From f4e4ed472268a1804d3c30e09dcd115c63cb58a5 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 23 Aug 2019 13:12:00 +0200 Subject: [PATCH] automated the selection of a platform - platform restriction --- Pipfile | 1 - Pipfile.template | 35 -------- molecule/default/molecule.yml | 27 +----- molecule/default/molecule.yml.template | 47 +++++++++++ molecule/elasticsearch/molecule.yml | 30 +------ molecule/elasticsearch/molecule.yml.template | 57 +++++++++++++ molecule/elasticsearch/playbook.yml | 2 +- molecule/kibana/molecule.yml | 2 +- molecule/kibana/molecule.yml.template | 64 ++++++++++++++ molecule/kibana/playbook.yml | 2 +- molecule/wazuh-agent/molecule.yml.template | 89 ++++++++++++++++++++ molecule/wazuh-agent/playbook.yml.template | 18 ++++ molecule/worker/molecule.yml | 28 +----- molecule/worker/molecule.yml.template | 54 ++++++++++++ run_cluster_mode.sh | 30 +++++-- 15 files changed, 359 insertions(+), 127 deletions(-) delete mode 100644 Pipfile.template create mode 100644 molecule/default/molecule.yml.template create mode 100644 molecule/elasticsearch/molecule.yml.template create mode 100644 molecule/kibana/molecule.yml.template create mode 100644 molecule/wazuh-agent/molecule.yml.template create mode 100644 molecule/wazuh-agent/playbook.yml.template create mode 100644 molecule/worker/molecule.yml.template diff --git a/Pipfile b/Pipfile index 2659fa8f..6f709455 100644 --- a/Pipfile +++ b/Pipfile @@ -33,4 +33,3 @@ destroy_worker ="molecule destroy -s worker" destroy_agent ="molecule destroy -s agent" destroy_elasticsearch ="molecule destroy -s elasticsearch" destroy_kibana ="molecule destroy -s kibana" - diff --git a/Pipfile.template b/Pipfile.template deleted file mode 100644 index 8cb94bdf..00000000 --- a/Pipfile.template +++ /dev/null @@ -1,35 +0,0 @@ -[[source]] -url = "https://pypi.org/simple" -verify_ssl = true -name = "pypi" - -[packages] -docker-py = "*" -ansible = "==2.7.13" -molecule = "==2.20.2" - -[dev-packages] - -[requires] -python_version = "2.7" - -[scripts] -test ="molecule test --destroy=never --platform _PLATFORM_" -worker ="molecule test -s worker --destroy=never --platform _PLATFORM_" -agent ="molecule test -s wazuh-agent --destroy=never --platform _PLATFORM_" -elasticsearch ="molecule test -s elasticsearch --destroy=never --platform _PLATFORM_" -kibana ="molecule test -s kibana --destroy=never --platform _PLATFORM_" - -# Verify .. -verify ="molecule verify" -verify_worker ="molecule verify -s worker" -verify_agent ="molecule verify -s agent" -verify_elasticsearch ="molecule verify -s elasticsearch" -verify_kibana ="molecule verify -s kibana" - -# Destroy .. -destroy ="molecule destroy" -destroy_worker ="molecule destroy -s worker" -destroy_agent ="molecule destroy -s agent" -destroy_elasticsearch ="molecule destroy -s elasticsearch" -destroy_kibana ="molecule destroy -s kibana" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 7fcb33da..2561f1ac 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -6,7 +6,7 @@ driver: lint: name: yamllint enabled: false -platforms: +bionics: - name: manager_bionic image: solita/ubuntu-systemd:bionic command: /sbin/init @@ -14,31 +14,6 @@ platforms: - nofile:262144:262144 privileged: true memory_reservation: 2048m - - name: manager_xenial - image: solita/ubuntu-systemd:xenial - privileged: true - memory_reservation: 2048m - command: /sbin/init - ulimits: - - nofile:262144:262144 -# - name: trusty -# image: ubuntu:trusty -# privileged: true -# memory_reservation: 2048m -# ulimits: -# - nofile:262144:262144 -# - name: centos6 -# image: centos:6 -# privileged: true -# memory_reservation: 2048m -# ulimits: -# - nofile:262144:262144 - - name: manager_centos7 - image: milcom/centos7-systemd - memory_reservation: 2048m - privileged: true - ulimits: - - nofile:262144:262144 provisioner: name: ansible config_options: diff --git a/molecule/default/molecule.yml.template b/molecule/default/molecule.yml.template new file mode 100644 index 00000000..9e67505d --- /dev/null +++ b/molecule/default/molecule.yml.template @@ -0,0 +1,47 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + enabled: false +platforms: + - name: manager_platform_ + image: imagename + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 2048m +provisioner: + name: ansible + config_options: + defaults: + hash_behaviour: merge + env: + ANSIBLE_ROLES_PATH: ../../roles + lint: + name: ansible-lint + enabled: true +scenario: + name: default + test_sequence: + - lint + - dependency + - cleanup + - destroy + - syntax + - create + - prepare + - converge + #- idempotence + - side_effect + - verify + - cleanup + - destroy +verifier: + name: testinfra + lint: + name: flake8 + enabled: true diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index 564bf371..11d8902f 100644 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -8,40 +8,14 @@ lint: options: config-data: ignore: .virtualenv -platforms: - - name: elasticsearch +bionics: + - name: elasticsearch_bionic image: solita/ubuntu-systemd:bionic command: /sbin/init ulimits: - nofile:262144:262144 privileged: true memory_reservation: 2048m - - #- name: xenial - # image: solita/ubuntu-systemd:xenial - # privileged: true - # memory_reservation: 2048m - # command: /sbin/init - # ulimits: - # - nofile:262144:262144 - #- name: trusty - #image: ubuntu:trusty - #privileged: true - #memory_reservation: 2048m - #ulimits: - #- nofile:262144:262144 - #- name: centos6 - # image: centos:6 - # privileged: true - # memory_reservation: 2048m - # ulimits: - # - nofile:262144:262144 - #- name: centos7 - # image: milcom/centos7-systemd - # memory_reservation: 2048m - # privileged: true - # ulimits: - # - nofile:262144:262144 provisioner: name: ansible config_options: diff --git a/molecule/elasticsearch/molecule.yml.template b/molecule/elasticsearch/molecule.yml.template new file mode 100644 index 00000000..abb9bcec --- /dev/null +++ b/molecule/elasticsearch/molecule.yml.template @@ -0,0 +1,57 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + options: + config-data: + ignore: .virtualenv +platforms: + - name: elasticsearch_platform_ + image: imagename + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 2048m +provisioner: + name: ansible + config_options: + defaults: + hash_behaviour: merge + playbooks: + docker: + create: ../default/create.yml + destroy: ../default/destroy.yml + prepare: ../default/prepare.yml + env: + ANSIBLE_ROLES_PATH: ../../roles + lint: + name: ansible-lint + enabled: true + inventory: + group_vars: + all: + elasticsearch_jvm_xms: 512 +scenario: + name: elasticsearch + test_sequence: + - lint + - dependency + - cleanup + - destroy + - syntax + - create + - prepare + - converge + #- idempotence + - side_effect + - verify + - cleanup + - destroy +verifier: + name: testinfra + lint: + name: flake8 diff --git a/molecule/elasticsearch/playbook.yml b/molecule/elasticsearch/playbook.yml index 0b2f9d5a..6b5c44f8 100644 --- a/molecule/elasticsearch/playbook.yml +++ b/molecule/elasticsearch/playbook.yml @@ -3,4 +3,4 @@ hosts: all roles: - role: elastic-stack/ansible-elasticsearch - elasticsearch_network_host: 'elasticsearch_platform' + elasticsearch_network_host: 'elasticsearch_bionic' diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml index 96c4ae6f..ecd11c49 100644 --- a/molecule/kibana/molecule.yml +++ b/molecule/kibana/molecule.yml @@ -8,7 +8,7 @@ lint: options: config-data: ignore: .virtualenv -platforms: +bionics: - name: kibana_bionic image: solita/ubuntu-systemd:bionic command: /sbin/init diff --git a/molecule/kibana/molecule.yml.template b/molecule/kibana/molecule.yml.template new file mode 100644 index 00000000..74dddec2 --- /dev/null +++ b/molecule/kibana/molecule.yml.template @@ -0,0 +1,64 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + options: + config-data: + ignore: .virtualenv +platforms: + - name: kibana_platform_ + image: imagename + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 1024m + - name: kibana_xenial + image: solita/ubuntu-systemd:xenial + privileged: true + memory_reservation: 1024m + command: /sbin/init + ulimits: + - nofile:262144:262144 +# - name: trusty +# image: ubuntu:trusty +# memory_reservation: 1024m +# ulimits: +# - nofile:262144:262144 +# - name: centos6 +# image: centos:6 +# privileged: true +# memory_reservation: 1024m +# ulimits: +# - nofile:262144:262144 + - name: kibana_centos7 + image: milcom/centos7-systemd + memory_reservation: 1024m + privileged: true + ulimits: + - nofile:262144:262144 +provisioner: + name: ansible + config_options: + defaults: + hash_behaviour: merge + playbooks: + docker: + create: ../default/create.yml + destroy: ../default/destroy.yml + env: + ANSIBLE_ROLES_PATH: ../../roles + lint: + name: ansible-lint + enabled: true + inventory: + group_vars: + all: + elasticsearch_jvm_xms: 256 +verifier: + name: testinfra + lint: + name: flake8 diff --git a/molecule/kibana/playbook.yml b/molecule/kibana/playbook.yml index b166ac28..6af17723 100644 --- a/molecule/kibana/playbook.yml +++ b/molecule/kibana/playbook.yml @@ -3,4 +3,4 @@ hosts: all roles: - role: elastic-stack/ansible-kibana - elasticsearch_network_host: 'elasticsearch_platform' \ No newline at end of file + elasticsearch_network_host: 'elasticsearch_bionic' \ No newline at end of file diff --git a/molecule/wazuh-agent/molecule.yml.template b/molecule/wazuh-agent/molecule.yml.template new file mode 100644 index 00000000..a0b050b1 --- /dev/null +++ b/molecule/wazuh-agent/molecule.yml.template @@ -0,0 +1,89 @@ +--- +dependency: + name: galaxy +driver: + name: docker + #lint: + # name: yamllint +lint: + name: yamllint + options: + config-data: + ignore: .virtualenv +platforms: + #- name: wazuh_server_centos7 + # image: milcom/centos7-systemd + # networks: + # - name: wazuh + # privileged: true + # groups: + # - manager + - name: wazuh_agent_bionic + image: ubuntu:bionic + networks: + - name: wazuh + groups: + - agent + #- name: wazuh_agent_xenial + # image: solita/ubuntu-systemd:xenial + # privileged: true + # command: /sbin/init + # networks: + # - name: wazuh + # groups: + # - agent + #- name: wazuh_agent_trusty + # image: ubuntu:trusty + # networks: + # - name: wazuh + # groups: + # - agent + #- name: wazuh_agent_centos6 + # image: centos:6 + # networks: + # - name: wazuh + # groups: + # - agent + #- name: wazuh_agent_centos7 + # image: milcom/centos7-systemd + # privileged: true + # networks: + # - name: wazuh + # groups: + # - agent +provisioner: + name: ansible + config_options: + defaults: + hash_behaviour: merge + playbooks: + docker: + create: ../default/create.yml + destroy: ../default/destroy.yml + env: + ANSIBLE_ROLES_PATH: ../../roles + inventory: + group_vars: + agent: + api_pass: password + wazuh_managers: + - address: "{{ wazuh_manager_ip }}" + port: 1514 + protocol: tcp + api_port: 55000 + api_proto: 'http' + api_user: null + wazuh_agent_authd: + enable: true + port: 1515 + ssl_agent_ca: null + ssl_agent_cert: null + ssl_agent_key: null + ssl_auto_negotiate: 'no' + lint: + name: ansible-lint + enabled: true +verifier: + name: testinfra + lint: + name: flake8 diff --git a/molecule/wazuh-agent/playbook.yml.template b/molecule/wazuh-agent/playbook.yml.template new file mode 100644 index 00000000..4feac0c2 --- /dev/null +++ b/molecule/wazuh-agent/playbook.yml.template @@ -0,0 +1,18 @@ +--- +- name: Converge + hosts: all + roles: + - role: wazuh/ansible-wazuh-agent + vars: + wazuh_managers: + - address: 'manager_platform' + port: 1514 + protocol: tcp + api_port: 55000 + api_proto: 'http' + api_user: ansible + wazuh_agent_authd: + enable: true + port: 1515 + ssl_agent_ca: null + ssl_auto_negotiate: 'no' diff --git a/molecule/worker/molecule.yml b/molecule/worker/molecule.yml index 894b9453..61c07c69 100644 --- a/molecule/worker/molecule.yml +++ b/molecule/worker/molecule.yml @@ -8,7 +8,7 @@ lint: options: config-data: ignore: .virtualenv -platforms: +bionics: - name: worker_bionic image: solita/ubuntu-systemd:bionic command: /sbin/init @@ -16,31 +16,7 @@ platforms: - nofile:262144:262144 privileged: true memory_reservation: 2048m - - name: worker_xenial - image: solita/ubuntu-systemd:xenial - privileged: true - memory_reservation: 2048m - command: /sbin/init - ulimits: - - nofile:262144:262144 - - name: trusty - #image: ubuntu:trusty - #privileged: true - #memory_reservation: 2048m - #ulimits: - #- nofile:262144:262144 - #- name: centos6 - # image: centos:6 - # privileged: true - # memory_reservation: 2048m - # ulimits: - # - nofile:262144:262144 - - name: worker_centos7 - image: milcom/centos7-systemd - memory_reservation: 2048m - privileged: true - ulimits: - - nofile:262144:262144 + provisioner: name: ansible config_options: diff --git a/molecule/worker/molecule.yml.template b/molecule/worker/molecule.yml.template new file mode 100644 index 00000000..1b2bd85e --- /dev/null +++ b/molecule/worker/molecule.yml.template @@ -0,0 +1,54 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + options: + config-data: + ignore: .virtualenv +platforms: + - name: worker_platform_ + image: imagename + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 2048m + +provisioner: + name: ansible + config_options: + defaults: + hash_behaviour: merge + playbooks: + docker: + create: ../default/create.yml + destroy: ../default/destroy.yml + prepare: ../default/prepare.yml + env: + ANSIBLE_ROLES_PATH: ../../roles + lint: + name: ansible-lint + enabled: true +scenario: + name: worker + test_sequence: + - lint + - dependency + - cleanup + - destroy + - syntax + - create + - prepare + - converge + #- idempotence + - side_effect + - verify + - cleanup + - destroy +verifier: + name: testinfra + lint: + name: flake8 diff --git a/run_cluster_mode.sh b/run_cluster_mode.sh index ba9e6af7..4803542d 100644 --- a/run_cluster_mode.sh +++ b/run_cluster_mode.sh @@ -1,24 +1,38 @@ #!/bin/bash paths=( "molecule/default/" "molecule/worker/" "molecule/elasticsearch/" "molecule/kibana/" ) +images=( "solita/ubuntu-systemd:bionic" "solita/ubuntu-systemd:xenial" "milcom/centos7-systemd" "ubuntu:trusty" "centos:6" ) +platform=( "bionic" "xenial" "centos7" "trusty" "centos6" ) -if [ -z "$1" ] +echo "Please select an image. " + +select IMAGE in "${images[@]}"; +do + echo "You picked $IMAGE ($REPLY)" + break +done + +index=$(($REPLY - 1)) + +if [ -z "$IMAGE" ] then echo "Platform not selected. Please select a platform of [bionuc, xenial or centos7]. => Aborting" echo "Run Instruction: ./run_cluster_mode.sh " exit else - for i in "${paths[@]}" - do + for i in "${paths[@]}" + do cp "$i/playbook.yml.template" "$i/playbook.yml" - sed -i "s/platform/$1/g" "$i/playbook.yml" - done + sed -i "s/platform/${platform[$index]}/g" "$i/playbook.yml" - cp Pipfile.template Pipfile - sed -i "s/_PLATFORM_/$1/g" Pipfile + cp "$i/molecule.yml.template" "$i/molecule.yml" + sed -i "s|imagename|${images[$index]}|g" "$i/molecule.yml" + sed -i "s/platform_/${platform[$index]}/g" "$i/molecule.yml" + + done fi sudo pipenv run elasticsearch sudo pipenv run test -sudo pipenv run agent +sudo pipenv run worker sudo pipenv run kibana \ No newline at end of file