Test architecture/topology
...
openjdk version "1.8.0_232"
OpenJDK Runtime Environment (build 1.8.0_232-b09)
OpenJDK 64-Bit Server VM (build 25.232-b09, mixed mode)
Jenkins: Ver 2.190.2
CentOS 7
Mysql Ver 14.14 Distrib 5.6.26, for Linux
Devices Under Test
Hostname | Core | RAM | HDD | NIC | Role |
Node-0 | 8 | 40GB | 3TB | 1GB | Jenkins Master |
Node-1 | 8 | 96GB | 3TB | 1GB | Tars Framework |
Node-2 | 8 | 96GB | 3TB | 1GB | Tars Node (CVB + Type4 Application + Virtual Classroom Teacher Client + Virtual Classroom Student Client) |
Test Script
The test is to fulfill by Jenkins Job. The test script includes:
...
/usr/local/testClient/CVAppClient
The log is triggered periodically.
The log is updated to
https://nexus.akraino.org/content/sites/logs/tencent/job/TestCompileCode/
...
https://nexus.akraino.org/content/sites/logs/tencent/job/CD_Install_Tars/
BluVal Testing
1.bluval installation
mkdir demo
cd demo
mkdir results
git clone https://gerrit.akraino.org/r/validation.git
cd validation
vi tests/variables.yaml ## update k8s related ip. due to this bp do not use k8s , we don't need to change.
vi bluval/volumes.yaml
| Code Block |
|---|
volumes: # location of the ssh key to access the cluster ssh_key_dir: local: '/home/thorking/.ssh/' target: '/root/.ssh/' # location of the k8s access files (config file, certificates, keys) kube_config_dir: local: '/home/thorking/demo/.kube/' target: '/root/demo/.kube/' # location of the customized variables.yaml custom_variables_file: local: '/home/thorking/demo/validation/tests/variables.yaml' target: '/opt/akraino/validation/tests/variables.yaml' # location of the bluval-<blueprint>.yaml file blueprint_dir: local: '/home/thorking/demo/validation/bluval' target: '/opt/akraino/validation/bluval' # location on where to store the results on the local jumpserver results_dir: local: '/home/thorking/demo/results' target: '/opt/akraino/results' # location on where to store openrc file openrc: local: '/home/thorking/openrc' target: '/root/openrc' |
vi bluval/bluval-iec-type4.yaml
| Code Block |
|---|
blueprint:
name: iec-type4
layers:
- os
- docker
os: &os
-
name: lynis
what: lynis
optional: "False"
-
name: vuls
what: vuls
optional: "False"
k8s: &k8s
-
name: conformance
what: conformance
optional: "False"
-
name: kube-hunter
what: kube-hunter
optional: "False"
|
./bluval/blucon.sh -l os iec-type4
==============================================================================
Debug: /opt/akraino/results/os/vuls/debug.log
Output: /opt/akraino/results/os/vuls/output.xml
Log: /opt/akraino/results/os/vuls/log.html
Report: /opt/akraino/results/os/vuls/report.html
2. Troubleshooting
##Iptable issues for centOS8
vi /etc/firewalld/firewalld.conf
in config file change
FirewallBackend=nftables
on
FirewallBackend=iptables
save change and reload firewalld
systemctl restart firewalld.service