on 04/19/2013 15:53, Eyal Edri wrote:
----- Original Message -----
> From: "Zhou Zheng Sheng" <zhshzhou(a)linux.vnet.ibm.com>
> To: "Eyal Edri" <eedri(a)redhat.com>
> Cc: "infra" <infra(a)ovirt.org>
> Sent: Friday, April 19, 2013 4:42:45 AM
> Subject: Re: Need help to setup an slave for VDSM functional tests
>
> Thanks Eyal! The functional tests install VDSM rpms, start/stop
> services, add/delete iSCSI LUNs and NFS exports, and if we want to do
> glusterfs tests, selinux must be turned off. These actions needs root
> privilege. If we give Jenkins slave process these privilege, it results
> some security wholes in the slave OS, so I think we'd better run the
> tests in a VM slave on demand, and shutdown when idle. As you said, we
> do not have the ability to start VMs, so I think if the slave is behind
> a NAT and can not be accessed from the public network, we can give the
> Jenkins slave process those privileges. Otherwise I have to investigate
> some other means to run functional tests safely. I tried libvirt-sandbox
> but it seems very complicated to configure a system to run VDSM in
> libvirt-sandbox. What do you think?
i think that your best option will be to wait till we have a working ovirt-engine
instance running
that runs jenkins slaves.
we'll then be able to create vms on it via restapi/sdk/cli. (which i think there
might be some code for it
already that will work for ovirt, i'll have to check and get back to you).
we're also working on installing foreman soon, which can act as a tftp/pxe server to
install vms on the fly.
i don't think that the VM you're playing with /testing on should be a jenkins
slave.
the jenkins slave can run your testing code, but all your manipulations (deleting
iscsi/nfs/root access/etc..),
should be done on a different vm that the jenkins slave will connect to during the test.
do you have a wiki on your functional tests requirements/actions i can read about?
Thanks Eyal! I created the WIKI page for functional tests here.
http://www.ovirt.org/Vdsm_Functional_Tests
I agree with you on running the functional test in a separate VM other
than the Jenkins slave, so that we can give the root authority to the
process running the tests. This simplify the setup and reduce security
threats. By the way, when will it be ready to create VMs on the fly in
oVirt infrastructure?
--
Thanks and best regards!
Zhou Zheng Sheng / 周征晟
E-mail: zhshzhou(a)linux.vnet.ibm.com
Telephone: 86-10-82454397