-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add multiple addresses to admin nixos module
Signed-off-by: Manuel Bluhm <[email protected]>
- Loading branch information
Showing
4 changed files
with
97 additions
and
125 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -17,9 +17,14 @@ let | |
}; | ||
admin = { | ||
name = "admin-vm"; | ||
addr = addrs.adminvm; | ||
port = "9001"; | ||
protocol = "tcp"; # go version expect word "tcp" here, but it unused | ||
addresses = [ | ||
{ | ||
name = "admin-vm"; | ||
addr = addrs.adminvm; | ||
port = "9001"; | ||
protocol = "tcp"; | ||
} | ||
]; | ||
}; | ||
mkTls = name: { | ||
enable = tls; | ||
|
@@ -48,9 +53,7 @@ in | |
enable = true; | ||
debug = true; | ||
inherit (admin) name; | ||
inherit (admin) addr; | ||
inherit (admin) port; | ||
inherit (admin) protocol; | ||
inherit (admin) addresses; | ||
tls = mkTls "admin-vm"; | ||
}; | ||
}; | ||
|
@@ -70,7 +73,7 @@ in | |
port = "9000"; | ||
protocol = "tcp"; | ||
}; | ||
inherit admin; | ||
admin = lib.head admin.addresses; | ||
services = [ | ||
"[email protected]" | ||
"[email protected]" | ||
|
@@ -151,7 +154,7 @@ in | |
''; | ||
givc.sysvm = { | ||
enable = true; | ||
inherit admin; | ||
admin = lib.head admin.addresses; | ||
agent = { | ||
addr = addrs.guivm; | ||
name = "gui-vm"; | ||
|
@@ -208,7 +211,7 @@ in | |
name = "chromium-vm"; | ||
addr = addrs.appvm; | ||
}; | ||
inherit admin; | ||
admin = lib.head admin.addresses; | ||
tls = mkTls "chromium-vm"; | ||
applications = [ | ||
{ | ||
|
@@ -228,6 +231,7 @@ in | |
let | ||
cli = "${self'.packages.givc-admin-rs.cli}/bin/givc-cli"; | ||
expected = "givc-ghaf-host.service"; # Name which we _expect_ to see registered in admin server's registry | ||
adminAddr = lib.head admin.addresses; | ||
in | ||
# FIXME: why it so bizzare? (derived from name in cert) | ||
'' | ||
|
@@ -297,7 +301,7 @@ in | |
time.sleep(1) | ||
# Ensure, that hostvm's agent registered in admin service. It take ~10 seconds to spin up and register itself | ||
print(hostvm.succeed("${cli} --addr ${nodes.adminvm.config.givc.admin.addr} --port ${nodes.adminvm.config.givc.admin.port} --cacert ${nodes.hostvm.givc.host.tls.caCertPath} --cert ${nodes.hostvm.givc.host.tls.certPath} --key ${nodes.hostvm.givc.host.tls.keyPath} ${if tls then "" else "--notls"} --name ${nodes.adminvm.config.givc.admin.name} test ensure --retry 60 ${expected}")) | ||
print(hostvm.succeed("${cli} --addr ${adminAddr.addr} --port ${adminAddr.port} --cacert ${nodes.hostvm.givc.host.tls.caCertPath} --cert ${nodes.hostvm.givc.host.tls.certPath} --key ${nodes.hostvm.givc.host.tls.keyPath} ${if tls then "" else "--notls"} --name ${adminAddr.name} test ensure --retry 60 ${expected}")) | ||
with subtest("setup gui vm"): | ||
# Ensure that sway in guiVM finished startup | ||
|
@@ -313,13 +317,13 @@ in | |
time.sleep(5) # Give ssh some time to setup remote socket | ||
with subtest("set locale and timezone"): | ||
print(hostvm.succeed("${cli} --addr ${nodes.adminvm.config.givc.admin.addr} --port ${nodes.adminvm.config.givc.admin.port} --cacert ${nodes.hostvm.givc.host.tls.caCertPath} --cert ${nodes.hostvm.givc.host.tls.certPath} --key ${nodes.hostvm.givc.host.tls.keyPath} ${if tls then "" else "--notls"} --name ${nodes.adminvm.config.givc.admin.name} set-locale en_US.UTF-8")) | ||
print(hostvm.succeed("${cli} --addr ${adminAddr.addr} --port ${adminAddr.port} --cacert ${nodes.hostvm.givc.host.tls.caCertPath} --cert ${nodes.hostvm.givc.host.tls.certPath} --key ${nodes.hostvm.givc.host.tls.keyPath} ${if tls then "" else "--notls"} --name ${adminAddr.name} set-locale en_US.UTF-8")) | ||
adminvm.wait_for_file("/etc/locale-givc.conf") | ||
print(hostvm.succeed("${cli} --addr ${nodes.adminvm.config.givc.admin.addr} --port ${nodes.adminvm.config.givc.admin.port} --cacert ${nodes.hostvm.givc.host.tls.caCertPath} --cert ${nodes.hostvm.givc.host.tls.certPath} --key ${nodes.hostvm.givc.host.tls.keyPath} ${if tls then "" else "--notls"} --name ${nodes.adminvm.config.givc.admin.name} set-timezone UTC")) | ||
print(hostvm.succeed("${cli} --addr ${adminAddr.addr} --port ${adminAddr.port} --cacert ${nodes.hostvm.givc.host.tls.caCertPath} --cert ${nodes.hostvm.givc.host.tls.certPath} --key ${nodes.hostvm.givc.host.tls.keyPath} ${if tls then "" else "--notls"} --name ${adminAddr.name} set-timezone UTC")) | ||
adminvm.wait_for_file("/etc/timezone.conf") | ||
with subtest("Clean run"): | ||
print(hostvm.succeed("${cli} --addr ${nodes.adminvm.config.givc.admin.addr} --port ${nodes.adminvm.config.givc.admin.port} --cacert ${nodes.hostvm.givc.host.tls.caCertPath} --cert ${nodes.hostvm.givc.host.tls.certPath} --key ${nodes.hostvm.givc.host.tls.keyPath} ${if tls then "" else "--notls"} --name ${nodes.adminvm.config.givc.admin.name} start --vm chromium-vm foot")) | ||
print(hostvm.succeed("${cli} --addr ${adminAddr.addr} --port ${adminAddr.port} --cacert ${nodes.hostvm.givc.host.tls.caCertPath} --cert ${nodes.hostvm.givc.host.tls.certPath} --key ${nodes.hostvm.givc.host.tls.keyPath} ${if tls then "" else "--notls"} --name ${adminAddr.name} start --vm chromium-vm foot")) | ||
time.sleep(10) # Give few seconds to application to spin up | ||
wait_for_window("ghaf@appvm") | ||
|
@@ -328,34 +332,34 @@ in | |
appvm.succeed("pkill foot") | ||
time.sleep(10) | ||
# .. then ask to restart | ||
print(hostvm.succeed("${cli} --addr ${nodes.adminvm.config.givc.admin.addr} --port ${nodes.adminvm.config.givc.admin.port} --cacert ${nodes.hostvm.givc.host.tls.caCertPath} --cert ${nodes.hostvm.givc.host.tls.certPath} --key ${nodes.hostvm.givc.host.tls.keyPath} ${if tls then "" else "--notls"} --name ${nodes.adminvm.config.givc.admin.name} start --vm chromium-vm foot")) | ||
print(hostvm.succeed("${cli} --addr ${adminAddr.addr} --port ${adminAddr.port} --cacert ${nodes.hostvm.givc.host.tls.caCertPath} --cert ${nodes.hostvm.givc.host.tls.certPath} --key ${nodes.hostvm.givc.host.tls.keyPath} ${if tls then "" else "--notls"} --name ${adminAddr.name} start --vm chromium-vm foot")) | ||
wait_for_window("ghaf@appvm") | ||
with subtest("pause/resume/stop application"): | ||
appvm.succeed("pgrep foot") | ||
print(hostvm.succeed("${cli} --addr ${nodes.adminvm.config.givc.admin.addr} --port ${nodes.adminvm.config.givc.admin.port} --cacert ${nodes.hostvm.givc.host.tls.caCertPath} --cert ${nodes.hostvm.givc.host.tls.certPath} --key ${nodes.hostvm.givc.host.tls.keyPath} ${if tls then "" else "--notls"} --name ${nodes.adminvm.config.givc.admin.name} pause [email protected]")) | ||
print(hostvm.succeed("${cli} --addr ${adminAddr.addr} --port ${adminAddr.port} --cacert ${nodes.hostvm.givc.host.tls.caCertPath} --cert ${nodes.hostvm.givc.host.tls.certPath} --key ${nodes.hostvm.givc.host.tls.keyPath} ${if tls then "" else "--notls"} --name ${adminAddr.name} pause [email protected]")) | ||
time.sleep(20) | ||
js = hostvm.succeed("${cli} --addr ${nodes.adminvm.config.givc.admin.addr} --port ${nodes.adminvm.config.givc.admin.port} --cacert ${nodes.hostvm.givc.host.tls.caCertPath} --cert ${nodes.hostvm.givc.host.tls.certPath} --key ${nodes.hostvm.givc.host.tls.keyPath} ${if tls then "" else "--notls"} --name ${nodes.adminvm.config.givc.admin.name} query-list --as-json 2>/dev/null") | ||
js = hostvm.succeed("${cli} --addr ${adminAddr.addr} --port ${adminAddr.port} --cacert ${nodes.hostvm.givc.host.tls.caCertPath} --cert ${nodes.hostvm.givc.host.tls.certPath} --key ${nodes.hostvm.givc.host.tls.keyPath} ${if tls then "" else "--notls"} --name ${adminAddr.name} query-list --as-json 2>/dev/null") | ||
foot = by_name("[email protected]", json.loads(js)) | ||
assert foot["status"] == "Paused" | ||
res = appvm.succeed("cat /sys/fs/cgroup/user.slice/user-1000.slice/[email protected]/app.slice/app-foot.slice/[email protected]/cgroup.events") | ||
assert "frozen 1" in res | ||
print(hostvm.succeed("${cli} --addr ${nodes.adminvm.config.givc.admin.addr} --port ${nodes.adminvm.config.givc.admin.port} --cacert ${nodes.hostvm.givc.host.tls.caCertPath} --cert ${nodes.hostvm.givc.host.tls.certPath} --key ${nodes.hostvm.givc.host.tls.keyPath} ${if tls then "" else "--notls"} --name ${nodes.adminvm.config.givc.admin.name} resume [email protected]")) | ||
print(hostvm.succeed("${cli} --addr ${adminAddr.addr} --port ${adminAddr.port} --cacert ${nodes.hostvm.givc.host.tls.caCertPath} --cert ${nodes.hostvm.givc.host.tls.certPath} --key ${nodes.hostvm.givc.host.tls.keyPath} ${if tls then "" else "--notls"} --name ${adminAddr.name} resume [email protected]")) | ||
time.sleep(20) | ||
res = appvm.succeed("cat /sys/fs/cgroup/user.slice/user-1000.slice/[email protected]/app.slice/app-foot.slice/[email protected]/cgroup.events") | ||
assert "frozen 0" in res | ||
js = hostvm.succeed("${cli} --addr ${nodes.adminvm.config.givc.admin.addr} --port ${nodes.adminvm.config.givc.admin.port} --cacert ${nodes.hostvm.givc.host.tls.caCertPath} --cert ${nodes.hostvm.givc.host.tls.certPath} --key ${nodes.hostvm.givc.host.tls.keyPath} ${if tls then "" else "--notls"} --name ${nodes.adminvm.config.givc.admin.name} query-list --as-json 2>/dev/null") | ||
js = hostvm.succeed("${cli} --addr ${adminAddr.addr} --port ${adminAddr.port} --cacert ${nodes.hostvm.givc.host.tls.caCertPath} --cert ${nodes.hostvm.givc.host.tls.certPath} --key ${nodes.hostvm.givc.host.tls.keyPath} ${if tls then "" else "--notls"} --name ${adminAddr.name} query-list --as-json 2>/dev/null") | ||
foot = by_name("[email protected]", json.loads(js)) | ||
assert foot["status"] == "Running" | ||
print(hostvm.succeed("${cli} --addr ${nodes.adminvm.config.givc.admin.addr} --port ${nodes.adminvm.config.givc.admin.port} --cacert ${nodes.hostvm.givc.host.tls.caCertPath} --cert ${nodes.hostvm.givc.host.tls.certPath} --key ${nodes.hostvm.givc.host.tls.keyPath} ${if tls then "" else "--notls"} --name ${nodes.adminvm.config.givc.admin.name} stop [email protected]")) | ||
print(hostvm.succeed("${cli} --addr ${adminAddr.addr} --port ${adminAddr.port} --cacert ${nodes.hostvm.givc.host.tls.caCertPath} --cert ${nodes.hostvm.givc.host.tls.certPath} --key ${nodes.hostvm.givc.host.tls.keyPath} ${if tls then "" else "--notls"} --name ${adminAddr.name} stop [email protected]")) | ||
appvm.fail("pgrep foot") | ||
with subtest("clear exit and restart"): | ||
print(hostvm.succeed("${cli} --addr ${nodes.adminvm.config.givc.admin.addr} --port ${nodes.adminvm.config.givc.admin.port} --cacert ${nodes.hostvm.givc.host.tls.caCertPath} --cert ${nodes.hostvm.givc.host.tls.certPath} --key ${nodes.hostvm.givc.host.tls.keyPath} ${if tls then "" else "--notls"} --name ${nodes.adminvm.config.givc.admin.name} start --vm chromium-vm clearexit")) | ||
print(hostvm.succeed("${cli} --addr ${adminAddr.addr} --port ${adminAddr.port} --cacert ${nodes.hostvm.givc.host.tls.caCertPath} --cert ${nodes.hostvm.givc.host.tls.certPath} --key ${nodes.hostvm.givc.host.tls.keyPath} ${if tls then "" else "--notls"} --name ${adminAddr.name} start --vm chromium-vm clearexit")) | ||
time.sleep(20) # Give few seconds to application to spin up, exit, then start it again | ||
print(hostvm.succeed("${cli} --addr ${nodes.adminvm.config.givc.admin.addr} --port ${nodes.adminvm.config.givc.admin.port} --cacert ${nodes.hostvm.givc.host.tls.caCertPath} --cert ${nodes.hostvm.givc.host.tls.certPath} --key ${nodes.hostvm.givc.host.tls.keyPath} ${if tls then "" else "--notls"} --name ${nodes.adminvm.config.givc.admin.name} start --vm chromium-vm clearexit")) | ||
print(hostvm.succeed("${cli} --addr ${adminAddr.addr} --port ${adminAddr.port} --cacert ${nodes.hostvm.givc.host.tls.caCertPath} --cert ${nodes.hostvm.givc.host.tls.certPath} --key ${nodes.hostvm.givc.host.tls.keyPath} ${if tls then "" else "--notls"} --name ${adminAddr.name} start --vm chromium-vm clearexit")) | ||
''; | ||
}; | ||
}; | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.