Simple EC2 user-data VM test · pyrox.dev/nixpkgs@b6c589b

pyrox.dev / nixpkgs

fork atom

lol

fork atom

Simple EC2 user-data VM test

authored by

Dan Peebles and committed by

Dan Peebles 10 years ago b6c589b2 bb3db4e6

+98 -3

4 changed files

expand all

nixos

lib

test-driver

Machine.pm

maintainers

scripts

ec2

amazon-base-config.nix

release.nix

tests

ec2.nix

-2

nixos/lib/test-driver/Machine.pm

··· 43 43 $startCommand .= "-bios $args->{bios} " 44 44 if defined $args->{bios}; 45 45 $startCommand .= $args->{qemuFlags} || ""; 46 - } else { 47 - $startCommand = Cwd::abs_path $startCommand; 48 46 } 49 47 50 48 my $tmpDir = $ENV{'TMPDIR'} || "/tmp";

+1 -1

nixos/maintainers/scripts/ec2/amazon-base-config.nix

··· 1 1 { modulesPath, ...}: 2 2 { 3 - imports = [ "${modulesPath}/virtualisation/amazon-config.nix" ]; 3 + imports = [ "${modulesPath}/virtualisation/amazon-image.nix" ]; 4 4 services.journald.rateLimitBurst = 0; 5 5 }

nixos/release.nix

··· 247 247 tests.docker = hydraJob (import tests/docker.nix { system = "x86_64-linux"; }); 248 248 tests.dockerRegistry = hydraJob (import tests/docker-registry.nix { system = "x86_64-linux"; }); 249 249 tests.etcd = hydraJob (import tests/etcd.nix { system = "x86_64-linux"; }); 250 + tests.ec2 = hydraJob (import tests/ec2.nix { system = "x86_64-linux"; }).bootEc2NixOps; 250 251 tests.firefox = callTest tests/firefox.nix {}; 251 252 tests.firewall = callTest tests/firewall.nix {}; 252 253 tests.fleet = hydraJob (import tests/fleet.nix { system = "x86_64-linux"; });

+96

nixos/tests/ec2.nix

··· 1 + { system ? builtins.currentSystem }: 2 + 3 + with import ../lib/testing.nix { inherit system; }; 4 + with import ../lib/qemu-flags.nix; 5 + with pkgs.lib; 6 + 7 + let 8 + image = 9 + (import ../lib/eval-config.nix { 10 + inherit system; 11 + modules = [ 12 + ../maintainers/scripts/ec2/amazon-hvm-config.nix 13 + ../../nixos/modules/testing/test-instrumentation.nix 14 + { boot.initrd.kernelModules = [ "virtio" "virtio_blk" "virtio_pci" "virtio_ring" ]; } 15 + ]; 16 + }).config.system.build.amazonImage; 17 + 18 + makeEc2Test = { name, userData, script, hostname ? "ec2-instance", sshPublicKey ? null }: 19 + let 20 + metaData = pkgs.stdenv.mkDerivation { 21 + name = "metadata"; 22 + buildCommand = '' 23 + mkdir -p $out/2011-01-01 24 + ln -s ${pkgs.writeText "userData" userData} $out/2011-01-01/user-data 25 + mkdir -p $out/1.0/meta-data 26 + echo "${hostname}" > $out/1.0/meta-data/hostname 27 + '' + optionalString (sshPublicKey != null) '' 28 + mkdir -p $out/1.0/meta-data/public-keys/0 29 + ln -s ${pkgs.writeText "sshPublicKey" sshPublicKey} $out/1.0/meta-data/public-keys/0/openssh-key 30 + ''; 31 + }; 32 + in makeTest { 33 + name = "ec2-" + name; 34 + nodes = {}; 35 + testScript = 36 + '' 37 + use File::Temp qw/ tempfile /; 38 + my ($fh, $filename) = tempfile(); 39 + 40 + `qemu-img create -f qcow2 -o backing_file=${image}/nixos.img $filename`; 41 + 42 + my $startCommand = "qemu-kvm -m 768 -net nic -net 'user,net=169.254.0.0/16,guestfwd=tcp:169.254.169.254:80-cmd:${pkgs.micro-httpd}/bin/micro_httpd ${metaData}'"; 43 + $startCommand .= " -drive file=" . Cwd::abs_path($filename) . ",if=virtio,werror=report"; 44 + $startCommand .= " \$QEMU_OPTS"; 45 + 46 + my $machine = createMachine({ startCommand => $startCommand }); 47 + ${script} 48 + ''; 49 + }; 50 + 51 + snakeOilPrivateKey = [ 52 + "-----BEGIN EC PRIVATE KEY-----" 53 + "MHcCAQEEIHQf/khLvYrQ8IOika5yqtWvI0oquHlpRLTZiJy5dRJmoAoGCCqGSM49" 54 + "AwEHoUQDQgAEKF0DYGbBwbj06tA3fd/+yP44cvmwmHBWXZCKbS+RQlAKvLXMWkpN" 55 + "r1lwMyJZoSGgBHoUahoYjTh9/sJL7XLJtA==" 56 + "-----END EC PRIVATE KEY-----" 57 + ]; 58 + 59 + snakeOilPublicKey = pkgs.lib.concatStrings [ 60 + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHA" 61 + "yNTYAAABBBChdA2BmwcG49OrQN33f/sj+OHL5sJhwVl2Qim0vkUJQCry1zFpKTa" 62 + "9ZcDMiWaEhoAR6FGoaGI04ff7CS+1yybQ= snakeoil" 63 + ]; 64 + in { 65 + bootEc2NixOps = makeEc2Test { 66 + name = "nixops-userdata"; 67 + sshPublicKey = snakeOilPublicKey; # That's right folks! My user's key is also the host key! 68 + 69 + userData = '' 70 + SSH_HOST_DSA_KEY_PUB:${snakeOilPublicKey} 71 + SSH_HOST_DSA_KEY:${pkgs.lib.concatStringsSep "|" snakeOilPrivateKey} 72 + ''; 73 + script = '' 74 + $machine->start; 75 + $machine->waitForFile("/root/user-data"); 76 + $machine->waitForUnit("sshd.service"); 77 + 78 + # We have no keys configured on the client side yet, so this should fail 79 + $machine->fail("ssh -o BatchMode=yes localhost exit"); 80 + 81 + # Let's install our client private key 82 + $machine->succeed("mkdir -p ~/.ssh"); 83 + ${concatMapStrings (s: "$machine->succeed('echo ${s} >> ~/.ssh/id_ecdsa');") snakeOilPrivateKey} 84 + $machine->succeed("chmod 600 ~/.ssh/id_ecdsa"); 85 + 86 + # We haven't configured the host key yet, so this should still fail 87 + $machine->fail("ssh -o BatchMode=yes localhost exit"); 88 + 89 + # Add the host key; ssh should finally succeed 90 + $machine->succeed("echo localhost,127.0.0.1 ${snakeOilPublicKey} > ~/.ssh/known_hosts"); 91 + $machine->succeed("ssh -o BatchMode=yes localhost exit"); 92 + 93 + $machine->shutdown; 94 + ''; 95 + }; 96 + }