From d5e861eb4ad4c435c028b15b21afa741f6e9ff8c Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Mon, 5 Aug 2019 16:46:43 -0700 Subject: [PATCH 01/75] python3 all platform. py3 tests --- .circleci/config.yml | 6 ++++- Makefile | 49 ++++++++++++++++++++++++++++++++++++++- base/centos-7/install.sh | 4 ++++ base/debian-10/install.sh | 2 ++ base/debian-9/install.sh | 2 ++ base/redhat-8/install.sh | 4 +++- 6 files changed, 64 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 190e9892..834f5703 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -26,7 +26,11 @@ jobs: path: clair-scanner-logs destintation: clair-scanner-logs - run: - name: Running CI Tests + name: Running debian9 CI Tests + command: make run_tests_debian9 + no_output_timeout: 20m + - run: + name: Running debian9 python3 CI Tests command: make run_tests_debian9 no_output_timeout: 20m - store_artifacts: diff --git a/Makefile b/Makefile index aa16f2c2..24e07766 100644 --- a/Makefile +++ b/Makefile @@ -248,7 +248,7 @@ run_tests_centos7: run_tests_redhat8: @echo 'Running the super awesome tests; RedHat 8' - pytest -sv tests/test_redhat_8.py --junitxml test-results/redhat8-result/testresults_redhat8.xml + pytest -sv tests/test_docker_splunk.py --platform redhat-8 --junitxml test-results/redhat8-result/testresults_redhat8.xml test_setup: @echo 'Install test requirements' @@ -256,6 +256,8 @@ test_setup: pip install -r $(shell pwd)/tests/requirements.txt --upgrade mkdir test-results/centos7-result || true mkdir test-results/debian9-result || true + mkdir test-results/debian10-result || true + mkdir test-results/redhat8-result || true run_tests_debian9: @echo 'Running the super awesome tests; Debian 9' @@ -270,6 +272,51 @@ save_containers: mkdir test-results/saved_images || true $(foreach image,${CONTAINERS_TO_SAVE}, echo "Currently saving: ${image}"; docker save ${image} --output test-results/saved_images/${image}.tar; echo "Compressing: ${image}.tar"; gzip test-results/saved_images/${image}.tar; ) +run_tests_centos7_py3: + @echo 'Running the super awesome tests; CentOS 7' + pytest -sv tests/test_docker_splunk.py --platform centos-7 --junitxml test-results/centos7-result/testresults_centos7.xml + +run_tests_redhat8_py3: + @echo 'Running the super awesome tests; RedHat 8' + pytest -sv tests/test_docker_splunk.py --platform redhat-8 --junitxml test-results/redhat8-result/testresults_redhat8.xml + + +test_py3: clean ansible test_setup all run_tests_centos7_py3 run_tests_redhat8_py3 run_tests_debian9_py3 + +test_centos7_py3: clean ansible splunk-centos-7 uf-centos-7 test_setup_py3 run_tests_centos7_py3 + +test_redhat8_py3: clean ansible splunk-redhat-8 uf-redhat-8 test_setup_py3 run_tests_redhat8_py3 + +test_debian9_py3: clean ansible splunk-debian-9 uf-debian-9 test_setup_py3 run_tests_debian9_py3 + +test_debian10_py3: clean ansible splunk-debian-10 uf-debian-10 test_setup_py3 run_tests_debian10_py3 + +test_setup_py3: + @echo 'Install test requirements' + pip3 install --upgrade pip3 + pip3 install -r $(shell pwd)/tests/requirements.txt --upgrade + mkdir test-results/centos7-result || true + mkdir test-results/debian9-result || true + mkdir test-results/debian10-result || true + mkdir test-results/redhat8-result || true + +run_tests_debian9_py3: + @echo 'Running the super awesome tests; Debian 9' + python3 -m pytest -sv tests/test_docker_splunk.py --platform debian-9 --junitxml test-results/debian9-result/testresults_debian9.xml + +run_tests_debian10_py3: + @echo 'Running the super awesome tests; Debian 10' + python3 -m pytest -sv tests/test_docker_splunk.py --platform debian-10 --junitxml test-results/debian10-result/testresults_debian10.xml + +run_tests_centos7_py3: + @echo 'Running the super awesome tests; CentOS 7' + python3 -m pytest -sv tests/test_docker_splunk.py --platform centos-7 --junitxml test-results/centos7-result/testresults_centos7.xml + +run_tests_redhat8_py3: + @echo 'Running the super awesome tests; RedHat 8' + python3 -m pytest -sv tests/test_docker_splunk.py --platform redhat-8 --junitxml test-results/redhat8-result/testresults_redhat8.xml + + setup_clair_scanner: mkdir clair-scanner-logs mkdir test-results/cucumber diff --git a/base/centos-7/install.sh b/base/centos-7/install.sh index 3bf831a1..673e94c7 100755 --- a/base/centos-7/install.sh +++ b/base/centos-7/install.sh @@ -20,6 +20,10 @@ export LANG=en_US.utf8 yum -y update && yum -y install wget sudo epel-release yum -y install busybox ansible python-requests +yum -y install epel-release +yum -y install python36 +python3 -m ensurepip +pip3 install requests cd /bin ln -s busybox killall diff --git a/base/debian-10/install.sh b/base/debian-10/install.sh index caa50ad6..81e73a99 100755 --- a/base/debian-10/install.sh +++ b/base/debian-10/install.sh @@ -33,7 +33,9 @@ apt update # put back tools for customer support apt-get install -y --no-install-recommends curl sudo libgssapi-krb5-2 busybox procps acl apt-get install -y --no-install-recommends python-pip python-setuptools python-requests python-yaml +apt-get install -y --no-install-recommends python3 python3-pip pip --no-cache-dir install ansible +pip3 --no-cache-dir install requests pyyaml setuptools ansible cd /bin ln -s busybox killall diff --git a/base/debian-9/install.sh b/base/debian-9/install.sh index 9c591ead..66be0c18 100755 --- a/base/debian-9/install.sh +++ b/base/debian-9/install.sh @@ -36,6 +36,8 @@ apt-get update apt-cache show ansible apt-get install -y --no-install-recommends ansible curl sudo libgssapi-krb5-2 busybox procps acl apt-get install -y --no-install-recommends python-requests +apt-get install -y --no-install-recommends python3 python3-pip +pip3 --no-cache-dir install requests cd /bin ln -s busybox diff diff --git a/base/redhat-8/install.sh b/base/redhat-8/install.sh index e06013d0..e1e971ce 100755 --- a/base/redhat-8/install.sh +++ b/base/redhat-8/install.sh @@ -30,8 +30,10 @@ microdnf -y --nodocs install wget sudo shadow-utils procps wget https://busybox.net/downloads/binaries/1.28.1-defconfig-multiarch/busybox-x86_64 mv busybox-x86_64 /bin/busybox chmod +x /bin/busybox -microdnf -y --nodocs install python2 tar +microdnf -y --nodocs install python2 tar python3 +alternatives --set python /usr/bin/python2 pip2 -q --no-cache-dir install requests ansible +pip3 -q --no-cache-dir install requests ansible cd /bin ln -s busybox diff From b2ef63ecf6f97419f4c313e4251a5f8bb98d3fd5 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Mon, 5 Aug 2019 16:54:14 -0700 Subject: [PATCH 02/75] py3 test ci --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 834f5703..a90389a8 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -31,7 +31,7 @@ jobs: no_output_timeout: 20m - run: name: Running debian9 python3 CI Tests - command: make run_tests_debian9 + command: make run_tests_debian9_py3 no_output_timeout: 20m - store_artifacts: path: test-results From f07dc7a738b985ed2cb7729ef25e466dc3621418 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Mon, 5 Aug 2019 17:06:57 -0700 Subject: [PATCH 03/75] indent --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index a90389a8..f8798331 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -29,7 +29,7 @@ jobs: name: Running debian9 CI Tests command: make run_tests_debian9 no_output_timeout: 20m - - run: + - run: name: Running debian9 python3 CI Tests command: make run_tests_debian9_py3 no_output_timeout: 20m From 14ddbe51959677d52435221369e118d594f5bb2f Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Mon, 5 Aug 2019 19:36:04 -0700 Subject: [PATCH 04/75] install pkgs through dpkg or the likes --- Makefile | 10 +--------- base/centos-7/install.sh | 4 +--- base/debian-10/install.sh | 4 ++-- base/debian-9/install.sh | 3 +-- 4 files changed, 5 insertions(+), 16 deletions(-) diff --git a/Makefile b/Makefile index 24e07766..a0ca38f2 100644 --- a/Makefile +++ b/Makefile @@ -272,14 +272,6 @@ save_containers: mkdir test-results/saved_images || true $(foreach image,${CONTAINERS_TO_SAVE}, echo "Currently saving: ${image}"; docker save ${image} --output test-results/saved_images/${image}.tar; echo "Compressing: ${image}.tar"; gzip test-results/saved_images/${image}.tar; ) -run_tests_centos7_py3: - @echo 'Running the super awesome tests; CentOS 7' - pytest -sv tests/test_docker_splunk.py --platform centos-7 --junitxml test-results/centos7-result/testresults_centos7.xml - -run_tests_redhat8_py3: - @echo 'Running the super awesome tests; RedHat 8' - pytest -sv tests/test_docker_splunk.py --platform redhat-8 --junitxml test-results/redhat8-result/testresults_redhat8.xml - test_py3: clean ansible test_setup all run_tests_centos7_py3 run_tests_redhat8_py3 run_tests_debian9_py3 @@ -293,7 +285,7 @@ test_debian10_py3: clean ansible splunk-debian-10 uf-debian-10 test_setup_py3 ru test_setup_py3: @echo 'Install test requirements' - pip3 install --upgrade pip3 + pip3 install --upgrade pip pip3 install -r $(shell pwd)/tests/requirements.txt --upgrade mkdir test-results/centos7-result || true mkdir test-results/debian9-result || true diff --git a/base/centos-7/install.sh b/base/centos-7/install.sh index 673e94c7..223f27c7 100755 --- a/base/centos-7/install.sh +++ b/base/centos-7/install.sh @@ -20,10 +20,8 @@ export LANG=en_US.utf8 yum -y update && yum -y install wget sudo epel-release yum -y install busybox ansible python-requests -yum -y install epel-release -yum -y install python36 +yum -y install python36 python36-requests python3 -m ensurepip -pip3 install requests cd /bin ln -s busybox killall diff --git a/base/debian-10/install.sh b/base/debian-10/install.sh index 81e73a99..23356079 100755 --- a/base/debian-10/install.sh +++ b/base/debian-10/install.sh @@ -33,9 +33,9 @@ apt update # put back tools for customer support apt-get install -y --no-install-recommends curl sudo libgssapi-krb5-2 busybox procps acl apt-get install -y --no-install-recommends python-pip python-setuptools python-requests python-yaml -apt-get install -y --no-install-recommends python3 python3-pip +apt-get install -y --no-install-recommends python3 python3-pip python3-setuptools python3-requests python3-yaml pip --no-cache-dir install ansible -pip3 --no-cache-dir install requests pyyaml setuptools ansible +pip3 --no-cache-dir install ansible cd /bin ln -s busybox killall diff --git a/base/debian-9/install.sh b/base/debian-9/install.sh index 66be0c18..6cddfa7e 100755 --- a/base/debian-9/install.sh +++ b/base/debian-9/install.sh @@ -36,8 +36,7 @@ apt-get update apt-cache show ansible apt-get install -y --no-install-recommends ansible curl sudo libgssapi-krb5-2 busybox procps acl apt-get install -y --no-install-recommends python-requests -apt-get install -y --no-install-recommends python3 python3-pip -pip3 --no-cache-dir install requests +apt-get install -y --no-install-recommends python3 python3-pip python3-requests cd /bin ln -s busybox diff From a493c3a75b726f0d33606c273a6d2743596ed5d8 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Tue, 6 Aug 2019 09:24:22 -0700 Subject: [PATCH 05/75] ci python3 image --- .circleci/config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index f8798331..e4926c87 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,8 +1,8 @@ version: 2 jobs: docker-splunk-test: - machine: - image: circleci/classic:latest + docker: + image: circleci/python:3.7.3 steps: - checkout - run: From 154b215e841e4352c991b29b3b310811a9d6a2a9 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Tue, 6 Aug 2019 09:35:32 -0700 Subject: [PATCH 06/75] docker python3 image. more test --- .circleci/config.yml | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index e4926c87..f7f8058a 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -2,7 +2,7 @@ version: 2 jobs: docker-splunk-test: docker: - image: circleci/python:3.7.3 + - image: circleci/python:3.7.3 steps: - checkout - run: @@ -25,6 +25,14 @@ jobs: name: Store Scanner Logs path: clair-scanner-logs destintation: clair-scanner-logs + - run: + name: Setup dependencies + command: make test_setup + no_output_timeout: 10m + - run: + name: Setup dependencies python3 + command: make test_setup_py3 + no_output_timeout: 10m - run: name: Running debian9 CI Tests command: make run_tests_debian9 @@ -33,6 +41,30 @@ jobs: name: Running debian9 python3 CI Tests command: make run_tests_debian9_py3 no_output_timeout: 20m + - run: + name: Running debian10 CI Tests + command: make run_tests_debian10 + no_output_timeout: 20m + - run: + name: Running debian10 python3 CI Tests + command: make run_tests_debian10_py3 + no_output_timeout: 20m + - run: + name: Running centos7 CI Tests + command: make run_tests_centos7 + no_output_timeout: 20m + - run: + name: Running centos7 python3 CI Tests + command: make run_tests_centos7_py3 + no_output_timeout: 20m + - run: + name: Running redhat8 CI Tests + command: make run_tests_redhat8 + no_output_timeout: 20m + - run: + name: Running redhat8 python3 CI Tests + command: make run_tests_redhat8_py3 + no_output_timeout: 20m - store_artifacts: path: test-results destination: test-results From 8289f3ad373c9ca2bdc0582509eea7e3f45c836f Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Tue, 6 Aug 2019 09:42:01 -0700 Subject: [PATCH 07/75] have to use machine image --- .circleci/config.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index f7f8058a..b546ba89 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,10 +1,15 @@ version: 2 jobs: docker-splunk-test: - docker: - - image: circleci/python:3.7.3 + machine: + image: circleci/classic:latest steps: - checkout + - run: + name: Install python3 + command: | + sudo apt-get install python3 + sudo python3 -m pip install - run: name: Build Container command: | From e101daf3e694770e0b3238348ab057dff24a3b80 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Tue, 6 Aug 2019 09:54:45 -0700 Subject: [PATCH 08/75] trigger ci From fa09489b6824c3b560057662631df50dfb7d80f9 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Tue, 6 Aug 2019 09:56:46 -0700 Subject: [PATCH 09/75] pip3 install --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index b546ba89..d23f606e 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -9,7 +9,7 @@ jobs: name: Install python3 command: | sudo apt-get install python3 - sudo python3 -m pip install + sudo apt-get install python3-pip - run: name: Build Container command: | From dab820c55eee55ffcd0a42fe9a771dcca5522c24 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Tue, 6 Aug 2019 11:44:09 -0700 Subject: [PATCH 10/75] try python3.5 --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index d23f606e..3a972e53 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -8,7 +8,7 @@ jobs: - run: name: Install python3 command: | - sudo apt-get install python3 + sudo apt-get install python3.5 sudo apt-get install python3-pip - run: name: Build Container From 8d5f224f7c9bb20c1e873c1e566575c1c8ed101a Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Tue, 6 Aug 2019 14:37:23 -0700 Subject: [PATCH 11/75] pip3 installation location varies. Just run it as a script --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index a0ca38f2..5283e665 100644 --- a/Makefile +++ b/Makefile @@ -285,8 +285,8 @@ test_debian10_py3: clean ansible splunk-debian-10 uf-debian-10 test_setup_py3 ru test_setup_py3: @echo 'Install test requirements' - pip3 install --upgrade pip - pip3 install -r $(shell pwd)/tests/requirements.txt --upgrade + python3 -m pip install --upgrade pip + python3 -m pip install -r $(shell pwd)/tests/requirements.txt --upgrade mkdir test-results/centos7-result || true mkdir test-results/debian9-result || true mkdir test-results/debian10-result || true From 0677632045e542f63d4a285f3ee449abc942727c Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Tue, 6 Aug 2019 15:17:44 -0700 Subject: [PATCH 12/75] py3first to fail fast --- .circleci/config.yml | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 3a972e53..b2a4ff75 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -8,7 +8,7 @@ jobs: - run: name: Install python3 command: | - sudo apt-get install python3.5 + sudo apt-get install python3 sudo apt-get install python3-pip - run: name: Build Container @@ -18,6 +18,10 @@ jobs: name: Setup Tests / Scanner Requirements command: | make test_setup + - run: + name: Setup dependencies python3 + command: make test_setup_py3 + no_output_timeout: 10m - run: name: Export Build Images for Artifacts command: | @@ -30,14 +34,6 @@ jobs: name: Store Scanner Logs path: clair-scanner-logs destintation: clair-scanner-logs - - run: - name: Setup dependencies - command: make test_setup - no_output_timeout: 10m - - run: - name: Setup dependencies python3 - command: make test_setup_py3 - no_output_timeout: 10m - run: name: Running debian9 CI Tests command: make run_tests_debian9 From 5bdbb4b42330f5a9a76ab9165bd367dac83f1b5b Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Tue, 6 Aug 2019 15:35:15 -0700 Subject: [PATCH 13/75] order --- .circleci/config.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index b2a4ff75..21800e84 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -8,20 +8,21 @@ jobs: - run: name: Install python3 command: | + sudo apt-get update sudo apt-get install python3 sudo apt-get install python3-pip - - run: - name: Build Container - command: | - make all - run: name: Setup Tests / Scanner Requirements command: | make test_setup - run: - name: Setup dependencies python3 + name: Setup Tests python3 command: make test_setup_py3 no_output_timeout: 10m + - run: + name: Build Container + command: | + make all - run: name: Export Build Images for Artifacts command: | From 69192546208b8f15eef60aae99f7d77093c49559 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Tue, 6 Aug 2019 15:48:40 -0700 Subject: [PATCH 14/75] pylinter --- .circleci/config.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 21800e84..224809e8 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -19,6 +19,12 @@ jobs: name: Setup Tests python3 command: make test_setup_py3 no_output_timeout: 10m + - run: + name: Pylint + command: find . -iname "*.py" | xargs pylint + - run: + name: Pylint python3 + command: find . -iname "*.py" | xargs pylint --py3k - run: name: Build Container command: | From 72a91ccba8aa0c48799e2696c87cc46f34226c10 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Tue, 6 Aug 2019 18:12:01 -0700 Subject: [PATCH 15/75] python3 alias --- .circleci/config.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 224809e8..fa96d514 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -8,9 +8,9 @@ jobs: - run: name: Install python3 command: | - sudo apt-get update - sudo apt-get install python3 - sudo apt-get install python3-pip + sudo apt-get install -y python3.5 + sudo apt-get install -y python3-pip + alias python3=python3.5 - run: name: Setup Tests / Scanner Requirements command: | From 2f1d972797ef24ea73e7db5a40e1511c774efc72 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Tue, 6 Aug 2019 18:20:25 -0700 Subject: [PATCH 16/75] see if machine image has python 3.4 --- .circleci/config.yml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index fa96d514..2845556f 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -8,17 +8,16 @@ jobs: - run: name: Install python3 command: | - sudo apt-get install -y python3.5 - sudo apt-get install -y python3-pip - alias python3=python3.5 - - run: - name: Setup Tests / Scanner Requirements - command: | - make test_setup + python3.4 --version + alias python3=python3.4 - run: name: Setup Tests python3 command: make test_setup_py3 no_output_timeout: 10m + - run: + name: Setup Tests / Scanner Requirements + command: | + make test_setup - run: name: Pylint command: find . -iname "*.py" | xargs pylint From 4ab80ba7c54e77dbbc8f1f2953a72a09e7f8bac5 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Tue, 6 Aug 2019 18:38:19 -0700 Subject: [PATCH 17/75] bashenv to set alias --- .circleci/config.yml | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 2845556f..3079bfaa 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -3,21 +3,25 @@ jobs: docker-splunk-test: machine: image: circleci/classic:latest + environment: + BASH_ENV: ~/.bashrc steps: - checkout - run: name: Install python3 command: | - python3.4 --version - alias python3=python3.4 - - run: - name: Setup Tests python3 - command: make test_setup_py3 - no_output_timeout: 10m + apt-get install python3.5 + apt-get install python3-pip + echo "alias python3=python3.5" >> ~/.bashrc + python3 --version - run: name: Setup Tests / Scanner Requirements command: | make test_setup + - run: + name: Setup Tests python3 + command: | + make test_setup_py3 - run: name: Pylint command: find . -iname "*.py" | xargs pylint From d03777758e7bbc00fee498149bc706492d46c53f Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Tue, 6 Aug 2019 18:50:04 -0700 Subject: [PATCH 18/75] try with basrc first --- .circleci/config.yml | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 3079bfaa..73473509 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -10,18 +10,15 @@ jobs: - run: name: Install python3 command: | - apt-get install python3.5 - apt-get install python3-pip - echo "alias python3=python3.5" >> ~/.bashrc - python3 --version - - run: - name: Setup Tests / Scanner Requirements - command: | - make test_setup + echo "alias python3=python3.4" >> ~/.bashrc - run: name: Setup Tests python3 command: | make test_setup_py3 + - run: + name: Setup Tests / Scanner Requirements + command: | + make test_setup - run: name: Pylint command: find . -iname "*.py" | xargs pylint From cfffa190fbe902ca155caaabce6c1e044ba16979 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Tue, 6 Aug 2019 18:59:19 -0700 Subject: [PATCH 19/75] indent bash env --- .circleci/config.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 73473509..a9530e13 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -4,13 +4,12 @@ jobs: machine: image: circleci/classic:latest environment: - BASH_ENV: ~/.bashrc + BASH_ENV: ~/.bashrc steps: - checkout - run: name: Install python3 - command: | - echo "alias python3=python3.4" >> ~/.bashrc + command: echo 'alias python3=python3.4' >> $BASH_ENV - run: name: Setup Tests python3 command: | From 5aea308c49f894704ab4f38a86241bd4b9684450 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Tue, 6 Aug 2019 19:03:12 -0700 Subject: [PATCH 20/75] maybe default bash env --- .circleci/config.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index a9530e13..3fed8ad9 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -3,13 +3,11 @@ jobs: docker-splunk-test: machine: image: circleci/classic:latest - environment: - BASH_ENV: ~/.bashrc steps: - checkout - run: name: Install python3 - command: echo 'alias python3=python3.4' >> $BASH_ENV + command: echo 'alias python3=python3.4' >> $BASH_ENV && python3.4 --version - run: name: Setup Tests python3 command: | From 4d82357a6fc940524c2ffbf9d8a1e87a46bf1cc6 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 11:24:34 -0700 Subject: [PATCH 21/75] symlink py3 --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 3fed8ad9..dcabbd34 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -7,7 +7,7 @@ jobs: - checkout - run: name: Install python3 - command: echo 'alias python3=python3.4' >> $BASH_ENV && python3.4 --version + command: sudo ln -s $(which python3.4) /usr/bin/python3 && python3 --version - run: name: Setup Tests python3 command: | From 39c89a494921e97b591d138108de96d8b64851a7 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 13:23:22 -0700 Subject: [PATCH 22/75] try unlink python3 --- .circleci/config.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index dcabbd34..1608cace 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -7,7 +7,10 @@ jobs: - checkout - run: name: Install python3 - command: sudo ln -s $(which python3.4) /usr/bin/python3 && python3 --version + command: | + sudo unlink /usr/bin/python3 + sudo ln -s $(which python3.4) /usr/bin/python3 + python3 --version - run: name: Setup Tests python3 command: | From 36d307e559fa4f0b471baed2728dba996bd1db20 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 13:25:50 -0700 Subject: [PATCH 23/75] figuring out where the pkgs are called from --- .circleci/config.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 1608cace..1597b59c 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -8,8 +8,10 @@ jobs: - run: name: Install python3 command: | - sudo unlink /usr/bin/python3 - sudo ln -s $(which python3.4) /usr/bin/python3 + sudo unlink /usr/local/bin/python3 + which python3.4 + sudo ln -s $(which python3.4) /usr/local/bin/python3 + python3.4 --version python3 --version - run: name: Setup Tests python3 From bb95489629d652947ac0188a305bf590d187377d Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 13:26:50 -0700 Subject: [PATCH 24/75] figuring out where the pkgs are called from --- .circleci/config.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 1597b59c..d68d080b 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -8,7 +8,6 @@ jobs: - run: name: Install python3 command: | - sudo unlink /usr/local/bin/python3 which python3.4 sudo ln -s $(which python3.4) /usr/local/bin/python3 python3.4 --version From 209fb58af1e77d635f1f581ded71e8d096c6d35f Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 13:28:12 -0700 Subject: [PATCH 25/75] figuring out where the pkgs are called from --- .circleci/config.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index d68d080b..f5dd04f6 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -9,7 +9,8 @@ jobs: name: Install python3 command: | which python3.4 - sudo ln -s $(which python3.4) /usr/local/bin/python3 + sudo ln -s $(which python3.4) /usr/bin/python3 + which python3 python3.4 --version python3 --version - run: From 01260851886ce15fc23a60b2ff062c8000a39f95 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 13:32:35 -0700 Subject: [PATCH 26/75] figuring out where the pkgs are called from --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index f5dd04f6..af83e423 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -9,7 +9,7 @@ jobs: name: Install python3 command: | which python3.4 - sudo ln -s $(which python3.4) /usr/bin/python3 + ln -s $(which python3.4) /usr/bin/python3 which python3 python3.4 --version python3 --version From 9a8aa0696983a4261d9abfbe5d376f4f7e1a99ab Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 13:33:53 -0700 Subject: [PATCH 27/75] figuring out where the pkgs are called from --- .circleci/config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index af83e423..f1f42d87 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -9,6 +9,7 @@ jobs: name: Install python3 command: | which python3.4 + unlink /usr/bin/python3 ln -s $(which python3.4) /usr/bin/python3 which python3 python3.4 --version From 139845488b5ddb38ca5c2a542f95208922080b43 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 13:34:55 -0700 Subject: [PATCH 28/75] figuring out where the pkgs are called from --- .circleci/config.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index f1f42d87..2cd71da5 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -9,8 +9,6 @@ jobs: name: Install python3 command: | which python3.4 - unlink /usr/bin/python3 - ln -s $(which python3.4) /usr/bin/python3 which python3 python3.4 --version python3 --version From c5690008356b627eae600cd04d15e2f7970eb52c Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 13:52:58 -0700 Subject: [PATCH 29/75] figuring out where the pkgs are called from --- .circleci/config.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 2cd71da5..fb77ae7c 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -8,8 +8,10 @@ jobs: - run: name: Install python3 command: | + which python which python3.4 which python3 + python --version python3.4 --version python3 --version - run: From 15b15bda35de681c5f09c341af8de52184eaeaf9 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 14:02:47 -0700 Subject: [PATCH 30/75] might be able to use pyenv --- .circleci/config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index fb77ae7c..2449a4a6 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -13,6 +13,7 @@ jobs: which python3 python --version python3.4 --version + pyenv install python 3.5.2 python3 --version - run: name: Setup Tests python3 From f18e70c45ed6d71079cc7914dfd16a6b065292b9 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 14:04:26 -0700 Subject: [PATCH 31/75] might be able to use pyenv --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 2449a4a6..051af7d1 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -13,7 +13,7 @@ jobs: which python3 python --version python3.4 --version - pyenv install python 3.5.2 + pyenv install 3.5.2 python3 --version - run: name: Setup Tests python3 From b9c866a39a782fae426fcdad72df631618e46e0c Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 14:07:34 -0700 Subject: [PATCH 32/75] might be able to use pyenv --- .circleci/config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 051af7d1..f4a6368b 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -11,6 +11,7 @@ jobs: which python which python3.4 which python3 + pyenv versions python --version python3.4 --version pyenv install 3.5.2 From b20e73056a497f4e78b6bd2da1f9421b2eddf7e2 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 14:11:17 -0700 Subject: [PATCH 33/75] might be able to use pyenv --- .circleci/config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index f4a6368b..35e01d18 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -8,6 +8,7 @@ jobs: - run: name: Install python3 command: | + echo $PATH which python which python3.4 which python3 From d1c4e4952121d97e6b6a4ae9d5a4c6b53e759b76 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 14:15:32 -0700 Subject: [PATCH 34/75] might be able to use pyenv --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 35e01d18..23ed3bde 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -15,7 +15,7 @@ jobs: pyenv versions python --version python3.4 --version - pyenv install 3.5.2 + pyenv uninstall 3.5.2 python3 --version - run: name: Setup Tests python3 From d0723f3529f89a7b531c6ff579e78022e914801d Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 14:18:12 -0700 Subject: [PATCH 35/75] might be able to use pyenv --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 23ed3bde..154ec157 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -15,7 +15,7 @@ jobs: pyenv versions python --version python3.4 --version - pyenv uninstall 3.5.2 + pyenv -y uninstall 3.5.2 python3 --version - run: name: Setup Tests python3 From fc32c7770f668e958543910865a72b082fc2a4de Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 14:20:06 -0700 Subject: [PATCH 36/75] might be able to use pyenv --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 154ec157..b3f41acd 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -15,7 +15,7 @@ jobs: pyenv versions python --version python3.4 --version - pyenv -y uninstall 3.5.2 + yes | pyenv uninstall 3.5.2 python3 --version - run: name: Setup Tests python3 From a555747fef557a803583ee8dd33e4bdd69af11fb Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 14:22:28 -0700 Subject: [PATCH 37/75] might be able to use pyenv --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index b3f41acd..3bb21182 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -15,7 +15,7 @@ jobs: pyenv versions python --version python3.4 --version - yes | pyenv uninstall 3.5.2 + pyenv uninstall -f 3.5.2 python3 --version - run: name: Setup Tests python3 From b3afccc1bb550a22db24b357f75392e5a662b7b4 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 14:24:37 -0700 Subject: [PATCH 38/75] resolved clashing pyenv python3 --- .circleci/config.yml | 9 +-------- Makefile | 4 ++-- 2 files changed, 3 insertions(+), 10 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 3bb21182..89af8fe4 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -6,15 +6,8 @@ jobs: steps: - checkout - run: - name: Install python3 + name: Setup python3 command: | - echo $PATH - which python - which python3.4 - which python3 - pyenv versions - python --version - python3.4 --version pyenv uninstall -f 3.5.2 python3 --version - run: diff --git a/Makefile b/Makefile index 5283e665..a0ca38f2 100644 --- a/Makefile +++ b/Makefile @@ -285,8 +285,8 @@ test_debian10_py3: clean ansible splunk-debian-10 uf-debian-10 test_setup_py3 ru test_setup_py3: @echo 'Install test requirements' - python3 -m pip install --upgrade pip - python3 -m pip install -r $(shell pwd)/tests/requirements.txt --upgrade + pip3 install --upgrade pip + pip3 install -r $(shell pwd)/tests/requirements.txt --upgrade mkdir test-results/centos7-result || true mkdir test-results/debian9-result || true mkdir test-results/debian10-result || true From 8f652073639b2d290f1a325fb056cf7eead219d0 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 14:29:20 -0700 Subject: [PATCH 39/75] properlu update python3 --- .circleci/config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 89af8fe4..47caf6da 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -9,6 +9,7 @@ jobs: name: Setup python3 command: | pyenv uninstall -f 3.5.2 + sudo apt-get install python3.5 python3-pip python3 --version - run: name: Setup Tests python3 From 7b30744d006f38db35506013608da582c79447ee Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 14:31:17 -0700 Subject: [PATCH 40/75] properlu update python3 --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 47caf6da..4e9d21ca 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -9,7 +9,7 @@ jobs: name: Setup python3 command: | pyenv uninstall -f 3.5.2 - sudo apt-get install python3.5 python3-pip + apt-get install python3.5 python3-pip python3 --version - run: name: Setup Tests python3 From 2e5da7438c3860ef0503ec12d463b428e40132b8 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 14:33:10 -0700 Subject: [PATCH 41/75] properlu update python3 --- .circleci/config.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 4e9d21ca..23fb95ed 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -9,16 +9,16 @@ jobs: name: Setup python3 command: | pyenv uninstall -f 3.5.2 - apt-get install python3.5 python3-pip + sudo apt-get install python3.5 python3-pip python3 --version - - run: - name: Setup Tests python3 - command: | - make test_setup_py3 - run: name: Setup Tests / Scanner Requirements command: | make test_setup + - run: + name: Setup Tests python3 + command: | + make test_setup_py3 - run: name: Pylint command: find . -iname "*.py" | xargs pylint From 78a5831c8c4bfbca6027fed7224eb2625d39e085 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 14:35:26 -0700 Subject: [PATCH 42/75] properlu update python3 --- .circleci/config.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 23fb95ed..f9295538 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -9,7 +9,8 @@ jobs: name: Setup python3 command: | pyenv uninstall -f 3.5.2 - sudo apt-get install python3.5 python3-pip + wget https://bootstrap.pypa.io/get-pip.py + python3 get-pip.py --user python3 --version - run: name: Setup Tests / Scanner Requirements From 266aa623ec19007449af9fbadbe43c961042a752 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 14:40:44 -0700 Subject: [PATCH 43/75] properlu update python3 --- .circleci/config.yml | 3 +-- Makefile | 4 ++-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index f9295538..453cdbbd 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -9,8 +9,7 @@ jobs: name: Setup python3 command: | pyenv uninstall -f 3.5.2 - wget https://bootstrap.pypa.io/get-pip.py - python3 get-pip.py --user + sudo apt-get install python3-pip python3 --version - run: name: Setup Tests / Scanner Requirements diff --git a/Makefile b/Makefile index a0ca38f2..5283e665 100644 --- a/Makefile +++ b/Makefile @@ -285,8 +285,8 @@ test_debian10_py3: clean ansible splunk-debian-10 uf-debian-10 test_setup_py3 ru test_setup_py3: @echo 'Install test requirements' - pip3 install --upgrade pip - pip3 install -r $(shell pwd)/tests/requirements.txt --upgrade + python3 -m pip install --upgrade pip + python3 -m pip install -r $(shell pwd)/tests/requirements.txt --upgrade mkdir test-results/centos7-result || true mkdir test-results/debian9-result || true mkdir test-results/debian10-result || true From 22afcd5d3a95093c690b4f965998b5f7b01001a2 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 14:44:19 -0700 Subject: [PATCH 44/75] properlu update python3 --- .circleci/config.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 453cdbbd..f23bc111 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -10,6 +10,8 @@ jobs: command: | pyenv uninstall -f 3.5.2 sudo apt-get install python3-pip + which pip + which pip3 python3 --version - run: name: Setup Tests / Scanner Requirements From bd3764ab301b52de2a169c7dce5e43f47ec8094e Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 14:52:45 -0700 Subject: [PATCH 45/75] properlu update python3 --- .circleci/config.yml | 6 +++--- Makefile | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index f23bc111..9795bf5e 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -9,10 +9,10 @@ jobs: name: Setup python3 command: | pyenv uninstall -f 3.5.2 - sudo apt-get install python3-pip - which pip - which pip3 + wget https://bootstrap.pypa.io/get-pip.py + python3 get-pip.py python3 --version + pip3 --version - run: name: Setup Tests / Scanner Requirements command: | diff --git a/Makefile b/Makefile index 5283e665..a0ca38f2 100644 --- a/Makefile +++ b/Makefile @@ -285,8 +285,8 @@ test_debian10_py3: clean ansible splunk-debian-10 uf-debian-10 test_setup_py3 ru test_setup_py3: @echo 'Install test requirements' - python3 -m pip install --upgrade pip - python3 -m pip install -r $(shell pwd)/tests/requirements.txt --upgrade + pip3 install --upgrade pip + pip3 install -r $(shell pwd)/tests/requirements.txt --upgrade mkdir test-results/centos7-result || true mkdir test-results/debian9-result || true mkdir test-results/debian10-result || true From 597d7e22da095c4ba5461c8f69764a179a596eb1 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 14:57:01 -0700 Subject: [PATCH 46/75] properlu update python3 --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 9795bf5e..fb55fa90 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -10,7 +10,7 @@ jobs: command: | pyenv uninstall -f 3.5.2 wget https://bootstrap.pypa.io/get-pip.py - python3 get-pip.py + python3 get-pip.py --user python3 --version pip3 --version - run: From 83fa9151b41d55081482689943cdf3c21fa675af Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 14:59:15 -0700 Subject: [PATCH 47/75] pip3 on path --- .circleci/config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index fb55fa90..8dafd166 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -11,6 +11,7 @@ jobs: pyenv uninstall -f 3.5.2 wget https://bootstrap.pypa.io/get-pip.py python3 get-pip.py --user + export PATH=$PATH:/home/circleci/.local/bin python3 --version pip3 --version - run: From c321cb1201d2904e31895aa210042cdae9a0216e Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 15:06:07 -0700 Subject: [PATCH 48/75] path source --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 8dafd166..8d833a9f 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -11,7 +11,7 @@ jobs: pyenv uninstall -f 3.5.2 wget https://bootstrap.pypa.io/get-pip.py python3 get-pip.py --user - export PATH=$PATH:/home/circleci/.local/bin + echo 'PATH=$PATH:$HOME/.local/bin' >> $BASH_ENV python3 --version pip3 --version - run: From 2adcbeaea0b39a7bd547a5f90f0c83921cdf91f1 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 15:07:01 -0700 Subject: [PATCH 49/75] path source --- .circleci/config.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 8d833a9f..b4f578d1 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -13,15 +13,14 @@ jobs: python3 get-pip.py --user echo 'PATH=$PATH:$HOME/.local/bin' >> $BASH_ENV python3 --version - pip3 --version - - run: - name: Setup Tests / Scanner Requirements - command: | - make test_setup - run: name: Setup Tests python3 command: | make test_setup_py3 + - run: + name: Setup Tests / Scanner Requirements + command: | + make test_setup - run: name: Pylint command: find . -iname "*.py" | xargs pylint From bbc8478ea1dca6678ae33a3c6b7fa85efd991bf2 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 15:24:00 -0700 Subject: [PATCH 50/75] custom python3 --- .circleci/config.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index b4f578d1..86cff3fc 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -9,10 +9,15 @@ jobs: name: Setup python3 command: | pyenv uninstall -f 3.5.2 + wget https://www.python.org/ftp/python/3.7.4/Python-3.7.4.tgz + tar zxfv Python-3.7.4.tgz + cd Python-3.7.4/ + ./configure --prefix=$HOME/.local/bin/python3 + make + make install wget https://bootstrap.pypa.io/get-pip.py python3 get-pip.py --user echo 'PATH=$PATH:$HOME/.local/bin' >> $BASH_ENV - python3 --version - run: name: Setup Tests python3 command: | From 3f56e57cd445edeb36f52f7e0bef82c2ae52bc18 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Wed, 7 Aug 2019 15:24:44 -0700 Subject: [PATCH 51/75] custom python3 --- .circleci/config.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 86cff3fc..295ba8a5 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -15,9 +15,10 @@ jobs: ./configure --prefix=$HOME/.local/bin/python3 make make install + echo 'PATH=$PATH:$HOME/.local/bin' >> $BASH_ENV + source $BASH_ENV wget https://bootstrap.pypa.io/get-pip.py python3 get-pip.py --user - echo 'PATH=$PATH:$HOME/.local/bin' >> $BASH_ENV - run: name: Setup Tests python3 command: | From f51b8023e70eb7665579370ee77055ef1ebfb977 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Thu, 8 Aug 2019 13:22:31 -0700 Subject: [PATCH 52/75] use pyenv preference order to make python2 and 3 exists concurrently --- .circleci/config.yml | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 295ba8a5..ee693e20 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -8,17 +8,13 @@ jobs: - run: name: Setup python3 command: | - pyenv uninstall -f 3.5.2 - wget https://www.python.org/ftp/python/3.7.4/Python-3.7.4.tgz - tar zxfv Python-3.7.4.tgz - cd Python-3.7.4/ - ./configure --prefix=$HOME/.local/bin/python3 - make - make install - echo 'PATH=$PATH:$HOME/.local/bin' >> $BASH_ENV - source $BASH_ENV - wget https://bootstrap.pypa.io/get-pip.py - python3 get-pip.py --user + pyenv install 2.7.16 + pyenv install 3.7.4 + pyenv global 2.7.16 3.7.4 + python --version + pip --version + python3 --version + pip3 --version - run: name: Setup Tests python3 command: | From 2b3a4baca9e7a1484cf5d120b6256c4f4da69ede Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Thu, 8 Aug 2019 13:24:37 -0700 Subject: [PATCH 53/75] update pyenbv --- .circleci/config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index ee693e20..cfd5ed51 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -8,6 +8,7 @@ jobs: - run: name: Setup python3 command: | + cd /opt/circleci/.pyenv/plugins/python-build/../.. && git pull && cd - pyenv install 2.7.16 pyenv install 3.7.4 pyenv global 2.7.16 3.7.4 From d30c7d0191d4fdbb12d12896b574d88b5ebb1080 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Thu, 8 Aug 2019 13:32:13 -0700 Subject: [PATCH 54/75] use py2 and py3 default version from pyenv --- .circleci/config.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index cfd5ed51..7223f4c3 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -8,10 +8,7 @@ jobs: - run: name: Setup python3 command: | - cd /opt/circleci/.pyenv/plugins/python-build/../.. && git pull && cd - - pyenv install 2.7.16 - pyenv install 3.7.4 - pyenv global 2.7.16 3.7.4 + pyenv global 2.7.12 3.5.2 python --version pip --version python3 --version From 8f3547cc9989e92b5cba71b79019f66b6b9dc4a3 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Thu, 8 Aug 2019 13:37:24 -0700 Subject: [PATCH 55/75] adding pylint --- tests/requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/requirements.txt b/tests/requirements.txt index f5b7f954..6f84354b 100644 --- a/tests/requirements.txt +++ b/tests/requirements.txt @@ -5,3 +5,4 @@ PyYAML docker-compose pyasn1 junit-xml +pylint \ No newline at end of file From 04c76691a814f6065808a543cfb07abbc136ee14 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Thu, 8 Aug 2019 14:36:08 -0700 Subject: [PATCH 56/75] disable pylint for now --- .circleci/config.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 7223f4c3..0c837ff4 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -21,12 +21,6 @@ jobs: name: Setup Tests / Scanner Requirements command: | make test_setup - - run: - name: Pylint - command: find . -iname "*.py" | xargs pylint - - run: - name: Pylint python3 - command: find . -iname "*.py" | xargs pylint --py3k - run: name: Build Container command: | From 07c97902e97c3bc5add0a80b374b50511f7c5377 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Fri, 9 Aug 2019 19:20:54 -0700 Subject: [PATCH 57/75] test python3 installation inside container --- .circleci/config.yml | 23 +++---------------- Makefile | 50 +++++++++++++++++++++--------------------- tests/requirements.txt | 3 +-- 3 files changed, 29 insertions(+), 47 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 0c837ff4..3608c786 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -13,10 +13,6 @@ jobs: pip --version python3 --version pip3 --version - - run: - name: Setup Tests python3 - command: | - make test_setup_py3 - run: name: Setup Tests / Scanner Requirements command: | @@ -37,38 +33,25 @@ jobs: name: Store Scanner Logs path: clair-scanner-logs destintation: clair-scanner-logs + -run: + name: Test Python3 installation + command: make test_python3_all - run: name: Running debian9 CI Tests command: make run_tests_debian9 no_output_timeout: 20m - - run: - name: Running debian9 python3 CI Tests - command: make run_tests_debian9_py3 - no_output_timeout: 20m - run: name: Running debian10 CI Tests command: make run_tests_debian10 no_output_timeout: 20m - - run: - name: Running debian10 python3 CI Tests - command: make run_tests_debian10_py3 - no_output_timeout: 20m - run: name: Running centos7 CI Tests command: make run_tests_centos7 no_output_timeout: 20m - - run: - name: Running centos7 python3 CI Tests - command: make run_tests_centos7_py3 - no_output_timeout: 20m - run: name: Running redhat8 CI Tests command: make run_tests_redhat8 no_output_timeout: 20m - - run: - name: Running redhat8 python3 CI Tests - command: make run_tests_redhat8_py3 - no_output_timeout: 20m - store_artifacts: path: test-results destination: test-results diff --git a/Makefile b/Makefile index a0ca38f2..8705c423 100644 --- a/Makefile +++ b/Makefile @@ -272,42 +272,42 @@ save_containers: mkdir test-results/saved_images || true $(foreach image,${CONTAINERS_TO_SAVE}, echo "Currently saving: ${image}"; docker save ${image} --output test-results/saved_images/${image}.tar; echo "Compressing: ${image}.tar"; gzip test-results/saved_images/${image}.tar; ) +test_python3_all: test_splunk_python3_all test_uf_python3_all -test_py3: clean ansible test_setup all run_tests_centos7_py3 run_tests_redhat8_py3 run_tests_debian9_py3 +test_splunk_python3_all: test_splunk_centos7_python3 test_splunk_redhat8_python3 test_splunk_debian9_python3 test_splunk_debian10_python3 -test_centos7_py3: clean ansible splunk-centos-7 uf-centos-7 test_setup_py3 run_tests_centos7_py3 +test_uf_python3_all: test_uf_centos7_python3 test_uf_redhat8_python3 test_uf_debian9_python3 test_uf_debian10_python3 -test_redhat8_py3: clean ansible splunk-redhat-8 uf-redhat-8 test_setup_py3 run_tests_redhat8_py3 +test_splunk_centos7_python3: + $(call test_python3_installation, splunk-centos-7) -test_debian9_py3: clean ansible splunk-debian-9 uf-debian-9 test_setup_py3 run_tests_debian9_py3 +test_splunk_redhat8_python3: + $(call test_python3_installation, splunk-redhat-8) -test_debian10_py3: clean ansible splunk-debian-10 uf-debian-10 test_setup_py3 run_tests_debian10_py3 +test_splunk_debian9_python3: + $(call test_python3_installation, splunk-debian-9) -test_setup_py3: - @echo 'Install test requirements' - pip3 install --upgrade pip - pip3 install -r $(shell pwd)/tests/requirements.txt --upgrade - mkdir test-results/centos7-result || true - mkdir test-results/debian9-result || true - mkdir test-results/debian10-result || true - mkdir test-results/redhat8-result || true +test_splunk_debian10_python3: + $(call test_python3_installation, splunk-debian-10) -run_tests_debian9_py3: - @echo 'Running the super awesome tests; Debian 9' - python3 -m pytest -sv tests/test_docker_splunk.py --platform debian-9 --junitxml test-results/debian9-result/testresults_debian9.xml +test_uf_centos7_python3: + $(call test_python3_installation, uf-centos-7) -run_tests_debian10_py3: - @echo 'Running the super awesome tests; Debian 10' - python3 -m pytest -sv tests/test_docker_splunk.py --platform debian-10 --junitxml test-results/debian10-result/testresults_debian10.xml +test_uf_redhat8_python3: + $(call test_python3_installation, uf-redhat-8) -run_tests_centos7_py3: - @echo 'Running the super awesome tests; CentOS 7' - python3 -m pytest -sv tests/test_docker_splunk.py --platform centos-7 --junitxml test-results/centos7-result/testresults_centos7.xml +test_uf_debian9_python3: + $(call test_python3_installation, uf-debian-9) -run_tests_redhat8_py3: - @echo 'Running the super awesome tests; RedHat 8' - python3 -m pytest -sv tests/test_docker_splunk.py --platform redhat-8 --junitxml test-results/redhat8-result/testresults_redhat8.xml +test_uf_debian10_python3: + $(call test_python3_installation, uf-debian-10) +define test_python3_installation +docker run -d --rm --name $1 -it $1 bash +docker exec -it $1 bash -c 'if [[ $$(python3 -V) =~ "Python 3" ]] ; then echo "$$(python3 -V) installed" ; else echo "No Python3 installation found" ; docker kill $1 ; exit 1 ; fi' +docker kill $1 +endef + setup_clair_scanner: mkdir clair-scanner-logs diff --git a/tests/requirements.txt b/tests/requirements.txt index 6f84354b..1c2d838b 100644 --- a/tests/requirements.txt +++ b/tests/requirements.txt @@ -4,5 +4,4 @@ docker PyYAML docker-compose pyasn1 -junit-xml -pylint \ No newline at end of file +junit-xml \ No newline at end of file From fd87589d2f9c4530552f028905d2ed227c8986c6 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Fri, 9 Aug 2019 19:30:43 -0700 Subject: [PATCH 58/75] format --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 3608c786..edcede31 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -33,7 +33,7 @@ jobs: name: Store Scanner Logs path: clair-scanner-logs destintation: clair-scanner-logs - -run: + - run: name: Test Python3 installation command: make test_python3_all - run: From 710017649fcf1ecec09a60a247937b8c1674cdfe Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Sun, 11 Aug 2019 11:41:22 -0700 Subject: [PATCH 59/75] published version ci --- .circleci/config.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index edcede31..2915a3a5 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -40,14 +40,6 @@ jobs: name: Running debian9 CI Tests command: make run_tests_debian9 no_output_timeout: 20m - - run: - name: Running debian10 CI Tests - command: make run_tests_debian10 - no_output_timeout: 20m - - run: - name: Running centos7 CI Tests - command: make run_tests_centos7 - no_output_timeout: 20m - run: name: Running redhat8 CI Tests command: make run_tests_redhat8 From 5c1e5a828dd225311564476b69dbeed79dd44e9e Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Sun, 11 Aug 2019 12:52:48 -0700 Subject: [PATCH 60/75] empty commit From 42a33f6592d2246b5ec1e72e5346f3e5e2250f45 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Mon, 12 Aug 2019 09:35:38 -0700 Subject: [PATCH 61/75] epel repo works From 33a0b42e51b95dd74d4507b81f80bcdf70e63177 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Mon, 12 Aug 2019 13:56:53 -0700 Subject: [PATCH 62/75] use 3.7.4 --- .circleci/config.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 2915a3a5..9462f8f6 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -8,7 +8,9 @@ jobs: - run: name: Setup python3 command: | - pyenv global 2.7.12 3.5.2 + sudo apt-get install python-openssl + pyenv install 3.7.4 + pyenv global 2.7.12 3.7.4 python --version pip --version python3 --version @@ -40,10 +42,6 @@ jobs: name: Running debian9 CI Tests command: make run_tests_debian9 no_output_timeout: 20m - - run: - name: Running redhat8 CI Tests - command: make run_tests_redhat8 - no_output_timeout: 20m - store_artifacts: path: test-results destination: test-results From 816489dea611ac813e02bb4e02f79d6024fe6349 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Mon, 12 Aug 2019 14:04:38 -0700 Subject: [PATCH 63/75] use 3.7.4 --- .circleci/config.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 9462f8f6..58c7e665 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -8,8 +8,7 @@ jobs: - run: name: Setup python3 command: | - sudo apt-get install python-openssl - pyenv install 3.7.4 + CFLAGS=-I/usr/include/openssl LDFLAGS=-L/usr/lib pyenv install 3.7.4 pyenv global 2.7.12 3.7.4 python --version pip --version From d972c6df4b4f479aa0216ba492368a953770f937 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Mon, 12 Aug 2019 14:06:09 -0700 Subject: [PATCH 64/75] use 3.7.4 --- .circleci/config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 58c7e665..3b6318a4 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -8,6 +8,7 @@ jobs: - run: name: Setup python3 command: | + pyenv install --list CFLAGS=-I/usr/include/openssl LDFLAGS=-L/usr/lib pyenv install 3.7.4 pyenv global 2.7.12 3.7.4 python --version From 5188aaddb45190cd2fc6608977fa385e7be6f828 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Mon, 12 Aug 2019 14:51:54 -0700 Subject: [PATCH 65/75] py5 --- .circleci/config.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 3b6318a4..30df4692 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -8,9 +8,7 @@ jobs: - run: name: Setup python3 command: | - pyenv install --list - CFLAGS=-I/usr/include/openssl LDFLAGS=-L/usr/lib pyenv install 3.7.4 - pyenv global 2.7.12 3.7.4 + pyenv global 2.7.12 3.5.2 python --version pip --version python3 --version From e3e399b7bf88ea0a0c1c9db5bb208a03724c3735 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Tue, 13 Aug 2019 14:47:01 -0700 Subject: [PATCH 66/75] python default version check --- .circleci/config.yml | 3 +++ Makefile | 39 ++++++++++++++++++++++++++++++++++++++- 2 files changed, 41 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 30df4692..be32d205 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -36,6 +36,9 @@ jobs: - run: name: Test Python3 installation command: make test_python3_all + - run: + name: Test Python2 as the default + command: make test_python2_all - run: name: Running debian9 CI Tests command: make run_tests_debian9 diff --git a/Makefile b/Makefile index 8705c423..7a25ab98 100644 --- a/Makefile +++ b/Makefile @@ -307,7 +307,44 @@ docker run -d --rm --name $1 -it $1 bash docker exec -it $1 bash -c 'if [[ $$(python3 -V) =~ "Python 3" ]] ; then echo "$$(python3 -V) installed" ; else echo "No Python3 installation found" ; docker kill $1 ; exit 1 ; fi' docker kill $1 endef - + +test_python2_all: test_splunk_python2_all test_uf_python2_all + +test_splunk_python2_all: test_splunk_centos7_python2 test_splunk_redhat8_python2 test_splunk_debian9_python2 test_splunk_debian10_python2 + +test_uf_python2_all: test_uf_centos7_python2 test_uf_redhat8_python2 test_uf_debian9_python2 test_uf_debian10_python2 + +test_splunk_centos7_python2: + $(call test_python2_installation, splunk-centos-7) + +test_splunk_redhat8_python2: + $(call test_python2_installation, splunk-redhat-8) + +test_splunk_debian9_python2: + $(call test_python2_installation, splunk-debian-9) + +test_splunk_debian10_python2: + $(call test_python2_installation, splunk-debian-10) + +test_uf_centos7_python2: + $(call test_python2_installation, uf-centos-7) + +test_uf_redhat8_python2: + $(call test_python2_installation, uf-redhat-8) + +test_uf_debian9_python2: + $(call test_python2_installation, uf-debian-9) + +test_uf_debian10_python2: + $(call test_python2_installation, uf-debian-10) + +#python2 version print to stderr, hence the 2>&1 +define test_python2_installation +docker run -d --rm --name $1 -it $1 bash +docker exec -it $1 bash -c 'if [[ $$(python -V 2>&1) =~ "Python 2" ]] ; then echo "$$(python -V 2>&1) is the default python" ; else echo "Python is not default to python2" ; docker kill $1 ; exit 1 ; fi' +docker kill $1 +endef + setup_clair_scanner: mkdir clair-scanner-logs From d74bb029cd8b54a6870a267e90d9dc40c444932f Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Tue, 13 Aug 2019 14:48:26 -0700 Subject: [PATCH 67/75] ci config indent --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index be32d205..e3a7212f 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -36,7 +36,7 @@ jobs: - run: name: Test Python3 installation command: make test_python3_all - - run: + - run: name: Test Python2 as the default command: make test_python2_all - run: From 3ca30d04f48f8e97fe82bb76149b84fece88a0e5 Mon Sep 17 00:00:00 2001 From: Mike Dickey Date: Fri, 16 Aug 2019 16:15:31 -0700 Subject: [PATCH 68/75] This PR enables running in unpriviliged mode when run as the splunk user account. The splunk user is now part of the ansible group and able to run the ansible playbooks itself at startup, but unlike ansible, it has no sudo capabilities at startup time. Note that you currently must explicitly set SPLUNK_HOME_OWNERSHIP_ENFORCEMENT to false when running as the splunk user, otherwise it will fail due to lack of permissions. Note that there are limitations, beyond just being unable to "correct" permission for volume mounts. Any features requiring elevated permissions, such as install JDK or other packages, will not work when running as the splunk user. The defaults are left unchanged. By default, it will still run as the ansible user and the behavior should be the same as before. --- splunk/common-files/Dockerfile | 8 ++- splunk/common-files/entrypoint.sh | 96 ++++++++++++++++--------------- 2 files changed, 57 insertions(+), 47 deletions(-) diff --git a/splunk/common-files/Dockerfile b/splunk/common-files/Dockerfile index 9c70e0ac..667f1ab0 100644 --- a/splunk/common-files/Dockerfile +++ b/splunk/common-files/Dockerfile @@ -101,11 +101,15 @@ RUN sed -i -e 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL/g' / && groupadd -r ${ANSIBLE_GROUP} \ && useradd -r -m -g ${ANSIBLE_GROUP} ${ANSIBLE_USER} \ && usermod -aG sudo ${ANSIBLE_USER} \ + && usermod -aG ${ANSIBLE_GROUP} ${SPLUNK_USER} \ # Container Artifact Directory is a place for all artifacts and logs that are generated by the provisioning process. The directory is owned by the user "ansible". && mkdir ${CONTAINER_ARTIFACT_DIR} \ - && chown -R ${ANSIBLE_USER}:${ANSIBLE_GROUP} $CONTAINER_ARTIFACT_DIR \ + && chown -R ${ANSIBLE_USER}:${ANSIBLE_GROUP} ${CONTAINER_ARTIFACT_DIR} \ + && chmod -R 775 ${CONTAINER_ARTIFACT_DIR} \ && chmod -R 555 ${SPLUNK_ANSIBLE_HOME} \ - && chmod -R 777 ${CONTAINER_ARTIFACT_DIR} \ + && chgrp ${ANSIBLE_GROUP} ${SPLUNK_ANSIBLE_HOME} ${SPLUNK_ANSIBLE_HOME}/ansible.cfg \ + && chmod 775 ${SPLUNK_ANSIBLE_HOME} \ + && chmod 664 ${SPLUNK_ANSIBLE_HOME}/ansible.cfg \ && chmod 755 /sbin/entrypoint.sh /sbin/createdefaults.py /sbin/checkstate.sh USER ${ANSIBLE_USER} diff --git a/splunk/common-files/entrypoint.sh b/splunk/common-files/entrypoint.sh index b4ce7caa..66153a8c 100755 --- a/splunk/common-files/entrypoint.sh +++ b/splunk/common-files/entrypoint.sh @@ -35,6 +35,9 @@ trap teardown SIGINT SIGTERM prep_ansible() { cd ${SPLUNK_ANSIBLE_HOME} + if [ `whoami` == "${SPLUNK_USER}" ]; then + sed -i -e "s,^become\\s*=.*,become = false," ansible.cfg + fi if [[ "$DEBUG" == "true" ]]; then ansible-playbook --version python inventory/environ.py --write-to-file @@ -54,33 +57,36 @@ watch_for_failure(){ echo user_permission_change # Any crashes/errors while Splunk is running should get logged to splunkd_stderr.log and sent to the container's stdout + if [ `whoami` != "${SPLUNK_USER}" ]; then + RUN_AS_SPLUNK="sudo -u ${SPLUNK_USER}" + fi if [ -z "$SPLUNK_TAIL_FILE" ]; then - sudo -u ${SPLUNK_USER} tail -n 0 -f ${SPLUNK_HOME}/var/log/splunk/splunkd_stderr.log & + ${RUN_AS_SPLUNK} tail -n 0 -f ${SPLUNK_HOME}/var/log/splunk/splunkd_stderr.log & else - sudo -u ${SPLUNK_USER} tail -n 0 -f ${SPLUNK_TAIL_FILE} & + ${RUN_AS_SPLUNK} tail -n 0 -f ${SPLUNK_TAIL_FILE} & fi wait } create_defaults() { - createdefaults.py + createdefaults.py } start_and_exit() { - if [ -z "$SPLUNK_PASSWORD" ] - then - echo "WARNING: No password ENV var. Stack may fail to provision if splunk.password is not set in ENV or a default.yml" - fi + if [ -z "$SPLUNK_PASSWORD" ] + then + echo "WARNING: No password ENV var. Stack may fail to provision if splunk.password is not set in ENV or a default.yml" + fi sh -c "echo 'starting' > ${CONTAINER_ARTIFACT_DIR}/splunk-container.state" setup - prep_ansible + prep_ansible ansible-playbook $ANSIBLE_EXTRA_FLAGS -i inventory/environ.py site.yml } start() { - trap teardown EXIT + trap teardown EXIT start_and_exit - watch_for_failure + watch_for_failure } configure_multisite() { @@ -89,58 +95,58 @@ configure_multisite() { } restart(){ - trap teardown EXIT + trap teardown EXIT sh -c "echo 'restarting' > ${CONTAINER_ARTIFACT_DIR}/splunk-container.state" - prep_ansible - ${SPLUNK_HOME}/bin/splunk stop 2>/dev/null || true + prep_ansible + ${SPLUNK_HOME}/bin/splunk stop 2>/dev/null || true ansible-playbook -i inventory/environ.py start.yml watch_for_failure } user_permission_change(){ if [[ "$STEPDOWN_ANSIBLE_USER" == "true" ]]; then - bash -c "sudo deluser -q ansible sudo" + bash -c "sudo deluser -q ansible sudo" fi } help() { cat << EOF - ____ _ _ __ + ____ _ _ __ / ___| _ __ | |_ _ _ __ | | __ \ \\ \___ \| '_ \| | | | | '_ \| |/ / \ \\ - ___) | |_) | | |_| | | | | < / / + ___) | |_) | | |_| | | | | < / / |____/| .__/|_|\__,_|_| |_|_|\_\ /_/ - |_| + |_| ======================================== Environment Variables: - * SPLUNK_USER - user under which to run Splunk (default: splunk) - * SPLUNK_GROUP - group under which to run Splunk (default: splunk) - * SPLUNK_HOME - home directory where Splunk gets installed (default: /opt/splunk) - * SPLUNK_START_ARGS - arguments to pass into the Splunk start command; you must include '--accept-license' to start Splunk (default: none) - * SPLUNK_ROLE - the role of this Splunk instance (default: splunk_standalone) - Acceptable values: - - splunk_standalone - - splunk_search_head - - splunk_indexer - - splunk_deployer - - splunk_license_master - - splunk_cluster_master - - splunk_heavy_forwarder - * SPLUNK_LICENSE_URI - URI or local file path (absolute path in the container) to a Splunk license - * SPLUNK_STANDALONE_URL, SPLUNK_INDEXER_URL, ... - comma-separated list of resolvable aliases to properly bring-up a distributed environment. - This is optional for standalones, but required for multi-node Splunk deployments. - * SPLUNK_BUILD_URL - URL to a Splunk build which will be installed (instead of the image's default build) - * SPLUNK_APPS_URL - comma-separated list of URLs to Splunk apps which will be downloaded and installed + * SPLUNK_USER - user under which to run Splunk (default: splunk) + * SPLUNK_GROUP - group under which to run Splunk (default: splunk) + * SPLUNK_HOME - home directory where Splunk gets installed (default: /opt/splunk) + * SPLUNK_START_ARGS - arguments to pass into the Splunk start command; you must include '--accept-license' to start Splunk (default: none) + * SPLUNK_ROLE - the role of this Splunk instance (default: splunk_standalone) + Acceptable values: + - splunk_standalone + - splunk_search_head + - splunk_indexer + - splunk_deployer + - splunk_license_master + - splunk_cluster_master + - splunk_heavy_forwarder + * SPLUNK_LICENSE_URI - URI or local file path (absolute path in the container) to a Splunk license + * SPLUNK_STANDALONE_URL, SPLUNK_INDEXER_URL, ... - comma-separated list of resolvable aliases to properly bring-up a distributed environment. + This is optional for standalones, but required for multi-node Splunk deployments. + * SPLUNK_BUILD_URL - URL to a Splunk build which will be installed (instead of the image's default build) + * SPLUNK_APPS_URL - comma-separated list of URLs to Splunk apps which will be downloaded and installed Examples: - * docker run -it -p 8000:8000 splunk/splunk start - * docker run -it -e SPLUNK_START_ARGS=--accept-license -p 8000:8000 -p 8089:8089 splunk/splunk start - * docker run -it -e SPLUNK_START_ARGS=--accept-license -e SPLUNK_LICENSE_URI=http://example.com/splunk.lic -p 8000:8000 splunk/splunk start - * docker run -it -e SPLUNK_START_ARGS=--accept-license -e SPLUNK_INDEXER_URL=idx1,idx2 -e SPLUNK_SEARCH_HEAD_URL=sh1,sh2 -e SPLUNK_ROLE=splunk_search_head --hostname sh1 --network splunknet --network-alias sh1 -e SPLUNK_PASSWORD=helloworld -e SPLUNK_LICENSE_URI=http://example.com/splunk.lic splunk/splunk start + * docker run -it -p 8000:8000 splunk/splunk start + * docker run -it -e SPLUNK_START_ARGS=--accept-license -p 8000:8000 -p 8089:8089 splunk/splunk start + * docker run -it -e SPLUNK_START_ARGS=--accept-license -e SPLUNK_LICENSE_URI=http://example.com/splunk.lic -p 8000:8000 splunk/splunk start + * docker run -it -e SPLUNK_START_ARGS=--accept-license -e SPLUNK_INDEXER_URL=idx1,idx2 -e SPLUNK_SEARCH_HEAD_URL=sh1,sh2 -e SPLUNK_ROLE=splunk_search_head --hostname sh1 --network splunknet --network-alias sh1 -e SPLUNK_PASSWORD=helloworld -e SPLUNK_LICENSE_URI=http://example.com/splunk.lic splunk/splunk start EOF - exit 1 + exit 1 } case "$1" in @@ -157,12 +163,12 @@ case "$1" in configure_multisite $0 ;; create-defaults) - create_defaults - ;; + create_defaults + ;; restart) - shift - restart $@ - ;; + shift + restart $@ + ;; no-provision) user_permission_change tail -n 0 -f /etc/hosts & From 0bf62758b6aff4126064b455852cc81e6b151408 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Fri, 16 Aug 2019 18:12:49 -0700 Subject: [PATCH 69/75] additional image layer for python2&3 --- Makefile | 93 ++++++++++++++++++++++++++------- base/centos-7/install.sh | 2 - base/debian-10/install.sh | 2 - base/debian-9/install.sh | 1 - base/redhat-8/install.sh | 4 +- py23-image/centos-7/Dockerfile | 7 +++ py23-image/debian-10/Dockerfile | 7 +++ py23-image/debian-9/Dockerfile | 6 +++ py23-image/redhat-8/Dockerfile | 7 +++ 9 files changed, 102 insertions(+), 27 deletions(-) create mode 100644 py23-image/centos-7/Dockerfile create mode 100644 py23-image/debian-10/Dockerfile create mode 100644 py23-image/debian-9/Dockerfile create mode 100644 py23-image/redhat-8/Dockerfile diff --git a/Makefile b/Makefile index 7a25ab98..3237c85d 100644 --- a/Makefile +++ b/Makefile @@ -31,8 +31,8 @@ SCANNER_DATE := `date +%Y-%m-%d` SCANNER_DATE_YEST := `TZ=GMT+24 +%Y:%m:%d` SCANNER_VERSION := v8 SCANNER_LOCALIP := $(shell ifconfig | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '127.0.0.1' | awk '{print $1}' | head -n 1) -SCANNER_IMAGES_TO_SCAN := splunk-debian-9 splunk-debian-10 splunk-centos-7 splunk-redhat-8 uf-debian-9 uf-debian-10 uf-centos-7 uf-redhat-8 -CONTAINERS_TO_SAVE := splunk-debian-9 splunk-debian-10 splunk-centos-7 splunk-redhat-8 uf-debian-9 uf-debian-10 uf-centos-7 uf-redhat-8 +SCANNER_IMAGES_TO_SCAN := splunk-debian-9 splunk-debian-10 splunk-centos-7 splunk-redhat-8 uf-debian-9 uf-debian-10 uf-centos-7 uf-redhat-8 splunk-py23-debian-9 splunk-py23-debian-10 splunk-py23-centos-7 splunk-py23-redhat-8 uf-py23-debian-9 uf-py23-debian-10 uf-py23-centos-7 uf-py23-redhat-8 +CONTAINERS_TO_SAVE := splunk-debian-9 splunk-debian-10 splunk-centos-7 splunk-redhat-8 uf-debian-9 uf-debian-10 uf-centos-7 uf-redhat-8 splunk-py23-debian-9 splunk-py23-debian-10 splunk-py23-centos-7 splunk-py23-redhat-8 uf-py23-debian-9 uf-py23-debian-10 uf-py23-centos-7 uf-py23-redhat-8 ifeq ($(shell uname), Linux) SCANNER_FILE = clair-scanner_linux_amd64 else ifeq ($(shell uname), Darwin) @@ -44,7 +44,7 @@ endif .PHONY: tests interactive_tutorials -all: splunk uf +all: splunk uf splunk-py23 uf-py23 ansible: @if [ -d "splunk-ansible" ]; then \ @@ -225,6 +225,61 @@ uf-windows-2016: base-windows-2016 ansible --build-arg SPLUNK_BUILD_URL=${UF_WIN_BUILD_URL} \ -t uf-windows-2016:${IMAGE_VERSION} . + +##### Python 3 support ##### +splunk-py23: splunk-py23-debian-9 splunk-py23-debian-10 splunk-py23-centos-7 splunk-py23-redhat-8 + +splunk-py23-debian-9: splunk-debian-9 + docker build ${DOCKER_BUILD_FLAGS} \ + -f py23-image/debian-9/Dockerfile \ + --build-arg SPLUNK_PRODUCT=splunk \ + -t splunk-py23-debian-9:${IMAGE_VERSION} . + +splunk-py23-debian-10: splunk-debian-10 + docker build ${DOCKER_BUILD_FLAGS} \ + -f py23-image/debian-10/Dockerfile \ + --build-arg SPLUNK_PRODUCT=splunk \ + -t splunk-py23-debian-10:${IMAGE_VERSION} . + +splunk-py23-centos-7: splunk-centos-7 + docker build ${DOCKER_BUILD_FLAGS} \ + -f py23-image/centos-7/Dockerfile \ + --build-arg SPLUNK_PRODUCT=splunk \ + -t splunk-py23-centos-7:${IMAGE_VERSION} . + +splunk-py23-redhat-8: splunk-redhat-8 + docker build ${DOCKER_BUILD_FLAGS} \ + -f py23-image/redhat-8/Dockerfile \ + --build-arg SPLUNK_PRODUCT=splunk \ + -t splunk-py23-redhat-8:${IMAGE_VERSION} . + +uf-py23: uf-py23-debian-9 uf-py23-debian-10 uf-py23-centos-7 uf-py23-redhat-8 + +uf-py23-debian-9: uf-debian-9 + docker build ${DOCKER_BUILD_FLAGS} \ + -f py23-image/debian-9/Dockerfile \ + --build-arg SPLUNK_PRODUCT=uf \ + -t uf-py23-debian-9:${IMAGE_VERSION} . + +uf-py23-debian-10: uf-debian-10 + docker build ${DOCKER_BUILD_FLAGS} \ + -f py23-image/debian-10/Dockerfile \ + --build-arg SPLUNK_PRODUCT=uf \ + -t uf-py23-debian-10:${IMAGE_VERSION} . + +uf-py23-centos-7: uf-centos-7 + docker build ${DOCKER_BUILD_FLAGS} \ + -f py23-image/centos-7/Dockerfile \ + --build-arg SPLUNK_PRODUCT=uf \ + -t uf-py23-centos-7:${IMAGE_VERSION} . + +uf-py23-redhat-8: uf-redhat-8 + docker build ${DOCKER_BUILD_FLAGS} \ + -f py23-image/redhat-8/Dockerfile \ + --build-arg SPLUNK_PRODUCT=uf \ + -t uf-py23-redhat-8:${IMAGE_VERSION} . + + ##### Tests ##### sample-compose-up: sample-compose-down docker-compose -f test_scenarios/${SPLUNK_COMPOSE} up -d @@ -279,28 +334,28 @@ test_splunk_python3_all: test_splunk_centos7_python3 test_splunk_redhat8_python3 test_uf_python3_all: test_uf_centos7_python3 test_uf_redhat8_python3 test_uf_debian9_python3 test_uf_debian10_python3 test_splunk_centos7_python3: - $(call test_python3_installation, splunk-centos-7) + $(call test_python3_installation, splunk-py23-centos-7) test_splunk_redhat8_python3: - $(call test_python3_installation, splunk-redhat-8) + $(call test_python3_installation, splunk-py23-redhat-8) test_splunk_debian9_python3: - $(call test_python3_installation, splunk-debian-9) + $(call test_python3_installation, splunk-py23-debian-9) test_splunk_debian10_python3: - $(call test_python3_installation, splunk-debian-10) + $(call test_python3_installation, splunk-py23-debian-10) test_uf_centos7_python3: - $(call test_python3_installation, uf-centos-7) + $(call test_python3_installation, uf-py23-centos-7) test_uf_redhat8_python3: - $(call test_python3_installation, uf-redhat-8) + $(call test_python3_installation, uf-py23-redhat-8) test_uf_debian9_python3: - $(call test_python3_installation, uf-debian-9) + $(call test_python3_installation, uf-py23-debian-9) test_uf_debian10_python3: - $(call test_python3_installation, uf-debian-10) + $(call test_python3_installation, uf-py23-debian-10) define test_python3_installation docker run -d --rm --name $1 -it $1 bash @@ -315,28 +370,28 @@ test_splunk_python2_all: test_splunk_centos7_python2 test_splunk_redhat8_python2 test_uf_python2_all: test_uf_centos7_python2 test_uf_redhat8_python2 test_uf_debian9_python2 test_uf_debian10_python2 test_splunk_centos7_python2: - $(call test_python2_installation, splunk-centos-7) + $(call test_python2_installation, splunk-py23-centos-7) test_splunk_redhat8_python2: - $(call test_python2_installation, splunk-redhat-8) + $(call test_python2_installation, splunk-py23-redhat-8) test_splunk_debian9_python2: - $(call test_python2_installation, splunk-debian-9) + $(call test_python2_installation, splunk-py23-debian-9) test_splunk_debian10_python2: - $(call test_python2_installation, splunk-debian-10) + $(call test_python2_installation, splunk-py23-debian-10) test_uf_centos7_python2: - $(call test_python2_installation, uf-centos-7) + $(call test_python2_installation, uf-py23-centos-7) test_uf_redhat8_python2: - $(call test_python2_installation, uf-redhat-8) + $(call test_python2_installation, uf-py23-redhat-8) test_uf_debian9_python2: - $(call test_python2_installation, uf-debian-9) + $(call test_python2_installation, uf-py23-debian-9) test_uf_debian10_python2: - $(call test_python2_installation, uf-debian-10) + $(call test_python2_installation, uf-py23-debian-10) #python2 version print to stderr, hence the 2>&1 define test_python2_installation diff --git a/base/centos-7/install.sh b/base/centos-7/install.sh index 223f27c7..3bf831a1 100755 --- a/base/centos-7/install.sh +++ b/base/centos-7/install.sh @@ -20,8 +20,6 @@ export LANG=en_US.utf8 yum -y update && yum -y install wget sudo epel-release yum -y install busybox ansible python-requests -yum -y install python36 python36-requests -python3 -m ensurepip cd /bin ln -s busybox killall diff --git a/base/debian-10/install.sh b/base/debian-10/install.sh index 23356079..caa50ad6 100755 --- a/base/debian-10/install.sh +++ b/base/debian-10/install.sh @@ -33,9 +33,7 @@ apt update # put back tools for customer support apt-get install -y --no-install-recommends curl sudo libgssapi-krb5-2 busybox procps acl apt-get install -y --no-install-recommends python-pip python-setuptools python-requests python-yaml -apt-get install -y --no-install-recommends python3 python3-pip python3-setuptools python3-requests python3-yaml pip --no-cache-dir install ansible -pip3 --no-cache-dir install ansible cd /bin ln -s busybox killall diff --git a/base/debian-9/install.sh b/base/debian-9/install.sh index 6cddfa7e..9c591ead 100755 --- a/base/debian-9/install.sh +++ b/base/debian-9/install.sh @@ -36,7 +36,6 @@ apt-get update apt-cache show ansible apt-get install -y --no-install-recommends ansible curl sudo libgssapi-krb5-2 busybox procps acl apt-get install -y --no-install-recommends python-requests -apt-get install -y --no-install-recommends python3 python3-pip python3-requests cd /bin ln -s busybox diff diff --git a/base/redhat-8/install.sh b/base/redhat-8/install.sh index e1e971ce..e06013d0 100755 --- a/base/redhat-8/install.sh +++ b/base/redhat-8/install.sh @@ -30,10 +30,8 @@ microdnf -y --nodocs install wget sudo shadow-utils procps wget https://busybox.net/downloads/binaries/1.28.1-defconfig-multiarch/busybox-x86_64 mv busybox-x86_64 /bin/busybox chmod +x /bin/busybox -microdnf -y --nodocs install python2 tar python3 -alternatives --set python /usr/bin/python2 +microdnf -y --nodocs install python2 tar pip2 -q --no-cache-dir install requests ansible -pip3 -q --no-cache-dir install requests ansible cd /bin ln -s busybox diff diff --git a/py23-image/centos-7/Dockerfile b/py23-image/centos-7/Dockerfile new file mode 100644 index 00000000..a113bab0 --- /dev/null +++ b/py23-image/centos-7/Dockerfile @@ -0,0 +1,7 @@ +ARG SPLUNK_PRODUCT=splunk +FROM ${SPLUNK_PRODUCT}-centos-7:latest +USER root + +RUN yum -y update +RUN yum -y install python36 python36-requests +RUN python3 -m ensurepip \ No newline at end of file diff --git a/py23-image/debian-10/Dockerfile b/py23-image/debian-10/Dockerfile new file mode 100644 index 00000000..c190369f --- /dev/null +++ b/py23-image/debian-10/Dockerfile @@ -0,0 +1,7 @@ +ARG SPLUNK_PRODUCT=splunk +FROM ${SPLUNK_PRODUCT}-debian-10:latest +USER root + +RUN apt update +RUN apt-get install -y --no-install-recommends python3 python3-pip python3-setuptools python3-requests python3-yaml +RUN pip3 --no-cache-dir install ansible \ No newline at end of file diff --git a/py23-image/debian-9/Dockerfile b/py23-image/debian-9/Dockerfile new file mode 100644 index 00000000..159d497f --- /dev/null +++ b/py23-image/debian-9/Dockerfile @@ -0,0 +1,6 @@ +ARG SPLUNK_PRODUCT=splunk +FROM ${SPLUNK_PRODUCT}-debian-9:latest +USER root + +RUN apt-get update +RUN apt-get install -y --no-install-recommends python3 python3-pip python3-requests \ No newline at end of file diff --git a/py23-image/redhat-8/Dockerfile b/py23-image/redhat-8/Dockerfile new file mode 100644 index 00000000..6d035fcd --- /dev/null +++ b/py23-image/redhat-8/Dockerfile @@ -0,0 +1,7 @@ +ARG SPLUNK_PRODUCT=splunk +FROM ${SPLUNK_PRODUCT}-redhat-8:latest +USER root + +RUN microdnf -y --nodocs install python3 +RUN alternatives --set python /usr/bin/python2 +RUN pip3 -q --no-cache-dir install requests ansible \ No newline at end of file From 5b323180e51182935ff1cf02e501c45f5c4463e6 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Fri, 16 Aug 2019 18:56:36 -0700 Subject: [PATCH 70/75] added test for image size increase --- Makefile | 43 +++++++++++++++++++++++++++---------------- 1 file changed, 27 insertions(+), 16 deletions(-) diff --git a/Makefile b/Makefile index 3237c85d..4c4124e5 100644 --- a/Makefile +++ b/Makefile @@ -334,28 +334,28 @@ test_splunk_python3_all: test_splunk_centos7_python3 test_splunk_redhat8_python3 test_uf_python3_all: test_uf_centos7_python3 test_uf_redhat8_python3 test_uf_debian9_python3 test_uf_debian10_python3 test_splunk_centos7_python3: - $(call test_python3_installation, splunk-py23-centos-7) + $(call test_python3_installation,splunk-py23-centos-7) test_splunk_redhat8_python3: - $(call test_python3_installation, splunk-py23-redhat-8) + $(call test_python3_installation,splunk-py23-redhat-8) test_splunk_debian9_python3: - $(call test_python3_installation, splunk-py23-debian-9) + $(call test_python3_installation,splunk-py23-debian-9) test_splunk_debian10_python3: - $(call test_python3_installation, splunk-py23-debian-10) + $(call test_python3_installation,splunk-py23-debian-10) test_uf_centos7_python3: - $(call test_python3_installation, uf-py23-centos-7) + $(call test_python3_installation,uf-py23-centos-7) test_uf_redhat8_python3: - $(call test_python3_installation, uf-py23-redhat-8) + $(call test_python3_installation,uf-py23-redhat-8) test_uf_debian9_python3: - $(call test_python3_installation, uf-py23-debian-9) + $(call test_python3_installation,uf-py23-debian-9) test_uf_debian10_python3: - $(call test_python3_installation, uf-py23-debian-10) + $(call test_python3_installation,uf-py23-debian-10) define test_python3_installation docker run -d --rm --name $1 -it $1 bash @@ -370,28 +370,28 @@ test_splunk_python2_all: test_splunk_centos7_python2 test_splunk_redhat8_python2 test_uf_python2_all: test_uf_centos7_python2 test_uf_redhat8_python2 test_uf_debian9_python2 test_uf_debian10_python2 test_splunk_centos7_python2: - $(call test_python2_installation, splunk-py23-centos-7) + $(call test_python2_installation,splunk-py23-centos-7) test_splunk_redhat8_python2: - $(call test_python2_installation, splunk-py23-redhat-8) + $(call test_python2_installation,splunk-py23-redhat-8) test_splunk_debian9_python2: - $(call test_python2_installation, splunk-py23-debian-9) + $(call test_python2_installation,splunk-py23-debian-9) test_splunk_debian10_python2: - $(call test_python2_installation, splunk-py23-debian-10) + $(call test_python2_installation,splunk-py23-debian-10) test_uf_centos7_python2: - $(call test_python2_installation, uf-py23-centos-7) + $(call test_python2_installation,uf-py23-centos-7) test_uf_redhat8_python2: - $(call test_python2_installation, uf-py23-redhat-8) + $(call test_python2_installation,uf-py23-redhat-8) test_uf_debian9_python2: - $(call test_python2_installation, uf-py23-debian-9) + $(call test_python2_installation,uf-py23-debian-9) test_uf_debian10_python2: - $(call test_python2_installation, uf-py23-debian-10) + $(call test_python2_installation,uf-py23-debian-10) #python2 version print to stderr, hence the 2>&1 define test_python2_installation @@ -400,6 +400,17 @@ docker exec -it $1 bash -c 'if [[ $$(python -V 2>&1) =~ "Python 2" ]] ; then ech docker kill $1 endef +test_debian9_image_size: + $(call test_image_size,splunk-debian-9) + +define test_image_size +docker pull splunk/splunk:edge +CUR_SIZE=$$(docker image inspect $1:latest --format='{{.Size}}') ; \ +EDGE_SIZE=$$(docker image inspect splunk/splunk:edge --format='{{.Size}}') ; \ +echo "current $1 image size = "$$CUR_SIZE ; \ +echo "edge image size = "$$EDGE_SIZE ; \ +if [[ $$CUR_SIZE > $$EDGE_SIZE*1.01 ]] ; then echo "current image size is 10% more than edge image" ; exit 1 ; fi +endef setup_clair_scanner: mkdir clair-scanner-logs From c1366b7421ac5a93b0f3d41ebd23d088f79fbd81 Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Fri, 16 Aug 2019 18:57:31 -0700 Subject: [PATCH 71/75] adding image size test to ci --- .circleci/config.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index e3a7212f..639de1a8 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -39,6 +39,9 @@ jobs: - run: name: Test Python2 as the default command: make test_python2_all + - run: + name: Test if image size increase + command: make test_debian9_image_size - run: name: Running debian9 CI Tests command: make run_tests_debian9 From 1595f16ae7748cd67ecab60b95624685df5fd52e Mon Sep 17 00:00:00 2001 From: Mike Dickey Date: Mon, 19 Aug 2019 12:33:53 -0700 Subject: [PATCH 72/75] More whitespace changes in splunk/splunk entrypoint.sh file to fix ascii art formatting and finish indenting consistency. Merged in same changes for running as splunk user to universal forwarder Dockerfile and entrypoint.sh. Updated whitespace in universal forwarder entrypoint.sh to also use tables for consistency. --- splunk/common-files/entrypoint.sh | 58 +++++++++++++++---------------- uf/common-files/Dockerfile | 7 +++- uf/common-files/entrypoint.sh | 47 ++++++++++++++----------- 3 files changed, 61 insertions(+), 51 deletions(-) diff --git a/splunk/common-files/entrypoint.sh b/splunk/common-files/entrypoint.sh index 66153a8c..238e8a70 100755 --- a/splunk/common-files/entrypoint.sh +++ b/splunk/common-files/entrypoint.sh @@ -56,10 +56,10 @@ watch_for_failure(){ echo Ansible playbook complete, will begin streaming var/log/splunk/splunkd_stderr.log echo user_permission_change - # Any crashes/errors while Splunk is running should get logged to splunkd_stderr.log and sent to the container's stdout if [ `whoami` != "${SPLUNK_USER}" ]; then RUN_AS_SPLUNK="sudo -u ${SPLUNK_USER}" fi + # Any crashes/errors while Splunk is running should get logged to splunkd_stderr.log and sent to the container's stdout if [ -z "$SPLUNK_TAIL_FILE" ]; then ${RUN_AS_SPLUNK} tail -n 0 -f ${SPLUNK_HOME}/var/log/splunk/splunkd_stderr.log & else @@ -69,13 +69,13 @@ watch_for_failure(){ } create_defaults() { - createdefaults.py + createdefaults.py } start_and_exit() { if [ -z "$SPLUNK_PASSWORD" ] then - echo "WARNING: No password ENV var. Stack may fail to provision if splunk.password is not set in ENV or a default.yml" + echo "WARNING: No password ENV var. Stack may fail to provision if splunk.password is not set in ENV or a default.yml" fi sh -c "echo 'starting' > ${CONTAINER_ARTIFACT_DIR}/splunk-container.state" setup @@ -111,42 +111,42 @@ user_permission_change(){ help() { cat << EOF - ____ _ _ __ + ____ _ _ __ / ___| _ __ | |_ _ _ __ | | __ \ \\ \___ \| '_ \| | | | | '_ \| |/ / \ \\ - ___) | |_) | | |_| | | | | < / / + ___) | |_) | | |_| | | | | < / / |____/| .__/|_|\__,_|_| |_|_|\_\ /_/ - |_| + |_| ======================================== Environment Variables: - * SPLUNK_USER - user under which to run Splunk (default: splunk) - * SPLUNK_GROUP - group under which to run Splunk (default: splunk) - * SPLUNK_HOME - home directory where Splunk gets installed (default: /opt/splunk) - * SPLUNK_START_ARGS - arguments to pass into the Splunk start command; you must include '--accept-license' to start Splunk (default: none) - * SPLUNK_ROLE - the role of this Splunk instance (default: splunk_standalone) - Acceptable values: - - splunk_standalone - - splunk_search_head - - splunk_indexer - - splunk_deployer - - splunk_license_master - - splunk_cluster_master - - splunk_heavy_forwarder - * SPLUNK_LICENSE_URI - URI or local file path (absolute path in the container) to a Splunk license - * SPLUNK_STANDALONE_URL, SPLUNK_INDEXER_URL, ... - comma-separated list of resolvable aliases to properly bring-up a distributed environment. - This is optional for standalones, but required for multi-node Splunk deployments. - * SPLUNK_BUILD_URL - URL to a Splunk build which will be installed (instead of the image's default build) - * SPLUNK_APPS_URL - comma-separated list of URLs to Splunk apps which will be downloaded and installed + * SPLUNK_USER - user under which to run Splunk (default: splunk) + * SPLUNK_GROUP - group under which to run Splunk (default: splunk) + * SPLUNK_HOME - home directory where Splunk gets installed (default: /opt/splunk) + * SPLUNK_START_ARGS - arguments to pass into the Splunk start command; you must include '--accept-license' to start Splunk (default: none) + * SPLUNK_ROLE - the role of this Splunk instance (default: splunk_standalone) + Acceptable values: + - splunk_standalone + - splunk_search_head + - splunk_indexer + - splunk_deployer + - splunk_license_master + - splunk_cluster_master + - splunk_heavy_forwarder + * SPLUNK_LICENSE_URI - URI or local file path (absolute path in the container) to a Splunk license + * SPLUNK_STANDALONE_URL, SPLUNK_INDEXER_URL, ... - comma-separated list of resolvable aliases to properly bring-up a distributed environment. + This is optional for standalones, but required for multi-node Splunk deployments. + * SPLUNK_BUILD_URL - URL to a Splunk build which will be installed (instead of the image's default build) + * SPLUNK_APPS_URL - comma-separated list of URLs to Splunk apps which will be downloaded and installed Examples: - * docker run -it -p 8000:8000 splunk/splunk start - * docker run -it -e SPLUNK_START_ARGS=--accept-license -p 8000:8000 -p 8089:8089 splunk/splunk start - * docker run -it -e SPLUNK_START_ARGS=--accept-license -e SPLUNK_LICENSE_URI=http://example.com/splunk.lic -p 8000:8000 splunk/splunk start - * docker run -it -e SPLUNK_START_ARGS=--accept-license -e SPLUNK_INDEXER_URL=idx1,idx2 -e SPLUNK_SEARCH_HEAD_URL=sh1,sh2 -e SPLUNK_ROLE=splunk_search_head --hostname sh1 --network splunknet --network-alias sh1 -e SPLUNK_PASSWORD=helloworld -e SPLUNK_LICENSE_URI=http://example.com/splunk.lic splunk/splunk start + * docker run -it -p 8000:8000 splunk/splunk start + * docker run -it -e SPLUNK_START_ARGS=--accept-license -p 8000:8000 -p 8089:8089 splunk/splunk start + * docker run -it -e SPLUNK_START_ARGS=--accept-license -e SPLUNK_LICENSE_URI=http://example.com/splunk.lic -p 8000:8000 splunk/splunk start + * docker run -it -e SPLUNK_START_ARGS=--accept-license -e SPLUNK_INDEXER_URL=idx1,idx2 -e SPLUNK_SEARCH_HEAD_URL=sh1,sh2 -e SPLUNK_ROLE=splunk_search_head --hostname sh1 --network splunknet --network-alias sh1 -e SPLUNK_PASSWORD=helloworld -e SPLUNK_LICENSE_URI=http://example.com/splunk.lic splunk/splunk start EOF - exit 1 + exit 1 } case "$1" in diff --git a/uf/common-files/Dockerfile b/uf/common-files/Dockerfile index 9ea27573..5bbab1f5 100644 --- a/uf/common-files/Dockerfile +++ b/uf/common-files/Dockerfile @@ -90,10 +90,15 @@ RUN \ && groupadd -r ${ANSIBLE_GROUP} \ && useradd -r -m -g ${ANSIBLE_GROUP} ${ANSIBLE_USER} \ && usermod -aG sudo ${ANSIBLE_USER} \ + && usermod -aG ${ANSIBLE_GROUP} ${SPLUNK_USER} \ # Container Artifact Directory is a place for all artifacts and logs that are generated by the provisioning process. The directory is owned by the user "ansible". && mkdir ${CONTAINER_ARTIFACT_DIR} \ - && chown -R ${ANSIBLE_USER}:${ANSIBLE_GROUP} $CONTAINER_ARTIFACT_DIR \ + && chown -R ${ANSIBLE_USER}:${ANSIBLE_GROUP} ${CONTAINER_ARTIFACT_DIR} \ + && chmod -R 775 ${CONTAINER_ARTIFACT_DIR} \ && chmod -R 555 ${SPLUNK_ANSIBLE_HOME} \ + && chgrp ${ANSIBLE_GROUP} ${SPLUNK_ANSIBLE_HOME} ${SPLUNK_ANSIBLE_HOME}/ansible.cfg \ + && chmod 775 ${SPLUNK_ANSIBLE_HOME} \ + && chmod 664 ${SPLUNK_ANSIBLE_HOME}/ansible.cfg \ && chmod 755 /sbin/entrypoint.sh /sbin/createdefaults.py /sbin/checkstate.sh USER ${ANSIBLE_USER} diff --git a/uf/common-files/entrypoint.sh b/uf/common-files/entrypoint.sh index 33f581fc..4bbf8ebb 100755 --- a/uf/common-files/entrypoint.sh +++ b/uf/common-files/entrypoint.sh @@ -20,8 +20,8 @@ setup() { # Check if the user accepted the license if [[ "$SPLUNK_START_ARGS" != *"--accept-license"* ]]; then printf "License not accepted, please ensure the environment variable SPLUNK_START_ARGS contains the '--accept-license' flag\n" - printf "For example: docker run -e SPLUNK_START_ARGS=--accept-license splunk/splunk\n\n" - printf "For additional information and examples, see the help: docker run -it splunk/splunk help\n" + printf "For example: docker run -e SPLUNK_START_ARGS=--accept-license splunk/universalforwarder\n\n" + printf "For additional information and examples, see the help: docker run -it splunk/universalforwarder help\n" exit 1 fi } @@ -35,6 +35,9 @@ trap teardown SIGINT SIGTERM prep_ansible() { cd ${SPLUNK_ANSIBLE_HOME} + if [ `whoami` == "${SPLUNK_USER}" ]; then + sed -i -e "s,^become\\s*=.*,become = false," ansible.cfg + fi if [[ "$DEBUG" == "true" ]]; then ansible-playbook --version python inventory/environ.py --write-to-file @@ -52,42 +55,44 @@ watch_for_failure(){ echo Ansible playbook complete, will begin streaming var/log/splunk/splunkd_stderr.log echo user_permission_change - # Any crashes/errors while Splunk is running should get logged to splunkd_stderr.log and sent to the container's stdout + if [ `whoami` != "${SPLUNK_USER}" ]; then + RUN_AS_SPLUNK="sudo -u ${SPLUNK_USER}" + fi # Any crashes/errors while Splunk is running should get logged to splunkd_stderr.log and sent to the container's stdout if [ -z "$SPLUNK_TAIL_FILE" ]; then - sudo -u ${SPLUNK_USER} tail -n 0 -f ${SPLUNK_HOME}/var/log/splunk/splunkd_stderr.log & + ${RUN_AS_SPLUNK} tail -n 0 -f ${SPLUNK_HOME}/var/log/splunk/splunkd_stderr.log & else - sudo -u ${SPLUNK_USER} tail -n 0 -f ${SPLUNK_TAIL_FILE} & + ${RUN_AS_SPLUNK} tail -n 0 -f ${SPLUNK_TAIL_FILE} & fi wait } create_defaults() { - createdefaults.py + createdefaults.py } start_and_exit() { - if [ -z "$SPLUNK_PASSWORD" ] - then - echo "WARNING: No password ENV var. Stack may fail to provision if splunk.password is not set in ENV or a default.yml" - fi + if [ -z "$SPLUNK_PASSWORD" ] + then + echo "WARNING: No password ENV var. Stack may fail to provision if splunk.password is not set in ENV or a default.yml" + fi sh -c "echo 'starting' > ${CONTAINER_ARTIFACT_DIR}/splunk-container.state" setup - prep_ansible + prep_ansible ansible-playbook $ANSIBLE_EXTRA_FLAGS -i inventory/environ.py site.yml } start() { - trap teardown EXIT + trap teardown EXIT start_and_exit - watch_for_failure + watch_for_failure } restart(){ trap teardown EXIT sh -c "echo 'restarting' > ${CONTAINER_ARTIFACT_DIR}/splunk-container.state" - prep_ansible - ${SPLUNK_HOME}/bin/splunk stop 2>/dev/null || true + prep_ansible + ${SPLUNK_HOME}/bin/splunk stop 2>/dev/null || true ansible-playbook -i inventory/environ.py start.yml watch_for_failure } @@ -123,7 +128,7 @@ Environment Variables: EOF - exit 1 + exit 1 } case "$1" in @@ -136,12 +141,12 @@ case "$1" in start_and_exit $@ ;; create-defaults) - create_defaults - ;; + create_defaults + ;; restart) - shift - restart $@ - ;; + shift + restart $@ + ;; no-provision) user_permission_change tail -n 0 -f /etc/hosts & From 7c64d3e89b73d32d3c99a1b957ca4a1c19ad886b Mon Sep 17 00:00:00 2001 From: Hendo Lim Date: Mon, 19 Aug 2019 13:47:27 -0700 Subject: [PATCH 73/75] fix image size test --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 4c4124e5..1b7ff053 100644 --- a/Makefile +++ b/Makefile @@ -409,7 +409,7 @@ CUR_SIZE=$$(docker image inspect $1:latest --format='{{.Size}}') ; \ EDGE_SIZE=$$(docker image inspect splunk/splunk:edge --format='{{.Size}}') ; \ echo "current $1 image size = "$$CUR_SIZE ; \ echo "edge image size = "$$EDGE_SIZE ; \ -if [[ $$CUR_SIZE > $$EDGE_SIZE*1.01 ]] ; then echo "current image size is 10% more than edge image" ; exit 1 ; fi +if [[ $$CUR_SIZE -gt $$EDGE_SIZE*102/100 ]] ; then echo "current image size is 2% more than edge image" ; exit 1 ; fi endef setup_clair_scanner: From 0450046faebd7c8b78ab4b61fe37352e706b9b3d Mon Sep 17 00:00:00 2001 From: Mike Dickey Date: Mon, 19 Aug 2019 16:20:42 -0700 Subject: [PATCH 74/75] Added SECURITY.md documentation --- docs/SECURITY.md | 87 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 docs/SECURITY.md diff --git a/docs/SECURITY.md b/docs/SECURITY.md new file mode 100644 index 00000000..6f1ae709 --- /dev/null +++ b/docs/SECURITY.md @@ -0,0 +1,87 @@ +## Security ## +This section will cover various security considerations when using the Splunk Enterprise and Universal Forwarder containers. + +### Startup Users ### + +The Splunk Enterprise and Universal Forwarder containers may be started using one of the following three user accounts: + +* `splunk` (most secure): This user has no privileged access and cannot use `sudo` to change to another user account. +It is a member of the `ansible` group, which enables it to run the embedded playbooks at startup. When using the +`splunk` user, all processes will run as this user. Note that you must set the `SPLUNK_HOME_OWNERSHIP_ENFORCEMENT` +environment variable to `false` when starting as this user. ***Recommended for production*** + +* `ansible` (middle ground): This user is a member of the `sudo` group and able to execute `sudo` commands without a +password. It uses privileged access at startup only to perform certain actions which cannot be performed by regular +users (see below). After startup, `sudo` access will automatically be removed from the `ansible` user if the +environment variable `STEPDOWN_ANSIBLE_USER` is set to `true`. ***This is the default user account*** + +* `root` (least secure): This is a privileged user running with UID of `0`. Some customers may want to use this for +forwarder processes that require access to log files which cannot be read by any other user. ***This is not recommended*** + +### After Startup ### + +By default, the primary Splunk processes will always run as the unprivileged user and group `splunk`, +irregardless of which user account the containers are started with. You can override this by changing the following: + +* User: `splunk.user` variable in your `default.yml` template, or the `SPLUNK_USER` environment variable +* Group: `splunk.group` variable in your `default.yml` template, or the `SPLUNK_GROUP` environment variable + +Note that the containers are built with the `splunk` user having UID `41812` and the `splunk` group having GID `41812`. + +You may want to override these settings to ensure that Splunk forwarder processes have access to read your log files. +For example, you can ensure that all processes run as `root` by starting as the `root` user with the environment +variable `SPLUNK_USER` also set to `root` (this is not recommended). + +### Privileged Features ### + +Certain features supported by the Splunk Enterprise and Universal Forwarder containers require that they are started +with privileged access using either the `ansible` or `root` user accounts. + +#### Splunk Home Ownership #### + +By default, at startup the containers will ensure that all files located under the `SPLUNK_HOME` directory +(`/opt/splunk`) are owned by user `splunk` and group `splunk`. This helps to ensure that the Splunk processes are +able to read and write any external volumes mounted for `/opt/splunk/etc` and `/opt/splunk/var`. While all supported +versions of the docker engine will automatically set proper ownership for these volumes, external orchestration systems +typically will require extra steps. + +If you know that this step is unnecessary, you can disable it by setting the `SPLUNK_HOME_OWNERSHIP_ENFORCEMENT` +environment variable to `false`. Note that this must be disabled when starting containers with the `splunk` user +account. + +#### Package Installation #### + +The `JAVA_VERSION` environment variable can be used to automatically install OpenJDK at startup time. This feature +requires starting as a privileged user account. + +### Kubernetes Users ### + +For Kubernetes, we recommend using the `fsGroup` [Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) +to ensure that all Pods are able to write to your Persistent Volumes. For example: + +``` +apiVersion: v1 +kind: Pod +metadata: + name: example-splunk-pod +spec: + securityContext: + runAsUser: 41812 + fsGroup: 41812 + containers: + name: example-splunk-container + image: splunk/splunk + env: + - name: SPLUNK_HOME_OWNERSHIP_ENFORCEMENT + value: "false" +... +``` + +This can be used to create a Splunk Enterprise Pod running as the unprivileged `splunk` user which is able to securely +read and write from any Persistent Volumes that are created for it. + +Red Hat OpenShift users can leverage the built-in `nonroot` [Security Context Constraint](https://docs.openshift.com/container-platform/3.9/admin_guide/manage_scc.html) +to run Pods with the above Security Context: +``` +oc adm policy add-scc-to-user nonroot default +``` \ No newline at end of file From e594aeb557fc1469cdc7afc651ab641d32077e9d Mon Sep 17 00:00:00 2001 From: Nelson Wang Date: Wed, 28 Aug 2019 14:50:52 -0700 Subject: [PATCH 75/75] Adding test for upgrades from older splunk images --- tests/test_docker_splunk.py | 95 ++++++++++++++++++++++++++++++++++++- 1 file changed, 93 insertions(+), 2 deletions(-) diff --git a/tests/test_docker_splunk.py b/tests/test_docker_splunk.py index 46068fa9..f9ddb5b2 100644 --- a/tests/test_docker_splunk.py +++ b/tests/test_docker_splunk.py @@ -8,6 +8,7 @@ import shlex import yaml import docker +from docker.types import Mount import urllib import requests import subprocess @@ -41,6 +42,8 @@ global platform platform = "debian-9" +OLD_SPLUNK_VERSION = "7.2.7" + def generate_random_string(): return ''.join(choice(ascii_lowercase) for b in range(20)) @@ -239,7 +242,7 @@ def extract_json(self, container_name): except Exception as e: self.logger.error(e) return None - + def search_internal_distinct_hosts(self, container_id, username="admin", password="password"): query = "search index=_internal earliest=-1m | stats dc(host) as distinct_hosts" splunkd_port = self.client.port(container_id, 8089)[0]["HostPort"] @@ -1134,6 +1137,94 @@ def test_adhoc_1so_web_ssl(self): except OSError: pass + def test_adhoc_1so_upgrade(self): + # Pull the old image + for line in self.client.pull("splunk/splunk:{}".format(OLD_SPLUNK_VERSION), stream=True, decode=True): + continue + # Create the "splunk-old" container + try: + cid = None + splunk_container_name = generate_random_string() + password = generate_random_string() + cid = self.client.create_container("splunk/splunk:{}".format(OLD_SPLUNK_VERSION), tty=True, ports=[8089, 8088], hostname="splunk", + name=splunk_container_name, environment={"DEBUG": "true", "SPLUNK_HEC_TOKEN": "qwerty", "SPLUNK_PASSWORD": password, "SPLUNK_START_ARGS": "--accept-license"}, + host_config=self.client.create_host_config(mounts=[Mount("/opt/splunk/etc", "opt-splunk-etc"), Mount("/opt/splunk/var", "opt-splunk-var")], + port_bindings={8089: ("0.0.0.0",), 8088: ("0.0.0.0",)}) + ) + cid = cid.get("Id") + self.client.start(cid) + # Poll for the container to be ready + assert self.wait_for_containers(1, name=splunk_container_name) + # Check splunkd + assert self.check_splunkd("admin", password) + # Add some data via HEC + splunk_hec_port = self.client.port(cid, 8088)[0]["HostPort"] + url = "https://localhost:{}/services/collector/event".format(splunk_hec_port) + kwargs = {"json": {"event": "world never says hello back"}, "verify": False, "headers": {"Authorization": "Splunk qwerty"}} + status, content = self.handle_request_retry("POST", url, kwargs) + assert status == 200 + # Remove the "splunk-old" container + self.client.remove_container(cid, v=False, force=True) + # Create the "splunk-new" container re-using volumes + splunk_container_name = generate_random_string() + cid = self.client.create_container(self.SPLUNK_IMAGE_NAME, tty=True, ports=[8089, 8000], hostname="splunk", + name=splunk_container_name, environment={"DEBUG": "true", "SPLUNK_HEC_TOKEN": "qwerty", "SPLUNK_PASSWORD": password, "SPLUNK_START_ARGS": "--accept-license"}, + host_config=self.client.create_host_config(mounts=[Mount("/opt/splunk/etc", "opt-splunk-etc"), Mount("/opt/splunk/var", "opt-splunk-var")], + port_bindings={8089: ("0.0.0.0",), 8000: ("0.0.0.0",)}) + ) + cid = cid.get("Id") + self.client.start(cid) + # Poll for the container to be ready + assert self.wait_for_containers(1, name=splunk_container_name) + # Check splunkd + assert self.check_splunkd("admin", password) + # Run a search - we should be getting 2 hosts because the hostnames were different in the two containers created above + query = "search index=main earliest=-3m" + splunkd_port = self.client.port(cid, 8089)[0]["HostPort"] + url = "https://localhost:{}/services/search/jobs?output_mode=json".format(splunkd_port) + kwargs = { + "auth": ("admin", password), + "data": "search={}".format(urllib.quote_plus(query)), + "verify": False + } + resp = requests.post(url, **kwargs) + assert resp.status_code == 201 + sid = json.loads(resp.content)["sid"] + assert sid + self.logger.info("Search job {} created against on {}".format(sid, cid)) + # Wait for search to finish + # TODO: implement polling mechanism here + job_status = None + for _ in range(10): + url = "https://localhost:{}/services/search/jobs/{}?output_mode=json".format(splunkd_port, sid) + kwargs = {"auth": ("admin", password), "verify": False} + job_status = requests.get(url, **kwargs) + done = json.loads(job_status.content)["entry"][0]["content"]["isDone"] + self.logger.info("Search job {} done status is {}".format(sid, done)) + if done: + break + time.sleep(3) + # Check searchProviders - use the latest job_status check from the polling + assert job_status.status_code == 200 + # Check search results + url = "https://localhost:{}/services/search/jobs/{}/results?output_mode=json".format(splunkd_port, sid) + kwargs = {"auth": ("admin", password), "verify": False} + resp = requests.get(url, **kwargs) + assert resp.status_code == 200 + results = json.loads(resp.content)["results"] + assert len(results) == 1 + assert results[0]["_raw"] == "world never says hello back" + except Exception as e: + self.logger.error(e) + raise e + finally: + if cid: + self.client.remove_container(cid, v=True, force=True) + try: + os.remove(os.path.join(FIXTURES_DIR, "default.yml")) + except OSError: + pass + def test_compose_1so_trial(self): # Standup deployment self.compose_file_name = "1so_trial.yaml" @@ -1616,7 +1707,7 @@ def test_compose_1so_hec(self): url = "https://localhost:{}/services/collector/event".format(splunk_hec_port) kwargs = {"json": {"event": "hello world"}, "verify": False, "headers": {"Authorization": "Splunk abcd1234"}} status, content = self.handle_request_retry("POST", url, kwargs) - assert status == 200 + assert status == 200 def test_compose_1uf_hec(self): # Standup deployment