diff options
author | Lusheng Ji <lji@research.att.com> | 2017-09-11 20:11:29 +0000 |
---|---|---|
committer | Lusheng Ji <lji@research.att.com> | 2017-09-11 20:11:44 +0000 |
commit | c38ca2f40aa0eee42fb7b2c61be4ba6e4f9aa56a (patch) | |
tree | 09d8462e1a8838b9fd575e5f9b6fcbb6af94c8e1 /bootstrap/installer-docker.sh-template | |
parent | 55f488022631ce6ab14b440e747b2e9d7648b49c (diff) |
Add bootstrap
Issue-Id: DCAEGEN2-75
Change-Id: I0158762c1c3e29612381734a608fa821e903e92e
Signed-off-by: Lusheng Ji <lji@research.att.com>
Diffstat (limited to 'bootstrap/installer-docker.sh-template')
-rwxr-xr-x | bootstrap/installer-docker.sh-template | 320 |
1 files changed, 320 insertions, 0 deletions
diff --git a/bootstrap/installer-docker.sh-template b/bootstrap/installer-docker.sh-template new file mode 100755 index 0000000..672f397 --- /dev/null +++ b/bootstrap/installer-docker.sh-template @@ -0,0 +1,320 @@ +#!/bin/bash +# +# ============LICENSE_START========================================== +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END============================================ +# +# ECOMP and OpenECOMP are trademarks +# and service marks of AT&T Intellectual Property. +# + +# URLs for artifacts needed for installation +DESIGTYPES={{ ONAPTEMPLATE_RAWREPOURL_org_onap_ccsdk_platform_plugins_releases }}/type_files/dnsdesig/dns_types.yaml +DESIGPLUG={{ ONAPTEMPLATE_RAWREPOURL_org_onap_ccsdk_platform_plugins_releases }}/plugins/dnsdesig-1.0.0-py27-none-any.wgn +SSHKEYTYPES={{ ONAPTEMPLATE_RAWREPOURL_org_onap_ccsdk_platform_plugins_releases }}/type_files/sshkeyshare/sshkey_types.yaml +SSHKEYPLUG={{ ONAPTEMPLATE_RAWREPOURL_org_onap_ccsdk_platform_plugins_releases }}/plugins/sshkeyshare-1.0.0-py27-none-any.wgn +OSPLUGINZIP=https://github.com/cloudify-cosmo/cloudify-openstack-plugin/archive/1.4.zip + +# Make sure ssh doesn't prompt for new host or choke on a new host with an IP it's seen before +SSHOPTS="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" +STARTDIR=$(pwd) + +SSHUSER=centos +PVTKEY=./config/key +INPUTS=./config/inputs.yaml + +if ["$LOCATION" = "" ] +then + echo 'Environment variable LOCATION not set. Should be set to location ID for this installation.' + exit 1 +fi + +set -e +set -x + +# Docker workaround for SSH key +# In order for the container to be able to access the key when it's mounted from the Docker host, +# the key file has to be world-readable. But ssh itself will not work with a private key that's world readable. +# So we make a copy and change permissions on the copy. +# NB -- the key on the Docker host has to be world-readable, which means that, from the host machine, you +# can't use it with ssh. It needs to be a world-readable COPY. +PVTKEY=./key600 +cp ./config/key ${PVTKEY} +chmod 600 ${PVTKEY} + +# Create a virtual environment +virtualenv dcaeinstall +source dcaeinstall/bin/activate + +# Install Cloudify +pip install cloudify==3.4.0 + +# Install the Cloudify OpenStack plugin +wget -qO- ${OSPLUGINZIP} > openstack.zip +pip install openstack.zip + +# Spin up a VM + +# Get the Designate and SSH key type files and plugins +mkdir types +wget -qO- ${DESIGTYPES} > types/dns_types.yaml +wget -qO- ${SSHKEYTYPES} > types/sshkey_types.yaml + +wget -O dnsdesig.wgn ${DESIGPLUG} +wget -O sshkeyshare.wgn ${SSHKEYPLUG} + +wagon install -s dnsdesig.wgn +wagon install -s sshkeyshare.wgn + +## Fix up the inputs file to get the private key locally +sed -e "s#key_filename:.*#key_filename: $PVTKEY#" < ${INPUTS} > /tmp/local_inputs + +# Now install the VM +# Don't exit on error after this point--keep container running so we can do uninstalls after a failure +set +e +if wget -P ./blueprints/ {{ ONAPTEMPLATE_RAWREPOURL_org_onap_dcaegen2_platform_blueprints_releases }}/blueprints/centos_vm.yaml; then + echo "Succeeded in getting the newest centos_vm.yaml" +else + echo "Failed to update centos_vm.yaml, using default version" +fi +set -e +cfy local init --install-plugins -p ./blueprints/centos_vm.yaml -i /tmp/local_inputs -i "datacenter=$LOCATION" +cfy local execute -w install --task-retries=10 +PUBIP=$(cfy local outputs | grep -Po '"public_ip": "\K.*?(?=")') + + +## It's probably not completely ready when the installation finish, so wait +sleep 180 + +echo "Installing Cloudify Manager on ${PUBIP}." + +PVTIP=$(ssh $SSHOPTS -i "$PVTKEY" "$SSHUSER"@"$PUBIP" 'echo PVTIP=`curl --silent http://169.254.169.254/2009-04-04/meta-data/local-ipv4`' | grep PVTIP | sed 's/PVTIP=//') +if [ "$PVTIP" = "" ] +then + echo Cannot access specified machine at $PUBIP using supplied credentials + # Don't exit--keep the container up so we can uninstall the VM and supporting entities + while true + do + sleep 300 + done +fi + + +# Copy private key onto Cloudify Manager VM +PVTKEYPATH=$(cat ${INPUTS} | grep "key_filename" | cut -d "'" -f2) +PVTKEYNAME=$(basename $PVTKEYPATH) +PVTKEYDIR=$(dirname $PVTKEYPATH) +scp $SSHOPTS -i $PVTKEY $PVTKEY $SSHUSER@$PUBIP:/tmp/$PVTKEYNAME +ssh -t $SSHOPTS -i $PVTKEY $SSHUSER@$PUBIP sudo mkdir -p $PVTKEYDIR +ssh -t $SSHOPTS -i $PVTKEY $SSHUSER@$PUBIP sudo mv /tmp/$PVTKEYNAME $PVTKEYPATH + +ESMAGIC=$(uuidgen -r) +WORKDIR=$HOME/cmtmp +BSDIR=$WORKDIR/cmbootstrap +PVTKEY2=$BSDIR/id_rsa.cfybootstrap +TMPBASE=$WORKDIR/tmp +TMPDIR=$TMPBASE/lib +SRCS=$WORKDIR/srcs.tar +TOOL=$WORKDIR/tool.py +rm -rf $WORKDIR +mkdir -p $BSDIR $TMPDIR/cloudify/wheels $TMPDIR/cloudify/sources $TMPDIR/manager +chmod 700 $WORKDIR +cp "$PVTKEY" $PVTKEY2 +cat >$TOOL <<!EOF +#!/usr/local/bin/python +# +import yaml +import sys +bsdir = sys.argv[1] +with open(bsdir + '/simple-manager-blueprint-inputs.yaml', 'r') as f: + inpyaml = yaml.load(f) +with open(bsdir + '/simple-manager-blueprint.yaml', 'r') as f: + bpyaml = yaml.load(f) +for param, value in bpyaml['inputs'].items(): + if value.has_key('default') and not inpyaml.has_key(param): + inpyaml[param] = value['default'] +print inpyaml['manager_resources_package'] +!EOF + +# +# Try to disable attempt to download virtualenv when not needed +# +ssh $SSHOPTS -t -i $PVTKEY2 $SSHUSER@$PUBIP 'sudo bash -xc "echo y; mkdir -p /root/.virtualenv; echo '"'"'[virtualenv]'"'"' >/root/.virtualenv/virtualenv.ini; echo no-download=true >>/root/.virtualenv/virtualenv.ini"' + +# Gather installation artifacts +# from documentation, URL for manager blueprints archive +BSURL=https://github.com/cloudify-cosmo/cloudify-manager-blueprints/archive/3.4.tar.gz +BSFILE=$(basename $BSURL) + +umask 022 +wget -qO- $BSURL >$BSDIR/$BSFILE +cd $BSDIR +tar xzvf $BSFILE +MRPURL=$(python $TOOL $BSDIR/cloudify-manager-blueprints-3.4) +MRPFILE=$(basename $MRPURL) +wget -qO- $MRPURL >$TMPDIR/cloudify/sources/$MRPFILE + +tar cf $SRCS -C $TMPDIR cloudify +rm -rf $TMPBASE +# +# Load required package files onto VM +# +scp $SSHOPTS -i $PVTKEY2 $SRCS $SSHUSER@$PUBIP:/tmp/. +ssh -t $SSHOPTS -i $PVTKEY2 $SSHUSER@$PUBIP 'sudo bash -xc "cd /opt; tar xf /tmp/srcs.tar; chown -R root:root /opt/cloudify /opt/manager; rm -rf /tmp/srcs.tar"' +# +# Install config file -- was done by DCAE controller. What now? +# +ssh $SSHOPTS -t -i $PVTKEY2 $SSHUSER@$PUBIP 'sudo bash -xc '"'"'mkdir -p /opt/dcae; if [ -f /tmp/cfy-config.txt ]; then cp /tmp/cfy-config.txt /opt/dcae/config.txt && chmod 644 /opt/dcae/config.txt; fi'"'" +cd $WORKDIR + +# +# Check for and set up https certificate information +# +rm -f $BSDIR/cloudify-manager-blueprints-3.4/resources/ssl/server.key $BSDIR/cloudify-manager-blueprints-3.4/resources/ssl/server.crt +ssh -t $SSHOPTS -i $PVTKEY2 $SSHUSER@$PUBIP 'sudo bash -xc "openssl pkcs12 -in /opt/app/dcae-certificate/certificate.pkcs12 -passin file:/opt/app/dcae-certificate/.password -nodes -chain"' | awk 'BEGIN{x="/dev/null";}/-----BEGIN CERTIFICATE-----/{x="'$BSDIR'/cloudify-manager-blueprints-3.4/resources/ssl/server.crt";}/-----BEGIN PRIVATE KEY-----/{x="'$BSDIR'/cloudify-manager-blueprints-3.4/resources/ssl/server.key";}{print >x;}/-----END /{x="/dev/null";}' +USESSL=false +if [ -f $BSDIR/cloudify-manager-blueprints-3.4/resources/ssl/server.key -a -f $BSDIR/cloudify-manager-blueprints-3.4/resources/ssl/server.crt ] +then + USESSL=true +fi +# +# Set up configuration for the bootstrap +# +export CLOUDIFY_USERNAME=admin CLOUDIFY_PASSWORD=encc0fba9f6d618a1a51935b42342b17658 +cd $BSDIR/cloudify-manager-blueprints-3.4 +cp simple-manager-blueprint.yaml bootstrap-blueprint.yaml +ed bootstrap-blueprint.yaml <<'!EOF' +/^node_types:/-1a + plugin_resources: + description: > + Holds any archives that should be uploaded to the manager. + default: [] + dsl_resources: + description: > + Holds a set of dsl required resources + default: [] +. +/^ upload_resources:/a + plugin_resources: { get_input: plugin_resources } +. +w +q +!EOF + +sed <simple-manager-blueprint-inputs.yaml >bootstrap-inputs.yaml \ + -e "s;.*public_ip: .*;public_ip: '$PUBIP';" \ + -e "s;.*private_ip: .*;private_ip: '$PVTIP';" \ + -e "s;.*ssh_user: .*;ssh_user: '$SSHUSER';" \ + -e "s;.*ssh_key_filename: .*;ssh_key_filename: '$PVTKEY2';" \ + -e "s;.*elasticsearch_java_opts: .*;elasticsearch_java_opts: '-Des.cluster.name=$ESMAGIC';" \ + -e "/ssl_enabled: /s/.*/ssl_enabled: $USESSL/" \ + -e "/security_enabled: /s/.*/security_enabled: $USESSL/" \ + -e "/admin_password: /s/.*/admin_password: '$CLOUDIFY_PASSWORD'/" \ + -e "/admin_username: /s/.*/admin_username: '$CLOUDIFY_USERNAME'/" \ + -e "s;.*manager_resources_package: .*;manager_resources_package: 'http://169.254.169.254/nosuchthing/$MRPFILE';" \ + -e "s;.*ignore_bootstrap_validations: .*;ignore_bootstrap_validations: true;" \ + +# Add plugin resources +# TODO Add the other plugins when they're available +cat >>bootstrap-inputs.yaml <<'!EOF' +plugin_resources: + - 'http://repository.cloudifysource.org/org/cloudify3/wagons/cloudify-openstack-plugin/1.4/cloudify_openstack_plugin-1.4-py27-none-linux_x86_64-centos-Core.wgn' + - 'http://repository.cloudifysource.org/org/cloudify3/wagons/cloudify-fabric-plugin/1.4.1/cloudify_fabric_plugin-1.4.1-py27-none-linux_x86_64-centos-Core.wgn' + - '{{ ONAPTEMPLATE_RAWREPOURL_org_onap_ccsdk_platform_plugins_releases }}/plugins/dnsdesig-1.0.0-py27-none-any.wgn' + - '{{ ONAPTEMPLATE_RAWREPOURL_org_onap_ccsdk_platform_plugins_releases }}/plugins/sshkeyshare-1.0.0-py27-none-any.wgn' +!EOF +# +# And away we go +# +cfy init -r +cfy bootstrap --install-plugins -p bootstrap-blueprint.yaml -i bootstrap-inputs.yaml +rm -f resources/ssl/server.key + +# Install Consul VM via a blueprint +cd $STARTDIR +mkdir consul +cd consul +cfy init -r +cfy use -t ${PUBIP} +echo "Deploying Consul VM" + +set +e +if wget -P ../blueprints/ {{ ONAPTEMPLATE_RAWREPOURL_org_onap_dcaegen2_platform_blueprints_releases }}/blueprints/consul_cluster.yaml; then + echo "Succeeded in getting the newest consul_cluster.yaml" +else + echo "Failed to update consul_cluster.yaml, using default version" +fi +set -e +cfy install -p ../blueprints/consul_cluster.yaml -d consul -i ../${INPUTS} -i "datacenter=$LOCATION" + +# Get the floating IP for one member of the cluster +# Needed for instructing the Consul agent on CM host to join the cluster +CONSULIP=$(cfy deployments outputs -d consul | grep -Po 'Value: \K.*') +echo Consul deployed at $CONSULIP + +# Wait for Consul API to come up +until curl http://$CONSULIP:8500/v1/agent/services +do + echo Waiting for Consul API + sleep 60 +done + +# Wait for a leader to be elected +until [[ "$(curl -Ss http://$CONSULIP:8500/v1/status/leader)" != '""' ]] +do + echo Waiting for leader + sleep 30 +done + +# Instruct the client-mode Consul agent running on the CM to join the cluster +curl http://$PUBIP:8500/v1/agent/join/$CONSULIP + +# Register Cloudify Manager in Consul via the local agent on CM host + +REGREQ=" +{ + \"Name\" : \"cloudify_manager\", + \"ID\" : \"cloudify_manager\", + \"Tags\" : [\"http://${PUBIP}/api/v2.1\"], + \"Address\": \"${PUBIP}\", + \"Port\": 80, + \"Check\" : { + \"Name\" : \"cloudify_manager_health\", + \"Interval\" : \"300s\", + \"HTTP\" : \"http://${PUBIP}/api/v2.1/status\", + \"Status\" : \"passing\", + \"DeregisterCriticalServiceAfter\" : \"30m\" + } +} +" + +curl -X PUT -H 'Content-Type: application/json' --data-binary "$REGREQ" http://$PUBIP:8500/v1/agent/service/register +# Make Consul address available to plugins on Cloudify Manager +# TODO probably not necessary anymore +ENVINI=$(mktemp) +cat <<!EOF > $ENVINI +[$LOCATION] +CONSUL_HOST=$CONSULIP +CONFIG_BINDING_SERVICE=config_binding_service +!EOF +scp $SSHOPTS -i ../$PVTKEY $ENVINI $SSHUSER@$PUBIP:/tmp/env.ini +ssh -t $SSHOPTS -i ../$PVTKEY $SSHUSER@$PUBIP sudo mv /tmp/env.ini /opt/env.ini +rm $ENVINI + +while true +do + sleep 300 +done |