Versions Compared

Old Version 8

changes.mady.by.user Oleg Berzin

Saved on

compared with

New Version 9

changes.mady.by.user Oleg Berzin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Blueprint extension tests

The Test inputs

TestDescriptionResultReference
EMCO DeploymentInstall EMCO OrchestratorPass

PCEI R4 Installation Guide

Edge Cluster DeploymentDeploy Edge K8S ClustersPassPCEI R4 Installation Guide
EMCO UI AccessAccess EMCO UIPassPCEI R4 Installation Guide
Register Edge ClusterRegister Edge K8S Cluster with EMCOPass

PCEI R4 End-to-End Validation Guide

Create Service/AppCreate Service/App in EMCO for Azure IoT Edge, AWS GGC and PCEI Location API AppAll PASS

PCEI R4 End-to-End Validation Guide

Deploy Apps onto Edge ClustersDeploy Azure IoT Edge, AWS GGC and PCEI Location API Apps onto Edge K8S ClustersAll PASS

PCEI R4 End-to-End Validation Guide

Verify Azure IoT Edge with IoT ClientStart IoT Client, send messages to Azure IoT Edge. Monitor IoT Edge receive and decode messagesPASS

PCEI R4 End-to-End Validation Guide

Verify AWS GGC AppConfirm AWS GGC App registers with AWS IoT CoirePASS

PCEI R4 End-to-End Validation Guide

Verify PCEI Location API AppConfirm PCEI Location API App is running and responding to requestsPASS

PCEI R4 End-to-End Validation Guide

Test Procedure

PCEI R4 Installation Guide

...

CVECVSSURLException
CVE-2016-15859.8https://nvd.nist.gov/vuln/detail/CVE-2016-1585Requested by another BP
CVE-2017-183429.8https://nvd.nist.gov/vuln/detail/CVE-2017-18342Requested by another BP
CVE-2017-82839.8https://nvd.nist.gov/vuln/detail/CVE-2017-8283Requested by PCEI. Approved
CVE-2018-208399.8https://nvd.nist.gov/vuln/detail/CVE-2018-20839Requested by another BP
CVE-2019-170419.8https://nvd.nist.gov/vuln/detail/CVE-2019-17041Requested by another BP
CVE-2019-170429.8https://nvd.nist.gov/vuln/detail/CVE-2019-17042Requested by another BP
CVE-2019-198149.3https://nvd.nist.gov/vuln/detail/CVE-2019-19814Requested by PCEI. Approved
Lynis

Fixes for Lynis:

BOOT-5122
https://vineetcic.medium.com/how-to-set-grub-password-in-ubuntu-18-03-password-protect-boot-loader-ecb5db184054

PASS_MAX_DAYS
https://askubuntu.com/questions/424216/what-is-password-aging-limits

vi /etc/login.defs
change
PASS_MAX_DAYS 1500
UNMASK 027

NOTE: changing the UNMASK value from default 022 to 027 resulted in the Lynis test suite erroring out. Exception was granted.

KRNL-6000
https://linux-audit.com/understand-and-configure-core-dumps-work-on-linux/
echo "fs.suid_dumpable=0" >> /etc/sysctl.conf
sysctl -p

sysctl -w kernel.dmesg_restrict=1

sysctl -w net.ipv4.conf.all.accept_source_route=0

K8S Conformance

Exception Requested:

...

IDStatus
KHV002Fixed
KHV005PendingFixed
KHV050PendingFixed
CAP_NET_RAWPending


Fix for KHV002:

...

Code Block
languagebash
kubectl replace -f - <<EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "false"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  name: system:public-info-viewer
rules:
- nonResourceURLs:
  - /healthz
  - /livez
  - /readyz
  verbs:
  - get
EOF

Fix for KHV005, KHV050

On SUT K8S Cluster:

Code Block
languagebash
kubectl replace -f - <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
  name: default
  namespace: default
automountServiceAccountToken: false
EOF


Test Dashboards

Single pane view of how the test score looks like for the Blue print.

Test GroupTotal TestsPassFail
Blueprint Extension Tests990
Vuls110
Lynis110
K8S Conformance101
Kube-Hunter110



Additional Testing

None

Bottlenecks/Errata

...