Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/gorshunovr/pan-net-lab
Test exercise for DevSecOps position @ T-Systems: Ansible, Go, Python, AWK, Bash, Vagrant, nmap, rsyslog, REST API, Ubuntu, GitHub Workflow CI, Markdown
https://github.com/gorshunovr/pan-net-lab
ansible ansible-roles awk bash docker go nmap nmap-parser playbooks rsyslog vagrant virtual-machine
Last synced: about 1 month ago
JSON representation
Test exercise for DevSecOps position @ T-Systems: Ansible, Go, Python, AWK, Bash, Vagrant, nmap, rsyslog, REST API, Ubuntu, GitHub Workflow CI, Markdown
- Host: GitHub
- URL: https://github.com/gorshunovr/pan-net-lab
- Owner: gorshunovr
- License: apache-2.0
- Created: 2019-11-22T14:00:45.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2020-09-07T13:23:53.000Z (over 4 years ago)
- Last Synced: 2024-11-14T13:44:20.848Z (about 1 month ago)
- Topics: ansible, ansible-roles, awk, bash, docker, go, nmap, nmap-parser, playbooks, rsyslog, vagrant, virtual-machine
- Language: Go
- Homepage:
- Size: 49.8 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Pan-Net lab
![CI-linting](https://github.com/gorshunovr/pan-net-lab/workflows/CI-linting/badge.svg?branch=master)
## Environment
Environment is expected to be launched via `vagrant up` command. Vagrant would
bring up 2 Ubuntu 16.04 virtual machines:* *n0* - this is the main VM:
* Docker
* Ansible (VM manages itself trough Ansible)
* Containerized `getweather` application
* `scanner` application* *n1* - this VM is used for testing purposes only
```code
.
├── ansible/
├── getweather/
├── scanner/
├── bootstrap.sh*
├── LICENSE
├── README.md
└── Vagrantfile
```## Exercise 1
### Programming 1
Please, see [README](getweather/README.md) for details on *getweather*
application.### Ansible 1
Ansible is installed on *n0* virtual machine via `bootstrap.sh` shell script,
which is called by Vagrant during provisioning process. After Ansible is
installed, Vagrant runs Ansible playbook `setup.yml`:```bash
cd /vagrant/ansible/ && ansible-playbook -i inventory.txt setup.yml
```Please, see [README](ansible/README.md) for details on Ansible setup and run.
### Docker
Ansible playbook builds `getweather:1.0` container with Go application packaged
into it.## Exercise 2
### Programming 2
Please, see [README](scanner/README.md) for details on *scanner* application.
## Exercise 3
### Syslog configuration
Syslog is configured with the following parameters:
* default logging to `/var/log/*`
* custom log files - per-host logging### Ansible 3
Ansible role `rsyslog` has been created.
Using Jinja2 templates of `rsyslog.conf` and `50-default.conf` files it allows to
parametrize the following:* logging only default log files
* logging custom files
* selecting external log server to send logs toDefault values of parameters are listed in role defaults:
* `rsyslog_udp_server` boolean and `rsyslog_udp_server_port` number for `rsyslog.conf` file
* `rsyslog_tcp_server` boolean and `rsyslog_tcp_server_port` number for `rsyslog.conf` file
* `rsyslog_custom_rules` list of strings with rules for `50-default.conf.j2` file
* `relay_logs` list of `facility` (e.g. `mail`, `user`, etc.), with logs sent to defined
`destination_server` via both UDP and TCP (not RELP).Verification that logs from other servers are being properly delivered to *n0* VM
is done by running the following command on test *n1* VM under standard user
account (assuming `192.168.56.10` is an IP address of *n0*):```bash
logger --server 192.168.56.10 "Test message from n1 VM"
```And checking results on *n0* VM:
```bash
vagrant@n0:/vagrant/scanner$ sudo grep Test /var/log/n1/system.log
Nov 22 20:48:26 n1 vagrant Test message from n1 VM
vagrant@n0:/vagrant/scanner$
```> **NOTE:** Path to log file includes hostname *n1* as requested.
## Conventions
* Project uses [GitHub Super-Linter](https://github.com/github/super-linter) action in CI
* Ansible roles and playbooks should be linted by `ansible-lint` and/or `ansible-review` tools
* Shell scripts should be linted by `shellcheck` tool
* AWK scripts should be linted by `awk --lint ...`
* Go code should be linted by `go fmt ...`
* Documentation should be in Markdown format and linted by `markdownlint`