[Swan-dev] testing and unstable dns

Tue Apr 20 15:39:16 UTC 2021

I'm a bit nervous about snapshots. We originally went with reboot uml/kvm
> between each test to ensure a clean slate. If we start re-using snapshots,
> I fear there will be secret sauces in these snapshots. While a base
> snapshot for the entire test run seems a good idea, having them per-test
> seems like a bad idea.
>

That's the idea.  A snapshot of each test domain is created right at the
very start of the test run, and just after the test domain has booted(1).
The first test would then continue as normal.  However, additional tests
can, if they want, skip the boot and revert the domain.

(1) if nothing else, because logging in triggers an automount of /testing
at present; something to do with the bash profile

> swan-prep ensures there are no leftovers of previous test. This helps us
> when 1 test breaks something, so that not all subsequent tests fail. Eg
> because there is an additional certificate in NSS or something.
>

If anything there's less chance of this as all tests see the domain exactly
as it was when first created.

> > If I were to type "reboot" in such a vm, then I'll need to first
> manually re-establish the above before entering the first shell command.
> Why should
> > namespaces be different?  If namespaces and KVM established some minimum
> environment before running tests then I think the odds of tests runing
> under both
> > frameworks would be greatly improved.
>
> Well, you cannot reboot a namespace :P
>

But you can re-initialize it, which I believe is what Antony is referring
to.

> > BTW, I'd take the above list as a starting point for discussion.
> Currently swan-prep has to deal with cleaning up from previous tests, I
> think that's a bug.
>
> Defense in depth for 1 failure to cleanup messing up 500 test results.
>
> >       I feel it would be sad to see if you move swan-prep into several
> shell
> >       scripts, instead of fixing swan-prep.
>
> whether swan-prep is one script or many doesn't matter too much to me.
> As long as it remains 1 line in the scripts to run.
>
> Note that things have been breaking for me lately too. x509 tests in
> namespaces no longer work because nss complains about importing
> duplicates - although i think this is actually an nss bug.
>

> It would be good if we can move testing to use /var/lib/ipsec/nss
> because right now we are fighting between that and /etc/ipsec.d
> and if you want to test an rpm install it gets weird.
>
> The NS directories end up root owned and cannot be deleted. I also
> suspect they are accidentally re-used at times. The test should wipe
> these at the end of the test (if --shutdown was given)
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20210420/cfb2aa00/attachment.html>