From owner-freebsd-current@freebsd.org Thu Jul 20 16:24:22 2017 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A60ABC7B6E0; Thu, 20 Jul 2017 16:24:22 +0000 (UTC) (envelope-from nvass@gmx.com) Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2376D6F673; Thu, 20 Jul 2017 16:24:21 +0000 (UTC) (envelope-from nvass@gmx.com) Received: from iris.berlin.strato.de ([192.166.200.216]) by mail.gmx.com (mrgmx102 [212.227.17.174]) with ESMTPSA (Nemesis) id 0LaaVn-1e2e6u1vO3-00mNeM; Thu, 20 Jul 2017 18:24:19 +0200 From: Nikos Vassiliadis Subject: Re: Attn: CI/Jenkins people; Run bhyve instance for testing pf To: Panagiotes Mousikides , Alan Somers Cc: "freebsd-hackers@freebsd.org" , FreeBSD Current References: <871d6043-0c56-2c9b-1e3e-5db33898c24a@yandex.com> Message-ID: <81ab7ffc-c89d-0a79-5736-32d555366f3f@gmx.com> Date: Thu, 20 Jul 2017 18:24:13 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K0:weIlLa9zhERN7QqbSqIm+whgr3H1+E+8itVwEO7emL26as9+tJU 5pBRG1UiZKUEb4X2e4xI/9eZ3WK7JVHRECvHEHTnQHSLlO7xOWzFvMcqxVJ8yIPNFnAiu+d 4UUX2FL9cwTdkI0JCLyEB2fbi+kKPTW7eiVVNPQxgIxTYE7hok4e2NBgZhEnIA7Byuwpq7b O8KhyjwAFkk1pkh+Gj0ew== X-UI-Out-Filterresults: notjunk:1;V01:K0:eHhp1S95aoI=:XraAI9PiOnhu53Y+Yhr7Tn 815GMy03fByEfrPkYoZUkBrk/RNPnw4KmBatLBtbdfQeqjcgR4etJC1kjtKSMYDdM3IEfY3BS JkQ0LmHILv9aawYb2CAWbr/OX0TUHmbIN18ifIOQF6PWmpVb6R/oumDrnESptXVrIquw6FLcc MHpLcYPEudgP38g2oKMLLQ+3b1l1FRiOmANaKPcSwPia4rIKSTSgIOIMWK5mUmlO4PTTfAkxK ZxbahFKn5SopKWmrh4mdIBjbcFKLeoUgw6eFs0sz/0SMUV721l5XVuax7C73In2yAGu9Kb3gG 0s+vyD+CCdNEtoipGTMPM/+dwpTSCUg12aDnVy4P55/ZaC5XKwvqhFhUuyhJtJHg2qbw9Lbm6 5glmnl+oHca8KpZH6dvQwRhdR1Gk3/ShAZuAWv7eIvhty1W0/H9jyOMooRZh7R6GoIt1cuROt OiEhfEv7gYbfkvey+WMYRaGG9r9aORSeFB9IJ/PzGAya/PhGE7mlkHwLpj0A1eVaHeDFXw6/q i+dkD4KK5ub6T3VHvKbJnXBt8vN53KOvqctDtPaSxMST8UQu/Mr4VqlUuChBr7Sl3qsYPVH5Z 4vTzfG5NoY0fEUtSi97EJNfdGBIg6aFLMuNp6uEh2qPJdzyiAIBbbMHkwtInbRyC7IVtW0ymu QYfKCKH8gFjPT9a4wlNDGinZok+XvW4pb9ypXwUV0ohIPLN+zTgchwNFSmqQxHOJtPpFI8I3P YVyp8vbE+4GtAUvUtDcvHvLpewAkW2yuVS5vDK7UqLo/VuDB4sZwG7kWci36XUu55D52b6vkH VyKVuWW0YLw9680uUjYU29rz6x8lAmTOURRazBE/HyUnb+HsFI= X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jul 2017 16:24:22 -0000 On 07/18/2017 02:55 AM, Panagiotes Mousikides wrote: > Den 2017-07-16 kl. 21:11, skrev Alan Somers: >> On Sun, Jul 16, 2017 at 2:44 PM, Panagiotes Mousikides >> wrote: >>> Hello everybody! >>> >>> I am working on adding tests to the FreeBSD test suite for testing >>> pf, the >>> network packet filter. >>> >>> These tests need at least two machines running and connected to each >>> other, >>> with one machine generating network traffic and the other running pf and >>> filtering the traffic. I am looking for a way to fire off a bhyve >>> instance >>> to serve as the second machine, the first being the actual machine I am >>> running the tests on. This should be done completely automatically, with >>> scripts to configure all network interfaces and to preferably also >>> set up an >>> SSH server on the bhyve instance. >>> >>> This bhyve instance could start off as running the latest stable >>> version of >>> FreeBSD, or it could be configured to run a snapshot of the development >>> tree. The aim is to have the desired version of FreeBSD that we want to >>> test running on it. Ideally this would be done in such a way that we >>> can >>> reuse the machine for further tests, instead of rebuilding everything >>> from >>> scratch for each test. >>> >>> What I am looking for is the best way to do this, preferably so that >>> it can >>> be easily integrated into the CI work being done at Jenkins. What do >>> you >>> think? Any input is welcome! >>> >>> All the best, >>> Panagiotes >> It's possible to setup CI systems that involve multiple machines >> networked together. I've done it. But it's complicated, fragile, and >> slow. I advise you to consider very carefully whether you truly need >> multiple VMs. What about creating an epair(4)? You could run pf on >> epair0b and generate traffic from epair0a. That would be faster than >> spinning up VMs, and would be very easy to integrate into any other CI >> system. Would that work? >> >> -Alan >> > Hi Alan! > > Thank you for the tip about epair(4), it sounds really like an > interesting approach to my problem. I will look into it! > > Best regards, > Panagiotes Hi, It would be great if you use vnet jails for that. I am not sure regarding the per-vnet pf functionality but I have seen many bug fixes hitting the tree since last year. You can ask on freebsd-virtualization@freebsd.org or freebsd-pf@freebsd.org to learn more about it. Pf within a jail should behave more or less like the "normal" one. Plus you will be testing per-vnet functionality, which the project needs anyhow, in one go. Best regards, Nikos