On 07/18/2017 02:55 AM, Panagiotes Mousikides wrote: > Den 2017-07-16 kl. 21:11, skrev Alan Somers: >> On Sun, Jul 16, 2017 at 2:44 PM, Panagiotes Mousikides >> <paggas1_at_yandex.com> wrote: >>> Hello everybody! >>> >>> I am working on adding tests to the FreeBSD test suite for testing >>> pf, the >>> network packet filter. >>> >>> These tests need at least two machines running and connected to each >>> other, >>> with one machine generating network traffic and the other running pf and >>> filtering the traffic. I am looking for a way to fire off a bhyve >>> instance >>> to serve as the second machine, the first being the actual machine I am >>> running the tests on. This should be done completely automatically, with >>> scripts to configure all network interfaces and to preferably also >>> set up an >>> SSH server on the bhyve instance. >>> >>> This bhyve instance could start off as running the latest stable >>> version of >>> FreeBSD, or it could be configured to run a snapshot of the development >>> tree. The aim is to have the desired version of FreeBSD that we want to >>> test running on it. Ideally this would be done in such a way that we >>> can >>> reuse the machine for further tests, instead of rebuilding everything >>> from >>> scratch for each test. >>> >>> What I am looking for is the best way to do this, preferably so that >>> it can >>> be easily integrated into the CI work being done at Jenkins. What do >>> you >>> think? Any input is welcome! >>> >>> All the best, >>> Panagiotes >> It's possible to setup CI systems that involve multiple machines >> networked together. I've done it. But it's complicated, fragile, and >> slow. I advise you to consider very carefully whether you truly need >> multiple VMs. What about creating an epair(4)? You could run pf on >> epair0b and generate traffic from epair0a. That would be faster than >> spinning up VMs, and would be very easy to integrate into any other CI >> system. Would that work? >> >> -Alan >> > Hi Alan! > > Thank you for the tip about epair(4), it sounds really like an > interesting approach to my problem. I will look into it! > > Best regards, > Panagiotes Hi, It would be great if you use vnet jails for that. I am not sure regarding the per-vnet pf functionality but I have seen many bug fixes hitting the tree since last year. You can ask on freebsd-virtualization_at_freebsd.org or freebsd-pf_at_freebsd.org to learn more about it. Pf within a jail should behave more or less like the "normal" one. Plus you will be testing per-vnet functionality, which the project needs anyhow, in one go. Best regards, NikosReceived on Thu Jul 20 2017 - 14:24:22 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:12 UTC