Table of Contents maxLevel 3
Introduction
This document describes the blueprint test environment for the Smart Data Transaction for CPS blueprint. The test results and logs are posted in the Akraino Nexus at the link below:
https://nexus.akraino.org/content/sites/logs/fujitsu/job/
Akarino Test Group Information
N/A
Testing has been carried out at Fujitsu Limited labs without any Akraino Test Working Group resources.
Overall Test Architecture
Tests are carried out on the architecture shown in the diagram below.
Test Bed
The test bed consists of 4 VMs running on x86 hardware, performing deploy and ci/cd and build and master node roles, two edge nodes on ARM64 (Jetson Nano) hardware, and two sensor nodes on ARM32 (Raspberry Pi) hardware.
...
CI/CD
...
Table of Contents maxLevel 3
Introduction
This document describes the blueprint test environment for the Smart Data Transaction for CPS blueprint. The test results and logs are posted in the Akraino Nexus at the link below:
https://nexus.akraino.org/content/sites/logs/fujitsu/job/
Akarino Test Group Information
N/A
Testing has been carried out at Fujitsu Limited labs without any Akraino Test Working Group resources.
Overall Test Architecture
Tests are carried out on the architecture shown in the diagram below.
Test Bed
The test bed consists of 4 VMs running on x86 hardware, performing deploy and ci/cd and build and master node roles, two edge nodes on ARM64 (Jetson Nano) hardware, and two sensor nodes on ARM32 (Raspberry Pi) hardware.
| Node Type | Count | Hardware | OS | |
|---|---|---|---|---|
CI/CD | 1 | Intel i5, 2 cores VM | Ubuntu 20.04 | |
| Build | 1 | Intel i5, 2 cores VM | Ubuntu 20.04 | |
| Deploy | 1 | Intel i5, 2 cores VM | Ubuntu 20.04 | |
| BuildMaster | 1 | Intel i5, 2 cores VM | Ubuntu 20.04Deploy | |
| Edge | 1 | Intel i5, 2 cores VM2 | Jetson Nano, ARM Cortex-A57, 4 cores | Ubuntu 20.04 |
| Camera | 1 | Intel i5, 2 cores VM | Ubuntu 20.04 | |
| Edge | 2 | Jetson Nano, ARM Cortex-A57, 4 cores | Ubuntu 20.04 | |
| Camera | 2 | H2 | H.View HV-500E6A | N/A (pre-installed) |
...
Create ~/validation/bluval/bluval-sdtfc.yaml to customize the Test
blueprint: name: sdtfc layers: - os - k8s os: &os - name: lynis what: lynis optional: "False" k8s: &k8s - name: kube-hunter what: kube-hunter optional: "False"Update ~/validation/bluval/volumes.yaml file
volumes: # location of the ssh key to access the cluster ssh_key_dir: local: '/home/ubuntu/.ssh' target: '/root/.ssh' # location of the k8s access files (config file, certificates, keys) kube_config_dir: local: '/home/ubuntu/kube' target: '/root/.kube/' # location of the customized variables.yaml custom_variables_file: local: '/home/ubuntu/validation/tests/variables.yaml' target: '/opt/akraino/validation/tests/variables.yaml' # location of the bluval-<blueprint>.yaml file blueprint_dir: local: '/home/ubuntu/validation/bluval' target: '/opt/akraino/validation/bluval' # location on where to store the results on the local jumpserver results_dir: local: '/home/ubuntu/results' target: '/opt/akraino/results' # location on where to store openrc file openrc: local: '' target: '/root/openrc' # parameters that will be passed to the container at each layer layers: # volumes mounted at all layers; volumes specific for a different layer are below common: - custom_variables_file - blueprint_dir - results_dir hardware: - ssh_key_dir os: - ssh_key_dir networking: - ssh_key_dir docker: - ssh_key_dir k8s: - ssh_key_dir - kube_config_dir k8s_networking: - ssh_key_dir - kube_config_dir openstack: - openrc sds: sdn: vim:Update ~/validation/tests/variables.yaml file
### Input variables cluster's master host host: <IP Address> # cluster's master host address username: <username> # login name to connect to cluster password: <password> # login password to connect to cluster ssh_keyfile: /root/.ssh/id_rsa # Identity file for authenticationRun Blucon
$ bash validation/bluval/blucon.sh sdtfc
Expected output
BluVal tests should report success for all test cases.
Test Results
Vuls results (manual) Nexus URL:
Lynis results (manual) Nexus URL:
Kube-Hunter results Nexus URL:
Vuls
Nexus URL:
There are 8 CVEs with a CVSS score >= 9.0. These are exceptions requested here:
Release 5: Akraino CVE Vulnerability Exception Request
...
: /root/.ssh/id_rsa # Identity file for authenticationRun Blucon
$ bash validation/bluval/blucon.sh sdtfc
Expected output
BluVal tests should report success for all test cases.
Test Results
Vuls results (manual) Nexus URL:
Lynis results (manual) Nexus URL:
Kube-Hunter results Nexus URL:
Vuls
Nexus URL:
There are 8 CVEs with a CVSS score >= 9.0. These are exceptions requested here:
Release 5: Akraino CVE Vulnerability Exception Request
| CVE-ID | CVSS | NVD | Fix/Notes |
| CVE-2016-1585 | 9.8 | https://nvd.nist.gov/vuln/detail/CVE- |
| 2016-1585 | |
| CVE-2021- |
| 20223 | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021- |
| 20223 | |
| CVE- |
| 2022- |
| 0318 | 9.8 | https://nvd.nist.gov/vuln/detail/CVE- |
| 2022-0318 | |
| CVE- |
| 2022- |
| 1927 | 9.8 | https://nvd.nist.gov/vuln/detail/CVE- |
| 2022-1927 | |
| CVE-2022- |
| 37434 | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022- |
| 37434 | |
| CVE-2022- |
| 1012 | 9. |
| 1 | https://nvd.nist.gov/vuln/detail/CVE-2022- |
| 1012 | ||
| CVE-2022-1586 | 9.1 | https://nvd.nist.gov/vuln/detail/CVE- |
| 2022- |
| 1586 |
| CVE- |
| 2022- |
| 1587 | 9.1 | https://nvd.nist.gov/vuln/detail/CVE- |
| 2022-1587 |
Lynis
Nexus URL (run via Bluval, without fixes): https://nexus.akraino.org/content/sites/logs/fujitsu/job/sdt-bluval/2/
Nexus URL (manual run, with fixes): https://nexus.akraino.org/content/sites/logs/fujitsu/job/sdt-lynis/2/
The initial results compare with the Lynis Incubation: PASS/FAIL Criteria, v1.0 as follows.
...