From b7f08110865e5e79cf018a6ab9d80f3e7dec20af Mon Sep 17 00:00:00 2001
From: Pawel Wieczorek
Date: Fri, 19 Jul 2019 19:10:07 +0200
Subject: k8s: Add virtual environment for Dublin
Default cluster nodes customization scripts were extracted in the same
manner as those for Casablanca release [1]. Constraints still apply.
[1] SHA-1: ea8bc1a719a36c89e7eae42080b1835e5ef0c28d
(Change-Id: I57f9f3caac0e8b391e9ed480f6bebba98e006882)
Issue-ID: SECCOM-235
Change-Id: I54ada5fade3b984dedd1715f20579e3ce901faa3
Signed-off-by: Pawel Wieczorek
---
.../k8s/tools/dublin/get_customization_scripts.sh | 5 ++
test/security/k8s/tools/dublin/get_rke.sh | 23 +++++++
.../dublin/imported/openstack-k8s-controlnode.sh | 31 ++++++++++
.../dublin/imported/openstack-k8s-workernode.sh | 34 +++++++++++
test/security/k8s/vagrant/dublin/Vagrantfile | 71 ++++++++++++++++++++++
5 files changed, 164 insertions(+)
create mode 100755 test/security/k8s/tools/dublin/get_customization_scripts.sh
create mode 100755 test/security/k8s/tools/dublin/get_rke.sh
create mode 100644 test/security/k8s/tools/dublin/imported/openstack-k8s-controlnode.sh
create mode 100644 test/security/k8s/tools/dublin/imported/openstack-k8s-workernode.sh
create mode 100644 test/security/k8s/vagrant/dublin/Vagrantfile
(limited to 'test/security')
diff --git a/test/security/k8s/tools/dublin/get_customization_scripts.sh b/test/security/k8s/tools/dublin/get_customization_scripts.sh
new file mode 100755
index 000000000..a99b10288
--- /dev/null
+++ b/test/security/k8s/tools/dublin/get_customization_scripts.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+wget \
+ 'https://docs.onap.org/en/dublin/_downloads/4d5001735f875448b25f11e270d5bc5a/openstack-k8s-controlnode.sh' \
+ 'https://docs.onap.org/en/dublin/_downloads/53998444dcd1b6a8b7396f7f2d35d21e/openstack-k8s-workernode.sh'
diff --git a/test/security/k8s/tools/dublin/get_rke.sh b/test/security/k8s/tools/dublin/get_rke.sh
new file mode 100755
index 000000000..ffa5c707e
--- /dev/null
+++ b/test/security/k8s/tools/dublin/get_rke.sh
@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+# Constants
+DEFAULT_VERSION='v0.2.1'
+DEFAULT_ARCH='amd64'
+DEFAULT_SYSTEM='linux'
+
+# Variables
+VERSION="${1:-$DEFAULT_VERSION}"
+ARCH="${2:-$DEFAULT_ARCH}"
+SYSTEM="${3:-$DEFAULT_SYSTEM}"
+
+BINARY="rke_${SYSTEM}-${ARCH}"
+URL="https://github.com/rancher/rke/releases/download/${VERSION}/${BINARY}"
+
+
+# Prerequistes
+wget "$URL"
+chmod +x "${BINARY}"
+
+# Installation
+echo '# Privilege elevation needed to move RKE binary to /usr/local/bin'
+sudo mv "${BINARY}" "/usr/local/bin/${BINARY%%_*}" # this also renames binary to "rke"
diff --git a/test/security/k8s/tools/dublin/imported/openstack-k8s-controlnode.sh b/test/security/k8s/tools/dublin/imported/openstack-k8s-controlnode.sh
new file mode 100644
index 000000000..1d230c2da
--- /dev/null
+++ b/test/security/k8s/tools/dublin/imported/openstack-k8s-controlnode.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+DOCKER_VERSION=18.09.5
+
+apt-get update
+
+curl https://releases.rancher.com/install-docker/$DOCKER_VERSION.sh | sh
+mkdir -p /etc/systemd/system/docker.service.d/
+cat > /etc/systemd/system/docker.service.d/docker.conf << EOF
+[Service]
+ExecStart=
+ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry=nexus3.onap.org:10001
+EOF
+
+sudo usermod -aG docker ubuntu
+
+systemctl daemon-reload
+systemctl restart docker
+apt-mark hold docker-ce
+
+IP_ADDR=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'`
+HOSTNAME=`hostname`
+
+echo "$IP_ADDR $HOSTNAME" >> /etc/hosts
+
+docker login -u docker -p docker nexus3.onap.org:10001
+
+sudo apt-get install make -y
+
+
+exit 0
diff --git a/test/security/k8s/tools/dublin/imported/openstack-k8s-workernode.sh b/test/security/k8s/tools/dublin/imported/openstack-k8s-workernode.sh
new file mode 100644
index 000000000..3f32d050a
--- /dev/null
+++ b/test/security/k8s/tools/dublin/imported/openstack-k8s-workernode.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+DOCKER_VERSION=18.09.5
+
+apt-get update
+
+curl https://releases.rancher.com/install-docker/$DOCKER_VERSION.sh | sh
+mkdir -p /etc/systemd/system/docker.service.d/
+cat > /etc/systemd/system/docker.service.d/docker.conf << EOF
+[Service]
+ExecStart=
+ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry=nexus3.onap.org:10001
+EOF
+
+sudo usermod -aG docker ubuntu
+
+systemctl daemon-reload
+systemctl restart docker
+apt-mark hold docker-ce
+
+IP_ADDR=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'`
+HOSTNAME=`hostname`
+
+echo "$IP_ADDR $HOSTNAME" >> /etc/hosts
+
+docker login -u docker -p docker nexus3.onap.org:10001
+
+sudo apt-get install make -y
+
+# install nfs
+sudo apt-get install nfs-common -y
+
+
+exit 0
diff --git a/test/security/k8s/vagrant/dublin/Vagrantfile b/test/security/k8s/vagrant/dublin/Vagrantfile
new file mode 100644
index 000000000..dc5580944
--- /dev/null
+++ b/test/security/k8s/vagrant/dublin/Vagrantfile
@@ -0,0 +1,71 @@
+# -*- mode: ruby -*-
+# -*- coding: utf-8 -*-
+
+host_ip = "192.168.121.1"
+operator_key = "~/.ssh/onap-key"
+
+vm_memory = 2 * 1024
+vm_cpus = 1
+vm_box = "generic/ubuntu1804"
+
+operation = { name: 'operator', hostname: 'operator', ip: '172.17.0.254' }
+cluster = [
+ { name: 'control', hostname: 'control', ip: '172.17.0.100' },
+ { name: 'worker', hostname: 'worker', ip: '172.17.0.101' }
+]
+
+all = cluster.dup << operation
+
+Vagrant.configure('2') do |config|
+ all.each do |machine|
+ config.vm.define machine[:name] do |config|
+ config.vm.box = vm_box
+ config.vm.hostname = machine[:hostname]
+
+ config.vm.provider :virtualbox do |v|
+ v.name = machine[:name]
+ v.memory = vm_memory
+ v.cpus = vm_cpus
+ end
+
+ config.vm.provider :libvirt do |v|
+ v.memory = vm_memory
+ v.cpus = vm_cpus
+ end
+
+ config.vm.network :private_network, ip: machine[:ip]
+ config.vm.provision :shell, inline: <<-SHELL
+ rm -f /etc/resolv.conf # drop its dynamic management by systemd-resolved
+ echo nameserver #{host_ip} | tee /etc/resolv.conf
+ SHELL
+
+ if machine[:name] == 'control'
+ config.vm.provision :shell, path: "../../tools/dublin/imported/openstack-k8s-controlnode.sh"
+ end
+
+ if machine[:name] == 'worker'
+ config.vm.provision :shell, path: "../../tools/dublin/imported/openstack-k8s-workernode.sh"
+ end
+
+ if machine[:name] == 'operator'
+ config.vm.provision :shell, path: "../../tools/dublin/get_rke.sh"
+
+ config.vm.provision :shell, inline: <<-SHELL
+ apt-get update
+ apt-get install sshpass
+ SHELL
+ config.vm.provision :shell, privileged: false, inline: <<-SHELL
+ ssh-keygen -q -b 4096 -t rsa -f #{operator_key} -N ""
+ SHELL
+
+ ips = ""
+ cluster.each { |node| ips << node[:ip] << " " }
+ config.vm.provision :shell, privileged: false, inline: <<-SHELL
+ for ip in #{ips}; do
+ sshpass -p vagrant ssh-copy-id -o StrictHostKeyChecking=no -i #{operator_key} "$ip"
+ done
+ SHELL
+ end
+ end
+ end
+end
--
cgit 1.2.3-korg