aboutsummaryrefslogtreecommitdiffstats
path: root/test/security/k8s
diff options
context:
space:
mode:
Diffstat (limited to 'test/security/k8s')
-rwxr-xr-xtest/security/k8s/tools/get_customization_scripts.sh5
-rw-r--r--test/security/k8s/tools/imported/openstack-k8s-node.sh46
-rw-r--r--test/security/k8s/tools/imported/openstack-rancher.sh51
-rw-r--r--test/security/k8s/vagrant/Vagrantfile41
4 files changed, 143 insertions, 0 deletions
diff --git a/test/security/k8s/tools/get_customization_scripts.sh b/test/security/k8s/tools/get_customization_scripts.sh
new file mode 100755
index 000000000..028f002fc
--- /dev/null
+++ b/test/security/k8s/tools/get_customization_scripts.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+wget \
+ 'https://docs.onap.org/en/casablanca/_downloads/0b365a2342af5abd655f1724b962f5b5/openstack-rancher.sh' \
+ 'https://docs.onap.org/en/casablanca/_downloads/b20b581d56982e9f15a72527a358d56b/openstack-k8s-node.sh'
diff --git a/test/security/k8s/tools/imported/openstack-k8s-node.sh b/test/security/k8s/tools/imported/openstack-k8s-node.sh
new file mode 100644
index 000000000..b8462aa5e
--- /dev/null
+++ b/test/security/k8s/tools/imported/openstack-k8s-node.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+
+DOCKER_VERSION=17.03
+KUBECTL_VERSION=1.11.2
+HELM_VERSION=2.9.1
+
+# setup root access - default login: oom/oom - comment out to restrict access too ssh key only
+sed -i 's/PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
+sed -i 's/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
+service sshd restart
+echo -e "oom\noom" | passwd root
+
+apt-get update
+curl https://releases.rancher.com/install-docker/$DOCKER_VERSION.sh | sh
+mkdir -p /etc/systemd/system/docker.service.d/
+cat > /etc/systemd/system/docker.service.d/docker.conf << EOF
+[Service]
+ExecStart=
+ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry=nexus3.onap.org:10001
+EOF
+systemctl daemon-reload
+systemctl restart docker
+apt-mark hold docker-ce
+
+IP_ADDY=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'`
+HOSTNAME=`hostname`
+
+echo "$IP_ADDY $HOSTNAME" >> /etc/hosts
+
+docker login -u docker -p docker nexus3.onap.org:10001
+
+sudo apt-get install make -y
+
+sudo curl -LO https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl
+sudo chmod +x ./kubectl
+sudo mv ./kubectl /usr/local/bin/kubectl
+sudo mkdir ~/.kube
+wget http://storage.googleapis.com/kubernetes-helm/helm-v${HELM_VERSION}-linux-amd64.tar.gz
+sudo tar -zxvf helm-v${HELM_VERSION}-linux-amd64.tar.gz
+sudo mv linux-amd64/helm /usr/local/bin/helm
+
+# install nfs
+sudo apt-get install nfs-common -y
+
+
+exit 0
diff --git a/test/security/k8s/tools/imported/openstack-rancher.sh b/test/security/k8s/tools/imported/openstack-rancher.sh
new file mode 100644
index 000000000..bcf542aed
--- /dev/null
+++ b/test/security/k8s/tools/imported/openstack-rancher.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+
+DOCKER_VERSION=17.03
+RANCHER_VERSION=1.6.22
+KUBECTL_VERSION=1.11.2
+HELM_VERSION=2.9.1
+
+# setup root access - default login: oom/oom - comment out to restrict access too ssh key only
+sed -i 's/PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
+sed -i 's/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
+service sshd restart
+echo -e "oom\noom" | passwd root
+
+apt-get update
+curl https://releases.rancher.com/install-docker/$DOCKER_VERSION.sh | sh
+mkdir -p /etc/systemd/system/docker.service.d/
+cat > /etc/systemd/system/docker.service.d/docker.conf << EOF
+[Service]
+ExecStart=
+ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry=nexus3.onap.org:10001
+EOF
+systemctl daemon-reload
+systemctl restart docker
+apt-mark hold docker-ce
+
+IP_ADDY=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'`
+HOSTNAME=`hostname`
+
+echo "$IP_ADDY $HOSTNAME" >> /etc/hosts
+
+docker login -u docker -p docker nexus3.onap.org:10001
+
+sudo apt-get install make -y
+
+sudo docker run -d --restart=unless-stopped -p 8080:8080 --name rancher_server rancher/server:v$RANCHER_VERSION
+sudo curl -LO https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl
+sudo chmod +x ./kubectl
+sudo mv ./kubectl /usr/local/bin/kubectl
+sudo mkdir ~/.kube
+wget http://storage.googleapis.com/kubernetes-helm/helm-v${HELM_VERSION}-linux-amd64.tar.gz
+sudo tar -zxvf helm-v${HELM_VERSION}-linux-amd64.tar.gz
+sudo mv linux-amd64/helm /usr/local/bin/helm
+
+# nfs server
+sudo apt-get install nfs-kernel-server -y
+
+sudo mkdir -p /nfs_share
+sudo chown nobody:nogroup /nfs_share/
+
+
+exit 0
diff --git a/test/security/k8s/vagrant/Vagrantfile b/test/security/k8s/vagrant/Vagrantfile
new file mode 100644
index 000000000..83499b7c1
--- /dev/null
+++ b/test/security/k8s/vagrant/Vagrantfile
@@ -0,0 +1,41 @@
+# -*- mode: ruby -*-
+# -*- coding: utf-8 -*-
+
+vm_memory = 2 * 1024
+vm_cpus = 1
+
+cluster = [
+ { name: 'master', hostname: 'master', ip: '172.17.0.100' },
+ { name: 'worker', hostname: 'worker', ip: '172.17.0.101' }
+]
+
+Vagrant.configure('2') do |config|
+ cluster.each do |node|
+ config.vm.define node[:name] do |config|
+ config.vm.box = "generic/ubuntu1604"
+ config.vm.hostname = node[:hostname]
+
+ config.vm.provider :virtualbox do |v|
+ v.name = node[:name]
+ v.memory = vm_memory
+ v.cpus = vm_cpus
+ end
+
+ config.vm.provider :libvirt do |v|
+ v.memory = vm_memory
+ v.cpus = vm_cpus
+ end
+
+ config.vm.network :private_network, ip: node[:ip]
+
+ if node[:name] == 'master'
+ config.vm.network "forwarded_port", guest: 8080, host: 8080
+ config.vm.provision :shell, path: "../tools/imported/openstack-rancher.sh"
+ end
+
+ if node[:name] == 'worker'
+ config.vm.provision :shell, path: "../tools/imported/openstack-k8s-node.sh"
+ end
+ end
+ end
+end