Update test plans to use secured connectivity with the operator

.gitignore

@@ -13,3 +13,4 @@
 
 # Dependency directories (remove the comment below to include it)
 # vendor/
+*.log

README.md

@@ -1,6 +1,15 @@
 # flotta-scale-tests
 The purpose of this project is to test the scalability and performance of [project-flotta](https://github.com/project-flotta/flotta-operator) using [JMeter](https://jmeter.apache.org).
 
+## Install OCP SNO cluster
+Clone https://github.com/openshift/assisted-test-infra and see https://github.com/openshift/assisted-test-infra#single-node---bootstrap-in-place-with-assisted-service for instructions
+Set the KUBECONFIG variable with the path where the kube config file is located.
+
+Clone https://github.com/project-flotta/flotta-operator then generate and push docker image to your repository.
+Run `TARGET=ocp IMG=<your image> make  ` to deploy flotta operator to your cluster.
+
+Add entry to your /etc/hosts file with the IP address of the cluster (`oc get nodes -o wide`) with name project-flotta.io
+
 ## Running the test plan
 Use [./scripts/run_test_plan.sh](./scripts/run_test_plan.sh) to run the test plan.
 The script will create the required resources on the cluster for running the test.
@@ -26,4 +35,4 @@ The [basic test plan](./test_plans/flotta_test_plan.jmx) runs the following scen
   * In Loop:
     * Sends heartbeats to the server
     * Get updates from the server
-
+

generate_devices_and_workload.sh

@@ -0,0 +1,187 @@
+#!/bin/bash 
+NB_DEVICES=$1
+SCRIPT=$(readlink -f "$0")
+export SCRIPT_DIR=$(dirname "$SCRIPT")
+export CERTS_FOLDER=${SCRIPT_DIR}/certs
+export REGISTRATION_FOLDER=${SCRIPT_DIR}/logs/registration
+export ENROL_FOLDER=${SCRIPT_DIR}/logs/enrol
+rm -rf ${SCRIPT_DIR}/logs $CERTS_FOLDER
+mkdir -p $REGISTRATION_FOLDER
+mkdir -p $ENROL_FOLDER
+mkdir -p $CERTS_FOLDER
+export HTTP_SERVER=127.0.0.1
+export HTTP_SERVER_PORT=8043
+for p in $(kubectl -n flotta-test get edgedevices --no-headers | awk '{print $1}'); do kubectl -n flotta-test patch edgedevices $p -p '{"metadata":{"finalizers":null}}' --type=merge >/dev/null; done
+
+kubectl delete namespace flotta-test
+kubectl create namespace flotta-test
+
+BASE_SERIAL=$(uuidgen)
+for i in $(seq 1 $NB_DEVICES); do 
+  DEVICE_ID=$(uuidgen)
+  PAYLOAD='{
+    "content": {
+        "target_namespace": "flotta-test",
+        "features": {
+            "hardware": {
+                "cpu": {
+                    "architecture": "x86_64",
+                    "flags": [],
+                    "model_name": "Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz"
+                },
+                "hostname": "fedora",
+                "system_vendor": {
+                    "manufacturer": "LENOVO",
+                    "product_name": "azerty'$(expr $i % 2)'",
+                    "serial_number": "'${BASE_SERIAL}_${i}'"
+                }
+            },
+            "os_image_id": "unknown"
+
+          }
+      },
+    "directive": "enrolment",
+    "message_id": "${__UUID()}",
+    "sent": "2021-11-21T14:45:25.271+02:00",
+    "type": "data",
+    "version": 1
+
+  }'
+  DEVICE_ID=default CERTS_FOLDER=$CERTS_FOLDER sh scripts/generate_certs.sh >> $CERTS_FOLDER/logs.out 2>> $CERTS_FOLDER/logs.err
+
+  DEVICE_ID=$DEVICE_ID PAYLOAD=$PAYLOAD sh scripts/enrol_device.sh  >> $ENROL_FOLDER/logs.out 2>> $ENROL_FOLDER/logs.err
+
+
+  ## Registration
+
+  PAYLOAD='{
+    "content": {
+            "hardware": {
+                "cpu": {
+                    "architecture": "x86_64",
+                    "flags": [],
+                    "model_name": "Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz"
+                },
+                "hostname": "fedora",
+                "system_vendor": {
+                    "manufacturer": "LENOVO",
+                    "product_name": "azerty'$(expr $i % 2)'",
+                    "serial_number": "'${BASE_SERIAL}_${i}'"
+                }
+            },
+            "os_image_id": "unknown"
+      },
+    "directive": "registration",
+    "message_id": "'$(uuidgen)'",
+    "sent": "2021-11-21T14:45:25.271+02:00",
+    "type": "data",
+    "version": 1
+
+  }'
+
+  DEVICE_ID=$DEVICE_ID PAYLOAD=$PAYLOAD sh scripts/register_device.sh >> $REGISTRATION_FOLDER/logs.out 2>> $REGISTRATION_FOLDER/logs.err
+done
+SELECTOR_ALL="device.system-manufacturer: lenovo"
+SELECTOR_ODD="device.system-product: azerty1"
+SELECTOR_PAIR="device.system-product: azerty0"
+SELECTOR_UNIQUE="device.system-serial: ${BASE_SERIAL}_1"
+
+# A pretend Python dictionary with bash 3 
+WORKLOADS_SELECTOR=( "all:$SELECTOR_ALL"
+        "odd:$SELECTOR_ODD"
+        "pair:$SELECTOR_PAIR"
+        "unique:$SELECTOR_UNIQUE" )
+
+for WORKLOAD_SELECTOR in "${WORKLOADS_SELECTOR[@]}" ; do
+    SELECTOR_NAME=${WORKLOAD_SELECTOR%%:*}
+    SELECTOR=${WORKLOAD_SELECTOR#*:}
+    printf "%s apply %s.\n" "$SELECTOR_NAME" "$SELECTOR"
+    WORKLOAD="
+apiVersion: management.project-flotta.io/v1alpha1
+kind: EdgeWorkload
+metadata:
+  name: edgeworkload-sample-${SELECTOR_NAME}
+  namespace: flotta-test
+spec:
+  deviceSelector:
+    matchLabels:
+      $SELECTOR
+  data:
+    paths:
+      - source: .
+        target: nginx
+  type: pod
+  pod:
+    spec:
+      containers:
+        - name: nginx
+          image: docker.io/nginx:1.14.2
+          ports:
+            - containerPort: 80
+              hostPort: 9090
+"
+    echo "$WORKLOAD" | kubectl apply -f - > /dev/null
+done
+echo "=================="
+if [[ $NB_DEVICES -lt 2 ]]; then
+  echo "!!! Warn: Amount of device the create is $NB_DEVICES which is lower than 2, tests checking the expected amount of devices matching a workload will fail"
+fi
+echo -n "Checking if workloads are correctly depoloyed on devices..."
+
+NB_ODD_EXPTECTED=$(expr $NB_DEVICES / 2)
+NB_PAIR_EXPTECTED=$(expr $NB_DEVICES - $NB_ODD_EXPTECTED)
+NB_ALL_DEVICES=0
+NB_ODD_DEVICES=0
+NB_PAIR_DEVICES=0
+NB_UNIQUE_DEVICES=0
+
+for DEVICE in $(kubectl -n flotta-test get edgedevice --no-headers | awk '{print $1}')
+do
+  kubectl -n flotta-test get edgedevices $DEVICE -o yaml | grep "name: edgeworkload-sample-all" > /dev/null
+  if [[ $? -ne 0 ]]; then
+    echo $'\n'"Error: $DEVICE should have workload edgeworkload-sample-all but has not" 
+  else
+    let "NB_ALL_DEVICES++"
+  fi
+done
+if [[ $NB_ALL_DEVICES -ne $NB_DEVICES ]]; then
+  echo $'\n'"Error: edgeworkload-sample-all is not apply to all devices created: should be $NB_DEVICES get $NB_ALL_DEVICES"
+fi
+
+for ODD_DEVICE in $(kubectl -n flotta-test get edgedevice -l device.system-product=azerty1 --no-headers | awk '{print $1}'); do
+  kubectl -n flotta-test get edgedevices $ODD_DEVICE -o yaml | grep "name: edgeworkload-sample-odd" > /dev/null
+  if [[ $? -ne 0 ]]; then
+    echo $'\n'"Error: $ODD_DEVICE should have workload edgeworkload-sample-odd but has not" 
+  else
+    let "NB_ODD_DEVICES++"
+  fi
+done
+if [[ $NB_ODD_DEVICES -ne $NB_ODD_EXPTECTED ]]; then
+  echo $'\n'"Error: edgeworkload-sample-odd is not apply to all devices created: should be $NB_ODD_EXPTECTED get $NB_ODD_DEVICES"
+fi
+
+for PAIR_DEVICE in $(kubectl -n flotta-test get edgedevice -l device.system-product=azerty0 --no-headers | awk '{print $1}'); do
+  kubectl -n flotta-test get edgedevices $PAIR_DEVICE -o yaml | grep "name: edgeworkload-sample-pair" > /dev/null
+  if [[ $? -ne 0 ]]; then
+    echo $'\n'"Error: $PAIR_DEVICE should have workload edgeworkload-sample-pair but has not" 
+  else
+    let "NB_PAIR_DEVICES++"
+  fi
+done
+if [[ $NB_PAIR_DEVICES -ne $NB_PAIR_EXPTECTED ]]; then
+  echo $'\n'"Error: edgeworkload-sample-pair is not apply to all devices created: should be $NB_PAIR_EXPTECTED get $NB_PAIR_DEVICES"
+fi
+
+for UNIQUE_DEVICE in $(kubectl -n flotta-test get edgedevice -l device.system-serial=${BASE_SERIAL}_1 --no-headers | awk '{print $1}'); do
+  kubectl -n flotta-test get edgedevices $UNIQUE_DEVICE -o yaml | grep "name: edgeworkload-sample-unique" > /dev/null
+  if [[ $? -ne 0 ]]; then
+    echo $'\n'"Error: $UNIQUE_DEVICE should have workload edgeworkload-sample-unique but has not" 
+  else
+    let "NB_UNIQUE_DEVICES++"
+  fi
+done
+if [[ $NB_UNIQUE_DEVICES -ne 1 ]]; then
+  echo "Error: edgeworkload-sample-unique is not apply to all devices created: should be 1 get $NB_UNIQUE_DEVICES"
+fi
+
+echo "Done"

samples/edgedevice-registration-simple.json.in

@@ -0,0 +1,24 @@
+{
+   "content": {
+       "certificate_request": "$CERTIFICATE_REQUEST",
+       "hardware": {
+           "cpu": {
+               "architecture": "x86_64",
+               "flags": [],
+               "model_name": "Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz"
+           },
+           "hostname": "$HOSTNAME",
+           "system_vendor": {
+               "manufacturer": "LENOVO",
+               "product_name": "${PRODUCT_NAME}",
+               "serial_number": "${SERIAL_NAME}"
+           }
+       },
+       "os_image_id": "unknown"
+   },
+   "directive": "registration",
+   "message_id": "$UUID",
+   "sent": "2021-11-21T14:45:25.271+02:00",
+   "type": "data",
+   "version": 1
+}

samples/edgedeployment.json.in → samples/edgeworkload.json.in

@@ -1,6 +1,6 @@
 {
     "apiVersion": "management.project-flotta.io/v1alpha1",
-    "kind": "EdgeDeployment",
+    "kind": "EdgeWorkload",
         "name": "${DEPLOYMENT_NAME}-${DEPLOYMENT_SUFFIX}",
         "namespace": "${NAMESPACE}",
     },

scripts/create_output_streams.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+mkdir -p ${REGISTRATION_FOLDER}
+mkdir -p ${GET_UPDATES_FOLDER}
+mkdir -p ${HEARTBEAT_FOLDER}
+
+touch ${REGISTRATION_FOLDER}/${DEVICE_ID}_register.out
+touch ${REGISTRATION_FOLDER}/${DEVICE_ID}_register.err 
+touch ${GET_UPDATES_FOLDER}/${DEVICE_ID}_get_updates.err
+touch ${GET_UPDATES_FOLDER}/${DEVICE_ID}_get_updates.out
+touch ${HEARTBEAT_FOLDER}/${DEVICE_ID}_heartbeat.out
+touch ${HEARTBEAT_FOLDER}/${DEVICE_ID}_heartbeat.err

scripts/enrol_device.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+
+echo "${PAYLOAD}" |  envsubst > ${ENROL_FOLDER}/${DEVICE_ID}_enrol_payload.json
+
+#Verify!
+cat ${ENROL_FOLDER}/${DEVICE_ID}_enrol_payload.json | jq .
+
+if [ $? -ne 0 ]; then
+ echo "Error when checking ${ENROL_FOLDER}/${DEVICE_ID}_enrol_payload.json"
+ exit -1
+fi
+echo "curl \
+  --cacert ${CERTS_FOLDER}/default_ca.pem \\
+  --cert ${CERTS_FOLDER}/default_cert.pem \\
+  --key ${CERTS_FOLDER}/default_key.pem -v \\
+  -d @${ENROL_FOLDER}/${DEVICE_ID}_enrol_payload.json \\
+  -X POST \\
+  -H \"Content-Type: application/json\" \
+  -i \\
+  https://${HTTP_SERVER}:${HTTP_SERVER_PORT}/api/flotta-management/v1/data/${DEVICE_ID}/out > ${ENROL_FOLDER}/${DEVICE_ID}_enrol_response.json"
+
+curl \
+  --cacert ${CERTS_FOLDER}/default_ca.pem \
+  --cert ${CERTS_FOLDER}/default_cert.pem \
+  --key ${CERTS_FOLDER}/default_key.pem -v \
+  -d @${ENROL_FOLDER}/${DEVICE_ID}_enrol_payload.json \
+  -X POST \
+  -H "Content-Type: application/json" \
+  -i \
+  https://${HTTP_SERVER}:${HTTP_SERVER_PORT}/api/flotta-management/v1/data/${DEVICE_ID}/out > ${ENROL_FOLDER}/${DEVICE_ID}_enrol_response.json
+
+if [ $? -ne 0 ]; then
+ echo "Error when sending enrol request, see  ${ENROL_FOLDER}/${DEVICE_ID}_enrol.out"
+ exit -1
+fi
+
+cat ${ENROL_FOLDER}/${DEVICE_ID}_enrol_response.json | grep 208 > /dev/null
+if [ $? -eq 0 ]; then
+  echo "Device ${DEVICE_ID} already enroled"
+  exit -1
+else
+  cat ${ENROL_FOLDER}/${DEVICE_ID}_enrol_response.json | grep 200 > /dev/null
+  if [ $? -ne 0 ]; then
+    echo "Error when sending enrol request, see  ${ENROL_FOLDER}/${DEVICE_ID}_enrol_response.json"
+    exit -1
+  fi
+fi
+
+exit 0

scripts/generate_certs.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+if [[ -z "${CERTS_FOLDER}" ]]; then
+  export CERTS_FOLDER="${test_dir}/certs"
+  echo "CERTS_FOLDER no defined, setting it to ${CERTS_FOLDER}"
+fi
+mkdir -p $CERTS_FOLDER
+
+# make get-certs
+kubectl -n flotta get secrets flotta-ca --template="{{index .data \"ca.crt\" | base64decode}}" > ${CERTS_FOLDER}/${DEVICE_ID}_ca.pem
+export REG_SECRET_NAME=$(kubectl get secrets -n flotta -l reg-client-ca=true --sort-by=.metadata.creationTimestamp | tail -1 | awk '{print $1}')
+kubectl -n flotta get secret ${REG_SECRET_NAME} --template="{{index .data \"client.crt\" | base64decode}}" > ${CERTS_FOLDER}/${DEVICE_ID}_cert.pem
+kubectl -n flotta get secret ${REG_SECRET_NAME} --template="{{index .data \"client.key\" | base64decode}}" > ${CERTS_FOLDER}/${DEVICE_ID}_key.pem
+# make get-certs END

scripts/get_device_update.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+echo "curl -XGET \\
+  --cacert ${CERTS_FOLDER}/default_ca.pem \\
+  --cert ${CERTS_FOLDER}/${DEVICE_ID}.pem \\
+  --key ${CERTS_FOLDER}/${DEVICE_ID}.key -v \\
+  -H \"Content-Type: application/json\" \\
+  -H \"Cache-Control: no-cache\" \\
+  https://${HTTP_SERVER}:${HTTP_SERVER_PORT}/${REQUEST_PATH}"
+
+curl -XGET \
+  --cacert ${CERTS_FOLDER}/default_ca.pem \
+  --cert ${CERTS_FOLDER}/${DEVICE_ID}.pem \
+  --key ${CERTS_FOLDER}/${DEVICE_ID}.key -v \
+  -H "Content-Type: application/json" \
+  -H "Cache-Control: no-cache" \
+  https://${HTTP_SERVER}:${HTTP_SERVER_PORT}/${REQUEST_PATH}
+
+if [ $? -ne 0 ]; then
+  echo "Error getting device updates"
+  exit -1
+fi;
+
+exit 0