Add Docker-based Jepsen environment for GitHub Actions

Author: bootjp

.github/workflows/jepsen-docker.yml

@@ -0,0 +1,92 @@
+name: Jepsen Docker Run
+
+on:
+  workflow_dispatch:
+    inputs:
+      time-limit:
+        description: "Workload runtime seconds"
+        required: false
+        default: "60"
+      rate:
+        description: "Ops/sec per worker"
+        required: false
+        default: "10"
+      faults:
+        description: "Comma-separated faults (partition,kill,clock)"
+        required: false
+        default: "partition,kill,clock"
+
+jobs:
+  jepsen-docker:
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.25.5"
+
+      - name: Set up Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+
+      - name: Install Leiningen
+        run: |
+          curl -L https://raw.githubusercontent.com/technomancy/leiningen/stable/bin/lein > lein
+          chmod +x lein
+          sudo mv lein /usr/local/bin/
+
+      - name: Start Jepsen Docker Cluster
+        working-directory: jepsen/docker
+        run: bash up.sh
+
+      - name: Run Jepsen workload
+        working-directory: jepsen
+        env:
+          LEIN_JVM_OPTS: -Duser.home=${{ github.workspace }}/jepsen/tmp-home
+        run: |
+          mkdir -p tmp-home
+          # Use generated ssh config
+          export SSH_CONFIG="${{ github.workspace }}/jepsen/docker/ssh_config"
+          
+          # Jepsen needs to use the custom ssh config.
+          # Since we can't easily pass -F to Jepsen's internal SSH calls without modifying clj-ssh or using ~/.ssh/config,
+          # we will append our config to ~/.ssh/config.
+          mkdir -p ~/.ssh
+          cat $SSH_CONFIG >> ~/.ssh/config
+          chmod 600 ~/.ssh/config
+
+          lein run -m elastickv.redis-workload \
+            --nodes n1,n2,n3,n4,n5 \
+            --time-limit ${{ github.event.inputs['time-limit'] || '60' }} \
+            --rate ${{ github.event.inputs['rate'] || '10' }} \
+            --faults ${{ github.event.inputs['faults'] || 'partition,kill,clock' }} \
+            --concurrency 10 \
+            --ssh-user vagrant \
+            --ssh-key ${{ github.workspace }}/jepsen/docker/id_rsa
+
+      - name: Collect Jepsen artifacts
+        if: always()
+        working-directory: jepsen
+        run: |
+          mkdir -p ../artifacts
+          tar czf ../artifacts/results.tgz store/ || true
+
+      - name: Stop Docker Cluster
+        if: always()
+        working-directory: jepsen/docker
+        run: docker compose down -v
+
+      - name: Upload artifacts
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: jepsen-results
+          path: artifacts/results.tgz

jepsen/docker/Dockerfile

@@ -0,0 +1,52 @@
+FROM debian:bookworm
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Install dependencies
+# - openssh-server: for Jepsen control
+# - sudo: for Jepsen control
+# - iptables: for network partitioning (requires --privileged)
+# - iproute2: for network introspection
+# - netcat-openbsd: for port checking
+# - curl, wget: utilities
+# - libfaketime: for clock skew nemesis
+# - rsync: for file transfer
+# - systemd-sysv: minimal init system (optional, but good for compatibility)
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    openssh-server \
+    sudo \
+    iptables \
+    iproute2 \
+    netcat-openbsd \
+    curl \
+    wget \
+    rsync \
+    libfaketime \
+    less \
+    vim \
+    && rm -rf /var/lib/apt/lists/*
+
+# Setup SSH
+RUN mkdir /var/run/sshd
+# Allow root login with password (for simplicity in test env)
+#RUN sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
+
+# Create vagrant user
+RUN useradd -m -s /bin/bash vagrant && \
+    echo "vagrant:vagrant" | chpasswd && \
+    usermod -aG sudo vagrant
+
+# Allow sudo without password
+RUN echo "vagrant ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/vagrant
+
+# Add Vagrant insecure public key
+RUN mkdir -p /home/vagrant/.ssh && \
+    chmod 700 /home/vagrant/.ssh
+COPY vagrant.pub /home/vagrant/.ssh/authorized_keys
+RUN chmod 600 /home/vagrant/.ssh/authorized_keys && \
+    chown -R vagrant:vagrant /home/vagrant/.ssh
+
+# Expose SSH
+EXPOSE 22
+
+CMD ["/usr/sbin/sshd", "-D"]

jepsen/docker/docker-compose.yml

@@ -0,0 +1,49 @@
+services:
+  n1:
+    build: .
+    hostname: n1
+    privileged: true # Required for iptables/clock skew
+    ports:
+      - "2221:22"
+    networks:
+      - jepsen-net
+
+  n2:
+    build: .
+    hostname: n2
+    privileged: true
+    ports:
+      - "2222:22"
+    networks:
+      - jepsen-net
+
+  n3:
+    build: .
+    hostname: n3
+    privileged: true
+    ports:
+      - "2223:22"
+    networks:
+      - jepsen-net
+
+  n4:
+    build: .
+    hostname: n4
+    privileged: true
+    ports:
+      - "2224:22"
+    networks:
+      - jepsen-net
+
+  n5:
+    build: .
+    hostname: n5
+    privileged: true
+    ports:
+      - "2225:22"
+    networks:
+      - jepsen-net
+
+networks:
+  jepsen-net:
+    driver: bridge

jepsen/docker/up.sh

@@ -0,0 +1,92 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
+cd "$SCRIPT_DIR"
+
+# Generate ssh key if not exists (using Vagrant insecure key for convenience matching Dockerfile)
+if [ ! -f "id_rsa" ]; then
+    cat <<'KEY' > id_rsa
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzI
+w+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoP
+kcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2
+hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NO
+Td0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcW
+yLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQIBIwKCAQEA4iqWPJXtzZA68mKd
+ELs4jJsdyky+ewdZeNds5tjcnHU5zUYE25K+ffJED9qUWICcLZDc81TGWjHyAqD1
+Bw7XpgUwFgeUJwUlzQurAv+/ySnxiwuaGJfhFM1CaQHzfXphgVml+fZUvnJUTvzf
+TK2Lg6EdbUE9TarUlBf/xPfuEhMSlIE5keb/Zz3/LUlRg8yDqz5w+QWVJ4utnKnK
+iqwZN0mwpwU7YSyJhlT4YV1F3n4YjLswM5wJs2oqm0jssQu/BT0tyEXNDYBLEF4A
+sClaWuSJ2kjq7KhrrYXzagqhnSei9ODYFShJu8UWVec3Ihb5ZXlzO6vdNQ1J9Xsf
+4m+2ywKBgQD6qFxx/Rv9CNN96l/4rb14HKirC2o/orApiHmHDsURs5rUKDx0f9iP
+cXN7S1uePXuJRK/5hsubaOCx3Owd2u9gD6Oq0CsMkE4CUSiJcYrMANtx54cGH7Rk
+EjFZxK8xAv1ldELEyxrFqkbE4BKd8QOt414qjvTGyAK+OLD3M2QdCQKBgQDtx8pN
+CAxR7yhHbIWT1AH66+XWN8bXq7l3RO/ukeaci98JfkbkxURZhtxV/HHuvUhnPLdX
+3TwygPBYZFNo4pzVEhzWoTtnEtrFueKxyc3+LjZpuo+mBlQ6ORtfgkr9gBVphXZG
+YEzkCD3lVdl8L4cw9BVpKrJCs1c5taGjDgdInQKBgHm/fVvv96bJxc9x1tffXAcj
+3OVdUN0UgXNCSaf/3A/phbeBQe9xS+3mpc4r6qvx+iy69mNBeNZ0xOitIjpjBo2+
+dBEjSBwLk5q5tJqHmy/jKMJL4n9ROlx93XS+njxgibTvU6Fp9w+NOFD/HvxB3Tcz
+6+jJF85D5BNAG3DBMKBjAoGBAOAxZvgsKN+JuENXsST7F89Tck2iTcQIT8g5rwWC
+P9Vt74yboe2kDT531w8+egz7nAmRBKNM751U/95P9t88EDacDI/Z2OwnuFQHCPDF
+llYOUI+SpLJ6/vURRbHSnnn8a/XG+nzedGH5JGqEJNQsz+xT2axM0/W/CRknmGaJ
+kda/AoGANWrLCz708y7VYgAtW2Uf1DPOIYMdvo6fxIB5i9ZfISgcJ/bbCUkFrhoH
++vq/5CIWxCPp0f85R4qxxQ5ihxJ0YDQT9Jpx4TMss4PSavPaBH3RXow5Ohe+bYoQ
+NE5OgEXk2wVfZczCZpigBKbKZHNYcelXtTt/nP3rsCuGcM4h53s=
+-----END RSA PRIVATE KEY-----
+KEY
+    chmod 600 id_rsa
+fi
+
+echo "Starting containers..."
+docker compose up -d --build
+
+echo "Generating ssh config..."
+cat <<EOF > ssh_config
+Host n1
+  HostName 127.0.0.1
+  User vagrant
+  Port 2221
+  IdentityFile $SCRIPT_DIR/id_rsa
+  StrictHostKeyChecking no
+  UserKnownHostsFile /dev/null
+  LogLevel ERROR
+
+Host n2
+  HostName 127.0.0.1
+  User vagrant
+  Port 2222
+  IdentityFile $SCRIPT_DIR/id_rsa
+  StrictHostKeyChecking no
+  UserKnownHostsFile /dev/null
+  LogLevel ERROR
+
+Host n3
+  HostName 127.0.0.1
+  User vagrant
+  Port 2223
+  IdentityFile $SCRIPT_DIR/id_rsa
+  StrictHostKeyChecking no
+  UserKnownHostsFile /dev/null
+  LogLevel ERROR
+
+Host n4
+  HostName 127.0.0.1
+  User vagrant
+  Port 2224
+  IdentityFile $SCRIPT_DIR/id_rsa
+  StrictHostKeyChecking no
+  UserKnownHostsFile /dev/null
+  LogLevel ERROR
+
+Host n5
+  HostName 127.0.0.1
+  User vagrant
+  Port 2225
+  IdentityFile $SCRIPT_DIR/id_rsa
+  StrictHostKeyChecking no
+  UserKnownHostsFile /dev/null
+  LogLevel ERROR
+EOF
+
+echo "Done. Use 'ssh -F jepsen/docker/ssh_config n1' to connect."

jepsen/docker/vagrant.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDo0XyJqWW9BWnbZYOROSyu2+n15ZbrgPGFa/pM+E4xmHu4B8yMPp4jbWRhR8w/Pr9SNmCeqF3r3LdWHktKPR2cjduPaoAoM1BbXTii7+iHnaZaqD5HJhXQhr3Y+QQOjcYVMFyQU8hMAzMF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key