diff options
| author | Markus Mueller <john.subscriber@markus.institute> | 2017-08-03 17:57:43 +0000 |
|---|---|---|
| committer | Robin Gloster <mail@glob.in> | 2017-08-03 21:16:14 +0200 |
| commit | 1793c96be2f732af04fb78008a5c35d2630f9edd (patch) | |
| tree | 9bcd690eb0a5b127d7bea3ab61a021719c2ec4f8 /nixos/tests/nat.nix | |
| parent | 53d2f0980d7b66fefbaeb405bd11789fb816f137 (diff) | |
| download | nixpkgs-1793c96be2f732af04fb78008a5c35d2630f9edd.tar nixpkgs-1793c96be2f732af04fb78008a5c35d2630f9edd.tar.gz nixpkgs-1793c96be2f732af04fb78008a5c35d2630f9edd.tar.bz2 nixpkgs-1793c96be2f732af04fb78008a5c35d2630f9edd.tar.lz nixpkgs-1793c96be2f732af04fb78008a5c35d2630f9edd.tar.xz nixpkgs-1793c96be2f732af04fb78008a5c35d2630f9edd.tar.zst nixpkgs-1793c96be2f732af04fb78008a5c35d2630f9edd.zip | |
tests/nat: Use switch-to-configuration in test case
Diffstat (limited to 'nixos/tests/nat.nix')
| -rw-r--r-- | nixos/tests/nat.nix | 59 |
1 files changed, 39 insertions, 20 deletions
diff --git a/nixos/tests/nat.nix b/nixos/tests/nat.nix index 74e20bff8d8..f1097cdfc49 100644 --- a/nixos/tests/nat.nix +++ b/nixos/tests/nat.nix @@ -6,6 +6,20 @@ import ./make-test.nix ({ pkgs, lib, withFirewall, withConntrackHelpers ? false, ... }: let unit = if withFirewall then "firewall" else "nat"; + + routerBase = + lib.mkMerge [ + { virtualisation.vlans = [ 2 1 ]; + networking.firewall.enable = withFirewall; + networking.firewall.allowPing = true; + networking.nat.internalIPs = [ "192.168.1.0/24" ]; + networking.nat.externalInterface = "eth1"; + } + (lib.optionalAttrs withConntrackHelpers { + networking.firewall.connectionTrackingModules = [ "ftp" ]; + networking.firewall.autoLoadConntrackHelpers = true; + }) + ]; in { name = "nat" + (if withFirewall then "WithFirewall" else "Standalone") @@ -30,20 +44,16 @@ import ./make-test.nix ({ pkgs, lib, withFirewall, withConntrackHelpers ? false, ]; router = - { config, pkgs, ... }: - lib.mkMerge [ - { virtualisation.vlans = [ 2 1 ]; - networking.firewall.enable = withFirewall; - networking.firewall.allowPing = true; - networking.nat.enable = true; - networking.nat.internalIPs = [ "192.168.1.0/24" ]; - networking.nat.externalInterface = "eth1"; - } - (lib.optionalAttrs withConntrackHelpers { - networking.firewall.connectionTrackingModules = [ "ftp" ]; - networking.firewall.autoLoadConntrackHelpers = true; - }) - ]; + { config, pkgs, ... }: lib.mkMerge [ + routerBase + { networking.nat.enable = true; } + ]; + + routerDummyNoNat = + { config, pkgs, ... }: lib.mkMerge [ + routerBase + { networking.nat.enable = false; } + ]; server = { config, pkgs, ... }: @@ -57,9 +67,13 @@ import ./make-test.nix ({ pkgs, lib, withFirewall, withConntrackHelpers ? false, }; testScript = - { nodes, ... }: - '' - startAll; + { nodes, ... }: let + routerDummyNoNatClosure = nodes.routerDummyNoNat.config.system.build.toplevel; + routerClosure = nodes.router.config.system.build.toplevel; + in '' + $client->start; + $router->start; + $server->start; # The router should have access to the server. $server->waitForUnit("network.target"); @@ -87,13 +101,18 @@ import ./make-test.nix ({ pkgs, lib, withFirewall, withConntrackHelpers ? false, $router->succeed("ping -c 1 client >&2"); # If we turn off NAT, the client shouldn't be able to reach the server. - $router->succeed("iptables -t nat -D PREROUTING -j nixos-nat-pre"); - $router->succeed("iptables -t nat -D POSTROUTING -j nixos-nat-post"); + $router->succeed("${routerDummyNoNatClosure}/bin/switch-to-configuration test 2>&1"); + # FIXME: this should not be necessary, but nat.service is not started because + # network.target is not triggered + # (https://github.com/NixOS/nixpkgs/issues/16230#issuecomment-226408359) + ${lib.optional (!withFirewall) '' + $router->succeed("systemctl start nat.service"); + ''} $client->fail("curl --fail --connect-timeout 5 http://server/ >&2"); $client->fail("ping -c 1 server >&2"); # And make sure that reloading the NAT job works. - $router->succeed("systemctl restart ${unit}"); + $router->succeed("${routerClosure}/bin/switch-to-configuration test 2>&1"); $client->succeed("curl --fail http://server/ >&2"); $client->succeed("ping -c 1 server >&2"); ''; |