From 517100caf9f25a9512229a2829001dc5fcb48caf Mon Sep 17 00:00:00 2001 From: Matt Oswalt Date: Sat, 12 Dec 2020 23:54:27 -0800 Subject: [PATCH 1/2] Fixing st2 and salt images and lessons Signed-off-by: Matt Oswalt --- images/salt/Dockerfile | 73 ++++++++++++++++--- images/salt/motd.sh | 4 + images/salt/requirements.txt | 1 + .../salt_configs/provision_infrastructure.sls | 2 + images/stackstorm/Dockerfile | 11 ++- .../salt-network-automation/stage0/guide.md | 2 +- 6 files changed, 79 insertions(+), 14 deletions(-) create mode 100755 images/salt/motd.sh diff --git a/images/salt/Dockerfile b/images/salt/Dockerfile index a2331d02..40089b69 100644 --- a/images/salt/Dockerfile +++ b/images/salt/Dockerfile @@ -1,14 +1,68 @@ -FROM antidotelabs/utility +FROM ubuntu:focal + +RUN DEBIAN_FRONTEND=noninteractive apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y openssh-server python3 python3-pip curl dnsutils iputils-ping git vim util-linux sshpass nano jq libxml2-utils + +RUN mkdir /var/run/sshd + +# Antidote user +RUN mkdir -p /home/antidote +RUN useradd antidote -p antidotepassword +RUN chown antidote:antidote /home/antidote +RUN chsh antidote --shell=/bin/bash +RUN echo 'antidote:antidotepassword' | chpasswd +RUN echo 'root:$(uuidgen)' | chpasswd + +# Adjust MOTD +RUN rm -f /etc/update-motd.d/* +RUN rm -f /etc/legal +ADD motd.sh /etc/update-motd.d/00-antidote-motd + +# Disable root Login +RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin no/' /etc/ssh/sshd_config +RUN sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config + +# SSH login fix. Otherwise user is kicked off after login +RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd + +# Disable su for everyone not in the wheel group (no one is in the wheel group) +RUN echo "auth required pam_wheel.so use_uid" >> /etc/pam.d/su + +# https://stackoverflow.com/questions/36292317/why-set-visible-now-in-etc-profile +ENV NOTVISIBLE "in users profile" +RUN echo "export VISIBLE=now" >> /etc/profile + +# ADD requirements.txt /requirements.txt +# RUN pip3 install -r /requirements.txt + +# COPY bash_profile /home/antidote/.bash_profile +# RUN chown antidote:antidote /home/antidote/.bash_profile + +EXPOSE 22 +CMD ["/usr/sbin/sshd", "-D"] + + +# ------------------ # Because tzdata comes with an interactive installer wizard to configure # your timezone RUN DEBIAN_FRONTEND=noninteractive apt-get install -y tzdata -RUN wget -O - https://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest/SALTSTACK-GPG-KEY.pub | apt-key add - && \ - echo "deb http://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest bionic main" >> /etc/apt/sources.list && \ - apt-get update && apt-get upgrade -y +# RUN wget -O - https://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest/SALTSTACK-GPG-KEY.pub | apt-key add - && \ +# echo "deb http://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest bionic main" >> /etc/apt/sources.list && \ +# apt-get update + #&& apt-get upgrade -y + +# RUN wget -O - https://repo.saltstack.com/apt/ubuntu/18.04/amd64/archive/2019.2.4/SALTSTACK-GPG-KEY.pub | apt-key add - && \ +# echo "deb https://repo.saltstack.com/apt/ubuntu/18.04/amd64/archive/2019.2.4 bionic main" >> /etc/apt/sources.list && \ +# apt-get update + +RUN curl -L https://bootstrap.saltstack.com -o install_salt.sh \ + && sh install_salt.sh -P -M -x python3 + RUN apt-get --auto-remove --yes remove python-openssl -RUN pip3 install -r requirements.txt + +ADD requirements.txt /requirements.txt +RUN pip3 install -r /requirements.txt RUN apt-get install -y salt-master salt-minion @@ -17,8 +71,8 @@ COPY ./salt_configs/master /etc/salt COPY ./salt_configs/minion /etc/salt COPY ./salt_configs/proxy /etc/salt -RUN service salt-minion restart -RUN service salt-master restart +# RUN service salt-minion restart +# RUN service salt-master restart # Add pillar file for vqfx1 RUN mkdir /srv/pillar @@ -43,7 +97,8 @@ RUN chown -R antidote:antidote /var/cache/salt RUN chown -R antidote:antidote /srv RUN chown -R antidote:antidote /var/log/salt RUN chown -R antidote:antidote /var/run/salt -# RUN chown -R antidote:antidote /var/run/salt-master.pid -# RUN chmod -R 777 /var/run/salt-master.pid +RUN chown -R antidote:antidote /var/run/salt-master.pid +RUN chown -R antidote:antidote /var/run/process_responsibility_salt-minion.pid +RUN chmod -R 777 /var/run/salt-master.pid RUN chown antidote:antidote /var/run RUN chmod 777 /var/run diff --git a/images/salt/motd.sh b/images/salt/motd.sh new file mode 100755 index 00000000..f6811ba2 --- /dev/null +++ b/images/salt/motd.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +printf "Welcome to \u001b[1;38;5;36mNRE Labs\033[1m%s\033[0m! \n" +printf " * Docs - https://docs.nrelabs.io/\n" diff --git a/images/salt/requirements.txt b/images/salt/requirements.txt index 603605f8..cd182891 100644 --- a/images/salt/requirements.txt +++ b/images/salt/requirements.txt @@ -1,2 +1,3 @@ pyOpenSSL jxmlease +junos-eznc diff --git a/images/salt/salt_configs/provision_infrastructure.sls b/images/salt/salt_configs/provision_infrastructure.sls index fcf9aaf3..266db508 100644 --- a/images/salt/salt_configs/provision_infrastructure.sls +++ b/images/salt/salt_configs/provision_infrastructure.sls @@ -3,3 +3,5 @@ Install the infrastructure services config: - name: salt:///infrastructure_config.conf - replace: True - timeout: 100 + - template_vars: + foo: bar \ No newline at end of file diff --git a/images/stackstorm/Dockerfile b/images/stackstorm/Dockerfile index f14215b6..1e9465da 100644 --- a/images/stackstorm/Dockerfile +++ b/images/stackstorm/Dockerfile @@ -36,14 +36,17 @@ RUN apt-get update -y && apt-get install -y crudini rabbitmq-server # Mongo started adding a dependency on systemd in their packages, so we're installing from tarball now # https://www.mongodb.com/try/download/community # https://docs.mongodb.com/manual/tutorial/install-mongodb-on-ubuntu-tarball/ +# +# Careful not to use 4.4 - https://stackoverflow.com/questions/64059795/mongodb-get-error-message-mongoerror-path-collision-at-activity +# ##################################################################################################### -RUN wget https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1804-4.4.2.tgz \ - && tar -zxvf mongodb-linux-x86_64-ubuntu1804-4.4.2.tgz \ - && cp mongodb-linux-x86_64-ubuntu1804-4.4.2/bin/* /usr/local/bin/ \ +RUN wget https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1804-4.0.21.tgz \ + && tar -zxvf mongodb-linux-x86_64-ubuntu1804-4.0.21.tgz \ + && cp mongodb-linux-x86_64-ubuntu1804-4.0.21/bin/* /usr/local/bin/ \ && mkdir -p /var/lib/mongo \ && mkdir -p /var/log/mongo \ - && rm -rf mongodb-linux-x86_64-ubuntu1804-4.4.2/ + && rm -rf mongodb-linux-x86_64-ubuntu1804-4.0.21/ ##################################################################################################### ## Install StackStorm diff --git a/lessons/salt-network-automation/stage0/guide.md b/lessons/salt-network-automation/stage0/guide.md index 204954de..059a696d 100644 --- a/lessons/salt-network-automation/stage0/guide.md +++ b/lessons/salt-network-automation/stage0/guide.md @@ -38,6 +38,6 @@ salt '*' test.ping We can use the cmd.run execution module to run a remote command on the Salt Minion. In this case, we're checking what version of python is running on the Salt Minion. ``` -salt minion* cmd.run 'python -V' +salt minion* cmd.run 'python3 -V' ``` From dba228196fb9d93bc34f401f03f470b2fbfbd210 Mon Sep 17 00:00:00 2001 From: Matt Oswalt Date: Sat, 12 Dec 2020 23:55:36 -0800 Subject: [PATCH 2/2] updated changelog Signed-off-by: Matt Oswalt --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5b068f04..c5c44a9f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ ## In development +- Fixing Salt and St2 images/lessons [#350](https://github.com/nre-learning/nrelabs-curriculum/pull/350) - Revert tshoot lesson back to vQFX [#347](https://github.com/nre-learning/nrelabs-curriculum/pull/347) - Fix troubleshooting lesson scripts to be py3 compatible [#345](https://github.com/nre-learning/nrelabs-curriculum/pull/345) - Migrating from travis to github actions [#344](https://github.com/nre-learning/nrelabs-curriculum/pull/344)