Merge branch 'main' of https://github.com/Ranjandas/shikari-scenarios

Ranjandas · Jun 27, 2024 · cfd9b1a · cfd9b1a
2 parents 037053c + 3d2585b
commit cfd9b1a
Show file tree

Hide file tree

Showing 4 changed files with 80 additions and 2 deletions.
diff --git a/packer/hashibox.pkr.hcl b/packer/hashibox.pkr.hcl
@@ -138,6 +138,11 @@ build {
       "sudo mkdir /etc/consul.d/certs && cd /etc/consul.d/certs ; sudo consul tls ca create",
       "sudo mkdir /etc/nomad.d/certs && cd /etc/nomad.d/certs ; sudo nomad tls ca create",
 
+      # Install exec2 driver and copy under /opt/nomad/data/plugins dir
+      "sudo dnf install -y nomad-driver-exec2 --enablerepo hashicorp-test",
+      "sudo mkdir /opt/nomad/data/plugins && sudo chown nomad:nomad /opt/nomad/data/plugins",
+      "sudo cp /usr/bin/nomad-driver-exec2 /opt/nomad/data/plugins/",
+
       # Set permissions for the certs directory
       "sudo chown consul:consul /etc/consul.d/certs",
       "sudo chown nomad:nomad /etc/nomad.d/certs",

diff --git a/scenarios/nomad-consul-quickstart/README.md b/scenarios/nomad-consul-quickstart/README.md
@@ -1,6 +1,6 @@
 # Scenario: Nomad Consul Quickstart
 
-This scenario deploys both Nomad and Consul with out any of the security configurations in place. This scenario is useful when you have to play around the features of Nomad (with or without Consul) and not worry about the security aspects.
+This scenario deploys both Nomad and Consul with out any of the security configurations in place. This scenario is useful when you have to play around the features of Nomad (with or without Consul) and not worry about the security aspects. 
 
 ## Prerequsites
 
@@ -10,6 +10,7 @@ This scenario has the following pre-requsites:
 * Requires a base VM image built using packer (`../../packer/hashibox.pkr.hcl`)
 * Uses `qemu` driver (you can use `vz` by modifying `vmType` in the template)
 * If running enterprise binaries, the Consul and Nomad licenses should be passed as environment variable (shown in the example below)
+* Packer is baked with `exec2` driver, and Nomad only utilizes this driver when version 1.8.x or higher is deployed.
 
 ### Usage
 
@@ -68,4 +69,4 @@ ID        Node Pool  DC      Name                Class   Drain  Eligibility  Sta
 
 ```
 $ shikari destroy -f -n murphy
-```
+```
diff --git a/scenarios/nomad-consul-quickstart/hashibox.yaml b/scenarios/nomad-consul-quickstart/hashibox.yaml
@@ -115,6 +115,42 @@ provision:
         }
       EOF
       fi
+
+  - mode: system # configure Nomad exec2 driver
+    script: |
+      #!/bin/bash
+
+      # Get Nomad version
+      nomad_version=$(nomad --version | sed -n 's/^Nomad v\([0-9]\+\.[0-9]\+\).*/\1/p')
+      nomad_required_version="1.8"
+
+      if awk 'BEGIN { exit !('"${nomad_version}"' >= '"${nomad_required_version}"') }' && [[ $MODE == "client" ]]; then
+      # Check if Nomad version is 1.8 or higher
+      cat <<-EOF > /etc/nomad.d/exec2.hcl
+      plugin "nomad-driver-exec2" {
+        config {
+          unveil_defaults = true
+          unveil_paths    = []
+          unveil_by_task  = true
+        }
+      }
+      EOF
+
+        package_name="nomad-driver-exec2"
+        existing_package_location="/usr/bin"
+        nomad_pluginsdir=/opt/nomad/data/plugins
+
+        # Check if the directory exists
+        if [ ! -d "$nomad_pluginsdir" ]; then
+          mkdir -p "$nomad_pluginsdir"
+        fi
+
+        # Check if the plugin exists.
+        if rpm -q "$package_name" >/dev/null 2>&1; then
+          cp "$existing_package_location/$package_name" "$nomad_pluginsdir"
+        fi
+      fi
+
   - mode:
     script: |
       systemctl enable --now docker

diff --git a/scenarios/nomad-consul-secure/hashibox.yaml b/scenarios/nomad-consul-secure/hashibox.yaml
@@ -197,6 +197,42 @@ provision:
         }
       EOF
       fi
+
+  - mode: system # configure Nomad exec2 driver
+    script: |
+      #!/bin/bash
+
+      # Get Nomad version
+      nomad_version=$(nomad --version | sed -n 's/^Nomad v\([0-9]\+\.[0-9]\+\).*/\1/p')
+      nomad_required_version="1.8"
+
+      if awk 'BEGIN { exit !('"${nomad_version}"' >= '"${nomad_required_version}"') }' && [[ $MODE == "client" ]]; then
+      # Check if Nomad version is 1.8 or higher
+      cat <<-EOF > /etc/nomad.d/exec2.hcl
+      plugin "nomad-driver-exec2" {
+        config {
+          unveil_defaults = true
+          unveil_paths    = []
+          unveil_by_task  = true
+        }
+      }
+      EOF
+
+        package_name="nomad-driver-exec2"
+        existing_package_location="/usr/bin"
+        nomad_pluginsdir=/opt/nomad/data/plugins
+
+        # Check if the directory exists
+        if [ ! -d "$nomad_pluginsdir" ]; then
+          mkdir -p "$nomad_pluginsdir"
+        fi
+
+        # Check if the plugin exists.
+        if rpm -q "$package_name" >/dev/null 2>&1; then
+          cp "$existing_package_location/$package_name" "$nomad_pluginsdir"
+        fi
+      fi
+
   - mode: system
     script: |
       systemctl enable --now docker