A CI service to test the ixy userspace network driver and its derivatives. The basic idea is to spawn three independent VMs which take on the following roles:
pktgenpushes network packets (with sequence numbers) into network 1fwdforwards all packets from network 1 to network 2pcapcaptures packets from network 2
With this setup we can simultaneously test three applications and make sure that the whole scenario
works correctly by inspecting the captured packets from pcap.
Currently only tests the Virtio driver. Testing the ixgbe driver is planned but requires infrastructure changes.
While ixy-ci does make sure that the build finishes correctly, you still may want to use ixy-ci in conjunction with traditional CI services to check builds across a larger variety of OS environments or to check things like formatting/linting.
- Correct amount of packets captured
- Sanity check of the largest received sequence number (between
n_pcapand2 * n_pcap) - No duplicate packets received
To use ixy-ci you only need to follow these instructions:
- Create a GitHub webhook for your repository (in your repository settings)
- URL:
https://ci.ixy.rs/github/webhook - Content type:
application/json - Secret (e.g.
openssl rand -base64 48); make sure to save this somewhere - Events: Issue comments & Pushes
- URL:
- Securely send your webhook secret to your ixy-ci administrator
- Open a PR adding a
ixy-ci.tomlto your repository (seeixy-ci.toml.examplefor reference) - Also make sure that your applications match the expected command line interface as described below
- Comment
@ixy-ci testin your PR until the tests pass :)
pktgen <pci addr>fwd <pci addr src> <pci addr dst>pcap <pci addr> <pcap output file> <stop after n packets>
The packets that are generated by pktgen are expected to follow the same structure and size as
in the ixy pktgen example.
These instructions are only needed when you want to deploy your own instance of ixy-ci.
- Network
pktgen-fwd- Port
pktgen - Port
fwd-in
- Port
- Network
fwd-pcap- Port
fwd-out - Port
pcap
- Port
- Network require a default subnet for port creation to succeed
- Disable "Port Security" on all ports
- Create a keypair for ixy-ci to SSH into the spawned VMs
See config.toml.example for the general format of the config.toml. The OpenStack login information
can be extracted from a generated clouds.yaml. The only additional information you have to
manually query is the project domain. You can do that like this:
# First retrieve the domain id
openstack --os-cloud openstack project show <project_name>
# Then retrieve the actual domain name
openstack --os-cloud openstack domain show <domain_id>Currently ixy-ci requires that the OpenStack CLI is available due to missing APIs in the openstack crate.
ixy-ci requires a GitHub account to post results and to interact with the GitHub API. Any account
should work though we advise to use a dedicated bot account. You need to create a personal access
token (GitHub / Setting / Developer settings) with access to the public_repo scope.
cargo build --release
cd runner; cargo build --release; cd -
docker build . -t ixy-ci
docker volume create ixy-ci-config
cp ~/.ssh/id_rsa /var/lib/docker/volumes/ixy-ci-config/_data/
cp config.toml.example /var/lib/docker/volumes/ixy-ci-config/_data/config.toml
docker run --mount source=ixy-ci-config,target=/config -p 127.0.0.1:9999:8080 --restart always -d --name ixy-ci ixy-ci
- Only allow configured users to start tests (to prevent abuse)
- Do more stuff concurrently once async/await is ready (also trussh instead of libssh2)
- Fix issue where ixy-ci cannot be terminated via ctrl+c after a message has been posted on GitHub (related: graceful shutdown?)
- Code documentation
- Track down why OpenStack project domain is required (although OpenStack CLI doesn't need it)
- Test on master branch push (+ cronjob?) => endpoint for badges which redirect to shields.io
- Dashboard with status about current job, queue, past results
- Test ixgbe driver somehow (SR-IOV, pci passthrough?)
- Integration with GitHub checks API
This project is licensed under the terms of the MIT license.