nixos/tests/proxy.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

import ./make-test.nix ({ pkgs, ...} :

let

  backend =
    { pkgs, ... }:

    { services.httpd.enable = true;
      services.httpd.adminAddr = "foo@example.org";
      services.httpd.virtualHosts.localhost.documentRoot = "${pkgs.valgrind.doc}/share/doc/valgrind/html";
      networking.firewall.allowedTCPPorts = [ 80 ];
    };

in

{
  name = "proxy";
  meta = with pkgs.stdenv.lib.maintainers; {
    maintainers = [ eelco ];
  };

  nodes =
    { proxy =
        { nodes, ... }:

        { services.httpd.enable = true;
          services.httpd.adminAddr = "bar@example.org";
          services.httpd.extraModules = [ "proxy_balancer" "lbmethod_byrequests" ];
          services.httpd.extraConfig = ''
            ExtendedStatus on
          '';
          services.httpd.virtualHosts.localhost = {
            extraConfig = ''
              <Location /server-status>
                Require all granted
                SetHandler server-status
              </Location>

              <Proxy balancer://cluster>
                Require all granted
                BalancerMember http://${nodes.backend1.config.networking.hostName} retry=0
                BalancerMember http://${nodes.backend2.config.networking.hostName} retry=0
              </Proxy>

              ProxyStatus       full
              ProxyPass         /server-status !
              ProxyPass         /       balancer://cluster/
              ProxyPassReverse  /       balancer://cluster/

              # For testing; don't want to wait forever for dead backend servers.
              ProxyTimeout      5
            '';
          };

          networking.firewall.allowedTCPPorts = [ 80 ];
        };

      backend1 = backend;
      backend2 = backend;

      client = { ... }: { };
    };

  testScript =
    ''
      startAll;

      $proxy->waitForUnit("httpd");
      $backend1->waitForUnit("httpd");
      $backend2->waitForUnit("httpd");
      $client->waitForUnit("network.target");

      # With the back-ends up, the proxy should work.
      $client->succeed("curl --fail http://proxy/");

      $client->succeed("curl --fail http://proxy/server-status");

      # Block the first back-end.
      $backend1->block;

      # The proxy should still work.
      $client->succeed("curl --fail http://proxy/");

      $client->succeed("curl --fail http://proxy/");

      # Block the second back-end.
      $backend2->block;

      # Now the proxy should fail as well.
      $client->fail("curl --fail http://proxy/");

      # But if the second back-end comes back, the proxy should start
      # working again.
      $backend2->unblock;
      $client->succeed("curl --fail http://proxy/");
    '';
})