Test Suite - Dcoker F25: Difference between revisions

From Libreswan
Jump to navigation Jump to search
(Created page with "Libreswan testing suite docker adventures with Docker 1.10 or above. '''Everything below runs as root on Fedora 24''' == Setting up the host == === Prerequisites === The sw...")
 
(Replaced content with "Libreswan testing suite docker adventures with Docker 1.10 or above. '''Everything below runs as root on Fedora 24'''")
 
Line 2: Line 2:


'''Everything below runs as root on Fedora 24'''
'''Everything below runs as root on Fedora 24'''
== Setting up the host ==
=== Prerequisites ===
The swantest need Python 3.3 or later. It is necessary for subprocess to deal with 100s of threads/processes. Also pexpect is works better in 3.3.
<pre>
#swantest depend on python 3.3 or later
yum install python3-setproctitle python3-pexpect
# install docker
yum -y install docker
systemctl start docker.service
systemctl enable docker.service
wget -O /usr/local/bin/pipework  https://github.com/jpetazzo/pipework/raw/master/pipework
chmod a+x /usr/local/bin/pipework
cd /home/build/
# clone an up to date libreswan tree from somewhere to  /home/build/
cd /home/build/libreswan/testing/docker/
# check authorized_keys file edit or add your your keys in there
docker build -t swanbase .
# coffee break. It will download Fedora 22 + about 200 packages. It may take 15 minutes or more
# my experience on blueswan real 15m18.893s user 0m0.123  sys 0m0.057s
# make sure the host has netkey stack loaded
ipsec _stackmanager start --netkey
ipsec version |grep klips && echo you need netkey
cd /home/build/libreswan/
make programs
cd /home/build/libreswan/testing/pluto/ikev2-37-docker-rw
../../utils/swantest --docker
iptables  -F ; the iptable rules on host and docker may interfere with IKE or ESP
</pre>
=== setup tcpdump permissions on the host ===
https://libreswan.org/wiki/Test_Suite#tcpdump_permissions_on_the_Host
== Docker related diagnostics commands ==
<pre>
# show running docker containers
docker ps -a
# check if you have a proper docker installation?
docker images
# stop ALL containers
docker stop $(docker ps -a -q)
docker rm $(docker ps -a -q)
# if your tests it create a bunch of bridge devices too. Not all of them are cleaned up.
brctl show
</pre>
=== Check if you got correct image ===
<pre>
cd /home/build/libreswan/testing/docker
docker build -t swanbase .
root@jes:/home/build/libreswan/testing/docker# docker images
REPOSITORY          TAG                IMAGE ID            CREATED            VIRTUAL SIZE
swanbase            latest              d02d76e98391        2 days ago          2.986 GB
docker.io/fedora    22                  ded7cd95e059        3 months ago        186.5 MB
</pre>
=== Manually update the swanbase (base docker image) ===
Start the docker image by hand. Note this instance will have access to network, via bridge docker0
<pre>
docker run -h swan --privileged  --name swan -v /home/build/libreswan:/home/build/libreswan -v /sys/fs/cgroup:/sys/fs/cgroup:ro -d swanbase /usr/sbin/init
docker exec -ti swan /bin/bash
dnf -y update
# now commit the images as tag swanbase.
docker ps ; to see image id
docker commit <docker id> swanbase
# to stop this instance
docker stop --time=1 swan
docker rm swan
=== Notes ===
# currently support install rpms (on both initiator and responder). May be separate options so can have different version on both sides.
# Add strongswan package or just install runtime? or keep different image?
# delete brige interfaces after the test is done
# option to clean up all bridges?
# make install for docker. support "ipsec start" in Docker

Latest revision as of 13:04, 31 March 2017

Libreswan testing suite docker adventures with Docker 1.10 or above.

Everything below runs as root on Fedora 24

Retrieved from "https://libreswan.org/wiki/index.php?title=Test_Suite_-_Dcoker_F25&oldid=20948"