From be76e2e5d6ecb7899388d6d80798cb1560725a60 Mon Sep 17 00:00:00 2001 From: Giacomo Coluccelli Date: Mon, 1 Dec 2025 19:00:05 +0100 Subject: [PATCH 1/2] Add Omnilab ATS exposed UI testbed --- omnilab-ats/exposed_ui/README.md | 64 ++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 omnilab-ats/exposed_ui/README.md diff --git a/omnilab-ats/exposed_ui/README.md b/omnilab-ats/exposed_ui/README.md new file mode 100644 index 00000000..5809cced --- /dev/null +++ b/omnilab-ats/exposed_ui/README.md @@ -0,0 +1,64 @@ +# Omnilab Android Test Studio + +Setup Omnilab ATS following the steps reported in the official [documentation page](https://source.android.com/docs/core/tests/development/android-test-station/ats-user-guide#install-with-installer). The testbed will be setup through docker and can be managed using the CLI utility `mtt`. + +## Installation steps + +```sh +curl https://storage.googleapis.com/android-mtt.appspot.com/prod/install.sh | bash +``` + +OATS can then be run using the `mtt` cli utility. The UI will then be exposed by default on where a setup wizard will allow to finalize the installation. + +```sh +mtt start +``` + +## Hardening steps + +OmniLab ATS has no built-in authentication. Either block external access or use a reverse proxy with basic auth to secure it. An example of how this can be done on a linux machine with nginx is reported below: + +Start the service on a different port + +```sh +mtt stop +mtt start --port 8001 +``` + +Install nginx and configure a basic auth password file + +```sh +sudo apt install nginx apache2-utils +sudo htpasswd -c /etc/nginx/.htpasswd admin +``` + +Configure nginx (`/etc/nginx/sites-available/ats`): + +```conf +server { + listen 8000; + server_name _; + + location / { + auth_basic "OmniLab ATS"; + auth_basic_user_file /etc/nginx/.htpasswd; + + proxy_pass http://localhost:8001; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} +``` + +Enable and restart nginx + +```sh +sudo ln -s /etc/nginx/sites-available/ats /etc/nginx/sites-enabled/ +sudo nginx -t +sudo systemctl restart nginx +``` + +## References + +- From 9fa4a07eb5081fa3dd1d8ba7d43983f5605908a1 Mon Sep 17 00:00:00 2001 From: Giacomo Coluccelli Date: Tue, 2 Dec 2025 13:33:57 +0100 Subject: [PATCH 2/2] Implement docker compose testbed --- omnilab-ats/exposed_ui/README.md | 58 ++++------------------- omnilab-ats/exposed_ui/docker-compose.yml | 51 ++++++++++++++++++++ 2 files changed, 60 insertions(+), 49 deletions(-) create mode 100644 omnilab-ats/exposed_ui/docker-compose.yml diff --git a/omnilab-ats/exposed_ui/README.md b/omnilab-ats/exposed_ui/README.md index 5809cced..9258b989 100644 --- a/omnilab-ats/exposed_ui/README.md +++ b/omnilab-ats/exposed_ui/README.md @@ -1,64 +1,24 @@ # Omnilab Android Test Studio -Setup Omnilab ATS following the steps reported in the official [documentation page](https://source.android.com/docs/core/tests/development/android-test-station/ats-user-guide#install-with-installer). The testbed will be setup through docker and can be managed using the CLI utility `mtt`. +Setup for Omnilab ATS exposed UI testbed. -## Installation steps +## Deployment -```sh -curl https://storage.googleapis.com/android-mtt.appspot.com/prod/install.sh | bash -``` - -OATS can then be run using the `mtt` cli utility. The UI will then be exposed by default on where a setup wizard will allow to finalize the installation. - -```sh -mtt start -``` - -## Hardening steps - -OmniLab ATS has no built-in authentication. Either block external access or use a reverse proxy with basic auth to secure it. An example of how this can be done on a linux machine with nginx is reported below: - -Start the service on a different port +The testbed can be deployed using docker compose running the following inside this directory ```sh -mtt stop -mtt start --port 8001 +docker compose up -d ``` -Install nginx and configure a basic auth password file - -```sh -sudo apt install nginx apache2-utils -sudo htpasswd -c /etc/nginx/.htpasswd admin -``` - -Configure nginx (`/etc/nginx/sites-available/ats`): - -```conf -server { - listen 8000; - server_name _; - - location / { - auth_basic "OmniLab ATS"; - auth_basic_user_file /etc/nginx/.htpasswd; - - proxy_pass http://localhost:8001; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } -} -``` +This will setup an exposed instance (without any authentication) at and an instance behind basic auth (Omnilab ATS does not provide any authentication) at (creds are `admin`:`changeme`). -Enable and restart nginx +The testbed can then be stopped and removed running the following from within the same directory ```sh -sudo ln -s /etc/nginx/sites-available/ats /etc/nginx/sites-enabled/ -sudo nginx -t -sudo systemctl restart nginx +docker compose down ``` -## References +## Resources - +- diff --git a/omnilab-ats/exposed_ui/docker-compose.yml b/omnilab-ats/exposed_ui/docker-compose.yml new file mode 100644 index 00000000..dbce3872 --- /dev/null +++ b/omnilab-ats/exposed_ui/docker-compose.yml @@ -0,0 +1,51 @@ +services: + mtt: + image: gcr.io/android-mtt/mtt:prod + container_name: mtt + ports: + - "8000:8000" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + environment: + - MTT_CONTROL_SERVER_PORT=8000 + - OPERATION_MODE=on_premise + - IS_OMNILAB_BASED=true + restart: unless-stopped + networks: + - internal + nginx: + image: nginx:alpine + ports: + - "8001:80" + configs: + - source: nginx_config + target: /etc/nginx/nginx.conf + - source: htpasswd + target: /etc/nginx/.htpasswd + depends_on: + - mtt + restart: unless-stopped + networks: + - internal + +networks: + internal: + +configs: + nginx_config: + content: | + events { worker_connections 1024; } + http { + server { + listen 80; + location / { + auth_basic "ATS"; + auth_basic_user_file /etc/nginx/.htpasswd; + proxy_pass http://mtt:8000; + } + } + } + + htpasswd: + content: | + admin:$2y$05$7eaUZOK1Q7SuT9tv67PwvulFo7/ysDHS8bKM6G4rENSJZdEMlMa42