diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-04-11 17:15:56 +0200 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-04-11 17:16:44 +0200 |
commit | 13185280fee4111dc07f794e528fa3a73f421f3a (patch) | |
tree | 40f813ae0cf436e9bbe3a8364b046c6f93ffc2fc /nixos/tests | |
parent | 017408e048ae2419baf0adba424b51d85b063a30 (diff) | |
download | nixpkgs-13185280fee4111dc07f794e528fa3a73f421f3a.tar nixpkgs-13185280fee4111dc07f794e528fa3a73f421f3a.tar.gz nixpkgs-13185280fee4111dc07f794e528fa3a73f421f3a.tar.bz2 nixpkgs-13185280fee4111dc07f794e528fa3a73f421f3a.tar.lz nixpkgs-13185280fee4111dc07f794e528fa3a73f421f3a.tar.xz nixpkgs-13185280fee4111dc07f794e528fa3a73f421f3a.tar.zst nixpkgs-13185280fee4111dc07f794e528fa3a73f421f3a.zip |
Fix tests broken due to the firewall being enabled by default
Diffstat (limited to 'nixos/tests')
-rw-r--r-- | nixos/tests/bittorrent.nix | 8 | ||||
-rw-r--r-- | nixos/tests/containers.nix | 4 | ||||
-rw-r--r-- | nixos/tests/firewall.nix | 3 | ||||
-rw-r--r-- | nixos/tests/installer.nix | 2 | ||||
-rw-r--r-- | nixos/tests/ipv6.nix | 1 | ||||
-rw-r--r-- | nixos/tests/jenkins.nix | 14 | ||||
-rw-r--r-- | nixos/tests/mumble.nix | 1 | ||||
-rw-r--r-- | nixos/tests/mysql-replication.nix | 9 | ||||
-rw-r--r-- | nixos/tests/nat.nix | 3 | ||||
-rw-r--r-- | nixos/tests/nfs.nix | 2 | ||||
-rw-r--r-- | nixos/tests/printing.nix | 3 | ||||
-rw-r--r-- | nixos/tests/proxy.nix | 11 | ||||
-rw-r--r-- | nixos/tests/quake3.nix | 1 | ||||
-rw-r--r-- | nixos/tests/tomcat.nix | 9 |
14 files changed, 47 insertions, 24 deletions
diff --git a/nixos/tests/bittorrent.nix b/nixos/tests/bittorrent.nix index 6e67edb0b82..f84b65699d3 100644 --- a/nixos/tests/bittorrent.nix +++ b/nixos/tests/bittorrent.nix @@ -33,6 +33,8 @@ in services.httpd.enable = true; services.httpd.adminAddr = "foo@example.org"; services.httpd.documentRoot = "/tmp"; + + networking.firewall.enable = false; # FIXME: figure out what ports we actually need }; router = @@ -50,11 +52,13 @@ in virtualisation.vlans = [ 2 ]; networking.defaultGateway = nodes.router.config.networking.interfaces.eth2.ipAddress; + networking.firewall.enable = false; }; client2 = { config, pkgs, ... }: { environment.systemPackages = [ pkgs.transmission ]; + networking.firewall.enable = false; }; }; @@ -66,8 +70,8 @@ in # Enable NAT on the router and start miniupnpd. $router->waitForUnit("nat"); $router->succeed( - "iptables -t nat -N MINIUPNPD", - "iptables -t nat -A PREROUTING -i eth1 -j MINIUPNPD", + "iptables -w -t nat -N MINIUPNPD", + "iptables -w -t nat -A PREROUTING -i eth1 -j MINIUPNPD", "echo 1 > /proc/sys/net/ipv4/ip_forward", "miniupnpd -f ${miniupnpdConf nodes}" ); diff --git a/nixos/tests/containers.nix b/nixos/tests/containers.nix index d72e80b71af..06b793ed7ac 100644 --- a/nixos/tests/containers.nix +++ b/nixos/tests/containers.nix @@ -17,6 +17,8 @@ config = { services.httpd.enable = true; services.httpd.adminAddr = "foo@example.org"; + networking.firewall.allowedTCPPorts = [ 80 ]; + networking.firewall.allowPing = true; }; }; @@ -65,7 +67,7 @@ $machine->succeed("nixos-container start $id1"); # Execute commands via the root shell. - $machine->succeed("echo uname | nixos-container root-shell $id1") =~ /Linux/; + $machine->succeed("nixos-container run $id1 -- uname") =~ /Linux/; $machine->succeed("nixos-container set-root-password $id1 foobar"); # Destroy the containers. diff --git a/nixos/tests/firewall.nix b/nixos/tests/firewall.nix index de32b98e5d2..15653dedf3c 100644 --- a/nixos/tests/firewall.nix +++ b/nixos/tests/firewall.nix @@ -17,6 +17,7 @@ { config, pkgs, ... }: { services.httpd.enable = true; services.httpd.adminAddr = "foo@example.org"; + networking.firewall.enable = false; }; }; @@ -33,7 +34,7 @@ $walled->succeed("curl -v http://localhost/ >&2"); # Connections to the firewalled machine should fail. - $attacker->fail("curl -v http://walled/ >&2"); + $attacker->fail("curl --fail --connect-timeout 2 http://walled/ >&2"); $attacker->fail("ping -c 1 walled >&2"); # Outgoing connections/pings should still work. diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix index 151458fbd5e..b0c0aa328f0 100644 --- a/nixos/tests/installer.nix +++ b/nixos/tests/installer.nix @@ -79,6 +79,8 @@ let virtualisation.writableStore = true; virtualisation.pathsInNixDB = channelContents ++ [ pkgs.hello.src ]; virtualisation.memorySize = 768; + + networking.firewall.allowedTCPPorts = [ 80 ]; }; channelContents = [ pkgs.rlwrap ]; diff --git a/nixos/tests/ipv6.nix b/nixos/tests/ipv6.nix index 29d675e180a..48c20d7f5c9 100644 --- a/nixos/tests/ipv6.nix +++ b/nixos/tests/ipv6.nix @@ -12,6 +12,7 @@ { config, pkgs, ... }: { services.httpd.enable = true; services.httpd.adminAddr = "foo@example.org"; + networking.firewall.allowedTCPPorts = [ 80 ]; }; router = diff --git a/nixos/tests/jenkins.nix b/nixos/tests/jenkins.nix index e6524ec5653..40223482791 100644 --- a/nixos/tests/jenkins.nix +++ b/nixos/tests/jenkins.nix @@ -3,21 +3,27 @@ # 2. jenkins user can be extended on both master and slave # 3. jenkins service not started on slave node { pkgs, ... }: + { nodes = { - master = { pkgs, config, ... }: { - services.jenkins.enable = true; + + master = + { config, pkgs, ... }: + { services.jenkins.enable = true; # should have no effect services.jenkinsSlave.enable = true; users.extraUsers.jenkins.extraGroups = [ "users" ]; }; - slave = { pkgs, config, ... }: { - services.jenkinsSlave.enable = true; + + slave = + { config, pkgs, ... }: + { services.jenkinsSlave.enable = true; users.extraUsers.jenkins.extraGroups = [ "users" ]; }; + }; testScript = '' diff --git a/nixos/tests/mumble.nix b/nixos/tests/mumble.nix index 509742f2899..10658eb5f02 100644 --- a/nixos/tests/mumble.nix +++ b/nixos/tests/mumble.nix @@ -11,6 +11,7 @@ in server = { config, pkgs, ... }: { services.murmur.enable = true; services.murmur.registerName = "NixOS tests"; + networking.firewall.allowedTCPPorts = [ config.services.murmur.port ]; }; client1 = client; diff --git a/nixos/tests/mysql-replication.nix b/nixos/tests/mysql-replication.nix index f8c82f7ce9c..44586322600 100644 --- a/nixos/tests/mysql-replication.nix +++ b/nixos/tests/mysql-replication.nix @@ -15,10 +15,11 @@ in services.mysql.replication.role = "master"; services.mysql.initialDatabases = [ { name = "testdb"; schema = ./testdb.sql; } ]; services.mysql.initialScript = pkgs.writeText "initmysql" - '' - create user '${replicateUser}'@'%' identified by '${replicatePassword}'; - grant replication slave on *.* to '${replicateUser}'@'%'; - ''; + '' + create user '${replicateUser}'@'%' identified by '${replicatePassword}'; + grant replication slave on *.* to '${replicateUser}'@'%'; + ''; + networking.firewall.allowedTCPPorts = [ 3306 ]; }; slave1 = diff --git a/nixos/tests/nat.nix b/nixos/tests/nat.nix index a13714d60a9..259ab99d301 100644 --- a/nixos/tests/nat.nix +++ b/nixos/tests/nat.nix @@ -12,6 +12,7 @@ { client = { config, pkgs, nodes, ... }: { virtualisation.vlans = [ 1 ]; + networking.firewall.allowPing = true; networking.defaultGateway = nodes.router.config.networking.interfaces.eth2.ipAddress; }; @@ -19,6 +20,7 @@ router = { config, pkgs, ... }: { virtualisation.vlans = [ 2 1 ]; + networking.firewall.allowPing = true; networking.nat.enable = true; networking.nat.internalIPs = [ "192.168.1.0/24" ]; networking.nat.externalInterface = "eth1"; @@ -27,6 +29,7 @@ server = { config, pkgs, ... }: { virtualisation.vlans = [ 2 ]; + networking.firewall.enable = false; services.httpd.enable = true; services.httpd.adminAddr = "foo@example.org"; services.vsftpd.enable = true; diff --git a/nixos/tests/nfs.nix b/nixos/tests/nfs.nix index 51abf57e1b7..7bc99aef3b5 100644 --- a/nixos/tests/nfs.nix +++ b/nixos/tests/nfs.nix @@ -13,6 +13,7 @@ let options = "vers=${toString version}"; } ]; + networking.firewall.enable = false; # FIXME: only open statd }; in @@ -31,6 +32,7 @@ in /data 192.168.1.0/255.255.255.0(rw,no_root_squash,no_subtree_check,fsid=0) ''; services.nfs.server.createMountPoints = true; + networking.firewall.enable = false; # FIXME: figure out what ports need to be allowed }; }; diff --git a/nixos/tests/printing.nix b/nixos/tests/printing.nix index 13cc3115d50..b5ca0f25e21 100644 --- a/nixos/tests/printing.nix +++ b/nixos/tests/printing.nix @@ -17,6 +17,7 @@ Allow from all </Location> ''; + networking.firewall.allowedTCPPorts = [ 631 ]; }; client = @@ -37,7 +38,7 @@ $client->succeed("lpstat -H") =~ "/var/run/cups/cups.sock" or die; $client->succeed("curl --fail http://localhost:631/"); $client->succeed("curl --fail http://server:631/"); - $server->fail("curl --fail http://client:631/"); + $server->fail("curl --fail --connect-timeout 2 http://client:631/"); # Add a HP Deskjet printer connected via USB to the server. $server->succeed("lpadmin -p DeskjetLocal -v usb://HP/Deskjet%205400%20series?serial=TH93I152S123XY -m 'drv:///sample.drv/deskjet.ppd' -E"); diff --git a/nixos/tests/proxy.nix b/nixos/tests/proxy.nix index 3b79c16ea2c..dd64ca02e16 100644 --- a/nixos/tests/proxy.nix +++ b/nixos/tests/proxy.nix @@ -5,12 +5,10 @@ let backend = { config, pkgs, ... }: - { - services.openssh.enable = true; - - services.httpd.enable = true; + { services.httpd.enable = true; services.httpd.adminAddr = "foo@example.org"; services.httpd.documentRoot = "${pkgs.valgrind}/share/doc/valgrind/html"; + networking.firewall.allowedTCPPorts = [ 80 ]; }; in @@ -21,8 +19,7 @@ in { proxy = { config, pkgs, nodes, ... }: - { - services.httpd.enable = true; + { services.httpd.enable = true; services.httpd.adminAddr = "bar@example.org"; services.httpd.extraModules = ["proxy_balancer"]; @@ -50,6 +47,8 @@ in # For testing; don't want to wait forever for dead backend servers. ProxyTimeout 5 ''; + + networking.firewall.allowedTCPPorts = [ 80 ]; }; backend1 = backend; diff --git a/nixos/tests/quake3.nix b/nixos/tests/quake3.nix index fefbd75b4a3..2ebac84ca06 100644 --- a/nixos/tests/quake3.nix +++ b/nixos/tests/quake3.nix @@ -37,6 +37,7 @@ rec { "'+map q3dm7' '+addbot grunt' '+addbot daemia' 2> /tmp/log"; }; nixpkgs.config.packageOverrides = overrides; + networking.firewall.allowedUDPPorts = [ 27960 ]; }; client1 = client; diff --git a/nixos/tests/tomcat.nix b/nixos/tests/tomcat.nix index 6bc88ec82fa..6ec21a72192 100644 --- a/nixos/tests/tomcat.nix +++ b/nixos/tests/tomcat.nix @@ -5,13 +5,12 @@ server = { pkgs, config, ... }: - { - services.tomcat.enable = true; + { services.tomcat.enable = true; services.httpd.enable = true; services.httpd.adminAddr = "foo@bar.com"; - services.httpd.extraSubservices = [ - { serviceType = "tomcat-connector"; } - ]; + services.httpd.extraSubservices = + [ { serviceType = "tomcat-connector"; } ]; + networking.firewall.allowedTCPPorts = [ 80 ]; }; client = { }; |