-
Notifications
You must be signed in to change notification settings - Fork 50
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* add image pushing and tagging functionality from build_docker.sh script to Makefile Signed-off-by: Max Fisher <maxfisher@google.com> * make separate recipe for pushing images Signed-off-by: Max Fisher <maxfisher@google.com> * create test/ directory and add local e2e testing using docker-compose; adapt Makefile accordingly Signed-off-by: Max Fisher <maxfisher@google.com> * create configs/e2e to hold base docker-compose.yml configuration, make examples/e2e and test/e2e use/override this, update READMEs accordingly Signed-off-by: Max Fisher <maxfisher@google.com> * rename docker compose project for e2e test Signed-off-by: Max Fisher <maxfisher@google.com> * improve wording in e2e test readme Signed-off-by: Max Fisher <maxfisher@google.com> * rename configs/compose-e2e -> configs/e2e Signed-off-by: Max Fisher <maxfisher@google.com> --------- Signed-off-by: Max Fisher <maxfisher@google.com>
- Loading branch information
1 parent
f0721c6
commit 1eb3d83
Showing
7 changed files
with
144 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
# End to End Testing with Package-Feeds integration | ||
|
||
This directory helps run end-to-end tests of the package analysis system | ||
to ensure everything is working properly. | ||
In particular, local changes to both the worker/analysis and sandbox images can be tested | ||
before they are pushed to the docker registry. | ||
|
||
The test is orchestrated using docker-compose, using an adapted setup based on the one in | ||
`configs/e2e`. All the necessary commands can be run via the project Makefile. | ||
|
||
## Running | ||
|
||
### Starting the test | ||
|
||
In the top-level project directory, run | ||
|
||
```shell | ||
$ make RELEASE_TAG=test docker_build_all # rebuild images with 'test' tag | ||
$ make e2e_test_start | ||
|
||
``` | ||
|
||
### Stopping the test | ||
|
||
In the top-level project directory, run | ||
|
||
```shell | ||
$ make e2e_test_stop | ||
``` | ||
|
||
## Analysis Output | ||
|
||
Output can be found at http://localhost:9000/minio/package-analysis, | ||
using the following credentials for authentication: | ||
|
||
- username: `minio` | ||
- password: `minio123` | ||
|
||
## Logs Access | ||
|
||
In the top-level project directory, run | ||
|
||
`make e2e_test_logs_feeds` to see information on the packages which have been send downstream. | ||
|
||
`make e2e_test_logs_scheduler` to see information on the packages which have been received and proxied onto the analysis workers. | ||
|
||
`make e2e_tests_logs_analysis` to see analysis stdout (too much to be useful); better to check minio output as described above. | ||
|
||
## PubSub (Kafka) Inspection | ||
|
||
Output from the Kafka PubSub topics can be inspected using | ||
[KafkaCat](https://github.com/edenhill/kcat). | ||
|
||
1. Install `kafkacat` or `kcat` (e.g. `sudo apt install kafkacat`) | ||
2. Run `kafkacat` to observe the topics: | ||
- package-feeds: `kafkacat -C -J -b localhost:9094 -t package-feeds` | ||
- workers: `kafkacat -C -J -b localhost:9094 -t workers` | ||
- notifications: `kafkacat -C -J -b localhost:9094 -t notifications` | ||
|
||
## Troubleshooting | ||
|
||
### Feeds does not start (missing config) | ||
|
||
This can happen if `./config` is not world-readable. You will see the error message `open /config/feeds.yml: permission denied` in the feeds logs. | ||
|
||
To fix simply run: | ||
|
||
```shell | ||
$ chmod ugo+rx ./config | ||
$ chmod ugo+r ./config/feeds.yml | ||
``` | ||
|
||
### Sandbox container is not starting (cgroups v2) | ||
|
||
If the `analysis` logs show failures when trying to start the sandbox container, your machine may need to be configured to use cgroups v2. | ||
|
||
To work with cgroups v2 you will need to: | ||
|
||
1. add/edit `/etc/docker/daemon.json` and the following: | ||
|
||
```json | ||
{ | ||
"default-cgroupns-mode": "host" | ||
} | ||
``` | ||
|
||
2. restart dockerd (if it is running). e.g.: | ||
|
||
```shell | ||
$ systemctl restart docker.service | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
version: "3" | ||
services: | ||
analysis: | ||
image: gcr.io/ossf-malware-analysis/analysis:test | ||
environment: | ||
OSSF_SANDBOX_NOPULL: "true" | ||
# for mounting local sandbox images inside container | ||
volumes: | ||
- "/var/lib/containers:/var/lib/containers" | ||
|
||
scheduler: | ||
image: gcr.io/ossf-malware-analysis/scheduler:test |