mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-10-31 06:31:20 +00:00
nixos/tests/teleport: init
This commit is contained in:
parent
d811a6ea73
commit
77b442226d
@ -471,6 +471,7 @@ in
|
||||
systemd-unit-path = handleTest ./systemd-unit-path.nix {};
|
||||
taskserver = handleTest ./taskserver.nix {};
|
||||
telegraf = handleTest ./telegraf.nix {};
|
||||
teleport = handleTest ./teleport.nix {};
|
||||
tiddlywiki = handleTest ./tiddlywiki.nix {};
|
||||
tigervnc = handleTest ./tigervnc.nix {};
|
||||
timezone = handleTest ./timezone.nix {};
|
||||
|
99
nixos/tests/teleport.nix
Normal file
99
nixos/tests/teleport.nix
Normal file
@ -0,0 +1,99 @@
|
||||
{ system ? builtins.currentSystem
|
||||
, config ? { }
|
||||
, pkgs ? import ../.. { inherit system config; }
|
||||
}:
|
||||
|
||||
with import ../lib/testing-python.nix { inherit system pkgs; };
|
||||
|
||||
let
|
||||
minimal = { config, ... }: {
|
||||
services.teleport.enable = true;
|
||||
};
|
||||
|
||||
client = { config, ... }: {
|
||||
services.teleport = {
|
||||
enable = true;
|
||||
settings = {
|
||||
teleport = {
|
||||
nodename = "client";
|
||||
advertise_ip = "192.168.1.20";
|
||||
auth_token = "8d1957b2-2ded-40e6-8297-d48156a898a9";
|
||||
auth_servers = [ "192.168.1.10:3025" ];
|
||||
log.severity = "DEBUG";
|
||||
};
|
||||
ssh_service = {
|
||||
enabled = true;
|
||||
labels = {
|
||||
role = "client";
|
||||
};
|
||||
};
|
||||
proxy_service.enabled = false;
|
||||
auth_service.enabled = false;
|
||||
};
|
||||
};
|
||||
networking.interfaces.eth1.ipv4.addresses = [{
|
||||
address = "192.168.1.20";
|
||||
prefixLength = 24;
|
||||
}];
|
||||
};
|
||||
|
||||
server = { config, ... }: {
|
||||
services.teleport = {
|
||||
enable = true;
|
||||
settings = {
|
||||
teleport = {
|
||||
nodename = "server";
|
||||
advertise_ip = "192.168.1.10";
|
||||
};
|
||||
ssh_service.enabled = true;
|
||||
proxy_service.enabled = true;
|
||||
auth_service = {
|
||||
enabled = true;
|
||||
tokens = [ "node:8d1957b2-2ded-40e6-8297-d48156a898a9" ];
|
||||
};
|
||||
};
|
||||
diag.enable = true;
|
||||
insecure.enable = true;
|
||||
};
|
||||
networking = {
|
||||
firewall.allowedTCPPorts = [ 3025 ];
|
||||
interfaces.eth1.ipv4.addresses = [{
|
||||
address = "192.168.1.10";
|
||||
prefixLength = 24;
|
||||
}];
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
minimal = makeTest {
|
||||
# minimal setup should always work
|
||||
name = "teleport-minimal-setup";
|
||||
meta.maintainers = with pkgs.lib.maintainers; [ ymatsiuk ];
|
||||
nodes = { inherit minimal; };
|
||||
|
||||
testScript = ''
|
||||
minimal.wait_for_open_port("3025")
|
||||
minimal.wait_for_open_port("3080")
|
||||
minimal.wait_for_open_port("3022")
|
||||
'';
|
||||
};
|
||||
|
||||
basic = makeTest {
|
||||
# basic server and client test
|
||||
name = "teleport-server-client";
|
||||
meta.maintainers = with pkgs.lib.maintainers; [ ymatsiuk ];
|
||||
nodes = { inherit server client; };
|
||||
|
||||
testScript = ''
|
||||
with subtest("teleport ready"):
|
||||
server.wait_for_open_port("3025")
|
||||
client.wait_for_open_port("3022")
|
||||
|
||||
with subtest("check applied configuration"):
|
||||
server.wait_until_succeeds("tctl get nodes --format=json | ${pkgs.jq}/bin/jq -e '.[] | select(.spec.hostname==\"client\") | .metadata.labels.role==\"client\"'")
|
||||
server.wait_for_open_port("3000")
|
||||
client.succeed("journalctl -u teleport.service --grep='DEBU'")
|
||||
server.succeed("journalctl -u teleport.service --grep='Starting teleport in insecure mode.'")
|
||||
'';
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue
Block a user