diff options
| author | Tim Van Baak <tim.vanbaak@gmail.com> | 2021-03-04 21:28:25 -0800 |
|---|---|---|
| committer | Tim Van Baak <tim.vanbaak@gmail.com> | 2021-03-04 21:36:05 -0800 |
| commit | c8dcf63b4ea6f9ffc3f79cbd823bbb1c0956efbb (patch) | |
| tree | 50604d0251c2e14292632765667121aeea6049ac /nixos | |
| parent | e3f113abc2ea4108ce1d39f5332d16341e773c83 (diff) | |
| download | nixpkgs-c8dcf63b4ea6f9ffc3f79cbd823bbb1c0956efbb.tar nixpkgs-c8dcf63b4ea6f9ffc3f79cbd823bbb1c0956efbb.tar.gz nixpkgs-c8dcf63b4ea6f9ffc3f79cbd823bbb1c0956efbb.tar.bz2 nixpkgs-c8dcf63b4ea6f9ffc3f79cbd823bbb1c0956efbb.tar.lz nixpkgs-c8dcf63b4ea6f9ffc3f79cbd823bbb1c0956efbb.tar.xz nixpkgs-c8dcf63b4ea6f9ffc3f79cbd823bbb1c0956efbb.tar.zst nixpkgs-c8dcf63b4ea6f9ffc3f79cbd823bbb1c0956efbb.zip | |
nixos/nebula: Expand unit test to match source repo's smoke test
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/tests/nebula.nix | 74 |
1 files changed, 69 insertions, 5 deletions
diff --git a/nixos/tests/nebula.nix b/nixos/tests/nebula.nix index 829c2352499..c7d71c00f81 100644 --- a/nixos/tests/nebula.nix +++ b/nixos/tests/nebula.nix @@ -62,6 +62,42 @@ in }; }; + node3 = { ... } @ args: + makeNebulaNode args "node3" { + networking.interfaces.eth1.ipv4.addresses = [{ + address = "192.168.1.3"; + prefixLength = 24; + }]; + + services.nebula.networks.smoke = { + staticHostMap = { "10.0.100.1" = [ "192.168.1.1:4242" ]; }; + isLighthouse = false; + lighthouses = [ "10.0.100.1" ]; + firewall = { + outbound = [ { port = "any"; proto = "any"; host = "any"; } ]; + inbound = [ { port = "any"; proto = "any"; host = "lighthouse"; } ]; + }; + }; + }; + + node4 = { ... } @ args: + makeNebulaNode args "node4" { + networking.interfaces.eth1.ipv4.addresses = [{ + address = "192.168.1.4"; + prefixLength = 24; + }]; + + services.nebula.networks.smoke = { + staticHostMap = { "10.0.100.1" = [ "192.168.1.1:4242" ]; }; + isLighthouse = false; + lighthouses = [ "10.0.100.1" ]; + firewall = { + outbound = [ { port = "any"; proto = "any"; host = "lighthouse"; } ]; + inbound = [ { port = "any"; proto = "any"; host = "any"; } ]; + }; + }; + }; + }; testScript = let @@ -119,14 +155,42 @@ in lighthouse.wait_for_unit("nebula@smoke.service") lighthouse.succeed("ping -c5 10.0.100.1") - # Create keys on node2 and have the lighthouse sign them. + # Create keys for node2's nebula service and test that it comes up. ${setUpPrivateKey "node2"} ${signKeysFor "node2" "10.0.100.2/24"} - - # Reboot node2 and test that the nebula service comes up. ${restartAndCheckNebula "node2" "10.0.100.2"} - # Test that the node is now connected to the lighthouse. - node2.succeed("ping -c5 10.0.100.1") + # Create keys for node3's nebula service and test that it comes up. + ${setUpPrivateKey "node3"} + ${signKeysFor "node3" "10.0.100.3/24"} + ${restartAndCheckNebula "node3" "10.0.100.3"} + + # Create keys for node4's nebula service and test that it comes up. + ${setUpPrivateKey "node4"} + ${signKeysFor "node4" "10.0.100.4/24"} + ${restartAndCheckNebula "node4" "10.0.100.4"} + + # The lighthouse can ping node2 and node3 + lighthouse.succeed("ping -c3 10.0.100.2") + lighthouse.succeed("ping -c3 10.0.100.3") + + # node2 can ping the lighthouse, but not node3 because of its inbound firewall + node2.succeed("ping -c3 10.0.100.1") + node2.fail("ping -c3 10.0.100.3") + + # node3 can ping the lighthouse and node2 + node3.succeed("ping -c3 10.0.100.1") + node3.succeed("ping -c3 10.0.100.2") + + # node4 can ping the lighthouse but not node2 or node3 + node4.succeed("ping -c3 10.0.100.1") + node4.fail("ping -c3 10.0.100.2") + node4.fail("ping -c3 10.0.100.3") + + # node2 can ping node3 now that node3 pinged it first + node2.succeed("ping -c3 10.0.100.3") + # node4 can ping node2 if node2 pings it first + node2.succeed("ping -c3 10.0.100.4") + node4.succeed("ping -c3 10.0.100.2") ''; }) \ No newline at end of file |