A CloudLab profile for deploying OpenStack with Kubernetes (via Magnum) and a sample voting application using Garden.
This repository contains the complete homework submission for Cloud Computing Security - Homework 6.
| Part | Document | Description |
|---|---|---|
| Part 1 | PART1_Application_Overview_and_Deployment.md | Application use-case, deployment setup, architecture diagrams |
| Part 2 | PART2_Security_Configuration_and_Best_Practices.md | Security measures, configuration snippets, misconfiguration avoidance |
| Part 3 | PART3_Security_Analysis.md | Security tools, vulnerability findings, penetration testing results |
All security assessment tools and scripts are in the security-scripts/ directory:
- README.md - Complete documentation
- QUICK_START.md - Quick start guide
- Automated scripts for running comprehensive security assessments
ccs_openstack_hw_6/
βββ osp.py # CloudLab profile (geni-lib script)
βββ scripts/ # Setup scripts
β βββ 01-install-openstack.sh
β βββ 02-configure-magnum.sh
βββ cloudlab-deploy/ # Garden deployment for voting app
β βββ garden.yml
β βββ *.garden.yml (modules)
β βββ *.md (documentation)
βββ garden/
β βββ examples/
β βββ vote-helm/ # Voting app source code
βββ security-scripts/ # Security assessment tools
β βββ 00-install-tools.sh
β βββ 01-network-scanning.sh
β βββ 03-kubernetes-security.sh
β βββ 04-container-security.sh
β βββ 05-web-application-security.sh
β βββ run-all-scans.sh
β βββ README.md
β βββ QUICK_START.md
βββ PART1_Application_Overview_and_Deployment.md
βββ PART2_Security_Configuration_and_Best_Practices.md
βββ PART3_Security_Analysis.md
βββ README.md # This file
- Go to CloudLab
- Create a new experiment
- Select "Create Profile" or use existing
- Use this repository URL:
https://github.com/D13ya/ccs_openstack_hw_6 - Select the profile script:
osp.py - Configure parameters (hardware type, compute nodes, passwords)
- Start the experiment
- OpenStack installation: ~30-60 minutes
- Magnum configuration: ~5-10 minutes
- Monitor progress in CloudLab's experiment view
SSH to the controller node and run:
source /opt/devstack/openrc admin admin
openstack coe cluster create k8s-cluster \
--cluster-template k8s-default-template \
--master-count 1 \
--node-count 2 \
--keypair magnum-default
# Wait for completion (~10-20 minutes)
watch openstack coe cluster show k8s-cluster# Get kubeconfig
openstack coe cluster config k8s-cluster --dir ~/.kube --force
export KUBECONFIG=~/.kube/config
# Install Garden CLI
curl -sL https://get.garden.io/install.sh | bash
# Update context in garden.yml
kubectl config get-contexts
nano /local/repository/cloudlab-deploy/garden.yml
# Deploy
cd /local/repository/cloudlab-deploy
garden deploy --env cloudlab
# Access application
kubectl get nodes -o wide # Get node IP
# Vote UI: http://<node-ip>:30080
# Result UI: http://<node-ip>:30081See cloudlab-deploy/ directory for comprehensive documentation:
- INDEX.md - Complete navigation guide
- SETUP.md - Step-by-step deployment instructions
- QUICK_REFERENCE.md - Command cheatsheet
- ARCHITECTURE.md - System architecture diagrams
- TROUBLESHOOTING.md - Common issues and solutions
- Multi-node setup (1 controller + N compute nodes)
- Ubuntu 24.04 LTS
- Automated OpenStack installation via DevStack
- Magnum for Kubernetes cluster management
- Vote UI - Python/Flask frontend (NodePort 30080)
- API - Python/Flask backend
- Result UI - Node.js results display (NodePort 30081)
- Worker - Node.js background processor
- Redis - In-memory cache
- PostgreSQL - Vote storage database
- CloudLab account
- SSH access to experiment nodes
- Basic knowledge of:
- OpenStack
- Kubernetes
- Docker
- Garden (optional, covered in docs)
OpenStack Dashboard: http://<controller-ip>/dashboard
- Username:
adminordemo - Password:
chocolateFrog!(or custom value set during instantiation)
PostgreSQL (internal):
- Username:
postgres - Password:
postgres
β
Automated OpenStack deployment
β
Magnum pre-configured for Kubernetes
β
Complete voting application stack
β
Garden-based deployment workflow
β
Comprehensive documentation
β
Simple NodePort access (no ingress needed)
- This is a lab/demo configuration - not production-ready
- No persistent volumes (data lost on pod restart)
- No TLS/HTTPS
- Default passwords should be changed for real use
To run the comprehensive security assessment:
cd security-scripts
sudo ./00-install-tools.sh # Install tools (once)
export WORKER_NODE_IP="<your-ip>" # Set your node IP
./run-all-scans.sh # Run all scansSee security-scripts/QUICK_START.md for detailed instructions.
If you encounter issues:
- Check CloudLab experiment logs
- Review
/tmp/install-openstack.logon controller - Review
/tmp/configure-magnum.logon controller - See
cloudlab-deploy/TROUBLESHOOTING.mdfor detailed help
- kubectl not configured: Run
openstack coe cluster config k8s-cluster - Docker permission denied: Run
sudo usermod -aG docker $USER && newgrp docker - Tool not found: Rerun
sudo ./00-install-tools.sh
This project is for educational purposes.
Based on the Garden vote-helm example and adapted for CloudLab deployment.