...
- PCEI Deployment Tests
Described in the PCEI R4 Installation Guide
- PCEI End-to-End Validation Tests
Described in the PCEI R4 End-to-End Validation Guide
- BluVal Tests
Described in the BluVal Test section of this document.
...
For end-to-end functional verification, a simulated IoT Client was provided. Please refer to PCEI R4 End-to-End Validation Guide.
Test API description
Test APIs NOT USED (except BluVal Robot)
...
Blueprint extension tests
The Test inputs
| Test | Description | Result | Reference |
|---|---|---|---|
| EMCO Deployment | Install EMCO Orchestrator | Pass | |
| Edge Cluster Deployment | Deploy Edge K8S Clusters | Pass | PCEI R4 Installation Guide |
| EMCO UI Access | Access EMCO UI | Pass | PCEI R4 Installation Guide |
| Register Edge Cluster | Register Edge K8S Cluster with EMCO | Pass | |
| Create Service/App | Create Service/App in EMCO for Azure IoT Edge, AWS GGC and PCEI Location API App | All PASS | |
| Deploy Apps onto Edge Clusters | Deploy Azure IoT Edge, AWS GGC and PCEI Location API Apps onto Edge K8S Clusters | All PASS | |
| Verify Azure IoT Edge with IoT Client | Start IoT Client, send messages to Azure IoT Edge. Monitor IoT Edge receive and decode messages | PASS | |
| Verify AWS GGC App | Confirm AWS GGC App registers with AWS IoT Coire | PASS | |
| Verify PCEI Location API App | Confirm PCEI Location API App is running and responding to requests | PASS |
Test Procedure
PCEI R4 End-to-End Validation Guide
Expected output
All tests pass
...
Refer to sections of the following documents for detailed test results:
PCEI R4 End-to-End Validation Guide
Feature Project Tests
NOT PERFORMED
...
| Code Block | ||
|---|---|---|
| ||
sudo apt install python3-pip
sudo python3 -m pip install -U pip
sudo python3 -m pip install -U setuptools
sudo -H pip3 install --ignore-installed PyYAML
pip3 install lftools |
8. Push BluVal Results to Akraino Nexus
...
| CVE | CVSS | URL | Exception |
|---|---|---|---|
| CVE-2016-1585 | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-1585 | Requested by another BP |
| CVE-2017-18342 | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-18342 | Requested by another BP |
| CVE-2017-8283 | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-8283 | Requested by PCEI. Approved |
| CVE-2018-20839 | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-20839 | Requested by another BP |
| CVE-2019-17041 | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-17041 | Requested by another BP |
| CVE-2019-17042 | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-17042 | Requested by another BP |
| CVE-2019-19814 | 9.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-19814 | Requested by PCEI. Approved |
Lynis
Fixes for Lynis:
PASS_MAX_DAYS
https://askubuntu.com/questions/424216/what-is-password-aging-limits
vi /etc/login.defs
change
PASS_MAX_DAYS 1500
UNMASK 027
NOTE: changing the UNMASK value from default 022 to 027 resulted in the Lynis test suite erroring out. Exception was granted.
KRNL-6000
https://linux-audit.com/understand-and-configure-core-dumps-work-on-linux/
echo "fs.suid_dumpable=0" >> /etc/sysctl.conf
sysctl -p
sysctl -w kernel.dmesg_restrict=1
sysctl -w net.ipv4.conf.all.accept_source_route=0
K8S Conformance
Exception Requested:
...
| ID | Status |
|---|---|
| KHV002 | Fixed |
| KHV005 | PendingFixed |
| KHV050 | PendingFixed |
| CAP_NET_RAW | Pending |
Fix for KHV002:
...
| Code Block | ||
|---|---|---|
| ||
kubectl replace -f - <<EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "false"
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: system:public-info-viewer
rules:
- nonResourceURLs:
- /healthz
- /livez
- /readyz
verbs:
- get
EOF |
Fix for KHV005, KHV050
On SUT K8S Cluster:
| Code Block | ||
|---|---|---|
| ||
kubectl replace -f - <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: default
namespace: default
automountServiceAccountToken: false
EOF |
Test Dashboards
Single pane view of how the test score looks like for the Blue print.
| Test Group | Total Tests | Pass | Fail |
|---|---|---|---|
| Blueprint Extension Tests | 9 | 9 | 0 |
| Vuls | 1 | 1 | 0 |
| Lynis | 1 | 1 | 0 |
| K8S Conformance | 1 | 0 | 1 |
| Kube-Hunter | 1 | 1 | 0 |
Additional Testing
None
Bottlenecks/Errata
Please refer to PCEI R4 Release Notes