WIP suzieq lesson and image

CHANGELOG.md

@@ -5,6 +5,7 @@
 - Git lesson stage 5 [#324](https://github.com/nre-learning/nrelabs-curriculum/pull/324)
 - Adding image build to preview pipeline [#352](https://github.com/nre-learning/nrelabs-curriculum/pull/352)
 - More image build changes (moving to GH actions) [#354](https://github.com/nre-learning/nrelabs-curriculum/pull/354)
+- SuzieQ Image and Lesson [#357](https://github.com/nre-learning/nrelabs-curriculum/pull/357)
 
 ## v1.3.0 - December 13, 2020
 

images/suzieq/Dockerfile

@@ -0,0 +1,48 @@
+
+# Based on python/debian(buster)
+FROM netenglabs/suzieq:0.9
+
+RUN apt-get update && apt-get install -y openssh-server python3 python3-pip dnsutils iputils-ping git vim curl util-linux sshpass nano jq libxml2-utils
+RUN mkdir /var/run/sshd
+
+# Antidote user
+RUN mkdir -p /home/antidote
+RUN useradd antidote -p antidotepassword
+RUN chown antidote:antidote /home/antidote
+RUN chsh antidote --shell=/bin/bash
+RUN echo 'antidote:antidotepassword' | chpasswd
+RUN echo 'root:$(uuidgen)' | chpasswd
+
+# Adjust MOTD
+RUN rm -f /etc/update-motd.d/*
+RUN rm -f /etc/legal
+ADD motd.sh /etc/update-motd.d/00-antidote-motd
+
+# Disable root Login
+RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin no/' /etc/ssh/sshd_config
+RUN sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
+
+# SSH login fix. Otherwise user is kicked off after login
+RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
+
+# Disable su for everyone not in the wheel group (no one is in the wheel group)
+RUN echo "auth required pam_wheel.so use_uid" >> /etc/pam.d/su
+
+# https://stackoverflow.com/questions/36292317/why-set-visible-now-in-etc-profile
+ENV NOTVISIBLE "in users profile"
+RUN echo "export VISIBLE=now" >> /etc/profile
+
+# ADD requirements.txt /requirements.txt
+# RUN pip3 install -r /requirements.txt
+
+# The snapshots directory is apparently not being set up during installation so we'll do it here
+RUN mkdir -p /home/antidote/jsnapy/snapshots && chown -R antidote:antidote /home/antidote/jsnapy
+
+# RUN curl -L -o yq https://github.com/mikefarah/yq/releases/download/3.3.2/yq_linux_amd64 && chmod +x yq && mv yq /usr/local/bin
+# RUN wget https://github.com/sharkdp/bat/releases/download/v0.17.1/bat_0.17.1_amd64.deb && dpkg -i bat_0.17.1_amd64.deb
+
+COPY bash_profile /home/antidote/.bash_profile
+RUN chown antidote:antidote /home/antidote/.bash_profile
+
+EXPOSE 22
+CMD ["/usr/sbin/sshd", "-D"]

images/suzieq/Makefile

@@ -0,0 +1,13 @@
+# SHELL=/bin/bash
+
+TARGET_VERSION ?= latest
+
+all: docker
+
+docker:
+	docker build --pull --no-cache -t antidotelabs/suzieq:$(TARGET_VERSION) .
+	docker push antidotelabs/suzieq:$(TARGET_VERSION)
+
+dockerfast:
+	docker build --pull -t antidotelabs/suzieq:$(TARGET_VERSION) .
+	docker push antidotelabs/suzieq:$(TARGET_VERSION)

images/suzieq/bash_profile

@@ -0,0 +1 @@
+alias python="/usr/bin/python3"

images/suzieq/image.meta.yaml

@@ -0,0 +1,12 @@
+slug: utility
+description: Utility image
+flavor: untrusted
+sshUser: antidote
+sshPassword: antidotepassword
+configUser: antidote
+configPassword: antidotepassword
+networkInterfaces:
+  - 'eth0'
+  - 'eth1'
+  - 'eth2'
+  - 'eth3'

images/suzieq/motd.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+printf "Welcome to \u001b[1;38;5;36mNRE Labs\033[1m%s\033[0m! \n"
+printf " * Docs - https://docs.nrelabs.io/\n"

images/suzieq/requirements.txt

@@ -0,0 +1,13 @@
+# https://github.com/Azure/azure-cli/issues/16858
+cryptography==3.3.2
+
+napalm
+netmiko
+jsnapy
+robotframework
+jinja2
+paho-mqtt
+grpcio
+grpcio-tools
+flask
+pygments

lessons/suzieq-network-observability/lesson.meta.yaml

@@ -0,0 +1,31 @@
+name: Network Observability with SuzieQ
+slug: suzieq-network-observability
+category: tools
+diagram: ""
+video: ""
+tier: prod
+description: TBD
+shortDescription: suzieq
+stages:
+- description: Introduction
+  guideType: markdown
+  stageVideo: ""
+endpoints:
+- name: suzieq
+  image: suzieq
+  presentations:
+  - name: cli
+    port: 22
+    type: ssh
+- name: cvx1
+  image: cvx
+  configurationType: python
+  presentations:
+  - name: cli
+    port: 22
+    type: ssh
+authors:
+- name: Dinesh Dutt
+  link: TBD
+- name: Justin Pietsch
+  link: TBD

lessons/suzieq-network-observability/stage0/configs/cvx1.py

@@ -0,0 +1,33 @@
+import paramiko
+import os
+from scp import SCPClient
+
+host=os.environ['ANTIDOTE_TARGET_HOST']
+
+def createSSHClient(server, port, user, password):
+    client = paramiko.SSHClient()
+    client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+    client.connect(server, port, user, password)
+    return client
+
+ssh=createSSHClient(host,22,"antidote","antidotepassword")
+
+scp=SCPClient(ssh.get_transport())
+
+this_dir = os.path.dirname(os.path.realpath(__file__))
+
+scp.put('%s/cvx1/interfaces' % this_dir, '/home/antidote/interfaces')
+scp.put('%s/cvx1/daemons' % this_dir, '/home/antidote/daemons')
+scp.put('%s/cvx1/frr.conf' % this_dir, '/home/antidote/frr.conf')
+
+ssh.exec_command('sudo cp /home/antidote/interfaces /etc/network/interfaces')
+ssh.exec_command('sudo cp /home/antidote/daemons /etc/frr/daemons')
+ssh.exec_command('sudo cp /home/antidote/frr.conf /etc/frr/frr.conf')
+ssh.exec_command('sudo systemctl restart frr.service')
+ssh.exec_command('sudo ifreload -a')
+
+scp.close()
+ssh.close()
+
+
+

lessons/suzieq-network-observability/stage0/configs/cvx1/daemons

@@ -0,0 +1,3 @@
+zebra=yes
+bgpd=yes
+

lessons/suzieq-network-observability/stage0/configs/cvx1/frr.conf

@@ -0,0 +1,7 @@
+router bgp 65002
+    bgp router-id 10.1.1.2
+    neighbor 10.10.10.1 remote-as 65001
+    address-family ipv4 unicast
+        neighbor 10.10.10.1 activate
+        redistribute connected
+

lessons/suzieq-network-observability/stage0/configs/cvx1/interfaces

@@ -0,0 +1,23 @@
+auto lo
+iface lo inet loopback
+    address 10.1.1.2/32
+
+auto eth0
+iface eth0 inet dhcp
+    vrf mgmt
+
+auto mgmt
+iface mgmt
+    address 127.0.0.1/8
+    vrf-table auto
+
+auto swp1 
+allow-uplink swp1
+iface swp1 inet static
+    address 10.10.10.2/30
+
+auto swp2
+allow-uplink swp2
+iface swp2 inet static
+    address 10.10.100.1/30
+

lessons/suzieq-network-observability/stage0/guide.md

@@ -0,0 +1,2 @@
+
+Please enter your lesson guide contents here.