diff options
28 files changed, 562 insertions, 54 deletions
diff --git a/.gitignore b/.gitignore index 4126c2c6f..749c14ad5 100644 --- a/.gitignore +++ b/.gitignore @@ -25,3 +25,4 @@ seccom/ .idea *.iml +/bin/ diff --git a/deployment/heat/onap-oom/env/gwu/onap-oom.env b/deployment/heat/onap-oom/env/gwu/onap-oom.env index 40936b1fa..e0c57f738 100644 --- a/deployment/heat/onap-oom/env/gwu/onap-oom.env +++ b/deployment/heat/onap-oom/env/gwu/onap-oom.env @@ -6,7 +6,7 @@ parameters: docker_proxy: 192.168.2.18:5000 rancher_vm_flavor: c1.xlarge - k8s_vm_flavor: c1.2xlarge + k8s_vm_flavor: c1.xlarge public_net_id: c3352d4c-8452-4172-b09c-15f017673708 key_name: onap-key diff --git a/deployment/heat/onap-oom/env/tlab/onap-oom.env b/deployment/heat/onap-oom/env/tlab/onap-oom.env index 3e59b043b..d5c024704 100644 --- a/deployment/heat/onap-oom/env/tlab/onap-oom.env +++ b/deployment/heat/onap-oom/env/tlab/onap-oom.env @@ -6,7 +6,7 @@ parameters: docker_proxy: 192.168.31.204:5000 rancher_vm_flavor: m4.xlarge - k8s_vm_flavor: m5.xlarge + k8s_vm_flavor: m4.xlarge public_net_id: fbe8fd92-6636-4e63-ab28-bb6a5b0888a9 diff --git a/deployment/heat/onap-oom/env/windriver/onap-oom.env b/deployment/heat/onap-oom/env/windriver/onap-oom.env index 80c1e7fee..a44eca9f3 100644 --- a/deployment/heat/onap-oom/env/windriver/onap-oom.env +++ b/deployment/heat/onap-oom/env/windriver/onap-oom.env @@ -6,7 +6,7 @@ parameters: docker_proxy: 10.12.5.2:5000 rancher_vm_flavor: m1.xlarge - k8s_vm_flavor: m2.xlarge + k8s_vm_flavor: m1.xlarge public_net_id: 971040b2-7059-49dc-b220-4fab50cb2ad4 diff --git a/deployment/heat/onap-oom/onap-oom.yaml b/deployment/heat/onap-oom/onap-oom.yaml index 9b9495a33..236437f0b 100644 --- a/deployment/heat/onap-oom/onap-oom.yaml +++ b/deployment/heat/onap-oom/onap-oom.yaml @@ -206,6 +206,13 @@ resources: get_attr: [k8s_4_floating_ip, floating_ip_address], get_attr: [k8s_5_floating_ip, floating_ip_address], get_attr: [k8s_6_floating_ip, floating_ip_address], + get_attr: [k8s_7_floating_ip, floating_ip_address], + get_attr: [k8s_8_floating_ip, floating_ip_address], + get_attr: [k8s_9_floating_ip, floating_ip_address], + get_attr: [k8s_10_floating_ip, floating_ip_address], + get_attr: [k8s_11_floating_ip, floating_ip_address], + get_attr: [k8s_12_floating_ip, floating_ip_address], + get_attr: [k8s_13_floating_ip, floating_ip_address], ] __k8s_private_ips__: [ get_attr: [k8s_1_floating_ip, fixed_ip_address], @@ -214,6 +221,13 @@ resources: get_attr: [k8s_4_floating_ip, fixed_ip_address], get_attr: [k8s_5_floating_ip, fixed_ip_address], get_attr: [k8s_6_floating_ip, fixed_ip_address], + get_attr: [k8s_7_floating_ip, fixed_ip_address], + get_attr: [k8s_8_floating_ip, fixed_ip_address], + get_attr: [k8s_9_floating_ip, fixed_ip_address], + get_attr: [k8s_10_floating_ip, fixed_ip_address], + get_attr: [k8s_11_floating_ip, fixed_ip_address], + get_attr: [k8s_12_floating_ip, fixed_ip_address], + get_attr: [k8s_13_floating_ip, fixed_ip_address], ] k8s_1_private_port: type: OS::Neutron::Port @@ -431,6 +445,258 @@ resources: template: get_file: k8s_vm_entrypoint.sh + k8s_7_private_port: + type: OS::Neutron::Port + properties: + network: { get_resource: oam_network } + fixed_ips: [{"subnet": { get_resource: oam_subnet }}] + security_groups: + - { get_resource: onap_sg } + + k8s_7_floating_ip: + type: OS::Neutron::FloatingIP + properties: + floating_network_id: { get_param: public_net_id } + port_id: { get_resource: k8s_7_private_port } + + k8s_7_vm: + type: OS::Nova::Server + properties: + name: + list_join: ['-', [ { get_param: 'OS::stack_name' }, 'k8s_7']] + image: { get_param: ubuntu_1604_image } + flavor: { get_param: k8s_vm_flavor } + key_name: { get_param: key_name } + networks: + - port: { get_resource: k8s_7_private_port } + user_data_format: RAW + user_data: + str_replace: + params: + __docker_proxy__: { get_param: docker_proxy } + __apt_proxy__: { get_param: apt_proxy } + __docker_version__: { get_param: docker_version } + __rancher_ip_addr__: { get_attr: [rancher_floating_ip, floating_ip_address] } + __rancher_private_ip_addr__: { get_attr: [rancher_floating_ip, fixed_ip_address] } + template: + get_file: k8s_vm_entrypoint.sh + + k8s_8_private_port: + type: OS::Neutron::Port + properties: + network: { get_resource: oam_network } + fixed_ips: [{"subnet": { get_resource: oam_subnet }}] + security_groups: + - { get_resource: onap_sg } + + k8s_8_floating_ip: + type: OS::Neutron::FloatingIP + properties: + floating_network_id: { get_param: public_net_id } + port_id: { get_resource: k8s_8_private_port } + + k8s_8_vm: + type: OS::Nova::Server + properties: + name: + list_join: ['-', [ { get_param: 'OS::stack_name' }, 'k8s_8']] + image: { get_param: ubuntu_1604_image } + flavor: { get_param: k8s_vm_flavor } + key_name: { get_param: key_name } + networks: + - port: { get_resource: k8s_8_private_port } + user_data_format: RAW + user_data: + str_replace: + params: + __docker_proxy__: { get_param: docker_proxy } + __apt_proxy__: { get_param: apt_proxy } + __docker_version__: { get_param: docker_version } + __rancher_ip_addr__: { get_attr: [rancher_floating_ip, floating_ip_address] } + __rancher_private_ip_addr__: { get_attr: [rancher_floating_ip, fixed_ip_address] } + template: + get_file: k8s_vm_entrypoint.sh + + k8s_9_private_port: + type: OS::Neutron::Port + properties: + network: { get_resource: oam_network } + fixed_ips: [{"subnet": { get_resource: oam_subnet }}] + security_groups: + - { get_resource: onap_sg } + + k8s_9_floating_ip: + type: OS::Neutron::FloatingIP + properties: + floating_network_id: { get_param: public_net_id } + port_id: { get_resource: k8s_9_private_port } + + k8s_9_vm: + type: OS::Nova::Server + properties: + name: + list_join: ['-', [ { get_param: 'OS::stack_name' }, 'k8s_9']] + image: { get_param: ubuntu_1604_image } + flavor: { get_param: k8s_vm_flavor } + key_name: { get_param: key_name } + networks: + - port: { get_resource: k8s_9_private_port } + user_data_format: RAW + user_data: + str_replace: + params: + __docker_proxy__: { get_param: docker_proxy } + __apt_proxy__: { get_param: apt_proxy } + __docker_version__: { get_param: docker_version } + __rancher_ip_addr__: { get_attr: [rancher_floating_ip, floating_ip_address] } + __rancher_private_ip_addr__: { get_attr: [rancher_floating_ip, fixed_ip_address] } + template: + get_file: k8s_vm_entrypoint.sh + + k8s_10_private_port: + type: OS::Neutron::Port + properties: + network: { get_resource: oam_network } + fixed_ips: [{"subnet": { get_resource: oam_subnet }}] + security_groups: + - { get_resource: onap_sg } + + k8s_10_floating_ip: + type: OS::Neutron::FloatingIP + properties: + floating_network_id: { get_param: public_net_id } + port_id: { get_resource: k8s_10_private_port } + + k8s_10_vm: + type: OS::Nova::Server + properties: + name: + list_join: ['-', [ { get_param: 'OS::stack_name' }, 'k8s_10']] + image: { get_param: ubuntu_1604_image } + flavor: { get_param: k8s_vm_flavor } + key_name: { get_param: key_name } + networks: + - port: { get_resource: k8s_10_private_port } + user_data_format: RAW + user_data: + str_replace: + params: + __docker_proxy__: { get_param: docker_proxy } + __apt_proxy__: { get_param: apt_proxy } + __docker_version__: { get_param: docker_version } + __rancher_ip_addr__: { get_attr: [rancher_floating_ip, floating_ip_address] } + __rancher_private_ip_addr__: { get_attr: [rancher_floating_ip, fixed_ip_address] } + template: + get_file: k8s_vm_entrypoint.sh + + k8s_11_private_port: + type: OS::Neutron::Port + properties: + network: { get_resource: oam_network } + fixed_ips: [{"subnet": { get_resource: oam_subnet }}] + security_groups: + - { get_resource: onap_sg } + + k8s_11_floating_ip: + type: OS::Neutron::FloatingIP + properties: + floating_network_id: { get_param: public_net_id } + port_id: { get_resource: k8s_11_private_port } + + k8s_11_vm: + type: OS::Nova::Server + properties: + name: + list_join: ['-', [ { get_param: 'OS::stack_name' }, 'k8s_11']] + image: { get_param: ubuntu_1604_image } + flavor: { get_param: k8s_vm_flavor } + key_name: { get_param: key_name } + networks: + - port: { get_resource: k8s_11_private_port } + user_data_format: RAW + user_data: + str_replace: + params: + __docker_proxy__: { get_param: docker_proxy } + __apt_proxy__: { get_param: apt_proxy } + __docker_version__: { get_param: docker_version } + __rancher_ip_addr__: { get_attr: [rancher_floating_ip, floating_ip_address] } + __rancher_private_ip_addr__: { get_attr: [rancher_floating_ip, fixed_ip_address] } + template: + get_file: k8s_vm_entrypoint.sh + + k8s_12_private_port: + type: OS::Neutron::Port + properties: + network: { get_resource: oam_network } + fixed_ips: [{"subnet": { get_resource: oam_subnet }}] + security_groups: + - { get_resource: onap_sg } + + k8s_12_floating_ip: + type: OS::Neutron::FloatingIP + properties: + floating_network_id: { get_param: public_net_id } + port_id: { get_resource: k8s_12_private_port } + + k8s_12_vm: + type: OS::Nova::Server + properties: + name: + list_join: ['-', [ { get_param: 'OS::stack_name' }, 'k8s_12']] + image: { get_param: ubuntu_1604_image } + flavor: { get_param: k8s_vm_flavor } + key_name: { get_param: key_name } + networks: + - port: { get_resource: k8s_12_private_port } + user_data_format: RAW + user_data: + str_replace: + params: + __docker_proxy__: { get_param: docker_proxy } + __apt_proxy__: { get_param: apt_proxy } + __docker_version__: { get_param: docker_version } + __rancher_ip_addr__: { get_attr: [rancher_floating_ip, floating_ip_address] } + __rancher_private_ip_addr__: { get_attr: [rancher_floating_ip, fixed_ip_address] } + template: + get_file: k8s_vm_entrypoint.sh + + k8s_13_private_port: + type: OS::Neutron::Port + properties: + network: { get_resource: oam_network } + fixed_ips: [{"subnet": { get_resource: oam_subnet }}] + security_groups: + - { get_resource: onap_sg } + + k8s_13_floating_ip: + type: OS::Neutron::FloatingIP + properties: + floating_network_id: { get_param: public_net_id } + port_id: { get_resource: k8s_13_private_port } + + k8s_13_vm: + type: OS::Nova::Server + properties: + name: + list_join: ['-', [ { get_param: 'OS::stack_name' }, 'k8s_13']] + image: { get_param: ubuntu_1604_image } + flavor: { get_param: k8s_vm_flavor } + key_name: { get_param: key_name } + networks: + - port: { get_resource: k8s_13_private_port } + user_data_format: RAW + user_data: + str_replace: + params: + __docker_proxy__: { get_param: docker_proxy } + __apt_proxy__: { get_param: apt_proxy } + __docker_version__: { get_param: docker_version } + __rancher_ip_addr__: { get_attr: [rancher_floating_ip, floating_ip_address] } + __rancher_private_ip_addr__: { get_attr: [rancher_floating_ip, fixed_ip_address] } + template: + get_file: k8s_vm_entrypoint.sh + outputs: rancher_vm_ip: description: The IP address of the rancher instance @@ -460,3 +726,31 @@ outputs: description: The IP address of the k8s_6 instance value: { get_attr: [k8s_6_floating_ip, floating_ip_address] } + k8s_7_vm_ip: + description: The IP address of the k8s_7 instance + value: { get_attr: [k8s_7_floating_ip, floating_ip_address] } + + k8s_8_vm_ip: + description: The IP address of the k8s_8 instance + value: { get_attr: [k8s_8_floating_ip, floating_ip_address] } + + k8s_9_vm_ip: + description: The IP address of the k8s_9 instance + value: { get_attr: [k8s_9_floating_ip, floating_ip_address] } + + k8s_10_vm_ip: + description: The IP address of the k8s_10 instance + value: { get_attr: [k8s_10_floating_ip, floating_ip_address] } + + k8s_11_vm_ip: + description: The IP address of the k8s_11 instance + value: { get_attr: [k8s_11_floating_ip, floating_ip_address] } + + k8s_12_vm_ip: + description: The IP address of the k8s_12 instance + value: { get_attr: [k8s_12_floating_ip, floating_ip_address] } + + k8s_13_vm_ip: + description: The IP address of the k8s_13 instance + value: { get_attr: [k8s_13_floating_ip, floating_ip_address] } + diff --git a/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/docker-compose.yml b/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/docker-compose.yml index 1673715cb..2a928217d 100644 --- a/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/docker-compose.yml +++ b/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/docker-compose.yml @@ -42,12 +42,15 @@ services: command: ["-server", "-bootstrap"] ves-hv-collector: - image: $DOCKER_REGISTRY/onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:latest + image: ${DOCKER_REGISTRY_PREFIX}onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:latest ports: - "6060:6060" - "6061:6061/tcp" entrypoint: ["java", "-Dio.netty.leakDetection.level=paranoid", "-cp", "*:", "org.onap.dcae.collectors.veshv.main.MainKt"] - command: ["--listen-port", "6061","--config-url", "http://consul:8500/v1/kv/veshv-config"] + command: ["--listen-port", "6061", + "--config-url", "http://consul:8500/v1/kv/veshv-config", + "--key-store-password", "onaponap", + "--trust-store-password", "onaponap"] healthcheck: interval: 10s timeout: 5s @@ -61,7 +64,7 @@ services: - ves-hv-default unencrypted-ves-hv-collector: - image: $DOCKER_REGISTRY/onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:latest + image: ${DOCKER_REGISTRY_PREFIX}onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:latest ports: - "7060:6060" - "7061:6061/tcp" @@ -80,7 +83,7 @@ services: - ves-hv-default dcae-app-simulator: - image: $DOCKER_REGISTRY/onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-dcae-app-simulator:latest + image: ${DOCKER_REGISTRY_PREFIX}onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-dcae-app-simulator:latest ports: - "6063:6063/tcp" command: ["--listen-port", "6063", "--kafka-bootstrap-servers", "kafka:9092", "--kafka-topics", "ves_hvRanMeas"] diff --git a/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/setup.sh b/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/setup.sh index 6b527fc22..6f72521af 100755 --- a/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/setup.sh +++ b/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/setup.sh @@ -2,14 +2,25 @@ set -euo pipefail -pip uninstall -y docker-py -pip install docker - -COMPOSE_VERSION=1.22.0 -COMPOSE_LOCATION='/usr/local/bin/docker-compose' -sudo curl -L https://github.com/docker/compose/releases/download/${COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m) -o ${COMPOSE_LOCATION} -sudo chmod +x ${COMPOSE_LOCATION} - +if [[ $# -eq 1 ]] && [[ $1 == "local-test-run" ]]; then + echo "Building locally - assuming all dependencies are installed" + export DOCKER_REGISTRY="" + export DOCKER_REGISTRY_PREFIX="" + export WORKSPACE=$(git rev-parse --show-toplevel) +else + echo "Default run - install all dependencies" + + pip uninstall -y docker-py + pip install docker + + COMPOSE_VERSION=1.22.0 + COMPOSE_LOCATION='/usr/local/bin/docker-compose' + sudo curl -L https://github.com/docker/compose/releases/download/${COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m) -o ${COMPOSE_LOCATION} + sudo chmod +x ${COMPOSE_LOCATION} + + export DOCKER_REGISTRY="nexus3.onap.org:10001" + export DOCKER_REGISTRY_PREFIX="${DOCKER_REGISTRY}/" +fi echo "Removing not used docker networks" docker network prune -f @@ -19,14 +30,11 @@ echo "Creating network for containers: ${CONTAINERS_NETWORK}" docker network create ${CONTAINERS_NETWORK} cd ssl -make FILE=client -make FILE=server -make FILE=invalid_client CA=invalid_trust +./gen-certs.sh cd .. -export DOCKER_REGISTRY="nexus3.onap.org:10001" docker-compose up -d -mkdir ${WORKSPACE}/archives/containers_logs +mkdir -p ${WORKSPACE}/archives/containers_logs -export ROBOT_VARIABLES="--pythonpath ${WORKSPACE}/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/libraries"
\ No newline at end of file +export ROBOT_VARIABLES="--pythonpath ${WORKSPACE}/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/libraries" diff --git a/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/.gitignore b/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/.gitignore new file mode 100644 index 000000000..0729569ce --- /dev/null +++ b/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/.gitignore @@ -0,0 +1,6 @@ +*.crt +*.key +*.srl +*.csr +*.pkcs12 +*.p12 diff --git a/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/Makefile b/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/Makefile-openssl index 5fddc6b1d..a32d30dd0 100644 --- a/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/Makefile +++ b/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/Makefile-openssl @@ -1,12 +1,13 @@ FILE=sample -CA_PASSWD=onap +PASSWD=onaponap +CA_PASSWD=onaponap SUBJ=/C=PL/ST=DL/L=Wroclaw/O=Nokia/OU=MANO CA=trust sign: $(FILE).crt clean: - rm -f *.crt *.key *.srl *.csr + rm -f *.crt *.key *.srl *.csr *.pkcs12 generate-ca-certificate: $(CA).crt @@ -16,6 +17,11 @@ create-public-key: $(FILE).pub create-sign-request: $(FILE).csr +create-key-store: $(FILE).ks.pkcs12 + +create-trust-store: $(CA).crt + openssl pkcs12 -export -in $(CA).crt -CAfile $(CA).crt -out $(CA).pkcs12 -nokeys -noiter -nomaciter -passout pass:$(PASSWD) + $(CA).crt: openssl req -new -x509 -keyout $(CA).key -out $(CA).crt -days 365 -passout pass:$(CA_PASSWD) -subj "$(SUBJ)" @@ -29,4 +35,7 @@ $(FILE).csr: $(FILE).key openssl req -new -sha256 -key $(FILE).key -out $(FILE).csr -subj "$(SUBJ)" $(FILE).crt: $(CA).crt $(FILE).csr - openssl x509 -req -days 360 -in $(FILE).csr -CA $(CA).crt -CAkey $(CA).key -out $(FILE).crt -CAcreateserial -passin pass:$(CA_PASSWD)
\ No newline at end of file + openssl x509 -req -days 360 -in $(FILE).csr -CA $(CA).crt -CAkey $(CA).key -out $(FILE).crt -CAcreateserial -passin pass:$(CA_PASSWD) + +$(FILE).ks.pkcs12: $(FILE).key $(FILE).crt $(CA).crt + openssl pkcs12 -export -in $(FILE).crt -inkey $(FILE).key -CAfile $(CA).crt -out $(FILE).ks.pkcs12 -noiter -nomaciter -passout pass:$(PASSWD) diff --git a/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/README.md b/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/README.md index 174c16641..c2819d249 100644 --- a/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/README.md +++ b/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/README.md @@ -1,5 +1,23 @@ # Generating SSL certificates +## Java keytool way (recommended) + +To generate: + +```shell +./gen-certs.sh +``` + +To clean (remove generated files): + +```shell +./gen-certs.sh clean +``` + +## OpenSSL way (currently might not work) + +> Add `-f Makefile-openssl` to each command + Typical usage: ```shell @@ -7,12 +25,30 @@ make FILE=client make FILE=server ``` +or (to generate PKCS12 key and trust stores): + +```shell +make create-key-store FILE=client +make create-key-store FILE=server +make create-trust-store +``` + Will generate CA certificate and signed client and server certificates. More "low-level" usage: ```shell make generate-ca-certificate -make generate-private-key FILE=client +make generate-private-key FILE=client make sign FILE=client ``` + +# Connecting to a server + +First generate *client* and *server* certificates. Then start a server with it's cert and make ca.crt a trusted certification authority. + +After that you can: + +```shell +./connect.sh client localhost:8600 < file_with_a_data_to_be_sent.dat +``` diff --git a/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/gen-certs.sh b/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/gen-certs.sh new file mode 100755 index 000000000..34572f7a7 --- /dev/null +++ b/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/gen-certs.sh @@ -0,0 +1,59 @@ +#!/usr/bin/env bash + +set -eu -o pipefail -o xtrace + +STORE_PASS=onaponap +CN_PREFIX=dcaegen2-hvves +DNAME_PREFIX="C=PL,ST=DL,L=Wroclaw,O=Nokia,OU=MANO,CN=${CN_PREFIX}" + +store_opts="-storetype PKCS12 -storepass ${STORE_PASS} -noprompt" + +function gen_key() { + local key_name="$1" + local ca="$2" + local keystore="-keystore ${key_name}.p12 ${store_opts}" + keytool -genkey -alias ${key_name} \ + ${keystore} \ + -keyalg RSA \ + -validity 730 \ + -keysize 2048 \ + -dname "${DNAME_PREFIX}-${key_name}" + keytool -import -trustcacerts -alias ${ca} -file ${ca}.crt ${keystore} + + keytool -certreq -alias ${key_name} -keyalg RSA ${keystore} | \ + keytool -alias ${ca} -gencert -ext "san=dns:${CN_PREFIX}-${ca}" ${store_opts} -keystore ${ca}.p12 | \ + keytool -alias ${key_name} -importcert ${keystore} +} + + +function gen_ca() { + local ca="$1" + keytool -genkeypair ${store_opts} -alias ${ca} -dname "${DNAME_PREFIX}-${ca}" -keystore ${ca}.p12 + keytool -export -alias ${ca} -file ${ca}.crt ${store_opts} -keystore ${ca}.p12 +} + +function gen_truststore() { + local name="$1" + local trusted_ca="$2" + keytool -import -trustcacerts -alias ca -file ${trusted_ca}.crt ${store_opts} -keystore ${name}.p12 +} + +function clean() { + rm -f *.crt *.p12 +} + +if [[ $# -eq 0 ]]; then + gen_ca ca + gen_ca untrustedca + gen_truststore trust ca + gen_truststore untrustedtrust untrustedca + gen_key client ca + gen_key server ca + gen_key untrustedclient untrustedca +elif [[ $1 == "clean" ]]; then + clean +else + echo "usage: $0 [clean]" + exit 1 +fi + diff --git a/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/teardown.sh b/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/teardown.sh index 246fb8363..fe922ed09 100755 --- a/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/teardown.sh +++ b/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/teardown.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash cd ssl -make clean +./gen-certs.sh clean cd .. COMPOSE_LOGS_FILE=${WORKSPACE}/archives/containers_logs/docker-compose.log @@ -12,6 +12,5 @@ docker-compose rm -f docker network rm ${CONTAINERS_NETWORK} if grep "LEAK:" ${COMPOSE_LOGS_FILE}; then - echo "Teardown failed. Memory leak detected in docker-compose logs." - exit 1 + echo "WARNING: Memory leak detected in docker-compose logs." fi diff --git a/test/csit/plans/music/music-test-plan/teardown.sh b/test/csit/plans/music/music-test-plan/teardown.sh index a5f74238c..e05ef9d1c 100755 --- a/test/csit/plans/music/music-test-plan/teardown.sh +++ b/test/csit/plans/music/music-test-plan/teardown.sh @@ -36,14 +36,18 @@ echo "#"; echo "# music scripts docker containers killing"; echo "#"; echo "##########################################################"; -docker stop music-tomcat -docker stop music-war -docker stop music-zk +docker stop music-tomcat +docker stop music-war +docker stop music-zk +docker stop music-job +docker stop music-casstest docker stop music-db -docker rm music-zk -docker rm music-tomcat -docker rm music-war +docker rm music-zk +docker rm music-tomcat +docker rm music-war +docker rm music-job +docker rm music-casstest docker rm music-db docker network rm music-net; diff --git a/test/csit/plans/policy/distribution/setup.sh b/test/csit/plans/policy/distribution/setup.sh new file mode 100644 index 000000000..9b894e3d2 --- /dev/null +++ b/test/csit/plans/policy/distribution/setup.sh @@ -0,0 +1,31 @@ +#!/bin/bash +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +docker run -d --name policy-distribution -p 6969:6969 -it nexus3.onap.org:10001/onap/policy-distribution:2.0.0-SNAPSHOT-latest + +POLICY_DISTRIBUTION_IP=`get-instance-ip.sh policy-distribution` +echo DISTRIBUTION IP IS ${POLICY_DISTRIBUTION_IP} +Wait for initialization +for i in {1..10}; do + curl -sS ${POLICY_DISTRIBUTION_IP}:6969 && break + echo sleep $i + sleep $i +done + +ROBOT_VARIABLES="-v POLICY_DISTRIBUTION_IP:${POLICY_DISTRIBUTION_IP}" diff --git a/test/csit/plans/policy/distribution/teardown.sh b/test/csit/plans/policy/distribution/teardown.sh new file mode 100644 index 000000000..562df6b34 --- /dev/null +++ b/test/csit/plans/policy/distribution/teardown.sh @@ -0,0 +1,20 @@ +#!/bin/bash +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +kill-instance.sh policy-distribution diff --git a/test/csit/plans/policy/distribution/testplan.txt b/test/csit/plans/policy/distribution/testplan.txt new file mode 100644 index 000000000..6f74cce4c --- /dev/null +++ b/test/csit/plans/policy/distribution/testplan.txt @@ -0,0 +1,3 @@ +# Test suites are relative paths under [integration.git]/test/csit/tests/. +# Place the suites in run order. +policy/distribution/distribution-test.robot diff --git a/test/csit/plans/vfc-nfvo-wfengine/sanity-check/setup.sh b/test/csit/plans/vfc-nfvo-wfengine/sanity-check/setup.sh index f990aa5a7..e7c755fa8 100644 --- a/test/csit/plans/vfc-nfvo-wfengine/sanity-check/setup.sh +++ b/test/csit/plans/vfc-nfvo-wfengine/sanity-check/setup.sh @@ -74,7 +74,7 @@ IMAGE_MGRSERVICE_NAME="${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/${IMAGE}" # Start wfengine-mgrservice #docker run -d --name vfc_wfengine_mgrservice -p 8805:10550 -e SERVICE_IP=$SERVICE_IP -e SERVICE_PORT=8805 -e OPENPALETTE_MSB_IP=${MSB_IAG_IP} -e OPENPALETTE_MSB_PORT=80 ${IMAGE_MGRSERVICE_NAME} -# docker run -d --name vfc_wfengine_mgrservice -p 8805:10550 -e SERVICE_PORT=10550 -e OPENPALETTE_MSB_IP=${MSB_IAG_IP} -e OPENPALETTE_MSB_PORT=80 ${IMAGE_MGRSERVICE_NAME} +#docker run -d --name vfc_wfengine_mgrservice -p 8805:10550 -e SERVICE_PORT=10550 -e OPENPALETTE_MSB_IP=${MSB_IAG_IP} -e OPENPALETTE_MSB_PORT=80 ${IMAGE_MGRSERVICE_NAME} docker run -d --name vfc_wfengine_mgrservice -p 8805:10550 -e SERVICE_PORT=10550 -e OPENPALETTE_MSB_IP=${WFENGINE_ACTIVITI_IP} -e OPENPALETTE_MSB_PORT=8080 ${IMAGE_MGRSERVICE_NAME} ##docker run -d --name ${IMAGE} -e OPENPALETTE_MSB_IP=${WFENGINEACTIVITIR_IP} -e OPENPALETTE_MSB_PORT=8080 ${IMAGE_MGRSERVICE_NAME} diff --git a/test/csit/tests/common.robot b/test/csit/tests/common.robot index 8af66a5df..f0dea2552 100644 --- a/test/csit/tests/common.robot +++ b/test/csit/tests/common.robot @@ -1,6 +1,7 @@ #Robot functions that will be shared also with other tests *** Settings *** Library OperatingSystem +Library HttpLibrary.HTTP *** Keywords *** json_from_file diff --git a/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/libraries/XnfSimulatorLibrary.py b/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/libraries/XnfSimulatorLibrary.py index 26d5a91c2..f6a978754 100644 --- a/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/libraries/XnfSimulatorLibrary.py +++ b/test/csit/tests/dcaegen2-collectors-hv-ves/testcases/libraries/XnfSimulatorLibrary.py @@ -6,7 +6,7 @@ from time import sleep XNF_SIMULATOR_NAME = "xNF Simulator" SIMULATOR_IMAGE_NAME = "onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-xnf-simulator" -SIMULATOR_IMAGE_FULL_NAME = os.getenv("DOCKER_REGISTRY") + "/" + SIMULATOR_IMAGE_NAME + ":latest" +SIMULATOR_IMAGE_FULL_NAME = os.getenv("DOCKER_REGISTRY_PREFIX") + SIMULATOR_IMAGE_NAME + ":latest" WORKSPACE_ENV = os.getenv("WORKSPACE") certificates_dir_path = WORKSPACE_ENV + "/test/csit/plans/dcaegen2-collectors-hv-ves/testsuites/ssl/" collector_certs_lookup_dir = "/etc/ves-hv/" @@ -128,11 +128,11 @@ class XnfSimulator: should_disable_ssl, should_connect_to_unencrypted_hv_ves): self.port = port - cert_name_prefix = "" if should_use_valid_certs else "invalid_" + cert_name_prefix = "" if should_use_valid_certs else "untrusted" certificates_path_with_file_prefix = collector_certs_lookup_dir + cert_name_prefix - self.cert_path = certificates_path_with_file_prefix + "client.crt" - self.key_path = certificates_path_with_file_prefix + "client.key" - self.trust_cert_path = certificates_path_with_file_prefix + "trust.crt" + self.key_store_path = certificates_path_with_file_prefix + "client.p12" + self.trust_store_path = certificates_path_with_file_prefix + "trust.p12" + self.sec_store_passwd = "onaponap" self.disable_ssl = should_disable_ssl self.hv_collector_host = "unencrypted-ves-hv-collector" \ if should_connect_to_unencrypted_hv_ves else "ves-hv-collector" @@ -141,10 +141,12 @@ class XnfSimulator: startup_command = ["--listen-port", self.port, "--ves-host", self.hv_collector_host, "--ves-port", "6061", - "--cert-file", self.cert_path, - "--private-key-file", self.key_path, - "--trust-cert-file", self.trust_cert_path] - if (self.disable_ssl): + "--key-store", self.key_store_path, + "--trust-store", self.trust_store_path, + "--key-store-password", self.sec_store_passwd, + "--trust-store-password", self.sec_store_passwd + ] + if self.disable_ssl: startup_command.append("--ssl-disable") return startup_command diff --git a/test/csit/tests/policy/distribution/distribution-test.robot b/test/csit/tests/policy/distribution/distribution-test.robot new file mode 100644 index 000000000..1b9fa212b --- /dev/null +++ b/test/csit/tests/policy/distribution/distribution-test.robot @@ -0,0 +1,17 @@ +*** Settings *** +Library Collections +Library RequestsLibrary +Library OperatingSystem +Library json + +*** Test Cases *** +Healthcheck + [Documentation] Runs Policy Distribution Health check + ${auth}= Create List healthcheck zb!XztG34 + Log Creating session http://${POLICY_DISTRIBUTION_IP}:6969 + ${session}= Create Session policy http://${POLICY_DISTRIBUTION_IP}:6969 auth=${auth} + ${headers}= Create Dictionary Accept=application/json Content-Type=application/json + ${resp}= Get Request policy /healthcheck headers=${headers} + Log Received response from policy ${resp.text} + Should Be Equal As Strings ${resp.status_code} 200 + Should Be Equal As Strings ${resp.json()['code']} 200 diff --git a/test/ete/labs/gwu/onap-openstack-template.env b/test/ete/labs/gwu/onap-openstack-template.env index 53139b542..09f180b73 100644 --- a/test/ete/labs/gwu/onap-openstack-template.env +++ b/test/ete/labs/gwu/onap-openstack-template.env @@ -95,7 +95,7 @@ parameters: # # ########################### - dcae_deployment_profile: R2MVP + dcae_deployment_profile: R3MVP ################################ # # diff --git a/test/ete/labs/huawei/onap-openstack-template.env b/test/ete/labs/huawei/onap-openstack-template.env index e6e2a2cbf..25098e2db 100644 --- a/test/ete/labs/huawei/onap-openstack-template.env +++ b/test/ete/labs/huawei/onap-openstack-template.env @@ -95,7 +95,7 @@ parameters: # # ########################### - dcae_deployment_profile: R2MVP + dcae_deployment_profile: R3MVP ################################ # # diff --git a/test/ete/labs/tlab/onap-openstack-template.env b/test/ete/labs/tlab/onap-openstack-template.env index dcdb7d574..3d36a98b3 100644 --- a/test/ete/labs/tlab/onap-openstack-template.env +++ b/test/ete/labs/tlab/onap-openstack-template.env @@ -96,7 +96,7 @@ parameters: # # ########################### - dcae_deployment_profile: R2MVP + dcae_deployment_profile: R3MVP ################################ # # diff --git a/test/ete/labs/windriver/onap-openstack-template.env b/test/ete/labs/windriver/onap-openstack-template.env index 90d901d79..ba7f25ca6 100644 --- a/test/ete/labs/windriver/onap-openstack-template.env +++ b/test/ete/labs/windriver/onap-openstack-template.env @@ -95,7 +95,7 @@ parameters: # # ########################### - dcae_deployment_profile: R2MVP + dcae_deployment_profile: R3MVP ################################ # # diff --git a/test/mocks/pnfsimulator/README.md b/test/mocks/pnfsimulator/README.md index 14b62eecc..567c5d06b 100644 --- a/test/mocks/pnfsimulator/README.md +++ b/test/mocks/pnfsimulator/README.md @@ -36,13 +36,25 @@ After that again execute sftp command: *sftp -P 2222 -i ssh/ssh_host_rsa_key sft In order to disable usage of SSH keys and start using password, change in *docker-compose.yml* service *sftp-service* entry *command* from *sftp-user::1001* to *sftp-user:password:1001* ###FTPES support -PNF Simulator allows to serve files via FTPES server. FTPES server has predefined user: onap with password: pano. -In order to connect we execute command *ftp-ssl host* and then enter user name and password. -In order to download execute command while logged in*get file_name*. -In order to add a new file execute command while logged in*put file_name*. +PNF Simulator allows to serve files via FTPES server. FTPES server has predefined user *onap* with password *pano*. + +####FTPES support with TLS enabled +By default TLS support is enabled. In order to verify connection, please use *FileZilla* for testing. + +####FTPES support for TLS disabled +For local testing TLS may be disabled, but it's not recommended. +In order to set up such configuration, comment or remove in *ftpes-server* service section in *docker-compose.yml* following entries: +- *./ftpes/tls/:/etc/ssl/private/* +- *ADDED_FLAGS: --tls=2* + +After that execute *./simulator.sh stop* and when it's finished *./simulator.sh start* . + +In order to connect execute command *ftp -p localhost 2221* and, when requested, provide user and password. +In order to download a file execute, while still being logged in, *get file-name-to-be-downloaded*. + ###Developer mode -For development of PNF Simulator, run *simulator.sh* start-dev in order to run Netopeer. +For development of PNF Simulator, run *simulator.sh* start-dev in order to run minimal necessary set of supporting services such as Netopeer of FTP servers. After that it is possible to run PNF Simulator from IDE. diff --git a/test/mocks/pnfsimulator/docker-compose.yml b/test/mocks/pnfsimulator/docker-compose.yml index 3d23e00c9..214a7733a 100644 --- a/test/mocks/pnfsimulator/docker-compose.yml +++ b/test/mocks/pnfsimulator/docker-compose.yml @@ -45,11 +45,14 @@ services: image: stilliard/pure-ftpd:latest ports: - "2221:21" + - "30000-30009:30000-30009" volumes: + - ./ftpes/files:/home/ftpusers/onap - ./ftpes/userpass/:/etc/pure-ftpd/passwd/ - ./ftpes/tls/:/etc/ssl/private/ - - ./ftpes/files:/home/onap + environment: PUBLICHOST: localhost ADDED_FLAGS: --tls=2 + FTP_USER_HOME: onap restart: on-failure
\ No newline at end of file diff --git a/test/mocks/pnfsimulator/ftpes/files/ftpes-noone.txt b/test/mocks/pnfsimulator/ftpes/files/ftpes-noone.txt new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/mocks/pnfsimulator/ftpes/files/ftpes-noone.txt diff --git a/test/mocks/pnfsimulator/ftpes/files/onap/ftpes-onap.txt b/test/mocks/pnfsimulator/ftpes/files/onap/ftpes-onap.txt new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/mocks/pnfsimulator/ftpes/files/onap/ftpes-onap.txt |