aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docker/Dockerfile132
-rw-r--r--docker/Dockerfile.aarch64.patch62
-rw-r--r--docker/config_install_env.sh26
-rw-r--r--docker/docker_remote_api/docs/TLS-intro.rst107
-rw-r--r--docker/docker_remote_api/enable_remote_api.sh51
-rw-r--r--docker/thirdparty-requirements.txt9
-rw-r--r--tox.ini11
7 files changed, 1 insertions, 397 deletions
diff --git a/docker/Dockerfile b/docker/Dockerfile
deleted file mode 100644
index 8d43c371a..000000000
--- a/docker/Dockerfile
+++ /dev/null
@@ -1,132 +0,0 @@
-########################################
-# Docker container for FUNCTEST
-########################################
-# All rights reserved. This program and the accompanying materials
-# are made available under the terms of the Apache License, Version 2.0
-# which accompanies this distribution, and is available at
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-
-FROM ubuntu:14.04
-MAINTAINER Jose Lausuch <jose.lausuch@ericsson.com>
-LABEL version="0.1" description="OPNFV Functest Docker container"
-
-# Environment variables
-ARG BRANCH=master
-ARG RALLY_TAG=stable/0.10
-ARG OS_FAULTS_TAG=0.1.16
-ARG ODL_TAG=e12ba90cd27577c4c6c70ee54f7d599b5f6777ba
-ARG OPENSTACK_TAG=stable/ocata
-ARG VIMS_TAG=stable
-ARG REFSTACK_TAG=4e187b07672dd1c41cb7c94658f1c91edebf53a2
-ARG REPOS_DIR=/home/opnfv/repos
-ARG FUNCTEST_BASE_DIR=/home/opnfv/functest
-ARG FUNCTEST_CONF_DIR=${FUNCTEST_BASE_DIR}/conf
-ARG FUNCTEST_DATA_DIR=${FUNCTEST_BASE_DIR}/data
-ARG FUNCTEST_IMAGES_DIR=${FUNCTEST_BASE_DIR}/images
-ARG FUNCTEST_RESULTS_DIR=${FUNCTEST_BASE_DIR}/results
-ARG FUNCTEST_DIR=/usr/local/lib/python2.7/dist-packages/functest/
-ARG REPOS_VNFS_DIR=${REPOS_DIR}/vnfs
-
-# Environment variables
-ENV CONFIG_FUNCTEST_YAML ${FUNCTEST_DIR}/ci/config_functest.yaml
-ENV REPOS_DIR ${REPOS_DIR}
-ENV creds ${FUNCTEST_CONF_DIR}/openstack.creds
-
-# Packaged dependencies
-RUN apt-get update && apt-get install -y \
-build-essential \
-bundler \
-crudini \
-curl \
-dnsmasq \
-gcc \
-git \
-libffi-dev \
-libgmp3-dev \
-libpq-dev \
-libssl-dev \
-libxml2-dev \
-libxslt-dev \
-libzmq3-dev \
-python-dev \
-python-mock \
-python-pip \
-python3 \
-python3-dev \
-python3-pip \
-postgresql \
-ruby \
-ruby-dev \
-ruby-bundler \
-ssh \
-sshpass \
-wget \
---no-install-recommends
-
-RUN pip install --upgrade pip && easy_install -U setuptools==30.0.0
-RUN python3 -m pip install --upgrade pip setuptools==30.0.0
-
-RUN mkdir -p ${REPOS_VNFS_DIR} \
- && mkdir -p ${FUNCTEST_BASE_DIR}/results \
- && mkdir -p ${FUNCTEST_CONF_DIR} \
- && mkdir -p ${FUNCTEST_DATA_DIR} \
- && mkdir -p ${FUNCTEST_IMAGES_DIR} \
- && mkdir -p /root/.ssh \
- && chmod 700 /root/.ssh
-
-RUN git config --global http.sslVerify false
-
-COPY thirdparty-requirements.txt thirdparty-requirements.txt
-RUN wget -q -O- https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt?h=$OPENSTACK_TAG | \
- sed -E s/^tempest==+\(.*\)$/-e\ git+https:\\/\\/github.com\\/openstack\\/tempest@\\1#egg=tempest/ | \
- sed s/^requests===.*$/requests===2.13.0/ \
- > upper-constraints.txt && \
- pip install --src /src -cupper-constraints.txt \
- -chttps://git.opnfv.org/functest/plain/upper-constraints.txt?h=$BRANCH \
- -e git+https://github.com/openstack/requirements@$OPENSTACK_TAG#egg=openstack_requirements && \
- git clone --depth 1 https://github.com/openstack/os-faults.git -b $OS_FAULTS_TAG /src/os-faults && \
- update-requirements -s --source /src/openstack-requirements /src/os-faults/ && \
- git clone --depth 1 https://github.com/openstack/rally.git -b $RALLY_TAG /src/rally && \
- update-requirements -s --source /src/openstack-requirements /src/rally && \
- git clone https://github.com/openstack/refstack-client.git /src/refstack-client && \
- (cd src/refstack-client && git checkout $REFSTACK_TAG) && \
- update-requirements -s --source /src/openstack-requirements /src/refstack-client && \
- pip install --src /src -cupper-constraints.txt \
- -chttps://git.opnfv.org/functest/plain/upper-constraints.txt?h=$BRANCH \
- /src/os-faults /src/rally -e/src/refstack-client && \
- pip install --src /src -cupper-constraints.txt \
- -chttps://git.opnfv.org/functest/plain/upper-constraints.txt?h=$BRANCH \
- git+https://gerrit.opnfv.org/gerrit/functest@$BRANCH#egg=functest \
- -rthirdparty-requirements.txt && \
- python3 -m pip install --src /src \
- -chttps://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt?h=$OPENSTACK_TAG \
- -chttps://git.opnfv.org/functest/plain/upper-constraints.txt?h=$BRANCH \
- doctor-tests && \
- mkdir -p /etc/rally && \
- printf "[database]\nconnection = 'sqlite:////var/lib/rally/database/rally.sqlite'" > /etc/rally/rally.conf && \
- mkdir -p /var/lib/rally/database && rally-manage db create && \
- rm thirdparty-requirements.txt upper-constraints.txt
-
-# OPNFV repositories
-RUN git clone --depth 1 -b $BRANCH https://gerrit.opnfv.org/gerrit/fds /src/fds
-
-# other repositories
-RUN git clone https://git.opendaylight.org/gerrit/p/integration/test.git /src/odl_test && \
- (cd src/odl_test && git checkout $ODL_TAG)
-RUN git clone --depth 1 -b $VIMS_TAG https://github.com/boucherv-orange/clearwater-live-test /src/vims-test
-
-# Install tempest venv and create symlink for running refstack-client
-RUN ln -s /src/tempest /src/refstack-client/.tempest \
- && virtualenv --system-site-packages /src/tempest/.venv --python=python2
-
-RUN cd /src/vims-test && bundle install
-
-RUN sh -c 'curl -sL https://deb.nodesource.com/setup_4.x | sudo -E bash -' \
- && sudo apt-get install -y nodejs \
- && cd /src/promise && sudo npm -g install npm@latest \
- && cd /src/promise/source && npm install
-
-RUN echo ". ${FUNCTEST_DIR}/cli/functest-complete.sh" >> /root/.bashrc
-
-CMD ["functest_restapi"]
diff --git a/docker/Dockerfile.aarch64.patch b/docker/Dockerfile.aarch64.patch
deleted file mode 100644
index 1257206d2..000000000
--- a/docker/Dockerfile.aarch64.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-diff --git a/docker/Dockerfile b/docker/Dockerfile
-index 0e896d6d..2a8f2b66 100644
---- a/docker/Dockerfile
-+++ b/docker/Dockerfile
-@@ -1,5 +1,5 @@
- ########################################
--# Docker container for FUNCTEST
-+# Aarch64 Docker container for FUNCTEST
- ########################################
- # All rights reserved. This program and the accompanying materials
- # are made available under the terms of the Apache License, Version 2.0
-@@ -7,9 +7,9 @@
- # http://www.apache.org/licenses/LICENSE-2.0
- #
-
--FROM ubuntu:14.04
--MAINTAINER Jose Lausuch <jose.lausuch@ericsson.com>
--LABEL version="0.1" description="OPNFV Functest Docker container"
-+FROM aarch64/ubuntu:14.04
-+MAINTAINER Armband team <armband@enea.com>
-+LABEL version="0.1" description="OPNFV Functest Aarch64 Docker container"
-
- # Environment variables
- ARG BRANCH=master
-@@ -43,6 +43,7 @@ gcc \
- git \
- libffi-dev \
- libgmp3-dev \
-+libjpeg-dev \
- libpq-dev \
- libssl-dev \
- libxml2-dev \
-@@ -103,10 +104,26 @@ RUN /bin/bash -c ". /usr/local/lib/python2.7/dist-packages/sfc/tests/functest/se
- RUN ln -s /src/tempest /src/refstack-client/.tempest \
- && virtualenv --system-site-packages /src/tempest/.venv
-
--RUN cd /src/vims-test && bundle install
-+RUN gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
-+RUN curl -L https://get.rvm.io | bash -s stable
-
--RUN sh -c 'curl -sL https://deb.nodesource.com/setup_4.x | sudo -E bash -' \
-- && sudo apt-get install -y nodejs \
-+RUN /bin/bash -c ". /etc/profile.d/rvm.sh \
-+ && cd /src/vims-test \
-+ && rvm autolibs enable"
-+RUN /bin/bash -c ". /etc/profile.d/rvm.sh \
-+ && cd /src/vims-test \
-+ && rvm install 1.9.3"
-+RUN /bin/bash -c ". /etc/profile.d/rvm.sh \
-+ && cd /src/vims-test \
-+ && rvm use 1.9.3"
-+RUN /bin/bash -c ". /etc/profile.d/rvm.sh \
-+ && gem install bundler \
-+ && cd /src/vims-test \
-+ && bundle config build.nokogiri --use-system-libraries \
-+ && bundle install"
-+
-+RUN sh -c 'wget -qO- https://nodejs.org/dist/v4.7.2/node-v4.7.2-linux-arm64.tar.gz | \
-+ tar -xz -C /usr/local --exclude=CHANGELOG.md --exclude=LICENSE --exclude=README.md --strip-components 1 '\
- && cd /src/promise && sudo npm -g install npm@latest \
- && cd /src/promise/source && npm install
-
diff --git a/docker/config_install_env.sh b/docker/config_install_env.sh
deleted file mode 100644
index ed67994f0..000000000
--- a/docker/config_install_env.sh
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/bash
-
-set -e
-
-PIP_PATH=~/.pip
-PIP_CONF=$PIP_PATH/pip.conf
-EASY_INSTALL_CONF=~/.pydistutil.cfg
-
-if [ "x$BASE_PIP_URL" = "x" ];then
- exit 0
-fi
-
-echo "config pip and easy_install"
-HOSTNAME=`echo $BASE_PIP_URL | awk -F '[:/]' '{print $4}'`
-if [ "x$HOSTNAME" = "x" ]; then
- echo "invalid BASE_PIP_URL: $BASE_PIP_URL"
- exit 1
-fi
-
-if [ ! -d $PIP_PATH ];then
- mkdir $PIP_PATH
-fi
-
-echo -e "[global]\ntrusted-host = $HOSTNAME\nindex-url = $BASE_PIP_URL\ntimeout = 6000" > $PIP_CONF
-echo -e "[easy_install]\nindex-url = $BASE_PIP_URL\nfind-links = $BASE_PIP_URL" > $EASY_INSTALL_CONF
-
diff --git a/docker/docker_remote_api/docs/TLS-intro.rst b/docker/docker_remote_api/docs/TLS-intro.rst
deleted file mode 100644
index 44fdd4aed..000000000
--- a/docker/docker_remote_api/docs/TLS-intro.rst
+++ /dev/null
@@ -1,107 +0,0 @@
-Encrypt the docker remote API via TLS for Ubuntu and CentOS
-
-[Introduction]
-The Docker daemon can listen to Docker Remote API requests via three types of
-Socket: unix, tcp and fd. By default, a unix domain socket (or IPC socket) is
-created at /var/run/docker.sock, requiring either root permission, or docker
-group membership.
-
-Port 2375 is conventionally used for un-encrypted communition with Docker daemon
-remotely, where docker server can be accessed by any docker client via tcp socket
-in local area network. You can listen to port 2375 on all network interfaces with
--H tcp://0.0.0.0:2375, where 0.0.0.0 means any available IP address on host, and
-tcp://0.0.0.0:2375 indicates that port 2375 is listened on any IP of daemon host.
-If we want to make docker server open on the Internet via TCP port, and only trusted
-clients have the right to access the docker server in a safe manner, port 2376 for
-encrypted communication with the daemon should be listened. It can be achieved to
-create certificate and distribute it to the trusted clients.
-
-Through creating self-signed certificate, and using --tlsverify command when running
-Docker daemon, Docker daemon opens the TLS authentication. Thus only the clients
-with related private key files can have access to the Docker daemon's server. As
-long as the key files for encryption are secure between docker server and client,
-the Docker daemon can keep secure.
-In summary,
-Firstly we should create docker server certificate and related key files, which
-are distributed to the trusted clients.
-Then the clients with related key files can access docker server.
-
-[Steps]
-1.0. Create a CA, server and client keys with OpenSSL.
- OpenSSL is used to generate certificate, and can be installed as follows.
- apt-get install openssl openssl-devel
-
-1.1 First generate CA private and public keys.
- openssl genrsa -aes256 -out ca-key.pem 4096
- openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem
-
- You are about to be asked to enter information that will be incorporated
- into your certificate request, where the instance of $HOST should be replaced
- with the DNS name of your Docker daemon's host, here the DNS name of my Docker
- daemon is ly.
- Common Name (e.g. server FQDN or YOUR name) []:$HOST
-
-1.2 Now we have a CA (ca-key.pem and ca.pem), you can create a server key and
-certificate signing request.
- openssl genrsa -out server-key.pem 4096
- openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr
-
-1.3 Sign the public key with our CA.
- TLS connections can be made via IP address as well as DNS name, they need to be
- specified when creating the certificate.
-
- echo subjectAltName = IP:172.16.10.121,IP:127.0.0.1 > extfile.cnf
- openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \
- -CAcreateserial -out server-cert.pem -extfile extfile.cnf
-
-1.4 For client authentication, create a client key and certificate signing request.
- openssl genrsa -out key.pem 4096
- openssl req -subj '/CN=client' -new -key key.pem -out client.csr
-
-1.5 To make the key suitable for client authentication, create an extensions config file.
- echo extendedKeyUsage = clientAuth > extfile.cnf
-
-1.6 Sign the public key and after generating cert.pem and server-cert.pem, two certificate
- signing requests can be removed.
- openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem \
- -CAcreateserial -out cert.pem -extfile extfile.cnf
-
-1.7 In order to protect your keys from accidental damage, you may change file modes to
- be only readable.
- chmod -v 0400 ca-key.pem key.pem server-key.pem
- chmod -v 0444 ca.pem server-cert.pem cert.pem
-
-1.8 Build docker server
- dockerd --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem \
- -H=0.0.0.0:2376
- Then, it can be seen from the command 'netstat -ntlp' that port 2376 has been listened
- and the Docker daemon only accept connections from clients providing a certificate
- trusted by our CA.
-
-1.9 Distribute the keys to the client
- scp /etc/docker/ca.pem wwl@172.16.10.121:/etc/docker
- scp /etc/docker/cert.pem wwl@172.16.10.121:/etc/docker
- scp /etc/docker/key.pem wwl@172.16.10.121:/etc/docker
- Where, wwl and 172.16.10.121 is the username and IP of the client respectively.
- And the password of the client is needed when you distribute the keys to the client.
-
-1.10 To access Docker daemon from the client via keys.
- docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem \
- -H=$HOST:2376 version
-
- Then we can operate docker in the Docker daemon from the client vis keys, for example:
- 1) create container from the client
- docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=ly:2376 run -d \
- -it --name w1 grafana/grafana
- 2) list containers from the client
- docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=ly:2376 pa -a
- 3) stop/start containers from the client
- docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=ly:2376 stop w1
- docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=ly:2376 start w1
-
-
-
-
-
-
-
diff --git a/docker/docker_remote_api/enable_remote_api.sh b/docker/docker_remote_api/enable_remote_api.sh
deleted file mode 100644
index 76e59b850..000000000
--- a/docker/docker_remote_api/enable_remote_api.sh
+++ /dev/null
@@ -1,51 +0,0 @@
-#!/bin/bash
-# SPDX-license-identifier: Apache-2.0
-
-# ******************************
-# Script to update the docker host configuration
-# to enable Docker Remote API
-# ******************************
-
-if [ -f /etc/lsb-release ]; then
- #tested on ubuntu 14.04 and 16.04
- if grep -q "#DOCKER_OPTS=" "/etc/default/docker"; then
- cp /etc/default/docker /etc/default/docker.bak
- sed -i 's/^#DOCKER_OPTS.*$/DOCKER_OPTS=\"-H unix:\/\/\/var\/run\/docker.sock -H tcp:\/\/0.0.0.0:2375\"/g' /etc/default/docker
- else
- echo DOCKER_OPTS=\"-H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375\" >> /etc/default/docker
- fi
- service docker restart
- #docker start $(docker ps -aq)
-elif [ -f /etc/system-release ]; then
- #tested on centos 7.2
- if grep -q "ExecStart=\/usr\/bin\/docker-current daemon" "/lib/systemd/system/docker.service"; then
- cp /lib/systemd/system/docker.service /lib/systemd/system/docker.service.bak
- sed -i 's/^ExecStart=.*$/ExecStart=\/usr\/bin\/docker daemon -H tcp:\/\/0.0.0.0:2375 -H unix:\/\/\/var\/run\/docker.sock \\/g' /lib/systemd/system/docker.service
- systemctl daemon-reload
- systemctl restart docker
- else
- echo "to be implemented"
- fi
-else
- echo "OS is not supported"
-fi
-
-# Issue Note for Ubuntu
-# 1. If the configuration of the file /etc/default/docker does not take effect after restarting docker service,
-# you may try to modify /lib/systemd/system/docker.service
-# commands:
-# cp /lib/systemd/system/docker.service /lib/systemd/system/docker.service.bak
-# sed -i '/^ExecStart/i\EnvironmentFile=-/etc/default/docker' /lib/systemd/system/docker.service
-# sed -i '/ExecStart=\/usr\/bin\/dockerd/{;s/$/ \$DOCKER_OPTS/}' /lib/systemd/system/docker.service
-# systemctl daemon-reload
-# service docker restart
-# 2. Systemd is a system and session manager for Linux, where systemctl is one tool for systemd to view and control systemd.
-# If the file /lib/systemd/system/docker.service is modified, systemd has to be reloaded to scan new or changed units.
-# 1) systemd and related packages are available on the PPA. To use the PPA, first add it to your software sources list as follows.
-# add-apt-repository ppa:pitti/systemd
-# apt-get update
-# 2) system can be installed from the PPS as follows.
-# apt-get install systemd libpam-systemd systemd-ui
-
-
-
diff --git a/docker/thirdparty-requirements.txt b/docker/thirdparty-requirements.txt
deleted file mode 100644
index a63545777..000000000
--- a/docker/thirdparty-requirements.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-baro_tests
-sdnvpn
-sfc
-promise
-doctor-tests;python_version>='3.0'
-tosca-parser>=0.7.0 # Apache-2.0
-heat-translator>=0.4.0 # Apache-2.0
-refstack-client
-domino
diff --git a/tox.ini b/tox.ini
index 4c2303e7f..62eaf0045 100644
--- a/tox.ini
+++ b/tox.ini
@@ -1,5 +1,5 @@
[tox]
-envlist = docs,pep8,pylint,py35,py27,perm,aarch64
+envlist = docs,pep8,pylint,py35,py27,perm
[testenv]
usedevelop = True
@@ -60,15 +60,6 @@ commands =
bash -c "\
find {[testenv:perm]path} -exec file \{\} + | grep CRLF && exit 1 || exit 0"
-[testenv:aarch64]
-basepython = python2.7
-whitelist_externals =
- bash
- git
-commands =
- bash -c "patch -f -p1 < docker/Dockerfile.aarch64.patch"
- git checkout docker/Dockerfile
-
[testenv:patcharm64]
basepython = python2.7
whitelist_externals =