wutianwei [Wed, 22 Aug 2018 02:49:56 +0000 (10:49 +0800)]
Spinnaker as a Service
JIRA: CLOVER-52
1. Add mainfest to install the spinnaker in kubernetes cluster
2. after using mainfest to install spinnaker,
we can interacte with the halyard daemon with its REST API
and we can add/delete/list the dockerRegistry/kubernetes accounts.
3. Add the cloverctl to interate with the halyard daemon
Change-Id: I71bc5977f2d65aab88fa55f7d7a53ab75eb6a46b
Signed-off-by: wutianwei <wutianwei1@huawei.com>
Stephen Wong [Sun, 19 Aug 2018 07:18:24 +0000 (07:18 +0000)]
Merge "Implement initial clover-controller service"
Stephen Wong [Sun, 19 Aug 2018 07:18:00 +0000 (07:18 +0000)]
Merge "Implement initial cloverctl CLI tool"
Stephen Wong [Sun, 19 Aug 2018 07:17:28 +0000 (07:17 +0000)]
Merge "Implement initial Jmeter master/slave containers"
Wenjing Chu [Tue, 14 Aug 2018 23:23:37 +0000 (23:23 +0000)]
Merge "Add ansible scripts for raspberry pi based kubernetes edge cluster"
Eddie Arrage [Thu, 2 Aug 2018 23:15:39 +0000 (23:15 +0000)]
Implement initial cloverctl CLI tool
- Uses client-go package to interface to k8s API and implement
functions as cloverkube package.
- Identifies GKE LB IP for clover-controller for user
- Identifies NodePort port number for clover-controller for user
if environment is local k8s (assumes flannel CNI currently)
- Deploys and deletes clover-collector and clover-controller with
native client-go constructs (currently images are defined with
local registry). Future work will implement other clover services
and Istio components. Uses the clover-system namespace.
- Uses Cobra go package to implement CLI (used in kubectl and
istioctl) using cloverctl <verb> <noun> convention.
- Interfaces to clover-controller to configure clover services
(visibility, IDS ...) within the cluster via REST messaging
- Start visibility (collector) engine using input yaml file or
defaults
- Init, stop and clear (truncate Cassandra tables) visibility
engine or get basic stats.
- Add custom rules to IDS from input yaml file and start/stop
IDS
- Generate jmeter testplan on jmeter-master using input yaml
file. Start tests and output log/results from CLI.
- Specify number of jmeter slaves to initiate tests on from
CLI. Automatically find IP addresses of jmeter slaves within
the k8s cluster.
- Sample yaml files for adding IDS rules, starting visibility
engine and generating jmeter test plans.
- Build script to install go and get dependent packages.
- Implement a custom Istio inject package for manual sidecar
injection (cloverinject). Currently, unused as it is built from
Istio 0.8.0/1.0.0 code base.
Change-Id: Ibb8d08cb98267bdffb8905c221473f177d51bbb3
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
Stephen Wong [Wed, 1 Aug 2018 05:16:34 +0000 (05:16 +0000)]
Merge "Adding cassandra service with a separate yaml file."
Stephen Wong [Wed, 1 Aug 2018 05:16:00 +0000 (05:16 +0000)]
Merge "Adding clearwater IMS yaml and clearwater live test dockerfile to test istio service-mesh"
Stephen Wong [Wed, 1 Aug 2018 05:14:38 +0000 (05:14 +0000)]
Merge "[Clover] using elasticsearch to store log"
Eddie Arrage [Thu, 28 Jun 2018 17:42:28 +0000 (17:42 +0000)]
Implement initial clover-controller service
- First pass of clover-controller which resides within the k8s
cluster and provides interfaces to all Clover services
- Only service that should need to be exposed outside of
cluster
- Docker build of container that uses stack of nginx, gunicorn
and flask to provide REST interface
- REST interface is intended to serve cloverctl CLI and
dashboard browser UI
- Implements GRPC messaging to clover-collector and snort
- GRPC interfaces files for snort/nginx are added to
container from repo. Collector GRPC files will be removed
from controller/control/api once patch below is merged
https://gerrit.opnfv.org/gerrit/#/c/57245/ and added
similarly
- Provides first pass callback for file upload from
clover-server.
- Some REST messages implement JSON for passing params
to internal services
- Redis interface added to obtain data from services.
Currently, a simple interface to retrieve snort event
information
- YAML manifest renderer to add to k8s. Uses NodePort
service currently, defaulting to port 32044.
- Removed collector gRPC interface files with merge of collector
- Expose tracing and monitoring host/port parameters, as these vary
depending on Istio version and Jaeger version
- Add logging to flask blueprints
- Added jmeter blueprint interface with REST for
testplan generation, start test and result retrieval
- Added flask Response to REST reply messages
- Retrieve some basic stats from collector in json
response
Change-Id: I59eaeb860445ade4b45bba22747a61fb0cf0bbd4
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
Eddie Arrage [Sat, 28 Jul 2018 01:02:35 +0000 (01:02 +0000)]
Implement initial Jmeter master/slave containers
- Jmeter can be used for L4-7 functional and performance testing
- Jmeter master has gRPC server for management
- Generates Jmeter test plans from minimal yaml params file
(sample to be added with cloverctl) using template
- Optionally span tests across slave containers to allow greater
loads to be generated
- Specify loop/thread/slave count and URL list, which
dictates target and number of connections that will be attempted
- clover-controller will interface to gRPC interface on Jmeter
master
- Start tests on master and retrieve log/result files
- Render master and slave k8s manifests files
Change-Id: Id144c8f551b7d375ff252c8de0611f895b50387c
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
iharijono [Wed, 9 May 2018 01:27:59 +0000 (18:27 -0700)]
Adding cassandra service with a separate yaml file.
- Left the file samples/scenarios/service_delivery_controller_opnfv.yaml unchanged.
- Added a yaml definition of Cassandra StatefulSet and its service into a separate file under tools directory
- Cassandra Service run with 1 replica
- Deleted 'data-plane-ns' and use 'default' instead for cassandra containers.
- Revoked changes for samples/scenarios/service_delivery_controller_opnfv.yaml.
- Added new line (Wutien suggested it)
JIRA: CLOVER-000
Change-Id: I2bb4249cf2523f5011d6fefc69dc469a90e20eaf
Signed-off-by: iharijono <indra.harijono@huawei.com>
adarsh1001 [Sat, 21 Jul 2018 20:41:47 +0000 (02:11 +0530)]
Add ansible scripts for raspberry pi based kubernetes edge cluster
JIRA: CLOVER-71
This issue falls under the "Edge Cloud-Native Cluster" intern project and is a part of both Clover and Edge cloud projects. The detailed description of the project and the instructions for using the scripts are documented in the README.
Change-Id: I4fdb98f17ae0c53f918376ad6fb90be8ff0b0a71
Signed-off-by: adarsh1001 <adarshpalsingh1996@gmail.com>
Stephen Wong [Sat, 7 Jul 2018 06:09:37 +0000 (06:09 +0000)]
Merge "Initial commit for Clover Collector"
Stephen Wong [Sat, 7 Jul 2018 05:46:00 +0000 (05:46 +0000)]
Merge "Sleep 1 sec after set test."
Stephen Wong [Sat, 7 Jul 2018 05:45:04 +0000 (05:45 +0000)]
Merge "[clover] Add script to setup k8s"
wutianwei [Fri, 29 Jun 2018 03:29:38 +0000 (11:29 +0800)]
[Clover] using elasticsearch to store log
Change-Id: I0335fa912a3ca2dff5c989fa06183065216f10e4
Signed-off-by: wutianwei <wutianwei1@huawei.com>
Aric Gardner [Thu, 28 Jun 2018 17:09:17 +0000 (13:09 -0400)]
Fix project LEAD in INFO.yaml
Change-Id: Iff9c7bfbae8f5ca46ef88634d4864cd27512aa8a
Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
wutianwei [Fri, 15 Jun 2018 06:22:39 +0000 (14:22 +0800)]
Sleep 1 sec after set test.
if we set testid and start test immediately,
the first test's result can't be got from jaeger
Change-Id: Ia2ab8a91d8c5f9956ea4d3d7c2436fb05490acee
Signed-off-by: wutianwei <wutianwei1@huawei.com>
wutianwei [Fri, 8 Jun 2018 01:49:36 +0000 (09:49 +0800)]
[clover] Add script to setup k8s
what the script do
1. git clone the XCI repo
2. set variable to deploy k8s
how to use
run the below command in you teminal
./xci-k8s-setup.sh
requirement
1. don't under the root user
2. run sudo without password
Change-Id: I5015e12d8d3b0db31285d5e817b3c40d6739ba22
Signed-off-by: wutianwei <wutianwei1@huawei.com>
Stephen Wong [Fri, 15 Jun 2018 00:24:57 +0000 (00:24 +0000)]
Merge "Streaming logs from application container"
Stephen Wong [Fri, 15 Jun 2018 00:24:19 +0000 (00:24 +0000)]
Merge "Add support for node level logging"
Stephen Wong [Fri, 15 Jun 2018 00:23:46 +0000 (00:23 +0000)]
Merge "fix the sdc sample deploy issue"
Stephen Wong [Fri, 15 Jun 2018 00:22:11 +0000 (00:22 +0000)]
Merge "Fix typo of Jaeger port"
Stephen Wong [Fri, 15 Jun 2018 00:21:42 +0000 (00:21 +0000)]
Merge "Fix error in logging installation"
Eddie Arrage [Wed, 9 May 2018 18:33:55 +0000 (18:33 +0000)]
Initial commit for Clover Collector
- Added a container named clover-collector using clover
container as a base with build script
- GRPC server to manage collector process
- Cassandra DB client interface to initialize visibility keyspace
- Init messaging adds table schemas for tracing - traces & spans
- Adds table for monitoring - metrics
- Does not implement Cassandra server but developed using
public Cassandra docker container
- Collector process in simple loop that periodically fetches
traces and monitoring data and inserts to Cassandra - not optimized
for batch retrieval yet for monitoring
- CLI interface added to collector process and used
by GRPC server for configuration
- Simple GRPC client script to test GRPC server and start/stop
of collector process
- Collector process can be configured with access for tracing,
monitoring and Cassandra
- Added a return value in monitoring query method
- Added ability to truncate tracing, metrics and spans tables
in cql
- Added cql prepared statements and batch insert for metrics
and spans
- Align cql connection to cql deployment within k8s
- Fix issue with cql host list using ast and collect process
args with background argument
- Added redis interface to accept service/metric list
externally for monitoring (will work in conjunction
with clover-controller)
- Use k8s DNS names and default ports for monitoring, tracing
and cassandra
- Added yaml manifest renderer/template for collector
Change-Id: I3e4353e28844c4ce9c185ff4638012b66c7fff67
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
Yujun Zhang [Wed, 9 May 2018 07:01:53 +0000 (15:01 +0800)]
Add support for node level logging
Change-Id: Ib5b2240de3276164fe9e272bf36f0d1f89f409c0
Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
Muhammad Shaikh (Salman) [Wed, 30 May 2018 00:41:19 +0000 (00:41 +0000)]
Adding clearwater IMS yaml and clearwater live test dockerfile to test istio service-mesh
Checking into CLEARWATER_ISTIO branch
This part of the project is intended to validate the clearwater IMS with istio service-mesh.
Change-Id: Ia5ba86301a363fcf9cfe0bac525606b0d897713e
Signed-off-by: Muhammad Shaikh (Salman) <muhammad.shaikh@huawei.com>
wutianwei [Mon, 28 May 2018 01:02:14 +0000 (09:02 +0800)]
fix the sdc sample deploy issue
there is a issue "No module named google.protobuf",
when trying to run the services docker.
Add the protobuf in services Dockerfile.
Change-Id: I280dc1d5908bcec784e9e1e7c4d07e145f092cdb
Signed-off-by: wutianwei <wutianwei1@huawei.com>
Yujun Zhang [Thu, 10 May 2018 07:26:08 +0000 (15:26 +0800)]
Streaming logs from application container
Change-Id: I6a1e526bec4160bcdac32d4124acb110b9cf6959
Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
Aric Gardner [Thu, 10 May 2018 18:56:16 +0000 (14:56 -0400)]
Remove INFO file, we only need to maintain INFO.yaml
Change-Id: I51fbdaf6991cb43a7cb1b2ce01099e0ed385df13
Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
Yujun Zhang [Wed, 9 May 2018 03:18:38 +0000 (11:18 +0800)]
Fix error in logging installation
It must be done in two steps otherwise the mixer adapter may not
be initialized correctly.
Change-Id: Ie59e811fc287fbd52a007be45f0f9c74983149b3
Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
Yujun Zhang [Tue, 8 May 2018 08:34:23 +0000 (16:34 +0800)]
Fix typo of Jaeger port
Change-Id: I70b766fe26e750fef6a622344d69ad4f6e2b8962
Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
Eddie Arrage [Fri, 27 Apr 2018 18:52:41 +0000 (18:52 +0000)]
Update docs with edits and proper release tag
- Incorporated feedback from doc reviews
- Fix some rendering issues
- Add redis inspect section
- Update SDC deploy instructions using Fraser release tag
Change-Id: I573dcd04066ad83b9c659fae645c65ab4aaa2007
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
Stephen Wong [Thu, 26 Apr 2018 07:39:48 +0000 (07:39 +0000)]
Merge "Write A-B configuration guide and align with SDC guide"
Eddie Arrage [Thu, 26 Apr 2018 01:20:49 +0000 (01:20 +0000)]
Write A-B configuration guide and align with SDC guide
- Document A-B sample validation script
- Remove redundant TOC in docs
- Provide reference links in SDC guide
- Additional edits to SDC guide
Change-Id: Id4135c99df688f7de1af18017c847a6546082bfc
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
Eddie Arrage [Thu, 26 Apr 2018 04:26:06 +0000 (04:26 +0000)]
Updated user guide with edits and reference links
- Provided some overall edits to user guide
- Fixed titles of index files for release notes and user guide
- Added links to SDC, A-B configuration guides and logging, tracing
and monitoring install/validation docs
Change-Id: I9a0e1e0a2c12b20400eec5a5642f7c5de2dbd7bf
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
Stephen Wong [Wed, 25 Apr 2018 06:27:52 +0000 (06:27 +0000)]
Merge "Experimental commit for A-B testing with Clover Fraser release and on the SDC application"
Stephen Wong [Wed, 25 Apr 2018 06:26:36 +0000 (06:26 +0000)]
Merge "Created config guide for SDC sample app"
Eddie Arrage [Tue, 17 Apr 2018 02:31:44 +0000 (02:31 +0000)]
Created config guide for SDC sample app
- Overview with micro-service diagram
- Source diagram file in GIMP with layers for editing by
others
- Deploying the sample
- Using the sample
- Exposing Jaeger Tracing and Prometheus monitoring browser
interfaces
- Modifying run-time micro-service configuration including
modifying load balancer server list and adding a custom snort rule
- Uninstalling the sample
- Updated overview with service description, table and traffic
flow description, general edits
- Link to A/B configuration guide and doc index file
- Additional edits
- Diagram for Jaeger UI with SDC
Change-Id: I5d851316c05a9e1bd48c8aab5511a98116e6893d
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
Stephen Wong [Tue, 24 Apr 2018 22:26:47 +0000 (15:26 -0700)]
Simplification of Clover Fraser official docs
(Double commit from master:I89adbef74aa74071a055dcdf62aa0925e263ffe3,
gerrit 56167)
Change-Id: I86f12d5ba67f09177eca758c184c614ee9d6dd9d
Signed-off-by: Stephen Wong <stephen.kf.wong@gmail.com>
Stephen Wong [Tue, 24 Apr 2018 22:19:25 +0000 (22:19 +0000)]
Merge "Fix snort rule with blank content & WR packet in alert"
Stephen Wong [Fri, 20 Apr 2018 22:37:07 +0000 (15:37 -0700)]
Fraser official docs simplification
[TBD]: link to configguide for sample VNF, link to A-B testing configguide
Change-Id: I89adbef74aa74071a055dcdf62aa0925e263ffe3
Signed-off-by: Stephen Wong <stephen.kf.wong@gmail.com>
Stephen Wong [Wed, 18 Apr 2018 23:27:59 +0000 (16:27 -0700)]
Experimental commit for A-B testing with Clover Fraser release
and on the SDC application
Change-Id: I6e1bd84a6d674a2c4c4484722b20415f5402a59c
Signed-off-by: Stephen Wong <stephen.kf.wong@gmail.com>
Eddie Arrage [Tue, 24 Apr 2018 00:22:07 +0000 (00:22 +0000)]
Fix snort rule with blank content & WR packet in alert
- Fix bug with addition of content field in rule definition
that causes rules with a blank content fields to inhibit
snort from starting successfully.
- Write more of the packet data for snort alert into Redis
- Above includes X-Real-IP, X-Forwarded-For header fields
for http traffic from proxy that shows source IP
Some packet data is missing in alerts from snort.
Change-Id: I2c5c29e514d1ca9e8e5b9b3f7990afa87c6311b9
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
Stephen Wong [Thu, 19 Apr 2018 23:47:59 +0000 (23:47 +0000)]
Merge "Add section to help user understand how logging works"
Stephen Wong [Thu, 19 Apr 2018 23:47:05 +0000 (23:47 +0000)]
Merge "Cover validation of elasticsearch cluster"
rpaik [Wed, 18 Apr 2018 17:56:27 +0000 (10:56 -0700)]
Minor edits to release notes and user guides
Change-Id: I093fb995f108194367334c4215780b5884d0207a
Signed-off-by: rpaik <rpaik@linuxfoundation.org>
Yujun Zhang [Tue, 17 Apr 2018 08:28:38 +0000 (16:28 +0800)]
Cover validation of elasticsearch cluster
- cluster health is not red
- indics found
- log entry created by istio found
- requests in and out http load balance matches
pytest is used as the test runner and wrapped in `validate.py`
Change-Id: Iad540b69d05118fadc97df679cf3424513c15e38
Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
Stephen Wong [Tue, 17 Apr 2018 05:38:13 +0000 (05:38 +0000)]
Merge "Remove unused argument"
Stephen Wong [Tue, 17 Apr 2018 05:37:16 +0000 (05:37 +0000)]
Merge "Added dependent python packages to Clover container"
Stephen Wong [Tue, 17 Apr 2018 05:36:04 +0000 (05:36 +0000)]
Merge "Extended snort rule add to allow content field"
Yujun Zhang [Tue, 17 Apr 2018 03:49:10 +0000 (11:49 +0800)]
Add section to help user understand how logging works
Change-Id: Iebfb747450cc08e930eabd36a87670236b23ffff
Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
Eddie Arrage [Mon, 16 Apr 2018 19:00:34 +0000 (19:00 +0000)]
Extended snort rule add to allow content field
- Exposed the 'content' field in the GRPC server AddRules method
- Allows the 'MALWARE-CNC User-Agent ASafaWeb Scan' signature
in the community rules to be copied to local rules
- Above ensures more deterministic alerts by snort each time
the signature is hit
- Added here to support the SDC configuration guide, which details
how to add this scan rule via GRPC client script
Change-Id: I6945c1e500075444134543bb9eb6003a03f1d5cc
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
Eddie Arrage [Mon, 16 Apr 2018 17:07:54 +0000 (17:07 +0000)]
Added dependent python packages to Clover container
- Added pip grpcio and argparse packages to docker build
- Allows service (nginx/snort) client sample scripts to be
executed using the Clover container without having to clone
the repo
Change-Id: Ifeda6d58a9a381cb80372255f41ad703a089ea4b
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
Yujun Zhang [Mon, 16 Apr 2018 01:23:00 +0000 (09:23 +0800)]
Remove unused argument
`BRANCH` is no longer required since we copy source code from working directory
instead of remote git repository.
Change-Id: I44776538a9efbca72e8d165e7790603cdafbe395
Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
Stephen Wong [Sun, 15 Apr 2018 06:58:59 +0000 (06:58 +0000)]
Merge "Add SDC deploy/clean scripts"
Stephen Wong [Sat, 14 Apr 2018 00:05:02 +0000 (00:05 +0000)]
Merge "Add support for install istio of specified version"
Eddie Arrage [Fri, 13 Apr 2018 19:15:29 +0000 (19:15 +0000)]
Add SDC deploy/clean scripts
- Added deploy/clean scripts for use in Clover container
- Deployment of entire SDC scenario
- Deployment includes istio install for manual sidecar injection
without TLS authentication (deploy.sh)
- Added Jaeger tracing and Prometheus monitoring install (view.sh)
- Exposes NodePort for monitoring/tracing to access UIs outside
of cluster
- Clean.sh attempts to remove all of the above
Change-Id: Id9548a77d71465a814a6e0cb1cbdf02d37235590
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
Yujun Zhang [Thu, 12 Apr 2018 08:59:54 +0000 (16:59 +0800)]
Add support for install istio of specified version
Change-Id: Ibfe0002daff58d30e7fffbb8828d8853a7e963a6
Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
Cédric Ollivier [Thu, 12 Apr 2018 07:18:56 +0000 (09:18 +0200)]
Updated from global requirements
Change-Id: Ieeaf87ab920f1862e3a1b9ac3316d387ff64954f
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
Stephen Wong [Thu, 12 Apr 2018 06:06:51 +0000 (06:06 +0000)]
Merge "Update from requirements"
Stephen Wong [Thu, 12 Apr 2018 06:04:46 +0000 (06:04 +0000)]
Merge "Create index to be included in opnfvdocs site"
Stephen Wong [Thu, 12 Apr 2018 06:03:07 +0000 (06:03 +0000)]
Merge "Modified validation script for tracing to support CI"
Yujun Zhang [Thu, 12 Apr 2018 04:05:57 +0000 (12:05 +0800)]
Update from requirements
Pipfile.lock ensures a consistent environment
Change-Id: Id2e544c77a67ce8fa010fba9c357735496f62a26
Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
Yujun Zhang [Thu, 12 Apr 2018 01:16:06 +0000 (09:16 +0800)]
Create index to be included in opnfvdocs site
Change-Id: Icbfe547697a8d879f4af8d9f9fbde2211b63129c
Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
Eddie Arrage [Wed, 11 Apr 2018 02:44:51 +0000 (02:44 +0000)]
Modified validation script for tracing to support CI
- Changed default Jaeger ports to 16686 for use with basic
kubernetes port-forward and CI scripts
- Added CLI to validate script to disable istio service check
by default. This requires at least a single http request
to istio-ingress after Jaeger deployment. It can be enabled
with 'python validate.py -s'. Port and IP address for Jaeger
can optionally be specified with '-ip' and '-port' options
- Modified tracing doc to add k8s port-forward example in addition
to k8s expose
Change-Id: I10fb4d3cccfa50370d44ed7446f67a49c538bba9
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
Cédric Ollivier [Tue, 10 Apr 2018 19:26:55 +0000 (21:26 +0200)]
Updated from global requirements
Change-Id: I9e6c925744ed928f7a5c6fbe54942e8b3895b1b9
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
Eddie Arrage [Wed, 4 Apr 2018 00:28:12 +0000 (00:28 +0000)]
Add existing public redis pod/service
- Use a community yaml for redis in k8s as simple data store
- Redis can be used for tracing and also by the snort-ids
to store alerts that can be processed by other services
- If flannel is used, the redis CLI can be accessed on the
host OS with redis-cli -h <flannel ip>
- Within the k8s cluster, the redis service can be accessed with
DNS using name 'redis'
- The same yaml for redis is also included in toplevel manifest for SDC
scenario. Included here if intention is to use separately (tracing
only)
Change-Id: Ibad283a4cc8938fe01f5de6b7743bdb5511be3af
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
Stephen Wong [Thu, 5 Apr 2018 23:20:26 +0000 (23:20 +0000)]
Merge "Fix Nginx lb in k8s/istio"
Stephen Wong [Thu, 5 Apr 2018 07:07:03 +0000 (07:07 +0000)]
Merge "Added toplevel manifests for SDC sample scenario"
Stephen Wong [Thu, 5 Apr 2018 05:30:06 +0000 (05:30 +0000)]
Merge "Aligned snort-ids default config for SDC scenario"
Stephen Wong [Thu, 5 Apr 2018 05:24:20 +0000 (05:24 +0000)]
Merge "Move design document to dedicated folder"
QiLiang [Sat, 31 Mar 2018 09:21:30 +0000 (17:21 +0800)]
Add clover initial docker image build script
- install dependent deb/pip packages
- install basic tools istioctl, kubectl
- install clover source code
- build/upload docker image script
- update requirements.txt
- update module import path
- To use this image use need setup kube-config file.
e.g. `docker run -v /root/config:/root/.kube/config -it clover bash`
Change-Id: I91044bb99ce8e2b785ef03212d961a97b3d42233
Signed-off-by: QiLiang <liangqi1@huawei.com>
Yujun Zhang [Tue, 3 Apr 2018 08:48:24 +0000 (16:48 +0800)]
Move design document to dedicated folder
Change-Id: I20c85b7116cd2b29d0efcaae5ee0b0381a685bbb
Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
Eddie Arrage [Tue, 3 Apr 2018 23:57:58 +0000 (23:57 +0000)]
Aligned snort-ids default config for SDC scenario
- Modified snort-ids alert process to use k8s DNS name
'proxy-access-control' to align with SDC scenario naming
- Added default port 50054 to the manifest yaml template and
rendering script for communication with proxy-access-control
Change-Id: Ib04ee75e5d8ea9921b16b3b4469bed87b1cd2018
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
Eddie Arrage [Tue, 3 Apr 2018 02:50:36 +0000 (02:50 +0000)]
Fix Nginx lb in k8s/istio
- Provide workaround to make nginx lb work properly
- nginx_client sample can modify default load balancing
from three to two servers at runtime
- Ensure port 9180 is used for default deploy for lb and
servers
- Modify render_yaml to specify deploy_name so that
clover-server1, 2, 3 can be used for default lb config
- Ensure proxy template is aligned to lb to allow the
source IP from originating host to be propagated to final
destination
- Fix default nginx proxy server_name to 'proxy-access-control'
and change default proxy destination to 'http-lb'
- Split lb service_type to 'lbv1' and 'lbv2' to provide an example
of how to modify the run-time configuration of the load balancer
after deployment - modify http-lb-v2 to use clover-server4/5 instead
of the defualt clover-server1/2/3 - modify http-lb-v1 to use
clover-server1/2 instead of 1/2/3
- Aligned pod IP retrival method with nginx_client.py
Change-Id: I73fa60a69c93ae1e82a477ef6283c00f67a21360
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
Eddie Arrage [Tue, 3 Apr 2018 23:10:00 +0000 (23:10 +0000)]
Added toplevel manifests for SDC sample scenario
- Added missing k8s manifest yaml files for overall service delivery
controller scenario - cannot be deployed coherently without this manifest
- One file for private docker registry and one for opnfv
public registry
- Outlined in JIRA ticket CLOVER-16 and validated per
description
- Includes ingress rule, community redis pod/service and deployments
for http-lb (v1/v2), snort-ids, proxy-access-controller,
and clover-server1-5
- All above pod/deployment naming matches default container
configuration
- Tested with istio manual injection
Change-Id: Ia03782b38020d744ab00c99adbf4832d15bbd9f3
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
Stephen Wong [Sat, 31 Mar 2018 02:34:34 +0000 (02:34 +0000)]
Merge "Clover initial commit for servicemesh/route_rules, orchestration/kube_client, and tools/clover_validate_rr"
Stephen Wong [Mon, 12 Mar 2018 23:41:57 +0000 (16:41 -0700)]
Clover initial commit for servicemesh/route_rules,
orchestration/kube_client, and tools/clover_validate_rr
Add an 'orchestration' directory. Please note that
'orchestration' does NOT mean Clover does any orchestration ---
similar to how Clover doesn't by itself implement tracing or
logging, orchestration is a directory for code related to Docker
orchestration client --- such as k8s client
kube_client utilizes the Kubernetes python client (a dependency)
to perform tasks against Kubernetes API server. For this commit,
it is only tested for weighted route rule verification, it does
three tasks:
(1) get a list of pods under a namespace --- pod dictionary now
only contains pod name and label dictionary: used to match
pod name with the node name in traces from OpenTracing
(2) check to see if a particular pod is up in a particular
namespace: used to check if Istio pods are running in
istio-system namespace
(3) check if a container exists in a list of pods under a
namespace: used to check if application pods have
istio-proxy container running
route_rule directly invokes istioctl as there isn't any Istio
Python client yet. Currently it reads and parses routerules
from Istio, and validates if a particular trace result matches
the routerules
Finally, a sample tool clover_validate_rr is provided. This
tool assumes a previous test has been ran (with an id with
both the route-rule-under-test and corresponding traces are
stored --- currently the assumption is tests were ran with
redis-master running on system). The tool can be invoked:
python clover_validate_rr.py -t <test-id> -s <service name>
where test-id is the ID of the test (most likely uuid) and
service name is the name of the service running in the
Kubernetes cluster upon which test traces should be fetched
against
Change-Id: Ic8ab6efc23c71ac4643bee796ef986a86f6fc7dd
Signed-off-by: Stephen Wong <stephen.kf.wong@gmail.com>
Stephen Wong [Sat, 31 Mar 2018 02:16:14 +0000 (02:16 +0000)]
Merge "Added initial nginx services"
Eddie Arrage [Tue, 20 Mar 2018 23:51:35 +0000 (23:51 +0000)]
Develop snort IDS and content inspect service
- Initial commit to show potential structure of a sample service
- This wil be part of a larger sample application currently dubbed
Service Delivery Controller
- Docker container needs to be built and employs open-source Linux packages
- Service is deployable in Istio service mesh using provided yaml
- Control snort daemon and add custom rules with GRPC messaging
- Process snort alerts actively and send to redis and upstream service
mesh components
- Integrates a web server for better HTTP signature detection
- Improved build script for CI with variables
- Render k8s yaml snort manifest dynamically with command
line options
- Improve snort_client sample script for runtime modifications
including passing args on CLI, error checking
- Update nginx proxy interface
- Added logging to snort server and alert process
Change-Id: Ic56f9fcd9ed21f64b84b85ac8ee280d69af7b7c9
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
Stephen Wong [Fri, 30 Mar 2018 06:25:10 +0000 (06:25 +0000)]
Merge "Add Functest test hook 2"
Stephen Wong [Fri, 30 Mar 2018 06:23:42 +0000 (06:23 +0000)]
Merge "Initial commit for logging installation and validataion"
Stephen Wong [Fri, 30 Mar 2018 06:22:48 +0000 (06:22 +0000)]
Merge "Initial commit for tracing"
Eddie Arrage [Wed, 21 Mar 2018 18:38:59 +0000 (18:38 +0000)]
Added initial nginx services
- Proxy allows ingress traffic to be sent to another element in
service mesh
- Mirroring is also in the default configuration
- Default configuration is to proxy to a clover-server and mirror
to snort-ids
- A location_path (URI in HTTP requests) can be reconfigured to
restrict proxing; default to '/'
- A proxy_path can be reconfigured to specify an alternate destination
- A mirror path can be reconfigured to specify where traffic
will be spanned
- The default server_port (listen port) for the proxy is 9180 but can be
reconfigured
- The default server_name is http-proxy but can be reconfigured
- Reconfiguration is done over GRPC with jinja2 template for nginx
- Currently snort ids sends alerts to proxy with stub code in GRPC
- Refactored the code to have a nginx base with subservices
- Proxy, Load Balancer (lb), and Server can share code - mainly GRPC
server
- Nginx subservices have separate docker builds
- Improved build scripts for CI
- Render yaml manifests dynamically
- Improve nginx_client for runtime modifications (but not really
useful yet)
Change-Id: Icbff6890021bcc8a8da4690c9261205d6e1ca43a
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
QiLiang [Thu, 29 Mar 2018 08:27:57 +0000 (16:27 +0800)]
Add Functest test hook 2
- Temporary run functest testcase after all clover env setup.
- TODO: Use jenkins to trigger functest job.
Change-Id: I5f620496d747c4d742c7bbf8bb825616f8c69499
Signed-off-by: QiLiang <liangqi1@huawei.com>
Eddie Arrage [Thu, 15 Mar 2018 17:08:30 +0000 (10:08 -0700)]
Initial commit for tracing
- Uses REST interface to obtain traces for services from Jaeger
- Discover services availabe in tracing
- Works only with Jaeger at the moment (not zipkin)
- Optional Redis interface added to store traces per test
- Install doc and validation script added for Jaeger
- Renamed doc to docs
Change-Id: I420137c818df290ecd40aa8d318c6961c511a947
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
QiLiang [Thu, 15 Mar 2018 04:20:59 +0000 (12:20 +0800)]
Initial commit for monitoring by prometheus
- install prometheus
- validate the installation
- add prometheus query function
- TODO: test collecting telemetry data from istio
JIRA: CLOVER-7
Change-Id: I983be2db78c8c5c20c0acee9ae81e891884e07fb
Signed-off-by: QiLiang <liangqi1@huawei.com>
QiLiang [Thu, 29 Mar 2018 01:56:41 +0000 (09:56 +0800)]
CI add timeout for k8s+istio deployment
Issue link:
https://build.opnfv.org/ci/view/clover/job/clover-daily-deploy-master/13/
Clover daily job often failed, which is caused by bad network at utc 12:OO.
(Heavy ci job running in huawei lab at that time.)
Find another time slot for clover daily job.
https://gerrit.opnfv.org/gerrit/#/c/54589/
Change-Id: I0a9eb3ba0c63a3c440627a7af5afb302dbdaebb5
Signed-off-by: QiLiang <liangqi1@huawei.com>
QiLiang [Wed, 28 Mar 2018 08:54:40 +0000 (16:54 +0800)]
Add Functest test hook
Change-Id: Idbe25c162fb19c59ad4e57fd32a749d1d5a29f63
Signed-off-by: QiLiang <liangqi1@huawei.com>
Stephen Wong [Mon, 26 Mar 2018 17:36:26 +0000 (10:36 -0700)]
clover fraser: preliminary documents checkin
* add preliminary Clover Fraser release notes
* add preliminary Clover Fraser user guide
Change-Id: I84b0ae1538aaa175245dd47d90ac2343eaa26cc4
Signed-off-by: Stephen Wong <stephen.kf.wong@gmail.com>
QiLiang [Fri, 23 Mar 2018 01:55:56 +0000 (09:55 +0800)]
Fix ci deploy job error
Fix issue:
https://build.opnfv.org/ci/view/clover/job/clover-daily-deploy-master/4/consoleFull
+ ssh -i /home/jenkins/opnfv/slave_root/workspace/clover-daily-deploy-master/work/container4nfv/src/vagrant/kubeadm_istio/.vagrant/machines/master/libvirt/private_key vagrant@192.168.121.117 rm -rf clover
Host key verification failed.
Change-Id: I73ea912ca6eb7ef823b1694b9fb090d809f158ee
Signed-off-by: QiLiang <liangqi1@huawei.com>
Stephen Wong [Fri, 23 Mar 2018 01:19:36 +0000 (01:19 +0000)]
Merge "Create document structure"
QiLiang [Thu, 22 Mar 2018 12:39:00 +0000 (20:39 +0800)]
Add clover ci deploy skeleton
- create kubernetes + istio by continer4nfv kubeadm_istio scenario
- add clover real test entry script
- add basic .gitignore
Change-Id: I3b36cdf71d70db4e24a19e386ad39dbb0a71ac2f
Signed-off-by: QiLiang <liangqi1@huawei.com>
Yujun Zhang [Tue, 13 Mar 2018 09:48:07 +0000 (17:48 +0800)]
Initial commit for logging installation and validataion
- install fluentd with elastic stack
- validate the installation
JIRA: CLOVER-5
Change-Id: I181a7277bc332ceac549d384cf2c3817a182b06e
Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
Yujun Zhang [Fri, 16 Mar 2018 07:59:50 +0000 (15:59 +0800)]
Create document structure
See http://docs.opnfv.org/en/latest/how-to-use-docs/documentation-guide.html
Note the structure stands on the view of whole OPNFV platform.
Change-Id: Id2ac36cb6f30d6d2d54dbda9f6a77b76648aa4b0
Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
Yujun Zhang [Thu, 22 Mar 2018 01:06:44 +0000 (09:06 +0800)]
Rename doc to docs
Change-Id: Iaa83d00704a8d077f8671647b999394eac461482
Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
QiLiang [Wed, 21 Mar 2018 04:19:17 +0000 (12:19 +0800)]
Add ci entry scripts
Currently, just some dummy scripts for ci test.
Scripts contents Plan:
- deploy.sh is for ci daily job deploy and verify
- upload.sh is for building/uploading docker image, other resources
- verify.sh is for basic patch verify (e.g. ut, lint)
Change-Id: If4c9ffb484a265258dcb6afaf6f479c8e394d7ee
Signed-off-by: QiLiang <liangqi1@huawei.com>
Stephen Wong [Mon, 12 Mar 2018 05:59:18 +0000 (05:59 +0000)]
Merge "Auto Generated INFO.yaml file"
Code Review / clover.git / log