From 41ccc6e8a54f11e0014707730bf3ef80385a01fa Mon Sep 17 00:00:00 2001 From: Cédric Ollivier Date: Thu, 15 Dec 2016 15:14:50 +0100 Subject: Convert files to Unix format. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: I51fabb809e0f446a4dcf2108af10a3f137b177d3 Signed-off-by: Cédric Ollivier --- docker/docker_remote_api/docs/TLS-intro.rst | 214 ++++++------- docker/docker_remote_api/enable_remote_api.sh | 102 +++---- functest/ci/config_functest.yaml | 422 +++++++++++++------------- functest/opnfv_tests/sdn/onos/sfc/sfc_onos.py | 2 +- setup.py | 50 +-- 5 files changed, 395 insertions(+), 395 deletions(-) diff --git a/docker/docker_remote_api/docs/TLS-intro.rst b/docker/docker_remote_api/docs/TLS-intro.rst index 934f99a8..44fdd4ae 100644 --- a/docker/docker_remote_api/docs/TLS-intro.rst +++ b/docker/docker_remote_api/docs/TLS-intro.rst @@ -1,107 +1,107 @@ -Encrypt the docker remote API via TLS for Ubuntu and CentOS - -[Introduction] -The Docker daemon can listen to Docker Remote API requests via three types of -Socket: unix, tcp and fd. By default, a unix domain socket (or IPC socket) is -created at /var/run/docker.sock, requiring either root permission, or docker -group membership. - -Port 2375 is conventionally used for un-encrypted communition with Docker daemon -remotely, where docker server can be accessed by any docker client via tcp socket -in local area network. You can listen to port 2375 on all network interfaces with --H tcp://0.0.0.0:2375, where 0.0.0.0 means any available IP address on host, and -tcp://0.0.0.0:2375 indicates that port 2375 is listened on any IP of daemon host. -If we want to make docker server open on the Internet via TCP port, and only trusted -clients have the right to access the docker server in a safe manner, port 2376 for -encrypted communication with the daemon should be listened. It can be achieved to -create certificate and distribute it to the trusted clients. - -Through creating self-signed certificate, and using --tlsverify command when running -Docker daemon, Docker daemon opens the TLS authentication. Thus only the clients -with related private key files can have access to the Docker daemon's server. As -long as the key files for encryption are secure between docker server and client, -the Docker daemon can keep secure. -In summary, -Firstly we should create docker server certificate and related key files, which -are distributed to the trusted clients. -Then the clients with related key files can access docker server. - -[Steps] -1.0. Create a CA, server and client keys with OpenSSL. - OpenSSL is used to generate certificate, and can be installed as follows. - apt-get install openssl openssl-devel - -1.1 First generate CA private and public keys. - openssl genrsa -aes256 -out ca-key.pem 4096 - openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem - - You are about to be asked to enter information that will be incorporated - into your certificate request, where the instance of $HOST should be replaced - with the DNS name of your Docker daemon's host, here the DNS name of my Docker - daemon is ly. - Common Name (e.g. server FQDN or YOUR name) []:$HOST - -1.2 Now we have a CA (ca-key.pem and ca.pem), you can create a server key and -certificate signing request. - openssl genrsa -out server-key.pem 4096 - openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr - -1.3 Sign the public key with our CA. - TLS connections can be made via IP address as well as DNS name, they need to be - specified when creating the certificate. - - echo subjectAltName = IP:172.16.10.121,IP:127.0.0.1 > extfile.cnf - openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \ - -CAcreateserial -out server-cert.pem -extfile extfile.cnf - -1.4 For client authentication, create a client key and certificate signing request. - openssl genrsa -out key.pem 4096 - openssl req -subj '/CN=client' -new -key key.pem -out client.csr - -1.5 To make the key suitable for client authentication, create an extensions config file. - echo extendedKeyUsage = clientAuth > extfile.cnf - -1.6 Sign the public key and after generating cert.pem and server-cert.pem, two certificate - signing requests can be removed. - openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem \ - -CAcreateserial -out cert.pem -extfile extfile.cnf - -1.7 In order to protect your keys from accidental damage, you may change file modes to - be only readable. - chmod -v 0400 ca-key.pem key.pem server-key.pem - chmod -v 0444 ca.pem server-cert.pem cert.pem - -1.8 Build docker server - dockerd --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem \ - -H=0.0.0.0:2376 - Then, it can be seen from the command 'netstat -ntlp' that port 2376 has been listened - and the Docker daemon only accept connections from clients providing a certificate - trusted by our CA. - -1.9 Distribute the keys to the client - scp /etc/docker/ca.pem wwl@172.16.10.121:/etc/docker - scp /etc/docker/cert.pem wwl@172.16.10.121:/etc/docker - scp /etc/docker/key.pem wwl@172.16.10.121:/etc/docker - Where, wwl and 172.16.10.121 is the username and IP of the client respectively. - And the password of the client is needed when you distribute the keys to the client. - -1.10 To access Docker daemon from the client via keys. - docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem \ - -H=$HOST:2376 version - - Then we can operate docker in the Docker daemon from the client vis keys, for example: - 1) create container from the client - docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=ly:2376 run -d \ - -it --name w1 grafana/grafana - 2) list containers from the client - docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=ly:2376 pa -a - 3) stop/start containers from the client - docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=ly:2376 stop w1 - docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=ly:2376 start w1 - - - - - - - +Encrypt the docker remote API via TLS for Ubuntu and CentOS + +[Introduction] +The Docker daemon can listen to Docker Remote API requests via three types of +Socket: unix, tcp and fd. By default, a unix domain socket (or IPC socket) is +created at /var/run/docker.sock, requiring either root permission, or docker +group membership. + +Port 2375 is conventionally used for un-encrypted communition with Docker daemon +remotely, where docker server can be accessed by any docker client via tcp socket +in local area network. You can listen to port 2375 on all network interfaces with +-H tcp://0.0.0.0:2375, where 0.0.0.0 means any available IP address on host, and +tcp://0.0.0.0:2375 indicates that port 2375 is listened on any IP of daemon host. +If we want to make docker server open on the Internet via TCP port, and only trusted +clients have the right to access the docker server in a safe manner, port 2376 for +encrypted communication with the daemon should be listened. It can be achieved to +create certificate and distribute it to the trusted clients. + +Through creating self-signed certificate, and using --tlsverify command when running +Docker daemon, Docker daemon opens the TLS authentication. Thus only the clients +with related private key files can have access to the Docker daemon's server. As +long as the key files for encryption are secure between docker server and client, +the Docker daemon can keep secure. +In summary, +Firstly we should create docker server certificate and related key files, which +are distributed to the trusted clients. +Then the clients with related key files can access docker server. + +[Steps] +1.0. Create a CA, server and client keys with OpenSSL. + OpenSSL is used to generate certificate, and can be installed as follows. + apt-get install openssl openssl-devel + +1.1 First generate CA private and public keys. + openssl genrsa -aes256 -out ca-key.pem 4096 + openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem + + You are about to be asked to enter information that will be incorporated + into your certificate request, where the instance of $HOST should be replaced + with the DNS name of your Docker daemon's host, here the DNS name of my Docker + daemon is ly. + Common Name (e.g. server FQDN or YOUR name) []:$HOST + +1.2 Now we have a CA (ca-key.pem and ca.pem), you can create a server key and +certificate signing request. + openssl genrsa -out server-key.pem 4096 + openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr + +1.3 Sign the public key with our CA. + TLS connections can be made via IP address as well as DNS name, they need to be + specified when creating the certificate. + + echo subjectAltName = IP:172.16.10.121,IP:127.0.0.1 > extfile.cnf + openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \ + -CAcreateserial -out server-cert.pem -extfile extfile.cnf + +1.4 For client authentication, create a client key and certificate signing request. + openssl genrsa -out key.pem 4096 + openssl req -subj '/CN=client' -new -key key.pem -out client.csr + +1.5 To make the key suitable for client authentication, create an extensions config file. + echo extendedKeyUsage = clientAuth > extfile.cnf + +1.6 Sign the public key and after generating cert.pem and server-cert.pem, two certificate + signing requests can be removed. + openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem \ + -CAcreateserial -out cert.pem -extfile extfile.cnf + +1.7 In order to protect your keys from accidental damage, you may change file modes to + be only readable. + chmod -v 0400 ca-key.pem key.pem server-key.pem + chmod -v 0444 ca.pem server-cert.pem cert.pem + +1.8 Build docker server + dockerd --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem \ + -H=0.0.0.0:2376 + Then, it can be seen from the command 'netstat -ntlp' that port 2376 has been listened + and the Docker daemon only accept connections from clients providing a certificate + trusted by our CA. + +1.9 Distribute the keys to the client + scp /etc/docker/ca.pem wwl@172.16.10.121:/etc/docker + scp /etc/docker/cert.pem wwl@172.16.10.121:/etc/docker + scp /etc/docker/key.pem wwl@172.16.10.121:/etc/docker + Where, wwl and 172.16.10.121 is the username and IP of the client respectively. + And the password of the client is needed when you distribute the keys to the client. + +1.10 To access Docker daemon from the client via keys. + docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem \ + -H=$HOST:2376 version + + Then we can operate docker in the Docker daemon from the client vis keys, for example: + 1) create container from the client + docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=ly:2376 run -d \ + -it --name w1 grafana/grafana + 2) list containers from the client + docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=ly:2376 pa -a + 3) stop/start containers from the client + docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=ly:2376 stop w1 + docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=ly:2376 start w1 + + + + + + + diff --git a/docker/docker_remote_api/enable_remote_api.sh b/docker/docker_remote_api/enable_remote_api.sh index 6867eedd..76e59b85 100755 --- a/docker/docker_remote_api/enable_remote_api.sh +++ b/docker/docker_remote_api/enable_remote_api.sh @@ -1,51 +1,51 @@ -#!/bin/bash -# SPDX-license-identifier: Apache-2.0 - -# ****************************** -# Script to update the docker host configuration -# to enable Docker Remote API -# ****************************** - -if [ -f /etc/lsb-release ]; then - #tested on ubuntu 14.04 and 16.04 - if grep -q "#DOCKER_OPTS=" "/etc/default/docker"; then - cp /etc/default/docker /etc/default/docker.bak - sed -i 's/^#DOCKER_OPTS.*$/DOCKER_OPTS=\"-H unix:\/\/\/var\/run\/docker.sock -H tcp:\/\/0.0.0.0:2375\"/g' /etc/default/docker - else - echo DOCKER_OPTS=\"-H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375\" >> /etc/default/docker - fi - service docker restart - #docker start $(docker ps -aq) -elif [ -f /etc/system-release ]; then - #tested on centos 7.2 - if grep -q "ExecStart=\/usr\/bin\/docker-current daemon" "/lib/systemd/system/docker.service"; then - cp /lib/systemd/system/docker.service /lib/systemd/system/docker.service.bak - sed -i 's/^ExecStart=.*$/ExecStart=\/usr\/bin\/docker daemon -H tcp:\/\/0.0.0.0:2375 -H unix:\/\/\/var\/run\/docker.sock \\/g' /lib/systemd/system/docker.service - systemctl daemon-reload - systemctl restart docker - else - echo "to be implemented" - fi -else - echo "OS is not supported" -fi - -# Issue Note for Ubuntu -# 1. If the configuration of the file /etc/default/docker does not take effect after restarting docker service, -# you may try to modify /lib/systemd/system/docker.service -# commands: -# cp /lib/systemd/system/docker.service /lib/systemd/system/docker.service.bak -# sed -i '/^ExecStart/i\EnvironmentFile=-/etc/default/docker' /lib/systemd/system/docker.service -# sed -i '/ExecStart=\/usr\/bin\/dockerd/{;s/$/ \$DOCKER_OPTS/}' /lib/systemd/system/docker.service -# systemctl daemon-reload -# service docker restart -# 2. Systemd is a system and session manager for Linux, where systemctl is one tool for systemd to view and control systemd. -# If the file /lib/systemd/system/docker.service is modified, systemd has to be reloaded to scan new or changed units. -# 1) systemd and related packages are available on the PPA. To use the PPA, first add it to your software sources list as follows. -# add-apt-repository ppa:pitti/systemd -# apt-get update -# 2) system can be installed from the PPS as follows. -# apt-get install systemd libpam-systemd systemd-ui - - - +#!/bin/bash +# SPDX-license-identifier: Apache-2.0 + +# ****************************** +# Script to update the docker host configuration +# to enable Docker Remote API +# ****************************** + +if [ -f /etc/lsb-release ]; then + #tested on ubuntu 14.04 and 16.04 + if grep -q "#DOCKER_OPTS=" "/etc/default/docker"; then + cp /etc/default/docker /etc/default/docker.bak + sed -i 's/^#DOCKER_OPTS.*$/DOCKER_OPTS=\"-H unix:\/\/\/var\/run\/docker.sock -H tcp:\/\/0.0.0.0:2375\"/g' /etc/default/docker + else + echo DOCKER_OPTS=\"-H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375\" >> /etc/default/docker + fi + service docker restart + #docker start $(docker ps -aq) +elif [ -f /etc/system-release ]; then + #tested on centos 7.2 + if grep -q "ExecStart=\/usr\/bin\/docker-current daemon" "/lib/systemd/system/docker.service"; then + cp /lib/systemd/system/docker.service /lib/systemd/system/docker.service.bak + sed -i 's/^ExecStart=.*$/ExecStart=\/usr\/bin\/docker daemon -H tcp:\/\/0.0.0.0:2375 -H unix:\/\/\/var\/run\/docker.sock \\/g' /lib/systemd/system/docker.service + systemctl daemon-reload + systemctl restart docker + else + echo "to be implemented" + fi +else + echo "OS is not supported" +fi + +# Issue Note for Ubuntu +# 1. If the configuration of the file /etc/default/docker does not take effect after restarting docker service, +# you may try to modify /lib/systemd/system/docker.service +# commands: +# cp /lib/systemd/system/docker.service /lib/systemd/system/docker.service.bak +# sed -i '/^ExecStart/i\EnvironmentFile=-/etc/default/docker' /lib/systemd/system/docker.service +# sed -i '/ExecStart=\/usr\/bin\/dockerd/{;s/$/ \$DOCKER_OPTS/}' /lib/systemd/system/docker.service +# systemctl daemon-reload +# service docker restart +# 2. Systemd is a system and session manager for Linux, where systemctl is one tool for systemd to view and control systemd. +# If the file /lib/systemd/system/docker.service is modified, systemd has to be reloaded to scan new or changed units. +# 1) systemd and related packages are available on the PPA. To use the PPA, first add it to your software sources list as follows. +# add-apt-repository ppa:pitti/systemd +# apt-get update +# 2) system can be installed from the PPS as follows. +# apt-get install systemd libpam-systemd systemd-ui + + + diff --git a/functest/ci/config_functest.yaml b/functest/ci/config_functest.yaml index 0da2bb8f..11ff7fdb 100755 --- a/functest/ci/config_functest.yaml +++ b/functest/ci/config_functest.yaml @@ -1,211 +1,211 @@ -general: - directories: - # Relative to the path where the repo is cloned: - dir_vping: functest/opnfv_tests/openstack/vping - dir_odl: functest/opnfv_tests/sdn/odl - dir_rally: functest/opnfv_tests/openstack/rally - dir_tempest_cases: functest/opnfv_tests/openstack/tempest/custom_tests - dir_vIMS: functest/opnfv_tests/vnf/ims - dir_onos: functest/opnfv_tests/sdn/onos/teston - dir_onos_sfc: functest/opnfv_tests/sdn/onos/sfc - - # Absolute path - dir_home: /home/opnfv - dir_repos: /home/opnfv/repos - dir_repo_functest: /home/opnfv/repos/functest - dir_repo_rally: /home/opnfv/repos/rally - dir_repo_tempest: /home/opnfv/repos/tempest - dir_repo_releng: /home/opnfv/repos/releng - dir_repo_vims_test: /home/opnfv/repos/vims-test - dir_repo_sdnvpn: /home/opnfv/repos/sdnvpn - dir_repo_sfc: /home/opnfv/repos/sfc - dir_repo_onos: /home/opnfv/repos/onos - dir_repo_promise: /home/opnfv/repos/promise - dir_repo_doctor: /home/opnfv/repos/doctor - dir_repo_copper: /home/opnfv/repos/copper - dir_repo_ovno: /home/opnfv/repos/ovno - dir_repo_parser: /home/opnfv/repos/parser - dir_repo_domino: /home/opnfv/repos/domino - dir_repo_snaps: /home/opnfv/repos/snaps - dir_functest: /home/opnfv/functest - dir_functest_test: /home/opnfv/repos/functest/functest/opnfv_tests - dir_results: /home/opnfv/functest/results - dir_functest_conf: /home/opnfv/functest/conf - dir_functest_data: /home/opnfv/functest/data - dir_vIMS_data: /home/opnfv/functest/data/vIMS/ - dir_rally_inst: /home/opnfv/.rally - - openstack: - creds: /home/opnfv/functest/conf/openstack.creds - snapshot_file: /home/opnfv/functest/conf/openstack_snapshot.yaml - - image_name: Cirros-0.3.4 - image_file_name: cirros-0.3.4-x86_64-disk.img - image_disk_format: qcow2 - - flavor_name: opnfv_flavor - flavor_ram: 512 - flavor_disk: 1 - flavor_vcpus: 1 - - # Private network for functest. Will be created by config_functest.py - neutron_private_net_name: functest-net - neutron_private_subnet_name: functest-subnet - neutron_private_subnet_cidr: 192.168.120.0/24 - neutron_private_subnet_start: 192.168.120.2 - neutron_private_subnet_end: 192.168.120.254 - neutron_private_subnet_gateway: 192.168.120.254 - neutron_router_name: functest-router - - functest: - testcases_yaml: /home/opnfv/repos/functest/functest/ci/testcases.yaml - -healthcheck: - disk_image: /home/opnfv/functest/data/cirros-0.3.4-x86_64-disk.img - disk_format: qcow2 - wait_time: 60 - -snaps: - use_keystone: True - use_floating_ips: False - -vping: - ping_timeout: 200 - vm_flavor: m1.tiny # adapt to your environment - vm_name_1: opnfv-vping-1 - vm_name_2: opnfv-vping-2 - image_name: functest-vping - vping_private_net_name: vping-net - vping_private_subnet_name: vping-subnet - vping_private_subnet_cidr: 192.168.130.0/24 - vping_router_name: vping-router - vping_sg_name: vPing-sg - vping_sg_descr: Security group for vPing test case - -onos_sfc: - image_base_url: http://artifacts.opnfv.org/sfc/demo - image_name: TestSfcVm - image_file_name: firewall_block_image.img - -tempest: - identity: - tenant_name: tempest - tenant_description: Tenant for Tempest test suite - user_name: tempest - user_password: tempest - validation: - ssh_timeout: 130 - private_net_name: tempest-net - private_subnet_name: tempest-subnet - private_subnet_cidr: 192.168.150.0/24 - router_name: tempest-router - use_custom_images: False - use_custom_flavors: False - -rally: - deployment_name: opnfv-rally - network_name: rally-net - subnet_name: rally-subnet - subnet_cidr: 192.168.140.0/24 - router_name: rally-router - -vIMS: - general: - tenant_name: vIMS - tenant_description: vIMS Functionality Testing - images: - ubuntu: - image_url: http://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img - image_name: ubuntu_14.04 - centos: - image_url: http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud-1510.qcow2 - image_name: centos_7 - cloudify: - blueprint: - url: https://github.com/boucherv-orange/cloudify-manager-blueprints.git - branch: "3.3.1-build" - requierments: - ram_min: 3000 - os_image: centos_7 - inputs: - keystone_username: "" - keystone_password: "" - keystone_tenant_name: "" - keystone_url: "" - manager_public_key_name: 'manager-kp' - agent_public_key_name: 'agent-kp' - image_id: "" - flavor_id: "3" - external_network_name: "" - ssh_user: centos - agents_user: ubuntu - clearwater: - blueprint: - file_name: 'openstack-blueprint.yaml' - name: "clearwater-opnfv" - destination_folder: "opnfv-cloudify-clearwater" - url: https://github.com/Orange-OpenSource/opnfv-cloudify-clearwater.git - branch: "stable" - deployment-name: 'clearwater-opnfv' - requierments: - ram_min: 1700 - os_image: ubuntu_14.04 - inputs: - image_id: '' - flavor_id: '' - agent_user: 'ubuntu' - external_network_name: '' - public_domain: clearwater.opnfv -ONOS: - general: - onosbench_username: 'root' - onosbench_password: 'root' - onoscli_username: 'root' - onoscli_password: 'root' - runtimeout: 300 - environment: - OCT: '10.20.0.1' - OC1: '10.20.0.7' - OC2: '10.20.0.7' - OC3: '10.20.0.7' - OCN: '10.20.0.4' - OCN2: '10.20.0.5' - installer_master: '10.20.0.2' - installer_master_username: 'root' - installer_master_password: 'r00tme' -multisite: - fuel_environment: - installer_username: 'root' - installer_password: 'r00tme' - compass_environment: - installer_username: 'root' - installer_password: 'root' - multisite_controller_ip: '10.1.0.50' -promise: - tenant_name: promise - tenant_description: promise Functionality Testing - user_name: promiser - user_pwd: test - image_name: promise-img - flavor_name: promise-flavor - flavor_vcpus: 1 - flavor_ram: 128 - flavor_disk: 0 - network_name: promise-net - subnet_name: promise-subnet - subnet_cidr: 192.168.121.0/24 - router_name: promise-router - -example: - example_vm_name: example-vm - example_flavor: m1.small - example_image_name: functest-example-vm - example_private_net_name: example-net - example_private_subnet_name: example-subnet - example_private_subnet_cidr: 192.168.170.0/24 - example_router_name: example-router - example_sg_name: example-sg - example_sg_descr: Example Security group - -results: - test_db_url: http://testresults.opnfv.org/test/api/v1 +general: + directories: + # Relative to the path where the repo is cloned: + dir_vping: functest/opnfv_tests/openstack/vping + dir_odl: functest/opnfv_tests/sdn/odl + dir_rally: functest/opnfv_tests/openstack/rally + dir_tempest_cases: functest/opnfv_tests/openstack/tempest/custom_tests + dir_vIMS: functest/opnfv_tests/vnf/ims + dir_onos: functest/opnfv_tests/sdn/onos/teston + dir_onos_sfc: functest/opnfv_tests/sdn/onos/sfc + + # Absolute path + dir_home: /home/opnfv + dir_repos: /home/opnfv/repos + dir_repo_functest: /home/opnfv/repos/functest + dir_repo_rally: /home/opnfv/repos/rally + dir_repo_tempest: /home/opnfv/repos/tempest + dir_repo_releng: /home/opnfv/repos/releng + dir_repo_vims_test: /home/opnfv/repos/vims-test + dir_repo_sdnvpn: /home/opnfv/repos/sdnvpn + dir_repo_sfc: /home/opnfv/repos/sfc + dir_repo_onos: /home/opnfv/repos/onos + dir_repo_promise: /home/opnfv/repos/promise + dir_repo_doctor: /home/opnfv/repos/doctor + dir_repo_copper: /home/opnfv/repos/copper + dir_repo_ovno: /home/opnfv/repos/ovno + dir_repo_parser: /home/opnfv/repos/parser + dir_repo_domino: /home/opnfv/repos/domino + dir_repo_snaps: /home/opnfv/repos/snaps + dir_functest: /home/opnfv/functest + dir_functest_test: /home/opnfv/repos/functest/functest/opnfv_tests + dir_results: /home/opnfv/functest/results + dir_functest_conf: /home/opnfv/functest/conf + dir_functest_data: /home/opnfv/functest/data + dir_vIMS_data: /home/opnfv/functest/data/vIMS/ + dir_rally_inst: /home/opnfv/.rally + + openstack: + creds: /home/opnfv/functest/conf/openstack.creds + snapshot_file: /home/opnfv/functest/conf/openstack_snapshot.yaml + + image_name: Cirros-0.3.4 + image_file_name: cirros-0.3.4-x86_64-disk.img + image_disk_format: qcow2 + + flavor_name: opnfv_flavor + flavor_ram: 512 + flavor_disk: 1 + flavor_vcpus: 1 + + # Private network for functest. Will be created by config_functest.py + neutron_private_net_name: functest-net + neutron_private_subnet_name: functest-subnet + neutron_private_subnet_cidr: 192.168.120.0/24 + neutron_private_subnet_start: 192.168.120.2 + neutron_private_subnet_end: 192.168.120.254 + neutron_private_subnet_gateway: 192.168.120.254 + neutron_router_name: functest-router + + functest: + testcases_yaml: /home/opnfv/repos/functest/functest/ci/testcases.yaml + +healthcheck: + disk_image: /home/opnfv/functest/data/cirros-0.3.4-x86_64-disk.img + disk_format: qcow2 + wait_time: 60 + +snaps: + use_keystone: True + use_floating_ips: False + +vping: + ping_timeout: 200 + vm_flavor: m1.tiny # adapt to your environment + vm_name_1: opnfv-vping-1 + vm_name_2: opnfv-vping-2 + image_name: functest-vping + vping_private_net_name: vping-net + vping_private_subnet_name: vping-subnet + vping_private_subnet_cidr: 192.168.130.0/24 + vping_router_name: vping-router + vping_sg_name: vPing-sg + vping_sg_descr: Security group for vPing test case + +onos_sfc: + image_base_url: http://artifacts.opnfv.org/sfc/demo + image_name: TestSfcVm + image_file_name: firewall_block_image.img + +tempest: + identity: + tenant_name: tempest + tenant_description: Tenant for Tempest test suite + user_name: tempest + user_password: tempest + validation: + ssh_timeout: 130 + private_net_name: tempest-net + private_subnet_name: tempest-subnet + private_subnet_cidr: 192.168.150.0/24 + router_name: tempest-router + use_custom_images: False + use_custom_flavors: False + +rally: + deployment_name: opnfv-rally + network_name: rally-net + subnet_name: rally-subnet + subnet_cidr: 192.168.140.0/24 + router_name: rally-router + +vIMS: + general: + tenant_name: vIMS + tenant_description: vIMS Functionality Testing + images: + ubuntu: + image_url: http://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img + image_name: ubuntu_14.04 + centos: + image_url: http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud-1510.qcow2 + image_name: centos_7 + cloudify: + blueprint: + url: https://github.com/boucherv-orange/cloudify-manager-blueprints.git + branch: "3.3.1-build" + requierments: + ram_min: 3000 + os_image: centos_7 + inputs: + keystone_username: "" + keystone_password: "" + keystone_tenant_name: "" + keystone_url: "" + manager_public_key_name: 'manager-kp' + agent_public_key_name: 'agent-kp' + image_id: "" + flavor_id: "3" + external_network_name: "" + ssh_user: centos + agents_user: ubuntu + clearwater: + blueprint: + file_name: 'openstack-blueprint.yaml' + name: "clearwater-opnfv" + destination_folder: "opnfv-cloudify-clearwater" + url: https://github.com/Orange-OpenSource/opnfv-cloudify-clearwater.git + branch: "stable" + deployment-name: 'clearwater-opnfv' + requierments: + ram_min: 1700 + os_image: ubuntu_14.04 + inputs: + image_id: '' + flavor_id: '' + agent_user: 'ubuntu' + external_network_name: '' + public_domain: clearwater.opnfv +ONOS: + general: + onosbench_username: 'root' + onosbench_password: 'root' + onoscli_username: 'root' + onoscli_password: 'root' + runtimeout: 300 + environment: + OCT: '10.20.0.1' + OC1: '10.20.0.7' + OC2: '10.20.0.7' + OC3: '10.20.0.7' + OCN: '10.20.0.4' + OCN2: '10.20.0.5' + installer_master: '10.20.0.2' + installer_master_username: 'root' + installer_master_password: 'r00tme' +multisite: + fuel_environment: + installer_username: 'root' + installer_password: 'r00tme' + compass_environment: + installer_username: 'root' + installer_password: 'root' + multisite_controller_ip: '10.1.0.50' +promise: + tenant_name: promise + tenant_description: promise Functionality Testing + user_name: promiser + user_pwd: test + image_name: promise-img + flavor_name: promise-flavor + flavor_vcpus: 1 + flavor_ram: 128 + flavor_disk: 0 + network_name: promise-net + subnet_name: promise-subnet + subnet_cidr: 192.168.121.0/24 + router_name: promise-router + +example: + example_vm_name: example-vm + example_flavor: m1.small + example_image_name: functest-example-vm + example_private_net_name: example-net + example_private_subnet_name: example-subnet + example_private_subnet_cidr: 192.168.170.0/24 + example_router_name: example-router + example_sg_name: example-sg + example_sg_descr: Example Security group + +results: + test_db_url: http://testresults.opnfv.org/test/api/v1 diff --git a/functest/opnfv_tests/sdn/onos/sfc/sfc_onos.py b/functest/opnfv_tests/sdn/onos/sfc/sfc_onos.py index 8ca32e9b..349b42a8 100644 --- a/functest/opnfv_tests/sdn/onos/sfc/sfc_onos.py +++ b/functest/opnfv_tests/sdn/onos/sfc/sfc_onos.py @@ -1,4 +1,4 @@ -import os +import os import re import time import json diff --git a/setup.py b/setup.py index 58a9a488..0c53ffbc 100644 --- a/setup.py +++ b/setup.py @@ -1,25 +1,25 @@ -############################################################################## -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -from setuptools import setup, find_packages - - -setup( - name="functest", - version="master", - py_modules=['cli_base'], - packages=find_packages(), - include_package_data=True, - package_data={ - }, - url="https://www.opnfv.org", - entry_points={ - 'console_scripts': [ - 'functest=functest.cli.cli_base:cli' - ], - }, -) +############################################################################## +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +from setuptools import setup, find_packages + + +setup( + name="functest", + version="master", + py_modules=['cli_base'], + packages=find_packages(), + include_package_data=True, + package_data={ + }, + url="https://www.opnfv.org", + entry_points={ + 'console_scripts': [ + 'functest=functest.cli.cli_base:cli' + ], + }, +) -- cgit 1.2.3-korg