diff --git a/website/content/en/status/report-2024-07-2024-09/kyua.adoc b/website/content/en/status/report-2024-07-2024-09/kyua.adoc new file mode 100644 --- /dev/null +++ b/website/content/en/status/report-2024-07-2024-09/kyua.adoc @@ -0,0 +1,35 @@ +=== Kyua Jail Support + +Contact: Igor Ostapenko + +The FreeBSD Test suite (man:tests[7]) is based on man:kyua[1] framework. +Kyua already supports parallel execution of tests with `kyua -v parallelism test`. +The number of tests, which leverage man:jail[8] feature like man:VNET[9] based network tests, is growing. +Typically, such tests are marked with `is_exclusive=true` metadata property due to conflicts with jail naming and other resources. +Respectively, exclusive tests cannot be run in parallel. + +Kyua has recently got a change in 15-CURRENT to support a new concept called "execution environment". +All existing tests now use so called "host" execution environment, where they are run as usually without any change. +A test can opt-in to use a brand new execution environment, the "jail" one. +Kyua runs such tests in a temporary jail per test. +That opens opportunity to run more tests in parallel because of extra isolation provided by jail concept itself. +For instance, netpfil/pf tests can be run around 4 times faster -- a few minutes instead of half an hour. + +The following Makefile change is a quick demo of how netpfil/pf tests switched to run in parallel with jail execution environment: + + -# Tests reuse jail names and so cannot run in parallel. + -TEST_METADATA+= is_exclusive=true + +# Allow tests to run in parallel in their own jails + +TEST_METADATA+= execenv="jail" + +TEST_METADATA+= execenv_jail_params="vnet allow.raw_sockets" + +More details: + +* The key commit with detailed description: link:https://cgit.freebsd.org/src/commit/?id=257e70f1d5ee61037c8c59b116538d3b6b1427a2[257e70f1d5ee61037c8c59b116538d3b6b1427a2] +* The man pages covering the "execenv" feature: man:kyuafile[5], man:kyua.conf[5] + +This change also brings new sysctl read-only variables for general use, which expose a bit more details about current jail: + +* `security.jail.children.max: Maximum number of child jails` +* `security.jail.children.cur: Current number of child jails` +