Commit graph

697 commits

Author SHA1 Message Date
Sarah Brofeldt
294bb6daea nixos/tests/gitlab.nix: Unbreak config, still times out 2017-11-06 14:52:33 +01:00
Tim Steinbach
97f172a1d5
Merge pull request #31146 from NeQuissimus/kafka_updates
Kafka: Update + Tests
2017-11-04 11:06:32 -04:00
Bas van Dijk
c894327215 postage: replaced by pgmanage-10.0.2
postage is no longer maintained and has been replaced by the identical pgmanage. See:

https://github.com/workflowproducts/postage#postage-has-been-replaced-with-pgmanage

The following error is raised when a user enables the deprecated `services.postage.enable` option:

Failed assertions:
- services.postage is deprecated in favor of pgmanage. They have the same options so just substitute postage for pgmanage.
2017-11-03 00:14:00 +01:00
Tim Steinbach
beefaff2c1
kafka: Add tests 2017-11-02 15:10:33 -04:00
Tim Steinbach
d27cf320cf
zookeeper: Add simple test 2017-11-02 14:09:56 -04:00
Bas van Dijk
04b2460eb6 graphite: fix the graphiteApi service 2017-10-31 15:49:59 +01:00
Tuomas Tynkkynen
2f3786e7ef nixos/tests/gitolite: Don't build during evaluation
Noticed in https://hydra.nixos.org/jobset/nixos/release-17.09#tabs-errors:

````
hydra-eval-jobs returned exit code 1:
building path(s) '/nix/store/wxcbjli7m98yymnxrxkf6pigr7a05zad-id_ed25519.pub'
building '/nix/store/gyig2d7cry98647h0grfilq26cpc1wy8-id_ed25519.pub.drv'...
````

Issue #29774
2017-10-21 23:45:37 +03:00
Peter Simons
757a759005 Merge pull request #30166 from LumiGuide/graphite-1.0.2
Fix graphite crash by upgrading from 0.9.15 -> 1.0.2
2017-10-18 12:58:55 +01:00
Bjørn Forsman
774d05878a nixos/tests: unbreak prometheus test
Commit 271d3f7a43 ("prometheus service: globalConfig.labels is obsolete")
removed globalConfig.labels. Update the test config accordingly.
2017-10-16 20:31:49 +02:00
Bjørn Forsman
10e79d43f6 nixos/tests: add gitolite test 2017-10-16 19:22:07 +02:00
Bjørn Forsman
943730ff9b nixos/tests: add basic test for services.atd 2017-10-16 19:08:19 +02:00
Bjørn Forsman
0ff4bb5f87 nixos: run parted with --script option
-s, --script: never prompts for user intervention

Sometimes the NixOS installer tests fail when they invoke parted, e.g.
https://hydra.nixos.org/build/62513826/nixlog/1. But instead of exiting
right there, the tests hang until the Nix builder times out (and kills
the build). With this change the tests would instead fail immediately,
which is preferred.

While at it, use "parted --script" treewide, so nobody gets build
timeout due to parted error (or misuse). (Only nixos/ use it, and only
non-interactive.)

A few instances already use the short option "-s", convert them to long
option "--short".
2017-10-14 15:29:02 +02:00
Lancelot SIX
4ea954477f Merge pull request #30321 from RemiDesgrange/add-postgis-2.4.0
Add postgis 2.4.0
2017-10-14 10:13:53 +02:00
Rémi Desgrange
8dcaa5b313 postgis: add v2.4.0
Add postgis 2.4.0

doesn't remove v2.3.1. There are some big change in 2.4 that people may
don't want. see https://postgis.net/docs/release_notes.html#idm41021

fix test call

modify following recommandation of lsix
2017-10-13 09:45:25 +02:00
aszlig
20487112ed
nixos: Fix output path generation of runInMachine
Regression introduced by a02bb00156.

The fix is done by disabling writableStore, because the latter will set
up an overlayfs on the Nix store within the VM, which in turn will
discard all the outputs of the resulting output path.

However in runInMachine we actually *want* the contents of the generated
path and also don't want a writable store within the VM (except of
course for $out, which is writable anyway).

I've added a small regression test to verifify the output in
nixos/tests/run-in-machine.nix to make sure this won't break again in
the future.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-10-11 20:08:11 +02:00
Jörg Thalheim
62922af208 Merge pull request #29994 from bachp/minio-update
minio: 20170613 -> 2017-09-29T19-16-56Z
2017-10-08 12:12:32 +01:00
Pascal Bach
1983e6c8cc minio: 20170613 -> 2017-09-29T19-16-56Z
The test was updated as minio now needs at least 1 GiB of free disk,
otherwise it won't start.
2017-10-08 12:24:29 +02:00
Bas van Dijk
5b8ff5ed49 graphite: 0.9.15 -> 1.0.2
Fixes: #29961

Also added the option:

  services.graphite.web.extraConfig

for configuring graphite_web.
2017-10-08 03:03:22 +02:00
WilliButz
3539e16cfa
nixos/tests: clean up pgjwt test
- removed unneeded initscript
- use default postgres version for the test
2017-10-04 13:04:49 +02:00
Joachim F
0625110d1a Merge pull request #29927 from WilliButz/fix-pgjwt-test
nixos/tests: fix pgjwt test
2017-10-04 10:57:43 +00:00
Ruben Maher
06e15e59f9 nixos/krb5: complete rewrite
The `krb5` service was a bit lacking.

Addresses NixOS/nixpkgs#11268, partially addresses NixOS/nixpkgs#29623.
2017-10-02 14:30:19 +10:30
WilliButz
7d09fc6ea7
nixos/tests: rewrite pgjwt test
- now using the test contained in the pgjwt source repo
- also compatible with the new `superUser` option of the
  `postgresql` service
2017-10-01 20:12:58 +02:00
Jan Tojnar
dfdfb97f0f nixos/tests/gnome3-gdm: Increase memory limit
The test was failing on x86_64 prematurely due to memory being exhausted.

See also 3b9f0c6a46
2017-09-28 17:20:23 +02:00
Robin Gloster
d05b0b6b70
mesos test: fix python handling
Still does not succeed but advances further

(cherry picked from commit 30d09f717aa94a78105bff22da548b904887b394)
2017-09-28 01:15:41 +02:00
Rodney Lorrimar
56eba66f77 mysqlBackup service: let it work with default settings
* Grants enough privileges to the configured user so that it can run
  mysqldump.

* Adds a nixos test.

* Use systemd timers instead of a cronjob (by @fadenb).

* Creates a new user for backups by default, instead of using mysql
  user.

* Ensures that backup user has write permissions on backup location.

* Write backup to a temporary file before renaming so that a failed
  backup won't overwrite the previous backup, and so that the backup
  location will never contain a partial backup.

Breaking changes:

 * Renamed period to calendar to reflect the change in how to
   configure the backup time.

 * A failed backup will no longer result in cron sending an e-mail --
   users' monitoring systems must be updated.

Resolves #24728
2017-09-27 18:44:49 +02:00
Silvan Mosberger
a8c97ad23e nixos/radicale: fix default version (#29743) 2017-09-25 10:18:42 +00:00
Matej Cotman
6ef8cad2a7 kubernetes: fix tests 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
7dfeac88ac kubernetes module: flannel support, minor fixes
- add flannel support
- remove deprecated authorizationRBACSuperAdmin option
- rename from deprecated poratalNet to serviceClusterIpRange
- add nodeIp option for kubelet
- kubelet, add br_netfilter to kernelModules
- enable firewall by default
- enable dns by default on node and on master
- disable iptables for docker by default on nodes
- dns, restart on failure
- update tests

and other minor changes
2017-09-24 11:44:25 +02:00
Matej Cotman
8e14e978c8 kubernetes: fix minor issues 2017-09-24 11:44:25 +02:00
Matej Cotman
7f9d1a7aaf kubernetes: add tests 2017-09-24 11:44:25 +02:00
Joachim Fasting
bccaf63067
nixos/hardened test: add failing test-case for deferred mounts 2017-09-22 23:53:27 +02:00
aszlig
a75265924f
nixos/tests/virtualbox: Fix netcat invocation
This is a backwards-incompatibility in netcat-openbsd introduced due to
bumping the netcat version to 1.130 in
a72ba661ac.

Version 1.130 no longer exits on EOF but now needs to be passed the -N
flag in order to exit on EOF.

The upstream change reads[1] like this:

  Don't shutdown nc(1)'s network socket when stdin closes. Matches
  *Hobbit*'s original netcat and GNU netcat; revert to old behaviour
  with the new -N flag if needed. After much discussion with otto
  deraadt tedu and Martin Pelikan.  ok deraadt@

Here is the diff of this change:

http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/nc/netcat.c.diff?r1=1.110&r2=1.111&f=h

[1]: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/nc/netcat.c?rev=1.111&content-type=text/x-cvsweb-markup

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-09-21 03:49:46 +02:00
Franz Pletz
406c7a0731 Merge pull request #29521 from aneeshusa/ease-radicale-upgrade
Ease radicale upgrade
2017-09-18 23:13:53 +02:00
WilliButz
9198ad65ef tests: add initrd-network-ssh test
starts two VMs:
- one with dropbear listening from initrd,
  waiting for a file
- another connecting via ssh, creating the file
2017-09-18 19:51:46 +02:00
Aneesh Agrawal
28c2cea847 radicale: Test migration functionality
This also provides an example of how to migrate.
2017-09-18 09:11:36 -07:00
WilliButz
0b2d9bbbd2 nixos/tests: add grafana test (#29531) 2017-09-18 16:59:50 +02:00
Franz Pletz
b179908414
nixos/networking: network is online if default gw set
Previously services depending on network-online.target would wait until
dhcpcd times out if it was enabled and a static network address
configuration was used. Setting the default gateway statically is enough
for the networking to be considered online.

This also adjusts the relevant networking tests to wait for
network-online.target instead of just network.target.
2017-09-18 14:51:38 +02:00
Maximilian Güntner
44475cae27 tests: ipfs: enable autoMount tests 2017-09-18 00:05:35 -07:00
aszlig
3ba2095a42
nixos/dovecot: Fix createMailUser implementation
This option got introduced in 7904499542
and it didn't check whether mailUser and mailGroup are null, which they
are by default.

Now we're only creating the user if createMailUser is set in conjunction
with mailUser and the group if mailGroup is set as well.

I've added a NixOS VM test so that we can verify whether dovecot works
without any additional options set, so it serves as a regression test
for issue #29466 and other issues that might come up with future changes
to the Dovecot service.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #29466
Cc: @qknight, @abbradar, @ixmatus, @siddharthist
2017-09-17 04:57:20 +02:00
Joachim F
8ceb209830 Merge pull request #29462 from joachifm/trivial-misc-tests
nixos/tests: move kernel-params & sysctl test to misc
2017-09-16 19:51:58 +00:00
Joachim Fasting
586d04c588
nixos/tests: expand hardened tests 2017-09-16 13:14:07 +02:00
Joachim Fasting
ffd56ba4f6
nixos/tests: move kernel-params test to misc 2017-09-16 12:45:28 +02:00
Joachim Fasting
c85cf60c83
nixos/tests: move sysctl test to misc 2017-09-16 12:45:23 +02:00
aszlig
b5fbb4f362
nixos/tests/acme: Use overridePythonAttrs
Quoting from @FRidh:

  Note overridePythonAttrs exists since 17.09. It overrides the call to
  buildPythonPackage.

While it's not strictly necessary to do this, because postPatch ends up
in drvAttrs anyway, it's probably better to use overridePythonAttrs so
we don't run into problems when the underlying implementation of
buildPythonPackage changes.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-09-14 23:18:52 +02:00
aszlig
01fffd94e5
nixos/tests/acme: Patch certifi with cacert
Since 67651d80bc the requests package now
depends on certifi, which in turn provides the CA root certificates that
we need to replace.

It might also be a good idea to actually patch certifi with our version
of cacert by default so that if we want to override and/or add something
we only need to do it once.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @fpletz, @k0ral, @FRidh
2017-09-13 23:16:43 +02:00
aszlig
bda38317eb
nixos/tests/letsencrypt: Fix nginx options
The enableSSL option has been deprecated in
a912a6a291, so we switch to using onlySSL.

I've also explicitly disabled enableACME, because this is the default
and we don't actually want to have ACME enabled for a host which runs an
actual ACME server.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-09-13 23:16:40 +02:00
aszlig
11b3ae74e1
nixos/tests: Add a basic test for ACME
The test here is pretty basic and only tests nginx, but it should get us
started to write tests for different webservers and different ACME
implementations.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-09-13 23:16:37 +02:00
aszlig
b3162a1074
nixos/tests: Add common modules for letsencrypt
These modules implement a way to test ACME based on a test instance of
Letsencrypt's Boulder service. The service implementation is in
letsencrypt.nix and the second module (resolver.nix) is a support-module
for the former, but can also be used for tests not involving ACME.

The second module provides a DNS server which hosts a root zone
containing all the zones and /etc/hosts entries (except loopback) in the
entire test network, so this can be very useful for other modules that
need DNS resolution.

Originally, I wrote these modules for the Headcounter deployment, but
I've refactored them a bit to be generally useful to NixOS users. The
original implementation can be found here:

https://github.com/headcounter/deployment/tree/89e7feafb/modules/testing

Quoting parts from the commit message of the initial implementation of
the Letsencrypt module in headcounter/deployment@95dfb31110:

    This module is going to be used for tests where we need to
    impersonate an ACME service such as the one from Letsencrypt within
    VM tests, which is the reason why this module is a bit ugly (I only
    care if it's working not if it's beautiful).

    While the module isn't used anywhere, it will serve as a pluggable
    module for testing whether ACME works properly to fetch certificates
    and also as a replacement for our snakeoil certificate generator.

Also quoting parts of the commit where I have refactored the same module
in headcounter/deployment@85fa481b34:

    Now we have a fully pluggable module which automatically discovers
    in which network it's used via the nodes attribute.

    The test environment of Boulder used "dns-test-srv", which is a fake
    DNS server that's resolving almost everything to 127.0.0.1. On our
    setup this is not useful, so instead we're now running a local BIND
    name server which has a fake root zone and uses the mentioned node
    attribute to automatically discover other zones in the network of
    machines and generate delegations from the root zone to the
    respective zones with the primaryIPAddress of the node.

    ...

    We want to use real letsencrypt.org FQDNs here, so we can't get away
    with the snakeoil test certificates from the upstream project but
    now roll our own.

    This not only has the benefit that we can easily pass the snakeoil
    certificate to other nodes, but we can (and do) also use it for an
    nginx proxy that's now serving HTTPS for the Boulder web front end.

The Headcounter deployment tests are simulating a production scenario
with real IPs and nameservers so it won't need to rely on
networking.extraHost. However in this implementation we don't
necessarily want to do that, so I've added auto-discovery of
networking.extraHosts in the resolver module.

Another change here is that the letsencrypt module now falls back to
using a local resolver, the Headcounter implementation on the other hand
always required to add an extra test node which serves as a resolver.

I could have squashed both modules into the final ACME test, but that
would make it not very reusable, so that's the main reason why I put
these modules in tests/common.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-09-13 23:16:33 +02:00
Tim Steinbach
84e34d4d5d
tests: xmonad less dependent on timings 2017-09-09 10:07:34 -04:00
Tim Steinbach
024b501907
tests: Fix hibernate 2017-09-06 22:01:48 -04:00