diff options
-rw-r--r-- | docker/Dockerfile | 132 | ||||
-rw-r--r-- | docker/Dockerfile.aarch64.patch | 62 | ||||
-rw-r--r-- | docker/config_install_env.sh | 26 | ||||
-rw-r--r-- | docker/docker_remote_api/docs/TLS-intro.rst | 107 | ||||
-rw-r--r-- | docker/docker_remote_api/enable_remote_api.sh | 51 | ||||
-rw-r--r-- | docker/thirdparty-requirements.txt | 9 | ||||
-rw-r--r-- | tox.ini | 11 |
7 files changed, 1 insertions, 397 deletions
diff --git a/docker/Dockerfile b/docker/Dockerfile deleted file mode 100644 index 8d43c371a..000000000 --- a/docker/Dockerfile +++ /dev/null @@ -1,132 +0,0 @@ -######################################## -# Docker container for FUNCTEST -######################################## -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -# - -FROM ubuntu:14.04 -MAINTAINER Jose Lausuch <jose.lausuch@ericsson.com> -LABEL version="0.1" description="OPNFV Functest Docker container" - -# Environment variables -ARG BRANCH=master -ARG RALLY_TAG=stable/0.10 -ARG OS_FAULTS_TAG=0.1.16 -ARG ODL_TAG=e12ba90cd27577c4c6c70ee54f7d599b5f6777ba -ARG OPENSTACK_TAG=stable/ocata -ARG VIMS_TAG=stable -ARG REFSTACK_TAG=4e187b07672dd1c41cb7c94658f1c91edebf53a2 -ARG REPOS_DIR=/home/opnfv/repos -ARG FUNCTEST_BASE_DIR=/home/opnfv/functest -ARG FUNCTEST_CONF_DIR=${FUNCTEST_BASE_DIR}/conf -ARG FUNCTEST_DATA_DIR=${FUNCTEST_BASE_DIR}/data -ARG FUNCTEST_IMAGES_DIR=${FUNCTEST_BASE_DIR}/images -ARG FUNCTEST_RESULTS_DIR=${FUNCTEST_BASE_DIR}/results -ARG FUNCTEST_DIR=/usr/local/lib/python2.7/dist-packages/functest/ -ARG REPOS_VNFS_DIR=${REPOS_DIR}/vnfs - -# Environment variables -ENV CONFIG_FUNCTEST_YAML ${FUNCTEST_DIR}/ci/config_functest.yaml -ENV REPOS_DIR ${REPOS_DIR} -ENV creds ${FUNCTEST_CONF_DIR}/openstack.creds - -# Packaged dependencies -RUN apt-get update && apt-get install -y \ -build-essential \ -bundler \ -crudini \ -curl \ -dnsmasq \ -gcc \ -git \ -libffi-dev \ -libgmp3-dev \ -libpq-dev \ -libssl-dev \ -libxml2-dev \ -libxslt-dev \ -libzmq3-dev \ -python-dev \ -python-mock \ -python-pip \ -python3 \ -python3-dev \ -python3-pip \ -postgresql \ -ruby \ -ruby-dev \ -ruby-bundler \ -ssh \ -sshpass \ -wget \ ---no-install-recommends - -RUN pip install --upgrade pip && easy_install -U setuptools==30.0.0 -RUN python3 -m pip install --upgrade pip setuptools==30.0.0 - -RUN mkdir -p ${REPOS_VNFS_DIR} \ - && mkdir -p ${FUNCTEST_BASE_DIR}/results \ - && mkdir -p ${FUNCTEST_CONF_DIR} \ - && mkdir -p ${FUNCTEST_DATA_DIR} \ - && mkdir -p ${FUNCTEST_IMAGES_DIR} \ - && mkdir -p /root/.ssh \ - && chmod 700 /root/.ssh - -RUN git config --global http.sslVerify false - -COPY thirdparty-requirements.txt thirdparty-requirements.txt -RUN wget -q -O- https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt?h=$OPENSTACK_TAG | \ - sed -E s/^tempest==+\(.*\)$/-e\ git+https:\\/\\/github.com\\/openstack\\/tempest@\\1#egg=tempest/ | \ - sed s/^requests===.*$/requests===2.13.0/ \ - > upper-constraints.txt && \ - pip install --src /src -cupper-constraints.txt \ - -chttps://git.opnfv.org/functest/plain/upper-constraints.txt?h=$BRANCH \ - -e git+https://github.com/openstack/requirements@$OPENSTACK_TAG#egg=openstack_requirements && \ - git clone --depth 1 https://github.com/openstack/os-faults.git -b $OS_FAULTS_TAG /src/os-faults && \ - update-requirements -s --source /src/openstack-requirements /src/os-faults/ && \ - git clone --depth 1 https://github.com/openstack/rally.git -b $RALLY_TAG /src/rally && \ - update-requirements -s --source /src/openstack-requirements /src/rally && \ - git clone https://github.com/openstack/refstack-client.git /src/refstack-client && \ - (cd src/refstack-client && git checkout $REFSTACK_TAG) && \ - update-requirements -s --source /src/openstack-requirements /src/refstack-client && \ - pip install --src /src -cupper-constraints.txt \ - -chttps://git.opnfv.org/functest/plain/upper-constraints.txt?h=$BRANCH \ - /src/os-faults /src/rally -e/src/refstack-client && \ - pip install --src /src -cupper-constraints.txt \ - -chttps://git.opnfv.org/functest/plain/upper-constraints.txt?h=$BRANCH \ - git+https://gerrit.opnfv.org/gerrit/functest@$BRANCH#egg=functest \ - -rthirdparty-requirements.txt && \ - python3 -m pip install --src /src \ - -chttps://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt?h=$OPENSTACK_TAG \ - -chttps://git.opnfv.org/functest/plain/upper-constraints.txt?h=$BRANCH \ - doctor-tests && \ - mkdir -p /etc/rally && \ - printf "[database]\nconnection = 'sqlite:////var/lib/rally/database/rally.sqlite'" > /etc/rally/rally.conf && \ - mkdir -p /var/lib/rally/database && rally-manage db create && \ - rm thirdparty-requirements.txt upper-constraints.txt - -# OPNFV repositories -RUN git clone --depth 1 -b $BRANCH https://gerrit.opnfv.org/gerrit/fds /src/fds - -# other repositories -RUN git clone https://git.opendaylight.org/gerrit/p/integration/test.git /src/odl_test && \ - (cd src/odl_test && git checkout $ODL_TAG) -RUN git clone --depth 1 -b $VIMS_TAG https://github.com/boucherv-orange/clearwater-live-test /src/vims-test - -# Install tempest venv and create symlink for running refstack-client -RUN ln -s /src/tempest /src/refstack-client/.tempest \ - && virtualenv --system-site-packages /src/tempest/.venv --python=python2 - -RUN cd /src/vims-test && bundle install - -RUN sh -c 'curl -sL https://deb.nodesource.com/setup_4.x | sudo -E bash -' \ - && sudo apt-get install -y nodejs \ - && cd /src/promise && sudo npm -g install npm@latest \ - && cd /src/promise/source && npm install - -RUN echo ". ${FUNCTEST_DIR}/cli/functest-complete.sh" >> /root/.bashrc - -CMD ["functest_restapi"] diff --git a/docker/Dockerfile.aarch64.patch b/docker/Dockerfile.aarch64.patch deleted file mode 100644 index 1257206d2..000000000 --- a/docker/Dockerfile.aarch64.patch +++ /dev/null @@ -1,62 +0,0 @@ -diff --git a/docker/Dockerfile b/docker/Dockerfile -index 0e896d6d..2a8f2b66 100644 ---- a/docker/Dockerfile -+++ b/docker/Dockerfile -@@ -1,5 +1,5 @@ - ######################################## --# Docker container for FUNCTEST -+# Aarch64 Docker container for FUNCTEST - ######################################## - # All rights reserved. This program and the accompanying materials - # are made available under the terms of the Apache License, Version 2.0 -@@ -7,9 +7,9 @@ - # http://www.apache.org/licenses/LICENSE-2.0 - # - --FROM ubuntu:14.04 --MAINTAINER Jose Lausuch <jose.lausuch@ericsson.com> --LABEL version="0.1" description="OPNFV Functest Docker container" -+FROM aarch64/ubuntu:14.04 -+MAINTAINER Armband team <armband@enea.com> -+LABEL version="0.1" description="OPNFV Functest Aarch64 Docker container" - - # Environment variables - ARG BRANCH=master -@@ -43,6 +43,7 @@ gcc \ - git \ - libffi-dev \ - libgmp3-dev \ -+libjpeg-dev \ - libpq-dev \ - libssl-dev \ - libxml2-dev \ -@@ -103,10 +104,26 @@ RUN /bin/bash -c ". /usr/local/lib/python2.7/dist-packages/sfc/tests/functest/se - RUN ln -s /src/tempest /src/refstack-client/.tempest \ - && virtualenv --system-site-packages /src/tempest/.venv - --RUN cd /src/vims-test && bundle install -+RUN gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 -+RUN curl -L https://get.rvm.io | bash -s stable - --RUN sh -c 'curl -sL https://deb.nodesource.com/setup_4.x | sudo -E bash -' \ -- && sudo apt-get install -y nodejs \ -+RUN /bin/bash -c ". /etc/profile.d/rvm.sh \ -+ && cd /src/vims-test \ -+ && rvm autolibs enable" -+RUN /bin/bash -c ". /etc/profile.d/rvm.sh \ -+ && cd /src/vims-test \ -+ && rvm install 1.9.3" -+RUN /bin/bash -c ". /etc/profile.d/rvm.sh \ -+ && cd /src/vims-test \ -+ && rvm use 1.9.3" -+RUN /bin/bash -c ". /etc/profile.d/rvm.sh \ -+ && gem install bundler \ -+ && cd /src/vims-test \ -+ && bundle config build.nokogiri --use-system-libraries \ -+ && bundle install" -+ -+RUN sh -c 'wget -qO- https://nodejs.org/dist/v4.7.2/node-v4.7.2-linux-arm64.tar.gz | \ -+ tar -xz -C /usr/local --exclude=CHANGELOG.md --exclude=LICENSE --exclude=README.md --strip-components 1 '\ - && cd /src/promise && sudo npm -g install npm@latest \ - && cd /src/promise/source && npm install - diff --git a/docker/config_install_env.sh b/docker/config_install_env.sh deleted file mode 100644 index ed67994f0..000000000 --- a/docker/config_install_env.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash - -set -e - -PIP_PATH=~/.pip -PIP_CONF=$PIP_PATH/pip.conf -EASY_INSTALL_CONF=~/.pydistutil.cfg - -if [ "x$BASE_PIP_URL" = "x" ];then - exit 0 -fi - -echo "config pip and easy_install" -HOSTNAME=`echo $BASE_PIP_URL | awk -F '[:/]' '{print $4}'` -if [ "x$HOSTNAME" = "x" ]; then - echo "invalid BASE_PIP_URL: $BASE_PIP_URL" - exit 1 -fi - -if [ ! -d $PIP_PATH ];then - mkdir $PIP_PATH -fi - -echo -e "[global]\ntrusted-host = $HOSTNAME\nindex-url = $BASE_PIP_URL\ntimeout = 6000" > $PIP_CONF -echo -e "[easy_install]\nindex-url = $BASE_PIP_URL\nfind-links = $BASE_PIP_URL" > $EASY_INSTALL_CONF - diff --git a/docker/docker_remote_api/docs/TLS-intro.rst b/docker/docker_remote_api/docs/TLS-intro.rst deleted file mode 100644 index 44fdd4aed..000000000 --- a/docker/docker_remote_api/docs/TLS-intro.rst +++ /dev/null @@ -1,107 +0,0 @@ -Encrypt the docker remote API via TLS for Ubuntu and CentOS - -[Introduction] -The Docker daemon can listen to Docker Remote API requests via three types of -Socket: unix, tcp and fd. By default, a unix domain socket (or IPC socket) is -created at /var/run/docker.sock, requiring either root permission, or docker -group membership. - -Port 2375 is conventionally used for un-encrypted communition with Docker daemon -remotely, where docker server can be accessed by any docker client via tcp socket -in local area network. You can listen to port 2375 on all network interfaces with --H tcp://0.0.0.0:2375, where 0.0.0.0 means any available IP address on host, and -tcp://0.0.0.0:2375 indicates that port 2375 is listened on any IP of daemon host. -If we want to make docker server open on the Internet via TCP port, and only trusted -clients have the right to access the docker server in a safe manner, port 2376 for -encrypted communication with the daemon should be listened. It can be achieved to -create certificate and distribute it to the trusted clients. - -Through creating self-signed certificate, and using --tlsverify command when running -Docker daemon, Docker daemon opens the TLS authentication. Thus only the clients -with related private key files can have access to the Docker daemon's server. As -long as the key files for encryption are secure between docker server and client, -the Docker daemon can keep secure. -In summary, -Firstly we should create docker server certificate and related key files, which -are distributed to the trusted clients. -Then the clients with related key files can access docker server. - -[Steps] -1.0. Create a CA, server and client keys with OpenSSL. - OpenSSL is used to generate certificate, and can be installed as follows. - apt-get install openssl openssl-devel - -1.1 First generate CA private and public keys. - openssl genrsa -aes256 -out ca-key.pem 4096 - openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem - - You are about to be asked to enter information that will be incorporated - into your certificate request, where the instance of $HOST should be replaced - with the DNS name of your Docker daemon's host, here the DNS name of my Docker - daemon is ly. - Common Name (e.g. server FQDN or YOUR name) []:$HOST - -1.2 Now we have a CA (ca-key.pem and ca.pem), you can create a server key and -certificate signing request. - openssl genrsa -out server-key.pem 4096 - openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr - -1.3 Sign the public key with our CA. - TLS connections can be made via IP address as well as DNS name, they need to be - specified when creating the certificate. - - echo subjectAltName = IP:172.16.10.121,IP:127.0.0.1 > extfile.cnf - openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \ - -CAcreateserial -out server-cert.pem -extfile extfile.cnf - -1.4 For client authentication, create a client key and certificate signing request. - openssl genrsa -out key.pem 4096 - openssl req -subj '/CN=client' -new -key key.pem -out client.csr - -1.5 To make the key suitable for client authentication, create an extensions config file. - echo extendedKeyUsage = clientAuth > extfile.cnf - -1.6 Sign the public key and after generating cert.pem and server-cert.pem, two certificate - signing requests can be removed. - openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem \ - -CAcreateserial -out cert.pem -extfile extfile.cnf - -1.7 In order to protect your keys from accidental damage, you may change file modes to - be only readable. - chmod -v 0400 ca-key.pem key.pem server-key.pem - chmod -v 0444 ca.pem server-cert.pem cert.pem - -1.8 Build docker server - dockerd --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem \ - -H=0.0.0.0:2376 - Then, it can be seen from the command 'netstat -ntlp' that port 2376 has been listened - and the Docker daemon only accept connections from clients providing a certificate - trusted by our CA. - -1.9 Distribute the keys to the client - scp /etc/docker/ca.pem wwl@172.16.10.121:/etc/docker - scp /etc/docker/cert.pem wwl@172.16.10.121:/etc/docker - scp /etc/docker/key.pem wwl@172.16.10.121:/etc/docker - Where, wwl and 172.16.10.121 is the username and IP of the client respectively. - And the password of the client is needed when you distribute the keys to the client. - -1.10 To access Docker daemon from the client via keys. - docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem \ - -H=$HOST:2376 version - - Then we can operate docker in the Docker daemon from the client vis keys, for example: - 1) create container from the client - docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=ly:2376 run -d \ - -it --name w1 grafana/grafana - 2) list containers from the client - docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=ly:2376 pa -a - 3) stop/start containers from the client - docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=ly:2376 stop w1 - docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=ly:2376 start w1 - - - - - - - diff --git a/docker/docker_remote_api/enable_remote_api.sh b/docker/docker_remote_api/enable_remote_api.sh deleted file mode 100644 index 76e59b850..000000000 --- a/docker/docker_remote_api/enable_remote_api.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash -# SPDX-license-identifier: Apache-2.0 - -# ****************************** -# Script to update the docker host configuration -# to enable Docker Remote API -# ****************************** - -if [ -f /etc/lsb-release ]; then - #tested on ubuntu 14.04 and 16.04 - if grep -q "#DOCKER_OPTS=" "/etc/default/docker"; then - cp /etc/default/docker /etc/default/docker.bak - sed -i 's/^#DOCKER_OPTS.*$/DOCKER_OPTS=\"-H unix:\/\/\/var\/run\/docker.sock -H tcp:\/\/0.0.0.0:2375\"/g' /etc/default/docker - else - echo DOCKER_OPTS=\"-H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375\" >> /etc/default/docker - fi - service docker restart - #docker start $(docker ps -aq) -elif [ -f /etc/system-release ]; then - #tested on centos 7.2 - if grep -q "ExecStart=\/usr\/bin\/docker-current daemon" "/lib/systemd/system/docker.service"; then - cp /lib/systemd/system/docker.service /lib/systemd/system/docker.service.bak - sed -i 's/^ExecStart=.*$/ExecStart=\/usr\/bin\/docker daemon -H tcp:\/\/0.0.0.0:2375 -H unix:\/\/\/var\/run\/docker.sock \\/g' /lib/systemd/system/docker.service - systemctl daemon-reload - systemctl restart docker - else - echo "to be implemented" - fi -else - echo "OS is not supported" -fi - -# Issue Note for Ubuntu -# 1. If the configuration of the file /etc/default/docker does not take effect after restarting docker service, -# you may try to modify /lib/systemd/system/docker.service -# commands: -# cp /lib/systemd/system/docker.service /lib/systemd/system/docker.service.bak -# sed -i '/^ExecStart/i\EnvironmentFile=-/etc/default/docker' /lib/systemd/system/docker.service -# sed -i '/ExecStart=\/usr\/bin\/dockerd/{;s/$/ \$DOCKER_OPTS/}' /lib/systemd/system/docker.service -# systemctl daemon-reload -# service docker restart -# 2. Systemd is a system and session manager for Linux, where systemctl is one tool for systemd to view and control systemd. -# If the file /lib/systemd/system/docker.service is modified, systemd has to be reloaded to scan new or changed units. -# 1) systemd and related packages are available on the PPA. To use the PPA, first add it to your software sources list as follows. -# add-apt-repository ppa:pitti/systemd -# apt-get update -# 2) system can be installed from the PPS as follows. -# apt-get install systemd libpam-systemd systemd-ui - - - diff --git a/docker/thirdparty-requirements.txt b/docker/thirdparty-requirements.txt deleted file mode 100644 index a63545777..000000000 --- a/docker/thirdparty-requirements.txt +++ /dev/null @@ -1,9 +0,0 @@ -baro_tests -sdnvpn -sfc -promise -doctor-tests;python_version>='3.0' -tosca-parser>=0.7.0 # Apache-2.0 -heat-translator>=0.4.0 # Apache-2.0 -refstack-client -domino @@ -1,5 +1,5 @@ [tox] -envlist = docs,pep8,pylint,py35,py27,perm,aarch64 +envlist = docs,pep8,pylint,py35,py27,perm [testenv] usedevelop = True @@ -60,15 +60,6 @@ commands = bash -c "\ find {[testenv:perm]path} -exec file \{\} + | grep CRLF && exit 1 || exit 0" -[testenv:aarch64] -basepython = python2.7 -whitelist_externals = - bash - git -commands = - bash -c "patch -f -p1 < docker/Dockerfile.aarch64.patch" - git checkout docker/Dockerfile - [testenv:patcharm64] basepython = python2.7 whitelist_externals = |