From b7f08110865e5e79cf018a6ab9d80f3e7dec20af Mon Sep 17 00:00:00 2001 From: Pawel Wieczorek Date: Fri, 19 Jul 2019 19:10:07 +0200 Subject: k8s: Add virtual environment for Dublin Default cluster nodes customization scripts were extracted in the same manner as those for Casablanca release [1]. Constraints still apply. [1] SHA-1: ea8bc1a719a36c89e7eae42080b1835e5ef0c28d (Change-Id: I57f9f3caac0e8b391e9ed480f6bebba98e006882) Issue-ID: SECCOM-235 Change-Id: I54ada5fade3b984dedd1715f20579e3ce901faa3 Signed-off-by: Pawel Wieczorek --- .../k8s/tools/dublin/get_customization_scripts.sh | 5 ++ test/security/k8s/tools/dublin/get_rke.sh | 23 +++++++ .../dublin/imported/openstack-k8s-controlnode.sh | 31 ++++++++++ .../dublin/imported/openstack-k8s-workernode.sh | 34 +++++++++++ test/security/k8s/vagrant/dublin/Vagrantfile | 71 ++++++++++++++++++++++ 5 files changed, 164 insertions(+) create mode 100755 test/security/k8s/tools/dublin/get_customization_scripts.sh create mode 100755 test/security/k8s/tools/dublin/get_rke.sh create mode 100644 test/security/k8s/tools/dublin/imported/openstack-k8s-controlnode.sh create mode 100644 test/security/k8s/tools/dublin/imported/openstack-k8s-workernode.sh create mode 100644 test/security/k8s/vagrant/dublin/Vagrantfile (limited to 'test/security') diff --git a/test/security/k8s/tools/dublin/get_customization_scripts.sh b/test/security/k8s/tools/dublin/get_customization_scripts.sh new file mode 100755 index 000000000..a99b10288 --- /dev/null +++ b/test/security/k8s/tools/dublin/get_customization_scripts.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash + +wget \ + 'https://docs.onap.org/en/dublin/_downloads/4d5001735f875448b25f11e270d5bc5a/openstack-k8s-controlnode.sh' \ + 'https://docs.onap.org/en/dublin/_downloads/53998444dcd1b6a8b7396f7f2d35d21e/openstack-k8s-workernode.sh' diff --git a/test/security/k8s/tools/dublin/get_rke.sh b/test/security/k8s/tools/dublin/get_rke.sh new file mode 100755 index 000000000..ffa5c707e --- /dev/null +++ b/test/security/k8s/tools/dublin/get_rke.sh @@ -0,0 +1,23 @@ +#!/usr/bin/env bash + +# Constants +DEFAULT_VERSION='v0.2.1' +DEFAULT_ARCH='amd64' +DEFAULT_SYSTEM='linux' + +# Variables +VERSION="${1:-$DEFAULT_VERSION}" +ARCH="${2:-$DEFAULT_ARCH}" +SYSTEM="${3:-$DEFAULT_SYSTEM}" + +BINARY="rke_${SYSTEM}-${ARCH}" +URL="https://github.com/rancher/rke/releases/download/${VERSION}/${BINARY}" + + +# Prerequistes +wget "$URL" +chmod +x "${BINARY}" + +# Installation +echo '# Privilege elevation needed to move RKE binary to /usr/local/bin' +sudo mv "${BINARY}" "/usr/local/bin/${BINARY%%_*}" # this also renames binary to "rke" diff --git a/test/security/k8s/tools/dublin/imported/openstack-k8s-controlnode.sh b/test/security/k8s/tools/dublin/imported/openstack-k8s-controlnode.sh new file mode 100644 index 000000000..1d230c2da --- /dev/null +++ b/test/security/k8s/tools/dublin/imported/openstack-k8s-controlnode.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +DOCKER_VERSION=18.09.5 + +apt-get update + +curl https://releases.rancher.com/install-docker/$DOCKER_VERSION.sh | sh +mkdir -p /etc/systemd/system/docker.service.d/ +cat > /etc/systemd/system/docker.service.d/docker.conf << EOF +[Service] +ExecStart= +ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry=nexus3.onap.org:10001 +EOF + +sudo usermod -aG docker ubuntu + +systemctl daemon-reload +systemctl restart docker +apt-mark hold docker-ce + +IP_ADDR=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'` +HOSTNAME=`hostname` + +echo "$IP_ADDR $HOSTNAME" >> /etc/hosts + +docker login -u docker -p docker nexus3.onap.org:10001 + +sudo apt-get install make -y + + +exit 0 diff --git a/test/security/k8s/tools/dublin/imported/openstack-k8s-workernode.sh b/test/security/k8s/tools/dublin/imported/openstack-k8s-workernode.sh new file mode 100644 index 000000000..3f32d050a --- /dev/null +++ b/test/security/k8s/tools/dublin/imported/openstack-k8s-workernode.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +DOCKER_VERSION=18.09.5 + +apt-get update + +curl https://releases.rancher.com/install-docker/$DOCKER_VERSION.sh | sh +mkdir -p /etc/systemd/system/docker.service.d/ +cat > /etc/systemd/system/docker.service.d/docker.conf << EOF +[Service] +ExecStart= +ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry=nexus3.onap.org:10001 +EOF + +sudo usermod -aG docker ubuntu + +systemctl daemon-reload +systemctl restart docker +apt-mark hold docker-ce + +IP_ADDR=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'` +HOSTNAME=`hostname` + +echo "$IP_ADDR $HOSTNAME" >> /etc/hosts + +docker login -u docker -p docker nexus3.onap.org:10001 + +sudo apt-get install make -y + +# install nfs +sudo apt-get install nfs-common -y + + +exit 0 diff --git a/test/security/k8s/vagrant/dublin/Vagrantfile b/test/security/k8s/vagrant/dublin/Vagrantfile new file mode 100644 index 000000000..dc5580944 --- /dev/null +++ b/test/security/k8s/vagrant/dublin/Vagrantfile @@ -0,0 +1,71 @@ +# -*- mode: ruby -*- +# -*- coding: utf-8 -*- + +host_ip = "192.168.121.1" +operator_key = "~/.ssh/onap-key" + +vm_memory = 2 * 1024 +vm_cpus = 1 +vm_box = "generic/ubuntu1804" + +operation = { name: 'operator', hostname: 'operator', ip: '172.17.0.254' } +cluster = [ + { name: 'control', hostname: 'control', ip: '172.17.0.100' }, + { name: 'worker', hostname: 'worker', ip: '172.17.0.101' } +] + +all = cluster.dup << operation + +Vagrant.configure('2') do |config| + all.each do |machine| + config.vm.define machine[:name] do |config| + config.vm.box = vm_box + config.vm.hostname = machine[:hostname] + + config.vm.provider :virtualbox do |v| + v.name = machine[:name] + v.memory = vm_memory + v.cpus = vm_cpus + end + + config.vm.provider :libvirt do |v| + v.memory = vm_memory + v.cpus = vm_cpus + end + + config.vm.network :private_network, ip: machine[:ip] + config.vm.provision :shell, inline: <<-SHELL + rm -f /etc/resolv.conf # drop its dynamic management by systemd-resolved + echo nameserver #{host_ip} | tee /etc/resolv.conf + SHELL + + if machine[:name] == 'control' + config.vm.provision :shell, path: "../../tools/dublin/imported/openstack-k8s-controlnode.sh" + end + + if machine[:name] == 'worker' + config.vm.provision :shell, path: "../../tools/dublin/imported/openstack-k8s-workernode.sh" + end + + if machine[:name] == 'operator' + config.vm.provision :shell, path: "../../tools/dublin/get_rke.sh" + + config.vm.provision :shell, inline: <<-SHELL + apt-get update + apt-get install sshpass + SHELL + config.vm.provision :shell, privileged: false, inline: <<-SHELL + ssh-keygen -q -b 4096 -t rsa -f #{operator_key} -N "" + SHELL + + ips = "" + cluster.each { |node| ips << node[:ip] << " " } + config.vm.provision :shell, privileged: false, inline: <<-SHELL + for ip in #{ips}; do + sshpass -p vagrant ssh-copy-id -o StrictHostKeyChecking=no -i #{operator_key} "$ip" + done + SHELL + end + end + end +end -- cgit 1.2.3-korg