-
Notifications
You must be signed in to change notification settings - Fork 12
/
docker-compose.test.yml
236 lines (224 loc) · 6.92 KB
/
docker-compose.test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
version: '2.2'
services:
sut:
hostname: behave
image: jpvriel/behave
build:
context: test
dockerfile: Dockerfile-behave.test
args:
- http_proxy
- https_proxy
- ftp_proxy
- no_proxy
mem_limit: 512m
stdin_open: true
tty: true
env_file:
- ./test/test_syslog_server.env
depends_on:
- test_syslog_server_config
- test_syslog_server
# test cases need to relay / forward to the following
- test_kafka
- test_syslog_relay
- test_syslog_relay_udp_spoof
- test_json_relay
# test clients / generate events
- test_syslog_client_centos7
- test_syslog_client_ubuntu1804
volumes:
- ./test:/tmp/test
- syslog_log:/var/log/remote:ro
- syslog_metrics:/var/log/impstats:ro
- syslog_relay:/tmp/syslog_relay:ro
- syslog_relay_udp_spoof:/tmp/syslog_relay_udp_spoof:ro
- json_relay:/tmp/json_relay:ro
# rsyslog config validation
# Note:
# - sut depends on this running and creating files with outputs using a shared volume
# - allows for testing/checking how config was built from env vars and confd templates
# TODO: not sure if there is a better way for sut to be able to see and check output
test_syslog_server_config:
hostname: syslog-server-config
image: jpvriel/rsyslog:${VERSION:-latest}
build:
context: .
dockerfile: Dockerfile
args:
- VERSION
- BUILD_DATE
- http_proxy
- https_proxy
- ftp_proxy
- no_proxy
- DISABLE_YUM_MIRROR
env_file:
- ./test/test_syslog_server.env
# use $$ for a literal $ value in shellscript and avoid docker-compose interpolating $
entrypoint: |
bash -c '
mkdir -p /tmp/test/config_check
/usr/local/bin/entrypoint.sh rsyslogd -N1 > /tmp/test/config_check/rsyslog_n1_output.txt 2>&1
rsyslog_exit_code=$$?
echo -n $$rsyslog_exit_code > /tmp/test/config_check/rsyslog_n1_exit_code.txt
cat /tmp/test/config_check/rsyslog_n1_output.txt
/usr/local/bin/rsyslog_config_expand.py > /tmp/test/config_check/rsyslog_expanded_output.txt
mkdir -p /tmp/test/config_check/etc
cp -r /etc/rsyslog.conf /etc/rsyslog.d /tmp/test/config_check/etc/
if [ $$rsyslog_exit_code -ne 0 ]; then
echo "rsyslogd -N1 check failed. Refer to test/config_check/rsyslog_n1_output.txt." >&2
fi
'
volumes:
- ./test/etc/rsyslog.d/output/filters/:/etc/rsyslog.d/output/filters/
- ./test/etc/rsyslog.d/extra/:/etc/rsyslog.d/extra/
- ./test/config_check:/tmp/test/config_check
mem_limit: 256m
# syslog clients to be tested
test_syslog_client_centos7:
hostname: test-syslog-client-centos7
image: jpvriel/syslog_client_centos7
build:
context: test
dockerfile: Dockerfile-syslog_client_centos7.test
args:
- http_proxy
- https_proxy
- ftp_proxy
- no_proxy
mem_limit: 256m
depends_on:
- test_syslog_server
test_syslog_client_ubuntu1804:
hostname: test-syslog-client-ubuntu1804
image: jpvriel/syslog_client_ubuntu1804
build:
context: test
dockerfile: Dockerfile-syslog_client_ubuntu1804.test
args:
- http_proxy
- https_proxy
- ftp_proxy
- no_proxy
mem_limit: 256m
volumes:
- ./test/tls_x509/certs/test-ca.cert.pem:/usr/local/etc/ssl/test/test-ca.cert.pem
- ./test/tls_x509/private/test-syslog-client-ubuntu1804.key.pem:/usr/local/etc/ssl/test/test-syslog-client-ubuntu1804.key.pem
- ./test/tls_x509/certs/test-syslog-client-ubuntu1804.cert.pem:/usr/local/etc/ssl/test/test-syslog-client-ubuntu1804.cert.pem
# remote outputs to be tested, e.g. kafka
test_zookeeper:
hostname: test-zookeeper
image: zookeeper
mem_limit: 512m
test_kafka:
hostname: test-kafka
image: wurstmeister/kafka
mem_limit: 512m
depends_on:
- test_zookeeper
env_file:
- ./test/test_kafka.env
volumes:
- ./test/tls_x509/certs/test-ca.jks:/usr/local/etc/ssl/test/test-ca.jks
- ./test/tls_x509/private/test-kafka.pfx:/usr/local/etc/ssl/test/test-kafka.pfx
- ./test/kafka/config/kafka_server_jaas.conf:/opt/kafka/config/kafka_server_jaas.conf
# To test syslog relay/forwarding
test_syslog_relay:
image: jpvriel/netcat
build:
context: test
dockerfile: Dockerfile-netcat.test
hostname: syslog_relay
mem_limit: 64m
volumes:
- syslog_relay:/tmp/syslog_relay
ports:
- "10514/tcp"
command: sh -c 'nc -lk 0.0.0.0 10514 > /tmp/syslog_relay/nc.out'
# To test syslog omudpspoof relay/forwarding
test_syslog_relay_udp_spoof:
image: jpvriel/netcat
build:
context: test
dockerfile: Dockerfile-netcat.test
hostname: syslog_relay_udp_spoof
mem_limit: 64m
volumes:
- syslog_relay_udp_spoof:/tmp/syslog_relay_udp_spoof
ports:
- "10514/udp"
# While contradicted by the man page which stats -w is ignored if -l is specified, for UDP, netcat needs `-w 0` set to be able to remain open after receiving a UDP packet. Otherwise it seems to stop listening.
command: sh -c 'nc -q -1 -w 0 -u -lk 0.0.0.0 10514 > /tmp/syslog_relay_udp_spoof/nc.out'
# To test forwarding as JSON output
test_json_relay:
hostname: test-json-relay
image: jpvriel/netcat
build:
context: test
dockerfile: Dockerfile-netcat.test
mem_limit: 64m
volumes:
- json_relay:/tmp/json_relay
ports:
- "15000"
command: sh -c 'nc -lk 0.0.0.0 15000 > /tmp/json_relay/nc.out'
# Main syslog server (the test object / target)
test_syslog_server:
hostname: test-syslog-server
image: jpvriel/rsyslog:${VERSION:-latest}
build:
context: .
dockerfile: Dockerfile
args:
- VERSION
- BUILD_DATE
- http_proxy
- https_proxy
- ftp_proxy
- no_proxy
- DISABLE_YUM_MIRROR
mem_limit: 16g
cap_add:
- SYS_NICE
stop_grace_period: 15s
env_file:
- ./test/test_syslog_server.env
healthcheck:
test: ["CMD", "/usr/local/bin/rsyslog_healthcheck.sh"]
interval: 5s
timeout: 5s
retries: 3
volumes:
- ./test/etc/rsyslog.d/output/filters/:/etc/rsyslog.d/output/filters/
- ./test/etc/rsyslog.d/extra/:/etc/rsyslog.d/extra/
- syslog_log:/var/log/remote
- syslog_metrics:/var/log/impstats
volumes:
# Volumes below get shared with the behave container so that files therein can
# be inspected
syslog_relay:
driver: local
driver_opts:
type: tmpfs
device: tmpfs
syslog_relay_udp_spoof:
driver: local
driver_opts:
type: tmpfs
device: tmpfs
json_relay:
driver: local
driver_opts:
type: tmpfs
device: tmpfs
syslog_log:
driver: local
driver_opts:
type: tmpfs
device: tmpfs
syslog_metrics:
driver: local
driver_opts:
type: tmpfs
device: tmpfs