nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-21 05:04:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
8f6ffd06a4
nixpkgs/nixos/tests/scion/freestanding-deployment/default.nix
Robert James Hernandez 57b9f12728 nixos/scion: init scion ip gateway config in test 
create a scion-ip-gateway between scion04 and scion05
2024-09-25 19:08:33 +02:00

189 lines
4.9 KiB
Nix
Raw Blame History

# implements https://github.com/scionproto/scion/blob/27983125bccac6b84d1f96f406853aab0e460405/doc/tutorials/deploy.rst
import ../../make-test-python.nix ({ pkgs, ... }:
let
trust-root-configuration-keys = pkgs.runCommand "generate-trc-keys.sh" {
buildInputs = [
pkgs.scion
];
} (builtins.readFile ./bootstrap.sh);
imports = hostId: [
({
services.scion = {
enable = true;
bypassBootstrapWarning = true;
};
networking = {
useNetworkd = true;
useDHCP = false;
};
systemd.network.networks."01-eth1" = {
name = "eth1";
networkConfig.Address = "192.168.1.${toString hostId}/24";
};
environment.etc = {
"scion/topology.json".source = ./topology${toString hostId}.json;
"scion/crypto/as".source = trust-root-configuration-keys + "/AS${toString hostId}";
"scion/certs/ISD42-B1-S1.trc".source = trust-root-configuration-keys + "/ISD42-B1-S1.trc";
"scion/keys/master0.key".text = "U${toString hostId}v4k23ZXjGDwDofg/Eevw==";
"scion/keys/master1.key".text = "dBMko${toString hostId}qMS8DfrN/zP2OUdA==";
};
environment.systemPackages = [
pkgs.scion
];
})
];
in
{
name = "scion-test";
nodes = {
scion01 = { ... }: {
imports = (imports 1);
};
scion02 = { ... }: {
imports = (imports 2);
};
scion03 = { ... }: {
imports = (imports 3);
};
scion04 = { ... }: {
imports = (imports 4);
networking.interfaces."lo".ipv4.addresses = [{ address = "172.16.1.1"; prefixLength = 32; }];
services.scion.scion-ip-gateway = {
enable = true;
config = {
tunnel = {
src_ipv4 = "172.16.1.1";
};
};
trafficConfig = {
ASes = {
"42-ffaa:1:5" = {
Nets = [
"172.16.100.0/24"
];
};
};
ConfigVersion = 9001;
};
};
};
scion05 = { ... }: {
imports = (imports 5);
networking.interfaces."lo".ipv4.addresses = [{ address = "172.16.100.1"; prefixLength = 32; }];
services.scion.scion-ip-gateway = {
enable = true;
config = {
tunnel = {
src_ipv4 = "172.16.100.1";
};
};
trafficConfig = {
ASes = {
"42-ffaa:1:4" = {
Nets = [
"172.16.1.0/24"
];
};
};
ConfigVersion = 9001;
};
};
};
};
testScript = let
pingAll = pkgs.writeShellScript "ping-all-scion.sh" ''
addresses="42-ffaa:1:1 42-ffaa:1:2 42-ffaa:1:3 42-ffaa:1:4 42-ffaa:1:5"
timeout=100
wait_for_all() {
ret=0
for as in "$@"
do
scion showpaths $as --no-probe > /dev/null
ret=$?
if [ "$ret" -ne "0" ]; then
break
fi
done
return $ret
}
ping_all() {
ret=0
for as in "$@"
do
scion ping "$as,127.0.0.1" -c 3
ret=$?
if [ "$ret" -ne "0" ]; then
break
fi
done
return $ret
}
for i in $(seq 0 $timeout); do
sleep 1
wait_for_all $addresses || continue
ping_all $addresses && exit 0
done
exit 1
'';
in
''
# List of AS instances
machines = [scion01, scion02, scion03, scion04, scion05]
# Functions to avoid many for loops
def start(allow_reboot=False):
for i in machines:
i.start(allow_reboot=allow_reboot)
def wait_for_unit(service_name):
for i in machines:
i.wait_for_unit(service_name)
def succeed(command):
for i in machines:
i.succeed(command)
def reboot():
for i in machines:
i.reboot()
def crash():
for i in machines:
i.crash()
# Start all machines, allowing reboot for later
start(allow_reboot=True)
# Wait for scion-control.service on all instances
wait_for_unit("scion-control.service")
# Ensure cert is valid against TRC
succeed("scion-pki certificate verify --trc /etc/scion/certs/*.trc /etc/scion/crypto/as/*.pem >&2")
# Execute pingAll command on all instances
succeed("${pingAll} >&2")
# Execute ICMP pings across scion-ip-gateway
scion04.succeed("ping -c 3 172.16.100.1 >&2")
scion05.succeed("ping -c 3 172.16.1.1 >&2")
# Restart all scion services and ping again to test robustness
succeed("systemctl restart scion-* >&2")
succeed("${pingAll} >&2")
# Reboot machines, wait for service, and ping again
reboot()
wait_for_unit("scion-control.service")
succeed("${pingAll} >&2")
# Crash, start, wait for service, and ping again
crash()
start()
wait_for_unit("scion-control.service")
succeed("pkill -9 scion-* >&2")
wait_for_unit("scion-control.service")
succeed("${pingAll} >&2")
'';
})
Reference in New Issue View Git Blame Copy Permalink