--- /dev/null
+##############################################################################
+# Copyright (c) 2019 AT&T, ENEA Nokia and others #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you maynot use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+# ref: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#use-multi-stage-builds
+FROM python:3.6-alpine3.9
+
+RUN apk --no-cache add --update \
+ gcc \
+ git \
+ libc6-compat \
+ libc-dev \
+ libffi \
+ libffi-dev \
+ make \
+ openssl-dev
+
+# Build binaries
+RUN git clone https://gerrit.akraino.org/r/validation /opt/akraino/validation
+RUN pip3 install -r /opt/akraino/validation/bluval/requirements.txt
+
+WORKDIR /opt/akraino/validation
+ENTRYPOINT ["python3", "-B", "bluval/blucon.py"]
" akraino/validation:{0}-latest"
" /bin/sh -c"
" 'cd /opt/akraino/validation "
- "&& python bluval/bluval.py -l {0} {1} {2}'"
+ "&& python -B bluval/bluval.py -l {0} {1} {2}'"
.format(layer, ("-o" if _OPTIONAL_ALSO else ""), bluprint))
args = [cmd]
--- /dev/null
+#!/bin/bash
+
+##############################################################################
+# Copyright (c) 2019 AT&T, ENEA Nokia and others #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you maynot use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+if [ -z "$AKRAINO_HOME" ]
+then
+ echo "AKRAINO_HOME not available. Setting..."
+ this_file="$(readlink -f $0)"
+ bluval_dir="$(dirname $this_file)"
+ validation_dir="$(dirname $bluval_dir)"
+ parent_dir="$(dirname $validation_dir)"
+ export AKRAINO_HOME="$parent_dir"
+fi
+echo "AKRAINO_HOME=$AKRAINO_HOME"
+
+if [ "$#" -eq 0 ]
+then
+ echo 'Usage: sh blucon.sh [OPTIONS] BLUEPRINT
+
+ Invokes blucon.py and passes parameters as it is.
+ You can pass all the parameters blucon.py accepts,
+ and as of now here is the list
+
+ Options:
+ -l, --layer TEXT
+ -n, --network TEXT
+ -o, --optional_also
+ --help Show this message and exit.'
+
+ exit 1
+fi
+
+echo "Building docker image"
+image_tag=$( (git branch || echo "* local") | grep "^\*" | awk '{print $2}')
+docker build -t akraino/validation:blucon-$image_tag $AKRAINO_HOME/validation/bluval
+
+set -x
+
+docker run --rm \
+ -v /var/run/docker.sock:/var/run/docker.sock \
+ -v /usr/bin/docker:/usr/bin/docker \
+ -v $AKRAINO_HOME/results:/opt/akraino/results \
+ -v $AKRAINO_HOME/validation:/opt/akraino/validation \
+ akraino/validation:blucon-$image_tag "$@"
name: cyclictest
what: cyclictest
optional: "True"
+ -
+ name: lynis
+ what: lynis
+ optional: "True"
+
docker: &docker_base
-
name: docker_bench
pyyaml
click
+robotframework
+robotframework-httplibrary
+robotframework-jsonlibrary
+robotframework-requests
+robotframework-sshlibrary
make -j $(getconf _NPROCESSORS_ONLN) 2>&1 | tee ../build-log.txt && \
make install 2>&1 | tee ../install-log.txt
RUN tar czvf /opt/akraino/ltp.tar.gz /opt/ltp
+WORKDIR /root/src
+RUN git clone https://github.com/CISOfy/lynis && tar czvf /opt/akraino/lynis-remote.tar.gz ./lynis
# Copy binaries into the final container and install robot framework
FROM ubuntu:18.04
COPY --from=build /wheels /wheels
COPY --from=build /opt/akraino/validation /opt/akraino/validation
COPY --from=build /opt/akraino/ltp.tar.gz /opt/akraino/ltp.tar.gz
+COPY --from=build /opt/akraino/lynis-remote.tar.gz /opt/akraino/lynis-remote.tar.gz
+
RUN apt-get update && apt-get -y install \
python3-pip python3.6 && \
*** Settings ***
+Library Collections
Library JSONLibrary
Library OperatingSystem
Library Process
*** Keywords ***
Update Config File
- ${conf}= Load JSON From File ${REDFISHDIR}/framework_conf.json
+ [Arguments] ${config_file}
+ ${conf}= Load JSON From File ${config_file}
${conf}= Update Value To Json ${conf} $.password ${BMC_PASSWORD}
${conf}= Convert JSON To String ${conf}
- Create File ${REDFISHDIR}/framework_conf.json ${conf}
+ Create File ${config_file} ${conf}
Run Suite Against Target Node
[Arguments] ${ip}
- ${result}= Run Process python test_framework.py
- ... --directory ${REDFISHDIR}
+ Start Process python test_framework.py
+ ... --directory ${REDFISHDIR}/${ip}
... --rhost ${ip}
... --user ${BMC_USER}
... --interpreter python
... --secure Always
- ... cwd=${REDFISHDIR}
- Copy Files ${REDFISHDIR}/reports/output-*/results*.json ${REPORTDIR}/${ip}
- Copy Files ${REDFISHDIR}/output-*/*.html ${REPORTDIR}/${ip}
- Should Be Equal As Integers ${result.rc} 0
- Should Not Contain ${result.stderr} FAILED${\n} (Failures=
+ ... cwd=${REDFISHDIR}/${ip}
+ ... alias=${ip}
+ Process Should Be Running
-Run Usecase Checkers Suite
+Install Usecase Checkers Test Suite
+ @{BMC_IP}= Remove Duplicates ${BMC_IP}
+ Set Test Variable @{BMC_IP}
+ FOR ${ip} IN @{BMC_IP}
+ Copy Directory /opt/akraino/Redfish-Test-Framework
+ ... ${REDFISHDIR}/${ip}
+ Copy Directory /opt/akraino/Redfish-Usecase-Checkers
+ ... ${REDFISHDIR}/${ip}/Redfish-Usecase-Checkers
+ Create Directory ${REDFISHDIR}/${ip}/reports
+ Update Config File ${REDFISHDIR}/${ip}/framework_conf.json
+ END
+
+Uninstall Test Suite
+ Remove Directory ${REDFISHDIR} recursive=True
+
+Start Suite
+ @{ips}= Create List
+ Set Test Variable @{ips}
FOR ${ip} IN @{BMC_IP}
- Copy Directory /opt/akraino/Redfish-Test-Framework ${REDFISHDIR}
- Copy Directory /opt/akraino/Redfish-Usecase-Checkers ${REDFISHDIR}/Redfish-Usecase-Checkers
- Create Directory ${REDFISHDIR}/reports
- Update Config File
Run Suite Against Target Node ${ip}
- Remove Directory ${REDFISHDIR} recursive=True
+ Append To List ${ips} ${ip}
+ END
+
+Suite Finished
+ @{tmp}= Copy List ${ips}
+ FOR ${ip} IN @{tmp}
+ ${result}= Wait For Process ${ip} timeout=1ms
+ Continue For Loop If '${result}' == '${NONE}'
+ Remove Values From List ${ips} ${ip}
+ Copy Files ${REDFISHDIR}/${ip}/reports/output-*/results*.json ${REPORTDIR}/${ip}
+ Copy Files ${REDFISHDIR}/${ip}/output-*/*.html ${REPORTDIR}/${ip}
+ END
+ Should Be Empty ${ips}
+
+Wait Until Suite Finishes
+ Wait Until Keyword Succeeds 45m 15s Suite Finished
+
+Check Suite Results
+ FOR ${ip} IN @{BMC_IP}
+ ${result}= Get Process Result ${ip}
+ Should Be Equal As Integers ${result.rc} 0
+ Should Not Contain ${result.stderr} FAILED${\n} (Failures=
END
Documentation Redfish Test Framework is a tool and a model for organizing
... and running a set of Redfish interoperability test
Resource redfish.resource
+Test Teardown Run Keywords
+... Terminate All Processes
+... Uninstall Test Suite
*** Test Cases ***
Validate Common Use Cases
- Run Usecase Checkers Suite
+ [Setup] Install Usecase Checkers Test Suite
+ Start Suite
+ Wait Until Suite Finishes
+ Check Suite Results
--- /dev/null
+##############################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# Copyright (c) 2019 Nokia. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you maynot use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+*** Settings ***
+Documentation Validation, Auditing Hardening Compliance
+Library SSHLibrary
+Library OperatingSystem
+Library BuiltIn
+Library Process
+Suite Setup Run Keywords
+... Open Connection And Log In
+... Install Lynis
+Test Teardown Download Logs
+Suite Teardown Run Keywords
+... Uninstall Lynis
+... Close All Connections
+
+*** Variables ***
+${FULL_SUITE} ${SUITE_NAME.replace(' ','_')}
+
+*** Test Cases ***
+Run Lynis Audit System
+ [Documentation] Run Lynis
+ ${log} = Set Variable ${OUTPUT DIR}${/}${FULL_SUITE}.${TEST NAME.replace(' ','_')}.log
+ ${stdout} ${rc} = Execute Command cd lynis && sudo ./lynis audit system --quick return_rc=True
+ Append To File ${log} ${stdout}${\n}
+ Should Be Equal As Integers ${rc} 0
+
+
+*** Keywords ***
+Open Connection And Log In
+ Open Connection ${HOST}
+ Login With Public Key ${USERNAME} ${SSH_KEYFILE}
+
+Install Lynis
+ [Documentation] Install Lynis
+ Put File /opt/akraino/lynis-remote.tar.gz
+ Execute Command tar xzf lynis-remote.tar.gz && sudo chown -R 0:0 lynis
+
+Uninstall Lynis
+ [Documentation] Uninstall Lynis
+ Execute Command rm lynis-remote.tar.gz
+ Execute Command rm -rf ~/lynis /var/log/lynis.log /var/log/lynis-report.dat sudo=True
+
+Download Logs
+ [Documentation] Downloading logs and removing them
+ SSHLibrary.Get File /var/log/lynis.log ${OUTPUT DIR}/lynis.log
+ Execute Command rm /var/log/lynis.log sudo=True
+ SSHLibrary.Get File /var/log/lynis-report.dat ${OUTPUT DIR}/lynis-report.dat
+ Execute Command rm /var/log/lynis-report.dat sudo=True
\ No newline at end of file
Code Review / validation.git / commitdiff