X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=ci%2Fjjb%2Fshell%2Fbluval.sh;h=54617e90d4c7e34f6e638dda088ca9abc1b6169c;hb=023a03abb5c23aefc33fb0f3507bb8dc7456423f;hp=87b3c57b2994aafea67063d8539f653b0f0654a9;hpb=dd7088efd6a1cbdc3071dfd48944d15ccd4a3dac;p=icn.git diff --git a/ci/jjb/shell/bluval.sh b/ci/jjb/shell/bluval.sh index 87b3c57..54617e9 100644 --- a/ci/jjb/shell/bluval.sh +++ b/ci/jjb/shell/bluval.sh @@ -1,46 +1,53 @@ -#!/bin/bash -set -e -set -o errexit -set -o pipefail - -echo "[ICN] Downloading EMCO k8s" -git clone "https://gerrit.onap.org/r/multicloud/k8s" -cp ~/aio.sh k8s/kud/hosting_providers/baremetal/aio.sh -cp ~/installer.sh k8s/kud/hosting_providers/vagrant/installer.sh - -echo "[ICN] Installing EMCO k8s" -sudo chown root:root /var/lib/jenkins/.netrc -sudo k8s/kud/hosting_providers/baremetal/aio.sh -sudo chown jenkins:jenkins /var/lib/jenkins/.netrc -sudo chown jenkins:jenkins -R /var/lib/jenkins/workspace/icn-bluval-daily-master/k8s/kud/hosting_providers/vagrant -# the .netrc chown is a temporary workaround, needs to be fixed in multicloud-k8s -sleep 5 - -echo "[ICN] Patching EMCO k8s security vulnerabilities" -kubectl replace -f - << EOF -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: pod-reader - annotations: - rbac.authorization.kubernetes.io/autoupdate: "false" - labels: - kubernetes.io/bootstrapping: rbac-defaults - name: system:public-info-viewer -rules: -- nonResourceURLs: - - /livez - - /readyz - - /healthz - verbs: - - get -EOF -kubectl replace -f - << EOF -apiVersion: v1 -kind: ServiceAccount -metadata: - name: default -automountServiceAccountToken: false +#!/usr/bin/env bash + +# Ensure we fail the job if any steps fail +# Disable 'globbing' +set -eux -o pipefail + +SCRIPT_DIR="$(readlink -f $(dirname ${BASH_SOURCE[0]}))" + +echo "[ICN] Downloading ICN" +git clone "https://gerrit.akraino.org/r/icn" + +echo "[ICN] Bringing up test cluster" +function clean_vm { + pushd ${SCRIPT_DIR}/icn + vagrant destroy -f + popd +} +trap clean_vm EXIT +pushd icn +# TODO Improve VM performance by only using cores on the same node +#sed -i -e '/^\s\+libvirt.cpus/!b' -e "h;s/\S.*/libvirt.cpuset = '0-21,44-65'/;H;g" Vagrantfile +vagrant destroy -f +vagrant up --no-parallel +vagrant ssh jump -c " +set -exuf +cd /icn +sudo su -c 'make jump_server vm_cluster' +" +popd + +echo "[ICN] Installing jenkins identity into test cluster" +cp ${SCRIPT_DIR}/icn/deploy/site/vm/id_rsa site-vm-rsa +chmod 0600 site-vm-rsa +ssh-keygen -f ${CLUSTER_SSH_KEY} -y > ${CLUSTER_SSH_KEY}.pub +ssh-copy-id -i ${CLUSTER_SSH_KEY} -f ${CLUSTER_SSH_USER}@${CLUSTER_MASTER_IP} -o IdentityFile=site-vm-rsa -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null + +echo "[ICN] Patching kube-hunter image location" +cat <<'EOF' | patch -p1 +diff --git a/tests/variables.yaml b/tests/variables.yaml +index fa3fe71..c54f37f 100644 +--- a/tests/variables.yaml ++++ b/tests/variables.yaml +@@ -82,3 +82,7 @@ dns_domain: cluster.local # cluster's DNS domain + # NONE, WARN, INFO, DEBUG, and TRACE. + # Default is INFO + loglevel: INFO ++ ++kube_hunter: ++ path: 'aquasec' ++ name: 'kube-hunter:edge' EOF echo "[ICN] Downloading run_bluval.sh from upstream ci-management"