Table of Contents | ||
---|---|---|
|
...
To add more Jenkins slave nodes, please follow the akriano jenkins guide
To setup private jenkins, please refer to the README.md under icn/ci/
...
Hostname | CPU Model | Memory | BMC Firmware | Storage | 1GbE: NIC#, VLAN, (Connected extreme 480 switch) | 10GbE: NIC# VLAN, Network (Connected with IZ1 switch) | 40GbE: NIC# |
---|---|---|---|---|---|---|---|
Jump | Intel 2xE5-2699 | 64GB | 1.46.9995 | 3TB (Sata) | IF0: VLAN 110 (DMZ) | IF2: VLAN 112 (Private) | |
node1 | Intel 2xE5-2699 | 64GB | 1.46.9995 | 3TB (Sata) | IF0: VLAN 110 (DMZ) | IF2: VLAN 112 (Private) | |
node2 | Intel 2xE5-2699 | 64GB | 1.46.9995 | 3TB (Sata) | IF0: VLAN 110 (DMZ) | IF2: VLAN 112 (Private) | IF4: SRIOV |
Virtual deployment
Hostname | CPU Model | Memory | Storage | 1GbE: NIC#, VLAN, (Connected extreme 480 switch) | 10GbE: NIC# VLAN, Network (Connected with IZ1 switch) |
---|---|---|---|---|---|
node1 | Intel 2xE5-2699 | 64GB | 3TB (Sata) | IF0: VLAN 110 (DMZ) | IF2: VLAN 112 (Private) |
Test Framework
All components are tested with end-to-end testing
...
- The bpa_verifier.sh script get the MAC addresses and IP addresses of the 2 VMs provisioned by metal3, then creates a fake DHCP lease file using the IP address and MAC address information. It also creates a provisioning CR using the MAC address information
- The script the creates an ssh secret key using the ssh keys of the test host, applies the the provisioning CR
- The script busy loops till the KUD installation job completes or fails. If it completes successfully, it does a curl command using the authentication info of the new cluster to confirm if it was successful or not. On completing all the steps, it does a teardown where it deletes everything it created.
BPA
...
- Virtlet VM provisioning is tested as part of the 'verify_nestedk8s' testcase. K8s is first launched with Virtlet using KuD scripts after the prerequisite packages are installed.
- Next, BPA operator and multicloud-k8s docker images are built and BPA operator scripts including the provisioning_crd are deployed. Then, the Virtlet VM E2E script is launched which does the following:
- It creates a new flannel network definition for assigning mac address to VMs, creates test Virtlet VM, creates a provisioning CR for the same mac address. BPA operator then provisions the Virtlet VM by initiating the KuD installer job which installs K8s in the Virtlet VM.
BPA Rest Agent
...
Rest Agent
- Test script, e2e_test.sh, creates dummy image file, creates test JSON file, checks bpa rest agent status, issues POST, GET, and PATCH requests sequentially.
- Next, e2e_test.sh checks uploaded MinIO image object size, and calls DELETE.
- If the script fails at any point then verification was unsuccessful.
...
- Use Kud to setup 3 clusters (traffic sdewan-hub, edge1, edge2edge-a, edge-b)
- Create SDEWAN CNF instance and dummy pod in edge1(using httpbin instead) in edge-a, SDEWAN CNF instance and httpbin pod in edge2edge-b
- Configure traffic sdewan-hub as responder to provide virtual IP addresses to any authenticated party requesting for IP addresses.
- Configure edge1 and edge2 edge-a and edge-b IPSec configuration to get the IP addresses.
- Establish edge1 edge-a tunnel to traffic sdewan-hub, edge2 tunnel to edge-b tunnel to sdewan-hub, and hub policy for XFRM policies will automatically route traffic between edge1 and edge2edge-a and edge-b
- Establish SNAT rule in edge1 edge-a and DNAT rule in edge2 edge-b to enable tcp connection from edge1 to edge2edge-a to edge-b's httpbin service.
- Verify curl command is successful from edge1 edge-a dummy pod to edge2's httpbin service(using httpbin instead) to edge-b's httpbin service. The function of the curl command is to return back the ip address of the requester.
Openness
- Install EAA helm charts through ONAP4K8S in the edge location.
- Install Openness simple EAA producer and simple EAA consumer through ONAP4K8S
- Verify EAA consumer can consume the service provided by EAA producer.
...
EdgeX Foundry helm chart are installed through ONAP in the edge location. Test case ensure that all the EdgeX Framework containers are up and running
BluVal Testing
Status as of May 13th 28th 2020:
Layer | Result | Comments |
Nexus | |
os/lynis | PASS |
Logs | ||
os/vuls | FAIL: |
141 unfixed vulnerabilities found | 141 unfixed vulnerabilities. Total: 153 (High: |
30 Medium: |
96 Low:27 ?:0), |
12/153 Fixed, |
795 installed, 0 exploits, en: 2, ja: 0 alerts |
Logs | |
k8s/conformance | PASS |
Logs | ||
k8s/kubehunter |
PASS except:
|
Patched system:public-info-viewer to hide /version, otherwise Cluster Remote Scanning would fail too. Need to update KUD scripts to automatically patch system:public-info-viewer.
Important links:
Steps To Implement Security Scan Requirements
| Inside-a-Pod Scanning: 1 vulnerability: CAP_NET_RAW. | Logs |
CI logs:
The gerrit comments contains the CI log url. All the CI logs are under this folder ICN : https://jenkins.akraino.org/view/icn/job/icn-master-verify/
CD Logs:
ICN Master Baremetal Deployment Verifier
ICN Master Virtual Deployment Verifer
ICN Master Hardware Baremetal Deployment Verifer
ICN SDEWAN Master End2End Testing
ICN Master Optane Hardware Baremetal Deployment Verifier
Test Dashboards
All the testing results are in logs
...