Code Review / integration.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Fix security test case script
[integration.git] / deployment / aks / create_nfs.sh
1 #!/bin/bash
2 # Copyright 2019 AT&T Intellectual Property. All rights reserved.
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7 #
8 #         http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15
16 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
17 NO_PROMPT=0
18 RANDOM_PREFIX="ONAP"
19 RANDOM_STRING="$RANDOM_PREFIX"-`cat /dev/urandom | env LC_CTYPE=C tr -cd 'a-zA-Z0-9' | head -c 4`
20
21
22 NFS_NAME=
23 NFS_RG=
24 NFS_VM_SIZE=
25 NFS_LOCATION=
26 SUBNET_CIDR=
27 ADMIN_USER=
28 BUILD_DIR=
29 NFS_VNET_NAME=
30 PUBLIC_KEY=
31 USER_PUBLIC_IP_PREFIX=
32 NFS_SUBNET_NAME=
33 AKS_POD_CIDR=
34 NFS_DISK_SIZE=
35
36 function check_required_parameter() {
37   # arg1 = parameter
38   # arg2 = parameter name
39   if [ -z "$1" ]; then
40     echo "$2 was not was provided. This parameter is required."
41     exit 1
42   fi
43 }
44
45 function check_optional_paramater() {
46   # arg1 = parameter
47   # arg2 = parameter name
48   if [ -z "$1" ]; then
49     echo "$2"
50   else
51     echo "$1"
52   fi
53 }
54
55
56 while test $# -gt 0; do
57   case "$1" in
58     -h|--help)
59       echo "./create_nfs.sh [options]"
60       echo " "
61       echo " "
62       echo "required:"
63       echo "--public-key                public key to add for admin user [required]"
64       echo "--user-public-ip            public ip that will be granted access to VM [required]"
65       echo "-l, --location              location to deploy VM [required]"
66       echo "-u, --admin-user            admin user to create on VM [required]"
67       echo "--aks-node-cidr             CIDR for Kubernetes nodes [required]. This is used during the NFS deploy to grant access to the NFS server from Kubernetes."
68       echo " "
69       echo "additional options:"
70       echo "-f, --no-prompt             executes with no prompt for confirmation"
71       echo "-h, --help                  provide brief overview of script"
72       echo "-n, --name                  VM name [optional]"
73       echo "-g, --resource-group        resource group that will be created [optional]"
74       echo "-s, --size                  Azure flavor size for VM [optional]"
75       echo "-c, --cidr                  cidr for VNET to create for VM [optional]."
76       echo "-d, --directory             directory to store cloud config data [optional]"
77       echo "--vnet-name                 name of Vnet to create for VM [optional]"
78       echo "--nfs-subnet-name           subnet name created on VNET [optional]"
79       echo "--nfs-disk-size             size of external disk to be mounted on NFS VM [optional]"
80       echo ""
81       exit 0
82       ;;
83     -f|--no-prompt)
84       shift
85       NO_PROMPT=1
86       ;;
87     -n|--name)
88       shift
89       NFS_NAME=$1
90       shift
91       ;;
92     -g|--resource-group)
93       shift
94       NFS_RG=$1
95       shift
96       ;;
97     -s|--size)
98       shift
99       NFS_VM_SIZE=$1
100       shift
101       ;;
102     -l|--location)
103       shift
104       NFS_LOCATION=$1
105       shift
106       ;;
107     -c|--cidr)
108       shift
109       SUBNET_CIDR=$1
110       shift
111       ;;
112     -u|--admin-user)
113       shift
114       ADMIN_USER=$1
115       shift
116       ;;
117     -d|--directory)
118       shift
119       BUILD_DIR=$1
120       shift
121       ;;
122     --vnet-name)
123       shift
124       NFS_VNET_NAME=$1
125       shift
126       ;;
127     --public-key)
128       shift
129       PUBLIC_KEY=$1
130       shift
131       ;;
132     --user-public-ip)
133       shift
134       USER_PUBLIC_IP_PREFIX=$1
135       shift
136       ;;
137     --aks-node-cidr)
138       shift
139       AKS_POD_CIDR=$1
140       shift
141       ;;
142     --nfs-subnet-name)
143       shift
144       NFS_SUBNET_NAME=$1
145       shift
146       ;;
147     --nfs-disk-size)
148       shift
149       NFS_DISK_SIZE=$1
150       shift
151       ;;
152     *)
153       echo "Unknown Argument $1. Try running with --help."
154       exit 0
155       ;;
156   esac
157 done
158
159 check_required_parameter "$ADMIN_USER" "--admin-user"
160 check_required_parameter "$PUBLIC_KEY" "--public-key"
161 check_required_parameter "$NFS_LOCATION" "--location"
162 check_required_parameter "$USER_PUBLIC_IP_PREFIX" "--user-public-ip"
163 check_required_parameter "$AKS_POD_CIDR" "--aks-node-cidr"
164
165 NFS_RG=$(check_optional_paramater "$NFS_RG" $RANDOM_STRING"-NFS-RG")
166 NFS_NAME=$(check_optional_paramater "$NFS_NAME" $RANDOM_STRING"-NFS")
167 NFS_VM_SIZE=$(check_optional_paramater "$NFS_VM_SIZE" "Standard_DS4_v2")
168 SUBNET_CIDR=$(check_optional_paramater "$SUBNET_CIDR" "174.0.0.0/24")
169 BUILD_DIR=$(check_optional_paramater "$BUILD_DIR" /tmp/nfs-$RANDOM_STRING)
170 NFS_VNET_NAME=$(check_optional_paramater "$NFS_VNET_NAME" $RANDOM_STRING"-NFS-VNET")
171 NFS_SUBNET_NAME=$(check_optional_paramater "$NFS_SUBNET_NAME" $RANDOM_STRING"-NFS-VNET-SUBNET")
172 NFS_DISK_SIZE=$(check_optional_paramater "$NFS_DISK_SIZE" "256")
173
174 if [ $NO_PROMPT = 0 ]; then
175   read -p "Would you like to proceed? [y/n]" -n 1 -r
176   echo " "
177   if [[ ! $REPLY =~ ^[Yy]$ ]]
178   then
179       exit 0
180   fi
181 fi
182
183 set -x 
184 set -e 
185
186 NFS_IMAGE="UbuntuLTS"
187 NFS_SECURITY_GROUP=$NFS_NAME"-SG"
188 DATA_FILE=$BUILD_DIR/cloud-cfg.yaml
189
190 if [ ! -d $BUILD_DIR ]; then
191   echo "running script standalone..."
192   mkdir -p "$BUILD_DIR"
193 fi
194
195 $DIR/create_resource_group.sh "$NFS_RG" "$NFS_LOCATION"
196
197 cat > $DATA_FILE <<EOF
198 #cloud-config
199 package_upgrade: true
200 packages:
201   - nfs-kernel-server
202   - portmap
203 runcmd:
204   - echo "/dockerdata-nfs $AKS_POD_CIDR(rw,async,no_root_squash,no_subtree_check)" >> /etc/exports
205   - mkdir /dockerdata-nfs
206   - chmod 777 -R /dockerdata-nfs
207   - chown nobody:nogroup /dockerdata-nfs
208   - exportfs -ra
209   - systemctl restart nfs-kernel-server
210 EOF
211
212 az network nsg create --resource-group "$NFS_RG" \
213                       --name "$NFS_SECURITY_GROUP"
214
215 $DIR/create_sg_rule.sh "$NFS_RG" "$NFS_SECURITY_GROUP" '*' "22" "$USER_PUBLIC_IP_PREFIX" '*' '*' "SSH" "100"
216
217 az vm create --name "$NFS_NAME" \
218              --resource-group "$NFS_RG" \
219              --size "$NFS_VM_SIZE" \
220              --os-disk-size-gb "$NFS_DISK_SIZE" \
221              --admin-username "$ADMIN_USER" \
222              --ssh-key-value @"$PUBLIC_KEY" \
223              --image "UbuntuLTS" \
224              --location "$NFS_LOCATION" \
225              --subnet-address-prefix "$SUBNET_CIDR" \
226              --subnet "$NFS_SUBNET_NAME" \
227              --vnet-address-prefix "$SUBNET_CIDR" \
228              --vnet-name "$NFS_VNET_NAME" \
229              --custom-data "$DATA_FILE" \
230              --nsg "$NFS_SECURITY_GROUP"
231 echo ""
232
233 az network vnet subnet update --resource-group "$NFS_RG" \
234                               --name "$NFS_SUBNET_NAME" \
235                               --vnet-name "$NFS_VNET_NAME" \
236                               --network-security-group "$NFS_SECURITY_GROUP"
237
Integration framework, automated tools, code and scripts, best practice guidance related to cross-project Continuous System Integration Testing (CSIT), and delivery of ONAP.