aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--sdv/docker/sdvstate/internal/validator/kuberef/plugin_check.py109
-rw-r--r--sdv/docker/sdvstate/internal/validator/kuberef/policy_checks.py6
-rw-r--r--sdv/docker/sdvstate/internal/validator/kuberef/security_check.py26
3 files changed, 95 insertions, 46 deletions
diff --git a/sdv/docker/sdvstate/internal/validator/kuberef/plugin_check.py b/sdv/docker/sdvstate/internal/validator/kuberef/plugin_check.py
index e964707..9fd4b8c 100644
--- a/sdv/docker/sdvstate/internal/validator/kuberef/plugin_check.py
+++ b/sdv/docker/sdvstate/internal/validator/kuberef/plugin_check.py
@@ -2,6 +2,8 @@
CNI Plugin Check
Multi-interface CNI Check
"""
+#pylint: disable=broad-except
+
import time
import logging
@@ -32,38 +34,38 @@ def create_daemonset(apps_instance):
'labels': {
'name': 'alpine'
}
- }
- },
- 'spec': {
- 'containers': [{
- 'name': 'alpine',
- 'image': 'alpine:3.2',
- 'command': ["sh", "-c", "echo \"Hello K8s\" && sleep 3600"],
- 'volumeMounts': [{
+ },
+ 'spec': {
+ 'containers': [{
+ 'name': 'alpine',
+ 'image': 'alpine:3.2',
+ 'command': ["sh", "-c", "echo \"Hello K8s\" && sleep 3600"],
+ 'volumeMounts': [{
+ 'name': 'etccni',
+ 'mountPath': '/etc/cni'
+ }, {
+ 'name': 'optcnibin',
+ 'mountPath': '/opt/cni/bin',
+ 'readOnly': True
+ }]
+ }],
+ 'volumes': [{
'name': 'etccni',
- 'mountPath': '/etc/cni'
+ 'hostPath': {
+ 'path': '/etc/cni'
+ }
}, {
'name': 'optcnibin',
- 'mountPath': '/opt/cni/bin',
- 'readOnly': True
+ 'hostPath': {
+ 'path': '/opt/cni/bin'
+ }
+ }],
+ 'tolerations': [{
+ 'effect': 'NoSchedule',
+ 'key': 'node-role.kubernetes.io/master',
+ 'operator': 'Exists'
}]
- }],
- 'volumes': [{
- 'name': 'etccni',
- 'hostPath': {
- 'path': '/etc/cni'
- }
- }, {
- 'name': 'optcnibin',
- 'hostPath': {
- 'path': '/opt/cni/bin'
- }
- }],
- 'tolerations': [{
- 'effect': 'NoSchedule',
- 'key': 'node-role.kubernetes.io/master',
- 'operator': 'Exists'
- }]
+ }
}
}
}
@@ -93,17 +95,28 @@ def multi_interface_cni_check():
for pod in pods:
if 'plugin-check-test-set' in pod.metadata.name:
- list_of_plugin_conf = kube_exec(pod, cmd)
- list_of_plugin_conf = list_of_plugin_conf.split("\n")
+ try:
+ list_of_plugin_conf = kube_exec(pod, cmd)
+ list_of_plugin_conf = list_of_plugin_conf.split("\n")
- cmd3 = ['cat', list_of_plugin_conf[0]]
- multi_interface_conf = kube_exec(pod, cmd3)
+ cmd3 = ['cat', "/etc/cni/net.d/"+list_of_plugin_conf[0]]
+ multi_interface_conf = kube_exec(pod, cmd3)
- if 'multus' not in multi_interface_conf:
- result['criteria'] = 'fail'
+ if 'multus' not in multi_interface_conf:
+ result['criteria'] = 'fail'
+
+ status.append(list_of_plugin_conf)
+ status.append(multi_interface_conf)
- status.append(list_of_plugin_conf)
- status.append(multi_interface_conf)
+ except ConnectionError as error:
+ status.append(error)
+
+ except RuntimeError as error:
+ status.append(error)
+
+ except Exception as error:
+ result['criteria'] = 'fail'
+ status.append(error)
apps_instance.delete_namespaced_daemon_set('plugin-check-test-set', 'default')
result['details'].append(status)
@@ -135,14 +148,26 @@ def cni_plugin_check():
for pod in pods:
if 'plugin-check-test-set' in pod.metadata.name:
- list_of_cni_from_dir = kube_exec(pod, cmd)
+ try:
+ list_of_cni_from_dir = kube_exec(pod, cmd)
- for plugin in cni_plugins:
- if plugin not in list_of_cni_from_dir:
- result['criteria'] = 'fail'
+ for plugin in cni_plugins:
+ if plugin not in list_of_cni_from_dir:
+ result['criteria'] = 'fail'
+
+ status.append(list_of_cni_from_dir)
+ daemon_pods.append(pod.metadata.name)
+
+ except ConnectionError as error:
+ status.append(error)
+
+ except RuntimeError as error:
+ status.append(error)
+
+ except Exception as error:
+ result['criteria'] = 'fail'
+ status.append(error)
- status.append(list_of_cni_from_dir)
- daemon_pods.append(pod.metadata.name)
apps_instance.delete_namespaced_daemon_set('plugin-check-test-set', 'default')
diff --git a/sdv/docker/sdvstate/internal/validator/kuberef/policy_checks.py b/sdv/docker/sdvstate/internal/validator/kuberef/policy_checks.py
index 6993fd7..1e7b36c 100644
--- a/sdv/docker/sdvstate/internal/validator/kuberef/policy_checks.py
+++ b/sdv/docker/sdvstate/internal/validator/kuberef/policy_checks.py
@@ -19,7 +19,7 @@ def cpu_manager_policy_check():
node_list = api.list_node()
nodes = []
- for node in node_list:
+ for node in node_list.items:
nodes.append(node.metadata.name)
result = {'category': 'compute',
@@ -78,7 +78,7 @@ def topology_manager_policy_check():
node_list = api.list_node()
nodes = []
- for node in node_list:
+ for node in node_list.items:
nodes.append(node.metadata.name)
@@ -102,7 +102,7 @@ def topology_manager_policy_check():
flag = True
- topology_manager = settings.getValue('pdf_file')['undercloud_ook']['topo_manager_policy']
+ topology_manager = settings.getValue('pdf_file')['vim_functional']['topo_manager_policy']
if topology_manager['type'] == configz['kubeletconfig']['topologyManagerPolicy']:
if topology_manager['scope'] == configz['kubeletconfig']['topologyManagerScope']:
diff --git a/sdv/docker/sdvstate/internal/validator/kuberef/security_check.py b/sdv/docker/sdvstate/internal/validator/kuberef/security_check.py
index f49048c..a6c15ee 100644
--- a/sdv/docker/sdvstate/internal/validator/kuberef/security_check.py
+++ b/sdv/docker/sdvstate/internal/validator/kuberef/security_check.py
@@ -2,6 +2,8 @@
Security Checks
"""
+#pylint: disable=broad-except
+
import time
import logging
from tools.kube_utils import kube_api, kube_curl
@@ -62,6 +64,12 @@ def capability_check():
except RuntimeError as error:
status.append(error)
+ except Exception as error:
+ kube.delete_namespaced_pod(name=pod_cap.metadata.name, namespace='default')
+ result['criteria'] = 'fail'
+ status.append(error)
+
+
result['details'].append(status)
store_result(logger, result)
return result
@@ -118,6 +126,11 @@ def privilege_check():
except RuntimeError as error:
status.append(error)
+ except Exception as error:
+ kube.delete_namespaced_pod(name=pod_priv.metadata.name, namespace='default')
+ result['criteria'] = 'fail'
+ status.append(error)
+
result['details'].append(status)
store_result(logger, result)
@@ -157,7 +170,7 @@ def host_network_check():
try:
pod_nw = kube.create_namespaced_pod(body=pod_manifest, namespace='default')
- time.sleep(5)
+ time.sleep(6)
kube.delete_namespaced_pod(name=pod_nw.metadata.name, namespace='default')
result['criteria'] = 'fail'
@@ -168,6 +181,12 @@ def host_network_check():
except RuntimeError as error:
status.append(error)
+ except Exception as error:
+ kube.delete_namespaced_pod(name=pod_nw.metadata.name, namespace='default')
+ result['criteria'] = 'fail'
+ status.append(error)
+
+
result['details'].append(status)
store_result(logger, result)
@@ -227,6 +246,11 @@ def host_path_vol_check():
except RuntimeError as error:
status.append(error)
+ except Exception as error:
+ kube.delete_namespaced_pod(name=pod_vol.metadata.name, namespace='default')
+ result['criteria'] = 'fail'
+ status.append(error)
+
result['details'].append(status)
store_result(logger, result)