Hi, a few months ago I became aware of "libreswan testing suite docker adventures" [1].Then I had a chance to have a brief chat about it with Paul during his visit on DevConf in Brno, Czech Republic. Since it looked more or less like an experiment which was stalled at some point and I considered it to be very interesting idea I promised to lend a hand with it.
There are two main reasons why I think it is worth resurrection: (1) It is faster and cleaner way of multi-host network testing, network namespaces represent transparent network separation (different IP stacks) and no baremetal is needed for test suite execution. (2) It will allow to run the test suite on more linux distributions. There are docker base images for Fedora, RHEL, Debian, (Open) SUSE (LE), etc.The current test suite based on KVM virtualization has an essential dependency on 9P filesystem since guests need to share testing directory with their host. However, 9P FS is not available in all kernel and qemu distributions and it is no longer maintained AFAIK. Relaxing this dependency (e.g. via NFS) seems to be too complicated and might interfere with the testing. On the other hand there is docker based on concepts of control groups and namespaces which are widespread in linux distributions for some time. Following steps in [1] test suite can be set-up easily, however it is not possible to execute any test at the moment. Obviously that part of the docker adventures are yet to happen. Moreover there are various mutually independent bits related to docker in testing directory (docker, pluto/ikev2-37-docker-rw/docker, pluto/ikev2-37-docker-rw/runme.sh and utils/swantest). At the moment, most viable option seems to be runme.sh but it is calling non-existing guestbin/swan-docker-run. I guess swan-run can be used there with some very minor updates, is that what swan-docker-run was meant to be? Clearly docker and and pluto/ikev2-37-docker-rw/dockerare just some PoC with no future progress, is that correct? Finally, there are docker test execution code in swantest but it is not used anywhere. This seems to be rather complex and I am not sure how complete it is. I guess it represents the same functionality as runme.sh, doesn't it? Clearly, the only missing step in "dockerization" of the test suite is to finish the test driver (i.e. probably having runme.sh steps covered by swantest code). Test cases are basically already both KVM and Docker friendly. So the crucial question is - are you interested in discussing future of the remaining parts of docker test suite? [1] https://libreswan.org/wiki/Test_Suite_-_Docker -- Ondrej Moris Red Hat _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
