Attention is currently required from: pespin.

View Change

1 comment:

• Patchset:

  • Patch Set #5:

    Testing around with the gerrit verification job for osmo-upf, I found out: […]

    i was able to login on the build slave via ssh and fixed the workspace.

    Only adding '--cap-add NET_ADMIN' is not sufficient,
    I also have to run as root in the docker container.

    An alternative would be to install /sbin/setcap in the docker image
    and add cap_net_admin to the osmo-upf binary. But then we face the dilemma
    that the user 'build' is not allowed to setcap.

    All of these problems with adding system crucial permissions to a gerrit job
    makes me consider other ways out:

    • do not run the vty tests in the gerrit job: no. The vty tests must be run.
    • add a cmdline option that switches off / mocks the kernel features solely for the purpose of running the VTY tests.

    OTOH, we will likely face the exact same problems in ttcn3 tests.
    We could switch off GTP kernel features there, too, but then we cannot verify that GTP handling is working as expected using actual GTP. At the moment the ttcn3-hacks/upf/ tests do not test actual GTP, but we most likely want to add that in the near future.

    Yet again it may not be desirable to actually employ the GTP kernel features (GTP module and nftables) on our build jobs, because i'm not sure that these features are actually being contained properly by docker. We would likely enable GTP capsulation and forwarding on the *host* system instead of inside the testing container ... ?

    I'd appreciate knowledge, opinions and input on this, if anyone has any.

To view, visit change 28309. To unsubscribe, or for help writing mail filters, visit settings.