cluster/services/dns: test im simulacrum
This commit is contained in:
parent
e0d513be30
commit
02ace2b0b9
2 changed files with 40 additions and 0 deletions
|
@ -56,6 +56,11 @@ in
|
||||||
coredns = ./coredns.nix;
|
coredns = ./coredns.nix;
|
||||||
client = ./client.nix;
|
client = ./client.nix;
|
||||||
};
|
};
|
||||||
|
simulacrum = {
|
||||||
|
enable = true;
|
||||||
|
deps = [ "consul" "acme-client" "patroni" ];
|
||||||
|
settings = ./test.nix;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
patroni = {
|
patroni = {
|
||||||
|
|
35
cluster/services/dns/test.nix
Normal file
35
cluster/services/dns/test.nix
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
{ cluster, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
inherit (cluster._module.specialArgs.depot.lib.meta) domain;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
nodes.nowhere = { pkgs, ... }: {
|
||||||
|
passthru = cluster;
|
||||||
|
environment.systemPackages = [
|
||||||
|
pkgs.knot-dns
|
||||||
|
pkgs.openssl
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
testScript = ''
|
||||||
|
import json
|
||||||
|
nodeNames = json.loads('${builtins.toJSON cluster.config.services.dns.nodes.authoritative}')
|
||||||
|
dotNames = json.loads('${builtins.toJSON cluster.config.services.dns.nodes.coredns}')
|
||||||
|
nodes = [ n for n in machines if n.name in nodeNames ]
|
||||||
|
dotServers = [ n for n in machines if n.name in dotNames ]
|
||||||
|
|
||||||
|
start_all()
|
||||||
|
|
||||||
|
with subtest("should allow external name resolution for own domain"):
|
||||||
|
for node in nodes:
|
||||||
|
node.wait_for_unit("coredns.service")
|
||||||
|
nowhere.wait_until_succeeds("[[ $(kdig +short securedns.${domain} | wc -l) -ne 0 ]]", timeout=60)
|
||||||
|
nowhere.fail("[[ $(kdig +short example.com | wc -l) -ne 0 ]]")
|
||||||
|
|
||||||
|
with subtest("should have valid certificate on DoT endpoint"):
|
||||||
|
for node in dotServers:
|
||||||
|
node.wait_for_unit("acme-finished-securedns.${domain}.target")
|
||||||
|
nowhere.wait_until_succeeds("openssl </dev/null s_client -connect securedns.${domain}:853 -verify_return_error -strict -verify_hostname securedns.${domain}", timeout=60)
|
||||||
|
'';
|
||||||
|
}
|
Loading…
Reference in a new issue