| Table of Contents | ||
|---|---|---|
|
...
To add more Jenkins slave nodes, please follow the akriano jenkins guide
To setup private jenkins, please refer to the README.md under icn/ci/
...
Hostname | CPU Model | Memory | BMC Firmware | Storage | 1GbE: NIC#, VLAN, (Connected extreme 480 switch) | 10GbE: NIC# VLAN, Network (Connected with IZ1 switch) | 40GbE: NIC# |
|---|---|---|---|---|---|---|---|
Jump | Intel 2xE5-2699 | 64GB | 1.46.9995 | 3TB (Sata) | IF0: VLAN 110 (DMZ) | IF2: VLAN 112 (Private) | |
node1 | Intel 2xE5-2699 | 64GB | 1.46.9995 | 3TB (Sata) | IF0: VLAN 110 (DMZ) | IF2: VLAN 112 (Private) | |
node2 | Intel 2xE5-2699 | 64GB | 1.46.9995 | 3TB (Sata) | IF0: VLAN 110 (DMZ) | IF2: VLAN 112 (Private) | IF4: SRIOV |
Virtual deployment
Hostname | CPU Model | Memory | Storage | 1GbE: NIC#, VLAN, (Connected extreme 480 switch) | 10GbE: NIC# VLAN, Network (Connected with IZ1 switch) |
|---|---|---|---|---|---|
node1 | Intel 2xE5-2699 | 64GB | 3TB (Sata) | IF0: VLAN 110 (DMZ) | IF2: VLAN 112 (Private) |
Test Framework
All components are tested with end-to-end testing
...
- Use Kud to setup 3 clusters (traffic sdewan-hub, edge1, edge2edge-a, edge-b)
- Create SDEWAN CNF instance and dummy pod in edge1(using httpbin instead) in edge-a, SDEWAN CNF instance and httpbin pod in edge2edge-b
- Configure traffic sdewan-hub as responder to provide virtual IP addresses to any authenticated party requesting for IP addresses.
- Configure edge1 and edge2 edge-a and edge-b IPSec configuration to get the IP addresses.
- Establish edge1 edge-a tunnel to traffic sdewan-hub, edge2 edge-b tunnel to sdewan-hub, and hub policy for XFRM policies will automatically route traffic between edge1 and edge2edge-a and edge-b
- Establish SNAT rule in edge1 edge-a and DNAT rule in edge2 edge-b to enable tcp connection from edge1 to edge2edge-a to edge-b's httpbin service.
- Verify curl command is successful from edge1 edge-a dummy pod to edge2(using httpbin instead) to edge-b's httpbin service. The function of the curl command is to return back the ip address of the requester.
Openness
- Install EAA helm charts through ONAP4K8S in the edge location.
- Install Openness simple EAA producer and simple EAA consumer through ONAP4K8S
- Verify EAA consumer can consume the service provided by EAA producer.
...
EdgeX Foundry helm chart are installed through ONAP in the edge location. Test case ensure that all the EdgeX Framework containers are up and running
BluVal Testing
...
Status as of May 13th 28th 2020:
Layer | Result | Comments |
| Nexus | |
os/lynis | PASS |
| Logs | ||
os/vuls |
FAIL: 141 unfixed vulnerabilities found | 141 unfixed vulnerabilities. Total: 153 (High: |
30 Medium: |
96 Low:27 ?:0), |
12/153 Fixed, |
795 installed, 0 exploits, en: 2, ja: 0 alerts |
| Logs | |
k8s/conformance | PASS |
| Logs | ||
k8s/kubehunter |
PASS except:
|
Patched system:public-info-viewer to hide /version, otherwise Cluster Remote Scanning would fail too. Need to update KUD scripts to automatically patch system:public-info-viewer.
Important links:
Steps To Implement Security Scan Requirements
| Inside-a-Pod Scanning: 1 vulnerability: CAP_NET_RAW. | Logs |
CI logs:
The gerrit comments contains the CI log url. All the CI logs are under this folder ICN : https://jenkins.akraino.org/view/icn/job/icn-master-verify/
...
ICN SDEWAN Master End2End Testing
ICN Master Optane Hardware Baremetal Deployment Verifier Tingjie Chen (Deactivated)
Test Dashboards
All the testing results are in logs
...