[Swan-dev] [Testing] Test Suite & Docker

Ondrej Moris omoris at redhat.com
Wed May 11 11:42:37 UTC 2016 

Hi,

a few months ago I became aware of "libreswan testing suite docker
adventures" [1].Then I had a chance to have a brief chat about it with
Paul during his visit on DevConf in Brno, Czech Republic. Since it
looked more or less like an experiment which was stalled at some point
and I considered it to be very interesting idea I promised to lend a
hand with it.

There are two main reasons why I think it is worth resurrection:

(1) It is faster and cleaner way of multi-host network testing, network
namespaces represent transparent network separation (different IP
stacks) and no baremetal is needed for test suite execution.

(2) It will allow to run the test suite on more linux distributions.
There are docker base images for Fedora, RHEL, Debian, (Open) SUSE (LE),
etc.The current test suite based on KVM virtualization has an essential
dependency on 9P filesystem since guests need to share testing directory
with their host. However, 9P FS is not available in all kernel and qemu
distributions and it is no longer maintained AFAIK. Relaxing this
dependency (e.g. via NFS) seems to be too complicated and might
interfere with the testing. On the other hand there is docker based on
concepts of control groups and namespaces which are widespread in linux
distributions for some time.

Following steps in [1] test suite can be set-up easily, however it is
not possible to execute any test at the moment. Obviously that part of
the docker adventures are yet to happen. Moreover there are various
mutually independent bits related to docker in testing directory
(docker, pluto/ikev2-37-docker-rw/docker,
pluto/ikev2-37-docker-rw/runme.sh and utils/swantest).

At the moment, most viable option seems to be runme.sh but it is calling
non-existing guestbin/swan-docker-run. I guess swan-run can be used
there with some very minor updates, is that what swan-docker-run was
meant to be?

Clearly docker and and pluto/ikev2-37-docker-rw/dockerare just some PoC
with no future progress, is that correct?

Finally, there are docker test execution code in swantest but it is not
used anywhere. This seems to be rather complex and I am not sure how
complete it is. I guess it represents the same functionality as
runme.sh, doesn't it?

Clearly, the only missing step in "dockerization" of the test suite is
to finish the test driver (i.e. probably having runme.sh steps covered
by swantest code). Test cases are basically already both KVM and Docker
friendly.

So the crucial question is - are you interested in discussing future of
the remaining parts of docker test suite?

[1] https://libreswan.org/wiki/Test_Suite_-_Docker

--
Ondrej Moris
Red Hat

More information about the Swan-dev mailing list