nixos/cloud-init: actually test ssh'ing, also, with cloud-init-created user

2025-01-22 14:45:27 +00:00 · 2020-01-18 01:09:49 +01:00 · 2020-01-18 01:09:49 +01:00 · 00347e9537
parent 3ca2fd5520
commit 00347e9537
1 changed files with 36 additions and 13 deletions
--- a/nixos/tests/cloud-init.nix
+++ b/nixos/tests/cloud-init.nix
@ -7,6 +7,9 @@ with import ../lib/testing-python.nix { inherit system pkgs; };
 with pkgs.lib;

 let
+  inherit (import ./ssh-keys.nix pkgs)
+    snakeOilPrivateKey snakeOilPublicKey;
+
  metadataDrive = pkgs.stdenv.mkDerivation {
    name = "metadata";
    buildCommand = ''
@ -18,14 +21,19 @@ let
      -   content: |
                cloudinit
          path: /tmp/cloudinit-write-file
+
+      users:
+        - default
+        - name: nixos
+          ssh_authorized_keys:
+            - "${snakeOilPublicKey}"
      EOF

      cat << EOF > $out/iso/meta-data
      instance-id: iid-local01
      local-hostname: "test"
      public-keys:
-        ec2-keypair.us-east-1:
-          - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5L7Xuh49VS5VQheFE7VDmXKH0BOnB1R0avAE91QgOB root@test
+        - "${snakeOilPublicKey}"
      EOF
      ${pkgs.cdrkit}/bin/genisoimage -volid cidata -joliet -rock -o $out/metadata.iso $out/iso
      '';
@ -35,17 +43,32 @@ in makeTest {
  meta = with pkgs.stdenv.lib.maintainers; {
    maintainers = [ lewo ];
  };
-  machine =
-    { ... }:
-    {
-      virtualisation.qemu.options = [ "-cdrom" "${metadataDrive}/metadata.iso" ];
-      services.cloud-init.enable = true;
-    };
-  testScript = ''
-      machine.start()
-      machine.wait_for_unit("cloud-init.service")
-      machine.succeed("cat /tmp/cloudinit-write-file | grep -q 'cloudinit'")
+  machine = { ... }:
+  {
+    virtualisation.qemu.options = [ "-cdrom" "${metadataDrive}/metadata.iso" ];
+    services.cloud-init.enable = true;
+    services.openssh.enable = true;

-      machine.wait_until_succeeds("cat /root/.ssh/authorized_keys | grep -q root@test")
+  };
+  testScript = ''
+    machine.wait_for_unit("cloud-init.service")
+    machine.succeed("cat /tmp/cloudinit-write-file | grep -q 'cloudinit'")
+
+    # install snakeoil ssh key and provision .ssh/config file
+    machine.succeed("mkdir -p ~/.ssh")
+    machine.succeed(
+        "cat ${snakeOilPrivateKey} > ~/.ssh/id_snakeoil"
+    )
+    machine.succeed("chmod 600 ~/.ssh/id_snakeoil")
+
+    machine.wait_for_unit("sshd.service")
+
+    # we should be able to log in as the root user, as well as the created nixos user
+    machine.succeed(
+        "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o IdentityFile=~/.ssh/id_snakeoil root@localhost 'true'"
+    )
+    machine.succeed(
+        "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o IdentityFile=~/.ssh/id_snakeoil nixos@localhost 'true'"
+    )
  '';
 }