From: Deepak Kataria Date: Fri, 3 Jan 2020 18:47:51 +0000 (+0000) Subject: Merge "[REC-74] openstack bluval integration" X-Git-Tag: 3.0.0~20 X-Git-Url: https://gerrit.akraino.org/r/gitweb?p=validation.git;a=commitdiff_plain;h=97008c11c42915afad6ed9ebb53e2c25312360cd;hp=8159d2db59e36e0fe204cb07a53074f0e74ac64e Merge "[REC-74] openstack bluval integration" --- diff --git a/bluval/Dockerfile b/bluval/Dockerfile new file mode 100644 index 0000000..f01deaa --- /dev/null +++ b/bluval/Dockerfile @@ -0,0 +1,35 @@ +############################################################################## +# Copyright (c) 2019 AT&T, ENEA Nokia and others # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you maynot use this file except in compliance with the License. # +# # +# You may obtain a copy of the License at # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +############################################################################## + +# ref: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#use-multi-stage-builds +FROM python:3.6-alpine3.9 + +RUN apk --no-cache add --update \ + gcc \ + git \ + libc6-compat \ + libc-dev \ + libffi \ + libffi-dev \ + make \ + openssl-dev + +# Build binaries +RUN git clone https://gerrit.akraino.org/r/validation /opt/akraino/validation +RUN pip3 install -r /opt/akraino/validation/bluval/requirements.txt + +WORKDIR /opt/akraino/validation +ENTRYPOINT ["python3", "-B", "bluval/blucon.py"] diff --git a/bluval/blucon.py b/bluval/blucon.py index cea16de..0d5d7ca 100644 --- a/bluval/blucon.py +++ b/bluval/blucon.py @@ -61,7 +61,7 @@ def invoke_docker(bluprint, layer): " akraino/validation:{0}-latest" " /bin/sh -c" " 'cd /opt/akraino/validation " - "&& python bluval/bluval.py -l {0} {1} {2}'" + "&& python -B bluval/bluval.py -l {0} {1} {2}'" .format(layer, ("-o" if _OPTIONAL_ALSO else ""), bluprint)) args = [cmd] diff --git a/bluval/blucon.sh b/bluval/blucon.sh new file mode 100755 index 0000000..3cc1e5e --- /dev/null +++ b/bluval/blucon.sh @@ -0,0 +1,58 @@ +#!/bin/bash + +############################################################################## +# Copyright (c) 2019 AT&T, ENEA Nokia and others # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you maynot use this file except in compliance with the License. # +# # +# You may obtain a copy of the License at # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +############################################################################## + +if [ -z "$AKRAINO_HOME" ] +then + echo "AKRAINO_HOME not available. Setting..." + this_file="$(readlink -f $0)" + bluval_dir="$(dirname $this_file)" + validation_dir="$(dirname $bluval_dir)" + parent_dir="$(dirname $validation_dir)" + export AKRAINO_HOME="$parent_dir" +fi +echo "AKRAINO_HOME=$AKRAINO_HOME" + +if [ "$#" -eq 0 ] +then + echo 'Usage: sh blucon.sh [OPTIONS] BLUEPRINT + + Invokes blucon.py and passes parameters as it is. + You can pass all the parameters blucon.py accepts, + and as of now here is the list + + Options: + -l, --layer TEXT + -n, --network TEXT + -o, --optional_also + --help Show this message and exit.' + + exit 1 +fi + +echo "Building docker image" +image_tag=$( (git branch || echo "* local") | grep "^\*" | awk '{print $2}') +docker build -t akraino/validation:blucon-$image_tag $AKRAINO_HOME/validation/bluval + +set -x + +docker run --rm \ + -v /var/run/docker.sock:/var/run/docker.sock \ + -v /usr/bin/docker:/usr/bin/docker \ + -v $AKRAINO_HOME/results:/opt/akraino/results \ + -v $AKRAINO_HOME/validation:/opt/akraino/validation \ + akraino/validation:blucon-$image_tag "$@" diff --git a/bluval/bluval-rec.yaml b/bluval/bluval-rec.yaml index b611dd6..8bc3203 100644 --- a/bluval/bluval-rec.yaml +++ b/bluval/bluval-rec.yaml @@ -35,6 +35,11 @@ blueprint: name: cyclictest what: cyclictest optional: "True" + - + name: lynis + what: lynis + optional: "True" + docker: &docker_base - name: docker_bench diff --git a/bluval/requirements.txt b/bluval/requirements.txt index bdd48f9..7784bcd 100644 --- a/bluval/requirements.txt +++ b/bluval/requirements.txt @@ -1,2 +1,7 @@ pyyaml click +robotframework +robotframework-httplibrary +robotframework-jsonlibrary +robotframework-requests +robotframework-sshlibrary diff --git a/docker/os/Dockerfile b/docker/os/Dockerfile index 19947ac..58bed23 100644 --- a/docker/os/Dockerfile +++ b/docker/os/Dockerfile @@ -49,12 +49,16 @@ RUN make autotools && \ make -j $(getconf _NPROCESSORS_ONLN) 2>&1 | tee ../build-log.txt && \ make install 2>&1 | tee ../install-log.txt RUN tar czvf /opt/akraino/ltp.tar.gz /opt/ltp +WORKDIR /root/src +RUN git clone https://github.com/CISOfy/lynis && tar czvf /opt/akraino/lynis-remote.tar.gz ./lynis # Copy binaries into the final container and install robot framework FROM ubuntu:18.04 COPY --from=build /wheels /wheels COPY --from=build /opt/akraino/validation /opt/akraino/validation COPY --from=build /opt/akraino/ltp.tar.gz /opt/akraino/ltp.tar.gz +COPY --from=build /opt/akraino/lynis-remote.tar.gz /opt/akraino/lynis-remote.tar.gz + RUN apt-get update && apt-get -y install \ python3-pip python3.6 && \ diff --git a/tests/hardware/redfish/redfish.resource b/tests/hardware/redfish/redfish.resource index 433f9db..87516ed 100644 --- a/tests/hardware/redfish/redfish.resource +++ b/tests/hardware/redfish/redfish.resource @@ -17,6 +17,7 @@ *** Settings *** +Library Collections Library JSONLibrary Library OperatingSystem Library Process @@ -29,31 +30,64 @@ ${REDFISHDIR} ${TEMPDIR}/Redfish *** Keywords *** Update Config File - ${conf}= Load JSON From File ${REDFISHDIR}/framework_conf.json + [Arguments] ${config_file} + ${conf}= Load JSON From File ${config_file} ${conf}= Update Value To Json ${conf} $.password ${BMC_PASSWORD} ${conf}= Convert JSON To String ${conf} - Create File ${REDFISHDIR}/framework_conf.json ${conf} + Create File ${config_file} ${conf} Run Suite Against Target Node [Arguments] ${ip} - ${result}= Run Process python test_framework.py - ... --directory ${REDFISHDIR} + Start Process python test_framework.py + ... --directory ${REDFISHDIR}/${ip} ... --rhost ${ip} ... --user ${BMC_USER} ... --interpreter python ... --secure Always - ... cwd=${REDFISHDIR} - Copy Files ${REDFISHDIR}/reports/output-*/results*.json ${REPORTDIR}/${ip} - Copy Files ${REDFISHDIR}/output-*/*.html ${REPORTDIR}/${ip} - Should Be Equal As Integers ${result.rc} 0 - Should Not Contain ${result.stderr} FAILED${\n} (Failures= + ... cwd=${REDFISHDIR}/${ip} + ... alias=${ip} + Process Should Be Running -Run Usecase Checkers Suite +Install Usecase Checkers Test Suite + @{BMC_IP}= Remove Duplicates ${BMC_IP} + Set Test Variable @{BMC_IP} + FOR ${ip} IN @{BMC_IP} + Copy Directory /opt/akraino/Redfish-Test-Framework + ... ${REDFISHDIR}/${ip} + Copy Directory /opt/akraino/Redfish-Usecase-Checkers + ... ${REDFISHDIR}/${ip}/Redfish-Usecase-Checkers + Create Directory ${REDFISHDIR}/${ip}/reports + Update Config File ${REDFISHDIR}/${ip}/framework_conf.json + END + +Uninstall Test Suite + Remove Directory ${REDFISHDIR} recursive=True + +Start Suite + @{ips}= Create List + Set Test Variable @{ips} FOR ${ip} IN @{BMC_IP} - Copy Directory /opt/akraino/Redfish-Test-Framework ${REDFISHDIR} - Copy Directory /opt/akraino/Redfish-Usecase-Checkers ${REDFISHDIR}/Redfish-Usecase-Checkers - Create Directory ${REDFISHDIR}/reports - Update Config File Run Suite Against Target Node ${ip} - Remove Directory ${REDFISHDIR} recursive=True + Append To List ${ips} ${ip} + END + +Suite Finished + @{tmp}= Copy List ${ips} + FOR ${ip} IN @{tmp} + ${result}= Wait For Process ${ip} timeout=1ms + Continue For Loop If '${result}' == '${NONE}' + Remove Values From List ${ips} ${ip} + Copy Files ${REDFISHDIR}/${ip}/reports/output-*/results*.json ${REPORTDIR}/${ip} + Copy Files ${REDFISHDIR}/${ip}/output-*/*.html ${REPORTDIR}/${ip} + END + Should Be Empty ${ips} + +Wait Until Suite Finishes + Wait Until Keyword Succeeds 45m 15s Suite Finished + +Check Suite Results + FOR ${ip} IN @{BMC_IP} + ${result}= Get Process Result ${ip} + Should Be Equal As Integers ${result.rc} 0 + Should Not Contain ${result.stderr} FAILED${\n} (Failures= END diff --git a/tests/hardware/redfish/redfish.robot b/tests/hardware/redfish/redfish.robot index 0ff6f31..8ab0064 100644 --- a/tests/hardware/redfish/redfish.robot +++ b/tests/hardware/redfish/redfish.robot @@ -20,8 +20,14 @@ Documentation Redfish Test Framework is a tool and a model for organizing ... and running a set of Redfish interoperability test Resource redfish.resource +Test Teardown Run Keywords +... Terminate All Processes +... Uninstall Test Suite *** Test Cases *** Validate Common Use Cases - Run Usecase Checkers Suite + [Setup] Install Usecase Checkers Test Suite + Start Suite + Wait Until Suite Finishes + Check Suite Results diff --git a/tests/os/lynis/lynis.robot b/tests/os/lynis/lynis.robot new file mode 100644 index 0000000..8d0069a --- /dev/null +++ b/tests/os/lynis/lynis.robot @@ -0,0 +1,64 @@ +############################################################################## +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you maynot use this file except in compliance with the License. # +# # +# You may obtain a copy of the License at # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +############################################################################## + +*** Settings *** +Documentation Validation, Auditing Hardening Compliance +Library SSHLibrary +Library OperatingSystem +Library BuiltIn +Library Process +Suite Setup Run Keywords +... Open Connection And Log In +... Install Lynis +Test Teardown Download Logs +Suite Teardown Run Keywords +... Uninstall Lynis +... Close All Connections + +*** Variables *** +${FULL_SUITE} ${SUITE_NAME.replace(' ','_')} + +*** Test Cases *** +Run Lynis Audit System + [Documentation] Run Lynis + ${log} = Set Variable ${OUTPUT DIR}${/}${FULL_SUITE}.${TEST NAME.replace(' ','_')}.log + ${stdout} ${rc} = Execute Command cd lynis && sudo ./lynis audit system --quick return_rc=True + Append To File ${log} ${stdout}${\n} + Should Be Equal As Integers ${rc} 0 + + +*** Keywords *** +Open Connection And Log In + Open Connection ${HOST} + Login With Public Key ${USERNAME} ${SSH_KEYFILE} + +Install Lynis + [Documentation] Install Lynis + Put File /opt/akraino/lynis-remote.tar.gz + Execute Command tar xzf lynis-remote.tar.gz && sudo chown -R 0:0 lynis + +Uninstall Lynis + [Documentation] Uninstall Lynis + Execute Command rm lynis-remote.tar.gz + Execute Command rm -rf ~/lynis /var/log/lynis.log /var/log/lynis-report.dat sudo=True + +Download Logs + [Documentation] Downloading logs and removing them + SSHLibrary.Get File /var/log/lynis.log ${OUTPUT DIR}/lynis.log + Execute Command rm /var/log/lynis.log sudo=True + SSHLibrary.Get File /var/log/lynis-report.dat ${OUTPUT DIR}/lynis-report.dat + Execute Command rm /var/log/lynis-report.dat sudo=True \ No newline at end of file