diff options
Diffstat (limited to 'selftest/ns/README')
-rw-r--r-- | selftest/ns/README | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/selftest/ns/README b/selftest/ns/README index e9e9d0665c7..a8ad1c0444f 100644 --- a/selftest/ns/README +++ b/selftest/ns/README @@ -63,3 +63,100 @@ The veth interfaces are named vethX and vethX-br, where X is the SOCKET_WRAPPER_DEFAULT_IFACE for the testenv. The vethX-br interface is always added to the selftest0 bridge interface. +How do I use it? +================ +To use namespaces instead of socket-wrapper, just add 'USE_NAMESPACES=1' to the +make command, e.g. + +To run the 'quick' test cases using namespaces: +USE_NAMESPACES=1 make test TESTS=quick + +To setup an ad_dc testenv using namespaces: +USE_NAMESPACES=1 SELFTEST_TESTENV=ad_dc make testenv + +You can connect secondary shells to the namespace your testenv is running in. +The command to do this is a little complicated, so a helper 'nsenter.sh' script +gets autogenerated when the testenv is created. E.g. to connect to the testenv +that the ad_dc is running in, use: +./st/ad_dc/nsenter.sh + +This script also sets up the shell with all the same $SERVER/$USERNAME/etc +variables that you normally get in xterm. + +To run the ad-dc-backup autobuild job using namespaces: +USE_NAMESPACES=1 script/autobuild.py samba-ad-dc-backup --verbose --nocleanup \ + --keeplogs --tail --testbase /tmp/samba-testbase + +Using the customdc testenv, you can basically now essentially your own +light-weight samba VM. E.g. +MY_BACKUP=/home/$USER/samba-backup-prod-domain.tar.bz2 +USE_NAMESPACES=1 BACKUP_FILE=$MY_BACKUP SELFTEST_TESTENV=customdc make testenv + +You can then talk to that DC in any other shell by using +./st/customdc/nsenter.sh which enters the DC's network namespace (with +all the $SERVER/etc env variables defined). + +How to join VMs to the testenv +---------------------------------------- +I haven't tried this (beyond basic IP connectivity), but using namespaces it +should now be possible to connect a Windows VM to a Samba testenv. + +1. Work out the main selftest.pl namespace PID manually, e.g. +SELFTEST_PID= ps waux | grep selftest.pl + +2. Create a new veth to bridge between the selftest namespace and your PC's +default namespace: +sudo ip link add dev testenv-veth0 type veth peer name testenv-veth1 + +3. Move one end of the veth tunnel into the selftest namespace: +sudo ip link set testenv-veth1 netns $SELFTEST_PID + +4. Configure the veth end in the default namespace to be in the same subnet +as the selftest network: +sudo ip link set dev testenv-veth0 up +sudo ip addr add 10.0.0.63/24 dev testenv-veth0 + +5. Enter the selftest namespace, bring that end of the pipe up, and add it to +to the main selftest0 bridge (that connects all the DCs together). We also need +to add a default route from selftest back to your PC's default namespace. +nsenter -t $SELFTEST_PID --net --user --preserve-credentials +ip link set dev testenv-veth1 up +ip link set testenv-veth1 master selftest0 +ip route add default via 10.0.0.63 +logout + +Your Windows VM and samba testenv should now be able to talk to each +other over IP! + +6. The other step is to get DNS working. You probably need to add dns_hub +(10.0.0.64) as a nameserver (at least on your Windows VM). + +This should work for using RSAT tools on samba, or joining Windows to Samba +(depending on the schema version). Joining samba to Windows is a bit more +tricky, as the namespaces are tied to the *running* samba process. + +What you'd probably want to do is run the join command to the windows VM +outside of testenv, create an offline backup-file of the resulting DB, and +then plug that backup-file into the customdc testenv. (And then follow the +above veth/bridge steps to join samba to the VM). + +Note that the namespace disappears once you stop the testenv, so you'd +need to do the above steps with creating the veth interface every time +you restarted the testenv. + +Known limitations +================= +- When running a testenv, sometimes xterm can fail to startup, due to a + permissions problem with /dev/pts. This seems to be a particular problem + with the 'none' testenv. + A short-term work-around is to use a terminal that doesn't try to access + /dev/pts, e.g. just use bash as the terminal: + TERMINAL=bash TERMINAL_ARGS='--norc' USE_NAMESPACES=1 \ + SELFTEST_TESTENV=none make testenv +- Some test cases rely on socket-wrapper, so will fail when run using + namespaces. +- Currently USE_NAMESPACES maps you (i.e. $USER) to root in the new namespace. + This means any test cases that rely on being a non-root user will fail (i.e. + anything that fails under 'sudo make test' will also fail with namespaces). +- Namespaces should work within docker, but currently the 'unshare' system + call is disallowed on the gitlab CI runners. |