Conjur appliance packaging based on UML.
CI pipeline: https://jenkins.conjur.net/job/appliance-uml/
You can configure port redirects in
/opt/conjur/config; by default it's:
SSH_PORT=127.0.0.1:48022 HTTPS_PORT=48443 LDAPS_PORT=48636 POSTGRES_PORT=5432 PG_ARCHIVE_PORT=5433
Note you can also specify interfaces to bind to, by giving the address here. If you don't it binds to wildcard 0.0.0.0.
Creating the artifacts
Building each piece is containerized, have a current Docker installed.
# Create 'conjur-uml.x64.tar', compiles old Linux kernel for various reasons $ ./mktar.sh # Create 'conjur-uml-<version>.x86_64.rpm'. The tar ^ must be created first. # <version> is git-calculated. $ ./mkrpm.sh # Create the sqsh-format image, given <src-image>. # <src-image> will be pulled if not already on your system. $ ./mkimage.sh <src-image> (ex: `registry.tld/conjur-appliance:4.9-stable`)
We only have a barebones smoke test implemented so far.
$ ./smoketest.sh ...smoke test console output
- Launches a RHEL 6.2 EC2 instance; see kitchen.yml.
- Uploads the built rpm and sqsh artifacts from the working directory to the instance
- Installs the rpm, symlinks the sqsh image to the appropriate place; see smokeec2.sh.
- Starts the Conjur process and configures Conjur.
- Runs a few Conjur CLI commands to make sure all is well.
The smoke tests use test-kitchen (with summon for AWS creds). Unfortunately, the smoke tests don't use the test-kitchen busser framework to actually run the tests (see smokeec2.sh), so our reporting is limited. Pass/fail right now.
Kernel built is vanilla kernel with
Version is set in kernel/Makefile.
Configuration is stored in kernel/kernel.config and can be adjusted with
make -C kernel menuconfig.
Slirp code included is based on slirp-1.0.17, which is ancient and messy; possibly also insecure, unstable and slow.
Slirp ceased to be developed as a standalone project over ten years ago, but it has found a new life in qemu and docker-win32. It would be nice to port changes from there.
Note that the host's
/dev/shmis used for memory.
There is a Vagrant environment available for debugging, but this is not maintained.
$ mkimage.sh conjur-appliance_220.127.116.11 $ vagrant up $ vagrant ssh [vagrant@localhost ~]$ sudo rpm -i /vagrant/conjur-uml-0.3.1-1.x86_64.rpm [vagrant@localhost ~]$ sudo -iuconjur [conjur@localhost ~]$ cp /vagrant/conjur-appliance_18.104.22.168.sqsh shared [conjur@localhost ~]$ cd shared [conjur@localhost shared]$ ln -s conjur-appliance_22.214.171.124.sqsh image.sqsh [conjur@localhost shared]$ cd .. [conjur@localhost ~]$ ( sleep 5 ; bin/launch ) & [conjur@localhost ~] exit # wait until you see the following output indicating the conjur appliance is ready to be configured: # [2017-02-08 16:56:54] INFO WEBrick::HTTPServer#start: pid=xxx port=xxxxconjur$ ssh conjur [vagrant@localhost ~]$ sudo -iuconjur [conjur@localhost ~]$ ssh conjur root@conjur# evoke configure master -h <hostname> -p <password> <orgaccount> # wait until you see output similar to the following indicating conjur configuration is complete (about 5.5 mins): # Waiting for Conjur to be ready # done exit exit # install CLI client sudo rpm -i /vagrant/conjur-5.4.0-1.el6.x86_64.rpm # initialize client on this machine conjur init -h localhost:48443 conjur bootstrap