diff options
author | Petr Ospalý <p.ospaly@partner.samsung.com> | 2019-01-02 15:52:24 +0100 |
---|---|---|
committer | Petr Ospalý <p.ospaly@partner.samsung.com> | 2019-01-02 15:53:32 +0100 |
commit | 8100123ec5b6915e6ed7589ed5d94aee9e81520c (patch) | |
tree | 516d123dd969ab1d9149cd528a7eeff2d587f68e | |
parent | 6dfb646b2d57a6bc17979a7a20169930e4a2d473 (diff) |
Add default onap cfg support
Issue-ID: OOM-1551
Change-Id: If91e00ba49af9b52eea6cabb7cfecc296d1ff596
Signed-off-by: Petr Ospalý <p.ospaly@partner.samsung.com>
-rw-r--r-- | bash/tools/common-functions.sh | 110 | ||||
-rw-r--r-- | cfg/full_depl_values.yaml | 158 |
2 files changed, 265 insertions, 3 deletions
diff --git a/bash/tools/common-functions.sh b/bash/tools/common-functions.sh index ac05fe18..4ccb2069 100644 --- a/bash/tools/common-functions.sh +++ b/bash/tools/common-functions.sh @@ -15,18 +15,22 @@ # limitations under the License. # # COPYRIGHT NOTICE ENDS HERE + # # this file contains shared variables and functions for the onap installer # + # any script which needs this file can check this variable # and it will know immediately if the functions and variables # are loaded and usable IS_COMMON_FUNCTIONS_SOURCED=YES + # setting of the path variables if [ -z "$APROJECT_DIR" ] ; then INCLUDE_PATH="${LOCAL_PATH}"/"${RELATIVE_PATH}" APROJECT_DIR=$(readlink -f "$INCLUDE_PATH"/../..) fi + RESOURCES_DIR="$APROJECT_DIR/resources" BASH_SCRIPTS_DIR="$APROJECT_DIR/bash" NEXUS_DATA="$RESOURCES_DIR/nexus_data" @@ -36,11 +40,14 @@ GEN_CFG_PATH="$APROJECT_DIR/live/cfg" GIT_REPOS="$RESOURCES_DIR/git-repo" NGINX_HTTP_DIR="$RESOURCES_DIR/http" RHEL_REPO="$RESOURCES_DIR/pkg/rhel" + PATH="${PATH}:/usr/local/bin:/usr/local/sbin" export PATH + # just self-defense against locale LANG=C export LANG + # dns handling SIMUL_HOSTS="gcr.io \ git.rancher.io \ @@ -57,10 +64,12 @@ registry.hub.docker.com \ git.onap.org \ repo1.maven.org \ repo.maven.apache.org" + # default credentials to the repository NEXUS_USERNAME=admin NEXUS_PASSWORD=admin123 NEXUS_EMAIL=admin@onap.org + # this function is intended to unify the installer output message() { case "$1" in @@ -85,6 +94,7 @@ message() { return 0 } export message + # if the environment variable DEBUG is set to DEBUG-ONAP -> # -> this function will print its arguments # otherwise nothing is done @@ -92,10 +102,12 @@ debug() { [ "$DEBUG" = DEBUG-ONAP ] && message debug "$@" } export debug + fail() { message error "$@" exit 1 } + retry() { local n=1 local max=5 @@ -110,10 +122,12 @@ retry() { fi done } + may_self_extract() { # extract and untar to the current directory sed '0,/^# PAYLOAD BELOW #$/d' "$0" | tar -xvpf - ; } + update_hosts() { if grep -q "^[^#]\+\s$SIMUL_HOSTS\s*\$" /etc/hosts ; then message info "simulated domains already in /etc/hosts" @@ -121,12 +135,14 @@ update_hosts() { echo "$LOCAL_IP $SIMUL_HOSTS" >> /etc/hosts message info "simulated domains added to /etc/hosts (please check it)" fi + if grep -q "^[^#]\+\s$NEXUS_FQDN\s*\$" /etc/hosts ; then message info "nexus FQDN already in /etc/hosts" else echo "$LOCAL_IP $NEXUS_FQDN" >> /etc/hosts message info "Nexus FQDN added to /etc/hosts (please check it)" fi + if grep -q "^[^#]\+\srepo.install-server\s*\$" /etc/hosts ; then message info "custom repo FQDN already in /etc/hosts" else @@ -134,52 +150,64 @@ update_hosts() { message info "Nexus FQDN added to /etc/hosts (please check it)" fi } + get_cfg_val() { name="$1" shift ask="$@" + value=$(eval "echo \$${name}") if [ -z "$value" ]; then while [ -z "$value" ] ; do printf "${ask}" read -r $name + value=$(eval "echo \$${name}") done echo "${name}='${value}'" >> ./local_repo.conf fi } + get_configuration() { if [ -f ./local_repo.conf ]; then . ./local_repo.conf fi + if [ -z "${NEXUS_FQDN}" ]; then NEXUS_FQDN="nexus.$HOSTNAME" echo "NEXUS_FQDN='${NEXUS_FQDN}'" >> ./local_repo.conf fi + if [ -z "${ONAP_SCALE}" ]; then ONAP_SCALE=full echo "ONAP_SCALE='${ONAP_SCALE}'" >> ./local_repo.conf fi + # nexus should be configured using those default entries # if it was not put the correct inputs instead if [ -z "${NPM_USERNAME}" ]; then NPM_USERNAME="${NEXUS_USERNAME}" echo "NPM_USERNAME='${NPM_USERNAME}'" >> ./local_repo.conf fi + if [ -z "${NPM_PASSWORD}" ]; then NPM_PASSWORD="${NEXUS_PASSWORD}" echo "NPM_PASSWORD='${NPM_PASSWORD}'" >> ./local_repo.conf fi + if [ -z "${NPM_EMAIL}" ]; then NPM_EMAIL="$NEXUS_EMAIL" echo "NPM_EMAIL='${NPM_EMAIL}'" >> ./local_repo.conf fi + export NEXUS_FQDN export ONAP_SCALE export NPM_USERNAME export NPM_PASSWORD export NPM_EMAIL + NODE_USERNAME="root" + if [ -z "$LOCAL_IP" ] ; then echo echo "======= Mandatory configuration =======" @@ -189,12 +217,16 @@ get_configuration() { "\nDO NOT USE LOOPBACK! (for example: 10.0.0.1): " fi } + enable_local_repo() { sed -r "s%PATH%file://$APROJECT_DIR/resources/pkg/rhel%" "$APROJECT_DIR/resources/pkg/rhel/onap.repo" > /etc/yum.repos.d/onap.repo } + install_packages() { os_id="$1" + message info "Installing packages" + case "$os_id" in centos) yum -y install "$APROJECT_DIR/resources/pkg/centos/*.rpm" @@ -215,6 +247,7 @@ install_packages() { ;; esac } + install_files() { message info "installation of external binaries" for binary in kubectl helm rancher jq ; do @@ -223,23 +256,31 @@ install_files() { done mkdir ~/.kube } + setup_vnc_server() { mkdir -p ~/.vnc ~/.icewm echo "onap" | vncpasswd -f > ~/.vnc/passwd chmod 0600 ~/.vnc/passwd + cat > ~/.vnc/xstartup <<EOF #!/bin/sh + unset SESSION_MANAGER unset DBUS_SESSION_BUS_ADDRESS exec icewm-session + EOF + chmod +x ~/.vnc/xstartup + cat > ~/.icewm/menu <<EOF prog Firefox firefox firefox separator + EOF vncserver } + update_docker_cfg() { if [ -f "/etc/docker/daemon.json" ]; then jq '.dns += ["172.17.0.1"]' /etc/docker/daemon.json > /tmp/daemon.json @@ -248,15 +289,20 @@ update_docker_cfg() { echo '{"dns": ["172.17.0.1"]}' > /etc/docker/daemon.json fi } + create_root_CA() { echo "** Generate certificates **" openssl genrsa -out $CERTS_TARGET_PATH/rootCA.key 4096 + echo "** Generate self signed ***" openssl req -config $GEN_CFG_PATH/cacert.cnf -key $CERTS_TARGET_PATH/rootCA.key -new -x509 -days 7300 -sha256 -extensions v3_ca \ -out $CERTS_TARGET_PATH/rootCAcert.pem + + # convert to crt openssl x509 -in $CERTS_TARGET_PATH/rootCAcert.pem -inform PEM -out $CERTS_TARGET_PATH/rootCAcert.crt } + install_root_CA() { os=$1 echo "** Publishing root CA **" @@ -273,14 +319,19 @@ install_root_CA() { echo "OS \"$os\" is not supported" exit -2 fi + echo "** Restart docker (because of reload new CA) **" systemctl restart docker + } + create_cert() { server_name=$1 + openssl genrsa -out $CERTS_TARGET_PATH/${server_name}_server.key 4096 echo "** Generate sig request ***" openssl req -new -config $GEN_CFG_PATH/${server_name}_cert.cnf -key $CERTS_TARGET_PATH/${server_name}_server.key -out $CERTS_TARGET_PATH/${server_name}_server.csr + # v3.ext must be in separate file , because of bug in openssl 1.0 echo "** sign **" openssl x509 -req -in $CERTS_TARGET_PATH/${server_name}_server.csr\ @@ -289,13 +340,21 @@ create_cert() { -CAkey $CERTS_TARGET_PATH/rootCA.key\ -CAcreateserial -out $CERTS_TARGET_PATH/${server_name}_server.crt -days 3650 -sha256 } + create_all_certs() { create_cert "nexus" } + update_firewall() { -#TODO +# TODO +#firewall-cmd --permanent --add-port=53/udp +#firewall-cmd --permanent --add-port=53/tcp +#firewall-cmd --permanent --add-port=10001/tcp +#firewall-cmd --permanent --add-port=80/tcp +#firewall-cmd --permanent --add-port=443/tcp return 0 } + distribute_root_CA() { targetip=$1 scp $APROJECT_DIR/install_cacert.sh $targetip:. @@ -303,6 +362,18 @@ distribute_root_CA() { echo "** Add DNS record to remote host **" ssh $targetip "echo nameserver $LOCAL_IP > /etc/resolv.conf" } + +upload_ansible_pkgs() { + os=$1 + targetip=$2 + #if [[ $os == "ubuntu" ]]; then + # those deb & whl packages are needed for sdnc-ansible-server pod + # independently on host OS distros + echo "** Copy required packages for sdnc-ansible-pod to kubernetes node $targetip **" + scp -r $APROJECT_DIR/resources/pkg/ubuntu/ansible_pkg $targetip:. + #fi +} + remote_setup_nfs_server() { os=$1 targetip=$2 @@ -312,8 +383,10 @@ remote_setup_nfs_server() { scp -r $APROJECT_DIR/resources/pkg/ubuntu/nfs-common-pkg/* $targetip:. ssh $targetip dpkg -i *.deb fi + ssh $targetip /bin/bash ./setup_nfs_server.sh "$@" } + remote_setup_nfs_mount() { os=$1 targetip=$2 @@ -325,10 +398,12 @@ remote_setup_nfs_mount() { fi ssh $targetip /bin/bash ./setup_nfs_mount.sh $nfsip } + enable_remote_repo() { targetip=$1 sed -r "s%PATH%http://repo.install-server%" $APROJECT_DIR/resources/pkg/rhel/onap.repo | ssh $targetip 'cat > /etc/yum.repos.d/onap.repo' } + install_remote_docker() { targetip=$1 os=$2 @@ -346,8 +421,10 @@ install_remote_docker() { else echo {'\"'dns'\"': ['\"'$LOCAL_IP'\"']} > /etc/docker/daemon.json fi" + ssh $targetip 'systemctl enable docker; systemctl restart docker' } + deploy_rancher() { docker run -d --entrypoint "/bin/bash" --restart=unless-stopped -p 8080:8080 \ -v $CERTS_TARGET_PATH:/usr/local/share/ca-certificates/extra:ro \ @@ -355,6 +432,7 @@ deploy_rancher() { -c "/usr/sbin/update-ca-certificates;/usr/bin/entry /usr/bin/s6-svscan /service" echo "** wait until rancher is ready **" } + deploy_kubernetes() { os=$1 set +e @@ -375,13 +453,16 @@ deploy_kubernetes() { export RANCHER_URL=http://${LOCAL_IP}:8080 export RANCHER_ACCESS_KEY=$KEY_PUBLIC export RANCHER_SECRET_KEY=$KEY_SECRET + rancher env ls echo "wait 60 sec for rancher environments can settle before we create the onap kubernetes one" sleep 60 + rancher env create -t kubernetes onap > kube_env_id.json PROJECT_ID=$(<kube_env_id.json) echo "env id: $PROJECT_ID" export RANCHER_HOST_URL=http://${LOCAL_IP}:8080/v1/projects/$PROJECT_ID + for i in `seq 5`; do status=$(rancher env ls | grep $PROJECT_ID | awk '{print $4}') if [[ "$status" == "active" ]]; then @@ -392,6 +473,7 @@ deploy_kubernetes() { echo "Wait for environment to become active" sleep 30 done + REG_URL_RESPONSE=`curl -X POST -u $KEY_PUBLIC:$KEY_SECRET -H 'Accept: application/json' -H 'ContentType: application/json' -d '{"name":"$LOCAL_IP"}' "http://$LOCAL_IP:8080/v1/projects/$PROJECT_ID/registrationtokens"` echo "wait for server to finish url configuration - 3 min" sleep 180 @@ -399,6 +481,7 @@ deploy_kubernetes() { REGISTRATION_TOKENS=`curl http://127.0.0.1:8080/v2-beta/registrationtokens` REGISTRATION_DOCKER=`echo $REGISTRATION_TOKENS | jq -r .data[0].image` REGISTRATION_TOKEN=`echo $REGISTRATION_TOKENS | jq -r .data[0].token` + # base64 encode the kubectl token from the auth pair # generate this after the host is registered KUBECTL_TOKEN=$(echo -n 'Basic '$(echo -n "$RANCHER_ACCESS_KEY:$RANCHER_SECRET_KEY" | base64 -w 0) | base64 -w 0) @@ -422,12 +505,15 @@ users: - name: "onap" user: token: "$KUBECTL_TOKEN" + EOF + if [[ $os == "rhel" ]]; then echo "Upgrade datavolume for RHEL" KUBELET_ID=`curl http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/ | jq -r '.data[] | select(.name=="kubelet")'.id` OLD_LAUNCH_CONFIG=`curl http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/${KUBELET_ID} | jq '.launchConfig'` NEW_LAUNCH_CONFIG=`echo $OLD_LAUNCH_CONFIG | jq '.dataVolumes[2]="/sys/fs/cgroup:/sys/fs/cgroup:ro,rprivate"'` + DATA="{ \"inServiceStrategy\": { \"batchSize\": 1, @@ -438,11 +524,14 @@ EOF } }" curl -s -u $KEY_PUBLIC:$KEY_SECRET -X POST -H 'Content-Type: application/json' -d "${DATA}" "http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/${KUBELET_ID}?action=upgrade" > /dev/null + echo "Give environment time to update (30 sec)" sleep 30 + curl -s -u $KEY_PUBLIC:$KEY_SECRET -X POST "http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/${KUBELET_ID}?action=finishupgrade" > /dev/null fi } + deploy_rancher_agent() { nodeip=$1 if [ -z "$REGISTRATION_DOCKER" ]; then @@ -457,10 +546,12 @@ deploy_rancher_agent() { echo "ASSERT: Missing REGISTRATION_TOKEN" exit 1 fi + ssh $nodeip "docker run --rm --privileged -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/racher:/var/lib/rancher $REGISTRATION_DOCKER $RANCHER_URL/v1/scripts/$REGISTRATION_TOKEN" echo "waiting 2 min for creating kubernetes environment" sleep 120 } + deploy_node() { nodeip=$1 os=$2 @@ -469,6 +560,7 @@ deploy_node() { install_remote_docker $nodeip $os deploy_rancher_agent $nodeip } + deploy_onap() { pushd $APROJECT_DIR/resources/oom/kubernetes helm init --upgrade --skip-refresh @@ -486,6 +578,7 @@ deploy_onap() { --set "global.cacert=$(cat ${CERTS_TARGET_PATH}/rootCAcert.crt)" popd } + expand_file() { file=$1 # print warning if patched file does not exist as some charts @@ -494,12 +587,15 @@ expand_file() { echo "WARNING: Can't patch file $file because this file does not exists." return 0 fi + shift + for ivar in "$@" ; do ivalue=$(eval 'echo "$'${ivar}'"') sed -i "s#${ivar}#${ivalue}#g" "$file" done } + patch_npm_oom() { if [ -z "$LOCAL_IP" ] ; then echo "ERROR: LOCAL_IP unset" @@ -509,8 +605,10 @@ patch_npm_oom() { echo "ERROR: NEXUS_FQDN unset" return 1 fi + UPDATE_HOSTS_FILE="$LOCAL_IP $NEXUS_FQDN" UPDATE_NPM_REGISTRY="npm set registry \"http://${NEXUS_FQDN}/repository/npm-private/\"" + expand_file $APROJECT_DIR/resources/oom/kubernetes/common/dgbuilder/templates/deployment.yaml \ UPDATE_HOSTS_FILE \ UPDATE_NPM_REGISTRY @@ -518,18 +616,22 @@ patch_npm_oom() { UPDATE_HOSTS_FILE \ UPDATE_NPM_REGISTRY } + patch_spring_oom() { if [ -z "$LOCAL_IP" ] ; then echo "ERROR: LOCAL_IP unset" return 1 fi + UPDATE_HOSTS_FILE="$LOCAL_IP www.springframework.org" expand_file $APROJECT_DIR/resources/oom/kubernetes/dmaap/charts/message-router/templates/deployment.yaml \ UPDATE_HOSTS_FILE } + patch_cfy_manager_depl() { os="$1" file="${APROJECT_DIR}/resources/oom/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml" + case "$os" in centos|rhel) CERT_PATH="/etc/pki/ca-trust/source/anchors" @@ -546,9 +648,11 @@ patch_cfy_manager_depl() { return 1 ;; esac + expand_file "$file" CERT_PATH } + copy_onap_values_file() { - cp "${APROJECT_DIR}/cfg/${ONAP_SCALE}_depl_values.yaml" \ + cp "${APROJECT_DIR}/${CUSTOM_CFG_RELPATH:-cfg}/${ONAP_SCALE}_depl_values.yaml" \ "${APROJECT_DIR}/resources/oom/kubernetes/onap/values.yaml" -}
\ No newline at end of file +} diff --git a/cfg/full_depl_values.yaml b/cfg/full_depl_values.yaml new file mode 100644 index 00000000..b16354e9 --- /dev/null +++ b/cfg/full_depl_values.yaml @@ -0,0 +1,158 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration overrides. +# +# These overrides will affect all helm charts (ie. applications) +# that are listed below and are 'enabled'. +################################################################# +global: + # Change to an unused port prefix range to prevent port conflicts + # with other instances running within the same k8s cluster + nodePortPrefix: 302 + + # ONAP Repository + # Uncomment the following to enable the use of a single docker + # repository but ONLY if your repository mirrors all ONAP + # docker images. This includes all images from dockerhub and + # any other repository that hosts images for ONAP components. + #repository: nexus3.onap.org:10001 + repositoryCred: + user: docker + password: docker + + # readiness check - temporary repo until images migrated to nexus3 + readinessRepository: oomk8s + # logging agent - temporary repo until images migrated to nexus3 + loggingRepository: docker.elastic.co + + # image pull policy + #pullPolicy: Always + pullPolicy: IfNotPresent + + # default mount path root directory referenced + # by persistent volumes and log files + persistence: + mountPath: /dockerdata-nfs + + # flag to enable debugging - application support required + debugEnabled: false + +# Repository for creation of nexus3.onap.org secret +repository: nexus3.onap.org:10001 + + +################################################################# +# Enable/disable and configure helm charts (ie. applications) +# to customize the ONAP deployment. +################################################################# +aaf: + enabled: true +aai: + enabled: true +appc: + enabled: true + config: + openStackType: OpenStackProvider + openStackName: OpenStack + openStackKeyStoneUrl: FILL-ME + openStackServiceTenantName: FILL-ME + openStackDomain: FILL-ME + openStackUserName: FILL-ME + openStackEncryptedPassword: FILL-ME +clamp: + enabled: true +cli: + enabled: true +consul: + enabled: true +dcaegen2: + enabled: true +dmaap: + enabled: true +esr: + enabled: true +log: + enabled: true +sniro-emulator: + enabled: true +oof: + enabled: true +msb: + enabled: true +multicloud: + enabled: true +nbi: + enabled: true + config: + # openstack configuration + openStackUserName: "FILL-ME" + openStackRegion: "FILL-ME" + openStackKeyStoneUrl: "FILL-ME" + openStackServiceTenantName: "FILL-ME" + openStackEncryptedPasswordHere: "FILL-ME" +policy: + enabled: true +portal: + enabled: true +robot: + enabled: true +sdc: + enabled: true +sdnc: + enabled: true + + replicaCount: 1 + + config: + enableClustering: false + + mysql: + disableNfsProvisioner: true + replicaCount: 1 +so: + enabled: true + + replicaCount: 1 + + liveness: + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + + # so server configuration + config: + # message router configuration + dmaapTopic: "AUTO" + # openstack configuration + openStackUserName: "FILL-ME" + openStackRegion: "FILL-ME" + openStackKeyStoneUrl: "FILL-ME" + openStackServiceTenantName: "FILL-ME" + openStackEncryptedPasswordHere: "FILL-ME" + + # configure embedded mariadb + mariadb: + config: + mariadbRootPassword: password +uui: + enabled: true +vfc: + enabled: true +vid: + enabled: true +vnfsdk: + enabled: true + |