Skip to content

add option to disable ssh port forwarding #29

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pkr4711 merged 1 commit into from
May 26, 2026
Merged

add option to disable ssh port forwarding #29

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 39 additions & 0 deletions modules/testing/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,3 +103,42 @@ drwxr-xr-x 2 cinder cinder 4.0K Feb 24 08:16 .
drwxr-xr-x 6 cinder cinder 4.0K Feb 24 08:09 ..
-rw------- 1 cinder cinder 268 Feb 24 08:16 volume-64159e0c-18bb-449f-b1e0-86f198b170e4
```

## Port Forwarding

* Port forwarding is enabled by default for `controllerVM` and `storageVM` and disabled for `computeVM`.
* If multiple computeVMs are used, a separate port must be assigned to each node; otherwise, collisions will occur.

### Default ssh port forwards

* controllerVM: `2022`
* storageVM: `2122`
* computeVM: `n/a`

### Change default ports

```nix

pkgs.nixosTest {

nodes.controllerVM =
{ ... }:
{
openstack-testing.sshHostPort = 2044; # default was: 2022
};

nodes.computeVM =
{ ... }:
{
openstack-testing.enable = true; # enable / disable all port forwardings
openstack-testing.sshHostPort = 3022;
};

nodes.computeVM2 =
{ ... }:
{
openstack-testing.enable = true; # enable / disable all port forwardings
openstack-testing.sshHostPort = 3122;
};
}
```
Comment thread
coderabbitai[bot] marked this conversation as resolved.
116 changes: 95 additions & 21 deletions modules/testing/default.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,68 @@ let
};
};

portForwarding =
portForwardingStorage =
Comment thread
hertrste marked this conversation as resolved.
{ config, lib, ... }:
with lib;
let
cfg = config.openstack-testing;
in
{
options.openstack-testing = {
Comment thread
hertrste marked this conversation as resolved.
enable = mkEnableOption "Enable port forwarding." // {
default = true;
};
sshHostPort = mkOption {
default = 2122;
type = types.port;
description = ''
Host port to make the ssh server available.
'';
};
};
config = mkIf cfg.enable {
virtualisation.forwardPorts = [
{
from = "host";
host.port = cfg.sshHostPort;
guest.port = 22;
}
];
};
};

portForwardingCompute =
{ config, lib, ... }:
with lib;
let
cfg = config.openstack-testing;
in
{
options.openstack-testing = {
enable = mkEnableOption "Enable port forwarding." // {
# If multiple nodes are used, a separate port must be assigned to each node; otherwise, collisions will occur.
# We disable ssh port forwarding for compute nodes as default.
default = false;
};
sshHostPort = mkOption {
type = types.port;
description = ''
Host port to make the ssh server available.
'';
};
};
config = mkIf cfg.enable {
virtualisation.forwardPorts = [
{
from = "host";
host.port = cfg.sshHostPort;
guest.port = 22;
}
];
};
};

portForwardingController =
{ config, lib, ... }:
with lib;
let
Expand Down Expand Up @@ -92,6 +153,13 @@ let
the configuration of the dashboard.
'';
};
sshHostPort = mkOption {
default = 2022;
type = types.port;
description = ''
Host port to make the ssh server available.
'';
};
Comment thread
hertrste marked this conversation as resolved.
};
config = mkIf cfg.enable {
virtualisation.forwardPorts = [
Expand All @@ -110,6 +178,11 @@ let
host.port = cfg.vncProxyHostPort;
guest.port = 6080;
}
{
from = "host";
host.port = cfg.sshHostPort;
guest.port = 22;
}
];
};
};
Expand All @@ -129,9 +202,13 @@ in
{
imports = [
common
portForwarding
portForwardingController
];

# this is an example how to enable / disable all port forwardings or change port numbers
# openstack-testing.enable = true;
# openstack-testing.sshHostPort = 1122;

virtualisation = {
cores = 4;
memorySize = 6144;
Expand All @@ -144,14 +221,6 @@ in
vlan = 2;
};
};
# enable ssh access
forwardPorts = [
{
from = "host";
host.port = 1122;
guest.port = 22;
}
];
};

systemd.services.openstack-create-vm = {
Expand Down Expand Up @@ -232,7 +301,14 @@ in
testCompute =
{ ... }:
{
imports = [ common ];
imports = [
common
portForwardingCompute
];

# this is an example how to enable / disable all port forwardings or change port numbers
# openstack-testing.enable = true; # enable / disable all port forwardings
# openstack-testing.sshHostPort = 3022;

virtualisation = {
memorySize = 4096;
Expand Down Expand Up @@ -271,14 +347,20 @@ in
};
};
};

};

testStorage =
{ ... }:
{

imports = [ common ];
imports = [
common
portForwardingStorage
];

# this is an example how to enable / disable all port forwardings or change port numbers
# openstack-testing.enable = true; # enable / disable all port forwardings
# openstack-testing.sshHostPort = 2022;

Comment on lines +361 to 364
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Use a non-conflicting SSH port in the storage example.

Line 363 uses 2022, which is also the controller default. Given this PR’s collision-avoidance goal, the example should use a distinct value (for example 2122, matching storage default).

Suggested edit 
-      # openstack-testing.sshHostPort = 2022;
+      # openstack-testing.sshHostPort = 2122;
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# this is an example how to enable / disable all port forwardings or change port numbers
# openstack-testing.enable = true; # enable / disable all port forwardings
# openstack-testing.sshHostPort = 2022;
# this is an example how to enable / disable all port forwardings or change port numbers
# openstack-testing.enable = true; # enable / disable all port forwardings
# openstack-testing.sshHostPort = 2122;
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@modules/testing/default.nix` around lines 361 - 364, Update the example SSH
port to avoid collision: change the example value for
openstack-testing.sshHostPort from 2022 to 2122 (matching the storage default)
in the modules/testing/default.nix example block so the example no longer
conflicts with the controller default.

virtualisation = {
memorySize = 4096;
Expand All @@ -296,14 +378,6 @@ in
vlan = 2;
};
};
# enable ssh access
forwardPorts = [
{
from = "host";
host.port = 2022;
guest.port = 22;
}
];
};

systemd.network = {
Expand Down
6 changes: 6 additions & 0 deletions tests/openstack-live-migration.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,9 @@ pkgs.nixosTest {
(novaConfigForIp "10.0.0.39")
];

openstack-testing.enable = true; # enable / disable all port forwardings
openstack-testing.sshHostPort = 3022;

networking.extraHosts = ''
10.0.0.40 computeVM2 computeVM2.local
'';
Expand All @@ -156,6 +159,9 @@ pkgs.nixosTest {
(novaConfigForIp "10.0.0.40")
];

openstack-testing.enable = true; # enable / disable all port forwardings
openstack-testing.sshHostPort = 3122;

networking.extraHosts = ''
10.0.0.39 computeVM computeVM.local
'';
Expand Down
Loading