Update test plans to use secured connectivity with the operator and

rename edgedeployment in edgeworkload

payload.json

@@ -0,0 +1,24 @@
+{
+   "content": {
+       "certificate_request": "$CERTIFICATE_REQUEST",
+       "hardware": {
+           "cpu": {
+               "architecture": "x86_64",
+               "flags": [],
+               "model_name": "Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz"
+           },
+           "hostname": "$HOSTNAME",
+           "system_vendor": {
+               "manufacturer": "LENOVO",
+               "product_name": "${PRODUCT_NAME}",
+               "serial_number": "${SERIAL_NAME}"
+           }
+       },
+       "os_image_id": "unknown"
+   },
+   "directive": "registration",
+   "message_id": "$UUID",
+   "sent": "2021-11-21T14:45:25.271+02:00",
+   "type": "data",
+   "version": 1
+}

samples/edgedeployment.json.in → samples/edgeworkload.json.in

@@ -1,6 +1,6 @@
 {
     "apiVersion": "management.project-flotta.io/v1alpha1",
-    "kind": "EdgeDeployment",
+    "kind": "EdgeWorkload",
         "name": "${DEPLOYMENT_NAME}-${DEPLOYMENT_SUFFIX}",
         "namespace": "${NAMESPACE}",
     },

scripts/create_output_streams.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+touch ${TEST_DIR}/${DEVICE_ID}_register.out
+touch ${TEST_DIR}/${DEVICE_ID}_register.err 
+touch ${TEST_DIR}/${DEVICE_ID}_get_updates.err
+touch ${TEST_DIR}/${DEVICE_ID}_get_updates.out
+touch ${TEST_DIR}/${DEVICE_ID}_hearthbeat.out
+touch ${TEST_DIR}/${DEVICE_ID}_hearthbeat.err

scripts/generate_certs.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+# make get-certs
+kubectl -n flotta get secrets flotta-ca --template="{{index .data \"ca.crt\" | base64decode}}" >${test_dir}/${DEVICE_ID}_ca.pem
+export REG_SECRET_NAME=$(kubectl get secrets -n flotta -l reg-client-ca=true --sort-by=.metadata.creationTimestamp | tail -1 | awk '{print $1}')
+kubectl -n flotta get secret ${REG_SECRET_NAME} --template="{{index .data \"client.crt\" | base64decode}}" > ${test_dir}/${DEVICE_ID}_cert.pem
+kubectl -n flotta get secret ${REG_SECRET_NAME} --template="{{index .data \"client.key\" | base64decode}}" > ${test_dir}/${DEVICE_ID}_key.pem
+# make get-certs END

scripts/get_device_update.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+echo "curl -XGET \\
+  --cacert ${test_dir}/default_ca.pem \\
+  --cert ${test_dir}/${DEVICE_ID}.pem \\
+  --key ${test_dir}/${DEVICE_ID}.key -v \\
+  -H \"Content-Type: application/json\" \\
+  -H \"Cache-Control: no-cache\" \\
+  https://${HTTP_SERVER}:${HTTP_SERVER_PORT}/${REQUEST_PATH}"
+
+curl -XGET \
+  --cacert ${test_dir}/default_ca.pem \
+  --cert ${test_dir}/${DEVICE_ID}.pem \
+  --key ${test_dir}/${DEVICE_ID}.key -v \
+  -H "Content-Type: application/json" \
+  -H "Cache-Control: no-cache" \
+  https://${HTTP_SERVER}:${HTTP_SERVER_PORT}/${REQUEST_PATH}
+
+if [ $? -ne 0 ]; then
+  echo "Error getting device updates"
+  exit -1
+fi;
+
+exit 0

scripts/register_device.sh

@@ -0,0 +1,50 @@
+#!/bin/bash 
+openssl ecparam -name prime256v1 -genkey -noout -out ${test_dir}/${DEVICE_ID}.key
+openssl req -new -subj '/CN=${DEVICE_ID}' -key ${test_dir}/${DEVICE_ID}.key -out ${test_dir}/${DEVICE_ID}.csr
+export CERTIFICATE_REQUEST=$(cat ${test_dir}/${DEVICE_ID}.csr | sed 's/$/\\n/' | tr -d '\n')
+UUID=$(uuidgen)
+echo "${PAYLOAD}" | sed -e 's/"content": {/"content": {\n       "certificate_request": "$CERTIFICATE_REQUEST",/g' | envsubst > ${test_dir}/${DEVICE_ID}_payload.json
+
+#Verify!
+cat ${test_dir}/${DEVICE_ID}_payload.json | jq .
+
+if [ $? -ne 0 ]; then
+ echo "Error when checking ${test_dir}/${DEVICE_ID}_payload.json"
+ exit -1
+fi
+echo "curl \
+  --cacert ${test_dir}/default_ca.pem \\
+  --cert ${test_dir}/default_cert.pem \\
+  --key ${test_dir}/default_key.pem -v \\
+  -d @${test_dir}/${DEVICE_ID}_payload.json \\
+  -X POST \\
+  -H \"Content-Type: application/json\" \
+  -o ${test_dir}/${DEVICE_ID}_response.json \\
+  https://${HTTP_SERVER}:${HTTP_SERVER_PORT}/api/flotta-management/v1/data/${DEVICE_ID}/out"
+
+curl \
+  --cacert ${test_dir}/default_ca.pem \
+  --cert ${test_dir}/default_cert.pem \
+  --key ${test_dir}/default_key.pem -v \
+  -d @${test_dir}/${DEVICE_ID}_payload.json \
+  -X POST \
+  -H "Content-Type: application/json" \
+  -o ${test_dir}/${DEVICE_ID}_response.json \
+  https://${HTTP_SERVER}:${HTTP_SERVER_PORT}/api/flotta-management/v1/data/${DEVICE_ID}/out 
+if [ $? -ne 0 ]; then
+ echo "Error when sending registration request, see  ${test_dir}/${DEVICE_ID}_register.out"
+ exit -1
+fi
+
+cat ${test_dir}/${DEVICE_ID}_response.json | jq '.content.certificate' | sed -e 's/\\n/\n/g' | sed -e 's/"//g' > ${test_dir}/${DEVICE_ID}.pem
+
+
+#openssl x509 -in ${test_dir}/${DEVICE_ID}.pem --text
+
+if [ $? -ne 0 ]; then
+ echo "Error when extracting ${test_dir}/${DEVICE_ID}_response.json to  ${test_dir}/${DEVICE_ID}.pem"
+ exit -1
+fi
+
+exit 0
+

scripts/request_operator.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+echo "curl -XPOST \\
+  --cacert ${test_dir}/default_ca.pem \\
+  --cert ${test_dir}/${DEVICE_ID}.pem \\
+  --key ${test_dir}/${DEVICE_ID}.key -v \\
+  -H \"Content-Type: application/json\" \\
+  --data ${POST_BODY} \\
+  https://${HTTP_SERVER}:${HTTP_SERVER_PORT}/${REQUEST_PATH}"
+
+curl -XPOST \
+  --cacert ${test_dir}/default_ca.pem \
+  --cert ${test_dir}/${DEVICE_ID}.pem \
+  --key ${test_dir}/${DEVICE_ID}.key -v \
+  -H "Content-Type: application/json" \
+  --data ${POST_BODY} \
+  https://${HTTP_SERVER}:${HTTP_SERVER_PORT}/${REQUEST_PATH}
+
+if [ $? -ne 0 ]; then
+  echo "Error posting device"
+  exit -1
+fi;
+
+exit 0

scripts/run_test_plan.sh

@@ -20,7 +20,7 @@ OPTIONS:
    -m      Run must-gather to collect logs (default: false)
    -n      Test run ID
    -o      Edge deployment updates concurrency (default: 5)
-   -p      Total of edge deployments per device
+   -p      Total of edge workloads per device
    -q      Number of namespaces (default: 10). Requires hacked version of flotta-operator and specific test plan.
    -r      Ramp-up time in seconds to create all edge devices
    -s      Address of OCP API server
@@ -57,7 +57,7 @@ while getopts "c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:s:t:u:v" option; do
         l) LOG_LEVEL=${OPTARG};;
         m) MUST_GATHER=${OPTARG};;
         n) TEST_ID=${OPTARG};;
-        o) EDGEDEPLOYMENT_CONCURRENCY=${OPTARG};;
+        o) edgeworkloadMENT_CONCURRENCY=${OPTARG};;
         p) EDGE_DEPLOYMENTS_PER_DEVICE=${OPTARG};;
         q) NAMESPACES_COUNT=${OPTARG};;
         r) RAMP_UP_TIME=${OPTARG};;
@@ -86,9 +86,9 @@ if [[ -z $REPLICAS ]]; then
     echo "INFO: Number of replicas not specified. Using default value: $REPLICAS"
 fi
 
-if [[ -z $EDGEDEPLOYMENT_CONCURRENCY ]]; then
-    EDGEDEPLOYMENT_CONCURRENCY=5
-    echo "INFO: Edge deployment concurrency not specified. Using default value: $EDGEDEPLOYMENT_CONCURRENCY"
+if [[ -z $edgeworkloadMENT_CONCURRENCY ]]; then
+    edgeworkloadMENT_CONCURRENCY=5
+    echo "INFO: Edge deployment concurrency not specified. Using default value: $edgeworkloadMENT_CONCURRENCY"
 fi
 
 if [[ -z $TEST_ID ]]; then
@@ -104,7 +104,7 @@ if [[ -z $EDGE_DEVICES_COUNT ]]; then
 fi
 
 if [[ -z $EDGE_DEPLOYMENTS_PER_DEVICE ]]; then
-    echo "ERROR: Edge deployments per device is required"
+    echo "ERROR: edge workloads per device is required"
     usage
     exit 1
 fi
@@ -189,7 +189,7 @@ if [[ -n $VERBOSE ]]; then
     set -xv
 fi
 
-test_dir="./test-run-${TEST_ID}"
+export test_dir="$(pwd)/test-run-${TEST_ID}"
 if [ -d "$test_dir" ]; then
     echo "ERROR: Test directory $test_dir already exists"
     exit 1
@@ -209,7 +209,7 @@ echo "Target folder: $test_dir"
 echo "Test ID: ${TEST_ID}"
 echo "Test plan: ${TEST_PLAN}"
 echo "Total of edge devices: ${EDGE_DEVICES_COUNT}"
-echo "Edge deployments per device: ${EDGE_DEPLOYMENTS_PER_DEVICE}"
+echo "edge workloads per device: ${EDGE_DEPLOYMENTS_PER_DEVICE}"
 echo "Ramp-up time: ${RAMP_UP_TIME}"
 echo "Iterations: ${ITERATIONS}"
 echo "OCP API server: ${OCP_API_SERVER}"
@@ -223,8 +223,8 @@ echo "----------------------------------------------------"
 
 cp $TEST_PLAN $test_dir/
 edgedevices=$(kubectl get edgedevices --all-namespaces | wc -l)
-edgedeploy=$(kubectl get edgedeployments --all-namespaces | wc -l)
-echo "Before test: There are $edgedevices edge devices and $edgedeploy edge deployments" >> $test_dir/summary.txt
+edgeworkload=$(kubectl get edgeworkloads --all-namespaces | wc -l)
+echo "Before test: There are $edgedevices edge devices and $edgeworkload edge workloads" >> $test_dir/summary.txt
 }
 
 run_test()
@@ -240,6 +240,8 @@ JVM_ARGS="-Xms4g -Xmx64g -Xss250k -XX:MaxMetaspaceSize=1g" $JMETER_HOME/bin/jmet
     -JK8S_BEARER_TOKEN=$K8S_BEARER_TOKEN \
     -JHTTP_SERVER=$HTTP_SERVER \
     -JHTTP_SERVER_PORT=$HTTP_SERVER_PORT \
+    -JTEST_DIR=$test_dir \
+    -JSCRIPTS_DIR=`pwd` \
     -JNAMESPACES_COUNT=$NAMESPACES_COUNT|& tee -a $test_dir/summary.txt
 }
 
@@ -253,13 +255,13 @@ echo "After test:" >> $test_dir/summary.txt
 
 if [[ -z $RUN_WITHOUT_NAMESPACES ]]; then
     edgedevices=$(kubectl get edgedevices --all-namespaces | wc -l)
-    edgedeploy=$(kubectl get edgedeployments --all-namespaces | wc -l)
-    echo "There are $edgedevices edge devices and $edgedeploy edge deployments" >> $test_dir/summary.txt
+    edgeworkload=$(kubectl get edgeworkloads --all-namespaces | wc -l)
+    echo "There are $edgedevices edge devices and $edgeworkload edge workloads" >> $test_dir/summary.txt
 else
     for i in $(seq 1 $NAMESPACES_COUNT); do
         edgedevices=$(kubectl get edgedevices -n $i | wc -l)
-        edgedeploy=$(kubectl get edgedeployments -n $i | wc -l)
-        echo "There are $edgedevices edge devices and $edgedeploy edge deployments in namespace $i" >> $test_dir/summary.txt
+        edgeworkload=$(kubectl get edgeworkloads -n $i | wc -l)
+        echo "There are $edgedevices edge devices and $edgeworkload edge workloads in namespace $i" >> $test_dir/summary.txt
     done
 fi
 
@@ -297,7 +299,7 @@ kubectl patch cm -n flotta flotta-operator-manager-config --type merge --patch '
     "LOG_LEVEL": "'$LOG_LEVEL'",
     "OBC_AUTO_CREATE": "false",
      "MAX_CONCURRENT_RECONCILES": "'$MAX_CONCURRENT_RECONCILES'",
-     "EDGEDEPLOYMENT_CONCURRENCY": "'$EDGEDEPLOYMENT_CONCURRENCY'",
+     "edgeworkloadMENT_CONCURRENCY": "'$edgeworkloadMENT_CONCURRENCY'",
      "NAMESPACES_COUNT": "'$NAMESPACES_COUNT'"}
 }'
 
@@ -392,11 +394,17 @@ kubectl scale --replicas=$REPLICAS deployment flotta-operator-controller-manager
 kubectl wait --for=condition=available -n flotta deployment.apps/flotta-operator-controller-manager
 
 count=0
-
+DEVICE_ID='default'
+DEVICE_ID=$DEVICE_ID sh generate_certs.sh 
 echo "Waiting for HTTP server to be ready at $HTTP_SERVER"
 until [[ count -gt 100 ]]
 do
-  curl -m 5 -s -i "$HTTP_SERVER":"$HTTP_SERVER_PORT" | grep 404 > /dev/null
+  curl \
+    --cacert ${test_dir}/${DEVICE_ID}_ca.pem \
+    --cert ${test_dir}/${DEVICE_ID}_cert.pem \
+    --key ${test_dir}/${DEVICE_ID}_key.pem -v \
+    -m 5 -s -i \
+    https://${HTTP_SERVER}:${HTTP_SERVER_PORT} | grep 404 > /dev/null
   if [ "$?" == "1" ]; then
     echo -n "."
     count=$((count+1))
@@ -422,8 +430,35 @@ kubectl top pods -n flotta --use-protocol-buffers
 } >> $test_dir/summary.txt
 }
 
+setup()
+{
+  sysctl -w net.core.somaxconn=50000
+  sysctl -w net.core.netdev_max_backlog=50000
+  sysctl -w net.ipv4.tcp_max_syn_backlog=50000 
+  sysctl -w net.ipv4.ip_local_port_range="15000 65000"
+  sysctl -w net.ipv4.tcp_fin_timeout=10
+  sysctl -w vm.max_map_count=999999
+  sysctl -w kernel.threads-max=4113992
+
+  if [ -z $(grep "* soft nofile 999999" "/etc/security/limits.conf") ]; then
+      cat "* soft nofile 999999" >> /etc/security/limits.conf
+  fi
+
+  if [ -z $(grep "* hard nofile 999999" "/etc/security/limits.conf") ]; then
+      cat "* hard nofile 999999" >> /etc/security/limits.conf
+  fi
+
+
+  ifconfig br-ex txqueuelen 5000
+  ifconfig cni-podman0 txqueuelen 5000
+  ifconfig ens3 txqueuelen 5000
+  ifconfig ens4 txqueuelen 5000
+  ifconfig ovn-k8s-mp0 txqueuelen 5000
+}
+
 parse_args "$@"
 log_run_details
+setup
 patch_flotta_operator
 log_pods_details
 run_test

scripts/service.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: flotta-svc
+  namespace: flotta
+spec:
+  type: NodePort
+  selector:
+    control-plane: controller-manager
+  ports:
+      # By default and for convenience, the `targetPort` is set to the same value as the `port` field.
+    - port: 8043
+      targetPort: 8043
+      # Optional field
+      # By default and for convenience, the Kubernetes control plane will allocate a port from a range (default: 30000-32767)
+      nodePort: 30043

scripts/setup.sh

@@ -0,0 +1,22 @@
+sysctl -w net.core.somaxconn=50000
+sysctl -w net.core.netdev_max_backlog=50000
+sysctl -w net.ipv4.tcp_max_syn_backlog=50000 
+sysctl -w net.ipv4.ip_local_port_range="15000 65000"
+sysctl -w net.ipv4.tcp_fin_timeout=10
+sysctl -w vm.max_map_count=999999
+sysctl -w kernel.threads-max=4113992
+
+if [ -z $(grep "* soft nofile 999999" "/etc/security/limits.conf") ]; then
+    cat "* soft nofile 999999" >> /etc/security/limits.conf
+fi
+
+if [ -z $(grep "* hard nofile 999999" "/etc/security/limits.conf") ]; then
+    cat "* hard nofile 999999" >> /etc/security/limits.conf
+fi
+
+
+ifconfig br-ex txqueuelen 5000
+ifconfig cni-podman0 txqueuelen 5000
+ifconfig ens3 txqueuelen 5000
+ifconfig ens4 txqueuelen 5000
+ifconfig ovn-k8s-mp0 txqueuelen 5000

scripts/teardown.sh

@@ -5,15 +5,15 @@ if [ $# -eq 1 ]; then
     do
       NS=$((i - 1))
       kubectl get edgedevices -n $NS --no-headers | awk -v ns=$NS '{print $1 " --namespace=" ns}' |  xargs -P 20 -n 2 kubectl patch edgedevice -p '{"metadata":{"finalizers":null}}' --type=merge
-      kubectl get edgedeployment -n $NS --no-headers | awk -v ns=$NS '{print $1 " --namespace=" ns}' | xargs -P 20  -n 2 kubectl patch edgedeployment -p '{"metadata":{"finalizers":null}}' --type=merge
+      kubectl get edgeworkload -n $NS --no-headers | awk -v ns=$NS '{print $1 " --namespace=" ns}' | xargs -P 20  -n 2 kubectl patch edgeworkload -p '{"metadata":{"finalizers":null}}' --type=merge
       kubectl delete edgedevice --all -n $NS
-      kubectl delete edgedeployments --all -n $NS
+      kubectl delete edgeworkloads --all -n $NS
       kubectl delete ns $NS
     done
     exit 0
 fi
 
 kubectl get edgedevices --all-namespaces --no-headers | awk '{print $2 " --namespace=" $1}' |  xargs -P 20 -n 2 kubectl patch edgedevice -p '{"metadata":{"finalizers":null}}' --type=merge
-kubectl get edgedeployment --all-namespaces --no-headers | awk '{print $2 " --namespace=" $1}' | xargs -P 20 -n 2 kubectl patch edgedeployment -p '{"metadata":{"finalizers":null}}' --type=merge
+kubectl get edgeworkload --all-namespaces --no-headers | awk '{print $2 " --namespace=" $1}' | xargs -P 20 -n 2 kubectl patch edgeworkload -p '{"metadata":{"finalizers":null}}' --type=merge
 kubectl delete edgedevice --all --all-namespaces
-kubectl delete edgedeployments --all --all-namespaces
+kubectl delete edgeworkloads --all --all-namespaces