8ec8900d31
Why I did it Support OpenSSL FIPS 140-3, see design doc: https://github.com/Azure/SONiC/blob/master/doc/fips/SONiC-OpenSSL-FIPS-140-3.md. How I did it Install the fips packages. To build the fips packages, see https://github.com/Azure/sonic-fips Azure pipelines: https://dev.azure.com/mssonic/build/_build?definitionId=412 How to verify it Validate the SymCrypt engine: admin@sonic:~$ dpkg-query -W | grep openssl openssl 1.1.1k-1+deb11u1+fips symcrypt-openssl 0.1 admin@sonic:~$ openssl engine -v | grep -i symcrypt (symcrypt) SCOSSL (SymCrypt engine for OpenSSL) admin@sonic:~$
196 lines
5.0 KiB
YAML
196 lines
5.0 KiB
YAML
# Starter pipeline
|
|
# Start with a minimal pipeline that you can customize to build and deploy your code.
|
|
# Add steps that build, run tests, deploy, and more:
|
|
# https://aka.ms/yaml
|
|
|
|
trigger:
|
|
branches:
|
|
include:
|
|
- master
|
|
- 202012
|
|
paths:
|
|
exclude:
|
|
- .github
|
|
|
|
pr:
|
|
branches:
|
|
include:
|
|
- master
|
|
- 202012
|
|
- bullseye
|
|
paths:
|
|
exclude:
|
|
- .github
|
|
|
|
name: $(TeamProject)_$(Build.DefinitionName)_$(SourceBranchName)_$(Date:yyyyMMdd)$(Rev:.r)
|
|
|
|
resources:
|
|
repositories:
|
|
- repository: sonic-mgmt
|
|
type: github
|
|
name: Azure/sonic-mgmt
|
|
endpoint: build
|
|
- repository: buildimage
|
|
type: github
|
|
name: Azure/sonic-buildimage
|
|
endpoint: build
|
|
ref: master
|
|
|
|
variables:
|
|
- template: .azure-pipelines/azure-pipelines-repd-build-variables.yml
|
|
- ${{ if eq(variables['Build.Reason'], 'PullRequest') }}:
|
|
- template: .azure-pipelines/template-variables.yml
|
|
- ${{ else }}:
|
|
- template: .azure-pipelines/template-variables.yml@buildimage
|
|
- name: CACHE_MODE
|
|
value: rcache
|
|
- name: ENABLE_FIPS
|
|
value: y
|
|
|
|
stages:
|
|
- stage: BuildVS
|
|
pool: sonicbld
|
|
jobs:
|
|
- template: .azure-pipelines/azure-pipelines-build.yml
|
|
parameters:
|
|
buildOptions: 'USERNAME=admin SONIC_BUILD_JOBS=$(nproc) ${{ variables.VERSION_CONTROL_OPTIONS }}'
|
|
jobGroups:
|
|
- name: vs
|
|
|
|
- stage: Build
|
|
pool: sonicbld
|
|
dependsOn: []
|
|
jobs:
|
|
- template: .azure-pipelines/azure-pipelines-build.yml
|
|
parameters:
|
|
buildOptions: 'USERNAME=admin SONIC_BUILD_JOBS=$(nproc) ${{ variables.VERSION_CONTROL_OPTIONS }}'
|
|
jobGroups:
|
|
- name: broadcom
|
|
variables:
|
|
swi_image: yes
|
|
- name: mellanox
|
|
- name: marvell-armhf
|
|
pool: sonicbld-armhf
|
|
timeoutInMinutes: 1200
|
|
variables:
|
|
PLATFORM_ARCH: armhf
|
|
|
|
- stage: Test
|
|
dependsOn: BuildVS
|
|
variables:
|
|
- name: inventory
|
|
value: veos_vtb
|
|
- name: testbed_file
|
|
value: vtestbed.csv
|
|
|
|
jobs:
|
|
- job:
|
|
pool: sonictest
|
|
displayName: "vstest"
|
|
timeoutInMinutes: 60
|
|
steps:
|
|
- checkout: self
|
|
clean: true
|
|
submodules: recursive
|
|
displayName: 'Checkout code'
|
|
|
|
- task: DownloadPipelineArtifact@2
|
|
inputs:
|
|
source: specific
|
|
project: build
|
|
pipeline: 9
|
|
artifact: sonic-swss-common.amd64.ubuntu20_04
|
|
runVersion: 'latestFromBranch'
|
|
runBranch: 'refs/heads/master'
|
|
displayName: "Download sonic swss common deb packages"
|
|
|
|
- task: DownloadPipelineArtifact@2
|
|
inputs:
|
|
artifact: sonic-buildimage.vs
|
|
displayName: "Download sonic-buildimage.vs artifact"
|
|
|
|
- script: |
|
|
set -x
|
|
sudo dpkg -i --force-confask,confnew ../libswsscommon_1.0.0_amd64.deb
|
|
sudo dpkg -i ../python3-swsscommon_1.0.0_amd64.deb
|
|
sudo docker load -i ../target/docker-sonic-vs.gz
|
|
docker tag docker-sonic-vs:latest docker-sonic-vs:$(Build.BuildNumber)
|
|
username=$(id -un)
|
|
|
|
trap "docker ps; docker images; ip netns list; \
|
|
docker rmi docker-sonic-vs:$(Build.BuildNumber); \
|
|
ip netns list | grep -E [-]srv[0-9]+ | awk '{print $1}' | xargs -I {} sudo ip netns delete {}; \
|
|
sudo chown -R ${username}.${username} .; \
|
|
sudo chown -R ${username}.${username} $(System.DefaultWorkingDirectory)" EXIT
|
|
pushd platform/vs/tests
|
|
sudo py.test -v --junitxml=tr.xml --imgname=docker-sonic-vs:$(Build.BuildNumber)
|
|
displayName: "Run vs tests"
|
|
|
|
- task: PublishTestResults@2
|
|
inputs:
|
|
testResultsFiles: '**/tr.xml'
|
|
testRunTitle: vstest
|
|
|
|
- job: t0_part1
|
|
pool: sonictest
|
|
displayName: "kvmtest-t0-part1"
|
|
timeoutInMinutes: 360
|
|
|
|
steps:
|
|
- template: .azure-pipelines/run-test-template.yml
|
|
parameters:
|
|
dut: vlab-01
|
|
tbname: vms-kvm-t0
|
|
ptf_name: ptf_vms6-1
|
|
tbtype: t0
|
|
section: part-1
|
|
|
|
- job: t0_part2
|
|
pool: sonictest
|
|
displayName: "kvmtest-t0-part2"
|
|
timeoutInMinutes: 360
|
|
|
|
steps:
|
|
- template: .azure-pipelines/run-test-template.yml
|
|
parameters:
|
|
dut: vlab-01
|
|
tbname: vms-kvm-t0
|
|
ptf_name: ptf_vms6-1
|
|
tbtype: t0
|
|
section: part-2
|
|
|
|
- job:
|
|
pool: sonictest
|
|
displayName: "kvmtest-t0"
|
|
timeoutInMinutes: 360
|
|
dependsOn:
|
|
- t0_part1
|
|
- t0_part2
|
|
condition: always()
|
|
variables:
|
|
resultOfPart1: $[ dependencies.t0_part1.result ]
|
|
resultOfPart2: $[ dependencies.t0_part2.result ]
|
|
|
|
steps:
|
|
- script: |
|
|
if [ $(resultOfPart1) == "Succeeded" ] && [ $(resultOfPart2) == "Succeeded" ]; then
|
|
echo "Both job kvmtest-t0-part1 and kvmtest-t0-part2 are passed."
|
|
exit 0
|
|
else
|
|
echo "Either job kvmtest-t0-part1 or job kvmtest-t0-part2 failed! Please check the detailed information."
|
|
exit 1
|
|
fi
|
|
|
|
- job:
|
|
pool: sonictest-t1-lag
|
|
displayName: "kvmtest-t1-lag"
|
|
timeoutInMinutes: 240
|
|
|
|
steps:
|
|
- template: .azure-pipelines/run-test-template.yml
|
|
parameters:
|
|
dut: vlab-03
|
|
tbname: vms-kvm-t1-lag
|
|
ptf_name: ptf_vms6-2
|
|
tbtype: t1-lag
|