openstack
/
fuel-qa
Code Issues Proposed changes

Add a template for security scan related devops environment 

We use prepared image for create VM with security scan service

Change-Id: I9c2c383971b5e72a1414a43dcb4db8f3ad22bc78
This commit is contained in:
Sergey Otpuschennikov 2017-03-03 15:26:48 +04:00 committed by Vladimir Khlyunev
parent df234facfa
commit 0263854ed7
3 changed files with 203 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
fuelweb_test/helpers/fuel_actions.py
View File

@ -16,9 +16,6 @@ import os
import re
from devops.helpers.helpers import wait
from devops.models import DiskDevice
from devops.models import Node
from devops.models import Volume
from proboscis.asserts import assert_true
import yaml
@ -38,7 +35,6 @@ from fuelweb_test.settings import KEYSTONE_CREDS
from fuelweb_test.settings import MIRROR_UBUNTU
from fuelweb_test.settings import PLUGIN_PACKAGE_VERSION
from fuelweb_test.settings import FUEL_SETTINGS_YAML
from fuelweb_test.settings import NESSUS_IMAGE_PATH
from fuelweb_test.helpers.utils import YamlEditor
@ -470,24 +466,6 @@ class CobblerActions(BaseActions):
cmd='service dnsmasq restart')
class NessusActions(object):
""" NessusActions.""" # TODO documentation
def __init__(self, d_env):
self.devops_env = d_env
def add_nessus_node(self):
node = Node.node_create(
name='slave-nessus',
environment=self.devops_env,
boot=['hd'])
node.attach_to_networks()
volume = Volume.volume_get_predefined(NESSUS_IMAGE_PATH)
DiskDevice.node_attach_volume(node=node, volume=volume)
node.define()
node.start()
class FuelBootstrapCliActions(AdminActions):
def get_bootstrap_default_config(self):
fuel_settings = self.get_fuel_settings()

5
fuelweb_test/models/environment.py
View File

@ -41,7 +41,6 @@ from fuelweb_test.helpers.fuel_actions import BaseActions
from fuelweb_test.helpers.fuel_actions import CobblerActions
from fuelweb_test.helpers.fuel_actions import NailgunActions
from fuelweb_test.helpers.fuel_actions import PostgresActions
from fuelweb_test.helpers.fuel_actions import NessusActions
from fuelweb_test.helpers.fuel_actions import FuelBootstrapCliActions
from fuelweb_test.helpers.ssh_manager import SSHManager
from fuelweb_test.helpers.utils import TimeStat
@ -454,8 +453,8 @@ class EnvironmentModel(six.with_metaclass(SingletonMeta, object)):
if custom:
self.setup_customisation()
if security:
nessus_node = NessusActions(self.d_env)
nessus_node.add_nessus_node()
nessus_node = self.d_env.get_node(name='slave-nessus')
nessus_node.start()
# wait while installation complete
self.admin_actions.modify_configs(self.d_env.router())

201
system_test/tests_templates/devops_configs/security_scan.yaml Normal file
View File

@ -0,0 +1,201 @@
---
aliases:
dynamic_address_pool:
- &pool_default !os_env POOL_DEFAULT, 10.109.0.0/16:24
default_interface_model:
- &interface_model !os_env INTERFACE_MODEL, e1000
rack-01-slave-interfaces: &rack-01-slave-interfaces
- label: eth0
l2_network_device: admin # Libvirt bridge name. It is *NOT* Nailgun networks
interface_model: *interface_model
- label: eth1
l2_network_device: public
interface_model: *interface_model
- label: eth2
l2_network_device: storage
interface_model: *interface_model
- label: eth3
l2_network_device: management
interface_model: *interface_model
- label: eth4
l2_network_device: private
interface_model: *interface_model
rack-01-slave-network_config: &rack-01-slave-network_config
eth0:
networks:
- fuelweb_admin
eth1:
networks:
- public
eth2:
networks:
- storage
eth3:
networks:
- management
eth4:
networks:
- private
rack-01-slave-node-params: &rack-01-slave-node-params
vcpu: !os_env SLAVE_NODE_CPU, 2
memory: !os_env SLAVE_NODE_MEMORY, 3072
boot:
- network
- hd
volumes:
- name: system
capacity: !os_env NODE_VOLUME_SIZE, 55
format: qcow2
- name: cinder
capacity: !os_env NODE_VOLUME_SIZE, 55
format: qcow2
- name: swift
capacity: !os_env NODE_VOLUME_SIZE, 55
format: qcow2
interfaces: *rack-01-slave-interfaces
network_config: *rack-01-slave-network_config
template:
devops_settings:
env_name: !os_env ENV_NAME
address_pools:
# Network pools used by the environment
fuelweb_admin-pool01:
net: *pool_default
params:
tag: 0
public-pool01:
net: *pool_default
params:
tag: 0
storage-pool01:
net: *pool_default
params:
tag: 101
management-pool01:
net: *pool_default
params:
tag: 102
private-pool01:
net: *pool_default
params:
tag: 103
groups:
- name: default
driver:
name: devops.driver.libvirt.libvirt_driver
params:
connection_string: !os_env CONNECTION_STRING, qemu:///system
storage_pool_name: !os_env STORAGE_POOL_NAME, default
stp: True
hpet: False
use_host_cpu: !os_env DRIVER_USE_HOST_CPU, true
network_pools: # Address pools for OpenStack networks.
# Actual names should be used for keys
# (the same as in Nailgun, for example)
fuelweb_admin: fuelweb_admin-pool01
public: public-pool01
storage: storage-pool01
management: management-pool01
private: private-pool01
l2_network_devices: # Libvirt bridges. It is *NOT* Nailgun networks
admin:
address_pool: fuelweb_admin-pool01
dhcp: false
forward:
mode: nat
public:
address_pool: public-pool01
dhcp: false
forward:
mode: nat
storage:
address_pool: storage-pool01
dhcp: false
management:
address_pool: management-pool01
dhcp: false
private:
address_pool: private-pool01
dhcp: false
nodes:
- name: admin # Custom name of VM for Fuel admin node
role: fuel_master # Fixed role for Fuel master node properties
params:
vcpu: !os_env ADMIN_NODE_CPU, 2
memory: !os_env ADMIN_NODE_MEMORY, 3072
boot:
- hd
- cdrom # for boot from usb - without 'cdrom'
volumes:
- name: system
capacity: !os_env ADMIN_NODE_VOLUME_SIZE, 80
format: qcow2
- name: iso
source_image: !os_env ISO_PATH # if 'source_image' set, then volume capacity is calculated from it's size
format: raw
device: cdrom # for boot from usb - 'disk'
bus: ide # for boot from usb - 'usb'
interfaces:
- label: eth0
l2_network_device: admin # Libvirt bridge name. It is *NOT* a Nailgun network
interface_model: *interface_model
network_config:
eth0:
networks:
- fuelweb_admin
- name: slave-01
role: fuel_slave
params: *rack-01-slave-node-params
- name: slave-02
role: fuel_slave
params: *rack-01-slave-node-params
- name: slave-03
role: fuel_slave
params: *rack-01-slave-node-params
- name: slave-04
role: fuel_slave
params: *rack-01-slave-node-params
- name: slave-05
role: fuel_slave
params: *rack-01-slave-node-params
- name: slave-06
role: fuel_slave
params: *rack-01-slave-node-params
- name: slave-07
role: fuel_slave
params: *rack-01-slave-node-params
- name: slave-08
role: fuel_slave
params: *rack-01-slave-node-params
- name: slave-09
role: fuel_slave
params: *rack-01-slave-node-params
- name: slave-nessus # Custom name of VM for Nessus node
role: nessus_node # Fixed role for Fuel master node properties
params:
vcpu: !os_env NESSUS_NODE_CPU, 1
memory: !os_env NESSUS_NODE_MEMORY, 1024
boot:
- hd
volumes:
- name: system
source_image: !os_env NESSUS_IMAGE_PATH
format: qcow2
interfaces: *rack-01-slave-interfaces
network_config: *rack-01-slave-network_config