aboutsummaryrefslogtreecommitdiffstats
path: root/test/security
diff options
context:
space:
mode:
authorPawel Wieczorek <p.wieczorek2@samsung.com>2019-06-27 16:46:28 +0200
committerPawel Wieczorek <p.wieczorek2@samsung.com>2019-07-08 12:29:52 +0200
commitea8bc1a719a36c89e7eae42080b1835e5ef0c28d (patch)
tree1b77dadbdc8463e76a9411195e2ef4d1ef78f4ef /test/security
parent65028666004a61afa0b7ea054da4744f3a2e298d (diff)
k8s: Add virtual environment for testing
This patch adds simplified ONAP deployment environment (Kubernetes cluster managed by Rancher). Its purpose is to provide cluster defaults for inspection without the need to access actual ONAP application deployment. Default node customization scripts were extracted ("tools/get_customization_scripts.sh" run within "tools/imported/" directory) from official documentation [1] and imported here in order not to introduce runtime online dependencies. This environment should probably be migrated in future to more appropriate place like devtool [2] (or at least use the same Vagrant boxes). [1] https://docs.onap.org/en/casablanca/submodules/oom.git/docs/oom_setup_kubernetes_rancher.html [2] https://git.onap.org/integration/devtool Issue-ID: SECCOM-235 Change-Id: I57f9f3caac0e8b391e9ed480f6bebba98e006882 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
Diffstat (limited to 'test/security')
-rwxr-xr-xtest/security/k8s/tools/get_customization_scripts.sh5
-rw-r--r--test/security/k8s/tools/imported/openstack-k8s-node.sh46
-rw-r--r--test/security/k8s/tools/imported/openstack-rancher.sh51
-rw-r--r--test/security/k8s/vagrant/Vagrantfile41
4 files changed, 143 insertions, 0 deletions
diff --git a/test/security/k8s/tools/get_customization_scripts.sh b/test/security/k8s/tools/get_customization_scripts.sh
new file mode 100755
index 000000000..028f002fc
--- /dev/null
+++ b/test/security/k8s/tools/get_customization_scripts.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+wget \
+ 'https://docs.onap.org/en/casablanca/_downloads/0b365a2342af5abd655f1724b962f5b5/openstack-rancher.sh' \
+ 'https://docs.onap.org/en/casablanca/_downloads/b20b581d56982e9f15a72527a358d56b/openstack-k8s-node.sh'
diff --git a/test/security/k8s/tools/imported/openstack-k8s-node.sh b/test/security/k8s/tools/imported/openstack-k8s-node.sh
new file mode 100644
index 000000000..b8462aa5e
--- /dev/null
+++ b/test/security/k8s/tools/imported/openstack-k8s-node.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+
+DOCKER_VERSION=17.03
+KUBECTL_VERSION=1.11.2
+HELM_VERSION=2.9.1
+
+# setup root access - default login: oom/oom - comment out to restrict access too ssh key only
+sed -i 's/PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
+sed -i 's/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
+service sshd restart
+echo -e "oom\noom" | passwd root
+
+apt-get update
+curl https://releases.rancher.com/install-docker/$DOCKER_VERSION.sh | sh
+mkdir -p /etc/systemd/system/docker.service.d/
+cat > /etc/systemd/system/docker.service.d/docker.conf << EOF
+[Service]
+ExecStart=
+ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry=nexus3.onap.org:10001
+EOF
+systemctl daemon-reload
+systemctl restart docker
+apt-mark hold docker-ce
+
+IP_ADDY=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'`
+HOSTNAME=`hostname`
+
+echo "$IP_ADDY $HOSTNAME" >> /etc/hosts
+
+docker login -u docker -p docker nexus3.onap.org:10001
+
+sudo apt-get install make -y
+
+sudo curl -LO https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl
+sudo chmod +x ./kubectl
+sudo mv ./kubectl /usr/local/bin/kubectl
+sudo mkdir ~/.kube
+wget http://storage.googleapis.com/kubernetes-helm/helm-v${HELM_VERSION}-linux-amd64.tar.gz
+sudo tar -zxvf helm-v${HELM_VERSION}-linux-amd64.tar.gz
+sudo mv linux-amd64/helm /usr/local/bin/helm
+
+# install nfs
+sudo apt-get install nfs-common -y
+
+
+exit 0
diff --git a/test/security/k8s/tools/imported/openstack-rancher.sh b/test/security/k8s/tools/imported/openstack-rancher.sh
new file mode 100644
index 000000000..bcf542aed
--- /dev/null
+++ b/test/security/k8s/tools/imported/openstack-rancher.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+
+DOCKER_VERSION=17.03
+RANCHER_VERSION=1.6.22
+KUBECTL_VERSION=1.11.2
+HELM_VERSION=2.9.1
+
+# setup root access - default login: oom/oom - comment out to restrict access too ssh key only
+sed -i 's/PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
+sed -i 's/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
+service sshd restart
+echo -e "oom\noom" | passwd root
+
+apt-get update
+curl https://releases.rancher.com/install-docker/$DOCKER_VERSION.sh | sh
+mkdir -p /etc/systemd/system/docker.service.d/
+cat > /etc/systemd/system/docker.service.d/docker.conf << EOF
+[Service]
+ExecStart=
+ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry=nexus3.onap.org:10001
+EOF
+systemctl daemon-reload
+systemctl restart docker
+apt-mark hold docker-ce
+
+IP_ADDY=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'`
+HOSTNAME=`hostname`
+
+echo "$IP_ADDY $HOSTNAME" >> /etc/hosts
+
+docker login -u docker -p docker nexus3.onap.org:10001
+
+sudo apt-get install make -y
+
+sudo docker run -d --restart=unless-stopped -p 8080:8080 --name rancher_server rancher/server:v$RANCHER_VERSION
+sudo curl -LO https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl
+sudo chmod +x ./kubectl
+sudo mv ./kubectl /usr/local/bin/kubectl
+sudo mkdir ~/.kube
+wget http://storage.googleapis.com/kubernetes-helm/helm-v${HELM_VERSION}-linux-amd64.tar.gz
+sudo tar -zxvf helm-v${HELM_VERSION}-linux-amd64.tar.gz
+sudo mv linux-amd64/helm /usr/local/bin/helm
+
+# nfs server
+sudo apt-get install nfs-kernel-server -y
+
+sudo mkdir -p /nfs_share
+sudo chown nobody:nogroup /nfs_share/
+
+
+exit 0
diff --git a/test/security/k8s/vagrant/Vagrantfile b/test/security/k8s/vagrant/Vagrantfile
new file mode 100644
index 000000000..83499b7c1
--- /dev/null
+++ b/test/security/k8s/vagrant/Vagrantfile
@@ -0,0 +1,41 @@
+# -*- mode: ruby -*-
+# -*- coding: utf-8 -*-
+
+vm_memory = 2 * 1024
+vm_cpus = 1
+
+cluster = [
+ { name: 'master', hostname: 'master', ip: '172.17.0.100' },
+ { name: 'worker', hostname: 'worker', ip: '172.17.0.101' }
+]
+
+Vagrant.configure('2') do |config|
+ cluster.each do |node|
+ config.vm.define node[:name] do |config|
+ config.vm.box = "generic/ubuntu1604"
+ config.vm.hostname = node[:hostname]
+
+ config.vm.provider :virtualbox do |v|
+ v.name = node[:name]
+ v.memory = vm_memory
+ v.cpus = vm_cpus
+ end
+
+ config.vm.provider :libvirt do |v|
+ v.memory = vm_memory
+ v.cpus = vm_cpus
+ end
+
+ config.vm.network :private_network, ip: node[:ip]
+
+ if node[:name] == 'master'
+ config.vm.network "forwarded_port", guest: 8080, host: 8080
+ config.vm.provision :shell, path: "../tools/imported/openstack-rancher.sh"
+ end
+
+ if node[:name] == 'worker'
+ config.vm.provision :shell, path: "../tools/imported/openstack-k8s-node.sh"
+ end
+ end
+ end
+end