-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
tests/nixos: add test for phase reporting in ssh-ng builds.
- Loading branch information
Showing
3 changed files
with
117 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,105 @@ | ||
# Test Nix's remote build feature. | ||
|
||
{ config, lib, hostPkgs, ... }: | ||
|
||
let | ||
pkgs = config.nodes.client.nixpkgs.pkgs; | ||
|
||
# Trivial Nix expression to build remotely. | ||
expr = config: nr: pkgs.writeText "expr.nix" | ||
'' | ||
let utils = builtins.storePath ${config.system.build.extraUtils}; in | ||
derivation { | ||
name = "hello-${toString nr}"; | ||
system = "i686-linux"; | ||
PATH = "''${utils}/bin"; | ||
builder = "''${utils}/bin/sh"; | ||
args = [ "-c" "${ | ||
lib.concatStringsSep "; " [ | ||
''if [[ -n $NIX_LOG_FD ]]'' | ||
''then echo '@nix {\"action\":\"setPhase\",\"phase\":\"buildPhase\"}' >&''$NIX_LOG_FD'' | ||
"fi" | ||
"echo Hello" | ||
"mkdir $out" | ||
"cat /proc/sys/kernel/hostname > $out/host" | ||
] | ||
}" ]; | ||
outputs = [ "out" ]; | ||
} | ||
''; | ||
in | ||
|
||
{ | ||
name = "remote-builds-ssh-ng"; | ||
|
||
nodes = | ||
{ builder = | ||
{ config, pkgs, ... }: | ||
{ services.openssh.enable = true; | ||
virtualisation.writableStore = true; | ||
nix.settings.sandbox = true; | ||
nix.settings.substituters = lib.mkForce [ ]; | ||
}; | ||
|
||
client = | ||
{ config, lib, pkgs, ... }: | ||
{ nix.settings.max-jobs = 0; # force remote building | ||
nix.distributedBuilds = true; | ||
nix.buildMachines = | ||
[ { hostName = "builder"; | ||
sshUser = "root"; | ||
sshKey = "/root/.ssh/id_ed25519"; | ||
system = "i686-linux"; | ||
maxJobs = 1; | ||
protocol = "ssh-ng"; | ||
} | ||
]; | ||
virtualisation.writableStore = true; | ||
virtualisation.additionalPaths = [ config.system.build.extraUtils ]; | ||
nix.settings.substituters = lib.mkForce [ ]; | ||
programs.ssh.extraConfig = "ConnectTimeout 30"; | ||
}; | ||
}; | ||
|
||
testScript = { nodes }: '' | ||
# fmt: off | ||
import subprocess | ||
start_all() | ||
# Create an SSH key on the client. | ||
subprocess.run([ | ||
"${hostPkgs.openssh}/bin/ssh-keygen", "-t", "ed25519", "-f", "key", "-N", "" | ||
], capture_output=True, check=True) | ||
client.succeed("mkdir -p -m 700 /root/.ssh") | ||
client.copy_from_host("key", "/root/.ssh/id_ed25519") | ||
client.succeed("chmod 600 /root/.ssh/id_ed25519") | ||
# Install the SSH key on the builder. | ||
client.wait_for_unit("network.target") | ||
builder.succeed("mkdir -p -m 700 /root/.ssh") | ||
builder.copy_from_host("key.pub", "/root/.ssh/authorized_keys") | ||
builder.wait_for_unit("sshd") | ||
client.succeed(f"ssh -o StrictHostKeyChecking=no {builder.name} 'echo hello world'") | ||
# Perform a build and check that it was performed on the builder. | ||
out = client.succeed( | ||
"nix-build ${expr nodes.client.config 1} 2> build-output", | ||
# We want the build output in the stderr | ||
"grep -qF Hello build-output", | ||
) | ||
# We don't want phase reporting in the stderr | ||
# Note in case this check starts failing: since this is running as part of a | ||
# nix build itself, the actual JSON messages get captured by the surrounding | ||
# nix process and don't show up when printing the build output or the output | ||
# of grep. | ||
client.fail("grep -qF '@nix' build-output") | ||
builder.succeed(f"test -e {out}") | ||
# Check that we get phase reporting in the log file | ||
client.succeed( | ||
f"nix-store --read-log {out.strip()} > log-output", | ||
"grep -q '@nix {\"action\":\"setPhase\",\"phase\":\"buildPhase\"}' log-output", | ||
) | ||
''; | ||
} |