summaryrefslogtreecommitdiffstats
path: root/docker/csit
diff options
context:
space:
mode:
Diffstat (limited to 'docker/csit')
-rw-r--r--docker/csit/csit-shim/Dockerfile50
-rw-r--r--docker/csit/csit-shim/files/badkeypub1
-rw-r--r--docker/csit/csit-shim/files/sshconfig3
-rw-r--r--docker/csit/csit-shim/files/wrapdocker113
-rw-r--r--docker/csit/csit-sut/Dockerfile173
-rw-r--r--docker/csit/csit-sut/supervisord.conf24
6 files changed, 364 insertions, 0 deletions
diff --git a/docker/csit/csit-shim/Dockerfile b/docker/csit/csit-shim/Dockerfile
new file mode 100644
index 000000000..288c49b19
--- /dev/null
+++ b/docker/csit/csit-shim/Dockerfile
@@ -0,0 +1,50 @@
+FROM ubuntu:18.04
+MAINTAINER Ed Kern <ejk@cisco.com>
+LABEL Description="CSIT shim container"
+LABEL Vendor="cisco.com"
+LABEL Version="1.2"
+
+# Setup the environment
+ENV DEBIAN_FRONTEND=noninteractive
+ENV NOTVISIBLE "in users profile"
+RUN echo "export VISIBLE=now" >> /etc/profile
+
+ADD files/wrapdocker /usr/local/bin/wrapdocker
+RUN chmod +x /usr/local/bin/wrapdocker
+
+# Install packages and Docker
+RUN apt-get -q update \
+ && apt-get install -y -qq \
+ bash \
+ curl \
+ iproute2 \
+ locales \
+ ssh \
+ sudo \
+ tzdata \
+ uuid-runtime \
+ && curl -fsSL https://get.docker.com | sh \
+ && rm -rf /var/lib/apt/lists/*
+
+# Configure locales
+RUN locale-gen en_US
+
+RUN mkdir /var/run/sshd
+RUN echo 'root:Csit1234' | chpasswd
+RUN sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
+
+# SSH login fix. Otherwise user is kicked off after login
+RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
+
+# Need volume for sidecar docker launches
+VOLUME /var/lib/docker
+
+# SSH to listen on port 6022 in shim
+RUN echo 'Port 6022' >>/etc/ssh/sshd_config
+RUN echo 'Port 6023' >>/etc/ssh/sshd_config
+ADD files/badkeypub /root/.ssh/authorized_keys
+ADD files/sshconfig /root/.ssh/config
+
+# Start sshd by default
+EXPOSE 22
+CMD ["/usr/sbin/sshd", "-D"]
diff --git a/docker/csit/csit-shim/files/badkeypub b/docker/csit/csit-shim/files/badkeypub
new file mode 100644
index 000000000..574268450
--- /dev/null
+++ b/docker/csit/csit-shim/files/badkeypub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyUNd/iRk5Ajw4ZBB0gXyjzecEzQHh/MctgvHGJjasqJDkwYyZBrunUorOZ3n82W8VGdd5+eNINCWOM/ERjuaHjnutfade+ocPgZRdk+kEgTvetDVNWIgBd0PMVcnp57jJfx7CZVqTNgGeVQ8OJ2RbJGeOb/EKApQI74IPkAfc0PSieSw5gC0eqEOHb39Awgp0ycrzsUHF/OEicfCmo+6vvrMGenDe7frKUoTKYMWs7l3DOyFC8NaOxhGD3J1Ne5u3A/r4w6mN1HVI0rFwIcoms+t0B4lb2ODWKZiZikQdn8/eqwsmbSEZZsWN3FkshgjPS83+dNqVwB6pPY5Yqte7 ejk@bhima.local
diff --git a/docker/csit/csit-shim/files/sshconfig b/docker/csit/csit-shim/files/sshconfig
new file mode 100644
index 000000000..85ad6f74a
--- /dev/null
+++ b/docker/csit/csit-shim/files/sshconfig
@@ -0,0 +1,3 @@
+Host 172.17.0.*
+ StrictHostKeyChecking no
+ UserKnownHostsFile=/dev/null
diff --git a/docker/csit/csit-shim/files/wrapdocker b/docker/csit/csit-shim/files/wrapdocker
new file mode 100644
index 000000000..2ca579fdf
--- /dev/null
+++ b/docker/csit/csit-shim/files/wrapdocker
@@ -0,0 +1,113 @@
+#!/bin/bash
+
+# Ensure that all nodes in /dev/mapper correspond to mapped devices currently loaded by the device-mapper kernel driver
+dmsetup mknodes
+
+# First, make sure that cgroups are mounted correctly.
+CGROUP=/sys/fs/cgroup
+: {LOG:=stdio}
+
+[ -d $CGROUP ] ||
+ mkdir $CGROUP
+
+mountpoint -q $CGROUP ||
+ mount -n -t tmpfs -o uid=0,gid=0,mode=0755 cgroup $CGROUP || {
+ echo "Could not make a tmpfs mount. Did you use --privileged?"
+ exit 1
+ }
+
+if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security
+then
+ mount -t securityfs none /sys/kernel/security || {
+ echo "Could not mount /sys/kernel/security."
+ echo "AppArmor detection and --privileged mode might break."
+ }
+fi
+
+# Mount the cgroup hierarchies exactly as they are in the parent system.
+for SUBSYS in $(cut -d: -f2 /proc/1/cgroup)
+do
+ [ -d $CGROUP/$SUBSYS ] || mkdir $CGROUP/$SUBSYS
+ mountpoint -q $CGROUP/$SUBSYS ||
+ mount -n -t cgroup -o $SUBSYS cgroup $CGROUP/$SUBSYS
+
+ # The two following sections address a bug which manifests itself
+ # by a cryptic "lxc-start: no ns_cgroup option specified" when
+ # trying to start containers withina container.
+ # The bug seems to appear when the cgroup hierarchies are not
+ # mounted on the exact same directories in the host, and in the
+ # container.
+
+ # Named, control-less cgroups are mounted with "-o name=foo"
+ # (and appear as such under /proc/<pid>/cgroup) but are usually
+ # mounted on a directory named "foo" (without the "name=" prefix).
+ # Systemd and OpenRC (and possibly others) both create such a
+ # cgroup. To avoid the aforementioned bug, we symlink "foo" to
+ # "name=foo". This shouldn't have any adverse effect.
+ echo $SUBSYS | grep -q ^name= && {
+ NAME=$(echo $SUBSYS | sed s/^name=//)
+ ln -s $SUBSYS $CGROUP/$NAME
+ }
+
+ # Likewise, on at least one system, it has been reported that
+ # systemd would mount the CPU and CPU accounting controllers
+ # (respectively "cpu" and "cpuacct") with "-o cpuacct,cpu"
+ # but on a directory called "cpu,cpuacct" (note the inversion
+ # in the order of the groups). This tries to work around it.
+ [ $SUBSYS = cpuacct,cpu ] && ln -s $SUBSYS $CGROUP/cpu,cpuacct
+done
+
+# Note: as I write those lines, the LXC userland tools cannot setup
+# a "sub-container" properly if the "devices" cgroup is not in its
+# own hierarchy. Let's detect this and issue a warning.
+grep -q :devices: /proc/1/cgroup ||
+ echo "WARNING: the 'devices' cgroup should be in its own hierarchy."
+grep -qw devices /proc/1/cgroup ||
+ echo "WARNING: it looks like the 'devices' cgroup is not mounted."
+
+# Now, close extraneous file descriptors.
+pushd /proc/self/fd >/dev/null
+for FD in *
+do
+ case "$FD" in
+ # Keep stdin/stdout/stderr
+ [012])
+ ;;
+ # Nuke everything else
+ *)
+ eval exec "$FD>&-"
+ ;;
+ esac
+done
+popd >/dev/null
+
+
+# If a pidfile is still around (for example after a container restart),
+# delete it so that docker can start.
+rm -rf /var/run/docker.pid
+
+# If we were given a PORT environment variable, start as a simple daemon;
+# otherwise, spawn a shell as well
+if [ "$PORT" ]
+then
+ exec dockerd -H 0.0.0.0:$PORT -H unix:///var/run/docker.sock \
+ $DOCKER_DAEMON_ARGS
+else
+ if [ "$LOG" == "file" ]
+ then
+ dockerd $DOCKER_DAEMON_ARGS &>/var/log/docker.log &
+ else
+ dockerd $DOCKER_DAEMON_ARGS &
+ fi
+ (( timeout = 60 + SECONDS ))
+ until docker info >/dev/null 2>&1
+ do
+ if (( SECONDS >= timeout )); then
+ echo 'Timed out trying to connect to internal docker host.' >&2
+ break
+ fi
+ sleep 1
+ done
+ [[ $1 ]] && exec "$@"
+ exec bash --login
+fi
diff --git a/docker/csit/csit-sut/Dockerfile b/docker/csit/csit-sut/Dockerfile
new file mode 100644
index 000000000..ba212dc96
--- /dev/null
+++ b/docker/csit/csit-sut/Dockerfile
@@ -0,0 +1,173 @@
+# Copyright (c) 2019 Cisco and/or its affiliates.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM ubuntu:18.04
+MAINTAINER csit-dev <csit-dev@lists.fd.io>
+LABEL Description="CSIT vpp-device ubuntu 18.04 SUT image"
+LABEL Version="0.7"
+
+# Setup the environment
+ENV DEBIAN_FRONTEND=noninteractive
+ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
+ENV NOTVISIBLE "in users profile"
+ENV VPP_PYTHON_PREFIX=/var/cache/vpp/python
+
+# Install packages and Docker
+RUN apt-get -q update \
+ && apt-get install -y -qq \
+ # general tools
+ apt-transport-https \
+ bridge-utils \
+ cloud-init \
+ curl \
+ gdb \
+ locales \
+ net-tools \
+ openssh-server \
+ pciutils \
+ rsyslog \
+ software-properties-common \
+ ssh \
+ sudo \
+ supervisor \
+ tar \
+ vim \
+ wget \
+ # csit requirements
+ cmake \
+ dkms \
+ gfortran \
+ libblas-dev \
+ libffi-dev \
+ liblapack-dev \
+ libpcap-dev \
+ libssl-dev \
+ python-all \
+ python-apt \
+ python-cffi \
+ python-cffi-backend \
+ python-dev \
+ python-enum34 \
+ python-pip \
+ python-setuptools \
+ python-virtualenv \
+ python3-all \
+ python3-apt \
+ python3-cffi \
+ python3-cffi-backend \
+ python3-dev \
+ python3-pip \
+ python3-setuptools \
+ python3-virtualenv \
+ qemu-system \
+ socat \
+ strongswan \
+ unzip \
+ tcpdump \
+ zlib1g-dev \
+ # vpp requirements
+ ca-certificates \
+ libapr1 \
+ libmbedcrypto1 \
+ libmbedtls10 \
+ libmbedx509-0 \
+ libnuma1 \
+ sshpass \
+ && curl -L https://packagecloud.io/fdio/master/gpgkey | sudo apt-key add - \
+ && curl -s https://packagecloud.io/install/repositories/fdio/master/script.deb.sh | sudo bash \
+ # temp hack due to build.sh
+ && apt-get install -y -qq vpp-ext-deps \
+ && curl -fsSL https://get.docker.com | sh \
+ && rm -rf /var/lib/apt/lists/*
+
+# Configure locales
+RUN locale-gen en_US.UTF-8 \
+ && dpkg-reconfigure locales
+
+# Fix permissions
+RUN chown root:syslog /var/log \
+ && chmod 755 /etc/default
+
+# Create directory structure
+RUN mkdir -p /tmp/dumps \
+ && mkdir -p /var/cache/vpp/python \
+ && mkdir -p /var/run/sshd
+
+# CSIT PIP pre-cache
+RUN pip3 install \
+ ecdsa==0.13.3 \
+ paramiko==2.6.0 \
+ pycrypto==2.6.1 \
+ pypcap==1.2.3 \
+ PyYAML==5.1.1 \
+ requests==2.22.0 \
+ robotframework==3.1.2 \
+ scapy==2.4.3 \
+ scp==0.13.2 \
+ ansible==2.7.8 \
+ dill==0.2.8.2 \
+ numpy==1.17.3 \
+ hdrhistogram==0.6.1 \
+ pandas==0.25.3 \
+ plotly==4.1.1 \
+ PTable==0.9.2 \
+ Sphinx==2.2.1 \
+ sphinx-rtd-theme==0.4.0 \
+ sphinxcontrib-programoutput==0.15 \
+ sphinxcontrib-robotdoc==0.11.0 \
+ alabaster==0.7.12 \
+ Babel==2.7.0 \
+ bcrypt==3.1.7 \
+ certifi==2019.9.11 \
+ cffi==1.13.2 \
+ chardet==3.0.4 \
+ cryptography==2.8 \
+ docutils==0.15.2 \
+ future==0.18.2 \
+ idna==2.8 \
+ imagesize==1.1.0 \
+ Jinja2==2.10.3 \
+ MarkupSafe==1.1.1 \
+ packaging==19.2 \
+ pbr==5.4.3 \
+ pycparser==2.19 \
+ Pygments==2.4.2 \
+ PyNaCl==1.3.0 \
+ pyparsing==2.4.4 \
+ python-dateutil==2.8.1 \
+ pytz==2019.3 \
+ retrying==1.3.3 \
+ six==1.13.0 \
+ snowballstemmer==2.0.0 \
+ sphinxcontrib-applehelp==1.0.1 \
+ sphinxcontrib-devhelp==1.0.1 \
+ sphinxcontrib-htmlhelp==1.0.2 \
+ sphinxcontrib-jsmath==1.0.1 \
+ sphinxcontrib-qthelp==1.0.2 \
+ sphinxcontrib-serializinghtml==1.1.3 \
+ urllib3==1.25.6
+
+# ARM workaround
+RUN pip3 install scipy==1.1.0
+
+# SSH settings
+RUN echo 'root:Csit1234' | chpasswd \
+ && sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config \
+ && sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd \
+ && echo "export VISIBLE=now" >> /etc/profile
+
+EXPOSE 2222
+
+COPY supervisord.conf /etc/supervisor/supervisord.conf
+
+CMD ["sh", "-c", "rm -f /dev/shm/db /dev/shm/global_vm /dev/shm/vpe-api; /usr/bin/supervisord -c /etc/supervisor/supervisord.conf; /usr/sbin/sshd -D -p 2222"]
diff --git a/docker/csit/csit-sut/supervisord.conf b/docker/csit/csit-sut/supervisord.conf
new file mode 100644
index 000000000..4a6fe9656
--- /dev/null
+++ b/docker/csit/csit-sut/supervisord.conf
@@ -0,0 +1,24 @@
+[unix_http_server]
+file = /tmp/supervisor.sock
+chmod = 0777
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl = unix:///tmp/supervisor.sock
+
+[supervisord]
+pidfile = /tmp/supervisord.pid
+identifier = supervisor
+directory = /tmp
+logfile = /tmp/supervisord.log
+loglevel = debug
+nodaemon = false
+
+[program:vpp]
+command = /usr/bin/vpp -c /etc/vpp/startup.conf
+autostart = false
+autorestart = true
+redirect_stderr = true
+priority = 1