b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

containers: Improve device dependency tracking

Browse source 
Now the tracking works with aggregated devices on aggregated devices.

So container with physical device where the device is put in a bond
which is the basis for a bridge is now handled correctly.
This commit is contained in:
Arnold Krille 2016-09-30 14:52:46 +02:00
parent f0492bd53c
commit cc91f274e0
2 changed files with 86 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
nixos/modules/tasks/network-interfaces-scripted.nix
View file

@ -196,7 +196,7 @@ in
createBridgeDevice = n: v: nameValuePair "${n}-netdev"
(let
deps = if config.boot.isContainer then [] else map subsystemDevice v.interfaces;
deps = concatLists (map deviceDependency v.interfaces);
in
{ description = "Bridge Interface ${n}";
wantedBy = [ "network-setup.service" (subsystemDevice n) ];
@ -237,7 +237,7 @@ in
createVswitchDevice = n: v: nameValuePair "${n}-netdev"
(let
deps = if config.boot.isContainer then [] else map subsystemDevice v.interfaces;
deps = concatLists (map deviceDependency v.interfaces);
ofRules = pkgs.writeText "vswitch-${n}-openFlowRules" v.openFlowRules;
in
{ description = "Open vSwitch Interface ${n}";
@ -270,7 +270,7 @@ in
createBondDevice = n: v: nameValuePair "${n}-netdev"
(let
deps = if config.boot.isContainer then [] else map subsystemDevice v.interfaces;
deps = concatLists (map deviceDependency v.interfaces);
in
{ description = "Bond Interface ${n}";
wantedBy = [ "network-setup.service" (subsystemDevice n) ];

99
nixos/tests/containers-physical_interfaces.nix
View file

@ -23,11 +23,11 @@ import ./make-test.nix ({ pkgs, ...} : {
};
};
};
client = { config, pkgs, ... }: {
virtualisation.memorySize = 256;
bridged = { config, pkgs, ... }: {
virtualisation.memorySize = 128;
virtualisation.vlans = [ 1 ];
containers.client = {
containers.bridged = {
privateNetwork = true;
interfaces = [ "eth1" ];
@ -40,27 +40,94 @@ import ./make-test.nix ({ pkgs, ...} : {
};
};
};
bonded = { config, pkgs, ... }: {
virtualisation.memorySize = 128;
virtualisation.vlans = [ 1 ];
containers.bonded = {
privateNetwork = true;
interfaces = [ "eth1" ];
config = {
networking.bonds.bond0 = {
interfaces = [ "eth1" ];
mode = "active-backup";
};
networking.interfaces.bond0 = {
ip4 = [ { address = "10.10.0.3"; prefixLength = 24; } ];
};
networking.firewall.enable = false;
};
};
};
bridgedbond = { config, pkgs, ... }: {
virtualisation.memorySize = 128;
virtualisation.vlans = [ 1 ];
containers.bridgedbond = {
privateNetwork = true;
interfaces = [ "eth1" ];
config = {
networking.bonds.bond0 = {
interfaces = [ "eth1" ];
mode = "active-backup";
};
networking.bridges.br0.interfaces = [ "bond0" ];
networking.interfaces.br0 = {
ip4 = [ { address = "10.10.0.4"; prefixLength = 24; } ];
};
networking.firewall.enable = false;
};
};
};
};
testScript = ''
startAll;
$server->waitForUnit("default.target");
$server->execute("ip link >&2");
subtest "prepare server", sub {
$server->waitForUnit("default.target");
$server->succeed("ip link show dev eth1 >&2");
};
$server->succeed("ip link show dev eth1 >&2");
subtest "simple physical interface", sub {
$server->succeed("nixos-container start server");
$server->waitForUnit("container\@server");
$server->succeed("systemctl -M server list-dependencies network-addresses-eth1.service >&2");
$server->succeed("nixos-container start server");
$server->waitForUnit("container\@server");
$server->succeed("systemctl -M server list-dependencies network-addresses-eth1.service >&2");
# The other tests will ping this container on its ip. Here we just check
# that the device is present in the container.
$server->succeed("nixos-container run server -- ip a show dev eth1 >&2");
};
$server->succeed("nixos-container run server -- ip a show dev eth1 >&2");
subtest "physical device in bridge in container", sub {
$bridged->waitForUnit("default.target");
$bridged->succeed("nixos-container start bridged");
$bridged->waitForUnit("container\@bridged");
$bridged->succeed("systemctl -M bridged list-dependencies network-addresses-br0.service >&2");
$bridged->succeed("systemctl -M bridged status -n 30 -l network-addresses-br0.service");
$bridged->succeed("nixos-container run bridged -- ping -w 10 -c 1 -n 10.10.0.1");
};
$client->waitForUnit("default.target");
$client->succeed("nixos-container start client");
$client->waitForUnit("container\@client");
$client->succeed("systemctl -M client list-dependencies network-addresses-br0.service >&2");
$client->succeed("systemctl -M client status -n 30 -l network-addresses-br0.service");
$client->succeed("nixos-container run client -- ping -w 10 -c 1 -n 10.10.0.1");
subtest "physical device in bond in container", sub {
$bonded->waitForUnit("default.target");
$bonded->succeed("nixos-container start bonded");
$bonded->waitForUnit("container\@bonded");
$bonded->succeed("systemctl -M bonded list-dependencies network-addresses-bond0 >&2");
$bonded->succeed("systemctl -M bonded status -n 30 -l network-addresses-bond0 >&2");
$bonded->succeed("nixos-container run bonded -- ping -w 10 -c 1 -n 10.10.0.1");
};
subtest "physical device in bond in bridge in container", sub {
$bridgedbond->waitForUnit("default.target");
$bridgedbond->succeed("nixos-container start bridgedbond");
$bridgedbond->waitForUnit("container\@bridgedbond");
$bridgedbond->succeed("systemctl -M bridgedbond list-dependencies network-addresses-br0.service >&2");
$bridgedbond->succeed("systemctl -M bridgedbond status -n 30 -l network-addresses-br0.service");
$bridgedbond->succeed("nixos-container run bridgedbond -- ping -w 10 -c 1 -n 10.10.0.1");
};
'';
})