Installation guide

Security

Due to some security issues, it is strongly advised to use Squash TM 2.2.0 (or higher 2.X.Y) or any version greater or equal to 3.0.0.

This page describes how to install one by one all the components of Squash DEVOPS.

Legend

† indicates a component which is common to Squash AUTOM and Squash DEVOPS.
️‡ indicates a Premium component. An overview of the Premium features is available here. To benefit of these or to ask for more information, check our website or contact us.

Diagrams

Overview of Squash AUTOM and Squash DEVOPS components

Architecture diagram

Interconnections

Diagram of all interconnections

Squash Orchestrator†

Installation vignette orchestrateur

Installation

The installation of the orchestrator consists in deploying a Docker image. It contains all core services (part of the OpenTestFactory Orchestrator) and some Squash specific services.

To get the latest image of Squash Orchestrator, use the following command:

docker pull squashtest/squash-orchestrator:4.0.0

Recommendations for sizing the Docker container are:

CPU: 2
RAM: 5 GB (8 GB recommended)
disk: provide the capacity for storing the execution reports and their attachments for one hour of usage

Trouble shooting - Accessibility of the Squash TM instance

Check that the Squash TM instance is accessible from Squash Orchestrator. To do this, go onto the Docker host and run the command (replacing https://squashtm.example.com/squash with the URL of your instance):

curl https://squashtm.example.com/squash/isSquashAlive

The answer should be:

Squash is Alive!

If not, resolve the issue with your network administrators.

Usage

Configuring the image

The execution of the following command will start the Squash Orchestrator using an existing execution environment, with self-generated trusted keys (which is not recommended in a production setup):

BashCMDPowerShell

docker run -d \
         --name orchestrator \
         -p 7774:7774 \
         -p 7775:7775 \
         -p 7776:7776 \
         -p 38368:38368 \
         -p 24368:24368 \
         -p 12312:12312 \
         -e SSH_CHANNEL_HOST=the_environment_ip_or_hostname \
         -e SSH_CHANNEL_USER=user \
         -e SSH_CHANNEL_PASSWORD=secret \
         -e SSH_CHANNEL_TAGS=ssh,linux,robotframework \
         squashtest/squash-orchestrator:4.0.0

docker run -d ^
         --name orchestrator ^
         -p 7774:7774 ^
         -p 7775:7775 ^
         -p 7776:7776 ^
         -p 38368:38368 ^
         -p 24368:24368 ^
         -p 12312:12312 ^
         -e SSH_CHANNEL_HOST=the_environment_ip_or_hostname ^
         -e SSH_CHANNEL_USER=user ^
         -e SSH_CHANNEL_PASSWORD=secret ^
         -e SSH_CHANNEL_TAGS=ssh,linux,robotframework ^
         squashtest/squash-orchestrator:4.0.0

docker run -d `
         --name orchestrator `
         -p 7774:7774 `
         -p 7775:7775 `
         -p 7776:7776 `
         -p 38368:38368 `
         -p 24368:24368 `
         -p 12312:12312 `
         -e SSH_CHANNEL_HOST=the_environment_ip_or_hostname `
         -e SSH_CHANNEL_USER=user `
         -e SSH_CHANNEL_PASSWORD=secret `
         -e SSH_CHANNEL_TAGS=ssh,linux,robotframework `
         squashtest/squash-orchestrator:4.0.0

It exposes the following services on the corresponding ports:

receptionist (port 7774)
observer (port 7775)
killswitch (port 7776)
eventbus (port 38368)
agentchannel (port 24368)
quality gate (port 12312)

If you do not plan to declare agents, port 24368 may not be exposed. Similarly, if you don't plan to use the quality gate, port 12312 may not be exposed.

Configuration with pre-generated keys

Outside of experimentation, it is recommended to start Squash Orchestrator by specifying one or more public keys that will be used to validate tokens authenticating incoming requests.

The following commands generate a pair of trusted_key.pem / trusted_key.pub keys (you can generate several if you wish):

openssl genrsa -out trusted_key.pem 4096
openssl rsa -pubout -in trusted_key.pem -out trusted_key.pub

If your public keys (*.pub) are in a public_keys directory, here is an example making them accessible to the orchestrator (all files in this directory will be accessible to the orchestrator, do not put your private keys there):

BashCMDPowerShell

docker run ... \
           -v /path/to/public_keys:/etc/squashtf \
           ...

docker run ... ^
           -v d:\path\to\public_keys:/etc/squashtf ^
           ...

docker run ... `
           -v d:\path\to\public_keys:/etc/squashtf `
           ...

If you plan to use only one public key, you can make it accessible directly:

BashCMDPowerShell

docker run ... \
           -v /path/to/public_keys/trusted_key.pub:/etc/squashtf/trusted_key.pub \
           ...

docker run ... ^
           -v d:\path\to\public_keys/trusted_key.pub:/etc/squashtf/trusted_key.pub ^
           ...

docker run ... `
           -v d:\path\to\public_keys/trusted_key.pub:/etc/squashtf/trusted_key.pub `
           ...

Tokens verified by these keys will have full access to the default namespace. This behavior can be changed by modifying the image configuration.

For more details about Squash Orchestrator configuration, please check the OpenTestFactory Orchestrator documentation on which Squash Orchestrator is based (the deployment of the two orchestrators is similar). That documentation also details the specific cases of deploying with docker-compose or with Kubernetes.

Run the image in Premium mode‡

In the case where

you have a Squash DEVOPS Premium license and
hence, you deploy the Premium version of the Test Plan Retriever Squash TM plugin,

then, you must run Squash Orchestrator in Premium mode.
In order to do that, you have to add the following parameter in the Squash Orchestrator's run command: -e SQUASH_LICENCE_TYPE=premium.

BashCMDPowerShell

docker run -d \
         --name orchestrator \
         -p 7774:7774 \
         -p 7775:7775 \
         -p 7776:7776 \
         -p 38368:38368 \
         -p 24368:24368 \
         -p 12312:12312 \
         -e SSH_CHANNEL_HOST=the_environment_ip_or_hostname \
         -e SSH_CHANNEL_USER=user \
         -e SSH_CHANNEL_PASSWORD=secret \
         -e SSH_CHANNEL_TAGS=ssh,linux,robotframework \
         -e SQUASH_LICENCE_TYPE=premium \
         squashtest/squash-orchestrator:4.0.0

docker run -d ^
         --name orchestrator ^
         -p 7774:7774 ^
         -p 7775:7775 ^
         -p 7776:7776 ^
         -p 38368:38368 ^
         -p 24368:24368 ^
         -p 12312:12312 ^
         -e SSH_CHANNEL_HOST=the_environment_ip_or_hostname ^
         -e SSH_CHANNEL_USER=user ^
         -e SSH_CHANNEL_PASSWORD=secret ^
         -e SSH_CHANNEL_TAGS=ssh,linux,robotframework ^
         -e SQUASH_LICENCE_TYPE=premium ^
         squashtest/squash-orchestrator:4.0.0

docker run -d `
         --name orchestrator `
         -p 7774:7774 `
         -p 7775:7775 `
         -p 7776:7776 `
         -p 38368:38368 `
         -p 24368:24368 `
         -p 12312:12312 `
         -e SSH_CHANNEL_HOST=the_environment_ip_or_hostname `
         -e SSH_CHANNEL_USER=user `
         -e SSH_CHANNEL_PASSWORD=secret `
         -e SSH_CHANNEL_TAGS=ssh,linux,robotframework `
         -e SQUASH_LICENCE_TYPE=premium `
         squashtest/squash-orchestrator:4.0.0

Otherwise, if you deploy the Community version of the Test Plan Retriever, you must not run Squash Orchestrator in Premium mode.

Orchestrator tools†

Installation vignette of tools

Installation

The orchestrator tools aim at simplifying the use of that one. They can be installed on any machine from where we want to administrate the orchestrator.
They require Python 3.8 or later. They are usable on Linux, maxOS, or Windows.

These tools can be installed from PyPI by using the following command:

pip install --upgrade opentf-tools

Overview of the tool capabilities

opentf-ready waits until the orchestrator is ready to accept workflows.
opentf-done waits until the orchestrator can be safely stopped (i.e. it has no more pending tasks).
opentf-ctl can be used to
- start / track / stop a workflow
- generate a signed token
- list the agents
- generate / modify a configuration file
- …

Generating a signed token

Requests to Squash Orchestrator must be associated with signed tokens.

Given a trusted_key.pem private key in the current directory, the following command generates a signed token that will be recognized by the orchestrator if it knows the corresponding public key:

opentf-ctl generate token using trusted_key.pem

Please specify an algorithm (RS512 if unspecified):
The specified algorithm is: RS512
Please enter the issuer (your company or department): acme
Please enter the subject (you or the person you are making this token for): charlie
The signed token is:
ey...

Details

A complete description of the tools is available in the OpenTestFactory documentation.

OpenTestFactory Agent†

Installation vignette of agent

Installation

The OpenTestFactory agent is a Python application that is installed in the execution environment. It requires Python 3.7 or higher. It works on Linux, macOS, and Windows.

The agent is a simple script. It only has one external dependency, the well known requests Python library (it will be installed if not already present on the execution environment).

To install the agent from PyPI, use the following command:

pip install --upgrade opentf-agent

You can test your installation by running the following command:

opentf-agent --help

Usage

Summary

$ opentf-agent --help
usage: opentf-agent [-h] --tags TAGS --host HOST [--port PORT] [--path_prefix PATH_PREFIX] [--token TOKEN] [--encoding ENCODING] [--script_path SCRIPT_PATH] [--workspace_dir WORKSPACE_DIR] [--name NAME] [--polling_delay POLLING_DELAY] [--liveness_probe LIVENESS_PROBE] [--retry RETRY] [--debug]

OpenTestFactory Agent

optional arguments:
  -h, --help            show this help message and exit
  --tags TAGS           a comma-separated list of tags (e.g. windows,robotframework)
  --host HOST           target host with protocol (e.g. https://example.local)
  --port PORT           target port (default to 24368)
  --path_prefix PATH_PREFIX
                        target context path (default to no context path)
  --token TOKEN         token
  --encoding ENCODING   encoding on the console side (defaults to utf-8)
  --script_path SCRIPT_PATH
                        where to put temporary files (defaults to current directory)
  --workspace_dir WORKSPACE_DIR
                        where to put workspaces (defaults to current directory)
  --name NAME           agent name (defaults to "test agent")
  --polling_delay POLLING_DELAY
                        polling delay in seconds (default to 5)
  --liveness_probe LIVENESS_PROBE
                        liveness probe in seconds (default to 300 seconds)
  --retry RETRY         how many time to try joining host (default to 5,
                      0 = try forever)
  --debug               whether to log debug informations.

Example

Assuming there is a Squash Orchestrator running on orchestrator.example.com, with a known token stored in the TOKEN environment variable, the following command will register the Windows-based execution environment and will possibly receive commands from Squash Orchestrator targeting windows and/or robotframework tagged environments:

chcp 65001
opentf-agent --tags windows,robotframework --host http://orchestrator.example.com/ --token %TOKEN%

The agent will poll the Orchestrator every 5 seconds, and will execute the received commands.
The chcp command sets the console to Unicode. It is Windows-specific. It is not mandatory but may be needed depending on the test framework available in the execution environment.

Details

A complete description of the agent is available in the OpenTestFactory documentation.

Execution environments†

Installation vignette of execution environment

Some test technologies require that some particular components are installed in the execution environment, these ones are indicated in the pages describing the specificities of each technology.

Squash TM plugins

Installation vignette of TM Plugins for Squash AUTOM

Installation

For details on the installation, please refer to the installation protocol of a Squash TM plugin.

Plugin	Squash TM version	Compatible plugin version	Download latest Community version	Download latest Premium version‡
Result Publisher†				Warning Result Publisher Premium is part of Squash AUTOM Premium‡ offer.
	2.2.0, or later 2.X.Y	2.2.X	2.2.0: .tar.gz or .zip	2.2.0: .tar.gz or .zip
	3.0.0, or later 3.X.Y	3.0.X	3.0.0: .tar.gz or .zip	3.0.0: .tar.gz or .zip
	4.0.0, or later 4.0.X	4.0.X	4.0.0: .tar.gz or .zip	4.0.0: .tar.gz or .zip
	4.1.0, or later 4.X.Y	4.1.X	4.1.0: .tar.gz or .zip	4.1.0: .tar.gz or .zip
	5.0.0, or later 5.X.Y	5.0.X	5.0.0: .tar.gz or .zip	5.0.0: .tar.gz or .zip
Test Plan Retriever				Warning Test Plan Retriever Premium requires to start Squash Orchestrator in Premium mode, see here.
	2.2.0, or later 2.X.Y	2.0.X	2.0.0: .tar.gz or .zip	2.0.0: .tar.gz or .zip
	3.0.0, or later 3.X.Y	3.0.X	3.0.0: .tar.gz or .zip	3.0.0: .tar.gz or .zip
	4.0.0, or later 3.X.Y	4.0.X	4.0.0: .tar.gz or .zip	4.0.0: .tar.gz or .zip
	5.0.0, or later 5.X.Y	5.0.X	5.0.0: .tar.gz or .zip	5.0.0 : .tar.gz or .zip

Squash TM configuration

TM configuration vignette

Warning

Squash DEVOPS requires that the public URL of Squash TM is defined (see Squash TM documentation).

Plugin for Jenkins

Installation vignette of Plugin Jenkins

Installation

The plugin is freely downloadable, as a .hpi file (opentestfactory-orchestrator-2.1.0.hpi).

To install it, you have to submit the plugin in the Upload Plugin area accessible by the Advanced tab of the Plugin Manager in Jenkins configuration:

Upload of Jenkins plugin

Compatibility of the plugin

This plugin is compatible with version 2.357 or higher of Jenkins.

Java version

Versions 2.0.0 and later of the Plugin for Jenkins requires Java 11 which is also necessary for Jenkins 2.357 or later (see Jenkins announcement). This means that

if you use Jenkins version 2.357 or later, you must use the Plugin for Jenkins 2.0.0 or later;
otherwise, you must use a version 1.x.y of the Plugin for Jenkins (which is compatible with versions 2.164.1 up to 2.356 of Jenkins).