-
Notifications
You must be signed in to change notification settings - Fork 393
/
Vagrantfile
119 lines (95 loc) · 3.91 KB
/
Vagrantfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
# config.vm.box = "ubuntu/focal64" # Ubuntu 20.04 Focal Fossa (non CO-RE)
# config.vm.box = "ubuntu/hirsute64" # Ubuntu 21.04 Hirsute Hippo (CO-RE)
# config.vm.box = "ubuntu/impish64" # Ubuntu 21.10 Impish Indri (CO-RE)
config.vm.box = "ubuntu/jammy64" # Ubuntu 22.04 Jammy Jellyfish (CO-RE)
config.ssh.extra_args = ["-t", "cd /vagrant; bash --login"]
# Forward MkDocs dev server to preview documentation on the host at http://localhost:8000/tracee
config.vm.network :forwarded_port, guest: 8000, host: 8000
# Forward MicroK8s dashboard to access it on the host at https://localhost:10443
#
# To access the Kubernetes dashboard from the host run the following command:
# kubectl port-forward --address 0.0.0.0 -n kube-system service/kubernetes-dashboard 10443:443
#
# To sign in use the token retrieved with
# token=$(microk8s kubectl -n kube-system get secret | grep default-token | cut -d " " -f1)
# kubectl -n kube-system describe secret $token
#
# TIP For Google Chrome you may allow insecure TLS connections at chrome://flags/#allow-insecure-localhost
config.vm.network :forwarded_port, guest: 10443, host: 10443
config.vm.provider "virtualbox" do |vb|
vb.gui = false
vb.cpus = 4
vb.memory = "2048"
end
config.vm.provision "shell", privileged: true, inline: <<-SHELL
VAGRANT_HOME="/home/vagrant"
GO_VERSION="1.19.5"
OPA_VERSION="v0.48.0"
# silence 'dpkg-preconfigure: unable to re-open stdin: No such file or directory'
export DEBIAN_FRONTEND=noninteractive
apt-get update
#
# build environment for tracee
#
apt-get install --yes bsdutils
apt-get install --yes build-essential
apt-get install --yes pkgconf
apt-get install --yes llvm-12 clang-12
apt-get install --yes clang-format-12
for tool in "clang" "llc" "llvm-strip"
do
path=$(which $tool-12)
ln -s "$path" "${path%-*}"
done
apt-get install --yes zlib1g-dev libelf-dev
apt-get install --yes protobuf-compiler
apt-get install --yes linux-tools-"$(uname -r)"
# golang
wget --quiet https://golang.org/dl/go$GO_VERSION.linux-amd64.tar.gz
tar -C /usr/local -xzf go$GO_VERSION.linux-amd64.tar.gz
GOBIN_PATH=/usr/local/go/bin
echo "export PATH=$PATH:$GOBIN_PATH" >> $VAGRANT_HOME/.profile
# integration tests run as root, so go needs to be in root's path as well
echo "export PATH=$PATH:$GOBIN_PATH" >> $HOME/.bashrc
# sudo needs to be able to find go as well
echo "Defaults secure_path=\"$PATH:$GOBIN_PATH\"" >> /etc/sudoers.d/vagrant
#
# microk8s
#
snap install microk8s --classic
microk8s status --wait-ready
usermod -a -G microk8s vagrant
microk8s enable hostpath-storage dns dashboard
mkdir -p $VAGRANT_HOME/.kube/
microk8s kubectl config view --raw > $VAGRANT_HOME/.kube/config
chmod 600 $VAGRANT_HOME/.kube/config
chown vagrant:vagrant $VAGRANT_HOME/.kube/config
#
# kubectl
#
apt-get install --yes apt-transport-https ca-certificates curl
curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor -o /etc/apt/keyrings/kubernetes-archive-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list
apt-get update
apt-get install --yes kubectl
echo 'source <(kubectl completion bash)' >> $VAGRANT_HOME/.profile
#
# helm
#
snap install helm --classic
echo 'source <(helm completion bash)' >> $VAGRANT_HOME/.profile
#
# docker
#
apt-get install --yes docker.io
usermod -aG docker vagrant
#
# opa
#
curl -L -o /usr/bin/opa https://github.com/open-policy-agent/opa/releases/download/$OPA_VERSION/opa_linux_amd64
chmod 755 /usr/bin/opa
SHELL
end