summaryrefslogtreecommitdiffstats
path: root/cm-container/scripts
diff options
context:
space:
mode:
authorJack Lucas <jflucas@research.att.com>2019-03-22 18:31:55 -0400
committerJack Lucas <jflucas@research.att.com>2019-03-22 18:46:13 -0400
commit205fc2e449f9bcc2f447c58d2bd15e9b563237d3 (patch)
tree97eabcf3e5252130b9626d29643084961c1602ea /cm-container/scripts
parent4c67277a504a8c2c200e6fe63c7218759620a1ec (diff)
Fix support for local type file storage
Also move to script-based readiness check so that the import resolver rule updated needed for local type file storage takes effect before clients try to use CM, and to verify that all CM services are really up. Issue-ID: DCAEGEN2-989 Change-Id: I9732fa0ff38affa320b6a872b74c16f87b73eb67 Signed-off-by: Jack Lucas <jflucas@research.att.com>
Diffstat (limited to 'cm-container/scripts')
-rw-r--r--cm-container/scripts/cloudify-ready.sh62
-rwxr-xr-xcm-container/scripts/dcae-cleanup.sh62
-rwxr-xr-xcm-container/scripts/get-type-files.sh77
-rw-r--r--cm-container/scripts/readiness-check.sh40
-rwxr-xr-xcm-container/scripts/set-resolver-rules.sh39
-rwxr-xr-xcm-container/scripts/setup-secret.sh27
-rwxr-xr-xcm-container/scripts/start-persistent.sh53
-rw-r--r--cm-container/scripts/update_resolver.py56
8 files changed, 416 insertions, 0 deletions
diff --git a/cm-container/scripts/cloudify-ready.sh b/cm-container/scripts/cloudify-ready.sh
new file mode 100644
index 0000000..60b48e6
--- /dev/null
+++ b/cm-container/scripts/cloudify-ready.sh
@@ -0,0 +1,62 @@
+#!/bin/bash
+# ============LICENSE_START=======================================================
+# org.onap.dcae
+# ================================================================================
+# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+# Checking Cloudify Manager readiness by looking
+# for non-running services
+# Relying on the output format of the "cfy status" command.
+# A successful execution of the command outputs:
+#
+# cfy status
+# Retrieving manager services status... [ip=localhost]
+#
+# Services:
+# +--------------------------------+---------+
+# | service | status |
+# +--------------------------------+---------+
+# | InfluxDB | running |
+# | Logstash | running |
+# | AMQP InfluxDB | running |
+# | RabbitMQ | running |
+# | Webserver | running |
+# | Management Worker | running |
+# | PostgreSQL | running |
+# | Cloudify Console | running |
+# | Manager Rest-Service | running |
+# | Riemann | running |
+# +--------------------------------+---------+
+#
+# When an individual service is not running, it will have a status other than "running".
+# If the Cloudify API cannot be reached, the "Services:" line will not appear.
+
+STAT=$(cfy status)
+if (echo "${STAT}" | grep "^Services:$")
+then
+ echo "Got a status response"
+ if !(echo "${STAT}" | egrep '^\| [[:alnum:]]+'| grep -iv '| running ')
+ then
+ echo "All services running"
+ exit 0
+ else
+ echo "Some service(s) not running"
+ fi
+else
+ echo "Did not get a status response"
+fi
+echo "${STAT}"
+exit 1
diff --git a/cm-container/scripts/dcae-cleanup.sh b/cm-container/scripts/dcae-cleanup.sh
new file mode 100755
index 0000000..a9779be
--- /dev/null
+++ b/cm-container/scripts/dcae-cleanup.sh
@@ -0,0 +1,62 @@
+#!/bin/bash
+# ================================================================================
+# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+# Clean up DCAE during ONAP uninstall
+#
+# When helm delete is being used to uninstall all of ONAP, helm does
+# not know about k8s entities that were created by Cloudify Manager.
+# This script--intended to run as a preUninstall hook when Cloudify Manager itself
+# is undeleted--uses Cloudify to clean up the k8s entities deployed by Cloudify.
+#
+# Rather than using the 'cfy uninstall' command to run a full 'uninstall' workflow
+# against the deployments, this script uses 'cfy executions' to run a 'stop'
+# stop operation against the nodes in each deployment. The reason for this is that,
+# at the time this script runs, we have no guarantees about what other components are
+# still running. In particular, a full 'uninstall' will cause API requests to Consul
+# and will raise RecoverableErrors if it cannot connect. RecoverableErrors send Cloudify
+# into a long retry loop. Instead, we invoke only the 'stop'
+# operation on each node, and the 'stop' operation uses the k8s API (guaranteed to be
+# present) but not the Consul API.
+#
+# Note that the script finds all of the deployments known to Cloudify and runs the
+# 'stop' operation on every k8s node.
+# The result of the script is that all of the k8s entities deployed by Cloudify
+# should be destroyed. Cloudify Manager itself isn't fully cleaned up (the deployments and
+# blueprints are left), but that doesn't matter because Cloudify Manager will be
+# destroyed by Helm.
+
+
+set -x
+set +e
+
+# Get the CM admin password from the config file
+# Brittle, but the container is built with an unchanging version of CM,
+# so no real risk of a breaking change
+CMPASS=$(grep 'admin_password:' /etc/cloudify/config.yaml | cut -d ':' -f2 | tr -d ' ')
+TYPENAMES=[\\\"dcae.nodes.ContainerizedServiceComponent\\\",\\\"dcae.nodes.ContainerizedServiceComponentUsingDmaap\\\",\\\"dcae.nodes.ContainerizedPlatformComponent\\\",\\\"dcae.nodes.ContainerizedApplication\\\"]
+
+# Uninstall components managed by Cloudify
+# Get the list of deployment ids known to Cloudify via curl to Cloudify API.
+# The output of the curl is JSON that looks like {"items" :[{"id": "config_binding_service"}, ...], "metadata" :{...}}
+#
+# jq gives us the just the deployment ids (e.g., "config_binding_service"), one per line
+#
+# xargs -I lets us run the cfy executions command once for each deployment id extracted by jq
+
+curl -Ss --user admin:$CMPASS -H "Tenant: default_tenant" "localhost/api/v3.1/deployments?_include=id" \
+| /bin/jq .items[].id \
+| xargs -I % sh -c "cfy executions start -d % -p '{'\\\"type_names\\\":${TYPENAMES},\\\"operation\\\":\\\"cloudify.interfaces.lifecycle.stop\\\"'}' execute_operation"
diff --git a/cm-container/scripts/get-type-files.sh b/cm-container/scripts/get-type-files.sh
new file mode 100755
index 0000000..e6a346f
--- /dev/null
+++ b/cm-container/scripts/get-type-files.sh
@@ -0,0 +1,77 @@
+#!/bin/bash
+# ============LICENSE_START=======================================================
+# org.onap.dcae
+# ================================================================================
+# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+
+# Pull type files from repos
+# Set up the CM import resolver
+# $1 is the DCAE repo URL
+# $2 is the CCSDK repo URL
+#
+set -x
+DEST=/opt/manager/resources/onapspec
+EXTRA_RULES=/opt/manager/extra-resolver-rules
+
+DCAETYPEFILES=\
+"\
+/dcaepolicyplugin/2.3.0/dcaepolicyplugin_types.yaml \
+/relationshipplugin/1.0.0/relationshipplugin_types.yaml \
+/k8splugin/1.4.5/k8splugin_types.yaml \
+/dockerplugin/3.2.1/dockerplugin_types.yaml \
+
+"
+
+CCSDKTYPEFILES=\
+"\
+/type_files/pgaas/1.1.0/pgaas_types.yaml \
+/type_files/sshkeyshare/sshkey_types.yaml \
+/type_files/helm/4.0.0/helm-type.yaml \
+"
+
+mkdir ${DEST}
+
+for typefile in ${DCAETYPEFILES}
+do
+ mkdir -p ${DEST}/$(dirname ${typefile})
+ curl -Ss $1/${typefile} >> ${DEST}/${typefile}
+done
+
+for typefile in ${CCSDKTYPEFILES}
+do
+ mkdir -p ${DEST}/$(dirname ${typefile})
+ curl -Ss $2/${typefile} >> ${DEST}/${typefile}
+done
+
+chown cfyuser:cfyuser ${DEST}
+
+# Add our local type file store to CM import resolver configuration
+TYPE_RULE0="{\"$1\": \"file://${DEST}\"}"
+TYPE_RULE1="{\"$2\": \"file://${DEST}\"}"
+# This sed re is 'brittle' but we can be sure the config.yaml file
+# won't change as long as we do not change the source Docker image for CM
+sed -i -e "s# rules:# rules:\n - ${TYPE_RULE0}#" /etc/cloudify/config.yaml
+sed -i -e "s# rules:# rules:\n - ${TYPE_RULE1}#" /etc/cloudify/config.yaml
+
+chown cfyuser:cfyuser /etc/cloudify/config.yaml
+
+# Changing /etc/cloudify/config.yaml is no longer sufficient
+# Need to provide the additional rules in a file that can be
+# used at deployment time to update the resolver rules
+echo "- ${TYPE_RULE0}" > ${EXTRA_RULES}
+echo "- ${TYPE_RULE1}" >> ${EXTRA_RULES} \ No newline at end of file
diff --git a/cm-container/scripts/readiness-check.sh b/cm-container/scripts/readiness-check.sh
new file mode 100644
index 0000000..a7e92ab
--- /dev/null
+++ b/cm-container/scripts/readiness-check.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+# ============LICENSE_START=======================================================
+# org.onap.dcae
+# ================================================================================
+# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+# Check whether Cloudify Manager is ready to take traffic
+# Two conditions must be met:
+# -- The import resolver rules must have been updated.
+# This is indicated by the presence of the file named
+# /opt/manager/extra-resolver-rules-loaded.
+# -- All Cloudify Manager services must be running, as
+# indicated by the output of the cfy status command.
+
+RULES_LOADED=/opt/manager/extra-resolver-rules-loaded
+
+set -x
+
+if [[ -f $RULES_LOADED ]]
+then
+ # Check for all services running
+ if /scripts/cloudify-ready.sh
+ then
+ exit 0
+ fi
+fi
+exit 1 \ No newline at end of file
diff --git a/cm-container/scripts/set-resolver-rules.sh b/cm-container/scripts/set-resolver-rules.sh
new file mode 100755
index 0000000..e695231
--- /dev/null
+++ b/cm-container/scripts/set-resolver-rules.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+# ============LICENSE_START=======================================================
+# org.onap.dcae
+# ================================================================================
+# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+set -ex
+EXTRA_RULES=/opt/manager/extra-resolver-rules
+PY=/opt/manager/env/bin/python
+# Wait for Cloudify Manager to come up
+while ! /scripts/cloudify-ready.sh
+do
+ echo "Waiting for CM to come up"
+ sleep 15
+done
+
+if [[ -s ${EXTRA_RULES} && -r ${EXTRA_RULES} ]]
+then
+ # Capture current resolver rules and append to new rules
+ ${PY} /scripts/update_resolver.py --dry-run | egrep "^-" >> ${EXTRA_RULES}
+
+ # Update the resolver rules
+ ${PY} /scripts/update_resolver.py ${EXTRA_RULES}
+ systemctl restart cloudify-restservice.service
+ mv ${EXTRA_RULES} ${EXTRA_RULES}-loaded
+fi \ No newline at end of file
diff --git a/cm-container/scripts/setup-secret.sh b/cm-container/scripts/setup-secret.sh
new file mode 100755
index 0000000..848ed28
--- /dev/null
+++ b/cm-container/scripts/setup-secret.sh
@@ -0,0 +1,27 @@
+
+#!/bin/bash
+# ================================================================================
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+# Set up credentials for CM to access k8s
+# (formerly done in a postStart hook, which now seems to have timing issues)
+
+set -ex
+
+if [ ! -d /var/run/secrets/kubernetes.io/serviceaccount ]
+then
+ mkdir -p /var/run/secrets/kubernetes.io/
+ ln -s /secret/ /var/run/secrets/kubernetes.io/serviceaccount
+fi
diff --git a/cm-container/scripts/start-persistent.sh b/cm-container/scripts/start-persistent.sh
new file mode 100755
index 0000000..bf55da0
--- /dev/null
+++ b/cm-container/scripts/start-persistent.sh
@@ -0,0 +1,53 @@
+#!/bin/bash
+# ================================================================================
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+# Set up persistent storage for Cloudify Manager's state data
+
+PDIRS="/var/lib/pgsql/9.5/data /opt/manager/resources /opt/mgmtworker/env/plugins /opt/mgmtworker/work/deployments"
+PSTORE="/cfy-persist"
+
+set -ex
+
+if [ -d "$PSTORE" ]
+then
+ # the persistent mount point exists
+ if [ -z "$(ls -A $PSTORE)" ]
+ then
+ # there's nothing in the persistent store yet
+ # copy in the data from the container file system
+ for d in $PDIRS
+ do
+ p="$(dirname $d)"
+ mkdir -p "${PSTORE}$p"
+ cp -rp "$d" "${PSTORE}$p"
+ done
+ fi
+ # at this point, there is persistent storage possibly from a previous startup
+ # set up links from internal file system to persistent storage
+ for d in $PDIRS
+ do
+ if [ -d "$d" ]
+ then
+ mv $d $d-initial # move directory so we can create symlink
+ fi
+ ln -sf "$PSTORE/$d" "$(dirname $d)"
+ done
+else
+ echo "No persistent storage available"
+fi
+# start up init, which brings up CM and supporting software
+exec /sbin/init --log-target=journal 3>&1
+
diff --git a/cm-container/scripts/update_resolver.py b/cm-container/scripts/update_resolver.py
new file mode 100644
index 0000000..e5c9d46
--- /dev/null
+++ b/cm-container/scripts/update_resolver.py
@@ -0,0 +1,56 @@
+#!/usr/bin/env python
+#============LICENSE_START==========================================================
+# org.onap.dcae
+# ==================================================================================
+# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# ==================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END===========================================================
+#
+import sys
+import yaml
+from sqlalchemy.orm.attributes import flag_modified
+from manager_rest.flask_utils import setup_flask_app
+from manager_rest.constants import PROVIDER_CONTEXT_ID
+from manager_rest.storage import get_storage_manager, models
+
+
+def main(dry_run, rules_file):
+
+ with setup_flask_app().app_context():
+ sm = get_storage_manager()
+ ctx = sm.get(models.ProviderContext, PROVIDER_CONTEXT_ID)
+ print 'Resolver rules before update:'
+ print yaml.safe_dump(ctx.context['cloudify']['import_resolver']['parameters']['rules'])
+
+ if dry_run:
+ return
+
+ with open(rules_file, 'r') as rules:
+ new_rules = yaml.load(rules)
+ ctx.context['cloudify']['import_resolver']['parameters']['rules'] = new_rules
+ print '\nResolver rules to update:'
+ print yaml.safe_dump(new_rules)
+ flag_modified(ctx, 'context')
+ sm.update(ctx)
+ print '\nProvide Context Saved'
+ print '\nResolver rules after update:'
+ print yaml.safe_dump(ctx.context['cloudify']['import_resolver']['parameters']['rules'])
+
+
+if __name__ == '__main__':
+ if len(sys.argv) < 2:
+ print 'Must provide path to yaml file containing new rules or --dry-run'
+ exit(1)
+
+ main(sys.argv[1]=='--dry-run', sys.argv[1]) \ No newline at end of file