From 9abb61ca2cea1907cab2cec312d6dca6e53a93cd Mon Sep 17 00:00:00 2001 From: Gary Wu Date: Thu, 27 Sep 2018 10:38:50 -0700 Subject: Move CSIT to integration/csit repo To facilite branching of CSIT tests, all CSIT test code and scripts are relocated to the integration/csit repo. Change-Id: I1e4c0eff44691f73f8098b3c52764107f6b8b8df Issue-ID: INT-671 Signed-off-by: Gary Wu --- .../testsuites/docker-compose.yml | 100 +++++++++++++++++++++ .../dcaegen2-collectors-hv-ves/testsuites/setup.sh | 40 +++++++++ .../testsuites/ssl/.gitignore | 6 ++ .../testsuites/ssl/Makefile-openssl | 41 +++++++++ .../testsuites/ssl/README.md | 54 +++++++++++ .../testsuites/ssl/gen-certs.sh | 59 ++++++++++++ .../testsuites/teardown.sh | 16 ++++ .../testsuites/testplan.txt | 4 + 8 files changed, 320 insertions(+) create mode 100644 plans/dcaegen2-collectors-hv-ves/testsuites/docker-compose.yml create mode 100755 plans/dcaegen2-collectors-hv-ves/testsuites/setup.sh create mode 100644 plans/dcaegen2-collectors-hv-ves/testsuites/ssl/.gitignore create mode 100644 plans/dcaegen2-collectors-hv-ves/testsuites/ssl/Makefile-openssl create mode 100644 plans/dcaegen2-collectors-hv-ves/testsuites/ssl/README.md create mode 100755 plans/dcaegen2-collectors-hv-ves/testsuites/ssl/gen-certs.sh create mode 100755 plans/dcaegen2-collectors-hv-ves/testsuites/teardown.sh create mode 100644 plans/dcaegen2-collectors-hv-ves/testsuites/testplan.txt (limited to 'plans/dcaegen2-collectors-hv-ves/testsuites') diff --git a/plans/dcaegen2-collectors-hv-ves/testsuites/docker-compose.yml b/plans/dcaegen2-collectors-hv-ves/testsuites/docker-compose.yml new file mode 100644 index 00000000..2a928217 --- /dev/null +++ b/plans/dcaegen2-collectors-hv-ves/testsuites/docker-compose.yml @@ -0,0 +1,100 @@ +version: "3" + +networks: + ves-hv-default: + external: + name: $CONTAINERS_NETWORK + +services: + zookeeper: + image: wurstmeister/zookeeper + ports: + - "2181:2181" + networks: + - ves-hv-default + + kafka: + image: wurstmeister/kafka + ports: + - "9092:9092" + environment: + KAFKA_ADVERTISED_HOST_NAME: "kafka" + KAFKA_AUTO_CREATE_TOPICS_ENABLE: 'true' + KAFKA_ZOOKEEPER_CONNECT: "zookeeper:2181" + KAFKA_ADVERTISED_LISTENERS: "PLAINTEXT://kafka:9092" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + depends_on: + - zookeeper + networks: + - ves-hv-default + + consul: + image: progrium/consul + ports: + - "8500:8500" + environment: + - CONSUL_BIND_INTERFACE=eth0 + networks: + ves-hv-default: + aliases: + - consul + command: ["-server", "-bootstrap"] + + ves-hv-collector: + image: ${DOCKER_REGISTRY_PREFIX}onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:latest + ports: + - "6060:6060" + - "6061:6061/tcp" + entrypoint: ["java", "-Dio.netty.leakDetection.level=paranoid", "-cp", "*:", "org.onap.dcae.collectors.veshv.main.MainKt"] + command: ["--listen-port", "6061", + "--config-url", "http://consul:8500/v1/kv/veshv-config", + "--key-store-password", "onaponap", + "--trust-store-password", "onaponap"] + healthcheck: + interval: 10s + timeout: 5s + retries: 2 + test: "curl --request GET --fail --silent --show-error localhost:6060/health/ready && nc -vz localhost 6061" + depends_on: + - kafka + volumes: + - ./ssl/:/etc/ves-hv/ + networks: + - ves-hv-default + + unencrypted-ves-hv-collector: + image: ${DOCKER_REGISTRY_PREFIX}onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:latest + ports: + - "7060:6060" + - "7061:6061/tcp" + entrypoint: ["java", "-Dio.netty.leakDetection.level=paranoid", "-cp", "*:", "org.onap.dcae.collectors.veshv.main.MainKt"] + command: ["--listen-port", "6061","--config-url", "http://consul:8500/v1/kv/veshv-config", "--ssl-disable"] + healthcheck: + interval: 10s + timeout: 5s + retries: 2 + test: "curl --request GET --fail --silent --show-error localhost:6060/health/ready && nc -vz localhost 6061" + depends_on: + - kafka + volumes: + - ./ssl/:/etc/ves-hv/ + networks: + - ves-hv-default + + dcae-app-simulator: + image: ${DOCKER_REGISTRY_PREFIX}onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-dcae-app-simulator:latest + ports: + - "6063:6063/tcp" + command: ["--listen-port", "6063", "--kafka-bootstrap-servers", "kafka:9092", "--kafka-topics", "ves_hvRanMeas"] + healthcheck: + interval: 10s + timeout: 5s + retries: 2 + test: "curl --request GET --fail --silent --show-error localhost:6063/healthcheck" + depends_on: + - kafka + networks: + ves-hv-default: + aliases: + - dcae-app-simulator \ No newline at end of file diff --git a/plans/dcaegen2-collectors-hv-ves/testsuites/setup.sh b/plans/dcaegen2-collectors-hv-ves/testsuites/setup.sh new file mode 100755 index 00000000..6f72521a --- /dev/null +++ b/plans/dcaegen2-collectors-hv-ves/testsuites/setup.sh @@ -0,0 +1,40 @@ +#!/usr/bin/env bash + +set -euo pipefail + +if [[ $# -eq 1 ]] && [[ $1 == "local-test-run" ]]; then + echo "Building locally - assuming all dependencies are installed" + export DOCKER_REGISTRY="" + export DOCKER_REGISTRY_PREFIX="" + export WORKSPACE=$(git rev-parse --show-toplevel) +else + echo "Default run - install all dependencies" + + pip uninstall -y docker-py + pip install docker + + COMPOSE_VERSION=1.22.0 + COMPOSE_LOCATION='/usr/local/bin/docker-compose' + sudo curl -L https://github.com/docker/compose/releases/download/${COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m) -o ${COMPOSE_LOCATION} + sudo chmod +x ${COMPOSE_LOCATION} + + export DOCKER_REGISTRY="nexus3.onap.org:10001" + export DOCKER_REGISTRY_PREFIX="${DOCKER_REGISTRY}/" +fi + +echo "Removing not used docker networks" +docker network prune -f + +export CONTAINERS_NETWORK=ves-hv-default +echo "Creating network for containers: ${CONTAINERS_NETWORK}" +docker network create ${CONTAINERS_NETWORK} + +cd ssl +./gen-certs.sh +cd .. + +docker-compose up -d + +mkdir -p ${WORKSPACE}/archives/containers_logs + +export ROBOT_VARIABLES="--pythonpath ${WORKSPACE}/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/libraries" diff --git a/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/.gitignore b/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/.gitignore new file mode 100644 index 00000000..0729569c --- /dev/null +++ b/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/.gitignore @@ -0,0 +1,6 @@ +*.crt +*.key +*.srl +*.csr +*.pkcs12 +*.p12 diff --git a/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/Makefile-openssl b/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/Makefile-openssl new file mode 100644 index 00000000..a32d30dd --- /dev/null +++ b/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/Makefile-openssl @@ -0,0 +1,41 @@ +FILE=sample +PASSWD=onaponap +CA_PASSWD=onaponap +SUBJ=/C=PL/ST=DL/L=Wroclaw/O=Nokia/OU=MANO +CA=trust + +sign: $(FILE).crt + +clean: + rm -f *.crt *.key *.srl *.csr *.pkcs12 + +generate-ca-certificate: $(CA).crt + +generate-private-key: $(FILE).key + +create-public-key: $(FILE).pub + +create-sign-request: $(FILE).csr + +create-key-store: $(FILE).ks.pkcs12 + +create-trust-store: $(CA).crt + openssl pkcs12 -export -in $(CA).crt -CAfile $(CA).crt -out $(CA).pkcs12 -nokeys -noiter -nomaciter -passout pass:$(PASSWD) + +$(CA).crt: + openssl req -new -x509 -keyout $(CA).key -out $(CA).crt -days 365 -passout pass:$(CA_PASSWD) -subj "$(SUBJ)" + +$(FILE).key: + openssl genpkey -algorithm RSA -out $(FILE).key -pkeyopt rsa_keygen_bits:2048 + +$(FILE).pub: $(FILE).key + openssl x509 -req -days 360 -in client.csr -CA $(CA).crt -CAkey $(CA).key -CAcreateserial -out client.crt + +$(FILE).csr: $(FILE).key + openssl req -new -sha256 -key $(FILE).key -out $(FILE).csr -subj "$(SUBJ)" + +$(FILE).crt: $(CA).crt $(FILE).csr + openssl x509 -req -days 360 -in $(FILE).csr -CA $(CA).crt -CAkey $(CA).key -out $(FILE).crt -CAcreateserial -passin pass:$(CA_PASSWD) + +$(FILE).ks.pkcs12: $(FILE).key $(FILE).crt $(CA).crt + openssl pkcs12 -export -in $(FILE).crt -inkey $(FILE).key -CAfile $(CA).crt -out $(FILE).ks.pkcs12 -noiter -nomaciter -passout pass:$(PASSWD) diff --git a/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/README.md b/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/README.md new file mode 100644 index 00000000..c2819d24 --- /dev/null +++ b/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/README.md @@ -0,0 +1,54 @@ +# Generating SSL certificates + +## Java keytool way (recommended) + +To generate: + +```shell +./gen-certs.sh +``` + +To clean (remove generated files): + +```shell +./gen-certs.sh clean +``` + +## OpenSSL way (currently might not work) + +> Add `-f Makefile-openssl` to each command + +Typical usage: + +```shell +make FILE=client +make FILE=server +``` + +or (to generate PKCS12 key and trust stores): + +```shell +make create-key-store FILE=client +make create-key-store FILE=server +make create-trust-store +``` + +Will generate CA certificate and signed client and server certificates. + +More "low-level" usage: + +```shell +make generate-ca-certificate +make generate-private-key FILE=client +make sign FILE=client +``` + +# Connecting to a server + +First generate *client* and *server* certificates. Then start a server with it's cert and make ca.crt a trusted certification authority. + +After that you can: + +```shell +./connect.sh client localhost:8600 < file_with_a_data_to_be_sent.dat +``` diff --git a/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/gen-certs.sh b/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/gen-certs.sh new file mode 100755 index 00000000..34572f7a --- /dev/null +++ b/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/gen-certs.sh @@ -0,0 +1,59 @@ +#!/usr/bin/env bash + +set -eu -o pipefail -o xtrace + +STORE_PASS=onaponap +CN_PREFIX=dcaegen2-hvves +DNAME_PREFIX="C=PL,ST=DL,L=Wroclaw,O=Nokia,OU=MANO,CN=${CN_PREFIX}" + +store_opts="-storetype PKCS12 -storepass ${STORE_PASS} -noprompt" + +function gen_key() { + local key_name="$1" + local ca="$2" + local keystore="-keystore ${key_name}.p12 ${store_opts}" + keytool -genkey -alias ${key_name} \ + ${keystore} \ + -keyalg RSA \ + -validity 730 \ + -keysize 2048 \ + -dname "${DNAME_PREFIX}-${key_name}" + keytool -import -trustcacerts -alias ${ca} -file ${ca}.crt ${keystore} + + keytool -certreq -alias ${key_name} -keyalg RSA ${keystore} | \ + keytool -alias ${ca} -gencert -ext "san=dns:${CN_PREFIX}-${ca}" ${store_opts} -keystore ${ca}.p12 | \ + keytool -alias ${key_name} -importcert ${keystore} +} + + +function gen_ca() { + local ca="$1" + keytool -genkeypair ${store_opts} -alias ${ca} -dname "${DNAME_PREFIX}-${ca}" -keystore ${ca}.p12 + keytool -export -alias ${ca} -file ${ca}.crt ${store_opts} -keystore ${ca}.p12 +} + +function gen_truststore() { + local name="$1" + local trusted_ca="$2" + keytool -import -trustcacerts -alias ca -file ${trusted_ca}.crt ${store_opts} -keystore ${name}.p12 +} + +function clean() { + rm -f *.crt *.p12 +} + +if [[ $# -eq 0 ]]; then + gen_ca ca + gen_ca untrustedca + gen_truststore trust ca + gen_truststore untrustedtrust untrustedca + gen_key client ca + gen_key server ca + gen_key untrustedclient untrustedca +elif [[ $1 == "clean" ]]; then + clean +else + echo "usage: $0 [clean]" + exit 1 +fi + diff --git a/plans/dcaegen2-collectors-hv-ves/testsuites/teardown.sh b/plans/dcaegen2-collectors-hv-ves/testsuites/teardown.sh new file mode 100755 index 00000000..fe922ed0 --- /dev/null +++ b/plans/dcaegen2-collectors-hv-ves/testsuites/teardown.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash + +cd ssl +./gen-certs.sh clean +cd .. + +COMPOSE_LOGS_FILE=${WORKSPACE}/archives/containers_logs/docker-compose.log +docker-compose logs > ${COMPOSE_LOGS_FILE} +docker-compose down +docker-compose rm -f + +docker network rm ${CONTAINERS_NETWORK} + +if grep "LEAK:" ${COMPOSE_LOGS_FILE}; then + echo "WARNING: Memory leak detected in docker-compose logs." +fi diff --git a/plans/dcaegen2-collectors-hv-ves/testsuites/testplan.txt b/plans/dcaegen2-collectors-hv-ves/testsuites/testplan.txt new file mode 100644 index 00000000..e9a7f636 --- /dev/null +++ b/plans/dcaegen2-collectors-hv-ves/testsuites/testplan.txt @@ -0,0 +1,4 @@ +# Test suites are relative paths under [integration.git]/test/csit/tests/. +# Place the suites in run order. +dcaegen2-collectors-hv-ves/testcases + -- cgit 1.2.3-korg