You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

738 lines
19 KiB

#!/bin/bash
# The MIT License (MIT)
#
# rootApostolos@swarmlab.io
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
# Origin: https://github.com/NLKNguyen/alpine-mpich
set -e
DOCKERuser="docker"
PACKAGES=" net-tools curl tcpdump shorewall sudo vim nmap dnsutils iputils-ping iptables wget python "
APTPARAM=" --no-install-recommends "
IMAGE_local="sec"
HYBRID_NETWORK="hybrid-sec"
# dont edit
IMAGE_origin="ubuntu:18.04"
bootstrap="sec_bootstrap"
hostnames="auto_update_hosts"
hostnames_get="get_hosts"
# shellcheck disable=SC1091
#. ./.env
# -----------------------------------------------
#
# Find Source path of swarmlab.io script
#
# ----------------------------------------------
SOURCE="${BASH_SOURCE[0]}"
while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
DIR="$( cd -P "$( dirname "$SOURCE" )" >/dev/null 2>&1 && pwd )"
SOURCE="$(readlink "$SOURCE")"
[[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
done
DIR="$( cd -P "$( dirname "$SOURCE" )" >/dev/null 2>&1 && pwd )"
# -----------------------------------------------
#
# Load Default config swarmlab.io
#
# ----------------------------------------------
#. $DIR/.env
# -----------------------------------------------
#
# Find Working dir
#
# ----------------------------------------------
Wdir=$(pwd)
. $Wdir/.env
create_dockerfile ()
{
. $Wdir/ROOT_PASSWORD
if [ -d "$Wdir/project" ]; then
# -----------------------------------------------
#
# create Dockerfile
#
# ----------------------------------------------
rm -f $Wdir/out.log 2> /dev/null
error="Error:";
IMAGE=$(docker inspect --type=image $REGISTRY_ADDR:$REGISTRY_PORT/$IMAGE_NAME:latest 2>&1 | tee $Wdir/out.log)
if search=$(grep "$error" $Wdir/out.log)
then
echo ""
echo ">>> Load Origin "
cat << EOF > $Wdir/Dockerfile
FROM $IMAGE_origin
#
USER root
RUN export DEBIAN_FRONTEND=noninteractive && \
apt-get update && apt-get $APTPARAM install -y openssh-server $PACKAGES
RUN apt-get autoremove --purge && apt clean
RUN rm -rf /var/lib/apt/lists/*
RUN mkdir -p /var/run/sshd
RUN echo 'root:$ROOT_PASSWORD' | chpasswd
RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
#
# SSH login fix. Otherwise user is kicked off after login
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
#
ENV NOTVISIBLE "in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile
#RUN wget -k https://raw.githubusercontent.com/egalpin/apt-vim/master/install.sh
#
#
#
COPY $bootstrap /usr/bin
COPY $hostnames_get /usr/bin
COPY $hostnames /usr/bin
RUN mkdir -p /etc/shorewall
COPY shorewall /etc/shorewall
RUN mkdir -p /project
RUN mkdir -p /etc/opt
WORKDIR /project
COPY install-vim-plugin.sh .
#RUN bash ./install-vim-plugin.sh
#RUN apt-vim install -y https://github.com/scrooloose/nerdtree.git
RUN grep -qw ^docker /etc/passwd || useradd -m docker && echo "docker:docker" | chpasswd && adduser docker sudo
COPY .vimrc /home/docker
USER docker
EOF
else
echo ">>> Load Local "
cat << EOF > $Wdir/Dockerfile
FROM localhost:5000/$IMAGE_local
#
USER root
RUN export DEBIAN_FRONTEND=noninteractive && \
apt-get update && apt-get $APTPARAM install -y openssh-server $PACKAGES
RUN apt-get autoremove --purge && apt clean
RUN rm -rf /var/lib/apt/lists/*
RUN mkdir -p /var/run/sshd
RUN echo 'root:$ROOT_PASSWORD' | chpasswd
RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
#
# SSH login fix. Otherwise user is kicked off after login
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
#
ENV NOTVISIBLE "in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile
#RUN wget -k https://raw.githubusercontent.com/egalpin/apt-vim/master/install.sh
#
#
#
COPY $bootstrap /usr/bin
COPY $hostnames_get /usr/bin
COPY $hostnames /usr/bin
RUN mkdir -p /etc/shorewall
COPY shorewall /etc/shorewall
RUN mkdir -p /etc/opt
RUN mkdir -p /project
WORKDIR /project
COPY install-vim-plugin.sh .
#RUN bash ./install-vim-plugin.sh
#RUN apt-vim install -y https://github.com/scrooloose/nerdtree.git
RUN grep -qw ^docker /etc/passwd || useradd -m docker && echo "docker:docker" | chpasswd && adduser docker sudo
COPY .vimrc /home/docker
USER docker
EOF
fi
else
echo ""
echo "Not in Project Directory"
echo "A project directory should look like this"
echo ""
cat <<EOF
├── docker-compose.yml
├── Dockerfile
├── out.log
├── project
│   └── hello_world.sh
└── ssh
├── id_rsa
└── id_rsa.pub
EOF
echo "Change to your Project Directory And Try Again"
echo ""
exit 0
fi
}
create_project ()
{
if [ "$Wdir" == "$HOME" ]; then
echo""
echo "You are in Your Home directory"
echo "Please create a project directory"
echo "mkdir myproject; cd myproject; swarmlab-sec create"
echo""
else
echo "# -----------------------------------------------"
echo "##### Create project #####"
echo "# -----------------------------------------------"
# clean old images
#docker rmi $(docker images -f "dangling=true" -q)
rm -f $Wdir/out.log 2> /dev/null
error="Error:";
IMAGE=$(docker inspect --type=image $REGISTRY_ADDR:$REGISTRY_PORT/$IMAGE_NAME:latest 2>&1 | tee $Wdir/out.log)
if search=$(grep "$error" $Wdir/out.log)
then
echo ">>> Load Origin "
cat << EOF > $Wdir/Dockerfile
FROM $IMAGE_origin
#
USER root
RUN export DEBIAN_FRONTEND=noninteractive && \
apt-get update && apt-get $APTPARAM install -y openssh-server $PACKAGES
RUN apt-get autoremove --purge && apt clean
RUN rm -rf /var/lib/apt/lists/*
RUN mkdir -p /var/run/sshd
RUN echo 'root:$ROOT_PASSWORD' | chpasswd
RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
#
# SSH login fix. Otherwise user is kicked off after login
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
#
ENV NOTVISIBLE "in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile
#RUN wget -k https://raw.githubusercontent.com/egalpin/apt-vim/master/install.sh
#
#
#
COPY $bootstrap /usr/bin
COPY $hostnames_get /usr/bin
COPY $hostnames /usr/bin
RUN mkdir -p /etc/shorewall
COPY shorewall /etc/shorewall
RUN mkdir -p /etc/opt
RUN mkdir -p /project
WORKDIR /project
COPY install-vim-plugin.sh .
#RUN bash ./install-vim-plugin.sh
#RUN apt-vim install -y https://github.com/scrooloose/nerdtree.git
CMD export PATH=$PATH:/project
RUN grep -qw ^docker /etc/passwd || useradd -m docker && echo "docker:docker" | chpasswd && adduser docker sudo
COPY .vimrc /home/docker
USER docker
EOF
else
echo ">>> Load Local "
cat << EOF > $Wdir/Dockerfile
FROM localhost:5000/$IMAGE_local
#
USER root
RUN export DEBIAN_FRONTEND=noninteractive && \
apt-get update && apt-get $APTPARAM install -y openssh-server $PACKAGES
RUN apt-get autoremove --purge && apt clean
RUN rm -rf /var/lib/apt/lists/*
RUN mkdir -p /var/run/sshd
RUN echo 'root:$ROOT_PASSWORD' | chpasswd
RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
#
# SSH login fix. Otherwise user is kicked off after login
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
#
ENV NOTVISIBLE "in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile
#RUN wget -k https://raw.githubusercontent.com/egalpin/apt-vim/master/install.sh
#
#
#
COPY $bootstrap /usr/bin
COPY $hostnames_get /usr/bin
COPY $hostnames /usr/bin
RUN mkdir -p /etc/shorewall
COPY shorewall /etc/shorewall
RUN mkdir -p /etc/opt
RUN mkdir -p /project
WORKDIR /project
COPY install-vim-plugin.sh .
#RUN bash ./install-vim-plugin.sh
#RUN apt-vim install -y https://github.com/scrooloose/nerdtree.git
CMD export PATH=$PATH:/project
RUN grep -qw ^docker /etc/passwd || useradd -m docker && echo "docker:docker" | chpasswd && adduser docker sudo
COPY .vimrc /home/docker
USER docker
EOF
fi
/bin/mkdir -p $Wdir/project
/bin/cp -f $DIR/project/hello_world.sh $Wdir/project
/bin/cp -f $DIR/$bootstrap $Wdir/$bootstrap
/bin/cp -f $DIR/$hostnames $Wdir/$hostnames
/bin/cp -f $DIR/$hostnames_get $Wdir/$hostnames_get
/bin/cp -f $DIR/ROOT_PASSWORD $Wdir/ROOT_PASSWORD
/bin/cp -rf $DIR/shorewall $Wdir/shorewall
/bin/cp -rf $DIR/.vimrc $Wdir/.vimrc
/bin/cp -rf $DIR/install-vim-plugin.sh $Wdir/install-vim-plugin.sh
cat << EOF > $Wdir/docker-compose.yml
version: "2"
services:
registry:
image: registry
ports:
- "${REGISTRY_PORT}:5000"
master:
image: $REGISTRY_ADDR:$REGISTRY_PORT/$IMAGE_NAME
privileged: true
cap_add:
- NET_ADMIN
user: root
entrypoint: ["sec_bootstrap", "role=master", "sec_master_service_name=master", "sec_worker_service_name=worker"]
ports:
- "\${SSH_PORT}:22"
networks:
- ${HYBRID_NETWORK}
volumes:
- $Wdir/project:/project
worker:
image: $REGISTRY_ADDR:$REGISTRY_PORT/$IMAGE_NAME
privileged: true
cap_add:
- NET_ADMIN
user: root
entrypoint: ["sec_bootstrap", "role=worker", "sec_master_service_name=master", "sec_worker_service_name=worker"]
networks:
- ${HYBRID_NETWORK}
volumes:
- $Wdir/project:/project
networks:
${HYBRID_NETWORK}:
EOF
/bin/cp -rf $DIR/ssh $Wdir
cat <<EOF
Project is Ready
├── docker-compose.yml
├── Dockerfile
├── out.log
├── project
│   └── hello_world.sh
└── ssh
├── id_rsa
└── id_rsa.pub
Run: swarmlab-sec up size=5
or run swarmlab-sec help for USAGE
EOF
/bin/chmod -R 777 $Wdir
/bin/chown -R sec.sec $Wdir
fi
}
#######################
# TASK INDICATORS
COMMAND_UP=0
COMMAND_CREATE=0
COMMAND_DOWN=0
COMMAND_RELOAD=0
COMMAND_SCALE=0
COMMAND_LOGIN=0
COMMAND_EXEC=0
COMMAND_LIST=0
COMMAND_CLEAN=0
# Default values if providing empty
SIZE=4
#############################################
usage ()
{
echo ""
echo "--------------"
echo " SwarmLab.io "
echo "--------------"
echo ""
echo " USAGE: ./swarmlab-sec [COMMAND] [OPTIONS]"
echo ""
echo " Examples of [COMMAND] can be:"
echo " create: create swarmlab-sec "
echo " mkdir WORKdir; cd WORKdir; swarmlab-sec create"
echo ""
echo " up: start swarmlab-sec"
echo " swarmlab-sec up size=10"
echo ""
echo " scale: resize the swarmlab-sec"
echo " swarmlab-sec scale size=30"
echo ""
echo " reload: rebuild image and distribute to nodes"
echo " swarmlab-sec reload size=15"
echo ""
echo " login: login to Docker container of MPI master node for interactive usage"
echo " swarmlab-sec login"
echo ""
echo " exec: execute shell command at the MPI master node"
echo " swarmlab-sec exec [SHELL COMMAND]"
echo ""
echo " down: shutdown swarmlab-sec"
echo " swarmlab-sec down"
echo ""
echo " clean: remove images in the system"
echo " swarmlab-sec clean"
echo ""
echo " list: show running containers of swarmlab-sec"
echo " swarmlab-sec list"
echo ""
echo " help: show this message"
echo " swarmlab-sec help"
echo ""
echo " "
}
HEADER="
SwarmLab.io"
clear_all ()
{
$(docker stop $(docker ps -a | grep "_master_" | awk '{print $1}')) || true
$(docker stop $(docker ps -a | grep "_worker_" | awk '{print $1}')) || true
$(docker stop $(docker ps -a | grep "_registry_" | awk '{print $1}')) || true
docker ps -a | grep "_registry_" | awk '{print $1}' | xargs docker container rm || true
docker ps -a | grep "_worker_" | awk '{print $1}' | xargs docker container rm || true
docker ps -a | grep "_master_" | awk '{print $1}' | xargs docker container rm || true
}
down_all ()
{
printf "\\n\\n===> CLEAN UP SWARMLAB"
printf "\\n%s\\n" "$HEADER"
echo "$ docker-compose down"
printf "\\n"
docker-compose down
}
up_registry ()
{
printf "\\n\\n===> SPIN UP REGISTRY"
printf "\\n%s\\n" "$HEADER"
echo "$ docker-compose up -d registry"
printf "\\n"
#docker stop swarmlab-registry || true && docker rm swarmlab-registry || true
docker container prune --force
docker-compose up --no-recreate -d registry
}
generate_ssh_keys ()
{
if [ -f ssh/id_rsa ] && [ -f ssh/id_rsa.pub ]; then
return 0
fi
printf "\\n\\n===> GENERATE SSH KEYS \\n\\n"
echo "$ mkdir -p ssh/ "
printf "\\n"
mkdir -p ssh/
echo "$ ssh-keygen -f ssh/id_rsa -t rsa -N ''"
printf "\\n"
ssh-keygen -f ssh/id_rsa -t rsa -N ''
}
build_and_push_image ()
{
printf "\\n\\n===> BUILD IMAGE"
printf "\\n%s\\n" "$HEADER"
echo "$ docker build -t \"$REGISTRY_ADDR:$REGISTRY_PORT/$IMAGE_NAME\" ."
printf "\\n"
docker build -t "$REGISTRY_ADDR:$REGISTRY_PORT/$IMAGE_NAME" .
printf "\\n"
printf "\\n\\n===> PUSH IMAGE TO REGISTRY"
printf "\\n%s\\n" "$HEADER"
echo "$ docker push \"$REGISTRY_ADDR:$REGISTRY_PORT/$IMAGE_NAME\""
printf "\\n"
docker push "$REGISTRY_ADDR:$REGISTRY_PORT/$IMAGE_NAME"
}
up_master ()
{
printf "\\n\\n===> SPIN UP MASTER NODE"
printf "\\n%s\\n" "$HEADER"
echo "$ docker-compose up -d master"
printf "\\n"
docker-compose up -d master
}
up_workers ()
{
printf "\\n\\n===> SPIN UP WORKER NODES"
printf "\\n%s\\n" "$HEADER"
echo "$ docker-compose up -d worker"
printf "\\n"
docker-compose up -d worker
printf "\\n"
printf "\\n%s\\n" "$HEADER"
NUM_WORKER=$((SIZE - 1))
echo "$ docker-compose scale worker=$NUM_WORKER"
printf "\\n"
docker-compose scale worker=${NUM_WORKER}
}
down_master ()
{
printf "\\n\\n===> TORN DOWN MASTER NODE"
printf "\\n%s\\n" "$HEADER"
echo "$ docker-compose stop master && docker-compose rm -f master"
printf "\\n"
docker-compose stop master && docker-compose rm -f master
}
down_workers ()
{
printf "\\n\\n===> TORN DOWN WORKER NODES"
printf "\\n%s\\n" "$HEADER"
echo "$ docker-compose stop worker && docker-compose rm -f worker"
printf "\\n"
docker-compose stop worker && docker-compose rm -f worker
}
list ()
{
printf "\\n\\n===> LIST CONTAINERS"
printf "\\n%s\\n" "$HEADER"
echo "$ docker-compose ps"
printf "\\n"
docker-compose ps
}
exec_on_mpi_master_container ()
{
# shellcheck disable=SC2046
docker exec -it -u $DOCKERuser $(docker-compose ps | grep 'master'| awk 'NR==1{print $1}') "$@"
}
prompt_ready ()
{
printf "\\n\\n===> SWARMLAB READY \\n\\n"
}
show_instruction ()
{
echo ' ## . '
echo ' ## ## ## == '
echo ' ## ## ## ## ## === '
echo ' /"""""""""""""""""\___/ === '
echo ' ~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ / ===- ~~~ '
echo ' \______ o __/ '
echo ' \ \ __/ '
echo ' \____\_______/ '
echo ' '
echo ' Swarmlab.io Hybrid '
echo ''
echo '=============================================================='
echo ''
echo "To run SEC programs in an interative shell:"
echo " 1. Login to master node:"
echo " Using Docker through command wrapper:"
echo " $ swarmlab-sec login"
echo ""
echo " Or using SSH with keys through exposed port:"
echo " $ ssh -o \"StrictHostKeyChecking no\" -i ssh/id_rsa -p $SSH_PORT sec@localhost"
echo ' where [localhost] could be changed to the host IP of master node'
echo ""
echo " 2. Execute programs inside master node, for example:"
echo " $ sudo su"
echo " # apt update"
echo " *----------------------------------------------------*"
echo " | Default hostfile of connected nodes in the swarmlab |"
echo " | is automatically updated at /etc/opt/hosts |"
echo " | To obtain hostfile manually: $ get_hosts > hosts |"
echo " * ---------------------------------------------------*"
echo ""
echo ""
}
#############################################
while [ "$1" != "" ];
do
PARAM=$(echo "$1" | awk -F= '{print $1}')
VALUE=$(echo "$1" | awk -F= '{print $2}')
case $PARAM in
help)
usage
exit
;;
-i)
show_instruction
exit
;;
login)
COMMAND_LOGIN=1
;;
exec)
COMMAND_EXEC=1
shift # the rest is the shell command to run in the node
SHELL_COMMAND="$*"
break # end while loop
;;
up)
COMMAND_UP=1
;;
create)
COMMAND_CREATE=1
;;
down)
COMMAND_DOWN=1
;;
reload)
COMMAND_RELOAD=1
;;
scale)
COMMAND_SCALE=1
;;
list)
COMMAND_LIST=1
;;
clean)
COMMAND_CLEAN=1
;;
size)
[ "$VALUE" ] && SIZE=$VALUE
;;
*)
echo "ERROR: unknown parameter \"$PARAM\""
usage
exit 1
;;
esac
shift
done
if [ $COMMAND_UP -eq 1 ]; then
create_dockerfile
down_all
clear_all
up_registry
generate_ssh_keys
build_and_push_image
up_master
up_workers
prompt_ready
show_instruction
elif [ $COMMAND_CREATE -eq 1 ]; then
create_project
elif [ $COMMAND_DOWN -eq 1 ]; then
down_all
clear_all
elif [ $COMMAND_CLEAN -eq 1 ]; then
clear_all
elif [ $COMMAND_SCALE -eq 1 ]; then
create_dockerfile
down_master
down_workers
up_master
up_workers
prompt_ready
show_instruction
elif [ $COMMAND_RELOAD -eq 1 ]; then
create_dockerfile
down_master
down_workers
build_and_push_image
up_master
up_workers
prompt_ready
show_instruction
elif [ $COMMAND_LOGIN -eq 1 ]; then
exec_on_mpi_master_container /bin/bash
elif [ $COMMAND_EXEC -eq 1 ]; then
create_dockerfile
exec_on_mpi_master_container ash -c "${SHELL_COMMAND}"
elif [ $COMMAND_LIST -eq 1 ]; then
list
else
usage
fi