Would appreciate some help on this. Given the need to disable strongswan tests, I doubt there is a better place to go ask this.
Thanks in advance once again. Piyush On Wed, Apr 26, 2017 at 5:27 PM, Piyush Agarwal <[email protected]> wrote: > Yes I did. Did not help, got same issue. > > I guess I'll go the way of modifying configure and generating a private > .deb file (that sets piddir to be /etc/ipsec.d/run). > > However, when I download deb-src and _WITHOUT_ any change of mine, just > rebuild it, I seem to have a test failure: > > Running suite 'settings': > Running case 'get/set_str (basic behavior)': +++++ > Running case 'get/set_bool': ++ > Running case 'get/set_int': ++ > Running case 'get/set_double': ++ > Running case 'get/set_time': ++ > Running case 'section enumerator': + > Running case 'key/value enumerator': + > Running case 'include/load_files[_section]': ++- > * Failure in 'test_load_files_section': > !settings->load_files_section(settings, include1".no", TRUE, "") > (suites/test_settings.c:650, i = 0)* > > > I even tried disabling running tests by using the following command: > sudo DEB_BUILD_OPTIONS=nocheck debuild -us -uc -b > > Does anyone know either (i) How to disable tests or (ii) What the test > failure is without any code change whatsoever? > > Thank you. > Piyush > > > > On Wed, Apr 26, 2017 at 5:18 PM, Noel Kuntze < > [email protected]> wrote: > >> Hello Piyush, >> >> Did you try copying the files, instead of symlinking? >> >> On 27.04.2017 01:04, Piyush Agarwal wrote: >> > Hi Noel, >> > Many thanks for the pointer. Your second suggestion might not work >> though: in addition to changing daemon name, ipsec_starter also looks for >> an actual daemon with that name which it won't find unless it is indeed >> "charon" always. >> > >> > My two namespaces here are "gateway" and "relay". >> > >> > a@strongswan3:~/strongswan$ sudo ip netns exec gateway >> /usr/lib/ipsec/starter --daemon charon_gateway >> > Starting strongSwan 5.1.2 IPsec [starter]... >> > Disabling charon_gatewaystart option, '/usr/lib/ipsec/charon_gateway' >> not found >> > >> > I then tried to symlink such that /usr/lib/ipsec/charon_gateway and >> /usr/lib/ipsec/charon_relay are available (and pointing to >> /usr/lib/ipsec/charon). But that leads to more mess with the daemon getting >> continuously restarted. >> > >> > a@strongswan3:~/strongswan$ ps aux | grep ipsec >> > root 6114 0.1 0.0 15160 1456 ? Ss 22:58 0:00 >> /usr/lib/ipsec/starter --daemon charon_relay >> > root 6253 0.0 0.0 552128 7228 ? Ssl 22:59 0:00 >> /usr/lib/ipsec/charon_relay --use-syslog >> > >> > a@strongswan3:~/strongswan$ ps aux | grep ipsec >> > root 6114 0.1 0.0 15160 1456 ? Ss 22:58 0:00 >> /usr/lib/ipsec/starter --daemon charon_relay >> > root 6535 0.0 0.0 552128 5044 ? Ssl 23:03 0:00 >> /usr/lib/ipsec/charon_relay --use-syslog >> > >> > Sigh. >> > >> > >> > On Wed, Apr 26, 2017 at 3:27 PM, Noel Kuntze >> <[email protected] <mailto: >> [email protected]>> wrote: >> > >> > I just took a look at it and it seems you can change the file's >> name by setting the --daemon[1] >> > parameter of ipsec starter. >> > >> > [1] https://github.com/strongswan/strongswan/blob/master/src/sta >> rter/starter.c#L291 <https://github.com/strongswan >> /strongswan/blob/master/src/starter/starter.c#L291> >> > >> > On 27.04.2017 00 <tel:27.04.2017%2000>:25, Noel Kuntze wrote: >> > > Hello Piyush, >> > > >> > > The path to the PID file is hard coded during build time. >> > > Take a look at the source code of starter[1] and track the >> > > variable assignments down. >> > > >> > > [1] https://github.com/strongswan/strongswan/tree/master/src/sta >> rter <https://github.com/strongswan/strongswan/tree/master/src/starter> >> > > >> > > Kind regards, >> > > Noel >> > > >> > > On 27.04.2017 00 <tel:27.04.2017%2000>:14, Piyush Agarwal wrote: >> > >> Hi Noel, >> > >> Thanks for your reply but I am not sure I completely understood >> your answer. >> > >> >> > >> While waiting for a reply to my question, I tried this though: >> > >> >> > >> 1) Downloaded strongswan-starter deb file. Unpacked it. >> > >> 2) Changed IPSEC_PIDDIR in usr/sbin/ipsec file to point to >> /etc/ipsec.d/run (rather than /var/run) >> > >> 3) Re-built the deb file >> > >> 4) Installed this new deb file on my ubuntu 14.04 host >> > >> 5) Now ipsec binary does report piddir to be the changed >> location: >> > >> >> > >> a@strongswan3:~$ sudo ip netns exec blue ipsec --piddir >> > >> /etc/ipsec.d/run >> > >> >> > >> But charon seems to still think the piddir is /var/run and hence >> wouldn't start the second instance. >> > >> >> > >> a@strongswan3:~$ sudo ip netns exec red ipsec start >> > >> Starting strongSwan 5.1.2 IPsec [starter]... >> > >> charon is already running (/var/run/charon.pid exists) -- >> skipping daemon start >> > >> starter is already running (/var/run/starter.charon.pid exists) >> -- no fork done >> > >> >> > >> So obviously charon is getting its piddir from somewhere else. I >> am looking for source code to modify such that charon's piddir is not >> hardcoded to /var/run (as it currently seems to be). I'd like to make it >> modifiable via either a command line, conf file or some other similar way. >> Perhaps I may be okay to even hardcode it in my private .deb file to be >> /etc/ipsec.d/run rather than /var/run. >> > >> >> > >> Is there any pointer to achieving this? Requiring install from >> source code and modifying ./configure options to change piddir is just a >> no-go for me unfortunately. >> > >> >> > >> Thank you. >> > >> Piyush >> > >> >> > >> On Wed, Apr 26, 2017 at 11:23 AM, Noel Kuntze >> <[email protected] <mailto:[email protected] >> <mailto:[email protected]>>> wrote: >> > >> >> > >> You can't do that when you start charon using "ipsec" (which >> implicitely calls "ipsec starter". >> > >> You can do it with charon-systemd, though (but then you need >> to start it using systemd and you get a similiar problem). >> > >> >> > >> On 26.04.2017 20 <tel:26.04.2017%2020> >> <tel:26.04.2017%2020>:11, Piyush Agarwal wrote: >> > >> > Hi, >> > >> > I need to run multiple ipsec charon daemons in multiple >> mininet namespaces (perhaps some semantics change from ip namespaces). >> > >> > >> > >> > Sure enough, on following steps from >> https://wiki.strongswan.org/projects/strongswan/wiki/Netns < >> https://wiki.strongswan.org/projects/strongswan/wiki/Netns> < >> https://wiki.strongswan.org/projects/strongswan/wiki/Netns < >> https://wiki.strongswan.org/projects/strongswan/wiki/Netns>> (including >> piddir change), I could get multiple charon daemons running with*ip network >> namespaces*. >> > >> > >> > >> > I am not trying to achieve two things: >> > >> > 1) Run multiple charon daemons with mininet namespaces >> > >> > 2) Be able to do so without requiring piddir configuration >> option change. >> > >> > >> > >> > Regarding (1): I am not sure if mininet namespaces provide >> for bind mounting anything /etc/netns/<namespace name>/ to /etc/ for the >> process running in that network namespace -- if it doesn't, I will bind >> mount manually before starting charon/ipsec. So this should be okay. >> > >> > >> > >> > But, I am trying to find how I can do away the piddir >> configuration change and make it work directly from the deb file install. >> Is there no way to achieve this? No environment variable that can be set? >> > >> > >> > >> > Appreciate any comments/directions/pointers. >> > >> > >> > >> > Thank you. >> > >> > Piyush >> > >> > >> > >> > >> > >> > -- >> > >> > Piyush Agarwal >> > >> > Life can only be understood backwards; but it must be >> lived forwards. >> > >> > >> > >> > >> > >> > _______________________________________________ >> > >> > Users mailing list >> > >> > [email protected] <mailto:[email protected] >> .org> <mailto:[email protected] <mailto:[email protected] >> .org>> >> > >> > https://lists.strongswan.org/mailman/listinfo/users < >> https://lists.strongswan.org/mailman/listinfo/users> < >> https://lists.strongswan.org/mailman/listinfo/users < >> https://lists.strongswan.org/mailman/listinfo/users>> >> > >> >> > >> -- >> > >> Noel Kuntze >> > >> IT security consultant >> > >> >> > >> GPG Key ID: 0x0739AD6C >> > >> Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 >> AD6C >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> -- >> > >> Piyush Agarwal >> > >> Life can only be understood backwards; but it must be lived >> forwards. >> > >> >> > >> >> > >> _______________________________________________ >> > >> Users mailing list >> > >> [email protected] <mailto:[email protected]> >> > >> https://lists.strongswan.org/mailman/listinfo/users < >> https://lists.strongswan.org/mailman/listinfo/users> >> > > >> > > >> > > >> > > _______________________________________________ >> > > Users mailing list >> > > [email protected] <mailto:[email protected]> >> > > https://lists.strongswan.org/mailman/listinfo/users < >> https://lists.strongswan.org/mailman/listinfo/users> >> > > >> > >> > >> > >> > >> > -- >> > Piyush Agarwal >> > Life can only be understood backwards; but it must be lived forwards. >> >> >> > > > -- > Piyush Agarwal > Life can only be understood backwards; but it must be lived forwards. > -- Piyush Agarwal Life can only be understood backwards; but it must be lived forwards.
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
