From f176944ff11798a36104d859b6225093586f808f Mon Sep 17 00:00:00 2001 From: Parth Inamdar Date: Mon, 6 Dec 2021 10:33:36 -0500 Subject: Added few changes to resolve config issues Signed-off-by: Parth V Inamdar Change-Id: If7e4a62fbe993130c36f36b4b781f4df7ee9eeaf --- .../internal/validator/kuberef/plugin_check.py | 109 +++++++++++++-------- .../internal/validator/kuberef/policy_checks.py | 6 +- .../internal/validator/kuberef/security_check.py | 26 ++++- 3 files changed, 95 insertions(+), 46 deletions(-) diff --git a/sdv/docker/sdvstate/internal/validator/kuberef/plugin_check.py b/sdv/docker/sdvstate/internal/validator/kuberef/plugin_check.py index e964707..9fd4b8c 100644 --- a/sdv/docker/sdvstate/internal/validator/kuberef/plugin_check.py +++ b/sdv/docker/sdvstate/internal/validator/kuberef/plugin_check.py @@ -2,6 +2,8 @@ CNI Plugin Check Multi-interface CNI Check """ +#pylint: disable=broad-except + import time import logging @@ -32,38 +34,38 @@ def create_daemonset(apps_instance): 'labels': { 'name': 'alpine' } - } - }, - 'spec': { - 'containers': [{ - 'name': 'alpine', - 'image': 'alpine:3.2', - 'command': ["sh", "-c", "echo \"Hello K8s\" && sleep 3600"], - 'volumeMounts': [{ + }, + 'spec': { + 'containers': [{ + 'name': 'alpine', + 'image': 'alpine:3.2', + 'command': ["sh", "-c", "echo \"Hello K8s\" && sleep 3600"], + 'volumeMounts': [{ + 'name': 'etccni', + 'mountPath': '/etc/cni' + }, { + 'name': 'optcnibin', + 'mountPath': '/opt/cni/bin', + 'readOnly': True + }] + }], + 'volumes': [{ 'name': 'etccni', - 'mountPath': '/etc/cni' + 'hostPath': { + 'path': '/etc/cni' + } }, { 'name': 'optcnibin', - 'mountPath': '/opt/cni/bin', - 'readOnly': True + 'hostPath': { + 'path': '/opt/cni/bin' + } + }], + 'tolerations': [{ + 'effect': 'NoSchedule', + 'key': 'node-role.kubernetes.io/master', + 'operator': 'Exists' }] - }], - 'volumes': [{ - 'name': 'etccni', - 'hostPath': { - 'path': '/etc/cni' - } - }, { - 'name': 'optcnibin', - 'hostPath': { - 'path': '/opt/cni/bin' - } - }], - 'tolerations': [{ - 'effect': 'NoSchedule', - 'key': 'node-role.kubernetes.io/master', - 'operator': 'Exists' - }] + } } } } @@ -93,17 +95,28 @@ def multi_interface_cni_check(): for pod in pods: if 'plugin-check-test-set' in pod.metadata.name: - list_of_plugin_conf = kube_exec(pod, cmd) - list_of_plugin_conf = list_of_plugin_conf.split("\n") + try: + list_of_plugin_conf = kube_exec(pod, cmd) + list_of_plugin_conf = list_of_plugin_conf.split("\n") - cmd3 = ['cat', list_of_plugin_conf[0]] - multi_interface_conf = kube_exec(pod, cmd3) + cmd3 = ['cat', "/etc/cni/net.d/"+list_of_plugin_conf[0]] + multi_interface_conf = kube_exec(pod, cmd3) - if 'multus' not in multi_interface_conf: - result['criteria'] = 'fail' + if 'multus' not in multi_interface_conf: + result['criteria'] = 'fail' + + status.append(list_of_plugin_conf) + status.append(multi_interface_conf) - status.append(list_of_plugin_conf) - status.append(multi_interface_conf) + except ConnectionError as error: + status.append(error) + + except RuntimeError as error: + status.append(error) + + except Exception as error: + result['criteria'] = 'fail' + status.append(error) apps_instance.delete_namespaced_daemon_set('plugin-check-test-set', 'default') result['details'].append(status) @@ -135,14 +148,26 @@ def cni_plugin_check(): for pod in pods: if 'plugin-check-test-set' in pod.metadata.name: - list_of_cni_from_dir = kube_exec(pod, cmd) + try: + list_of_cni_from_dir = kube_exec(pod, cmd) - for plugin in cni_plugins: - if plugin not in list_of_cni_from_dir: - result['criteria'] = 'fail' + for plugin in cni_plugins: + if plugin not in list_of_cni_from_dir: + result['criteria'] = 'fail' + + status.append(list_of_cni_from_dir) + daemon_pods.append(pod.metadata.name) + + except ConnectionError as error: + status.append(error) + + except RuntimeError as error: + status.append(error) + + except Exception as error: + result['criteria'] = 'fail' + status.append(error) - status.append(list_of_cni_from_dir) - daemon_pods.append(pod.metadata.name) apps_instance.delete_namespaced_daemon_set('plugin-check-test-set', 'default') diff --git a/sdv/docker/sdvstate/internal/validator/kuberef/policy_checks.py b/sdv/docker/sdvstate/internal/validator/kuberef/policy_checks.py index 6993fd7..1e7b36c 100644 --- a/sdv/docker/sdvstate/internal/validator/kuberef/policy_checks.py +++ b/sdv/docker/sdvstate/internal/validator/kuberef/policy_checks.py @@ -19,7 +19,7 @@ def cpu_manager_policy_check(): node_list = api.list_node() nodes = [] - for node in node_list: + for node in node_list.items: nodes.append(node.metadata.name) result = {'category': 'compute', @@ -78,7 +78,7 @@ def topology_manager_policy_check(): node_list = api.list_node() nodes = [] - for node in node_list: + for node in node_list.items: nodes.append(node.metadata.name) @@ -102,7 +102,7 @@ def topology_manager_policy_check(): flag = True - topology_manager = settings.getValue('pdf_file')['undercloud_ook']['topo_manager_policy'] + topology_manager = settings.getValue('pdf_file')['vim_functional']['topo_manager_policy'] if topology_manager['type'] == configz['kubeletconfig']['topologyManagerPolicy']: if topology_manager['scope'] == configz['kubeletconfig']['topologyManagerScope']: diff --git a/sdv/docker/sdvstate/internal/validator/kuberef/security_check.py b/sdv/docker/sdvstate/internal/validator/kuberef/security_check.py index f49048c..a6c15ee 100644 --- a/sdv/docker/sdvstate/internal/validator/kuberef/security_check.py +++ b/sdv/docker/sdvstate/internal/validator/kuberef/security_check.py @@ -2,6 +2,8 @@ Security Checks """ +#pylint: disable=broad-except + import time import logging from tools.kube_utils import kube_api, kube_curl @@ -62,6 +64,12 @@ def capability_check(): except RuntimeError as error: status.append(error) + except Exception as error: + kube.delete_namespaced_pod(name=pod_cap.metadata.name, namespace='default') + result['criteria'] = 'fail' + status.append(error) + + result['details'].append(status) store_result(logger, result) return result @@ -118,6 +126,11 @@ def privilege_check(): except RuntimeError as error: status.append(error) + except Exception as error: + kube.delete_namespaced_pod(name=pod_priv.metadata.name, namespace='default') + result['criteria'] = 'fail' + status.append(error) + result['details'].append(status) store_result(logger, result) @@ -157,7 +170,7 @@ def host_network_check(): try: pod_nw = kube.create_namespaced_pod(body=pod_manifest, namespace='default') - time.sleep(5) + time.sleep(6) kube.delete_namespaced_pod(name=pod_nw.metadata.name, namespace='default') result['criteria'] = 'fail' @@ -168,6 +181,12 @@ def host_network_check(): except RuntimeError as error: status.append(error) + except Exception as error: + kube.delete_namespaced_pod(name=pod_nw.metadata.name, namespace='default') + result['criteria'] = 'fail' + status.append(error) + + result['details'].append(status) store_result(logger, result) @@ -227,6 +246,11 @@ def host_path_vol_check(): except RuntimeError as error: status.append(error) + except Exception as error: + kube.delete_namespaced_pod(name=pod_vol.metadata.name, namespace='default') + result['criteria'] = 'fail' + status.append(error) + result['details'].append(status) store_result(logger, result) -- cgit 1.2.3-korg