X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=ci%2Fjjb%2Fshell%2Fbluval.sh;h=6dc42456f6720f54bbc51a684485181779f6e6b3;hb=refs%2Fchanges%2F52%2F4752%2F1;hp=87b3c57b2994aafea67063d8539f653b0f0654a9;hpb=976343cea0c565ffc6271603ad365b0c04d83785;p=icn.git diff --git a/ci/jjb/shell/bluval.sh b/ci/jjb/shell/bluval.sh index 87b3c57..6dc4245 100644 --- a/ci/jjb/shell/bluval.sh +++ b/ci/jjb/shell/bluval.sh @@ -1,53 +1,76 @@ -#!/bin/bash -set -e -set -o errexit -set -o pipefail - -echo "[ICN] Downloading EMCO k8s" -git clone "https://gerrit.onap.org/r/multicloud/k8s" -cp ~/aio.sh k8s/kud/hosting_providers/baremetal/aio.sh -cp ~/installer.sh k8s/kud/hosting_providers/vagrant/installer.sh - -echo "[ICN] Installing EMCO k8s" -sudo chown root:root /var/lib/jenkins/.netrc -sudo k8s/kud/hosting_providers/baremetal/aio.sh -sudo chown jenkins:jenkins /var/lib/jenkins/.netrc -sudo chown jenkins:jenkins -R /var/lib/jenkins/workspace/icn-bluval-daily-master/k8s/kud/hosting_providers/vagrant -# the .netrc chown is a temporary workaround, needs to be fixed in multicloud-k8s -sleep 5 - -echo "[ICN] Patching EMCO k8s security vulnerabilities" -kubectl replace -f - << EOF -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: pod-reader - annotations: - rbac.authorization.kubernetes.io/autoupdate: "false" - labels: - kubernetes.io/bootstrapping: rbac-defaults - name: system:public-info-viewer -rules: -- nonResourceURLs: - - /livez - - /readyz - - /healthz - verbs: - - get -EOF -kubectl replace -f - << EOF -apiVersion: v1 -kind: ServiceAccount -metadata: - name: default -automountServiceAccountToken: false +#!/usr/bin/env bash + +# Ensure we fail the job if any steps fail +# Disable 'globbing' +set -eux -o pipefail + +echo "[ICN] Downloading ICN" +git clone "https://gerrit.akraino.org/r/icn" ${WORKSPACE}/icn + +echo "[ICN] Bringing up test cluster" +function clean_vm { + pushd ${WORKSPACE}/icn + ./tools/vagrant/destroy.rb + popd +} +trap clean_vm EXIT +pushd ${WORKSPACE}/icn +# TODO Improve VM performance by only using cores on the same node +#sed -i -e '/^\s\+libvirt.cpus/!b' -e "h;s/\S.*/libvirt.cpuset = '0-21,44-65'/;H;g" Vagrantfile +./tools/vagrant/destroy.rb +vagrant up --no-parallel +vagrant ssh jump -c " +set -exuf +cd /icn +sudo su -c 'make jump_server vm_cluster' +" +popd + +echo "[ICN] Installing jenkins identity into test cluster" +cp ${WORKSPACE}/icn/deploy/site/vm/id_rsa site-vm-rsa +chmod 0600 site-vm-rsa +ssh-keygen -f ${CLUSTER_SSH_KEY} -y > ${CLUSTER_SSH_KEY}.pub +ssh-copy-id -i ${CLUSTER_SSH_KEY} -f ${CLUSTER_SSH_USER}@${CLUSTER_MASTER_IP} -o IdentityFile=site-vm-rsa -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null + +echo "[ICN] Patching kube-hunter image location" +cat <<'EOF' | patch -p1 +diff --git a/tests/variables.yaml b/tests/variables.yaml +index fa3fe71..c54f37f 100644 +--- a/tests/variables.yaml ++++ b/tests/variables.yaml +@@ -82,3 +82,7 @@ dns_domain: cluster.local # cluster's DNS domain + # NONE, WARN, INFO, DEBUG, and TRACE. + # Default is INFO + loglevel: INFO ++ ++kube_hunter: ++ path: 'aquasec' ++ name: 'kube-hunter:edge' EOF echo "[ICN] Downloading run_bluval.sh from upstream ci-management" wget --read-timeout=10 --timeout=10 --waitretry=10 -t 10 https://raw.githubusercontent.com/akraino-edge-stack/ci-management/master/jjb/shell/run_bluval.sh -echo "[ICN] Patching run_bluval.sh so it doesn't delete .netrc" -sed -i "s/rm -f ~\/.netrc/#rm -f ~\/.netrc/" run_bluval.sh +echo "[ICN] Patching run_bluval.sh" +cat <<'EOF' | patch -p3 +diff --git a/jjb/shell/run_bluval.sh b/jjb/shell/run_bluval.sh +index 75d20eb..dbfad03 100755 +--- a/jjb/shell/run_bluval.sh ++++ b/jjb/shell/run_bluval.sh +@@ -177,6 +177,7 @@ if [ "$pull" == "true" ] || [ "$PULL" == "yes" ] + then + options+=" -P" + fi ++options+=" -t amd64-latest" + + set +e + if python3 --version > /dev/null; then +@@ -209,4 +210,3 @@ else + rm results.zip + fi + +-rm -f ~/.netrc +EOF echo "[ICN] Executing run_bluval.sh" /bin/bash run_bluval.sh