lightscale/lab/test-dns.nix

{ pkgs, serverPkg, clientPkg }:
{
  name = "lightscale-lab-dns";
  nodes = {
    node1 = { ... }: {
      networking.hostName = "node1";
      networking.usePredictableInterfaceNames = false;
      virtualisation.vlans = [ 1 ];
      networking.interfaces.eth1.useDHCP = false;
      networking.interfaces.eth1.ipv4.addresses = [
        { address = "10.0.0.1"; prefixLength = 24; }
      ];
      networking.firewall.enable = false;
      services.resolved.enable = true;
      boot.kernelModules = [ "wireguard" ];
      environment.systemPackages = [
        serverPkg
        clientPkg
        pkgs.wireguard-tools
        pkgs.iproute2
        pkgs.iputils
        pkgs.curl
        pkgs.dnsutils
      ];
    };
    node2 = { ... }: {
      networking.hostName = "node2";
      networking.usePredictableInterfaceNames = false;
      virtualisation.vlans = [ 1 ];
      networking.interfaces.eth1.useDHCP = false;
      networking.interfaces.eth1.ipv4.addresses = [
        { address = "10.0.0.2"; prefixLength = 24; }
      ];
      networking.firewall.enable = false;
      services.resolved.enable = true;
      boot.kernelModules = [ "wireguard" ];
      environment.systemPackages = [
        clientPkg
        pkgs.wireguard-tools
        pkgs.iproute2
        pkgs.iputils
        pkgs.curl
        pkgs.dnsutils
      ];
    };
  };

  testScript = ''
    start_all()
    node1.wait_for_unit("multi-user.target")
    node2.wait_for_unit("multi-user.target")
    node1.wait_until_succeeds("ip -4 addr show dev eth1 | grep -q '10.0.0.1/24'")
    node2.wait_until_succeeds("ip -4 addr show dev eth1 | grep -q '10.0.0.2/24'")

    node1.succeed("touch /tmp/lightscale-server.log")
    node1.execute("sh -c 'tail -n +1 -f /tmp/lightscale-server.log >/dev/console 2>&1 &'")
    node1.succeed(
        "systemd-run --no-block --unit=lightscale-server --service-type=simple "
        "--property=Restart=on-failure --property=RestartSec=1 "
        "--property=TimeoutStartSec=30 "
        "--property=StandardOutput=append:/tmp/lightscale-server.log "
        "--property=StandardError=append:/tmp/lightscale-server.log "
        "--setenv=RUST_LOG=info -- "
        "lightscale-server --listen 10.0.0.1:8080 --state /tmp/lightscale-state.json"
    )
    node1.wait_for_unit("lightscale-server.service")
    node1.wait_for_open_port(8080, addr="10.0.0.1", timeout=120)

    import json

    net = json.loads(node1.succeed(
        "curl -sSf -X POST http://10.0.0.1:8080/v1/networks "
        "-H 'content-type: application/json' "
        "-d '{\"name\":\"dns\",\"bootstrap_token_ttl_seconds\":600," \
        "\"bootstrap_token_uses\":10,\"bootstrap_token_tags\":[\"dns\"]}'"
    ))
    token = net["bootstrap_token"]["token"]

    def enroll(node, name, ip):
        node.succeed(
            "lightscale-client --profile dns --config /tmp/ls-config.json "
            "init http://10.0.0.1:8080"
        )
        node.succeed(
            f"lightscale-client --profile dns --config /tmp/ls-config.json "
            f"--state-dir /tmp/ls-state register --node-name {name} -- {token}"
        )
        node.succeed(
            f"lightscale-client --profile dns --config /tmp/ls-config.json "
            f"--state-dir /tmp/ls-state heartbeat --endpoint {ip}:51820"
        )

    enroll(node1, "node1", "10.0.0.1")
    enroll(node2, "node2", "10.0.0.2")

    node1.succeed(
        "lightscale-client --profile dns --config /tmp/ls-config.json "
        "--state-dir /tmp/ls-state netmap | grep -q 'peers: 1'"
    )

    node1.succeed(
        "lightscale-client --profile dns --config /tmp/ls-config.json "
        "--state-dir /tmp/ls-state dns --format hosts --output /tmp/hosts.out"
    )
    node1.succeed(
        "lightscale-client --profile dns --config /tmp/ls-config.json "
        "--state-dir /tmp/ls-state dns --format json --output /tmp/dns.json"
    )
    node1.succeed(
        "lightscale-client --profile dns --config /tmp/ls-config.json "
        "--state-dir /tmp/ls-state dns --format hosts "
        "--apply-hosts --hosts-path /tmp/hosts.apply"
    )

    state = json.loads(node1.succeed("cat /tmp/ls-state/state.json"))
    netmap = state["last_netmap"]
    node_name = netmap["node"]["dns_name"]
    peer_name = netmap["peers"][0]["dns_name"]
    dns_domain = netmap["network"]["dns_domain"]
    peer_ipv4 = netmap["peers"][0]["ipv4"]
    peer_ipv6 = netmap["peers"][0]["ipv6"]

    hosts_out = node1.succeed("cat /tmp/hosts.out")
    assert node_name in hosts_out
    assert peer_name in hosts_out
    assert state["ipv4"] in hosts_out
    assert state["ipv6"] in hosts_out

    dns_json = json.loads(node1.succeed("cat /tmp/dns.json"))
    assert dns_json["network"]["dns_domain"] == dns_domain
    record_names = [record["name"] for record in dns_json["records"]]
    assert node_name in record_names
    assert peer_name in record_names

    hosts_apply = node1.succeed("cat /tmp/hosts.apply")
    assert "# lightscale:dns begin" in hosts_apply
    assert "# lightscale:dns end" in hosts_apply
    assert node_name in hosts_apply
    assert peer_name in hosts_apply

    def start_agent(node, endpoint):
        node.succeed("touch /tmp/lightscale-agent.log")
        cmd = (
            "lightscale-client --profile dns --config /tmp/ls-config.json "
            "--state-dir /tmp/ls-state agent --listen-port 51820 "
            "--heartbeat-interval 5 --longpoll-timeout 5 "
            f"--endpoint {endpoint}"
        )
        node.succeed(
            "systemd-run --no-block --unit=lightscale-agent --service-type=simple "
            "--property=Restart=on-failure --property=RestartSec=1 "
            "--property=TimeoutStartSec=30 "
            "--property=StandardOutput=append:/tmp/lightscale-agent.log "
            "--property=StandardError=append:/tmp/lightscale-agent.log -- "
            + cmd
        )
        node.wait_for_unit("lightscale-agent.service")
        node.wait_until_succeeds("ip link show ls-dns", timeout=60)

    start_agent(node1, "10.0.0.1:51820")
    start_agent(node2, "10.0.0.2:51820")

    node1.succeed("touch /tmp/lightscale-dns.log")
    node1.succeed(
        "systemd-run --no-block --unit=lightscale-dns --service-type=simple "
        "--property=Restart=on-failure --property=RestartSec=1 "
        "--property=TimeoutStartSec=30 "
        "--property=StandardOutput=append:/tmp/lightscale-dns.log "
        "--property=StandardError=append:/tmp/lightscale-dns.log -- "
        "lightscale-client --profile dns --config /tmp/ls-config.json "
        "--state-dir /tmp/ls-state dns-serve --listen 127.0.0.1:53 "
        "--apply-resolver --interface ls-dns"
    )

    node1.wait_until_succeeds("resolvectl dns ls-dns | grep -q '127.0.0.1'", timeout=60)
    node1.wait_until_succeeds(
        f"resolvectl domain ls-dns | grep -q '~{dns_domain}'",
        timeout=60,
    )

    node1.wait_until_succeeds(
        f"dig +short @127.0.0.1 {peer_name} | grep -q '{peer_ipv4}'",
        timeout=60,
    )
    node1.wait_until_succeeds(
        f"dig +short -t AAAA @127.0.0.1 {peer_name} | grep -qi '{peer_ipv6}'",
        timeout=60,
    )
  '';
}