Test system manager deployment triggered by Ansible

jfroche · jfroche · commit a07b348f23a0 · 2025-09-12T13:18:36.000+02:00
diff --git a/ansible/tasks/setup-nix.yml b/ansible/tasks/setup-nix.yml
@@ -0,0 +1,11 @@
+---
+- name: Check if nix is installed
+  ansible.builtin.command: which nix
+  register: nix_installed
+  failed_when: nix_installed.rc != 0
+  ignore_errors: true
+
+- name: Install nix
+  ansible.builtin.shell: curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install --no-confirm --extra-conf 'substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com' --extra-conf 'trusted-public-keys = nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI=% cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY='
+  when: nix_installed.rc != 0
+  become: true
diff --git a/ansible/tasks/setup-system-manager.yml b/ansible/tasks/setup-system-manager.yml
@@ -0,0 +1,7 @@
+---
+- name: Deploy system manager
+  ansible.builtin.shell: |
+    . /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
+    cd /tmp
+    nix run /flake#system-manager -- switch --flake /flake
+  become: true
diff --git a/ansible/tests/conftest.py b/ansible/tests/conftest.py
@@ -1,12 +1,76 @@
+import pytest
+import subprocess
+import testinfra
+from rich.console import Console
+
+console = Console()
+
+
 def pytest_addoption(parser):
     parser.addoption(
-        "--ansible-dir",
+        "--flake-dir",
         action="store",
-        help="Directory containing Ansible playbooks and roles",
+        help="Directory containing the current flake",
     )
 
     parser.addoption(
         "--docker-image",
         action="store",
         help="Docker image and tag to use for testing",
     )
+
+
+@pytest.fixture(scope="module")
+def host(request):
+    flake_dir = request.config.getoption("--flake-dir")
+    docker_id = (
+        subprocess.check_output(
+            [
+                "docker",
+                "run",
+                "--privileged",
+                "--cap-add",
+                "SYS_ADMIN",
+                "--security-opt",
+                "seccomp=unconfined",
+                "--cgroup-parent=docker.slice",
+                "--cgroupns",
+                "private",
+                "-v",
+                f"{flake_dir}:/flake",
+                "-d",
+                "ubuntu-cloudimg-with-tools:0.1",
+            ]
+        )
+        .decode()
+        .strip()
+    )
+    yield testinfra.get_host("docker://" + docker_id)
+    subprocess.check_call(["docker", "rm", "-f", docker_id], stdout=subprocess.DEVNULL)
+
+
+@pytest.fixture(scope="module")
+def run_ansible_playbook(host):
+    def _run_playbook(playbook_name, verbose=False):
+        cmd = [
+            "ANSIBLE_HOST_KEY_CHECKING=False",
+            "ansible-playbook",
+            "--connection=local",
+        ]
+        if verbose:
+            cmd.append("-vvv")
+        cmd.extend([
+            "-i",
+            "localhost,",
+            "--extra-vars",
+            "@/flake/ansible/vars.yml",
+            f"/flake/ansible/tests/{playbook_name}",
+        ])
+        result = host.run(" ".join(cmd))
+        if result.failed:
+            console.log(result.stdout)
+            console.log(result.stderr)
+            raise pytest.fail(
+                f"Ansible playbook {playbook_name} failed with return code {result.rc}"
+            )
+    return _run_playbook
diff --git a/ansible/tests/nix.yaml b/ansible/tests/nix.yaml
@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  tasks:
+  - import_tasks: ../tasks/setup-nix.yml
+  - import_tasks: ../tasks/setup-system-manager.yml
diff --git a/ansible/tests/test_nginx.py b/ansible/tests/test_nginx.py
@@ -1,59 +1,9 @@
 import pytest
-import subprocess
-import testinfra
-from rich.console import Console
 
-console = Console()
 
-
-@pytest.fixture(scope="session")
-def host(request):
-    ansible_dir = request.config.getoption("--ansible-dir")
-    docker_id = (
-        subprocess.check_output(
-            [
-                "docker",
-                "run",
-                "--privileged",
-                "--cap-add",
-                "SYS_ADMIN",
-                "--security-opt",
-                "seccomp=unconfined",
-                "--cgroup-parent=docker.slice",
-                "--cgroupns",
-                "private",
-                "-v",
-                f"{ansible_dir}/:/ansible/",
-                "-d",
-                "ubuntu-cloudimg-with-tools:0.1",
-            ]
-        )
-        .decode()
-        .strip()
-    )
-    yield testinfra.get_host("docker://" + docker_id)
-    subprocess.check_call(["docker", "rm", "-f", docker_id], stdout=subprocess.DEVNULL)
-
-
-@pytest.fixture(scope="session", autouse=True)
-def run_ansible(host):
-    cmd = [
-        "ANSIBLE_HOST_KEY_CHECKING=False",
-        "ansible-playbook",
-        "--connection=local",
-        "-i",
-        "localhost,",
-        "--extra-vars",
-        "@/ansible/vars.yml",
-        "/ansible/tests/nginx.yaml",
-    ]
-    result = host.run(" ".join(cmd))
-    if result.failed:
-        console.log(result.stdout)
-        console.log(result.stderr)
-        raise pytest.fail(
-            "Ansible playbook nginx.yaml failed with return code {}".format(result.rc)
-        )
+@pytest.fixture(scope="module", autouse=True)
+def run_ansible(run_ansible_playbook):
+    run_ansible_playbook("nginx.yaml")
 
 
 def test_nginx_service(host):
diff --git a/ansible/tests/test_nix.py b/ansible/tests/test_nix.py
@@ -0,0 +1,13 @@
+import pytest
+
+
+@pytest.fixture(scope="module", autouse=True)
+def run_ansible(run_ansible_playbook):
+    run_ansible_playbook("nix.yaml", verbose=True)
+
+
+def test_nix_service(host):
+    assert host.service("nix-daemon.service").is_running
+
+def test_envoy_service(host):
+    assert host.service("envoy.service").is_running
diff --git a/nix/packages/ansible-test.nix b/nix/packages/ansible-test.nix
@@ -1,48 +1,9 @@
 {
   pkgs,
   lib,
+  docker-image-ubuntu,
 }:
 let
-  ubuntu-cloudimg =
-    let
-      cloudImg = builtins.fetchurl {
-        url = "http://cloud-images-archive.ubuntu.com/releases/noble/release-20250430/ubuntu-24.04-server-cloudimg-amd64-root.tar.xz";
-        sha256 = "sha256:0rfi3qqs0sqarixfic7pzjpx7d4vldv2d98c5zjv7b90mirznvf9";
-      };
-    in
-    pkgs.runCommand "ubuntu-cloudimg" { nativeBuildInputs = [ pkgs.xz ]; } ''
-      mkdir -p $out
-      tar --exclude='dev/*' \
-          --exclude='etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service' \
-          --exclude='etc/systemd/system/multi-user.target.wants/systemd-resolved.service' \
-          --exclude='usr/lib/systemd/system/tpm-udev.service' \
-          --exclude='usr/lib/systemd/system/systemd-remount-fs.service' \
-          --exclude='usr/lib/systemd/system/systemd-resolved.service' \
-          --exclude='var/lib/apt/lists/*' \
-          -xJf ${cloudImg} -C $out
-      rm $out/bin $out/lib $out/lib64 $out/sbin
-      mkdir -p $out/run/systemd && echo 'docker' > $out/run/systemd/container
-      mkdir $out/var/lib/apt/lists/partial
-    '';
-
-  dockerImageUbuntu = pkgs.dockerTools.buildImage {
-    name = "ubuntu-cloudimg";
-    tag = "0.1";
-    created = "now";
-    extraCommands = ''
-      ln -s usr/bin
-      ln -s usr/lib
-      ln -s usr/lib64
-      ln -s usr/sbin
-    '';
-    copyToRoot = pkgs.buildEnv {
-      name = "image-root";
-      pathsToLink = [ "/" ];
-      paths = [ ubuntu-cloudimg ];
-    };
-    config.Cmd = [ "/lib/systemd/systemd" ];
-  };
-
   dockerImageUbuntuWithTools =
     let
       tools = [ pkgs.ansible ];
@@ -52,7 +13,8 @@ let
       tag = "0.1";
       created = "now";
       maxLayers = 30;
-      fromImage = dockerImageUbuntu;
+      fromImage = docker-image-ubuntu;
+      compressor = "zstd";
       config = {
         Env = [
           "PATH=${lib.makeBinPath tools}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
@@ -69,19 +31,18 @@ pkgs.writeShellApplication {
         requests
         pytest
         pytest-testinfra
+        pytest-xdist
         rich
       ]
     ))
   ];
   text = ''
     echo "Running Ansible tests..."
     export DOCKER_IMAGE=${dockerImageUbuntuWithTools.imageName}:${dockerImageUbuntuWithTools.imageTag}
-    if ! docker image inspect $DOCKER_IMAGE > /dev/null; then
-      echo "Loading Docker image..."
-      docker load < ${dockerImageUbuntuWithTools}
-    fi
-    ANSIBLE_DIR=${../../ansible}
-    pytest -p no:cacheprovider -s -v "$@" $ANSIBLE_DIR/tests --ansible-dir=$ANSIBLE_DIR --docker-image=$DOCKER_IMAGE
+    echo "Loading Docker image..."
+    docker load < ${dockerImageUbuntuWithTools}
+    FLAKE_DIR=${../..}
+    pytest -x -p no:cacheprovider -s -v "$@" $FLAKE_DIR/ansible/tests --flake-dir=$FLAKE_DIR --docker-image=$DOCKER_IMAGE
   '';
   meta = with pkgs.lib; {
     description = "Ansible test runner";
diff --git a/nix/packages/default.nix b/nix/packages/default.nix
@@ -31,7 +31,9 @@
       packages = (
         {
           build-test-ami = pkgs.callPackage ./build-test-ami.nix { };
-          ansible-test = pkgs.callPackage ./ansible-test.nix { };
+          ansible-test = pkgs.callPackage ./ansible-test.nix {
+            inherit (self'.packages) docker-image-ubuntu;
+          };
           cleanup-ami = pkgs.callPackage ./cleanup-ami.nix { };
           dbmate-tool = pkgs.callPackage ./dbmate-tool.nix { inherit (self.supabase) defaults; };
           docker-image-ubuntu = pkgs.callPackage ./docker-ubuntu.nix { };
