diff options
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | clover/logging/conftest.py | 15 | ||||
-rw-r--r-- | clover/logging/es_test.py | 30 | ||||
-rw-r--r-- | clover/logging/validate.py | 3 | ||||
-rw-r--r-- | docker/Dockerfile | 4 | ||||
-rw-r--r-- | docs/release/release-notes/Fraser-release-notes.rst | 10 | ||||
-rw-r--r-- | docs/release/userguide/Fraser-userguide.rst | 12 | ||||
-rw-r--r-- | samples/services/snort_ids/docker/grpc/snort.proto | 5 | ||||
-rw-r--r-- | samples/services/snort_ids/docker/grpc/snort_client.py | 16 | ||||
-rw-r--r-- | samples/services/snort_ids/docker/grpc/snort_pb2.py | 23 | ||||
-rw-r--r-- | samples/services/snort_ids/docker/grpc/snort_server.py | 3 |
11 files changed, 98 insertions, 24 deletions
@@ -35,3 +35,4 @@ cover/ .tox/ # work env work/ +.pytest_cache diff --git a/clover/logging/conftest.py b/clover/logging/conftest.py new file mode 100644 index 0000000..d464fab --- /dev/null +++ b/clover/logging/conftest.py @@ -0,0 +1,15 @@ +# Copyright (c) Authors of Clover +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 + +from elasticsearch import Elasticsearch +import pytest + +ES_HOST="localhost:9200" + +@pytest.fixture +def es(): + return Elasticsearch([ES_HOST]) diff --git a/clover/logging/es_test.py b/clover/logging/es_test.py new file mode 100644 index 0000000..bd0e359 --- /dev/null +++ b/clover/logging/es_test.py @@ -0,0 +1,30 @@ +# Copyright (c) Authors of Clover +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 + +INDEX_PATTERN='logstash-*' +TAG='newlog.logentry.istio-system' + +def test_health(es): + assert es.cat.health(h='status') != 'red\n' + +def test_indices(es): + assert len(es.cat.indices(INDEX_PATTERN)) > 0 + +def test_logentry(es): + assert es.count( + index=INDEX_PATTERN, + body={"query":{"match":{"tag":TAG}}})['count'] > 0 + +def test_lb(es): + """requests in and out load balance should match""" + from_lb = es.count( + index=INDEX_PATTERN, + body={"query":{"match":{"source": "http-lb"}}}) + to_lb = es.count( + index=INDEX_PATTERN, + body={"query":{"match":{"destination": "http-lb"}}}) + assert from_lb['count'] == to_lb['count'] diff --git a/clover/logging/validate.py b/clover/logging/validate.py index 821f912..aca0394 100644 --- a/clover/logging/validate.py +++ b/clover/logging/validate.py @@ -9,6 +9,8 @@ from kubernetes import client, config from kubernetes.stream import stream import sh import re +import os +import pytest FLUENTD_NAMESPACE = 'logging' FLUENTD_PATTERN = 'fluentd-.*' @@ -54,3 +56,4 @@ def main(): if __name__ == '__main__': main() + pytest.main([os.path.dirname(os.path.realpath(__file__))]) diff --git a/docker/Dockerfile b/docker/Dockerfile index daed730..2cd6340 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -7,7 +7,6 @@ FROM ubuntu:16.04 LABEL image=opnfv/clover -ARG BRANCH=master ARG ISTIO_VERSION=0.6.0 # GIT repo directory @@ -20,7 +19,8 @@ ENV CLOVER_REPO_DIR="${REPOS_DIR}/clover" RUN apt-get update \ && apt-get install -y git python-setuptools python-pip curl apt-transport-https \ && apt-get -y autoremove && apt-get clean \ - && pip install --upgrade pip + && pip install --upgrade pip \ + && python -m pip install grpcio argparse # Fetch source code RUN mkdir -p ${REPOS_DIR} diff --git a/docs/release/release-notes/Fraser-release-notes.rst b/docs/release/release-notes/Fraser-release-notes.rst index 3e864fb..becd2da 100644 --- a/docs/release/release-notes/Fraser-release-notes.rst +++ b/docs/release/release-notes/Fraser-release-notes.rst @@ -4,7 +4,7 @@ .. (c) optionally add copywriters name
-This document provides the release notes for Fraser of OPNFV Clover.
+This document provides Clover project's release notes for the OPNFV Fraser release.
.. contents::
:depth: 3
@@ -25,8 +25,8 @@ Version history Important notes
===============
-The OPNFV Clover project for Fraser can ONLY be run on Kubernetes version 1.9.3 or
-above
+The Clover project for OPNFV Fraser can ONLY be run on Kubernetes version 1.9.3 or
+later
Summary
=======
@@ -61,11 +61,11 @@ Version change Module version changes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-Fraser marks the first release of OPNFV Clover
+OPNFV Fraser marks the first release for Clover
Document version changes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-Fraser marks the first release of OPNFV Clover
+OPNFV Fraser marks the first release for Clover
Reason for version
^^^^^^^^^^^^^^^^^^^^
diff --git a/docs/release/userguide/Fraser-userguide.rst b/docs/release/userguide/Fraser-userguide.rst index 243c4e1..a15fdc1 100644 --- a/docs/release/userguide/Fraser-userguide.rst +++ b/docs/release/userguide/Fraser-userguide.rst @@ -8,7 +8,7 @@ Clover User Guide (Fraser Release) ================================================================ -This document provides the user guide for Fraser release of Clover. +This document provides the Clover user guide for OPNFV Fraser release. .. contents:: :depth: 3 @@ -18,9 +18,9 @@ This document provides the user guide for Fraser release of Clover. Description =========== -Project Clover was established to investigate best practice to implement, +Project Clover was established to investigate best practices to implement, build, deploy, and operate virtual network functions as cloud native -applications. "Cloud native" has a ever evolving and expanding definition, +applications. "Cloud native" has an ever evolving and expanding definition, and in Clover, the focus is effectively running and operating VNFs built in a micro-service design pattern running on Docker containers and orchestrated by Kubernetes. @@ -57,8 +57,8 @@ What is in Fraser? Usage ===== - * each modules (service mesh, logging, tracing, monitoring) are Python - modules with their own set of library calls / API exposed. The descriptions + * each module (service mesh, logging, tracing, monitoring) is a Python + module with its own set of library calls/ API exposed. The descriptions of these library calls are under doc/developer (TBD) * tools directory contains Python tools for generic use @@ -72,7 +72,7 @@ Usage - user specify via yaml the "success" expectation of v2 (latency, performance, session loss...etc) - Clover tool validates sessions conformance with user defined expectations - - The "commit" action is invoked to move 100% traffic to v2 + - The "commit" action is invoked to move 100% of the traffic to v2 - Clover tool validates traffic conformance with route rules - A fault is injected for the path to the extra service of v2 which adds a one second delay onto the path diff --git a/samples/services/snort_ids/docker/grpc/snort.proto b/samples/services/snort_ids/docker/grpc/snort.proto index 8d69baa..f524bb4 100644 --- a/samples/services/snort_ids/docker/grpc/snort.proto +++ b/samples/services/snort_ids/docker/grpc/snort.proto @@ -27,8 +27,9 @@ message AddRule { string src_port = 4; string src_ip = 5; string msg = 6; - string sid = 7; - string rev = 8; + string content = 7; + string sid = 8; + string rev = 9; } message SnortReply { diff --git a/samples/services/snort_ids/docker/grpc/snort_client.py b/samples/services/snort_ids/docker/grpc/snort_client.py index d59b4ee..ca71af8 100644 --- a/samples/services/snort_ids/docker/grpc/snort_client.py +++ b/samples/services/snort_ids/docker/grpc/snort_client.py @@ -30,6 +30,8 @@ def run(args, grpc_port='50052'): return add_tcprule(stub) elif args['cmd'] == 'addicmp': return add_icmprule(stub) + elif args['cmd'] == 'addscan': + return add_scanrule(stub) elif args['cmd'] == 'start': return start_snort(stub) elif args['cmd'] == 'stop': @@ -78,6 +80,20 @@ def add_icmprule(stub): return response.message +def add_scanrule(stub): + try: + response = stub.AddRules(snort_pb2.AddRule( + protocol='tcp', dest_port='any', dest_ip='$HOME_NET', + src_port='any', src_ip='any', + msg='MALWARE-CNC User-Agent ASafaWeb Scan', sid='10000003', + rev='001', content='"asafaweb.com"')) + print(stop_snort(stub)) + print(start_snort(stub)) + except Exception as e: + return e + return response.message + + def start_snort(stub): try: response = stub.StartSnort(snort_pb2.ControlSnort(pid='0')) diff --git a/samples/services/snort_ids/docker/grpc/snort_pb2.py b/samples/services/snort_ids/docker/grpc/snort_pb2.py index 93641ef..8828b78 100644 --- a/samples/services/snort_ids/docker/grpc/snort_pb2.py +++ b/samples/services/snort_ids/docker/grpc/snort_pb2.py @@ -19,7 +19,7 @@ DESCRIPTOR = _descriptor.FileDescriptor( name='snort.proto', package='snort', syntax='proto3', - serialized_pb=_b('\n\x0bsnort.proto\x12\x05snort\"\x1b\n\x0c\x43ontrolSnort\x12\x0b\n\x03pid\x18\x01 \x01(\t\"\x88\x01\n\x07\x41\x64\x64Rule\x12\x10\n\x08protocol\x18\x01 \x01(\t\x12\x11\n\tdest_port\x18\x02 \x01(\t\x12\x0f\n\x07\x64\x65st_ip\x18\x03 \x01(\t\x12\x10\n\x08src_port\x18\x04 \x01(\t\x12\x0e\n\x06src_ip\x18\x05 \x01(\t\x12\x0b\n\x03msg\x18\x06 \x01(\t\x12\x0b\n\x03sid\x18\x07 \x01(\t\x12\x0b\n\x03rev\x18\x08 \x01(\t\"\x1d\n\nSnortReply\x12\x0f\n\x07message\x18\x01 \x01(\t2\xac\x01\n\nController\x12/\n\x08\x41\x64\x64Rules\x12\x0e.snort.AddRule\x1a\x11.snort.SnortReply\"\x00\x12\x36\n\nStartSnort\x12\x13.snort.ControlSnort\x1a\x11.snort.SnortReply\"\x00\x12\x35\n\tStopSnort\x12\x13.snort.ControlSnort\x1a\x11.snort.SnortReply\"\x00\x62\x06proto3') + serialized_pb=_b('\n\x0bsnort.proto\x12\x05snort\"\x1b\n\x0c\x43ontrolSnort\x12\x0b\n\x03pid\x18\x01 \x01(\t\"\x99\x01\n\x07\x41\x64\x64Rule\x12\x10\n\x08protocol\x18\x01 \x01(\t\x12\x11\n\tdest_port\x18\x02 \x01(\t\x12\x0f\n\x07\x64\x65st_ip\x18\x03 \x01(\t\x12\x10\n\x08src_port\x18\x04 \x01(\t\x12\x0e\n\x06src_ip\x18\x05 \x01(\t\x12\x0b\n\x03msg\x18\x06 \x01(\t\x12\x0f\n\x07\x63ontent\x18\x07 \x01(\t\x12\x0b\n\x03sid\x18\x08 \x01(\t\x12\x0b\n\x03rev\x18\t \x01(\t\"\x1d\n\nSnortReply\x12\x0f\n\x07message\x18\x01 \x01(\t2\xac\x01\n\nController\x12/\n\x08\x41\x64\x64Rules\x12\x0e.snort.AddRule\x1a\x11.snort.SnortReply\"\x00\x12\x36\n\nStartSnort\x12\x13.snort.ControlSnort\x1a\x11.snort.SnortReply\"\x00\x12\x35\n\tStopSnort\x12\x13.snort.ControlSnort\x1a\x11.snort.SnortReply\"\x00\x62\x06proto3') ) @@ -106,19 +106,26 @@ _ADDRULE = _descriptor.Descriptor( is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='sid', full_name='snort.AddRule.sid', index=6, + name='content', full_name='snort.AddRule.content', index=6, number=7, type=9, cpp_type=9, label=1, has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='rev', full_name='snort.AddRule.rev', index=7, + name='sid', full_name='snort.AddRule.sid', index=7, number=8, type=9, cpp_type=9, label=1, has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='rev', full_name='snort.AddRule.rev', index=8, + number=9, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), ], extensions=[ ], @@ -132,7 +139,7 @@ _ADDRULE = _descriptor.Descriptor( oneofs=[ ], serialized_start=52, - serialized_end=188, + serialized_end=205, ) @@ -162,8 +169,8 @@ _SNORTREPLY = _descriptor.Descriptor( extension_ranges=[], oneofs=[ ], - serialized_start=190, - serialized_end=219, + serialized_start=207, + serialized_end=236, ) DESCRIPTOR.message_types_by_name['ControlSnort'] = _CONTROLSNORT @@ -200,8 +207,8 @@ _CONTROLLER = _descriptor.ServiceDescriptor( file=DESCRIPTOR, index=0, options=None, - serialized_start=222, - serialized_end=394, + serialized_start=239, + serialized_end=411, methods=[ _descriptor.MethodDescriptor( name='AddRules', diff --git a/samples/services/snort_ids/docker/grpc/snort_server.py b/samples/services/snort_ids/docker/grpc/snort_server.py index 3c2fdb1..9ece832 100644 --- a/samples/services/snort_ids/docker/grpc/snort_server.py +++ b/samples/services/snort_ids/docker/grpc/snort_server.py @@ -35,7 +35,8 @@ class Controller(snort_pb2_grpc.ControllerServicer): f = open(file_local, 'a') rule = 'alert {} {} {} -> {} {} '.format( r.protocol, r.src_ip, r.src_port, r.dest_ip, r.dest_port) \ - + '(msg:"{}"; sid:{}; rev:{};)\n'.format(r.msg, r.sid, r.rev) + + '(msg:"{}"; content:{}; sid:{}; rev:{};)\n'.format( + r.msg, r.content, r.sid, r.rev) f.write(rule) f.close msg = "Added to local rules" |