...
Enjoy the virtual classroom!
BluVal Testing
- bluval installation
mkdir demo
cd demo
mkdir results
git clone https://gerrit.akraino.org/r/validation.git
cd validation
vi tests/variables.yaml ## update k8s related ip. due to this bp do not use k8s , we don't need to change.
vi bluval/volumes.yaml
volumes:
# location of the ssh key to access the cluster
ssh_key_dir:
local: '/home/thorking/.ssh/'
target: '/root/.ssh/'
# location of the k8s access files (config file, certificates, keys)
kube_config_dir:
local: '/home/thorking/demo/.kube/'
target: '/root/demo/.kube/'
# location of the customized variables.yaml
custom_variables_file:
local: '/home/thorking/demo/validation/tests/variables.yaml'
target: '/opt/akraino/validation/tests/variables.yaml'
# location of the bluval-<blueprint>.yaml file
blueprint_dir:
local: '/home/thorking/demo/validation/bluval'
target: '/opt/akraino/validation/bluval'
# location on where to store the results on the local jumpserver
results_dir:
local: '/home/thorking/demo/results'
target: '/opt/akraino/results'
# location on where to store openrc file
openrc:
local: '/home/thorking/openrc'
target: '/root/openrc'
vi bluval/bluval-iec-type4.yaml
blueprint:
name: iec-type4
layers:
- os
- docker
os: &os
-
name: lynis
what: lynis
optional: "False"
-
name: vuls
what: vuls
optional: "False"
k8s: &k8s
-
name: conformance
what: conformance
optional: "False"
-
name: kube-hunter
what: kube-hunter
optional: "False"
./bluval/blucon.sh -l os iec-type4
##Iptable issues for centOS8
vi /etc/firewalld/firewalld.conf
in config file change
FirewallBackend=nftables
on
FirewallBackend=iptables
save change and reload firewalld
systemctl restart firewalld.service