Skip to content

added just the defender installation #139

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 23 commits into
base: master
Choose a base branch
from
Open

added just the defender installation #139

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
11ce86e
added just the defender installation
anshupande Feb 10, 2016
c4f3d8c
executable file
anshupande Feb 10, 2016
a6f0834
twistlock-defender.service
anshupande Feb 10, 2016
32c4bde
Merge branch 'twist' of https://github.com/anshupande/mesos-systemd i…
anshupande Feb 10, 2016
f5eccea
moving curl execution to twistlock.sh
anshupande Feb 10, 2016
208810e
add logic to install clent certs for each user
anshupande Feb 10, 2016
13df7a7
moved service to fleet
anshupande Feb 10, 2016
b0fa64b
deleted old service from util
anshupande Feb 10, 2016
8345bf2
still testing
anshupande Feb 10, 2016
c838088
added more logic
anshupande Feb 10, 2016
0a94c7d
more test
anshupande Feb 10, 2016
212540c
updated twist lock client servive to start after defender is installed
anshupande Feb 10, 2016
b9a6eed
add parameter to client download script as well
anshupande Feb 10, 2016
d9679d1
copy .docker from /root rather than /home/core
anshupande Feb 10, 2016
b86b095
moved twistlock-client.service to util-units
anshupande Feb 10, 2016
2122fc8
added twistlock client installation to create-users.service
anshupande Feb 10, 2016
3e3519b
removed twistlock client logic
anshupande Feb 10, 2016
688e9c9
copying .docker folder to /home for each user
anshupande Feb 11, 2016
0711348
corrected the dir location
anshupande Feb 11, 2016
ecc4aa0
use twistlock as proxy by modifying /etc/environment
anshupande Feb 24, 2016
15d390f
make twistlock as proxy
anshupande Feb 24, 2016
63e2136
add logic to make twistlock as proxy server
anshupande Feb 24, 2016
91c0d89
removed proxy lines from twistlock-user.sh
anshupande Feb 24, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions v2/fleet/twistlock-defender.service
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
[Unit]
Description=Install Twistlock Defender
After=docker.service bootstrap.service
Requires=docker.service


[Service]
User=core
TimeoutStartSec=0
ExecStart=/usr/bin/sudo bash /home/core/mesos-systemd/v2/util/twistlock.sh

[X-Fleet]
Global=true
3 changes: 2 additions & 1 deletion v2/util-units/create-users.service
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,8 @@ ExecStartPre=-/usr/bin/rm -rf /home/core/mesos-users

# TODO: re-visit this - dir should probably be configurable
# look at the script to see what it's doing - you just need a repo with user public keys
ExecStart=/usr/bin/bash -c '/usr/bin/git clone [email protected]:behance/mesos-users /home/core/mesos-users && /home/core/mesos-systemd/v2/util/add_users.sh /home/core/mesos-users/users'
ExecStart=/usr/bin/bash -c '/usr/bin/git clone [email protected]:behance/mesos-users /home/core/mesos-users && /home/core/mesos-systemd/v2/util/add_users.sh /home/core/mesos-users/users && /home/core/mesos-systemd/v2/util/twistlock-user.sh'
ExecStartPost=/usr/bin/sudo bash /home/core/mesos-systemd/v2/util/twistlockproxy.sh

[Install]
WantedBy=multi-user.target
Expand Down
58 changes: 58 additions & 0 deletions v2/util/twistlock-user.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
#!/bin/bash

source /etc/environment

HOMEDIR=$(eval echo "~`whoami`")

sudo docker run --rm \
-v ${HOMEDIR}:/data/ behance/docker-aws-s3-downloader \
us-east-1 $CONTROL_TIER_S3SECURE_BUCKET .core


while read line; do
etcdctl set $line
done < ${HOMEDIR}/.core

sudo docker run --rm \
-v ${HOMEDIR}:/data/ behance/docker-aws-s3-downloader \
us-east-1 $CONTROL_TIER_S3SECURE_BUCKET .twistlockparameter


while read line; do
etcdctl set $line
done < ${HOMEDIR}/.twistlockparameter

twistlockclientusername=$(etcdctl get /twistlockclientusercore)
twistlockclientpassword=$(etcdctl get /twistlockclientpasswordcore)
twistlockparameter=$(etcdctl get /twistlockparameter)

#steps to generate private cert for each ssh user in HOMEDIR/.docker

curl -sSL -k --header "authorization:Bearer \
$(eval echo $(echo $(curl -s -H "Content-Type: application/json" \
-d '{"username":"'$(eval echo $twistlockclientusername)'", "password":"'$(eval echo $twistlockclientpassword)'"}' \
https://"$(eval echo $twistlockparameter)":443/api/v1/authenticate) | sed -ne 's/.*"token":"\([^,]*\)".*/\1/p'))" \
https://"$(eval echo $twistlockparameter)"/api/v1/cert/client-certs.sh | sh


for i in `ls /home`;

do sudo cp -rf /home/core/.docker /home/$i

done
#steps to run twistlock as proxy server

#echo "export DOCKER_HOST=tcp://$(eval echo $COREOS_PRIVATE_IPV4):9998" >> /etc/environment
#echo "export DOCKER_TLS_VERIFY=1" >> /etc/environment



#etcdctl set DOCKER_HOST tcp://$(eval echo $COREOS_PRIVATE_IPV4):9998
#etcdctl set DOCKER_TLS_VERIFY 1


#DOCKER_HOST=$(etcdctl get DOCKER_HOST)
#export DOCKER_HOST

#DOCKER_TLS_VERIFY=$(etcdctl get DOCKER_TLS_VERIFY)
#export DOCKER_TLS_VERIFY
33 changes: 33 additions & 0 deletions v2/util/twistlock.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
#!/bin/bash

source /etc/environment

HOMEDIR=$(eval echo "~`whoami`")

sudo docker run --rm \
-v ${HOMEDIR}:/data/ behance/docker-aws-s3-downloader \
us-east-1 $CONTROL_TIER_S3SECURE_BUCKET .twistlock

while read line; do
etcdctl set $line
done < ${HOMEDIR}/.twistlock

sudo docker run --rm \
-v ${HOMEDIR}:/data/ behance/docker-aws-s3-downloader \
us-east-1 $CONTROL_TIER_S3SECURE_BUCKET .twistlockparameter


while read line; do
etcdctl set $line
done < ${HOMEDIR}/.twistlockparameter

twistlockusername=$(etcdctl get /twistlockusername)
twistlockpassword=$(etcdctl get /twistlockpassword)
twistlockparameter=$(etcdctl get /twistlockparameter)

curl -sSL -k --header "authorization:Bearer \
$(eval echo $(echo $(curl -s -H "Content-Type: application/json" \
-d '{"username":"'$(eval echo $twistlockusername)'", "password":"'$(eval echo $twistlockpassword)'"}' \
https://"$(eval echo $twistlockparameter)":443/api/v1/authenticate) | sed -ne 's/.*"token":"\([^,]*\)".*/\1/p'))" \
https://"$(eval echo $twistlockparameter)"/api/v1/scripts/defender.sh \
-o defender.sh && chmod a+x defender.sh && sudo ./defender.sh
5 changes: 5 additions & 0 deletions v2/util/twistlockproxy.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
#!/bin/bash

source /etc/environment
echo "export DOCKER_HOST=tcp://$(eval echo $COREOS_PRIVATE_IPV4):9998" >> /etc/environment
echo "export DOCKER_TLS_VERIFY=1" >> /etc/environment