summaryrefslogtreecommitdiffstats
path: root/docs/submodules/clover
AgeCommit message (Collapse)AuthorFilesLines
2018-04-17Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'stable/fraser' - Merge "Remove unused argument" into stable/fraser - Remove unused argument `BRANCH` is no longer required since we copy source code from working directory instead of remote git repository. Change-Id: I44776538a9efbca72e8d165e7790603cdafbe395 Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
2018-04-17Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'stable/fraser' - Merge "Added dependent python packages to Clover container" into stable/fraser - Added dependent python packages to Clover container - Added pip grpcio and argparse packages to docker build - Allows service (nginx/snort) client sample scripts to be executed using the Clover container without having to clone the repo Change-Id: Ifeda6d58a9a381cb80372255f41ad703a089ea4b Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-04-17Update git submodulesEddie Arrage1-0/+0
* Update docs/submodules/clover from branch 'stable/fraser' - Extended snort rule add to allow content field - Exposed the 'content' field in the GRPC server AddRules method - Allows the 'MALWARE-CNC User-Agent ASafaWeb Scan' signature in the community rules to be copied to local rules - Above ensures more deterministic alerts by snort each time the signature is hit - Added here to support the SDC configuration guide, which details how to add this scan rule via GRPC client script Change-Id: I6945c1e500075444134543bb9eb6003a03f1d5cc Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-04-15Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'stable/fraser' - Merge "Add SDC deploy/clean scripts" into stable/fraser - Add SDC deploy/clean scripts - Added deploy/clean scripts for use in Clover container - Deployment of entire SDC scenario - Deployment includes istio install for manual sidecar injection without TLS authentication (deploy.sh) - Added Jaeger tracing and Prometheus monitoring install (view.sh) - Exposes NodePort for monitoring/tracing to access UIs outside of cluster - Clean.sh attempts to remove all of the above Change-Id: Id9548a77d71465a814a6e0cb1cbdf02d37235590 Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-04-15Update git submodulesYujun Zhang1-0/+0
* Update docs/submodules/clover from branch 'stable/fraser' - Add support for install istio of specified version Change-Id: Ibfe0002daff58d30e7fffbb8828d8853a7e963a6 Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn> (cherry picked from commit f119c6b855e4b6709b5cbf44b46d6046841108ea)
2018-04-13Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'stable/fraser' - Merge "Create index to be included in opnfvdocs site" into stable/fraser - Create index to be included in opnfvdocs site Change-Id: Icbfe547697a8d879f4af8d9f9fbde2211b63129c Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn> (cherry picked from commit 406b5d7a74569510aa687882af98024d0e74bc7a)
2018-04-13Update git submodulesYujun Zhang1-0/+0
* Update docs/submodules/clover from branch 'stable/fraser' - Update from requirements Pipfile.lock ensures a consistent environment Change-Id: Id2e544c77a67ce8fa010fba9c357735496f62a26 Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn> (cherry picked from commit 446feb887795ac6250c630f8e1e751f2ca7df596)
2018-04-11Update git submodulesCédric Ollivier1-0/+0
* Update docs/submodules/clover from branch 'stable/fraser' - Updated from global requirements Change-Id: I9539985b01d425e3e0350291a715a44e128c6075 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com> - Add clover initial docker image build script - install dependent deb/pip packages - install basic tools istioctl, kubectl - install clover source code - build/upload docker image script - update requirements.txt - update module import path - To use this image use need setup kube-config file. e.g. `docker run -v /root/config:/root/.kube/config -it clover bash` Change-Id: I91044bb99ce8e2b785ef03212d961a97b3d42233 Signed-off-by: QiLiang <liangqi1@huawei.com> (cherry picked from commit c68b7b8380ea8d2ac4da6b4739c6b8e157bb952b) - Merge "Aligned snort-ids default config for SDC scenario" into stable/fraser - Merge "Added toplevel manifests for SDC sample scenario" into stable/fraser - Merge "Fix Nginx lb in k8s/istio" into stable/fraser - Add existing public redis pod/service - Use a community yaml for redis in k8s as simple data store - Redis can be used for tracing and also by the snort-ids to store alerts that can be processed by other services - If flannel is used, the redis CLI can be accessed on the host OS with redis-cli -h <flannel ip> - Within the k8s cluster, the redis service can be accessed with DNS using name 'redis' - The same yaml for redis is also included in toplevel manifest for SDC scenario. Included here if intention is to use separately (tracing only) Change-Id: Ibad283a4cc8938fe01f5de6b7743bdb5511be3af Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com> (cherry picked from commit 66cc1be27b7fbb27c01a726663e42608eb411672) - Fix Nginx lb in k8s/istio - Provide workaround to make nginx lb work properly - nginx_client sample can modify default load balancing from three to two servers at runtime - Ensure port 9180 is used for default deploy for lb and servers - Modify render_yaml to specify deploy_name so that clover-server1, 2, 3 can be used for default lb config - Ensure proxy template is aligned to lb to allow the source IP from originating host to be propagated to final destination - Fix default nginx proxy server_name to 'proxy-access-control' and change default proxy destination to 'http-lb' - Split lb service_type to 'lbv1' and 'lbv2' to provide an example of how to modify the run-time configuration of the load balancer after deployment - modify http-lb-v2 to use clover-server4/5 instead of the defualt clover-server1/2/3 - modify http-lb-v1 to use clover-server1/2 instead of 1/2/3 - Aligned pod IP retrival method with nginx_client.py Change-Id: I73fa60a69c93ae1e82a477ef6283c00f67a21360 Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com> (cherry picked from commit 5e213108dfade163a85cff9b9156de9bd2c18887) - Aligned snort-ids default config for SDC scenario - Modified snort-ids alert process to use k8s DNS name 'proxy-access-control' to align with SDC scenario naming - Added default port 50054 to the manifest yaml template and rendering script for communication with proxy-access-control Change-Id: Ib04ee75e5d8ea9921b16b3b4469bed87b1cd2018 Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com> (cherry picked from commit 30d36864d491d41fcb4700b5363b68086e239e5a) - Added toplevel manifests for SDC sample scenario - Added missing k8s manifest yaml files for overall service delivery controller scenario - cannot be deployed coherently without this manifest - One file for private docker registry and one for opnfv public registry - Outlined in JIRA ticket CLOVER-16 and validated per description - Includes ingress rule, community redis pod/service and deployments for http-lb (v1/v2), snort-ids, proxy-access-controller, and clover-server1-5 - All above pod/deployment naming matches default container configuration - Tested with istio manual injection Change-Id: Ia03782b38020d744ab00c99adbf4832d15bbd9f3 Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com> (cherry picked from commit 7381d8f19074c2d1bff6982d096d2c23c599172b)
2018-04-05Update git submodulesEddie Arrage1-0/+0
* Update docs/submodules/clover from branch 'master' - Add existing public redis pod/service - Use a community yaml for redis in k8s as simple data store - Redis can be used for tracing and also by the snort-ids to store alerts that can be processed by other services - If flannel is used, the redis CLI can be accessed on the host OS with redis-cli -h <flannel ip> - Within the k8s cluster, the redis service can be accessed with DNS using name 'redis' - The same yaml for redis is also included in toplevel manifest for SDC scenario. Included here if intention is to use separately (tracing only) Change-Id: Ibad283a4cc8938fe01f5de6b7743bdb5511be3af Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-04-05Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Fix Nginx lb in k8s/istio" - Fix Nginx lb in k8s/istio - Provide workaround to make nginx lb work properly - nginx_client sample can modify default load balancing from three to two servers at runtime - Ensure port 9180 is used for default deploy for lb and servers - Modify render_yaml to specify deploy_name so that clover-server1, 2, 3 can be used for default lb config - Ensure proxy template is aligned to lb to allow the source IP from originating host to be propagated to final destination - Fix default nginx proxy server_name to 'proxy-access-control' and change default proxy destination to 'http-lb' - Split lb service_type to 'lbv1' and 'lbv2' to provide an example of how to modify the run-time configuration of the load balancer after deployment - modify http-lb-v2 to use clover-server4/5 instead of the defualt clover-server1/2/3 - modify http-lb-v1 to use clover-server1/2 instead of 1/2/3 - Aligned pod IP retrival method with nginx_client.py Change-Id: I73fa60a69c93ae1e82a477ef6283c00f67a21360 Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-04-05Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Added toplevel manifests for SDC sample scenario" - Added toplevel manifests for SDC sample scenario - Added missing k8s manifest yaml files for overall service delivery controller scenario - cannot be deployed coherently without this manifest - One file for private docker registry and one for opnfv public registry - Outlined in JIRA ticket CLOVER-16 and validated per description - Includes ingress rule, community redis pod/service and deployments for http-lb (v1/v2), snort-ids, proxy-access-controller, and clover-server1-5 - All above pod/deployment naming matches default container configuration - Tested with istio manual injection Change-Id: Ia03782b38020d744ab00c99adbf4832d15bbd9f3 Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-04-05Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Aligned snort-ids default config for SDC scenario" - Aligned snort-ids default config for SDC scenario - Modified snort-ids alert process to use k8s DNS name 'proxy-access-control' to align with SDC scenario naming - Added default port 50054 to the manifest yaml template and rendering script for communication with proxy-access-control Change-Id: Ib04ee75e5d8ea9921b16b3b4469bed87b1cd2018 Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-04-05Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Move design document to dedicated folder" - Move design document to dedicated folder Change-Id: I20c85b7116cd2b29d0efcaae5ee0b0381a685bbb Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
2018-04-04Update git submodulesQiLiang1-0/+0
* Update docs/submodules/clover from branch 'master' - Add clover initial docker image build script - install dependent deb/pip packages - install basic tools istioctl, kubectl - install clover source code - build/upload docker image script - update requirements.txt - update module import path - To use this image use need setup kube-config file. e.g. `docker run -v /root/config:/root/.kube/config -it clover bash` Change-Id: I91044bb99ce8e2b785ef03212d961a97b3d42233 Signed-off-by: QiLiang <liangqi1@huawei.com>
2018-03-31Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Clover initial commit for servicemesh/route_rules, orchestration/kube_client, and tools/clover_validate_rr" - Clover initial commit for servicemesh/route_rules, orchestration/kube_client, and tools/clover_validate_rr Add an 'orchestration' directory. Please note that 'orchestration' does NOT mean Clover does any orchestration --- similar to how Clover doesn't by itself implement tracing or logging, orchestration is a directory for code related to Docker orchestration client --- such as k8s client kube_client utilizes the Kubernetes python client (a dependency) to perform tasks against Kubernetes API server. For this commit, it is only tested for weighted route rule verification, it does three tasks: (1) get a list of pods under a namespace --- pod dictionary now only contains pod name and label dictionary: used to match pod name with the node name in traces from OpenTracing (2) check to see if a particular pod is up in a particular namespace: used to check if Istio pods are running in istio-system namespace (3) check if a container exists in a list of pods under a namespace: used to check if application pods have istio-proxy container running route_rule directly invokes istioctl as there isn't any Istio Python client yet. Currently it reads and parses routerules from Istio, and validates if a particular trace result matches the routerules Finally, a sample tool clover_validate_rr is provided. This tool assumes a previous test has been ran (with an id with both the route-rule-under-test and corresponding traces are stored --- currently the assumption is tests were ran with redis-master running on system). The tool can be invoked: python clover_validate_rr.py -t <test-id> -s <service name> where test-id is the ID of the test (most likely uuid) and service name is the name of the service running in the Kubernetes cluster upon which test traces should be fetched against Change-Id: Ic8ab6efc23c71ac4643bee796ef986a86f6fc7dd Signed-off-by: Stephen Wong <stephen.kf.wong@gmail.com>
2018-03-31Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Added initial nginx services" - Added initial nginx services - Proxy allows ingress traffic to be sent to another element in service mesh - Mirroring is also in the default configuration - Default configuration is to proxy to a clover-server and mirror to snort-ids - A location_path (URI in HTTP requests) can be reconfigured to restrict proxing; default to '/' - A proxy_path can be reconfigured to specify an alternate destination - A mirror path can be reconfigured to specify where traffic will be spanned - The default server_port (listen port) for the proxy is 9180 but can be reconfigured - The default server_name is http-proxy but can be reconfigured - Reconfiguration is done over GRPC with jinja2 template for nginx - Currently snort ids sends alerts to proxy with stub code in GRPC - Refactored the code to have a nginx base with subservices - Proxy, Load Balancer (lb), and Server can share code - mainly GRPC server - Nginx subservices have separate docker builds - Improved build scripts for CI - Render yaml manifests dynamically - Improve nginx_client for runtime modifications (but not really useful yet) Change-Id: Icbff6890021bcc8a8da4690c9261205d6e1ca43a Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-03-31Update git submodulesEddie Arrage1-0/+0
* Update docs/submodules/clover from branch 'master' - Develop snort IDS and content inspect service - Initial commit to show potential structure of a sample service - This wil be part of a larger sample application currently dubbed Service Delivery Controller - Docker container needs to be built and employs open-source Linux packages - Service is deployable in Istio service mesh using provided yaml - Control snort daemon and add custom rules with GRPC messaging - Process snort alerts actively and send to redis and upstream service mesh components - Integrates a web server for better HTTP signature detection - Improved build script for CI with variables - Render k8s yaml snort manifest dynamically with command line options - Improve snort_client sample script for runtime modifications including passing args on CLI, error checking - Update nginx proxy interface - Added logging to snort server and alert process Change-Id: Ic56f9fcd9ed21f64b84b85ac8ee280d69af7b7c9 Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-03-30Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Add Functest test hook 2" - Add Functest test hook 2 - Temporary run functest testcase after all clover env setup. - TODO: Use jenkins to trigger functest job. Change-Id: I5f620496d747c4d742c7bbf8bb825616f8c69499 Signed-off-by: QiLiang <liangqi1@huawei.com>
2018-03-30Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Initial commit for logging installation and validataion" - Initial commit for logging installation and validataion - install fluentd with elastic stack - validate the installation JIRA: CLOVER-5 Change-Id: I181a7277bc332ceac549d384cf2c3817a182b06e Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
2018-03-30Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Initial commit for tracing" - Initial commit for tracing - Uses REST interface to obtain traces for services from Jaeger - Discover services availabe in tracing - Works only with Jaeger at the moment (not zipkin) - Optional Redis interface added to store traces per test - Install doc and validation script added for Jaeger - Renamed doc to docs Change-Id: I420137c818df290ecd40aa8d318c6961c511a947 Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-03-30Update git submodulesQiLiang1-0/+0
* Update docs/submodules/clover from branch 'master' - Initial commit for monitoring by prometheus - install prometheus - validate the installation - add prometheus query function - TODO: test collecting telemetry data from istio JIRA: CLOVER-7 Change-Id: I983be2db78c8c5c20c0acee9ae81e891884e07fb Signed-off-by: QiLiang <liangqi1@huawei.com>
2018-03-29Update git submodulesQiLiang1-0/+0
* Update docs/submodules/clover from branch 'master' - CI add timeout for k8s+istio deployment Issue link: https://build.opnfv.org/ci/view/clover/job/clover-daily-deploy-master/13/ Clover daily job often failed, which is caused by bad network at utc 12:OO. (Heavy ci job running in huawei lab at that time.) Find another time slot for clover daily job. https://gerrit.opnfv.org/gerrit/#/c/54589/ Change-Id: I0a9eb3ba0c63a3c440627a7af5afb302dbdaebb5 Signed-off-by: QiLiang <liangqi1@huawei.com>
2018-03-28Update git submodulesQiLiang1-0/+0
* Update docs/submodules/clover from branch 'master' - Add Functest test hook Change-Id: Idbe25c162fb19c59ad4e57fd32a749d1d5a29f63 Signed-off-by: QiLiang <liangqi1@huawei.com>
2018-03-26Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - clover fraser: preliminary documents checkin * add preliminary Clover Fraser release notes * add preliminary Clover Fraser user guide Change-Id: I84b0ae1538aaa175245dd47d90ac2343eaa26cc4 Signed-off-by: Stephen Wong <stephen.kf.wong@gmail.com>
2018-03-23Update git submodulesQiLiang1-0/+0
* Update docs/submodules/clover from branch 'master' - Fix ci deploy job error Fix issue: https://build.opnfv.org/ci/view/clover/job/clover-daily-deploy-master/4/consoleFull + ssh -i /home/jenkins/opnfv/slave_root/workspace/clover-daily-deploy-master/work/container4nfv/src/vagrant/kubeadm_istio/.vagrant/machines/master/libvirt/private_key vagrant@192.168.121.117 rm -rf clover Host key verification failed. Change-Id: I73ea912ca6eb7ef823b1694b9fb090d809f158ee Signed-off-by: QiLiang <liangqi1@huawei.com>
2018-03-23Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Create document structure" - Create document structure See http://docs.opnfv.org/en/latest/how-to-use-docs/documentation-guide.html Note the structure stands on the view of whole OPNFV platform. Change-Id: Id2ac36cb6f30d6d2d54dbda9f6a77b76648aa4b0 Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
2018-03-23Update git submodulesQiLiang1-0/+0
* Update docs/submodules/clover from branch 'master' - Add clover ci deploy skeleton - create kubernetes + istio by continer4nfv kubeadm_istio scenario - add clover real test entry script - add basic .gitignore Change-Id: I3b36cdf71d70db4e24a19e386ad39dbb0a71ac2f Signed-off-by: QiLiang <liangqi1@huawei.com>
2018-03-22Update git submodulesYujun Zhang1-0/+0
* Update docs/submodules/clover from branch 'master' - Rename doc to docs Change-Id: Iaa83d00704a8d077f8671647b999394eac461482 Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
2018-03-22Update git submodulesQiLiang1-0/+0
* Update docs/submodules/clover from branch 'master' - Add ci entry scripts Currently, just some dummy scripts for ci test. Scripts contents Plan: - deploy.sh is for ci daily job deploy and verify - upload.sh is for building/uploading docker image, other resources - verify.sh is for basic patch verify (e.g. ut, lint) Change-Id: If4c9ffb484a265258dcb6afaf6f479c8e394d7ee Signed-off-by: QiLiang <liangqi1@huawei.com>
2018-03-19Add clover projectYujun Zhang1-0/+0
Change-Id: Ieca7a57c66bc7d7472585a62e77747eb787ead6c Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>