Test architecture/topology
The test environment consists of three virtual machines in total.
- one physical server for Jenkins CI.
- one physical server for TarsFramework and Jenkins slave
- one physical server for TarsNode and Jenkins slave.
Software Version
OpenStack: Rocky
k8s:1.15.0
Java:
openjdk version "1.8.0_232"
OpenJDK Runtime Environment (build 1.8.0_232-b09)
OpenJDK 64-Bit Server VM (build 25.232-b09, mixed mode)
Jenkins: Ver 2.190.2
CentOS 7
Mysql Ver 14.14 Distrib 5.6.26, for Linux
Devices Under Test
Hostname | Core | RAM | HDD | NIC | Role |
Node-0 | 8 | 40GB | 3TB | 1GB | Jenkins Master |
Node-1 | 8 | 96GB | 3TB | 1GB | Tars Framework |
Node-2 | 8 | 96GB | 3TB | 1GB | Tars Node (CVB + Type4 Application + Virtual Classroom Teacher Client + Virtual Classroom Student Client) |
Test Script
The test is to fulfill by Jenkins Job. The test script includes:
- Compile the Tars Framework
cd /usr/local/robert/testCompileCode
git clone -b arm https://github.com/qiuxin/Tars.git
cd /usr/local/robert/testCompileCode/Tars
git submodule update --init --recursive
cd /usr/local/robert/testCompileCode/Tars/framework/build
chmod u+x build.sh./build.sh all
rm -rf /usr/local/robert/testCompileCode/Tars
- Call the service deployed by Tars Framework
/usr/local/testClient/CVAppClient
The log is triggered periodically.
The log is updated to
https://nexus.akraino.org/content/sites/logs/tencent/job/TestCompileCode/
https://nexus.akraino.org/content/sites/logs/tencent/job/TestConnectVehicleService/
https://nexus.akraino.org/content/sites/logs/tencent/job/CD_Install_Tars/
BluVal Testing
1.bluval installation
mkdir demo
cd demo
mkdir results
git clone https://gerrit.akraino.org/r/validation.git
cd validation
vi tests/variables.yaml ## update k8s related ip. due to this bp do not use k8s , we don't need to change.
vi bluval/volumes.yaml
volumes: # location of the ssh key to access the cluster ssh_key_dir: local: '/home/thorking/.ssh/' target: '/root/.ssh/' # location of the k8s access files (config file, certificates, keys) kube_config_dir: local: '/home/thorking/demo/.kube/' target: '/root/demo/.kube/' # location of the customized variables.yaml custom_variables_file: local: '/home/thorking/demo/validation/tests/variables.yaml' target: '/opt/akraino/validation/tests/variables.yaml' # location of the bluval-<blueprint>.yaml file blueprint_dir: local: '/home/thorking/demo/validation/bluval' target: '/opt/akraino/validation/bluval' # location on where to store the results on the local jumpserver results_dir: local: '/home/thorking/demo/results' target: '/opt/akraino/results' # location on where to store openrc file openrc: local: '/home/thorking/openrc' target: '/root/openrc'
vi bluval/bluval-iec-type4.yaml
blueprint: name: iec-type4 layers: - os - docker os: &os - name: lynis what: lynis optional: "False" - name: vuls what: vuls optional: "False" k8s: &k8s - name: conformance what: conformance optional: "False" - name: kube-hunter what: kube-hunter optional: "False"
./bluval/blucon.sh -l os iec-type4
==============================================================================
Debug: /opt/akraino/results/os/vuls/debug.log
Output: /opt/akraino/results/os/vuls/output.xml
Log: /opt/akraino/results/os/vuls/log.html
Report: /opt/akraino/results/os/vuls/report.html
2. Troubleshooting
##Iptable issues for centOS8
vi /etc/firewalld/firewalld.conf
in config file change
FirewallBackend=nftables
on
FirewallBackend=iptables
save change and reload firewalld
systemctl restart firewalld.service
Lynis Report
Lynis log : cvb_lynis.log
Vuls Report
vuls log : cvb_vuls.log