Test Suite - Docker: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 75: | Line 75: | ||
The swantest need Python 3.3 or later. It is necessary for subprocess to deal with 100s of threads/processes. Also pexpect is works better in 3.3. | The swantest need Python 3.3 or later. It is necessary for subprocess to deal with 100s of threads/processes. Also pexpect is works better in 3.3. | ||
=== | |||
=== Manually update the swanbase (base docker image) | |||
start the docker image. Note this instance will have access to network, via bridge docker0 | |||
<pre> | <pre> | ||
docker run -h swan --privileged --name swan -v /home/build/libreswan:/home/build/libreswan -v /sys/fs/cgroup:/sys/fs/cgroup:ro -d swanbase /usr/sbin/init | |||
docker exec -ti swan /bin/bash | |||
# to stop this instance | |||
docker stop --time=1 swan | |||
docker rm swan | |||
=== Notes === | === Notes === | ||
Revision as of 11:37, 2 September 2015
Libreswan testing suite docker adventures.
Everything below runs as root on Fedora 22
#swantest depend on python 3.3 or later yum install python3-setproctitle python3-pexpect # install docker yum -y install docker systemctl start docker.service systemctl enable docker.service wget -O /usr/local/bin/pipework https://github.com/jpetazzo/pipework/raw/master/pipework chmod a+x /usr/local/bin/pipework cd /home/build/ # clone an up to date libreswan tree from somewhere to /home/build/ cd /home/build/libreswan/testing/docker/ # check authorized_keys file edit or add your your keys in there docker build -t swanbase . # coffee break. It will download Fedora 22 + about 200 packages. It may take 15 minutes or more # my experience on blueswan real 15m18.893s user 0m0.123 sys 0m0.057s # make sure the host has netkey stack loaded ipsec _stackmanager start --netkey ipsec version |grep klips && echo you need netkey cd /home/build/libreswan/ make programs cd /home/build/libreswan/testing/pluto/ikev2-37-docker-rw ../../utils/swantest --docker iptables -F ; the iptable rules on host and docker may interfere with IKE or ESP
# show running docker containers docker ps -a # check if you have a proper docker installation? docker images # stop ALL containers docker stop $(docker ps -a -q) docker rm $(docker ps -a -q) # if your tests it create a bunch of bridge devices too. Not all of them are cleaned up. brctl show
Check if you got correct image
cd /home/build/libreswan/testing/docker docker build -t swanbase . root@jes:/home/build/libreswan/testing/docker# docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE swanbase latest d02d76e98391 2 days ago 2.986 GB docker.io/fedora 22 ded7cd95e059 3 months ago 186.5 MB
Prerequisites
The swantest need Python 3.3 or later. It is necessary for subprocess to deal with 100s of threads/processes. Also pexpect is works better in 3.3.
=== Manually update the swanbase (base docker image)
start the docker image. Note this instance will have access to network, via bridge docker0
docker run -h swan --privileged --name swan -v /home/build/libreswan:/home/build/libreswan -v /sys/fs/cgroup:/sys/fs/cgroup:ro -d swanbase /usr/sbin/init docker exec -ti swan /bin/bash # to stop this instance docker stop --time=1 swan docker rm swanNotes
# currently support install rpms (on both initiator and responder). May be separate options so can have different version on both sides. # Add strongswan package or just install runtime? or keep different image? # delete brige interfaces after the test is done # option to clean up all bridges? # make install for docker. support "ipsec start" in Docker