Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
# sshproxy
## Description
SSHProxy Charm example for Open Source MANO.
The purpose of this charm is to operate a VNF via SSH. For this, the charm should know the hostname of the VNF (ip address), and the username. The charm will be in a blocked state until it has the hostname, username, and the credentials for SSH-ing to the VNF. Both hostname and username are set via config, with `ssh-hostname` and `ssh-username` respectively.
There are two ways of specifying the credentials: password, keys. (See next section)
## Usage
This charm works for both LXD and K8s. By default, it will work on LXD. To make it work in K8s, just change the following in the `metadata.yaml`
```yaml
series:
# - focal
# - bionic
# - xenial
- kubernetes
deployment:
mode: operator
```
### Prepare the environment:
- LXD:
```bash
sudo snap install juju --classic
juju bootstrap lxd
juju add-model test
```
- K8s:
```bash
sudo snap install juju --classic
sudo snap install microk8s --classic
sudo microk8s.status --wait-ready
sudo microk8s.enable storage dns
juju bootstrap microk8s
juju add-model test
```
### Deploying charm:
```bash
charmcraft build
juju deploy ./sshproxy.charm
```
### Configuring the charm:
First of all, set the username and hostname of the VNF:
```bash
juju config sshproxy ssh-hostname=<hostname> \
ssh-username=<username>
```
#### Mirrors
To workaround this [bug](https://bugs.launchpad.net/juju/+bug/1929399), use the following configurations of the charm to specify the urls of apt and security mirrors.
```bash
juju config sshproxy apt-mirror=<apt-mirror> \
security-apt-mirror=<security-apt-mirror>
```
### Credentials
There are two ways to set up the credentials for the charm to be able to SSH the VNF.
With password:
```bash
juju config sshproxy ssh-password=<password>
```
With public keys:
1. First get the public key from the charm
```bash
$ juju run-action sshproxy/0 get-ssh-public-key --wait
unit-sshproxy-0:
UnitId: sshproxy/0
id: "12"
results:
pubkey: |
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0IgSXMsu/5tY9QjsQfiAqcs6MBMO/7BDJB1ohbJFfvFrPiGg3+5FohKOsgu3SPiZbBhTITmI1YdaiZK7Dye2tHUfQKXhPFVFFVRtyWG6U/QJqEn+6OvAhjladcBlah4cb//r8V2Lvk/PshBJPzgvYSNJOhMhpfAMc7SMMpS8VxGBDIuTE0JFlHcRALJy3YBg70DPea2xrLsxqfA2pTA33KcjK2GyLgfOcZavmkqudEA/WaFb0xCY16TB/hDQBSwZm3l2kJ2aHyAWyWMmLNGL0TT14HUQKR1a8NS/kAnKY/yQf04dKoicmCvl4B3ndIYFT5Pq9b07mVfZvEH5Blle/x48iUF6JHWH2383SXwZfGy3XcX+lRx3u+IIkzS/Pmgt175JVdpu8bktk1c3Ekc0aL9v1gJ8rmZo+C6cilBoaziPfbqIatGPeGxnTDdw0JSfpxUGIQF4H98VOdWf3cHGC1hJZubZt0MGYeK4bk7GfsVPMlGaBWDyTaBQ5d9dHGxJpJX5OMBCDD4MfBYvg9IlgsVr1vDbpB4OFoAmQqFgnUWxRg2w0Iv3HBeMCvvOMM7DBOjwgjgbwa693Oyt/Rxd3GOwvy6vRQkFTgVS6f69SyIMCj9aIl1zxkIcOsfM5aU6vgio1BVWt9Xrj1TA3dTYJ7fkC5LJetqJ1knO67u67ww== root@juju-73fac6-2
status: completed
timing:
completed: 2020-11-18 15:42:03 +0000 UTC
enqueued: 2020-11-18 15:42:00 +0000 UTC
started: 2020-11-18 15:42:03 +0000 UTC
```
2. Inject that key in `~/.ssh/authorized_keys` at the VNF
3. Verify the ssh credentials
```bash
$ juju run-action sshproxy/0 verify-ssh-credentials --wait
unit-sshproxy-0:
UnitId: sshproxy/0
id: "14"
results:
verified: "True"
status: completed
timing:
completed: 2020-11-18 15:39:30 +0000 UTC
enqueued: 2020-11-18 15:39:29 +0000 UTC
started: 2020-11-18 15:39:29 +0000 UTC
```
## Developing
Create and activate a virtualenv with the development requirements:
virtualenv -p python3 venv
source venv/bin/activate
pip install -r requirements-dev.txt
## Testing
The Python operator framework includes a very nice harness for testing
operator behaviour without full deployment. Just `run_tests`:
./run_tests