diff options
| -rwxr-xr-x | test/security/k8s/tools/get_customization_scripts.sh | 5 | ||||
| -rw-r--r-- | test/security/k8s/tools/imported/openstack-k8s-node.sh | 46 | ||||
| -rw-r--r-- | test/security/k8s/tools/imported/openstack-rancher.sh | 51 | ||||
| -rw-r--r-- | test/security/k8s/vagrant/Vagrantfile | 41 |
4 files changed, 143 insertions, 0 deletions
diff --git a/test/security/k8s/tools/get_customization_scripts.sh b/test/security/k8s/tools/get_customization_scripts.sh new file mode 100755 index 000000000..028f002fc --- /dev/null +++ b/test/security/k8s/tools/get_customization_scripts.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash + +wget \ + 'https://docs.onap.org/en/casablanca/_downloads/0b365a2342af5abd655f1724b962f5b5/openstack-rancher.sh' \ + 'https://docs.onap.org/en/casablanca/_downloads/b20b581d56982e9f15a72527a358d56b/openstack-k8s-node.sh' diff --git a/test/security/k8s/tools/imported/openstack-k8s-node.sh b/test/security/k8s/tools/imported/openstack-k8s-node.sh new file mode 100644 index 000000000..b8462aa5e --- /dev/null +++ b/test/security/k8s/tools/imported/openstack-k8s-node.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +DOCKER_VERSION=17.03 +KUBECTL_VERSION=1.11.2 +HELM_VERSION=2.9.1 + +# setup root access - default login: oom/oom - comment out to restrict access too ssh key only +sed -i 's/PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config +sed -i 's/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config +service sshd restart +echo -e "oom\noom" | passwd root + +apt-get update +curl https://releases.rancher.com/install-docker/$DOCKER_VERSION.sh | sh +mkdir -p /etc/systemd/system/docker.service.d/ +cat > /etc/systemd/system/docker.service.d/docker.conf << EOF +[Service] +ExecStart= +ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry=nexus3.onap.org:10001 +EOF +systemctl daemon-reload +systemctl restart docker +apt-mark hold docker-ce + +IP_ADDY=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'` +HOSTNAME=`hostname` + +echo "$IP_ADDY $HOSTNAME" >> /etc/hosts + +docker login -u docker -p docker nexus3.onap.org:10001 + +sudo apt-get install make -y + +sudo curl -LO https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl +sudo chmod +x ./kubectl +sudo mv ./kubectl /usr/local/bin/kubectl +sudo mkdir ~/.kube +wget http://storage.googleapis.com/kubernetes-helm/helm-v${HELM_VERSION}-linux-amd64.tar.gz +sudo tar -zxvf helm-v${HELM_VERSION}-linux-amd64.tar.gz +sudo mv linux-amd64/helm /usr/local/bin/helm + +# install nfs +sudo apt-get install nfs-common -y + + +exit 0 diff --git a/test/security/k8s/tools/imported/openstack-rancher.sh b/test/security/k8s/tools/imported/openstack-rancher.sh new file mode 100644 index 000000000..bcf542aed --- /dev/null +++ b/test/security/k8s/tools/imported/openstack-rancher.sh @@ -0,0 +1,51 @@ +#!/bin/bash + +DOCKER_VERSION=17.03 +RANCHER_VERSION=1.6.22 +KUBECTL_VERSION=1.11.2 +HELM_VERSION=2.9.1 + +# setup root access - default login: oom/oom - comment out to restrict access too ssh key only +sed -i 's/PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config +sed -i 's/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config +service sshd restart +echo -e "oom\noom" | passwd root + +apt-get update +curl https://releases.rancher.com/install-docker/$DOCKER_VERSION.sh | sh +mkdir -p /etc/systemd/system/docker.service.d/ +cat > /etc/systemd/system/docker.service.d/docker.conf << EOF +[Service] +ExecStart= +ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry=nexus3.onap.org:10001 +EOF +systemctl daemon-reload +systemctl restart docker +apt-mark hold docker-ce + +IP_ADDY=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'` +HOSTNAME=`hostname` + +echo "$IP_ADDY $HOSTNAME" >> /etc/hosts + +docker login -u docker -p docker nexus3.onap.org:10001 + +sudo apt-get install make -y + +sudo docker run -d --restart=unless-stopped -p 8080:8080 --name rancher_server rancher/server:v$RANCHER_VERSION +sudo curl -LO https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl +sudo chmod +x ./kubectl +sudo mv ./kubectl /usr/local/bin/kubectl +sudo mkdir ~/.kube +wget http://storage.googleapis.com/kubernetes-helm/helm-v${HELM_VERSION}-linux-amd64.tar.gz +sudo tar -zxvf helm-v${HELM_VERSION}-linux-amd64.tar.gz +sudo mv linux-amd64/helm /usr/local/bin/helm + +# nfs server +sudo apt-get install nfs-kernel-server -y + +sudo mkdir -p /nfs_share +sudo chown nobody:nogroup /nfs_share/ + + +exit 0 diff --git a/test/security/k8s/vagrant/Vagrantfile b/test/security/k8s/vagrant/Vagrantfile new file mode 100644 index 000000000..83499b7c1 --- /dev/null +++ b/test/security/k8s/vagrant/Vagrantfile @@ -0,0 +1,41 @@ +# -*- mode: ruby -*- +# -*- coding: utf-8 -*- + +vm_memory = 2 * 1024 +vm_cpus = 1 + +cluster = [ + { name: 'master', hostname: 'master', ip: '172.17.0.100' }, + { name: 'worker', hostname: 'worker', ip: '172.17.0.101' } +] + +Vagrant.configure('2') do |config| + cluster.each do |node| + config.vm.define node[:name] do |config| + config.vm.box = "generic/ubuntu1604" + config.vm.hostname = node[:hostname] + + config.vm.provider :virtualbox do |v| + v.name = node[:name] + v.memory = vm_memory + v.cpus = vm_cpus + end + + config.vm.provider :libvirt do |v| + v.memory = vm_memory + v.cpus = vm_cpus + end + + config.vm.network :private_network, ip: node[:ip] + + if node[:name] == 'master' + config.vm.network "forwarded_port", guest: 8080, host: 8080 + config.vm.provision :shell, path: "../tools/imported/openstack-rancher.sh" + end + + if node[:name] == 'worker' + config.vm.provision :shell, path: "../tools/imported/openstack-k8s-node.sh" + end + end + end +end |