def shutit_example_3():
# use shutit for telnet
session = shutit.create_session('bash')
session.send('telnet', expect='>', echo=True)
session.send('open google.com 80', expect='scape character', echo=True)
session.send('GET /', echo=True, check_exit=False)
session.logout()
def shutit_example_1():
# use shutit for ssh
session = shutit.create_session('bash')
password = session.get_input('', ispass=True)
session.login('[email protected]', user='******', password=password)
session.send('hostname', echo=True)
session.logout()
def startup():
s1 = shutit.create_session('bash', loglevel='info', echo=True)
# TODO: get minishift itself?
s1.send('minishift update', {'want to update': 'y'})
while True:
status = s1.send_and_get_output(
"""minishift status | grep ^Minishift | awk '{print $2}'""")
if status == 'Running':
s1.send('eval $(minishift oc-env)')
break
else:
if s1.send_and_get_output('uname') == 'Darwin':
# Problems?
# sudo minishift delete --cache
# sudo rm -rf ~/.minishift/
s1.send('minishift addons install --defaults')
s1.send('minishift addons enable cluster-admin')
s1.send('minishift start')
else:
s1.send('minishift addons install --defaults')
s1.send('minishift addons enable cluster-admin')
s1.send('minishift start --vm-driver virtualbox')
s1.send('eval $(minishift oc-env)')
# https://github.com/minishift/minishift/issues/402
login_as_developer(s1)
s1.send(
'oc adm policy add-cluster-role-to-user cluster-admin admin --as=system:admin'
)
login_as_root(s1)
return s1
def main():
# Pre-req check
try:
api_key = os.environ['VULTR_API_KEY']
except:
print('VULTR_API_KEY must be set in the environment')
sys.exit(1)
# Constants
vultr_password = '******'
# Main choices begin
q = 'Please choose an env to build'
env_options = [
'knative',
]
env_option, _ = pick.pick(env_options, q)
final_msg = ''
# Create bash shell
s = shutit.create_session(loglevel='DEBUG', session_type='bash', echo=True)
ip_address = core_setup(s=s,
vultr_password=vultr_password,
api_key=api_key)
# Process choices
if env_option == 'knative':
handle_knative(s, ip_address, vultr_password)
# Clean up from core setup.
s.logout()
s.logout()
def shutit_example_2():
# use shutit for ssh then command
capacity_command = """df / | awk '{print $5}' | tail -1 | sed s/[^0-9]//"""
session1 = shutit.create_session('bash')
session2 = shutit.create_session('bash')
password1 = session1.get_input('Password for server1', ispass=True)
password2 = session2.get_input('Password for server2', ispass=True)
session1.login('ssh [email protected]', user='******', password=password1)
session2.login('ssh [email protected]', user='******', password=password2)
capacity = session1.send_and_get_output(capacity_command)
if int(capacity) < 10:
print('RUNNING OUT OF SPACE ON server1!')
capacity = session2.send_and_get_output(capacity_command)
if int(capacity) < 10:
print('RUNNING OUT OF SPACE ON server2!')
session1.logout()
session2.logout()
def startup(delete=False):
s1 = shutit.create_session('bash', loglevel='debug', echo=True)
if not s1.command_available('minikube') or s1.send_and_get_output(
"""minikube version | awk '{print $NF}'""") != 'v0.23.0':
try:
pw = file('secret').read().strip()
except IOError:
pw = ''
if pw == '':
s1.log(
'''WARNING! IF THIS DOES NOT WORK YOU MAY NEED TO SET UP A 'secret' FILE IN THIS FOLDER!'''
)
import time
time.sleep(10)
if s1.send_and_get_output('uname') == 'Darwin':
s1.multisend(
'curl -Lo minikube https://storage.googleapis.com/minikube/releases/v0.25.2/minikube-darwin-amd64 && chmod +x minikube && sudo mv minikube /usr/local/bin/',
{'assword': pw})
else:
s1.multisend(
'curl -Lo kubectl https://storage.googleapis.com/kubernetes-release/release/v1.8.0/bin/linux/amd64/kubectl && chmod +x kubectl && sudo mv kubectl /usr/local/bin/',
{'password': pw})
s1.multisend(
'curl -Lo minikube https://storage.googleapis.com/minikube/releases/v0.25.2/minikube-linux-amd64 && chmod +x minikube && sudo mv minikube /usr/local/bin/',
{'assword': pw})
if delete:
s1.send('minikube delete || true')
while True:
status = s1.send_and_get_output('minikube status')
status_list = status.split('\n')
if status_list[0] == 'minikube: Running' and status_list[
1] == 'cluster: Running' and status_list[
2][:29] == 'kubectl: Correctly Configured':
break
s1.send('minikube start --memory 4096')
return s1
import shutit
# Assumes vagrant is installed
# 'pip install shutit' to install python shutit package
root = shutit.create_session('bash',loglevel='info',echo=True)
nomadserver = shutit.create_session('bash',loglevel='info')
pw = root.get_input('Password?',ispass=True)
root.send('vagrant destroy -f')
root.multisend('vagrant up',{'assword':pw})
nomadserver.login('vagrant ssh nomadserver')
if root.send_and_get_output('vagrant plugin list | grep landrush') == '':
root.multisend('vagrant plugin install landrush',{'assword':pw})
nomadserver_ip = root.send_and_get_output("""vagrant landrush ls 2> /dev/null | grep -w ^nomadserver.vagrant.test | awk '{print $2}'""").strip()
nomadserver.send('curl https://raw.githubusercontent.com/hashicorp/nomad/master/demo/vagrant/server.hcl > server.hcl')
nomadserver.send('sudo nomad agent -config server.hcl > server.log 2>&1 &')
nomadserver.send('nomad server-members -address http://' + nomadserver_ip + ':4646 -config server.hcl',background=True)
nomadserver.send('curl https://raw.githubusercontent.com/hashicorp/nomad/master/demo/vagrant/client1.hcl > client1.hcl')
nomadserver.send("""sed -i 's/127.0.0.1/""" + nomadserver_ip + """/' client1.hcl""")
nomadserver.send('sudo nomad agent -config client1.hcl > client.log 2>&1 &')
nomadserver.pause_point('sudo nomad agent -config client1.hcl > client1.log 2>&1 &')
nomadserver.send('curl https://raw.githubusercontent.com/hashicorp/nomad/master/demo/vagrant/client2.hc2 > client2.hcl')
nomadserver.send("""sed -i 's/127.0.0.1/""" + nomadserver_ip + """/' client2.hcl""")
nomadserver.send('sudo nomad agent -config client2.hcl > client2.log 2>&1 &')
def tidy_server_dict(server_dict):
for item in server_dict:
for name in ('via', 'login_command', 'username', 'server', 'commands'):
if name not in server_dict[item]:
server_dict[item][name] = None
if server_dict[item]['login_command'] is None and server_dict[item][
'server'] is None and server_dict[item]['commands'] is None:
print 'Either "login_command" or "server" must be set in: ' + item
sys.exit(1)
return server_dict
def log(msg):
if debug:
print msg
password_dict = get_passwords()
server_dict = get_servers()
server_dict = tidy_server_dict(server_dict)
destination = choose(server_dict, longtable=False)
# Create the bash session
print 'Please wait...'
shutit_session = shutit.create_session('bash', loglevel=loglevel)
# Off we go.
go(shutit_session, destination, server_dict, password_dict)
shutit_session.pause_point()
import shutit
import os
shutit.pane()
# https://asciinema.org/a/140690
# The gnuplot prompt to expect.
gnuplot_expect = 'gnuplot> '
# Create a bash session.
s = shutit.create_session(loglevel='warning', video=2)
# If gnuplot is not installed, install it.
if s.send_and_get_output('which gnuplot') == '':
s.install('gnuplot')
# Ensure we are in this script's folder.
s.send('cd ' + os.path.dirname(os.path.realpath(__file__)))
# Gnuplot session.
s.send('gnuplot', expect=gnuplot_expect, note='Start gnuplot')
s.send('set terminal png',
expect=gnuplot_expect,
note='Set the terminal to output png files.')
s.send('set style line 1',
expect=gnuplot_expect,
note='Set the style to a line')
s.send('set xdata time',
expect=gnuplot_expect,
note='Identify the x axis as of the "time" type')
import shutit
s1 = shutit.create_session(echo=True, loglevel='info')
s2 = shutit.create_session(echo=True, loglevel='info')
s1.send('vagrant up')
s1.login('vagrant ssh master1')
s2.login('vagrant ssh master2')
s1.login('sudo su -')
s2.login('sudo su -')
s1.send('sleep 10 && reboot &')
s2.send('sleep 10 && reboot &')
s1.logout()
s1.logout()
s2.logout()
s2.logout()
s1.send('sleep 30')
s1.login('vagrant ssh master1')
s1.logout()
print 'OK'
import shutit
s = shutit.create_session(session_type='bash', loglevel='debug', vagrant_memory=4096)
s.send('rm -rf /tmp/tf_build && mkdir -p /tmp/tf_build')
s.send('cd /tmp/tf_build')
s.send('git clone https://github.com/hashicorp/terraform.git')
s.send('cd terraform')
s.send('git checkout v0.12-dev')
s.send('vagrant destroy -f || true')
s.send('vagrant up')
s.login(command='vagrant ssh')
s.login('sudo su')
s.send('apt update -y && apt install unzip')
s.send('PROTOC_ZIP=protoc-3.3.0-linux-x86_64.zip')
s.send('curl -OL https://github.com/google/protobuf/releases/download/v3.3.0/$PROTOC_ZIP')
s.send('sudo unzip -o $PROTOC_ZIP -d /usr/local bin/protoc')
s.send('rm -f $PROTOC_ZIP')
s.logout()
s.send('go get -u github.com/golang/protobuf/protoc-gen-go')
s.send('go install github.com/golang/protobuf/protoc-gen-go')
s.send('go get github.com/golang/mock/gomock')
s.send('go install github.com/golang/mock/mockgen')
s.send('cd /opt/gopath/src/github.com/hashicorp/terraform/')
s.send('make fmt')
#s.send('make test')
s.send('make bin')
s.pause_point('')
s.logout()
def do_grafeas(s):
s.send('rm -rf tmp_grafeas')
s.send('mkdir -p tmp_grafeas/gnupg')
s.send('cd tmp_grafeas')
s.send('export GNUPGHOME=$(pwd)/gnupg')
s.send('git clone https://github.com/kelseyhightower/grafeas-tutorial.git')
s.send('cd grafeas-tutorial/pki')
s.send_file(
'gen_certs.sh', '''#!/bin/bash
cfssl gencert -initca ca-csr.json | cfssljson -bare ca
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -hostname=10.0.2.15,127.0.0.1,image-signature-webhook,image-signature-webhook.kube-system,image-signature-webhook.default,image-signature-webhook.default.svc -profile=default image-signature-webhook-csr.json | cfssljson -bare image-signature-webhook
kubectl create secret tls tls-image-signature-webhook --cert=image-signature-webhook.pem --key=image-signature-webhook-key.pem'''
)
s.send('chmod +x gen_certs.sh')
s.send('./gen_certs.sh')
s.send('cd ..')
s.send('kubectl apply -f kubernetes/grafeas.yaml')
# TODO: linux too, as per: https://github.com/kelseyhightower/grafeas-tutorial.git README
OS = 'Darwin'
if OS == 'Darwin':
s.send('brew install gpg2')
rndnum = str(int(random.random() * 999999))
s.send("gpg --batch --passphrase '' --quick-generate-key --yes grafeas-" +
rndnum + "*****@*****.**")
s.send(r'''gpg --list-keys --keyid-format short''')
keyid = s.send_and_get_output(
r'''gpg --list-keys --keyid-format short 2>/dev/null | grep ^pub | sed 's/.*rsa2048.\([^ ]*\).*/\1/' '''
)
s.send('GPG_KEY_ID=' + keyid)
s.send('gpg --armor --export grafeas-' + rndnum +
'*****@*****.** > ${GPG_KEY_ID}.pub')
# In this tutorial the gcr.io/hightowerlabs/echod container image will be used for testing. Instead of trusting an image tag such 0.0.1, which can be reused and point to a different container image later, we are going to trust the image digest.
s.send('cat image-digest.txt')
s.send(
'gpg -u grafeas-' + rndnum +
'[email protected] --armor --clearsign --output=signature.gpg image-digest.txt',
note='sign the image')
s.send('gpg --output - --verify signature.gpg',
note='verify the signature')
s.send('gpg --armor --export grafeas-' + rndnum +
'*****@*****.** > ${GPG_KEY_ID}.pub',
note='export the signer public key')
s.pause_point('ready?')
d = s.send_and_get_output('pwd')
# https://github.com/kelseyhightower/grafeas-tutorial#create-a-pgpsignedattestation-occurrence
# new terminal - is this necessary?
s2 = shutit.create_session(session_type='bash', loglevel='debug')
s2.send('cd ' + d)
s2.send(
'''kubectl port-forward $(kubectl get pods -l app=grafeas -o jsonpath='{.items[0].metadata.name}') 8080:8080''',
expect='Forwarding from')
s.send(
'''curl -X POST "http://127.0.0.1:8080/v1alpha1/projects/image-signing/notes?noteId=production" -d @note.json''',
note='Create the production attestationAuthority note')
s.send('GPG_SIGNATURE=$(cat signature.gpg | base64)',
note='create the occurrence')
s.send(
'RESOURCE_URL="https://gcr.io/hightowerlabs/echod@sha256:aba48d60ba4410ec921f9d2e8169236c57660d121f9430dc9758d754eec8f887"',
note='create the occurrence')
s.send('''cat > occurrence.json <<EOF
{
"resourceUrl": "${RESOURCE_URL}",
"noteName": "projects/image-signing/notes/production",
"attestation": {
"pgpSignedAttestation": {
"signature": "${GPG_SIGNATURE}",
"contentType": "application/vnd.gcr.image.url.v1",
"pgpKeyId": "${GPG_KEY_ID}"
}
}
}
EOF''',
note='create the occurrence')
s.send(
'''curl -X POST 'http://127.0.0.1:8080/v1alpha1/projects/image-signing/occurrences' -d @occurrence.json''',
note='Post the pgpSignedAttestation occurrence')
s.send(
'kubectl create configmap image-signature-webhook --from-file ${GPG_KEY_ID}.pub'
)
s.send('kubectl get configmap image-signature-webhook -o yaml')
s.send(
'kubectl create secret tls tls-image-signature-webhook --key pki/image-signature-webhook-key.pem --cert pki/image-signature-webhook.pem'
)
s.pause_point('secret created ok?')
s.send('kubectl apply -f kubernetes/image-signature-webhook.yaml')
s.send('kubectl apply -f kubernetes/validating-webhook-configuration.yaml')
s.pause_point('kubectl get all until ready')
s.send('kubectl apply -f pods/nginx.yaml',
note='No attestation - should fail')
s.send('kubectl apply -f pods/echod.yaml',
note='Attestation exists - should succeed')
s.pause_point('')
bugnum = raw_input('bug number : ')
print bugnum
host = raw_input('host to collect : ')
print host
root_pwd = getpass.getpass('host root password: '******'bugdb user: '******'bugdb password: '******'bash', loglevel='DEBUG')
cluster_node = shutit.create_session('bash')
# host = cluster_node.get_input('please input host: ', ispass=False)
# root_pwd = cluster_node.get_input('please input root password for cluster node', ispass=True)
# bugdbuser = cluster_node.get_input('please input bugdb user ', ispass=False)
# bugdbpwd = cluster_node.get_input('please input bugdb user password ', ispass=True)
cluster_node.login('ssh root@{host}.us.oracle.com'.format(host=host),
user='******',
password=root_pwd)
# cluster_node.login('ssh root@rwsae05', user='******', password=root_pwd)
oraclehome = cluster_node.send_and_get_output(getgihome_cmd, echo=True)
print(oraclehome)
oraclebase = cluster_node.send_and_get_output(getoraclebase_cmd, echo=True)
print(oraclebase)
# ShutIt is an shell automation framework designed to be easy to use.
import shutit
session = shutit.create_session("bash")
session.send("echo Hello World", echo=True)
import shutit
s = shutit.create_session('bash', loglevel='info', echo=True)
s.login('docker run -p 19191:8080 -p 19292:8000 -ti ubuntu:16.04 bash')
# Java 8 required? See: https://stackoverflow.com/questions/32127424/java-nio-file-nosuchfileexception-and-java-io-eofexception-when-tring-to-build-j
s.install('locales')
s.install('openjdk-8-jdk')
s.install('maven')
s.install('vim')
s.send('mkdir -p /root/.m2')
s.send('export JAVA_HOME=/usr')
# Set the locale to avoid encoding errors
s.send(
'''sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen''')
s.send('locale-gen')
s.send('export LANG=en_US.UTF-8')
s.send('export LANGUAGE=en_US:en')
s.send('export LC_ALL=en_US.UTF-8')
s.send_file(
'/root/.m2/settings.xml', '''<settings>
<pluginGroups>
<pluginGroup>org.jenkins-ci.tools</pluginGroup>
</pluginGroups>
<profiles>
<!-- Give access to Jenkins plugins -->
<profile>
<id>jenkins</id>
<activation>
<activeByDefault>true</activeByDefault>
<!-- change this to false, if you don't like to have it on per default -->
</activation>
# ShutIt is an shell automation framework designed to be easy to use.
import shutit
session = shutit.create_session('bash')
session.send('echo Hello World', echo=True)
import shutit
import time
long_command = """sleep 60"""
session1 = shutit.create_session('bash')
session2 = shutit.create_session('bash')
password1 = session1.get_input('Password for server1', ispass=True)
password2 = session2.get_input('Password for server2', ispass=True)
session1.login('ssh [email protected]', user='******', password=password1)
session2.login('ssh [email protected]', user='******', password=password2)
start = time.time()
session1.send(long_command, background=True)
session2.send(long_command, background=True)
print('That took: ' + str(time.time() - start) + ' seconds to fire')
session1.wait()
session2.wait()
print('That took: ' + str(time.time() - start) + ' seconds to complete')
import shutit
vault_version = '0.10.4'
unseal_key = None
root_token = None
token_output = None
s = shutit.create_session(session_type='vagrant', loglevel='debug', echo=True, vagrant_session_name='hashivault', vagrant_memory='2048')
s.login('vagrant ssh')
s.login('sudo su -')
s.install('wget')
s.install('unzip')
s.install('jq')
s.send('wget -qO- https://releases.hashicorp.com/vault/' + vault_version + '/vault_' + vault_version + '_linux_amd64.zip > vault.zip')
s.send('unzip vault.zip')
s.send('chmod +x vault')
s.send('mv vault /usr/local/bin')
s.send('vault -autocomplete-install')
s.send('vault server -dev > /tmp/vault_out 2>&1 &')
s.send(s.send_and_get_output('grep "export VAULT_ADDR" /tmp/vault_out'))
# Get the Vault unseal key and root token
unseal_key = s.send_and_get_output(r'''grep "Unseal Key:" /tmp/vault_out | sed 's/.*: \(.*\)/\1/' ''')
root_token = s.send_and_get_output(r'''grep "Root Token:" /tmp/vault_out | sed 's/.*: \(.*\)/\1/' ''')
s.send('vault auth ' + root_token)
# tokens always have a parent, and when that parent token is revoked, children can also be revoked all in one operation.
token_output = s.send_and_get_output('vault token-create | grep "^token "')
#!/usr/bin/env python3 # Author: ChengYi # Mail: [email protected] # created time: Fri 30 Jun 2017 09:50:29 AM CST import shutit capacity_command = """df / | awk '{print $5}' | tail -1 | sed s/[^0-9]//""" session1 = shutit.create_session('bash') session2 = shutit.create_session('bash') password1 = session1.get_input('Password for server1', ispass=True) password2 = session2.get_input('Password for server2', ispass=True) session1.login('ssh [email protected]', user='******', password=password1) session2.login('ssh [email protected]', user='******', password=password2) capacity = session1.send_and_get_output(capacity_command) if int(capacity) < 10: print('RUNNING OUT OF SPACE ON server1!') capacity = session2.send_and_get_output(capacity_command) if int(capacity) < 10: print('RUNNING OUT OF SPACE ON server2!') session1.logout() session2.logout()
import shutit
# Assumes vagrant is installed
# 'pip install shutit' to install python shutit package
root = shutit.create_session('bash', loglevel='info', echo=True)
nomadserver = shutit.create_session('bash', loglevel='info')
pw = root.get_input('Password?', ispass=True)
root.send('vagrant destroy -f')
root.multisend('vagrant up', {'assword': pw})
nomadserver.login('vagrant ssh nomadserver')
if root.send_and_get_output('vagrant plugin list | grep landrush') == '':
root.multisend('vagrant plugin install landrush', {'assword': pw})
nomadserver_ip = root.send_and_get_output(
"""vagrant landrush ls 2> /dev/null | grep -w ^nomadserver.vagrant.test | awk '{print $2}'"""
).strip()
nomadserver.send(
'curl https://raw.githubusercontent.com/hashicorp/nomad/master/demo/vagrant/server.hcl > server.hcl'
)
nomadserver.send('sudo nomad agent -config server.hcl > server.log 2>&1 &')
nomadserver.send('nomad server-members -address http://' + nomadserver_ip +
':4646 -config server.hcl',
background=True)
nomadserver.send(
'curl https://raw.githubusercontent.com/hashicorp/nomad/master/demo/vagrant/client1.hcl > client1.hcl'
#!/usr/bin/env python3 # Author: ChengYi # Mail: [email protected] # created time: Fri 30 Jun 2017 09:54:20 AM CST # 当脚本运行到暂停点时,同时按下“Ctrl”和“]”,则可以让脚本继续执行。 import shutit session = shutit.create_session('bash') session.pause_point('Have a look around!') session.send('echo "Did you enjoy your pause point?"', echo=True)
import shutit
# This creates a box that speeds up builds for https://github.com/ianmiell/shutit-openshift-cluster
s = shutit.create_session('bash', loglevel='debug', echo=True)
s.send(
'rm -rf tmpvagrantboxcreate && mkdir tmpvagrantboxcreate && cd tmpvagrantboxcreate'
)
s.send('vagrant init centos/7')
s.send('vagrant box update')
s.send('vagrant up')
# Log onto machine and prepare it.
s.login('vagrant ssh')
s.login('sudo su -')
s.multisend(
'yum install -y wget vim-enhanced docker git sysstat dnsmasq python epel-release git libselinux-python net-tools bind-utils bash-completion dkms kernel-devel',
{'s this ok': 'y'})
s.multisend('yum groupinstall "Development Tools"', {'s this ok': 'y'})
s.send(r'''sed -i 's/^\(127.0.0.1[ \t]*[^ \t]*\).*/\1/' /etc/hosts''',
note='Make sure chef sees a fqdn.')
s.send('echo root:origin | /usr/sbin/chpasswd', note='set root password')
s.send(
'wget -qO- https://raw.githubusercontent.com/ianmiell/vagrant-swapfile/master/vagrant-swapfile.sh | sh'
)
# Downloads
s.send(
'wget -nc -q https://packages.chef.io/files/stable/chef/13.5.3/el/7/chef-13.5.3-1.el7.x86_64.rpm'
)
s.send(
