From ea8bc1a719a36c89e7eae42080b1835e5ef0c28d Mon Sep 17 00:00:00 2001
From: Pawel Wieczorek <p.wieczorek2@samsung.com>
Date: Thu, 27 Jun 2019 16:46:28 +0200
Subject: k8s: Add virtual environment for testing

This patch adds simplified ONAP deployment environment (Kubernetes
cluster managed by Rancher). Its purpose is to provide cluster defaults
for inspection without the need to access actual ONAP application
deployment.

Default node customization scripts were extracted
("tools/get_customization_scripts.sh" run within "tools/imported/"
directory) from official documentation [1] and imported here in order
not to introduce runtime online dependencies.

This environment should probably be migrated in future to more
appropriate place like devtool [2] (or at least use the same Vagrant
boxes).

[1] https://docs.onap.org/en/casablanca/submodules/oom.git/docs/oom_setup_kubernetes_rancher.html
[2] https://git.onap.org/integration/devtool

Issue-ID: SECCOM-235
Change-Id: I57f9f3caac0e8b391e9ed480f6bebba98e006882
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
---
 .../k8s/tools/get_customization_scripts.sh         |  5 +++
 .../k8s/tools/imported/openstack-k8s-node.sh       | 46 +++++++++++++++++++
 .../k8s/tools/imported/openstack-rancher.sh        | 51 ++++++++++++++++++++++
 test/security/k8s/vagrant/Vagrantfile              | 41 +++++++++++++++++
 4 files changed, 143 insertions(+)
 create mode 100755 test/security/k8s/tools/get_customization_scripts.sh
 create mode 100644 test/security/k8s/tools/imported/openstack-k8s-node.sh
 create mode 100644 test/security/k8s/tools/imported/openstack-rancher.sh
 create mode 100644 test/security/k8s/vagrant/Vagrantfile

(limited to 'test/security/k8s')

diff --git a/test/security/k8s/tools/get_customization_scripts.sh b/test/security/k8s/tools/get_customization_scripts.sh
new file mode 100755
index 000000000..028f002fc
--- /dev/null
+++ b/test/security/k8s/tools/get_customization_scripts.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+wget \
+  'https://docs.onap.org/en/casablanca/_downloads/0b365a2342af5abd655f1724b962f5b5/openstack-rancher.sh' \
+  'https://docs.onap.org/en/casablanca/_downloads/b20b581d56982e9f15a72527a358d56b/openstack-k8s-node.sh'
diff --git a/test/security/k8s/tools/imported/openstack-k8s-node.sh b/test/security/k8s/tools/imported/openstack-k8s-node.sh
new file mode 100644
index 000000000..b8462aa5e
--- /dev/null
+++ b/test/security/k8s/tools/imported/openstack-k8s-node.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+
+DOCKER_VERSION=17.03
+KUBECTL_VERSION=1.11.2
+HELM_VERSION=2.9.1
+
+# setup root access - default login: oom/oom - comment out to restrict access too ssh key only
+sed -i 's/PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
+sed -i 's/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
+service sshd restart
+echo -e "oom\noom" | passwd root
+
+apt-get update
+curl https://releases.rancher.com/install-docker/$DOCKER_VERSION.sh | sh
+mkdir -p /etc/systemd/system/docker.service.d/
+cat > /etc/systemd/system/docker.service.d/docker.conf << EOF
+[Service]
+ExecStart=
+ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry=nexus3.onap.org:10001
+EOF
+systemctl daemon-reload
+systemctl restart docker
+apt-mark hold docker-ce
+
+IP_ADDY=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'`
+HOSTNAME=`hostname`
+
+echo "$IP_ADDY $HOSTNAME" >> /etc/hosts
+
+docker login -u docker -p docker nexus3.onap.org:10001
+
+sudo apt-get install make -y
+
+sudo curl -LO https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl
+sudo chmod +x ./kubectl
+sudo mv ./kubectl /usr/local/bin/kubectl
+sudo mkdir ~/.kube
+wget http://storage.googleapis.com/kubernetes-helm/helm-v${HELM_VERSION}-linux-amd64.tar.gz
+sudo tar -zxvf helm-v${HELM_VERSION}-linux-amd64.tar.gz
+sudo mv linux-amd64/helm /usr/local/bin/helm
+
+# install nfs
+sudo apt-get install nfs-common -y
+
+
+exit 0
diff --git a/test/security/k8s/tools/imported/openstack-rancher.sh b/test/security/k8s/tools/imported/openstack-rancher.sh
new file mode 100644
index 000000000..bcf542aed
--- /dev/null
+++ b/test/security/k8s/tools/imported/openstack-rancher.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+
+DOCKER_VERSION=17.03
+RANCHER_VERSION=1.6.22
+KUBECTL_VERSION=1.11.2
+HELM_VERSION=2.9.1
+
+# setup root access - default login: oom/oom - comment out to restrict access too ssh key only
+sed -i 's/PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
+sed -i 's/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
+service sshd restart
+echo -e "oom\noom" | passwd root
+
+apt-get update
+curl https://releases.rancher.com/install-docker/$DOCKER_VERSION.sh | sh
+mkdir -p /etc/systemd/system/docker.service.d/
+cat > /etc/systemd/system/docker.service.d/docker.conf << EOF
+[Service]
+ExecStart=
+ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry=nexus3.onap.org:10001
+EOF
+systemctl daemon-reload
+systemctl restart docker
+apt-mark hold docker-ce
+
+IP_ADDY=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'`
+HOSTNAME=`hostname`
+
+echo "$IP_ADDY $HOSTNAME" >> /etc/hosts
+
+docker login -u docker -p docker nexus3.onap.org:10001
+
+sudo apt-get install make -y
+
+sudo docker run -d --restart=unless-stopped -p 8080:8080 --name rancher_server rancher/server:v$RANCHER_VERSION
+sudo curl -LO https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl
+sudo chmod +x ./kubectl
+sudo mv ./kubectl /usr/local/bin/kubectl
+sudo mkdir ~/.kube
+wget http://storage.googleapis.com/kubernetes-helm/helm-v${HELM_VERSION}-linux-amd64.tar.gz
+sudo tar -zxvf helm-v${HELM_VERSION}-linux-amd64.tar.gz
+sudo mv linux-amd64/helm /usr/local/bin/helm
+
+# nfs server
+sudo apt-get install nfs-kernel-server -y
+
+sudo mkdir -p /nfs_share
+sudo chown nobody:nogroup /nfs_share/
+
+
+exit 0
diff --git a/test/security/k8s/vagrant/Vagrantfile b/test/security/k8s/vagrant/Vagrantfile
new file mode 100644
index 000000000..83499b7c1
--- /dev/null
+++ b/test/security/k8s/vagrant/Vagrantfile
@@ -0,0 +1,41 @@
+# -*- mode: ruby -*-
+# -*- coding: utf-8 -*-
+
+vm_memory = 2 * 1024
+vm_cpus = 1
+
+cluster = [
+  { name: 'master', hostname: 'master', ip: '172.17.0.100' },
+  { name: 'worker', hostname: 'worker', ip: '172.17.0.101' }
+]
+
+Vagrant.configure('2') do |config|
+  cluster.each do |node|
+    config.vm.define node[:name] do |config|
+      config.vm.box = "generic/ubuntu1604"
+      config.vm.hostname = node[:hostname]
+
+      config.vm.provider :virtualbox do |v|
+        v.name = node[:name]
+        v.memory = vm_memory
+        v.cpus = vm_cpus
+      end
+
+      config.vm.provider :libvirt do |v|
+        v.memory = vm_memory
+        v.cpus = vm_cpus
+      end
+
+      config.vm.network :private_network, ip: node[:ip]
+
+      if node[:name] == 'master'
+        config.vm.network "forwarded_port", guest: 8080, host: 8080
+        config.vm.provision :shell, path: "../tools/imported/openstack-rancher.sh"
+      end
+
+      if node[:name] == 'worker'
+        config.vm.provision :shell, path: "../tools/imported/openstack-k8s-node.sh"
+      end
+    end
+  end
+end
-- 
cgit 1.2.3-korg