diff --git a/CHANGELOG.md b/CHANGELOG.md index b22e0bf9..ded5cbef 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ - Git lesson stage 5 [#324](https://github.com/nre-learning/nrelabs-curriculum/pull/324) - Adding image build to preview pipeline [#352](https://github.com/nre-learning/nrelabs-curriculum/pull/352) - More image build changes (moving to GH actions) [#354](https://github.com/nre-learning/nrelabs-curriculum/pull/354) +- SuzieQ Image and Lesson [#357](https://github.com/nre-learning/nrelabs-curriculum/pull/357) ## v1.3.0 - December 13, 2020 diff --git a/images/suzieq/Dockerfile b/images/suzieq/Dockerfile new file mode 100644 index 00000000..23a09f26 --- /dev/null +++ b/images/suzieq/Dockerfile @@ -0,0 +1,48 @@ + +# Based on python/debian(buster) +FROM netenglabs/suzieq:0.9 + +RUN apt-get update && apt-get install -y openssh-server python3 python3-pip dnsutils iputils-ping git vim curl util-linux sshpass nano jq libxml2-utils +RUN mkdir /var/run/sshd + +# Antidote user +RUN mkdir -p /home/antidote +RUN useradd antidote -p antidotepassword +RUN chown antidote:antidote /home/antidote +RUN chsh antidote --shell=/bin/bash +RUN echo 'antidote:antidotepassword' | chpasswd +RUN echo 'root:$(uuidgen)' | chpasswd + +# Adjust MOTD +RUN rm -f /etc/update-motd.d/* +RUN rm -f /etc/legal +ADD motd.sh /etc/update-motd.d/00-antidote-motd + +# Disable root Login +RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin no/' /etc/ssh/sshd_config +RUN sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config + +# SSH login fix. Otherwise user is kicked off after login +RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd + +# Disable su for everyone not in the wheel group (no one is in the wheel group) +RUN echo "auth required pam_wheel.so use_uid" >> /etc/pam.d/su + +# https://stackoverflow.com/questions/36292317/why-set-visible-now-in-etc-profile +ENV NOTVISIBLE "in users profile" +RUN echo "export VISIBLE=now" >> /etc/profile + +# ADD requirements.txt /requirements.txt +# RUN pip3 install -r /requirements.txt + +# The snapshots directory is apparently not being set up during installation so we'll do it here +RUN mkdir -p /home/antidote/jsnapy/snapshots && chown -R antidote:antidote /home/antidote/jsnapy + +# RUN curl -L -o yq https://github.com/mikefarah/yq/releases/download/3.3.2/yq_linux_amd64 && chmod +x yq && mv yq /usr/local/bin +# RUN wget https://github.com/sharkdp/bat/releases/download/v0.17.1/bat_0.17.1_amd64.deb && dpkg -i bat_0.17.1_amd64.deb + +COPY bash_profile /home/antidote/.bash_profile +RUN chown antidote:antidote /home/antidote/.bash_profile + +EXPOSE 22 +CMD ["/usr/sbin/sshd", "-D"] diff --git a/images/suzieq/Makefile b/images/suzieq/Makefile new file mode 100644 index 00000000..3ee1f9f3 --- /dev/null +++ b/images/suzieq/Makefile @@ -0,0 +1,13 @@ +# SHELL=/bin/bash + +TARGET_VERSION ?= latest + +all: docker + +docker: + docker build --pull --no-cache -t antidotelabs/suzieq:$(TARGET_VERSION) . + docker push antidotelabs/suzieq:$(TARGET_VERSION) + +dockerfast: + docker build --pull -t antidotelabs/suzieq:$(TARGET_VERSION) . + docker push antidotelabs/suzieq:$(TARGET_VERSION) diff --git a/images/suzieq/bash_profile b/images/suzieq/bash_profile new file mode 100644 index 00000000..95e6ef58 --- /dev/null +++ b/images/suzieq/bash_profile @@ -0,0 +1 @@ +alias python="/usr/bin/python3" diff --git a/images/suzieq/image.meta.yaml b/images/suzieq/image.meta.yaml new file mode 100644 index 00000000..5702699a --- /dev/null +++ b/images/suzieq/image.meta.yaml @@ -0,0 +1,12 @@ +slug: utility +description: Utility image +flavor: untrusted +sshUser: antidote +sshPassword: antidotepassword +configUser: antidote +configPassword: antidotepassword +networkInterfaces: + - 'eth0' + - 'eth1' + - 'eth2' + - 'eth3' \ No newline at end of file diff --git a/images/suzieq/motd.sh b/images/suzieq/motd.sh new file mode 100755 index 00000000..f6811ba2 --- /dev/null +++ b/images/suzieq/motd.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +printf "Welcome to \u001b[1;38;5;36mNRE Labs\033[1m%s\033[0m! \n" +printf " * Docs - https://docs.nrelabs.io/\n" diff --git a/images/suzieq/requirements.txt b/images/suzieq/requirements.txt new file mode 100644 index 00000000..675d5042 --- /dev/null +++ b/images/suzieq/requirements.txt @@ -0,0 +1,13 @@ +# https://github.com/Azure/azure-cli/issues/16858 +cryptography==3.3.2 + +napalm +netmiko +jsnapy +robotframework +jinja2 +paho-mqtt +grpcio +grpcio-tools +flask +pygments diff --git a/lessons/suzieq-network-observability/lesson.meta.yaml b/lessons/suzieq-network-observability/lesson.meta.yaml new file mode 100644 index 00000000..a0b6e357 --- /dev/null +++ b/lessons/suzieq-network-observability/lesson.meta.yaml @@ -0,0 +1,31 @@ +name: Network Observability with SuzieQ +slug: suzieq-network-observability +category: tools +diagram: "" +video: "" +tier: prod +description: TBD +shortDescription: suzieq +stages: +- description: Introduction + guideType: markdown + stageVideo: "" +endpoints: +- name: suzieq + image: suzieq + presentations: + - name: cli + port: 22 + type: ssh +- name: cvx1 + image: cvx + configurationType: python + presentations: + - name: cli + port: 22 + type: ssh +authors: +- name: Dinesh Dutt + link: TBD +- name: Justin Pietsch + link: TBD diff --git a/lessons/suzieq-network-observability/stage0/configs/cvx1.py b/lessons/suzieq-network-observability/stage0/configs/cvx1.py new file mode 100644 index 00000000..40859067 --- /dev/null +++ b/lessons/suzieq-network-observability/stage0/configs/cvx1.py @@ -0,0 +1,33 @@ +import paramiko +import os +from scp import SCPClient + +host=os.environ['ANTIDOTE_TARGET_HOST'] + +def createSSHClient(server, port, user, password): + client = paramiko.SSHClient() + client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) + client.connect(server, port, user, password) + return client + +ssh=createSSHClient(host,22,"antidote","antidotepassword") + +scp=SCPClient(ssh.get_transport()) + +this_dir = os.path.dirname(os.path.realpath(__file__)) + +scp.put('%s/cvx1/interfaces' % this_dir, '/home/antidote/interfaces') +scp.put('%s/cvx1/daemons' % this_dir, '/home/antidote/daemons') +scp.put('%s/cvx1/frr.conf' % this_dir, '/home/antidote/frr.conf') + +ssh.exec_command('sudo cp /home/antidote/interfaces /etc/network/interfaces') +ssh.exec_command('sudo cp /home/antidote/daemons /etc/frr/daemons') +ssh.exec_command('sudo cp /home/antidote/frr.conf /etc/frr/frr.conf') +ssh.exec_command('sudo systemctl restart frr.service') +ssh.exec_command('sudo ifreload -a') + +scp.close() +ssh.close() + + + diff --git a/lessons/suzieq-network-observability/stage0/configs/cvx1/daemons b/lessons/suzieq-network-observability/stage0/configs/cvx1/daemons new file mode 100644 index 00000000..4ff95c9f --- /dev/null +++ b/lessons/suzieq-network-observability/stage0/configs/cvx1/daemons @@ -0,0 +1,3 @@ +zebra=yes +bgpd=yes + diff --git a/lessons/suzieq-network-observability/stage0/configs/cvx1/frr.conf b/lessons/suzieq-network-observability/stage0/configs/cvx1/frr.conf new file mode 100644 index 00000000..535d6fc6 --- /dev/null +++ b/lessons/suzieq-network-observability/stage0/configs/cvx1/frr.conf @@ -0,0 +1,7 @@ +router bgp 65002 + bgp router-id 10.1.1.2 + neighbor 10.10.10.1 remote-as 65001 + address-family ipv4 unicast + neighbor 10.10.10.1 activate + redistribute connected + diff --git a/lessons/suzieq-network-observability/stage0/configs/cvx1/interfaces b/lessons/suzieq-network-observability/stage0/configs/cvx1/interfaces new file mode 100644 index 00000000..47c37920 --- /dev/null +++ b/lessons/suzieq-network-observability/stage0/configs/cvx1/interfaces @@ -0,0 +1,23 @@ +auto lo +iface lo inet loopback + address 10.1.1.2/32 + +auto eth0 +iface eth0 inet dhcp + vrf mgmt + +auto mgmt +iface mgmt + address 127.0.0.1/8 + vrf-table auto + +auto swp1 +allow-uplink swp1 +iface swp1 inet static + address 10.10.10.2/30 + +auto swp2 +allow-uplink swp2 +iface swp2 inet static + address 10.10.100.1/30 + diff --git a/lessons/suzieq-network-observability/stage0/guide.md b/lessons/suzieq-network-observability/stage0/guide.md new file mode 100644 index 00000000..b5acf875 --- /dev/null +++ b/lessons/suzieq-network-observability/stage0/guide.md @@ -0,0 +1,2 @@ + +Please enter your lesson guide contents here.