[Swan-dev] time to delete old dist_certs shell script (attempt #2)?

Paul Wouters paul at nohats.ca
Wed Jun 24 20:56:06 EEST 2015

I don't think it is guaranteed that nic boots and runs the creation script before the other VMs boot. It would add a slowdown if they do

Sent from my iPhone

> On Jun 24, 2015, at 13:06, Matt Rogers <mrogers at 0x83.com> wrote:
>> On June 24, 2015 11:34:53 AM EDT, "D. Hugh Redelmeier" <hugh at mimosa.com> wrote:
>> | From: Andrew Cagney <andrew.cagney at gmail.com>
>> | This doesn't seem like a reason for retaining the old shell scripts -
>> | they are so far behind that they don't even generate all the required
>> | keys.  BTW, best place to run dist_certs.py is on one of the test VMs
>> | (see "make kvm-keys"), and not on a host.  Provided the VM is
>> | relatively recent all the necessary dependencies will have been
>> | installed for you.
>> I take it that you've implemented this
>> a31d60e504dc55214914738007ff62336a7f13aa.
>> Do you have a cheat-sheet of how we should make our old test setups
>> work again?  Or maybe they already work.  I haven't tried.  I'd not
>> waste time experimenting with the test setups.
>> Why did you pick "east" as the one to do the work on?
>> In our wiki page about testing, at least sometimes "west" is the one
>> we do work on.  I don't know why that one was chosen either.
>> It seems to me that an argument can be made that we make only one of
>> the VMs heavy enough to do all these task.  On the other hand, maybe
>> making them different is a mistake.
> In the new certificate tests I made them always launch nic, to use it as the ocsp and crl server available regardless of the vpn status. So I say  we can make nic flexible with its configuration, and let that handle cert generation. I always assumed a tester would generate certs on the host machine (and I just patch the installed pyopenssl files on the host). But I see the value of it running at the start of a test run. Maybe the first test in a run can be a dummy test that runs distcerts on nic. 
> Matt
>> _______________________________________________
>> Swan-dev mailing list
>> Swan-dev at lists.libreswan.org
>> https://lists.libreswan.org/mailman/listinfo/swan-dev
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev

More information about the Swan-dev mailing list