diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 659e2f9e5699..a48dcda94d7e 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -238,6 +238,7 @@ in lxd = handleTest ./lxd.nix {}; lxd-image = handleTest ./lxd-image.nix {}; lxd-nftables = handleTest ./lxd-nftables.nix {}; + lxd-image-server = handleTest ./lxd-image-server.nix {}; #logstash = handleTest ./logstash.nix {}; lorri = handleTest ./lorri/default.nix {}; magic-wormhole-mailbox-server = handleTest ./magic-wormhole-mailbox-server.nix {}; diff --git a/nixos/tests/lxd-image-server.nix b/nixos/tests/lxd-image-server.nix new file mode 100644 index 000000000000..9f060fed38d8 --- /dev/null +++ b/nixos/tests/lxd-image-server.nix @@ -0,0 +1,127 @@ +import ./make-test-python.nix ({ pkgs, ...} : + +let + # Since we don't have access to the internet during the tests, we have to + # pre-fetch lxd containers beforehand. + # + # I've chosen to import Alpine Linux, because its image is turbo-tiny and, + # generally, sufficient for our tests. + alpine-meta = pkgs.fetchurl { + url = "https://tarballs.nixos.org/alpine/3.12/lxd.tar.xz"; + hash = "sha256-1tcKaO9lOkvqfmG/7FMbfAEToAuFy2YMewS8ysBKuLA="; + }; + + alpine-rootfs = pkgs.fetchurl { + url = "https://tarballs.nixos.org/alpine/3.12/rootfs.tar.xz"; + hash = "sha256-Tba9sSoaiMtQLY45u7p5DMqXTSDgs/763L/SQp0bkCA="; + }; + + lxd-config = pkgs.writeText "config.yaml" '' + storage_pools: + - name: default + driver: dir + config: + source: /var/lxd-pool + + networks: + - name: lxdbr0 + type: bridge + config: + ipv4.address: auto + ipv6.address: none + + profiles: + - name: default + devices: + eth0: + name: eth0 + network: lxdbr0 + type: nic + root: + path: / + pool: default + type: disk + ''; + + +in { + name = "lxd-image-server"; + + meta = with pkgs.lib.maintainers; { + maintainers = [ mkg20001 ]; + }; + + machine = { lib, ... }: { + virtualisation = { + cores = 2; + + memorySize = 2048; + diskSize = 4096; + + lxc.lxcfs.enable = true; + lxd.enable = true; + }; + + security.pki.certificates = [ + (builtins.readFile ./common/acme/server/ca.cert.pem) + ]; + + services.nginx = { + enable = true; + }; + + services.lxd-image-server = { + enable = true; + nginx = { + enable = true; + domain = "acme.test"; + }; + }; + + services.nginx.virtualHosts."acme.test" = { + enableACME = false; + sslCertificate = ./common/acme/server/acme.test.cert.pem; + sslCertificateKey = ./common/acme/server/acme.test.key.pem; + }; + + networking.hosts = { + "::1" = [ "acme.test" ]; + }; + }; + + testScript = '' + machine.wait_for_unit("sockets.target") + machine.wait_for_unit("lxd.service") + machine.wait_for_file("/var/lib/lxd/unix.socket") + + # It takes additional second for lxd to settle + machine.sleep(1) + + # lxd expects the pool's directory to already exist + machine.succeed("mkdir /var/lxd-pool") + + + machine.succeed( + "cat ${lxd-config} | lxd init --preseed" + ) + + machine.succeed( + "lxc image import ${alpine-meta} ${alpine-rootfs} --alias alpine" + ) + + loc = "/var/www/simplestreams/images/iats/alpine/amd64/default/v1" + + with subtest("push image to server"): + machine.succeed("lxc launch alpine test") + machine.succeed("lxc stop test") + machine.succeed("lxc publish --public test --alias=testimg") + machine.succeed("lxc image export testimg") + machine.succeed("ls >&2") + machine.succeed("mkdir -p " + loc) + machine.succeed("mv *.tar.gz " + loc) + + with subtest("pull image from server"): + machine.succeed("lxc remote add img https://acme.test --protocol=simplestreams") + machine.succeed("lxc image list img: >&2") + ''; +})