[Swan-dev] time to delete old dist_certs shell script (attempt #2)?
Paul Wouters
paul at nohats.ca
Wed Jun 24 20:56:06 EEST 2015
I don't think it is guaranteed that nic boots and runs the creation script before the other VMs boot. It would add a slowdown if they do
Sent from my iPhone
> On Jun 24, 2015, at 13:06, Matt Rogers <mrogers at 0x83.com> wrote:
>
>
>
>> On June 24, 2015 11:34:53 AM EDT, "D. Hugh Redelmeier" <hugh at mimosa.com> wrote:
>> | From: Andrew Cagney <andrew.cagney at gmail.com>
>>
>> | This doesn't seem like a reason for retaining the old shell scripts -
>> | they are so far behind that they don't even generate all the required
>> | keys. BTW, best place to run dist_certs.py is on one of the test VMs
>> | (see "make kvm-keys"), and not on a host. Provided the VM is
>> | relatively recent all the necessary dependencies will have been
>> | installed for you.
>>
>> I take it that you've implemented this
>> a31d60e504dc55214914738007ff62336a7f13aa.
>>
>> Do you have a cheat-sheet of how we should make our old test setups
>> work again? Or maybe they already work. I haven't tried. I'd not
>> waste time experimenting with the test setups.
>>
>> Why did you pick "east" as the one to do the work on?
>>
>> In our wiki page about testing, at least sometimes "west" is the one
>> we do work on. I don't know why that one was chosen either.
>>
>> It seems to me that an argument can be made that we make only one of
>> the VMs heavy enough to do all these task. On the other hand, maybe
>> making them different is a mistake.
>
> In the new certificate tests I made them always launch nic, to use it as the ocsp and crl server available regardless of the vpn status. So I say we can make nic flexible with its configuration, and let that handle cert generation. I always assumed a tester would generate certs on the host machine (and I just patch the installed pyopenssl files on the host). But I see the value of it running at the start of a test run. Maybe the first test in a run can be a dummy test that runs distcerts on nic.
>
> Matt
>
>> _______________________________________________
>> Swan-dev mailing list
>> Swan-dev at lists.libreswan.org
>> https://lists.libreswan.org/mailman/listinfo/swan-dev
>
>
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
More information about the Swan-dev
mailing list