summaryrefslogtreecommitdiffstats
path: root/cm-container/scripts
diff options
context:
space:
mode:
authorSchmalzried, Terry (ts862m) <ts862m@att.com>2020-08-21 15:59:22 -0400
committerSchmalzried, Terry (ts862m) <ts862m@att.com>2020-08-27 11:08:13 -0400
commit15b4979453ac9e85dc8e03d30d7ca440179dfc73 (patch)
tree35c61bd7fdfb20120cac7daadc62b75494c4a01a /cm-container/scripts
parent33b1137c1766a57aa1cb7e77e51c0593c776ef56 (diff)
Set Cloudify password3.2.0
Cloudify pod updates for sourcing password from CMPASS environment variable. Issue-ID: DCAEGEN2-1975 Change-Id: I5f297af9ad92389d0901eee463ea175751853838 Signed-off-by: Schmalzried, Terry (ts862m) <ts862m@att.com>
Diffstat (limited to 'cm-container/scripts')
-rw-r--r--cm-container/scripts/cloudify-ready.sh24
-rwxr-xr-xcm-container/scripts/dcae-cleanup.sh12
-rwxr-xr-xcm-container/scripts/load-plugins.sh8
-rwxr-xr-xcm-container/scripts/set-admin-password.sh39
-rwxr-xr-xcm-container/scripts/setup-secret.sh1
5 files changed, 72 insertions, 12 deletions
diff --git a/cm-container/scripts/cloudify-ready.sh b/cm-container/scripts/cloudify-ready.sh
index 60b48e6..0cb3e6e 100644
--- a/cm-container/scripts/cloudify-ready.sh
+++ b/cm-container/scripts/cloudify-ready.sh
@@ -2,7 +2,7 @@
# ============LICENSE_START=======================================================
# org.onap.dcae
# ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -41,14 +41,32 @@
# | Riemann | running |
# +--------------------------------+---------+
#
-# When an individual service is not running, it will have a status other than "running".
+# or:
+#
+# cfy status
+# Retrieving manager services status... [ip=dcae-cloudify-manager]
+#
+# Services:
+# +--------------------------------+--------+
+# | service | status |
+# +--------------------------------+--------+
+# | Cloudify Console | Active |
+# | PostgreSQL | Active |
+# | AMQP-Postgres | Active |
+# | Manager Rest-Service | Active |
+# | RabbitMQ | Active |
+# | Webserver | Active |
+# | Management Worker | Active |
+# +--------------------------------+--------+
+#
+# When an individual service is not running, it will have a status other than "running" or "Active".
# If the Cloudify API cannot be reached, the "Services:" line will not appear.
STAT=$(cfy status)
if (echo "${STAT}" | grep "^Services:$")
then
echo "Got a status response"
- if !(echo "${STAT}" | egrep '^\| [[:alnum:]]+'| grep -iv '| running ')
+ if !(echo "${STAT}" | egrep '^\| [[:alnum:]]+'| egrep -iv ' Active | running ')
then
echo "All services running"
exit 0
diff --git a/cm-container/scripts/dcae-cleanup.sh b/cm-container/scripts/dcae-cleanup.sh
index ce5c56b..b95b639 100755
--- a/cm-container/scripts/dcae-cleanup.sh
+++ b/cm-container/scripts/dcae-cleanup.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# ================================================================================
-# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -43,10 +43,12 @@
set -x
set +e
-# Get the CM admin password from the config file
-# Brittle, but the container is built with an unchanging version of CM,
-# so no real risk of a breaking change
-CMPASS=$(grep 'admin_password:' /etc/cloudify/config.yaml | cut -d ':' -f2 | tr -d ' ')
+# Expect Cloudify password to be in file mounted from Kubernetes secret,
+# but allow overriding by CMPASS environment variable,
+# and if not provided, use the default
+CMPASS=${CMPASS:-$(cat /opt/onap/cm-secrets/password 2>/dev/null)}
+CMPASS=${CMPASS:-admin}
+
TYPENAMES=[\\\"dcae.nodes.ContainerizedServiceComponent\\\",\\\"dcae.nodes.ContainerizedServiceComponentUsingDmaap\\\",\\\"dcae.nodes.ContainerizedPlatformComponent\\\",\\\"dcae.nodes.ContainerizedApplication\\\"]
# Uninstall components managed by Cloudify
diff --git a/cm-container/scripts/load-plugins.sh b/cm-container/scripts/load-plugins.sh
index f4d1f66..5a342dd 100755
--- a/cm-container/scripts/load-plugins.sh
+++ b/cm-container/scripts/load-plugins.sh
@@ -25,8 +25,10 @@ CMADDR=${CMADDR:-dcae-cloudify-manager}
CMPROTO=${CMPROTO:-https}
CMPORT=${CMPORT:-443}
-# Password is currently fixed at the default
-# Eventually the password will be passed in as an environment variable
+# Expect Cloudify password to be in file mounted from Kubernetes secret,
+# but allow overriding by CMPASS environment variable,
+# and if not provided, use the default
+CMPASS=${CMPASS:-$(cat /opt/onap/cm-secrets/password 2>/dev/null)}
CMPASS=${CMPASS:-admin}
# Set up additional parameters for using HTTPS
@@ -100,4 +102,4 @@ then
touch ${PLUGINS_LOADED}
else
echo "Plugins already loaded"
-fi \ No newline at end of file
+fi
diff --git a/cm-container/scripts/set-admin-password.sh b/cm-container/scripts/set-admin-password.sh
new file mode 100755
index 0000000..5b9ca27
--- /dev/null
+++ b/cm-container/scripts/set-admin-password.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+# ============LICENSE_START=======================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+# Runs at deployment time to set cloudify's admin password
+
+# Wait for Cloudify Manager to come up
+while ! /scripts/cloudify-ready.sh
+do
+ echo "Waiting for CM to come up"
+ sleep 15
+done
+
+# Expect Cloudify password to be in file mounted from Kubernetes secret,
+# but allow overriding by CMPASS environment variable,
+# and if not provided, use the default
+CMPASS=${CMPASS:-$(cat /opt/onap/cm-secrets/password 2>/dev/null)}
+CMPASS=${CMPASS:-admin}
+
+# Set Cloudify's admin password
+cd /opt/manager
+cfy_manager --reset_admin_password $CMPASS || ./env/bin/python reset_admin.py -p $CMPASS
+
+# Set the password used by the cfy client
+cfy profile set -p $CMPASS
+
+echo "Cloudify password set"
diff --git a/cm-container/scripts/setup-secret.sh b/cm-container/scripts/setup-secret.sh
index 848ed28..a3ee6c5 100755
--- a/cm-container/scripts/setup-secret.sh
+++ b/cm-container/scripts/setup-secret.sh
@@ -1,4 +1,3 @@
-
#!/bin/bash
# ================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.