emily/nixos-images
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

kexec-installer: fix static ip tests

Browse source
This commit is contained in:
Jörg Thalheim 2022-11-27 18:56:24 +00:00
parent 7f2ba67850
commit 2be59edf63
3 changed files with 91 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
nix/kexec-installer/module.nix
View file

@ -98,9 +98,13 @@ in {
wants = [ "network-pre.target" ]; wants = [ "network-pre.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = [ serviceConfig = {
"${restoreNetwork} /root/network/addrs.json /root/network/routes-v4.json /root/network/routes-v6.json" Type = "oneshot";
RemainAfterExit = true;
ExecStart = [
"${restoreNetwork} /root/network/addrs.json /root/network/routes-v4.json /root/network/routes-v6.json /etc/systemd/network"
]; ];
};
unitConfig.ConditionPathExists = [ unitConfig.ConditionPathExists = [
"/root/network/addrs.json" "/root/network/addrs.json"

9
nix/kexec-installer/restore_routes.py
View file

@ -58,7 +58,7 @@ def generate_networkd_units(
if route["dev"] != interface["ifname"]: if route["dev"] != interface["ifname"]:
continue continue
route_section = "[Route]" route_section = "[Route]\n"
if route["dst"] != "default": if route["dst"] != "default":
# can be skipped for default routes # can be skipped for default routes
route_section += f"Destination = {route['dst']}\n" route_section += f"Destination = {route['dst']}\n"
@ -85,9 +85,9 @@ IPv6AcceptRA = yes
def main() -> None: def main() -> None:
if len(sys.argv) < 4: if len(sys.argv) < 5:
print( print(
f"USAGE: {sys.argv[0]} addresses routes-v4 routes-v6 [networkd-directory]", f"USAGE: {sys.argv[0]} addresses routes-v4 routes-v6 networkd-directory",
file=sys.stderr, file=sys.stderr,
) )
sys.exit(1) sys.exit(1)
@ -99,10 +99,7 @@ def main() -> None:
with open(sys.argv[3]) as f: with open(sys.argv[3]) as f:
v6_routes = json.load(f) v6_routes = json.load(f)
if len(sys.argv) >= 4:
networkd_directory = Path(sys.argv[4]) networkd_directory = Path(sys.argv[4])
else:
networkd_directory = Path("/etc/systemd/network")
relevant_interfaces = filter_interfaces(addresses) relevant_interfaces = filter_interfaces(addresses)
relevant_routes = filter_routes(v4_routes) + filter_routes(v6_routes) relevant_routes = filter_routes(v4_routes) + filter_routes(v6_routes)

91
nix/kexec-installer/test.nix
View file

@ -28,14 +28,43 @@ in makeTest' {
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
services.openssh.enable = true; services.openssh.enable = true;
networking = { networking = {
useNetworkd = true; useNetworkd = true;
useDHCP = false; useDHCP = false;
}; };
systemd.network = {
networks = {
# systemd-networkd will load the first network unit file
# that matches, ordered lexiographically by filename.
# /etc/systemd/network/{40-eth1,99-main}.network already
# exists. This network unit must be loaded for the test,
# however, hence why this network is named such.
"01-eth1" = {
name = "eth1";
address = [
# Some static addresses that we want to see in the kexeced image
"192.168.42.1/24"
"42::1/64"
];
routes = [
# Some static routes that we want to see in the kexeced image
{ routeConfig = { Destination = "192.168.43.0/24"; }; }
{ routeConfig = { Destination = "192.168.44.0/24"; Gateway = "192.168.43.1"; }; }
{ routeConfig = { Destination = "43::0/64"; }; }
{ routeConfig = { Destination = "44::1/64"; Gateway = "43::1"; }; }
];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
}; };
node2 = { pkgs, modulesPath, ... }: { node2 = { pkgs, modulesPath, ... }: {
virtualisation.vlans = [ 1 ];
environment.systemPackages = [ pkgs.hello ]; environment.systemPackages = [ pkgs.hello ];
imports = [ imports = [
./module.nix ./module.nix
@ -59,7 +88,13 @@ in makeTest' {
"01-eth1" = { "01-eth1" = {
name = "eth1"; name = "eth1";
address = [ address = [
"2001:DB8::1/64" "2001:db8::1/64"
];
ipv6Prefixes = [
{ ipv6PrefixConfig = { Prefix = "2001:db8::/64"; AddressAutoconfiguration = true; OnLink = true; }; }
];
ipv6RoutePrefixes = [
{ ipv6RoutePrefixConfig = { Route = "::/0"; LifetimeSec = 3600; }; }
]; ];
networkConfig = { networkConfig = {
DHCPServer = true; DHCPServer = true;
@ -69,6 +104,7 @@ in makeTest' {
dhcpServerConfig = { dhcpServerConfig = {
PoolOffset = 100; PoolOffset = 100;
PoolSize = 1; PoolSize = 1;
EmitRouter = true;
}; };
}; };
}; };
@ -79,22 +115,24 @@ in makeTest' {
testScript = { nodes, ... }: '' testScript = { nodes, ... }: ''
# Test whether reboot via kexec works. # Test whether reboot via kexec works.
node1.wait_for_unit("multi-user.target")
node1.succeed('kexec --load /run/current-system/kernel --initrd /run/current-system/initrd --command-line "$(</proc/cmdline)"') router.wait_for_unit("network-online.target")
node1.execute("systemctl kexec >&2 &", check_return=False) router.succeed("ip addr >&2")
node1.connected = False router.succeed("ip route >&2")
node1.connect() router.succeed("ip -6 route >&2")
node1.wait_for_unit("multi-user.target") router.succeed("networkctl status eth1 >&2")
node1.wait_for_unit("network-online.target")
node1.wait_until_succeeds("ping -c1 10.0.0.1")
node1.wait_until_succeeds("ping -c1 2001:db8::1")
node1.succeed("ip addr >&2") node1.succeed("ip addr >&2")
node1.succeed("ip route >&2") node1.succeed("ip route >&2")
node1.succeed("ip -6 route >&2") node1.succeed("ip -6 route >&2")
node1.succeed("networkctl status eth1 >&2")
node1.wait_for_unit("sshd.service")
host_ed25519_before = node1.succeed("cat /etc/ssh/ssh_host_ed25519_key.pub") host_ed25519_before = node1.succeed("cat /etc/ssh/ssh_host_ed25519_key.pub")
node1.succeed('ssh-keygen -t ed25519 -f /root/.ssh/id_ed25519 -q -N ""') node1.succeed('ssh-keygen -t ed25519 -f /root/.ssh/id_ed25519 -q -N ""')
root_ed25519_before = node1.succeed('tee /root/.ssh/authorized_keys < /root/.ssh/id_ed25519.pub') root_ed25519_before = node1.succeed('tee /root/.ssh/authorized_keys < /root/.ssh/id_ed25519.pub')
# Kexec node1 to the toplevel of node2 via the kexec-boot script # Kexec node1 to the toplevel of node2 via the kexec-boot script
node1.succeed('touch /run/foo') node1.succeed('touch /run/foo')
node1.fail('hello') node1.fail('hello')
@ -113,6 +151,37 @@ in makeTest' {
root_ed25519_after = node1.succeed("cat /root/.ssh/authorized_keys") root_ed25519_after = node1.succeed("cat /root/.ssh/authorized_keys")
assert root_ed25519_before == root_ed25519_after, f"{root_ed25519_before} != {root_ed25519_after}" assert root_ed25519_before == root_ed25519_after, f"{root_ed25519_before} != {root_ed25519_after}"
# See if we can reach the router after kexec
node1.wait_for_unit("restoreNetwork.service")
node1.wait_until_succeeds("cat /etc/systemd/network/eth1.network >&2")
node1.wait_until_succeeds("ping -c1 10.0.0.1")
node1.wait_until_succeeds("ping -c1 2001:db8::1")
# Check if static addresses have been restored
node1.wait_until_succeeds("ping -c1 42::1")
node1.wait_until_succeeds("ping -c1 192.168.42.1")
out = node1.wait_until_succeeds("ip route get 192.168.43.2")
print(out)
assert "192.168.43.2 dev eth1" in out
out = node1.wait_until_succeeds("ip route get 192.168.44.2")
print(out)
assert "192.168.44.2 via 192.168.43.1" in out
out = node1.wait_until_succeeds("ip route get 43::2")
print(out)
assert "43::2 from :: dev eth1" in out
out = node1.wait_until_succeeds("ip route get 44::2")
print(out)
assert "44::2 from :: via 43::1" in out
node1.succeed("ip addr >&2")
node1.succeed("ip route >&2")
node1.succeed("ip -6 route >&2")
node1.succeed("networkctl status eth1 >&2")
node1.shutdown() node1.shutdown()
''; '';
} }