = {
ret=0 src_ipv4 = "172.16.1.1";
for as in "$@" };
do };
scion ping "$as,127.0.0.1" -c 3 trafficConfig = {
ret=$? ASes = {
if [ "$ret" -ne "0" ]; then "42-ffaa:1:5" = {
break Nets = [
fi "172.16.100.0/24"
done ];
return $ret };
} };
for i in $(seq 0 $timeout); do ConfigVersion = 9001;
sleep 1 };
wait_for_all $addresses || continue };
ping_all $addresses && exit 0 };
scion05 = {
imports = (imports 5);
networking.interfaces."lo".ipv4.addresses = [
{
address = "172.16.100.1";
prefixLength = 32;
}
];
services.scion.scion-ip-gateway = {
enable = true;
config = {
tunnel = {
src_ipv4 = "172.16.100.1";
};
};
trafficConfig = {
ASes = {
"42-ffaa:1:4" = {
Nets = [
"172.16.1.0/24"
];
};
};
ConfigVersion = 9001;
};
};
};
};
testScript =
let
pingAll = pkgs.writeShellScript "ping-all-scion.sh" ''
addresses="42-ffaa:1:1 42-ffaa:1:2 42-ffaa:1:3 42-ffaa:1:4 42-ffaa:1:5"
timeout=100
wait_for_all() {
ret=0
for as in "$@"
do
scion showpaths $as --no-probe > /dev/null
ret=$?
if [ "$ret" -ne "0" ]; then
break
fi
done done
exit 1 return $ret
''; }
in ping_all() {
'' ret=0
# List of AS instances for as in "$@"
machines = [scion01, scion02, scion03, scion04, scion05] do
scion ping "$as,127.0.0.1" -c 3
# Functions to avoid many for loops ret=$?
def start(allow_reboot=False): if [ "$ret" -ne "0" ]; then
for i in machines: break
i.start(allow_reboot=allow_reboot) fi
done
def wait_for_unit(service_name): return $ret
for i in machines: }
i.wait_for_unit(service_name) for i in $(seq 0 $timeout); do
sleep 1
def succeed(command): wait_for_all $addresses || continue
for i in machines: ping_all $addresses && exit 0
i.succeed(command) done
exit 1
def reboot():
for i in machines:
i.reboot()
def crash():
for i in machines:
i.crash()
# Start all machines, allowing reboot for later
start(allow_reboot=True)
# Wait for scion-control.service on all instances
wait_for_unit("scion-control.service")
# Ensure cert is valid against TRC
succeed("scion-pki certificate verify --trc /etc/scion/certs/*.trc /etc/scion/crypto/as/*.pem >&2")
# Execute pingAll command on all instances
succeed("${pingAll} >&2")
# Execute ICMP pings across scion-ip-gateway
scion04.succeed("ping -c 3 172.16.100.1 >&2")
scion05.succeed("ping -c 3 172.16.1.1 >&2")
# Restart all scion services and ping again to test robustness
succeed("systemctl restart scion-* >&2")
succeed("${pingAll} >&2")
# Reboot machines, wait for service, and ping again
reboot()
wait_for_unit("scion-control.service")
succeed("${pingAll} >&2")
# Crash, start, wait for service, and ping again
crash()
start()
wait_for_unit("scion-control.service")
succeed("pkill -9 scion-* >&2")
wait_for_unit("scion-control.service")
succeed("${pingAll} >&2")
''; '';
} in
) ''
# List of AS instances
machines = [scion01, scion02, scion03, scion04, scion05]
# Functions to avoid many for loops
def start(allow_reboot=False):
for i in machines:
i.start(allow_reboot=allow_reboot)
def wait_for_unit(service_name):
for i in machines:
i.wait_for_unit(service_name)
def succeed(command):
for i in machines:
i.succeed(command)
def reboot():
for i in machines:
i.reboot()
def crash():
for i in machines:
i.crash()
# Start all machines, allowing reboot for later
start(allow_reboot=True)
# Wait for scion-control.service on all instances
wait_for_unit("scion-control.service")
# Ensure cert is valid against TRC
succeed("scion-pki certificate verify --trc /etc/scion/certs/*.trc /etc/scion/crypto/as/*.pem >&2")
# Execute pingAll command on all instances
succeed("${pingAll} >&2")
# Execute ICMP pings across scion-ip-gateway
scion04.succeed("ping -c 3 172.16.100.1 >&2")
scion05.succeed("ping -c 3 172.16.1.1 >&2")
# Restart all scion services and ping again to test robustness
succeed("systemctl restart scion-* >&2")
succeed("${pingAll} >&2")
# Reboot machines, wait for service, and ping again
reboot()
wait_for_unit("scion-control.service")
succeed("${pingAll} >&2")
# Crash, start, wait for service, and ping again
crash()
start()
wait_for_unit("scion-control.service")
succeed("pkill -9 scion-* >&2")
wait_for_unit("scion-control.service")
succeed("${pingAll} >&2")
'';
}