Unfortunately, the Libreswan v4.15 shipped with Ubuntu 24.04 is very
unstable. Tests are failing frequently even on re-run. In a few
investigated failures pluto went into a state where it reports all
connections active on one side, while they do not have established
IKE SA. When pluto itself thinks that connections are active, we can't
really work around such issues without in-depth analysis of the ipsec
state, which we can't and really should not perform. Reconciliation
logic in ovs-monitor-ipsec can help, but not in such cases.
Build Libreswan v5.1 from sources instead. This version is way more
stable than any 4.x version. This will also turn on the NxN ping
test that is skipped on 4.x due to instability.
Fixes: 415628c419fd ("ci: Update GitHub actions runner from Ubuntu 22.04 to
24.04.")
Signed-off-by: Ilya Maximets <i.maxim...@ovn.org>
---
.github/workflows/build-and-test.yml | 68 ++++++++++++++++++++++++++--
1 file changed, 65 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/build-and-test.yml
b/.github/workflows/build-and-test.yml
index 133d53c20..64e9feabd 100644
--- a/.github/workflows/build-and-test.yml
+++ b/.github/workflows/build-and-test.yml
@@ -78,12 +78,66 @@ jobs:
if: steps.dpdk_cache.outputs.cache-hit != 'true'
run: ./.ci/dpdk-build.sh
+ build-libreswan:
+ strategy:
+ matrix:
+ runner: [ubuntu-24.04]
+ env:
+ dependencies: build-essential fakeroot devscripts equivs
+ libreswan_ver: v5.1
+ name: libreswan
+ outputs:
+ libreswan_key: ${{ steps.gen_libreswan_key.outputs.key }}
+ runs-on: ${{ matrix.runner }}
+ timeout-minutes: 30
+
+ steps:
+ - name: Checkout Libreswan
+ uses: actions/checkout@v4
+ with:
+ repository: libreswan/libreswan
+ path: libreswan
+ ref: ${{ env.libreswan_ver }}
+
+ - name: generate cache key
+ id: gen_libreswan_key
+ run: echo 'key=libreswan-${{ env.libreswan_ver }}-${{ matrix.runner }}'
+ >> $GITHUB_OUTPUT
+
+ - name: cache
+ id: libreswan_cache
+ uses: actions/cache@v4
+ with:
+ path: libreswan-deb
+ key: ${{ steps.gen_libreswan_key.outputs.key }}
+
+ - name: update APT cache
+ if: steps.libreswan_cache.outputs.cache-hit != 'true'
+ run: sudo apt update || true
+
+ - name: install common dependencies
+ if: steps.libreswan_cache.outputs.cache-hit != 'true'
+ run: sudo apt install -y ${{ env.dependencies }}
+
+ - name: install build dependencies
+ if: steps.libreswan_cache.outputs.cache-hit != 'true'
+ run: mk-build-deps --install --root-cmd sudo
+ libreswan/packaging/debian/control
+
+ - name: build
+ if: steps.libreswan_cache.outputs.cache-hit != 'true'
+ run: cd libreswan && make deb
+
+ - name: move the package to cache
+ if: steps.libreswan_cache.outputs.cache-hit != 'true'
+ run: mkdir -p libreswan-deb && mv libreswan_*.deb ./libreswan-deb
+
build-linux:
- needs: build-dpdk
+ needs: [build-dpdk, build-libreswan]
env:
dependencies: |
automake libtool gcc bc libjemalloc2 libjemalloc-dev libssl-dev \
- llvm-dev libnuma-dev selinux-policy-dev libxdp-dev lftp libreswan
+ llvm-dev libnuma-dev selinux-policy-dev libxdp-dev lftp
CC: ${{ matrix.compiler }}
DPDK: ${{ matrix.dpdk }}
DPDK_SHARED: ${{ matrix.dpdk_shared }}
@@ -225,17 +279,25 @@ jobs:
with:
python-version: ${{ env.python_default }}
- - name: cache
+ - name: DPDK cache
if: matrix.dpdk != '' || matrix.dpdk_shared != ''
uses: actions/cache@v4
with:
path: dpdk-dir
key: ${{ needs.build-dpdk.outputs.dpdk_key }}
+ - name: Libreswan cache
+ uses: actions/cache@v4
+ with:
+ path: libreswan-deb
+ key: ${{ needs.build-libreswan.outputs.libreswan_key }}
+
- name: update APT cache
run: sudo apt update || true
- name: install common dependencies
run: sudo apt install -y ${{ env.dependencies }}
+ - name: install Libreswan
+ run: sudo apt install -y ./libreswan-deb/libreswan_*.deb
- name: install libunbound libunwind python3-unbound
# GitHub Actions doesn't have 32-bit versions of these libraries.
if: matrix.m32 == ''
--
2.47.0
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
