From 2eb5dcdc987796bbd1315cab2c2e1e3452643c7b Mon Sep 17 00:00:00 2001 From: jodybro Date: Thu, 18 Jul 2024 01:41:30 -0400 Subject: [PATCH 1/2] inital work for georgetown scenario --- scenarios/georgetown/README.md | 0 .../georgetown/ansible/playbook-debian.yml | 51 ++++++++++++++ scenarios/georgetown/files/badlog.py | 13 ++++ scenarios/georgetown/files/check.sh | 37 ++++++++++ scenarios/georgetown/files/mock-build-run.sh | 12 ++++ .../georgetown/files/secondary-service.sh | 0 .../georgetown/packer/aws-debian11.pkr.hcl | 67 +++++++++++++++++++ scenarios/georgetown/packer/variables.pkr.hcl | 25 +++++++ 8 files changed, 205 insertions(+) create mode 100644 scenarios/georgetown/README.md create mode 100644 scenarios/georgetown/ansible/playbook-debian.yml create mode 100644 scenarios/georgetown/files/badlog.py create mode 100644 scenarios/georgetown/files/check.sh create mode 100644 scenarios/georgetown/files/mock-build-run.sh create mode 100644 scenarios/georgetown/files/secondary-service.sh create mode 100644 scenarios/georgetown/packer/aws-debian11.pkr.hcl create mode 100644 scenarios/georgetown/packer/variables.pkr.hcl diff --git a/scenarios/georgetown/README.md b/scenarios/georgetown/README.md new file mode 100644 index 0000000..e69de29 diff --git a/scenarios/georgetown/ansible/playbook-debian.yml b/scenarios/georgetown/ansible/playbook-debian.yml new file mode 100644 index 0000000..c806aaf --- /dev/null +++ b/scenarios/georgetown/ansible/playbook-debian.yml @@ -0,0 +1,51 @@ +--- +# ansible-playbook playbook-debian.yml -u admin --private-key=/path/to/private/key -i "$ip," +- name: copy files to remote server + hosts: all + tasks: + # OS + - name: update packages and install lsof + become: true + package: + # This is weird in that it does not exist in the offical docs + # but this module just passes params down to the underlying + # package manager module where `update_cache` is normally a thing so + # it ends up working.... + update_cache: yes + state: latest + name: + - lsof + - util-linux # Ensure that fallocate is installed + + - name: create log file + become: true + file: + path: /var/log/fallocate.log + state: touch + owner: admin + group: admin + + - name: cronjob + cron: + name: "reboot" + special_time: reboot + job: "/home/admin/badlog.py &" + + # check.sh + - name: Create /home/admin/agent directory + ansible.builtin.file: + path: /home/admin/agent + owner: admin + group: admin + mode: a+wx + state: directory + + - name: copy check.sh + copy: + src: ../files/check.sh + dest: /home/admin/agent/check.sh + + - name: set check.sh + file: + path: /home/admin/agent/check.sh + mode: "+x" diff --git a/scenarios/georgetown/files/badlog.py b/scenarios/georgetown/files/badlog.py new file mode 100644 index 0000000..6d5edeb --- /dev/null +++ b/scenarios/georgetown/files/badlog.py @@ -0,0 +1,13 @@ +#! /usr/bin/python3 +# test logging + +import random +import time +from datetime import datetime + +with open('/var/log/bad.log', 'w') as f: + while True: + r = random.randrange(2147483647) + print(str(datetime.now()) + ' token: ' + str(r), file=f) + f.flush() + time.sleep(0.3) diff --git a/scenarios/georgetown/files/check.sh b/scenarios/georgetown/files/check.sh new file mode 100644 index 0000000..3bf27ad --- /dev/null +++ b/scenarios/georgetown/files/check.sh @@ -0,0 +1,37 @@ +#!/usr/bin/bash + +BUILD_MOUNT_POINT="/tmp/ephemeral-build" + +# Check if the build mount point exists +function check_build_mount_point { + if [ ! -d $BUILD_MOUNT_POINT ]; then + echo "Build mount point $BUILD_MOUNT_POINT does not exist" + exit 1 + fi +} + +# Function to check if both example-build-artifact.txt and +# secondary-artifact.txt exist in the build mount point +# BOTH files need to exist concurrently +function check_build_artifacts { + BUILD_FILES=( + "example-build-artifact.txt" + "secondary-artifact.txt" + ) + for file in "${BUILD_FILES[@]}"; do + if [ ! -f "$BUILD_MOUNT_POINT/$file" ]; then + echo "Build artifact $file does not exist" + exit 1 + fi + done +} + +# Check if the build mount point exists +check_build_mount_point + +# Infinitely loop to check if the build artifacts exist +while true; do + check_build_artifacts + sleep 5 +done + diff --git a/scenarios/georgetown/files/mock-build-run.sh b/scenarios/georgetown/files/mock-build-run.sh new file mode 100644 index 0000000..4de6f9b --- /dev/null +++ b/scenarios/georgetown/files/mock-build-run.sh @@ -0,0 +1,12 @@ +#!/usr/env/bin bash + +MOUNT_POINT="/tmp/ephemeral-build" +EXAMPLE_BUILD_ARTIFACT="example-build-artifact.txt" +MAX_BUILD_ARTIFACT_SIZE=10M + +# Create the example build file +touch $MOUNT_POINT/$EXAMPLE_BUILD_ARTIFACT + +# Use fallocate to allocate the maximum size of the file +fallocate -l "$MAX_SIZE" "$MOUNT_POINT/$EXAMPLE_BUILD_ARTIFACT" + diff --git a/scenarios/georgetown/files/secondary-service.sh b/scenarios/georgetown/files/secondary-service.sh new file mode 100644 index 0000000..e69de29 diff --git a/scenarios/georgetown/packer/aws-debian11.pkr.hcl b/scenarios/georgetown/packer/aws-debian11.pkr.hcl new file mode 100644 index 0000000..11c7991 --- /dev/null +++ b/scenarios/georgetown/packer/aws-debian11.pkr.hcl @@ -0,0 +1,67 @@ +# Debian + +packer { + required_plugins { + amazon = { + version = "= 1.2.1" + source = "github.com/hashicorp/amazon" + } + } +} + +source "amazon-ebs" "debian" { + ami_name = "scenario-1-saintjohn" + instance_type = "t3a.nano" + region = "${var.region}" + vpc_id = "${var.vpc_id}" + subnet_id = "${var.subnet_id}" + associate_public_ip_address = true + source_ami = "${var.source_ami}" + ssh_username = "admin" +} + +build { + name = "debian-build" + sources = [ + "source.amazon-ebs.debian" + ] + + # OS & scenario packages + provisioner "shell" { + inline = [ + "echo Update packages...", + "sudo apt-get update", + "sudo apt-get install -y lsof", + ] + } + + # badlog.py + provisioner "file" { + source = "../files/badlog.py" + destination = "/tmp/badlog.py" + } + + provisioner "shell" { + inline = [ + "mv /tmp/badlog.py /home/admin/badlog.py", + "chmod +x /home/admin/badlog.py", + "sudo touch /var/log/bad.log", + "sudo chown admin: /var/log/bad.log", + "echo '@reboot /home/admin/badlog.py &' | crontab -", + ] + } + + # check.sh + provisioner "file" { + source = "../files/check.sh" + destination = "/tmp/check.sh" + } + + provisioner "shell" { + inline = [ + "sudo mv /tmp/check.sh /home/admin/agent/check.sh", + "sudo chmod +x /home/admin/agent/check.sh", + ] + } + +} diff --git a/scenarios/georgetown/packer/variables.pkr.hcl b/scenarios/georgetown/packer/variables.pkr.hcl new file mode 100644 index 0000000..21259e5 --- /dev/null +++ b/scenarios/georgetown/packer/variables.pkr.hcl @@ -0,0 +1,25 @@ +# variables for Packer file, adapt to your AWS region, base image, vpc, subnet + +variable "region" { + type = string + default = "us-east-1" +} + +# tested with source Debian 11 image HVM 64-bit (x86) +# change to one in your region +variable "source_ami" { + type = string + default = "ami-" +} + +# change to your vpc +variable "vpc_id" { + type = string + default = "vpc-" +} + +# change to your subnet +variable "subnet_id" { + type = string + default = "subnet-" +} \ No newline at end of file From d0bc3f3a464d1aa1bcc8fe3b72e47a141804e678 Mon Sep 17 00:00:00 2001 From: jodybro Date: Thu, 1 Aug 2024 19:42:35 -0400 Subject: [PATCH 2/2] files for georgetown scenario --- .../georgetown/ansible/playbook-debian.yml | 22 +++++++++++++ scenarios/georgetown/files/badlog.py | 13 -------- scenarios/georgetown/files/check.sh | 31 +++++++++---------- scenarios/georgetown/files/mock-build-run.sh | 3 +- scenarios/georgetown/files/mock-build.service | 9 ++++++ .../files/secondary-service.service | 9 ++++++ .../georgetown/files/secondary-service.sh | 2 ++ 7 files changed, 58 insertions(+), 31 deletions(-) delete mode 100644 scenarios/georgetown/files/badlog.py create mode 100644 scenarios/georgetown/files/mock-build.service create mode 100644 scenarios/georgetown/files/secondary-service.service diff --git a/scenarios/georgetown/ansible/playbook-debian.yml b/scenarios/georgetown/ansible/playbook-debian.yml index c806aaf..d49c1a6 100644 --- a/scenarios/georgetown/ansible/playbook-debian.yml +++ b/scenarios/georgetown/ansible/playbook-debian.yml @@ -40,6 +40,28 @@ mode: a+wx state: directory + - name: Copy georgetown systemd files + become: true + copy: + src: {{ item.src }} + dest: {{ item.dest }} + with_items: + - { src: ../files/mock-build.service, dest: /etc/systemd/system/mock-build.service } + - { src: ../files/secondary-service.service, dest: /etc/systemd/system/secondary-service.service } + + - name: Start mock build application + become: true + systemd: + name: mock-build + state: started + + - name: Start secondary service + become: true + systemd: + name: secondary-service + state: started + enabled: yes + - name: copy check.sh copy: src: ../files/check.sh diff --git a/scenarios/georgetown/files/badlog.py b/scenarios/georgetown/files/badlog.py deleted file mode 100644 index 6d5edeb..0000000 --- a/scenarios/georgetown/files/badlog.py +++ /dev/null @@ -1,13 +0,0 @@ -#! /usr/bin/python3 -# test logging - -import random -import time -from datetime import datetime - -with open('/var/log/bad.log', 'w') as f: - while True: - r = random.randrange(2147483647) - print(str(datetime.now()) + ' token: ' + str(r), file=f) - f.flush() - time.sleep(0.3) diff --git a/scenarios/georgetown/files/check.sh b/scenarios/georgetown/files/check.sh index 3bf27ad..8c383ae 100644 --- a/scenarios/georgetown/files/check.sh +++ b/scenarios/georgetown/files/check.sh @@ -4,10 +4,10 @@ BUILD_MOUNT_POINT="/tmp/ephemeral-build" # Check if the build mount point exists function check_build_mount_point { - if [ ! -d $BUILD_MOUNT_POINT ]; then - echo "Build mount point $BUILD_MOUNT_POINT does not exist" - exit 1 - fi + if [ ! -d $BUILD_MOUNT_POINT ]; then + echo -b "NO" + exit 1 + fi } # Function to check if both example-build-artifact.txt and @@ -15,23 +15,20 @@ function check_build_mount_point { # BOTH files need to exist concurrently function check_build_artifacts { BUILD_FILES=( - "example-build-artifact.txt" - "secondary-artifact.txt" - ) + "example-build-artifact.txt" + "secondary-artifact.txt" + ) for file in "${BUILD_FILES[@]}"; do if [ ! -f "$BUILD_MOUNT_POINT/$file" ]; then - echo "Build artifact $file does not exist" - exit 1 + echo -b "NO" + exit 1 + else + echo -b "OK" + exit 0 fi done } -# Check if the build mount point exists +# Check if one or both functions executed successfull check_build_mount_point - -# Infinitely loop to check if the build artifacts exist -while true; do - check_build_artifacts - sleep 5 -done - +check_build_artifacts diff --git a/scenarios/georgetown/files/mock-build-run.sh b/scenarios/georgetown/files/mock-build-run.sh index 4de6f9b..0d2f659 100644 --- a/scenarios/georgetown/files/mock-build-run.sh +++ b/scenarios/georgetown/files/mock-build-run.sh @@ -4,9 +4,10 @@ MOUNT_POINT="/tmp/ephemeral-build" EXAMPLE_BUILD_ARTIFACT="example-build-artifact.txt" MAX_BUILD_ARTIFACT_SIZE=10M -# Create the example build file +# Create the example build file touch $MOUNT_POINT/$EXAMPLE_BUILD_ARTIFACT # Use fallocate to allocate the maximum size of the file fallocate -l "$MAX_SIZE" "$MOUNT_POINT/$EXAMPLE_BUILD_ARTIFACT" +trap diff --git a/scenarios/georgetown/files/mock-build.service b/scenarios/georgetown/files/mock-build.service new file mode 100644 index 0000000..335b661 --- /dev/null +++ b/scenarios/georgetown/files/mock-build.service @@ -0,0 +1,9 @@ +[Unit] +Description=Mock Build Application +After=network.target + +[Service] +ExecStart=/home/admin/mock_build.sh + +[Install] +WantedBy=multi-user.target diff --git a/scenarios/georgetown/files/secondary-service.service b/scenarios/georgetown/files/secondary-service.service new file mode 100644 index 0000000..08eb9b9 --- /dev/null +++ b/scenarios/georgetown/files/secondary-service.service @@ -0,0 +1,9 @@ +[Unit] +Description=Secondary service Application +After=network.target + +[Service] +ExecStart=/home/admin/secondary-service.sh + +[Install] +WantedBy=multi-user.target diff --git a/scenarios/georgetown/files/secondary-service.sh b/scenarios/georgetown/files/secondary-service.sh index e69de29..40972ef 100644 --- a/scenarios/georgetown/files/secondary-service.sh +++ b/scenarios/georgetown/files/secondary-service.sh @@ -0,0 +1,2 @@ +# Secondary service that will continually run in the background +# and try to place a file on tmp artifact directory that is too big to fit on disk