diff options
Diffstat (limited to 'cm-container/scripts')
-rw-r--r-- | cm-container/scripts/configure-tls.sh | 31 | ||||
-rwxr-xr-x | cm-container/scripts/get-plugins.sh | 16 | ||||
-rwxr-xr-x | cm-container/scripts/load-plugins.sh | 5 | ||||
-rwxr-xr-x | cm-container/scripts/set-admin-password.sh | 3 |
4 files changed, 24 insertions, 31 deletions
diff --git a/cm-container/scripts/configure-tls.sh b/cm-container/scripts/configure-tls.sh index a4b817b..d7c9cc8 100644 --- a/cm-container/scripts/configure-tls.sh +++ b/cm-container/scripts/configure-tls.sh @@ -3,6 +3,7 @@ # org.onap.dcae # ================================================================================ # Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2020-2021 J. F. Lucas. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,26 +18,14 @@ # limitations under the License. # ============LICENSE_END========================================================= # -# Set up configuration files so that CM uses TLS on its external API -# Change the nginx configuration -- this is what actually makes it work -SSLCONFPATTERN="^include \"/etc/nginx/conf.d/http-external-rest-server.cloudify\"" -SSLCONFREPLACE="include \"/etc/nginx/conf.d/https-external-rest-server.cloudify\"" -sed -i -e "s#${SSLCONFPATTERN}#${SSLCONFREPLACE}#" /etc/nginx/conf.d/cloudify.conf - -# Set certificate and key locations -sed -i -e "s# ssl_certificate .*;# ssl_certificate /opt/onap/certs/cert.pem;#" /etc/nginx/conf.d/https-external-rest-server.cloudify -sed -i -e "s# ssl_certificate_key .*;# ssl_certificate_key /opt/onap/certs/key.pem;#" /etc/nginx/conf.d/https-external-rest-server.cloudify - -# Change the cloudify config file, just to be safe -# Someone might run cfy_manager configure on the CM container for some reason -# and we don't want them to overwrite the TLS configuration -# (Running cfy_manager configure is a bad idea, though, because it often fails.) +# Set tls to "enabled" sed -i -e "s#^ ssl_enabled: false# ssl_enabled: true#" /etc/cloudify/config.yaml - -# The Cloudify command line tool ('cfy') needs to be configured for TLS as well -# (The readiness check script uses 'cfy status') -sed -i -e "s#^rest_port: 80#rest_port: 443#" /root/.cloudify/profiles/localhost/context -sed -i -e "s/^rest_protocol: http$/rest_protocol: https/" /root/.cloudify/profiles/localhost/context -sed -i -e "s#^rest_certificate: !!python/unicode '/etc/cloudify/ssl/cloudify_external_cert.pem'#rest_certificate: !!python/unicode '/opt/onap/certs/cacert.pem'#" /root/.cloudify/profiles/localhost/context -sed -i -e "s#^manager_ip: !!python/unicode 'localhost'#manager_ip: !!python/unicode 'dcae-cloudify-manager'#" /root/.cloudify/profiles/localhost/context +# Set up paths for our certificates +sed -i -e "s|external_cert_path: .*$|external_cert_path: '/opt/onap/certs/cert.pem'|" /etc/cloudify/config.yaml +sed -i -e "s|external_key_path: .*$|external_key_path: '/opt/onap/certs/key.pem'|" /etc/cloudify/config.yaml +sed -i -e "s|external_ca_cert_path: .*$|external_ca_cert_path: '/opt/onap/certs/cacert.pem'|" /etc/cloudify/config.yaml +# Set the host name for the local profile +# Otherwise, the CM startup process will use 'localhost' and will fail +# because the TLS certificate does not have 'localhost' as a CN or SAN +sed -i -e 's/ cli_local_profile_host_name: .*$/ cli_local_profile_host_name: dcae-cloudify-manager/' /etc/cloudify/config.yaml diff --git a/cm-container/scripts/get-plugins.sh b/cm-container/scripts/get-plugins.sh index 5d11254..5162832 100755 --- a/cm-container/scripts/get-plugins.sh +++ b/cm-container/scripts/get-plugins.sh @@ -1,6 +1,7 @@ #!/bin/bash # ============LICENSE_START======================================================= # Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. +# Copyright (d) 2020-2021 J. F. Lucas. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -29,14 +30,13 @@ DEST=${DEST:-/opt/plugins} # /path/to/plugin/wagon|/path/to/type/file PLUGINS=\ "\ -/dcaepolicyplugin/2.4.0/dcaepolicyplugin-2.4.0-py27-none-linux_x86_64.wgn|/dcaepolicyplugin/2.4.0/dcaepolicyplugin_types.yaml \ -/relationshipplugin/1.1.0/relationshipplugin-1.1.0-py27-none-linux_x86_64.wgn|/relationshipplugin/1.1.0/relationshipplugin_types.yaml \ -/k8splugin/3.5.1/k8splugin-3.5.1-py27-none-linux_x86_64.wgn|/k8splugin/3.5.1/k8splugin_types.yaml \ -/clamppolicyplugin/1.1.0/clamppolicyplugin-1.1.0-py27-none-linux_x86_64.wgn|/clamppolicyplugin/1.1.0/clamppolicyplugin_types.yaml \ -/dmaap/1.5.0/dmaap-1.5.0-py27-none-linux_x86_64.wgn|/dmaap/1.5.0/dmaap_types.yaml \ -/helm/4.2.0/helm-4.2.0-py27-none-linux_x86_64.wgn|/helm/4.2.0/helm_types.yaml \ -/pgaas/1.3.0/pgaas-1.3.0-py27-none-linux_x86_64.wgn|/pgaas/1.3.0/pgaas_types.yaml \ -/sshkeyshare/1.2.0/sshkeyshare-1.2.0-py27-none-linux_x86_64.wgn|/sshkeyshare/1.2.0/sshkeyshare_types.yaml +/dcaepolicyplugin/2.4.0/dcaepolicyplugin-2.4.0-py36-none-linux_x86_64.wgn|/dcaepolicyplugin/2.4.0/dcaepolicyplugin_types.yaml \ +/relationshipplugin/1.1.0/relationshipplugin-1.1.0-py36-none-linux_x86_64.wgn|/relationshipplugin/1.1.0/relationshipplugin_types.yaml \ +/k8splugin/3.5.1/k8splugin-3.5.1-py36-none-linux_x86_64.wgn|/k8splugin/3.5.1/k8splugin_types.yaml \ +/clamppolicyplugin/1.1.0/clamppolicyplugin-1.1.0-py36-none-linux_x86_64.wgn|/clamppolicyplugin/1.1.0/clamppolicyplugin_types.yaml \ +/dmaap/1.5.0/dmaap-1.5.0-py36-none-linux_x86_64.wgn|/dmaap/1.5.0/dmaap_types.yaml \ +/pgaas/1.3.0/pgaas-1.3.0-py36-none-linux_x86_64.wgn|/pgaas/1.3.0/pgaas_types.yaml \ +/sshkeyshare/1.2.0/sshkeyshare-1.2.0-py36-none-linux_x86_64.wgn|/sshkeyshare/1.2.0/sshkeyshare_types.yaml " mkdir -p ${DEST} diff --git a/cm-container/scripts/load-plugins.sh b/cm-container/scripts/load-plugins.sh index c93f3d9..4ac3c6d 100755 --- a/cm-container/scripts/load-plugins.sh +++ b/cm-container/scripts/load-plugins.sh @@ -1,6 +1,7 @@ #!/bin/bash # ============LICENSE_START======================================================= # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2020-2021 J. F. Lucas. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -77,7 +78,6 @@ function install_plugin { set -ex - # Wait for Cloudify Manager to come up while ! /scripts/cloudify-ready.sh do @@ -85,6 +85,9 @@ do sleep 15 done +# Set nullglob to handle the case of an empty plugin directory +shopt -s nullglob + if [[ ! -f ${PLUGINS_LOADED} ]] then diff --git a/cm-container/scripts/set-admin-password.sh b/cm-container/scripts/set-admin-password.sh index d8c4121..04bd375 100755 --- a/cm-container/scripts/set-admin-password.sh +++ b/cm-container/scripts/set-admin-password.sh @@ -1,6 +1,7 @@ #!/bin/bash # ============LICENSE_START======================================================= # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2020-2021 J. F. Lucas. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -35,7 +36,7 @@ CMPASS=${CMPASS:-admin} echo "Set Cloudify's admin password" cd /opt/manager -cfy_manager --reset_admin_password $CMPASS || ./env/bin/python reset_admin.py -p $CMPASS +cfy_manager reset-admin-password $CMPASS echo "Set the password used by the cfy client" cfy profile set -p $CMPASS |