summaryrefslogtreecommitdiffstats
path: root/bootstrap/installer-docker.sh-template
diff options
context:
space:
mode:
authorLusheng Ji <lji@research.att.com>2017-09-11 20:11:29 +0000
committerLusheng Ji <lji@research.att.com>2017-09-11 20:11:44 +0000
commitc38ca2f40aa0eee42fb7b2c61be4ba6e4f9aa56a (patch)
tree09d8462e1a8838b9fd575e5f9b6fcbb6af94c8e1 /bootstrap/installer-docker.sh-template
parent55f488022631ce6ab14b440e747b2e9d7648b49c (diff)
Add bootstrap
Issue-Id: DCAEGEN2-75 Change-Id: I0158762c1c3e29612381734a608fa821e903e92e Signed-off-by: Lusheng Ji <lji@research.att.com>
Diffstat (limited to 'bootstrap/installer-docker.sh-template')
-rwxr-xr-xbootstrap/installer-docker.sh-template320
1 files changed, 320 insertions, 0 deletions
diff --git a/bootstrap/installer-docker.sh-template b/bootstrap/installer-docker.sh-template
new file mode 100755
index 0000000..672f397
--- /dev/null
+++ b/bootstrap/installer-docker.sh-template
@@ -0,0 +1,320 @@
+#!/bin/bash
+#
+# ============LICENSE_START==========================================
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END============================================
+#
+# ECOMP and OpenECOMP are trademarks
+# and service marks of AT&T Intellectual Property.
+#
+
+# URLs for artifacts needed for installation
+DESIGTYPES={{ ONAPTEMPLATE_RAWREPOURL_org_onap_ccsdk_platform_plugins_releases }}/type_files/dnsdesig/dns_types.yaml
+DESIGPLUG={{ ONAPTEMPLATE_RAWREPOURL_org_onap_ccsdk_platform_plugins_releases }}/plugins/dnsdesig-1.0.0-py27-none-any.wgn
+SSHKEYTYPES={{ ONAPTEMPLATE_RAWREPOURL_org_onap_ccsdk_platform_plugins_releases }}/type_files/sshkeyshare/sshkey_types.yaml
+SSHKEYPLUG={{ ONAPTEMPLATE_RAWREPOURL_org_onap_ccsdk_platform_plugins_releases }}/plugins/sshkeyshare-1.0.0-py27-none-any.wgn
+OSPLUGINZIP=https://github.com/cloudify-cosmo/cloudify-openstack-plugin/archive/1.4.zip
+
+# Make sure ssh doesn't prompt for new host or choke on a new host with an IP it's seen before
+SSHOPTS="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
+STARTDIR=$(pwd)
+
+SSHUSER=centos
+PVTKEY=./config/key
+INPUTS=./config/inputs.yaml
+
+if ["$LOCATION" = "" ]
+then
+ echo 'Environment variable LOCATION not set. Should be set to location ID for this installation.'
+ exit 1
+fi
+
+set -e
+set -x
+
+# Docker workaround for SSH key
+# In order for the container to be able to access the key when it's mounted from the Docker host,
+# the key file has to be world-readable. But ssh itself will not work with a private key that's world readable.
+# So we make a copy and change permissions on the copy.
+# NB -- the key on the Docker host has to be world-readable, which means that, from the host machine, you
+# can't use it with ssh. It needs to be a world-readable COPY.
+PVTKEY=./key600
+cp ./config/key ${PVTKEY}
+chmod 600 ${PVTKEY}
+
+# Create a virtual environment
+virtualenv dcaeinstall
+source dcaeinstall/bin/activate
+
+# Install Cloudify
+pip install cloudify==3.4.0
+
+# Install the Cloudify OpenStack plugin
+wget -qO- ${OSPLUGINZIP} > openstack.zip
+pip install openstack.zip
+
+# Spin up a VM
+
+# Get the Designate and SSH key type files and plugins
+mkdir types
+wget -qO- ${DESIGTYPES} > types/dns_types.yaml
+wget -qO- ${SSHKEYTYPES} > types/sshkey_types.yaml
+
+wget -O dnsdesig.wgn ${DESIGPLUG}
+wget -O sshkeyshare.wgn ${SSHKEYPLUG}
+
+wagon install -s dnsdesig.wgn
+wagon install -s sshkeyshare.wgn
+
+## Fix up the inputs file to get the private key locally
+sed -e "s#key_filename:.*#key_filename: $PVTKEY#" < ${INPUTS} > /tmp/local_inputs
+
+# Now install the VM
+# Don't exit on error after this point--keep container running so we can do uninstalls after a failure
+set +e
+if wget -P ./blueprints/ {{ ONAPTEMPLATE_RAWREPOURL_org_onap_dcaegen2_platform_blueprints_releases }}/blueprints/centos_vm.yaml; then
+ echo "Succeeded in getting the newest centos_vm.yaml"
+else
+ echo "Failed to update centos_vm.yaml, using default version"
+fi
+set -e
+cfy local init --install-plugins -p ./blueprints/centos_vm.yaml -i /tmp/local_inputs -i "datacenter=$LOCATION"
+cfy local execute -w install --task-retries=10
+PUBIP=$(cfy local outputs | grep -Po '"public_ip": "\K.*?(?=")')
+
+
+## It's probably not completely ready when the installation finish, so wait
+sleep 180
+
+echo "Installing Cloudify Manager on ${PUBIP}."
+
+PVTIP=$(ssh $SSHOPTS -i "$PVTKEY" "$SSHUSER"@"$PUBIP" 'echo PVTIP=`curl --silent http://169.254.169.254/2009-04-04/meta-data/local-ipv4`' | grep PVTIP | sed 's/PVTIP=//')
+if [ "$PVTIP" = "" ]
+then
+ echo Cannot access specified machine at $PUBIP using supplied credentials
+ # Don't exit--keep the container up so we can uninstall the VM and supporting entities
+ while true
+ do
+ sleep 300
+ done
+fi
+
+
+# Copy private key onto Cloudify Manager VM
+PVTKEYPATH=$(cat ${INPUTS} | grep "key_filename" | cut -d "'" -f2)
+PVTKEYNAME=$(basename $PVTKEYPATH)
+PVTKEYDIR=$(dirname $PVTKEYPATH)
+scp $SSHOPTS -i $PVTKEY $PVTKEY $SSHUSER@$PUBIP:/tmp/$PVTKEYNAME
+ssh -t $SSHOPTS -i $PVTKEY $SSHUSER@$PUBIP sudo mkdir -p $PVTKEYDIR
+ssh -t $SSHOPTS -i $PVTKEY $SSHUSER@$PUBIP sudo mv /tmp/$PVTKEYNAME $PVTKEYPATH
+
+ESMAGIC=$(uuidgen -r)
+WORKDIR=$HOME/cmtmp
+BSDIR=$WORKDIR/cmbootstrap
+PVTKEY2=$BSDIR/id_rsa.cfybootstrap
+TMPBASE=$WORKDIR/tmp
+TMPDIR=$TMPBASE/lib
+SRCS=$WORKDIR/srcs.tar
+TOOL=$WORKDIR/tool.py
+rm -rf $WORKDIR
+mkdir -p $BSDIR $TMPDIR/cloudify/wheels $TMPDIR/cloudify/sources $TMPDIR/manager
+chmod 700 $WORKDIR
+cp "$PVTKEY" $PVTKEY2
+cat >$TOOL <<!EOF
+#!/usr/local/bin/python
+#
+import yaml
+import sys
+bsdir = sys.argv[1]
+with open(bsdir + '/simple-manager-blueprint-inputs.yaml', 'r') as f:
+ inpyaml = yaml.load(f)
+with open(bsdir + '/simple-manager-blueprint.yaml', 'r') as f:
+ bpyaml = yaml.load(f)
+for param, value in bpyaml['inputs'].items():
+ if value.has_key('default') and not inpyaml.has_key(param):
+ inpyaml[param] = value['default']
+print inpyaml['manager_resources_package']
+!EOF
+
+#
+# Try to disable attempt to download virtualenv when not needed
+#
+ssh $SSHOPTS -t -i $PVTKEY2 $SSHUSER@$PUBIP 'sudo bash -xc "echo y; mkdir -p /root/.virtualenv; echo '"'"'[virtualenv]'"'"' >/root/.virtualenv/virtualenv.ini; echo no-download=true >>/root/.virtualenv/virtualenv.ini"'
+
+# Gather installation artifacts
+# from documentation, URL for manager blueprints archive
+BSURL=https://github.com/cloudify-cosmo/cloudify-manager-blueprints/archive/3.4.tar.gz
+BSFILE=$(basename $BSURL)
+
+umask 022
+wget -qO- $BSURL >$BSDIR/$BSFILE
+cd $BSDIR
+tar xzvf $BSFILE
+MRPURL=$(python $TOOL $BSDIR/cloudify-manager-blueprints-3.4)
+MRPFILE=$(basename $MRPURL)
+wget -qO- $MRPURL >$TMPDIR/cloudify/sources/$MRPFILE
+
+tar cf $SRCS -C $TMPDIR cloudify
+rm -rf $TMPBASE
+#
+# Load required package files onto VM
+#
+scp $SSHOPTS -i $PVTKEY2 $SRCS $SSHUSER@$PUBIP:/tmp/.
+ssh -t $SSHOPTS -i $PVTKEY2 $SSHUSER@$PUBIP 'sudo bash -xc "cd /opt; tar xf /tmp/srcs.tar; chown -R root:root /opt/cloudify /opt/manager; rm -rf /tmp/srcs.tar"'
+#
+# Install config file -- was done by DCAE controller. What now?
+#
+ssh $SSHOPTS -t -i $PVTKEY2 $SSHUSER@$PUBIP 'sudo bash -xc '"'"'mkdir -p /opt/dcae; if [ -f /tmp/cfy-config.txt ]; then cp /tmp/cfy-config.txt /opt/dcae/config.txt && chmod 644 /opt/dcae/config.txt; fi'"'"
+cd $WORKDIR
+
+#
+# Check for and set up https certificate information
+#
+rm -f $BSDIR/cloudify-manager-blueprints-3.4/resources/ssl/server.key $BSDIR/cloudify-manager-blueprints-3.4/resources/ssl/server.crt
+ssh -t $SSHOPTS -i $PVTKEY2 $SSHUSER@$PUBIP 'sudo bash -xc "openssl pkcs12 -in /opt/app/dcae-certificate/certificate.pkcs12 -passin file:/opt/app/dcae-certificate/.password -nodes -chain"' | awk 'BEGIN{x="/dev/null";}/-----BEGIN CERTIFICATE-----/{x="'$BSDIR'/cloudify-manager-blueprints-3.4/resources/ssl/server.crt";}/-----BEGIN PRIVATE KEY-----/{x="'$BSDIR'/cloudify-manager-blueprints-3.4/resources/ssl/server.key";}{print >x;}/-----END /{x="/dev/null";}'
+USESSL=false
+if [ -f $BSDIR/cloudify-manager-blueprints-3.4/resources/ssl/server.key -a -f $BSDIR/cloudify-manager-blueprints-3.4/resources/ssl/server.crt ]
+then
+ USESSL=true
+fi
+#
+# Set up configuration for the bootstrap
+#
+export CLOUDIFY_USERNAME=admin CLOUDIFY_PASSWORD=encc0fba9f6d618a1a51935b42342b17658
+cd $BSDIR/cloudify-manager-blueprints-3.4
+cp simple-manager-blueprint.yaml bootstrap-blueprint.yaml
+ed bootstrap-blueprint.yaml <<'!EOF'
+/^node_types:/-1a
+ plugin_resources:
+ description: >
+ Holds any archives that should be uploaded to the manager.
+ default: []
+ dsl_resources:
+ description: >
+ Holds a set of dsl required resources
+ default: []
+.
+/^ upload_resources:/a
+ plugin_resources: { get_input: plugin_resources }
+.
+w
+q
+!EOF
+
+sed <simple-manager-blueprint-inputs.yaml >bootstrap-inputs.yaml \
+ -e "s;.*public_ip: .*;public_ip: '$PUBIP';" \
+ -e "s;.*private_ip: .*;private_ip: '$PVTIP';" \
+ -e "s;.*ssh_user: .*;ssh_user: '$SSHUSER';" \
+ -e "s;.*ssh_key_filename: .*;ssh_key_filename: '$PVTKEY2';" \
+ -e "s;.*elasticsearch_java_opts: .*;elasticsearch_java_opts: '-Des.cluster.name=$ESMAGIC';" \
+ -e "/ssl_enabled: /s/.*/ssl_enabled: $USESSL/" \
+ -e "/security_enabled: /s/.*/security_enabled: $USESSL/" \
+ -e "/admin_password: /s/.*/admin_password: '$CLOUDIFY_PASSWORD'/" \
+ -e "/admin_username: /s/.*/admin_username: '$CLOUDIFY_USERNAME'/" \
+ -e "s;.*manager_resources_package: .*;manager_resources_package: 'http://169.254.169.254/nosuchthing/$MRPFILE';" \
+ -e "s;.*ignore_bootstrap_validations: .*;ignore_bootstrap_validations: true;" \
+
+# Add plugin resources
+# TODO Add the other plugins when they're available
+cat >>bootstrap-inputs.yaml <<'!EOF'
+plugin_resources:
+ - 'http://repository.cloudifysource.org/org/cloudify3/wagons/cloudify-openstack-plugin/1.4/cloudify_openstack_plugin-1.4-py27-none-linux_x86_64-centos-Core.wgn'
+ - 'http://repository.cloudifysource.org/org/cloudify3/wagons/cloudify-fabric-plugin/1.4.1/cloudify_fabric_plugin-1.4.1-py27-none-linux_x86_64-centos-Core.wgn'
+ - '{{ ONAPTEMPLATE_RAWREPOURL_org_onap_ccsdk_platform_plugins_releases }}/plugins/dnsdesig-1.0.0-py27-none-any.wgn'
+ - '{{ ONAPTEMPLATE_RAWREPOURL_org_onap_ccsdk_platform_plugins_releases }}/plugins/sshkeyshare-1.0.0-py27-none-any.wgn'
+!EOF
+#
+# And away we go
+#
+cfy init -r
+cfy bootstrap --install-plugins -p bootstrap-blueprint.yaml -i bootstrap-inputs.yaml
+rm -f resources/ssl/server.key
+
+# Install Consul VM via a blueprint
+cd $STARTDIR
+mkdir consul
+cd consul
+cfy init -r
+cfy use -t ${PUBIP}
+echo "Deploying Consul VM"
+
+set +e
+if wget -P ../blueprints/ {{ ONAPTEMPLATE_RAWREPOURL_org_onap_dcaegen2_platform_blueprints_releases }}/blueprints/consul_cluster.yaml; then
+ echo "Succeeded in getting the newest consul_cluster.yaml"
+else
+ echo "Failed to update consul_cluster.yaml, using default version"
+fi
+set -e
+cfy install -p ../blueprints/consul_cluster.yaml -d consul -i ../${INPUTS} -i "datacenter=$LOCATION"
+
+# Get the floating IP for one member of the cluster
+# Needed for instructing the Consul agent on CM host to join the cluster
+CONSULIP=$(cfy deployments outputs -d consul | grep -Po 'Value: \K.*')
+echo Consul deployed at $CONSULIP
+
+# Wait for Consul API to come up
+until curl http://$CONSULIP:8500/v1/agent/services
+do
+ echo Waiting for Consul API
+ sleep 60
+done
+
+# Wait for a leader to be elected
+until [[ "$(curl -Ss http://$CONSULIP:8500/v1/status/leader)" != '""' ]]
+do
+ echo Waiting for leader
+ sleep 30
+done
+
+# Instruct the client-mode Consul agent running on the CM to join the cluster
+curl http://$PUBIP:8500/v1/agent/join/$CONSULIP
+
+# Register Cloudify Manager in Consul via the local agent on CM host
+
+REGREQ="
+{
+ \"Name\" : \"cloudify_manager\",
+ \"ID\" : \"cloudify_manager\",
+ \"Tags\" : [\"http://${PUBIP}/api/v2.1\"],
+ \"Address\": \"${PUBIP}\",
+ \"Port\": 80,
+ \"Check\" : {
+ \"Name\" : \"cloudify_manager_health\",
+ \"Interval\" : \"300s\",
+ \"HTTP\" : \"http://${PUBIP}/api/v2.1/status\",
+ \"Status\" : \"passing\",
+ \"DeregisterCriticalServiceAfter\" : \"30m\"
+ }
+}
+"
+
+curl -X PUT -H 'Content-Type: application/json' --data-binary "$REGREQ" http://$PUBIP:8500/v1/agent/service/register
+# Make Consul address available to plugins on Cloudify Manager
+# TODO probably not necessary anymore
+ENVINI=$(mktemp)
+cat <<!EOF > $ENVINI
+[$LOCATION]
+CONSUL_HOST=$CONSULIP
+CONFIG_BINDING_SERVICE=config_binding_service
+!EOF
+scp $SSHOPTS -i ../$PVTKEY $ENVINI $SSHUSER@$PUBIP:/tmp/env.ini
+ssh -t $SSHOPTS -i ../$PVTKEY $SSHUSER@$PUBIP sudo mv /tmp/env.ini /opt/env.ini
+rm $ENVINI
+
+while true
+do
+ sleep 300
+done