From 0eb9e317e2bcbc9cbe944ead080431ee06f39eac Mon Sep 17 00:00:00 2001 From: "Z. Cliffe Schreuders" Date: Wed, 3 Jul 2019 16:20:13 +0100 Subject: [PATCH] labtainers --- .../modified-install-docker-debian.sh | 4 +- .../unix/labtainers/manifests/config.pp | 64 +++++++++++++++++-- .../unix/labtainers/manifests/install.pp | 25 +++++--- .../unix/labtainers/secgen_metadata.xml | 1 + .../templates/auto_start_lab.desktop.erb | 8 +++ .../labs/lab_environments/labtainers.xml | 13 +++- secgen.rb | 4 +- 7 files changed, 101 insertions(+), 18 deletions(-) create mode 100644 modules/utilities/unix/labtainers/templates/auto_start_lab.desktop.erb diff --git a/modules/utilities/unix/labtainers/files/labtainer.files/modified-install-docker-debian.sh b/modules/utilities/unix/labtainers/files/labtainer.files/modified-install-docker-debian.sh index 4203d5e40..93f0a62a1 100755 --- a/modules/utilities/unix/labtainers/files/labtainer.files/modified-install-docker-debian.sh +++ b/modules/utilities/unix/labtainers/files/labtainer.files/modified-install-docker-debian.sh @@ -32,8 +32,8 @@ END # sudo apt-get -y --allow-unauthenticated install docker-ce #gives user access to docker commands -sudo groupadd docker -sudo usermod -aG docker $USER +# sudo groupadd docker +# sudo usermod -aG docker $USER #enables and starts docker # sudo systemctl start docker diff --git a/modules/utilities/unix/labtainers/manifests/config.pp b/modules/utilities/unix/labtainers/manifests/config.pp index f3e2d22bf..071c9e7e7 100644 --- a/modules/utilities/unix/labtainers/manifests/config.pp +++ b/modules/utilities/unix/labtainers/manifests/config.pp @@ -3,11 +3,67 @@ class labtainers::config{ $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file) $lab = $secgen_parameters['lab'][0] + $accounts = $secgen_parameters['accounts'] - # TODO: don't raise an error for now - exec { 'start lab': - command => "/opt/labtainers/labtainer-student/labtainer $lab | true", - provider => shell, + # Set.up labtainers for each user account + unless $accounts == undef { + $accounts.each |$raw_account| { + $account = parsejson($raw_account) + $username = $account['username'] + # set home directory + if $username == 'root' { + $home_dir = "/root" + } else { + $home_dir = "/home/$username" + } + $labtainer_dir = "$home_dir/labtainer" + + file { ["$home_dir/", + "$labtainer_dir"]: + ensure => directory, + owner => $username, + group => $username, + } -> + + file { "$labtainer_dir/labtainer-student": + ensure => 'link', + target => '/opt/labtainers/scripts/labtainer-student', + } + + file_line { 'patch_path_labtainers': + path => "$home_dir/.profile", + line => 'export PATH=/opt/labtainers/scripts/labtainer-student/bin:/opt/labtainers/scripts/labtainer-student/lab-bin/:/opt/labtainers/setup_scripts/trunk/scripts/designer/bin:$PATH', + } + file_line { 'patch_path_labtainers_dir': + path => "$home_dir/.bashrc", + line => 'export LABTAINER_DIR="/opt/labtainers/"', + } + + # autostart script + file { ["$home_dir/.config/", "$home_dir/.config/autostart/"]: + ensure => directory, + owner => $username, + group => $username, + } + + file { "$home_dir/.config/autostart/auto_start_lab.desktop": + ensure => file, + content => template('labtainers/auto_start_lab.desktop.erb'), + owner => $username, + group => $username, + } + + exec { 'download labs': + command => "sudo -u $username /opt/labtainers/setup_scripts/pull-all.sh", + cwd => "/opt/labtainers/setup_scripts/", + provider => shell, + } -> + exec { 'start lab': + command => "sudo -u $username bash -c 'source ~/.profile; echo -e \"email@addre.ss\\n\\n\" | /opt/labtainers/scripts/labtainer-student/bin/labtainer $lab -q'", + cwd => "/opt/labtainers/scripts/labtainer-student/", + provider => shell, + } + } } } diff --git a/modules/utilities/unix/labtainers/manifests/install.pp b/modules/utilities/unix/labtainers/manifests/install.pp index 4abd1074c..ceb7ebd27 100644 --- a/modules/utilities/unix/labtainers/manifests/install.pp +++ b/modules/utilities/unix/labtainers/manifests/install.pp @@ -6,27 +6,32 @@ class labtainers::install{ # these are also installed by the install script, but good to use puppet where possible - package { ['apt-transport-https', 'ca-certificates', 'curl', 'gnupg2', 'software-properties-common', 'python-pip', 'openssh-server']: + package { ['apt-transport-https', 'ca-certificates', 'curl', 'gnupg2', 'software-properties-common', 'python-pip', 'openssh-server', 'python-netaddr', 'python-parse', 'python-dateutil', 'okular', 'gnome-terminal']: ensure => 'installed', } -> file { '/opt/labtainers': ensure => directory, recurse => true, - source => 'puppet:///modules/labtainers/Labtainer-master', - mode => '0766', + source => 'puppet:///modules/labtainers/Labtainers-master', + mode => '0777', owner => 'root', group => 'root', } -> - file { '/opt/labtainers/setup_scripts/modified-install-docker-debian.sh': - source => 'puppet:///modules/labtainers/labtainer.files/modified-install-docker-debian.sh', - mode => '0766', - owner => 'root', - group => 'root', + + # not sure why this is required in our environment, but this fixes the script on our VM builds + file_line { 'patch_build_image': + path => '/opt/labtainers/scripts/labtainer-student/bin/buildImage.sh', + line => '#shift 1 -- SecGen fix', + match => 'shift 1', } -> - exec { 'install script': - command => '/opt/labtainers/setup_scripts/modified-install-docker-debian.sh', + + exec { 'build capinout tool': + command => "/bin/bash ./mkit.sh | true", provider => shell, + cwd => "/opt/labtainers/tool-src/capinout" } + # TODO: users added to docker group? + } diff --git a/modules/utilities/unix/labtainers/secgen_metadata.xml b/modules/utilities/unix/labtainers/secgen_metadata.xml index c56fc6338..9fd1de797 100644 --- a/modules/utilities/unix/labtainers/secgen_metadata.xml +++ b/modules/utilities/unix/labtainers/secgen_metadata.xml @@ -16,6 +16,7 @@ public domain lab + accounts shellbasics diff --git a/modules/utilities/unix/labtainers/templates/auto_start_lab.desktop.erb b/modules/utilities/unix/labtainers/templates/auto_start_lab.desktop.erb new file mode 100644 index 000000000..2d59601cc --- /dev/null +++ b/modules/utilities/unix/labtainers/templates/auto_start_lab.desktop.erb @@ -0,0 +1,8 @@ +[Desktop Entry] +Name=Lab +GenericName=Labtainer lab autostart +Comment=Autostart script +Exec=/opt/labtainers/labtainer-student/labtainer <%= @lab %> +Terminal=true +Type=Application +X-GNOME-Autostart-enabled=true diff --git a/scenarios/labs/lab_environments/labtainers.xml b/scenarios/labs/lab_environments/labtainers.xml index c81783731..4bc2797f9 100644 --- a/scenarios/labs/lab_environments/labtainers.xml +++ b/scenarios/labs/lab_environments/labtainers.xml @@ -37,6 +37,9 @@ true + + docker + @@ -50,7 +53,12 @@ - + + + + docker + + accounts @@ -92,6 +100,9 @@ shellbasics + + accounts + diff --git a/secgen.rb b/secgen.rb index 45af5e3da..d5dd561be 100644 --- a/secgen.rb +++ b/secgen.rb @@ -544,7 +544,9 @@ opts.each do |opt, arg| when '--esxi-disktype' Print.info "ESXi disk type : #{arg}" options[:esxidisktype] = arg - + when '--no-tests' + Print.info "Not running post-provision tests" + options[:notests] = true else Print.err "Argument not valid: #{arg}" usage