HackTricks CloudConcourse Lab Creation
Reading time: 5 minutes
tip
Jifunze na fanya mazoezi ya AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: 
HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na fanya mazoezi ya Azure Hacking: 
HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.
Testing Environment
Running Concourse
With Docker-Compose
Hii faili ya docker-compose inarahisisha usanikishaji wa kufanya majaribio na concourse:
wget https://raw.githubusercontent.com/starkandwayne/concourse-tutorial/master/docker-compose.yml
docker-compose up -d
Unaweza kupakua amri ya fly kwa ajili ya OS yako kutoka mtandao katika 127.0.0.1:8080
Pamoja na Kubernetes (Inapendekezwa)
Unaweza kwa urahisi kupeleka concourse katika Kubernetes (katika minikube kwa mfano) kwa kutumia helm-chart: concourse-chart.
brew install helm
helm repo add concourse https://concourse-charts.storage.googleapis.com/
helm install concourse-release concourse/concourse
# concourse-release will be the prefix name for the concourse elements in k8s
# After the installation you will find the indications to connect to it in the console
# If you need to delete it
helm delete concourse-release
Baada ya kuunda mazingira ya concourse, unaweza kuunda siri na kutoa ufikiaji kwa SA inayotembea katika concourse web ili kufikia siri za K8s:
echo 'apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: read-secrets
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: read-secrets-concourse
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: read-secrets
subjects:
- kind: ServiceAccount
name: concourse-release-web
namespace: default
---
apiVersion: v1
kind: Secret
metadata:
name: super
namespace: concourse-release-main
type: Opaque
data:
secret: MWYyZDFlMmU2N2Rm
' | kubectl apply -f -
Unda Pipeline
Pipeline inaundwa na orodha ya Jobs ambayo ina orodha iliyopangwa ya Steps.
Steps
Aina kadhaa tofauti za hatua zinaweza kutumika:
- hatua ya
taskstep inaendesha task - hatua ya
getstep inapata resource - hatua ya
putstep inasasisha resource - hatua ya
set_pipelinestep inakamilisha pipeline - hatua ya
load_varstep inaloadi thamani kwenye local var - hatua ya
in_parallelstep inaendesha hatua kwa pamoja - hatua ya
dostep inaendesha hatua kwa mpangilio - mrekebishaji wa hatua ya
acrossstep inaendesha hatua mara nyingi; mara moja kwa kila mchanganyiko wa thamani za mabadiliko - hatua ya
trystep inajaribu kuendesha hatua na inafanikiwa hata kama hatua inashindwa
Kila step katika job plan inaendesha katika konteina yake mwenyewe. Unaweza kuendesha chochote unachotaka ndani ya konteina (yaani, endesha majaribio yangu, endesha hii bash script, jenga picha hii, nk.). Hivyo basi, ikiwa una kazi yenye hatua tano, Concourse itaunda konteina tano, moja kwa kila hatua.
Kwa hivyo, inawezekana kuashiria aina ya konteina ambayo kila hatua inahitaji kuendesha ndani yake.
Mfano wa Rahisi wa Pipeline
jobs:
- name: simple
plan:
- task: simple-task
privileged: true
config:
# Tells Concourse which type of worker this task should run on
platform: linux
image_resource:
type: registry-image
source:
repository: busybox # images are pulled from docker hub by default
run:
path: sh
args:
- -cx
- |
sleep 1000
echo "$SUPER_SECRET"
params:
SUPER_SECRET: ((super.secret))
fly -t tutorial set-pipeline -p pipe-name -c hello-world.yml
# pipelines are paused when first created
fly -t tutorial unpause-pipeline -p pipe-name
# trigger the job and watch it run to completion
fly -t tutorial trigger-job --job pipe-name/simple --watch
# From another console
fly -t tutorial intercept --job pipe-name/simple
Angalia 127.0.0.1:8080 ili kuona mtiririko wa pipeline.
Bash script na pipeline ya matokeo/ingizo
Inawezekana kuhifadhi matokeo ya kazi moja katika faili na kuashiria kwamba ni matokeo na kisha kuashiria ingizo la kazi inayofuata kama matokeo ya kazi ya awali. Kile ambacho concourse inafanya ni kuunganisha directory ya kazi ya awali katika kazi mpya ambapo unaweza kufikia faili zilizoundwa na kazi ya awali.
Triggers
Huhitaji kuanzisha kazi kwa mikono kila wakati unapotaka kuzifanya, unaweza pia kuzipanga zifanyike kila wakati:
- Wakati fulani unapita: Time resource
- Kwa commits mpya kwenye tawi kuu: Git resource
- PR mpya: Github-PR resource
- Pakua au sukuma picha ya hivi karibuni ya programu yako: Registry-image resource
Angalia mfano wa YAML pipeline unaoanzishwa kwa commits mpya kwenye master katika https://concourse-ci.org/tutorial-resources.html
tip
Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.