automated the selection of a platform - platform restriction

2019-08-23 13:12:00 +02:00 · 2019-08-23 13:12:00 +02:00 · f4e4ed4722
commit f4e4ed4722
parent 3de387b358
15 changed files with 359 additions and 127 deletions
--- a/1
+++ b/1
@ -33,4 +33,3 @@ destroy_worker ="molecule destroy -s worker"
 destroy_agent ="molecule destroy -s agent"
 destroy_elasticsearch ="molecule destroy -s elasticsearch"
 destroy_kibana ="molecule destroy -s kibana"
-
--- a/Pipfile.template
+++ b/Pipfile.template
@ -1,35 +0,0 @@
-[[source]]
-url = "https://pypi.org/simple"
-verify_ssl = true
-name = "pypi"
-
-[packages]
-docker-py = "*"
-ansible = "==2.7.13"
-molecule = "==2.20.2"
-
-[dev-packages]
-
-[requires]
-python_version = "2.7"
-
-[scripts]
-test ="molecule test --destroy=never --platform _PLATFORM_"
-worker ="molecule test -s worker --destroy=never --platform _PLATFORM_"
-agent ="molecule test -s wazuh-agent --destroy=never --platform _PLATFORM_"
-elasticsearch ="molecule test -s elasticsearch  --destroy=never --platform _PLATFORM_"
-kibana ="molecule test -s kibana --destroy=never --platform _PLATFORM_"
-
-# Verify ..
-verify ="molecule verify"
-verify_worker ="molecule verify -s worker"
-verify_agent ="molecule verify -s agent"
-verify_elasticsearch ="molecule verify -s elasticsearch"
-verify_kibana ="molecule verify -s kibana"
-
-# Destroy ..
-destroy ="molecule destroy"
-destroy_worker ="molecule destroy -s worker"
-destroy_agent ="molecule destroy -s agent"
-destroy_elasticsearch ="molecule destroy -s elasticsearch"
-destroy_kibana ="molecule destroy -s kibana"
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@ -6,7 +6,7 @@ driver:
 lint:
  name: yamllint
  enabled: false
-platforms:
+bionics:
  - name: manager_bionic
    image: solita/ubuntu-systemd:bionic
    command: /sbin/init
@ -14,31 +14,6 @@ platforms:
      - nofile:262144:262144
    privileged: true
    memory_reservation: 2048m
-  - name: manager_xenial
-    image: solita/ubuntu-systemd:xenial
-    privileged: true
-    memory_reservation: 2048m
-    command: /sbin/init
-    ulimits:
-      - nofile:262144:262144
-#  - name: trusty
-#    image: ubuntu:trusty
-#    privileged: true
-#    memory_reservation: 2048m
-#    ulimits:
-#      - nofile:262144:262144
-#  - name: centos6
-#    image: centos:6
-#    privileged: true
-#    memory_reservation: 2048m
-#    ulimits:
-#      - nofile:262144:262144
-  - name: manager_centos7
-    image: milcom/centos7-systemd
-    memory_reservation: 2048m
-    privileged: true
-    ulimits:
-      - nofile:262144:262144
 provisioner:
  name: ansible
  config_options:
--- a/molecule/default/molecule.yml.template
+++ b/molecule/default/molecule.yml.template
@ -0,0 +1,47 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+lint:
+  name: yamllint
+  enabled: false
+platforms:
+  - name: manager_platform_
+    image: imagename
+    command: /sbin/init
+    ulimits:
+      - nofile:262144:262144
+    privileged: true
+    memory_reservation: 2048m
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      hash_behaviour: merge
+  env:
+    ANSIBLE_ROLES_PATH: ../../roles
+  lint:
+    name: ansible-lint
+    enabled: true
+scenario:
+  name: default
+  test_sequence:
+    - lint
+    - dependency
+    - cleanup
+    - destroy
+    - syntax
+    - create
+    - prepare
+    - converge
+    #- idempotence
+    - side_effect
+    - verify
+    - cleanup
+    - destroy
+verifier:
+  name: testinfra
+  lint:
+    name: flake8
+    enabled: true
--- a/molecule/elasticsearch/molecule.yml
+++ b/molecule/elasticsearch/molecule.yml
@ -8,40 +8,14 @@ lint:
  options:
    config-data:
      ignore: .virtualenv
-platforms:
-  - name: elasticsearch
+bionics:
+  - name: elasticsearch_bionic
    image: solita/ubuntu-systemd:bionic
    command: /sbin/init
    ulimits:
      - nofile:262144:262144
    privileged: true
    memory_reservation: 2048m
-    
-  #- name: xenial
-  #  image: solita/ubuntu-systemd:xenial
-  #  privileged: true
-  #  memory_reservation: 2048m
-  #  command: /sbin/init
-  #  ulimits:
-  #    - nofile:262144:262144
-  #- name: trusty
-  #image: ubuntu:trusty
-  #privileged: true
-  #memory_reservation: 2048m
-  #ulimits:
-      #- nofile:262144:262144
-  #- name: centos6
-  #  image: centos:6
-  #  privileged: true
-  #  memory_reservation: 2048m
-  #  ulimits:
-  #    - nofile:262144:262144
-  #- name: centos7
-  #  image: milcom/centos7-systemd
-  #  memory_reservation: 2048m
-  #  privileged: true
-  #  ulimits:
-  #    - nofile:262144:262144
 provisioner:
  name: ansible
  config_options:
--- a/molecule/elasticsearch/molecule.yml.template
+++ b/molecule/elasticsearch/molecule.yml.template
@ -0,0 +1,57 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+lint:
+  name: yamllint
+  options:
+    config-data:
+      ignore: .virtualenv
+platforms:
+  - name: elasticsearch_platform_
+    image: imagename
+    command: /sbin/init
+    ulimits:
+      - nofile:262144:262144
+    privileged: true
+    memory_reservation: 2048m
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      hash_behaviour: merge
+  playbooks:
+    docker:
+      create: ../default/create.yml
+      destroy: ../default/destroy.yml
+      prepare: ../default/prepare.yml
+  env:
+    ANSIBLE_ROLES_PATH: ../../roles
+  lint:
+    name: ansible-lint
+    enabled: true
+  inventory:
+    group_vars:
+      all:
+        elasticsearch_jvm_xms: 512
+scenario:
+  name: elasticsearch
+  test_sequence:
+    - lint
+    - dependency
+    - cleanup
+    - destroy
+    - syntax
+    - create
+    - prepare
+    - converge
+    #- idempotence
+    - side_effect
+    - verify
+    - cleanup
+    - destroy
+verifier:
+  name: testinfra
+  lint:
+    name: flake8
--- a/molecule/elasticsearch/playbook.yml
+++ b/molecule/elasticsearch/playbook.yml
@ -3,4 +3,4 @@
  hosts: all
  roles:
    - role: elastic-stack/ansible-elasticsearch
-      elasticsearch_network_host: 'elasticsearch_platform'
+      elasticsearch_network_host: 'elasticsearch_bionic'
--- a/molecule/kibana/molecule.yml
+++ b/molecule/kibana/molecule.yml
@ -8,7 +8,7 @@ lint:
  options:
    config-data:
      ignore: .virtualenv
-platforms:
+bionics:
  - name: kibana_bionic
    image: solita/ubuntu-systemd:bionic
    command: /sbin/init
--- a/molecule/kibana/molecule.yml.template
+++ b/molecule/kibana/molecule.yml.template
@ -0,0 +1,64 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+lint:
+  name: yamllint
+  options:
+    config-data:
+      ignore: .virtualenv
+platforms:
+  - name: kibana_platform_
+    image: imagename
+    command: /sbin/init
+    ulimits:
+      - nofile:262144:262144
+    privileged: true
+    memory_reservation: 1024m
+  - name: kibana_xenial
+    image: solita/ubuntu-systemd:xenial
+    privileged: true
+    memory_reservation: 1024m
+    command: /sbin/init
+    ulimits:
+      - nofile:262144:262144
+#  - name: trusty
+#    image: ubuntu:trusty
+#    memory_reservation: 1024m
+#    ulimits:
+#      - nofile:262144:262144
+#  - name: centos6
+#    image: centos:6
+#    privileged: true
+#    memory_reservation: 1024m
+#    ulimits:
+#      - nofile:262144:262144
+  - name: kibana_centos7
+    image: milcom/centos7-systemd
+    memory_reservation: 1024m
+    privileged: true
+    ulimits:
+      - nofile:262144:262144
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      hash_behaviour: merge
+  playbooks:
+    docker:
+      create: ../default/create.yml
+      destroy: ../default/destroy.yml
+  env:
+    ANSIBLE_ROLES_PATH: ../../roles
+  lint:
+    name: ansible-lint
+    enabled: true
+  inventory:
+    group_vars:
+      all:
+        elasticsearch_jvm_xms: 256
+verifier:
+  name: testinfra
+  lint:
+    name: flake8
--- a/molecule/kibana/playbook.yml
+++ b/molecule/kibana/playbook.yml
@ -3,4 +3,4 @@
  hosts: all
  roles:
    - role: elastic-stack/ansible-kibana
-      elasticsearch_network_host: 'elasticsearch_platform'
+      elasticsearch_network_host: 'elasticsearch_bionic'
--- a/molecule/wazuh-agent/molecule.yml.template
+++ b/molecule/wazuh-agent/molecule.yml.template
@ -0,0 +1,89 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+  #lint:
+  #  name: yamllint
+lint:
+  name: yamllint
+  options:
+    config-data:
+      ignore: .virtualenv
+platforms:
+  #- name: wazuh_server_centos7
+  #  image: milcom/centos7-systemd
+  #  networks:
+  #    - name: wazuh
+  #  privileged: true
+  #  groups:
+  #    - manager
+  - name: wazuh_agent_bionic
+    image: ubuntu:bionic
+    networks:
+      - name: wazuh
+    groups:
+      - agent
+  #- name: wazuh_agent_xenial
+  #  image: solita/ubuntu-systemd:xenial
+  #  privileged: true
+  #  command: /sbin/init
+  #  networks:
+  #    - name: wazuh
+  #  groups:
+  #    - agent
+  #- name: wazuh_agent_trusty
+  #  image: ubuntu:trusty
+  #  networks:
+  #    - name: wazuh
+  #  groups:
+  #    - agent
+  #- name: wazuh_agent_centos6
+  #  image: centos:6
+  #  networks:
+  #    - name: wazuh
+  #  groups:
+  #    - agent
+  #- name: wazuh_agent_centos7
+  #  image: milcom/centos7-systemd
+  #  privileged: true
+  #  networks:
+  #    - name: wazuh
+  #  groups:
+  #    - agent
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      hash_behaviour: merge
+  playbooks:
+    docker:
+      create: ../default/create.yml
+      destroy: ../default/destroy.yml
+  env:
+    ANSIBLE_ROLES_PATH: ../../roles
+  inventory:
+    group_vars:
+      agent:
+        api_pass: password
+        wazuh_managers:
+          - address: "{{ wazuh_manager_ip }}"
+            port: 1514
+            protocol: tcp
+            api_port: 55000
+            api_proto: 'http'
+            api_user: null
+        wazuh_agent_authd:
+          enable: true
+          port: 1515
+          ssl_agent_ca: null
+          ssl_agent_cert: null
+          ssl_agent_key: null
+          ssl_auto_negotiate: 'no'
+  lint:
+    name: ansible-lint
+    enabled: true
+verifier:
+  name: testinfra
+  lint:
+    name: flake8
--- a/molecule/wazuh-agent/playbook.yml.template
+++ b/molecule/wazuh-agent/playbook.yml.template
@ -0,0 +1,18 @@
+---
+- name: Converge
+  hosts: all
+  roles:
+    - role: wazuh/ansible-wazuh-agent
+  vars:
+    wazuh_managers:
+      - address: 'manager_platform'
+        port: 1514
+        protocol: tcp
+        api_port: 55000
+        api_proto: 'http'
+        api_user: ansible
+    wazuh_agent_authd:
+      enable: true
+      port: 1515
+      ssl_agent_ca: null
+      ssl_auto_negotiate: 'no'    
--- a/molecule/worker/molecule.yml
+++ b/molecule/worker/molecule.yml
@ -8,7 +8,7 @@ lint:
  options:
    config-data:
      ignore: .virtualenv
-platforms:
+bionics:
  - name: worker_bionic
    image: solita/ubuntu-systemd:bionic
    command: /sbin/init
@ -16,31 +16,7 @@ platforms:
      - nofile:262144:262144
    privileged: true
    memory_reservation: 2048m
-  - name: worker_xenial
-    image: solita/ubuntu-systemd:xenial
-    privileged: true
-    memory_reservation: 2048m
-    command: /sbin/init
-    ulimits:
-      - nofile:262144:262144
-  - name: trusty
-  #image: ubuntu:trusty
-  #privileged: true
-  #memory_reservation: 2048m
-  #ulimits:
-      #- nofile:262144:262144
-  #- name: centos6
-  #  image: centos:6
-  #  privileged: true
-  #  memory_reservation: 2048m
-  #  ulimits:
-  #    - nofile:262144:262144
-  - name: worker_centos7
-    image: milcom/centos7-systemd
-    memory_reservation: 2048m
-    privileged: true
-    ulimits:
-      - nofile:262144:262144
+
 provisioner:
  name: ansible
  config_options:
--- a/molecule/worker/molecule.yml.template
+++ b/molecule/worker/molecule.yml.template
@ -0,0 +1,54 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+lint:
+  name: yamllint
+  options:
+    config-data:
+      ignore: .virtualenv
+platforms:
+  - name: worker_platform_
+    image: imagename
+    command: /sbin/init
+    ulimits:
+      - nofile:262144:262144
+    privileged: true
+    memory_reservation: 2048m
+
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      hash_behaviour: merge
+  playbooks:
+    docker:
+      create: ../default/create.yml
+      destroy: ../default/destroy.yml
+      prepare: ../default/prepare.yml
+  env:
+    ANSIBLE_ROLES_PATH: ../../roles
+  lint:
+    name: ansible-lint
+    enabled: true
+scenario:
+  name: worker
+  test_sequence:
+    - lint
+    - dependency
+    - cleanup
+    - destroy
+    - syntax
+    - create
+    - prepare
+    - converge
+    #- idempotence
+    - side_effect
+    - verify
+    - cleanup
+    - destroy
+verifier:
+  name: testinfra
+  lint:
+    name: flake8
--- a/run_cluster_mode.sh
+++ b/run_cluster_mode.sh
@ -1,8 +1,20 @@
 #!/bin/bash

 paths=( "molecule/default/" "molecule/worker/" "molecule/elasticsearch/" "molecule/kibana/" )
+images=( "solita/ubuntu-systemd:bionic" "solita/ubuntu-systemd:xenial" "milcom/centos7-systemd" "ubuntu:trusty" "centos:6" )
+platform=( "bionic" "xenial" "centos7" "trusty" "centos6" )

-if [ -z "$1" ]
+echo "Please select an image. "
+
+select IMAGE in "${images[@]}";
+do
+     echo "You picked $IMAGE ($REPLY)"
+     break
+done
+
+index=$(($REPLY - 1))
+
+if [ -z "$IMAGE" ]
 then
      echo "Platform not selected. Please select a platform of [bionuc, xenial or centos7]. => Aborting"
      echo "Run Instruction: ./run_cluster_mode.sh <platform>"
@ -11,14 +23,16 @@ else
        for i in "${paths[@]}"
        do
            cp "$i/playbook.yml.template" "$i/playbook.yml"
-            sed -i "s/platform/$1/g" "$i/playbook.yml"
-      done
+            sed -i "s/platform/${platform[$index]}/g" "$i/playbook.yml"

-      cp Pipfile.template Pipfile
-      sed -i "s/_PLATFORM_/$1/g" Pipfile
+            cp "$i/molecule.yml.template" "$i/molecule.yml"
+            sed -i "s|imagename|${images[$index]}|g" "$i/molecule.yml"
+            sed -i "s/platform_/${platform[$index]}/g" "$i/molecule.yml"    
+
+        done
 fi

 sudo pipenv run elasticsearch
 sudo pipenv run test
-sudo pipenv run agent
+sudo pipenv run worker
 sudo pipenv run kibana