diff options
| author |   Schmalzried, Terry (ts862m) <ts862m@att.com> | 2020-08-21 15:59:22 -0400 |
|---|---|---|
| committer | Schmalzried, Terry (ts862m) <ts862m@att.com> | 2020-08-27 11:08:13 -0400 |
| commit | 15b4979453ac9e85dc8e03d30d7ca440179dfc73 (patch) | |
| tree | 35c61bd7fdfb20120cac7daadc62b75494c4a01a /cm-container/scripts | |
| parent | 33b1137c1766a57aa1cb7e77e51c0593c776ef56 (diff) | |
Set Cloudify password3.2.0
Cloudify pod updates for sourcing password from CMPASS environment variable.
Issue-ID: DCAEGEN2-1975
Change-Id: I5f297af9ad92389d0901eee463ea175751853838
Signed-off-by: Schmalzried, Terry (ts862m) <ts862m@att.com>
Diffstat (limited to 'cm-container/scripts')
| -rw-r--r-- | cm-container/scripts/cloudify-ready.sh | 24 | ||||
| -rwxr-xr-x | cm-container/scripts/dcae-cleanup.sh | 12 | ||||
| -rwxr-xr-x | cm-container/scripts/load-plugins.sh | 8 | ||||
| -rwxr-xr-x | cm-container/scripts/set-admin-password.sh | 39 | ||||
| -rwxr-xr-x | cm-container/scripts/setup-secret.sh | 1 |
5 files changed, 72 insertions, 12 deletions
diff --git a/cm-container/scripts/cloudify-ready.sh b/cm-container/scripts/cloudify-ready.sh index 60b48e6..0cb3e6e 100644 --- a/cm-container/scripts/cloudify-ready.sh +++ b/cm-container/scripts/cloudify-ready.sh @@ -2,7 +2,7 @@ # ============LICENSE_START======================================================= # org.onap.dcae # ================================================================================ -# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -41,14 +41,32 @@ # | Riemann | running | # +--------------------------------+---------+ # -# When an individual service is not running, it will have a status other than "running". +# or: +# +# cfy status +# Retrieving manager services status... [ip=dcae-cloudify-manager] +# +# Services: +# +--------------------------------+--------+ +# | service | status | +# +--------------------------------+--------+ +# | Cloudify Console | Active | +# | PostgreSQL | Active | +# | AMQP-Postgres | Active | +# | Manager Rest-Service | Active | +# | RabbitMQ | Active | +# | Webserver | Active | +# | Management Worker | Active | +# +--------------------------------+--------+ +# +# When an individual service is not running, it will have a status other than "running" or "Active". # If the Cloudify API cannot be reached, the "Services:" line will not appear. STAT=$(cfy status) if (echo "${STAT}" | grep "^Services:$") then echo "Got a status response" - if !(echo "${STAT}" | egrep '^\| [[:alnum:]]+'| grep -iv '| running ') + if !(echo "${STAT}" | egrep '^\| [[:alnum:]]+'| egrep -iv ' Active | running ') then echo "All services running" exit 0 diff --git a/cm-container/scripts/dcae-cleanup.sh b/cm-container/scripts/dcae-cleanup.sh index ce5c56b..b95b639 100755 --- a/cm-container/scripts/dcae-cleanup.sh +++ b/cm-container/scripts/dcae-cleanup.sh @@ -1,6 +1,6 @@ #!/bin/bash # ================================================================================ -# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -43,10 +43,12 @@ set -x set +e -# Get the CM admin password from the config file -# Brittle, but the container is built with an unchanging version of CM, -# so no real risk of a breaking change -CMPASS=$(grep 'admin_password:' /etc/cloudify/config.yaml | cut -d ':' -f2 | tr -d ' ') +# Expect Cloudify password to be in file mounted from Kubernetes secret, +# but allow overriding by CMPASS environment variable, +# and if not provided, use the default +CMPASS=${CMPASS:-$(cat /opt/onap/cm-secrets/password 2>/dev/null)} +CMPASS=${CMPASS:-admin} + TYPENAMES=[\\\"dcae.nodes.ContainerizedServiceComponent\\\",\\\"dcae.nodes.ContainerizedServiceComponentUsingDmaap\\\",\\\"dcae.nodes.ContainerizedPlatformComponent\\\",\\\"dcae.nodes.ContainerizedApplication\\\"] # Uninstall components managed by Cloudify diff --git a/cm-container/scripts/load-plugins.sh b/cm-container/scripts/load-plugins.sh index f4d1f66..5a342dd 100755 --- a/cm-container/scripts/load-plugins.sh +++ b/cm-container/scripts/load-plugins.sh @@ -25,8 +25,10 @@ CMADDR=${CMADDR:-dcae-cloudify-manager} CMPROTO=${CMPROTO:-https} CMPORT=${CMPORT:-443} -# Password is currently fixed at the default -# Eventually the password will be passed in as an environment variable +# Expect Cloudify password to be in file mounted from Kubernetes secret, +# but allow overriding by CMPASS environment variable, +# and if not provided, use the default +CMPASS=${CMPASS:-$(cat /opt/onap/cm-secrets/password 2>/dev/null)} CMPASS=${CMPASS:-admin} # Set up additional parameters for using HTTPS @@ -100,4 +102,4 @@ then touch ${PLUGINS_LOADED} else echo "Plugins already loaded" -fi
\ No newline at end of file +fi diff --git a/cm-container/scripts/set-admin-password.sh b/cm-container/scripts/set-admin-password.sh new file mode 100755 index 0000000..5b9ca27 --- /dev/null +++ b/cm-container/scripts/set-admin-password.sh @@ -0,0 +1,39 @@ +#!/bin/bash +# ============LICENSE_START======================================================= +# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# Runs at deployment time to set cloudify's admin password + +# Wait for Cloudify Manager to come up +while ! /scripts/cloudify-ready.sh +do + echo "Waiting for CM to come up" + sleep 15 +done + +# Expect Cloudify password to be in file mounted from Kubernetes secret, +# but allow overriding by CMPASS environment variable, +# and if not provided, use the default +CMPASS=${CMPASS:-$(cat /opt/onap/cm-secrets/password 2>/dev/null)} +CMPASS=${CMPASS:-admin} + +# Set Cloudify's admin password +cd /opt/manager +cfy_manager --reset_admin_password $CMPASS || ./env/bin/python reset_admin.py -p $CMPASS + +# Set the password used by the cfy client +cfy profile set -p $CMPASS + +echo "Cloudify password set" diff --git a/cm-container/scripts/setup-secret.sh b/cm-container/scripts/setup-secret.sh index 848ed28..a3ee6c5 100755 --- a/cm-container/scripts/setup-secret.sh +++ b/cm-container/scripts/setup-secret.sh @@ -1,4 +1,3 @@ - #!/bin/bash # ================================================================================ # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. |