diff --git a/nixos/tests/ec2.nix b/nixos/tests/ec2.nix index 1296ff4e8e30..9d9bac85a310 100644 --- a/nixos/tests/ec2.nix +++ b/nixos/tests/ec2.nix @@ -9,9 +9,11 @@ let (import ../lib/eval-config.nix { inherit system; modules = [ - ../maintainers/scripts/ec2/amazon-hvm-config.nix + ../maintainers/scripts/ec2/amazon-image.nix ../../nixos/modules/testing/test-instrumentation.nix - { boot.initrd.kernelModules = [ "virtio" "virtio_blk" "virtio_pci" "virtio_ring" ]; } + { boot.initrd.kernelModules = [ "virtio" "virtio_blk" "virtio_pci" "virtio_ring" ]; + ec2.hvm = true; + } ]; }).config.system.build.amazonImage; @@ -34,41 +36,48 @@ let nodes = {}; testScript = '' - use File::Temp qw/ tempfile /; - my ($fh, $filename) = tempfile(); + my $imageDir = ($ENV{'TMPDIR'} // "/tmp") . "/vm-state-machine"; + mkdir $imageDir, 0700; + my $diskImage = "$imageDir/machine.qcow2"; + system("qemu-img create -f qcow2 -o backing_file=${image}/nixos.img $diskImage") == 0 or die; - `qemu-img create -f qcow2 -o backing_file=${image}/nixos.img $filename`; - - my $startCommand = "qemu-kvm -m 768 -net nic -net 'user,net=169.254.0.0/16,guestfwd=tcp:169.254.169.254:80-cmd:${pkgs.micro-httpd}/bin/micro_httpd ${metaData}'"; - $startCommand .= " -drive file=" . Cwd::abs_path($filename) . ",if=virtio,werror=report"; + # Note: we use net=169.0.0.0/8 rather than + # net=169.254.0.0/16 to prevent dhcpcd from getting horribly + # confused. (It would get a DHCP lease in the 169.254.* + # range, which it would then configure and prompty delete + # again when it deletes link-local addresses.) Ideally we'd + # turn off the DHCP server, but qemu does not have an option + # to do that. + my $startCommand = "qemu-kvm -m 768 -net nic -net 'user,net=169.0.0.0/8,guestfwd=tcp:169.254.169.254:80-cmd:${pkgs.micro-httpd}/bin/micro_httpd ${metaData}'"; + $startCommand .= " -drive file=$diskImage,if=virtio,werror=report"; $startCommand .= " \$QEMU_OPTS"; my $machine = createMachine({ startCommand => $startCommand }); + ${script} ''; }; - snakeOilPrivateKey = [ - "-----BEGIN EC PRIVATE KEY-----" - "MHcCAQEEIHQf/khLvYrQ8IOika5yqtWvI0oquHlpRLTZiJy5dRJmoAoGCCqGSM49" - "AwEHoUQDQgAEKF0DYGbBwbj06tA3fd/+yP44cvmwmHBWXZCKbS+RQlAKvLXMWkpN" - "r1lwMyJZoSGgBHoUahoYjTh9/sJL7XLJtA==" - "-----END EC PRIVATE KEY-----" - ]; + snakeOilPrivateKey = '' + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW + QyNTUxOQAAACDEPmwZv5dDPrMUaq0dDP+6eBTTe+QNrz14KBEIdhHd1QAAAJDufJ4S7nye + EgAAAAtzc2gtZWQyNTUxOQAAACDEPmwZv5dDPrMUaq0dDP+6eBTTe+QNrz14KBEIdhHd1Q + AAAECgwbDlYATM5/jypuptb0GF/+zWZcJfoVIFBG3LQeRyGsQ+bBm/l0M+sxRqrR0M/7p4 + FNN75A2vPXgoEQh2Ed3VAAAADEVDMiB0ZXN0IGtleQE= + -----END OPENSSH PRIVATE KEY----- + ''; + + snakeOilPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQ+bBm/l0M+sxRqrR0M/7p4FNN75A2vPXgoEQh2Ed3V EC2 test key"; - snakeOilPublicKey = pkgs.lib.concatStrings [ - "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHA" - "yNTYAAABBBChdA2BmwcG49OrQN33f/sj+OHL5sJhwVl2Qim0vkUJQCry1zFpKTa" - "9ZcDMiWaEhoAR6FGoaGI04ff7CS+1yybQ= snakeoil" - ]; in { boot-ec2-nixops = makeEc2Test { name = "nixops-userdata"; sshPublicKey = snakeOilPublicKey; # That's right folks! My user's key is also the host key! userData = '' - SSH_HOST_DSA_KEY_PUB:${snakeOilPublicKey} - SSH_HOST_DSA_KEY:${pkgs.lib.concatStringsSep "|" snakeOilPrivateKey} + SSH_HOST_ED25519_KEY_PUB:${snakeOilPublicKey} + SSH_HOST_ED25519_KEY:${replaceStrings ["\n"] ["|"] snakeOilPrivateKey} ''; script = '' $machine->start; @@ -80,8 +89,9 @@ in { # Let's install our client private key $machine->succeed("mkdir -p ~/.ssh"); - ${concatMapStrings (s: "$machine->succeed('echo ${s} >> ~/.ssh/id_ecdsa');") snakeOilPrivateKey} - $machine->succeed("chmod 600 ~/.ssh/id_ecdsa"); + + $machine->succeed("echo '${snakeOilPrivateKey}' > ~/.ssh/id_ed25519"); + $machine->succeed("chmod 600 ~/.ssh/id_ed25519"); # We haven't configured the host key yet, so this should still fail $machine->fail("ssh -o BatchMode=yes localhost exit");