diff options
Diffstat (limited to 'dcae-controller-service-docker/dcae-controller-service-docker-host/dcae-controller-service-docker-host-manager/src/main/server')
5 files changed, 5 insertions, 200 deletions
diff --git a/dcae-controller-service-docker/dcae-controller-service-docker-host/dcae-controller-service-docker-host-manager/src/main/server/bin/common.funcs b/dcae-controller-service-docker/dcae-controller-service-docker-host/dcae-controller-service-docker-host-manager/src/main/server/bin/common.funcs deleted file mode 100644 index 1386d92..0000000 --- a/dcae-controller-service-docker/dcae-controller-service-docker-host/dcae-controller-service-docker-host-manager/src/main/server/bin/common.funcs +++ /dev/null @@ -1,32 +0,0 @@ -# -# common shell functions -# - -_die() { - printf "$(date):FATAL:$1\n" - exit 2; -} - -_fail() { - _die $1; -} - -_fail_with_rc() { - rc=$1 - shift; - printf "$(date):ERROR:$@\n"; - exit $rc; -} - -_warn() { - printf "$(date):WARN:$1\n"; -} - -_info() { - printf "$(date):INFO:$1\n"; -} - -_print() { - _info $1; -} - diff --git a/dcae-controller-service-docker/dcae-controller-service-docker-host/dcae-controller-service-docker-host-manager/src/main/server/bin/generate-certs.sh b/dcae-controller-service-docker/dcae-controller-service-docker-host/dcae-controller-service-docker-host-manager/src/main/server/bin/generate-certs.sh deleted file mode 100644 index 88cf23d..0000000 --- a/dcae-controller-service-docker/dcae-controller-service-docker-host/dcae-controller-service-docker-host-manager/src/main/server/bin/generate-certs.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash -x - -# -# this was (mostly) shamelessly cribbed from the io.docker:docker -# install_postproc script. run as root -# -DOCKER_DIR=/opt/app/docker -DOCKER_ETC_DIR=${DOCKER_DIR}/etc -DOCKER_BIN_DIR=${DOCKER_DIR}/bin -DOCKER_DATA_DIR=${DOCKER_DIR}/data -DOCKER_LOG_DIR=${DOCKER_DIR}/logs - -DOCKER_CA_CERT=${DOCKER_ETC_DIR}/docker_ca_cert.pem -DOCKER_CA_KEY=${DOCKER_ETC_DIR}/docker_ca_key.pem -CLIENT_P12_PWD=f22723cffdbd2fff1cb3c558677a7684 - -HOSTNAME=$(hostname -f) - -# Generate certificates for SSL encryption -# Generate a private key for the docker engine - -openssl genrsa -out ${DOCKER_ETC_DIR}/server_key.pem 2048 || - _fail_with_rc 20 "Server private key generation failed" - -# Generate a certificate signing request for the server using the private key. -openssl req -new -key ${DOCKER_ETC_DIR}/server_key.pem -out ${DOCKER_ETC_DIR}/server.csr -batch -subj "/countryName=US/stateOrProvinceName=Michigan/localityName=Southfield/organizationName=AT&T Services, Inc./commonName=${HOSTNAME}" || - _fail_with_rc 21 "Server certificate signing request generation failed." - -# Generate a certificate for the server and sign it with the CA certificate. -openssl x509 -req -days 3650 -in ${DOCKER_ETC_DIR}/server.csr -CA ${DOCKER_CA_CERT} -CAkey ${DOCKER_CA_KEY} -CAcreateserial -out ${DOCKER_ETC_DIR}/server_cert.pem || - _fail_with_rc 22 "Server certificate signing failed." - -# Generate a private key for client authentication -openssl genrsa -out ${DOCKER_ETC_DIR}/client_key.pem 2048 || - _fail_with_rc 20 "Client private key generation failed." - -# Generate a certificate signing request for the client using the private key. -openssl req -new -key ${DOCKER_ETC_DIR}/client_key.pem -out ${DOCKER_ETC_DIR}/client.csr -batch -subj "/countryName=US/stateOrProvinceName=Michigan/localityName=Southfield/organizationName=AT&T Services, Inc./commonName=Client" || - _fail_with_rc 21 "Clienterver certificate signing request generation failed." - -# To make the key suitable for client authentication, -# create an extensions config file -echo extendedKeyUsage = clientAuth > ${DOCKER_ETC_DIR}/client_cert_extfile.cnf - -# Generate a certificate for the client and sign it with the CA certificate -openssl x509 -req -days 3650 -in ${DOCKER_ETC_DIR}/client.csr -CA ${DOCKER_CA_CERT} -CAkey ${DOCKER_CA_KEY} -CAcreateserial -out ${DOCKER_ETC_DIR}/client_cert.pem -extfile ${DOCKER_ETC_DIR}/client_cert_extfile.cnf || - _fail_with_rc 22 "Client certificate signing failed." - -# Protect the keys -chmod 0600 ${DOCKER_ETC_DIR}/server_key.pem ${DOCKER_ETC_DIR}/client_key.pem ${DOCKER_CA_KEY} - -# Make the client key readable by the docker group so people who can access the docker cli can also -# access docker engine via the rest api -chgrp docker ${DOCKER_ETC_DIR}/client_key.pem -# But make the public keys readable -chmod 0644 ${DOCKER_ETC_DIR}/server_cert.pem ${DOCKER_ETC_DIR}/client_cert.pem ${DOCKER_CA_CERT} - -# Remove the password from the client key -openssl rsa -in ${DOCKER_ETC_DIR}/client_key.pem -out ${DOCKER_ETC_DIR}/client_key.pem - -# Convert the client key from pem to pksc12 format so we can add it to the keystore - -openssl pkcs12 -export -inkey ${DOCKER_ETC_DIR}/client_key.pem -in ${DOCKER_ETC_DIR}/client_cert.pem -out ${DOCKER_ETC_DIR}/client_cert.p12 -name client_p12 -CAfile ${DOCKER_CA_CERT} -caname root -chain -passout pass:${CLIENT_P12_PWD} || - _fail_with_rc 6 "CA key not converted to pksc12 format" - -# update the docker opts in /etc/default/docker -DOCKER_OPTS="--debug --graph /opt/app/docker/data --host tcp://0.0.0.0:4243 --host unix:///var/run/docker.sock --tls=true --tlscert=/opt/app/docker/etc/server_cert.pem --tlskey=/opt/app/docker/etc/server_key.pem --tlscacert=/opt/app/docker/etc/docker_ca_cert.pem" - -echo "DOCKER_OPTS=${DOCKER_OPTS}" >> /etc/default/docker - diff --git a/dcae-controller-service-docker/dcae-controller-service-docker-host/dcae-controller-service-docker-host-manager/src/main/server/bin/get-ecomp-nexus-cert.sh b/dcae-controller-service-docker/dcae-controller-service-docker-host/dcae-controller-service-docker-host-manager/src/main/server/bin/get-ecomp-nexus-cert.sh deleted file mode 100644 index dbf49e0..0000000 --- a/dcae-controller-service-docker/dcae-controller-service-docker-host/dcae-controller-service-docker-host-manager/src/main/server/bin/get-ecomp-nexus-cert.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash - -# assumes 10.208.197.75 ecomp-nexus is in /etc/hosts and -# we have a route to it -# -# run as root - -_die() { - printf "$(date):FATAL:$1\n" - exit 2; -} - -_print() { - printf "$(date):INFO:$1\n"; -} - - -DOCKER_ETC_DIR="/opt/app/docker/etc" -NEXUS_CERT=${DOCKER_ETC_DIR}/nexus.crt - -_print "Getting ecomp-nexus certificate ..." - -keytool -printcert -rfc -sslserver ecomp-nexus:8443 > ${NEXUS_CERT} - -grep "BEGIN CERTIFICATE" ${NEXUS_CERT} || - _die "Could not retrieve certificated" - -_print "Adding certificate ..." -cp -p ${NEXUS_CERT} /usr/local/share/ca-certificates || - _die "Could not copy certficate into place" - -_print "Updating CA certificates ..." -update-ca-certficates - -# -# restart docker -# - -_print "Restarting docker ..." -service docker restart diff --git a/dcae-controller-service-docker/dcae-controller-service-docker-host/dcae-controller-service-docker-host-manager/src/main/server/bin/install-docker.sh b/dcae-controller-service-docker/dcae-controller-service-docker-host/dcae-controller-service-docker-host-manager/src/main/server/bin/install-docker.sh deleted file mode 100644 index 66ff6de..0000000 --- a/dcae-controller-service-docker/dcae-controller-service-docker-host/dcae-controller-service-docker-host-manager/src/main/server/bin/install-docker.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/bash - -. common.funcs - -TRUSTY_REPO="deb https://apt.dockerproject.org/repo ubuntu-trusty main" - -# -# install docker-engine on ubuntu 14.04 -# -REL=$(uname -r) - -sudo apt-get update - -# -# Add GPG key -# -sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D - -echo "${TRUSTY_REPO}" | sudo tee /etc/apt/sources.list.d/docker.list - -# update apt package index -sudo apt-get update - - -# -# install apparmor -# -sudo app-get install -q -y apparmor || - _fail "apparmor installation failed" - -# -# get certificates -# -sudo apt-get install -q -y apt-transport-http ca-certificates || - _fail "apt-transport-http ca-certificates installation failed" - -# -# makes the aufs storage driver available -# -sudo apt-get install -q -y linux-image-extra-${REL} linux-image-extra-virtual || - _fail "linux-image-extra-${REL} or linux-image-extra-virtual installation failed" - -sudo apt-get install -q -y docker-engine || - _fail "docker-engine installation failed" - -# -# Generate certifcates for TLS -# -sudo -uroot generate-certs.sh - -sudo service docker start -sudo usermod -aG docker ubuntu -sudo usermod -aG docker dcae - -# -# END -# diff --git a/dcae-controller-service-docker/dcae-controller-service-docker-host/dcae-controller-service-docker-host-manager/src/main/server/bin/manager.sh b/dcae-controller-service-docker/dcae-controller-service-docker-host/dcae-controller-service-docker-host-manager/src/main/server/bin/manager.sh index 671a029..99e8d07 100644 --- a/dcae-controller-service-docker/dcae-controller-service-docker-host/dcae-controller-service-docker-host-manager/src/main/server/bin/manager.sh +++ b/dcae-controller-service-docker/dcae-controller-service-docker-host/dcae-controller-service-docker-host-manager/src/main/server/bin/manager.sh @@ -19,10 +19,14 @@ VMTYPE=vm-docker-host case $CMD1 in start) - mkdir -p data/resources + mkdir -p data/resources/configuration if [ ! -e data/resources/dockerHost.json ]; then echo '{}' > data/resources/dockerHost.json fi + if [ -e config/version.json ]; then + rm -rf data/resources/configuration/version* + cp config/version.json data/resources/configuration/ + fi sed -i s/FQDN/$(hostname -f)/ config/docker.properties find /opt/app/dcae-controller-service-*/lib -name \*.jar | grep -v docker-host-manager | xargs -I X cp X lib/ JVMARGS=$(cat config/manager.properties | grep JVMARGS | sed 's/[^=]*=//') |