Date: Thu, 20 Jul 2017 18:24:13 +0200 From: Nikos Vassiliadis <nvass@gmx.com> To: Panagiotes Mousikides <paggas1@yandex.com>, Alan Somers <asomers@freebsd.org> Cc: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>, FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: Attn: CI/Jenkins people; Run bhyve instance for testing pf Message-ID: <81ab7ffc-c89d-0a79-5736-32d555366f3f@gmx.com> In-Reply-To: <a7468a38-5288-9eb2-b354-ec797e46d39e@yandex.com> References: <871d6043-0c56-2c9b-1e3e-5db33898c24a@yandex.com> <CAOtMX2g8T48p2jereubD46yeVpsOjmHNX_Bt7G6N0BP4kuZ%2Bdw@mail.gmail.com> <a7468a38-5288-9eb2-b354-ec797e46d39e@yandex.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 07/18/2017 02:55 AM, Panagiotes Mousikides wrote: > Den 2017-07-16 kl. 21:11, skrev Alan Somers: >> On Sun, Jul 16, 2017 at 2:44 PM, Panagiotes Mousikides >> <paggas1@yandex.com> wrote: >>> Hello everybody! >>> >>> I am working on adding tests to the FreeBSD test suite for testing >>> pf, the >>> network packet filter. >>> >>> These tests need at least two machines running and connected to each >>> other, >>> with one machine generating network traffic and the other running pf and >>> filtering the traffic. I am looking for a way to fire off a bhyve >>> instance >>> to serve as the second machine, the first being the actual machine I am >>> running the tests on. This should be done completely automatically, with >>> scripts to configure all network interfaces and to preferably also >>> set up an >>> SSH server on the bhyve instance. >>> >>> This bhyve instance could start off as running the latest stable >>> version of >>> FreeBSD, or it could be configured to run a snapshot of the development >>> tree. The aim is to have the desired version of FreeBSD that we want to >>> test running on it. Ideally this would be done in such a way that we >>> can >>> reuse the machine for further tests, instead of rebuilding everything >>> from >>> scratch for each test. >>> >>> What I am looking for is the best way to do this, preferably so that >>> it can >>> be easily integrated into the CI work being done at Jenkins. What do >>> you >>> think? Any input is welcome! >>> >>> All the best, >>> Panagiotes >> It's possible to setup CI systems that involve multiple machines >> networked together. I've done it. But it's complicated, fragile, and >> slow. I advise you to consider very carefully whether you truly need >> multiple VMs. What about creating an epair(4)? You could run pf on >> epair0b and generate traffic from epair0a. That would be faster than >> spinning up VMs, and would be very easy to integrate into any other CI >> system. Would that work? >> >> -Alan >> > Hi Alan! > > Thank you for the tip about epair(4), it sounds really like an > interesting approach to my problem. I will look into it! > > Best regards, > Panagiotes Hi, It would be great if you use vnet jails for that. I am not sure regarding the per-vnet pf functionality but I have seen many bug fixes hitting the tree since last year. You can ask on freebsd-virtualization@freebsd.org or freebsd-pf@freebsd.org to learn more about it. Pf within a jail should behave more or less like the "normal" one. Plus you will be testing per-vnet functionality, which the project needs anyhow, in one go. Best regards, Nikos
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?81ab7ffc-c89d-0a79-5736-32d555366f3f>