Test Suite - Namespace: Difference between revisions
No edit summary |
No edit summary |
||
| Line 27: | Line 27: | ||
make nsrun | make nsrun | ||
</pre> | </pre> | ||
== unsupported tests == | |||
As of 2019 fall there are several tests that would hard to run in namespaces. Some are possibly impossible to run | |||
* audit based tests : auditd and kenrel messages will all go to one log and hard to trackdown when running test. You don't know which side east or west generated the | |||
* FIPS tests and non fips tests -- this sounds like a challenge. I am not sure how far it will go | |||
* "audit", "dnsoe", "fips", "ipseckey", "dnssec", "interop", "klips", "ocsp", "seccomp", "strongswan" | |||
The tests witht above won't possibly run in namespace because these tests need extra software, such as strongswan, which when installed as rpm will start with systemd and hard get right inside named. | |||
== future ideas == | |||
* tracking coredumps. | |||
Currently when there is crash of say pluto, addcon, whack..there will be a coredump. However in namespace these coredumps are mixed up. A bit hard in some case to track core by east or west or another test. One idea is strictly track the pid. When we start whack we have follow the pid and track it. | |||
* testing with different version. In theory this should be easy however need more work. One idea is bindmount /usr/local/libexec/ipsec | |||
== useful alias/fuction == | == useful alias/fuction == | ||
Revision as of 18:44, 21 September 2019
This is a quick guide to run libreswan tests under namespace. Be aware. the host would get lots of packages, need sudo without password permission
pre requists on the host
sudo without password
to check run "sudo bash -c true" if it does not ask for password you are good!
install testrun dependencies
# pre install check sudo bash -c true sudo make install-testing-rpm-dep: make nsinstall #remember this will install a pluto on your host!!
run a test
#as single test cd /home/build/libresswan/testing/pluto/basic-pluto-01 ../../utils/nsrun --ns
testrun
# run possible tests from testing/pluto/TESTLIST cd /home/build/libreswan # another important step generate x509 certifcates cd /home/build/libreswan/testing/x509/ && ./dist_certs.py && cd /home/build/libreswan/ make nsrun
unsupported tests
As of 2019 fall there are several tests that would hard to run in namespaces. Some are possibly impossible to run
- audit based tests : auditd and kenrel messages will all go to one log and hard to trackdown when running test. You don't know which side east or west generated the
- FIPS tests and non fips tests -- this sounds like a challenge. I am not sure how far it will go
- "audit", "dnsoe", "fips", "ipseckey", "dnssec", "interop", "klips", "ocsp", "seccomp", "strongswan"
The tests witht above won't possibly run in namespace because these tests need extra software, such as strongswan, which when installed as rpm will start with systemd and hard get right inside named.
future ideas
- tracking coredumps.
Currently when there is crash of say pluto, addcon, whack..there will be a coredump. However in namespace these coredumps are mixed up. A bit hard in some case to track core by east or west or another test. One idea is strictly track the pid. When we start whack we have follow the pid and track it.
- testing with different version. In theory this should be easy however need more work. One idea is bindmount /usr/local/libexec/ipsec
useful alias/fuction
NSENTER ()
{
ns=$1;
nsargs="--mount=/run/mountns/${ns} --net=/run/netns/${ns} --uts=/run/utsns/${ns}";
NSENTER_CMD="/usr/bin/nsenter ${nsargs} ";
sudo ${NSENTER_CMD} /bin/bash
}
to enter
NSENTER east-basic-pluto-01