8 files changed, 416 insertions, 0 deletions
diff --git a/cm-container/scripts/cloudify-ready.sh b/cm-container/scripts/cloudify-ready.sh
new file mode 100644
index 0000000..60b48e6
--- /dev/null
+++ b/cm-container/scripts/cloudify-ready.sh
@@ -0,0 +1,62 @@
+#!/bin/bash
+# ============LICENSE_START=======================================================
+# org.onap.dcae
+# ================================================================================
+# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+# Checking Cloudify Manager readiness by looking
+# for non-running services
+# Relying on the output format of the "cfy status" command.
+# A successful execution of the command outputs:
+#
+# cfy status
+# Retrieving manager services status... [ip=localhost]
+#
+# Services:
+# +--------------------------------+---------+
+# |            service             |  status |
+# +--------------------------------+---------+
+# | InfluxDB                       | running |
+# | Logstash                       | running |
+# | AMQP InfluxDB                  | running |
+# | RabbitMQ                       | running |
+# | Webserver                      | running |
+# | Management Worker              | running |
+# | PostgreSQL                     | running |
+# | Cloudify Console               | running |
+# | Manager Rest-Service           | running |
+# | Riemann                        | running |
+# +--------------------------------+---------+
+#
+# When an individual service is not running, it will have a status other than "running".
+# If the Cloudify API cannot be reached, the "Services:" line will not appear.
+
+STAT=$(cfy status)
+if (echo "${STAT}" | grep "^Services:$")
+then
+   echo "Got a status response"
+   if !(echo "${STAT}" | egrep '^\| [[:alnum:]]+'| grep -iv '| running ')
+   then
+      echo "All services running"
+      exit 0
+   else
+      echo "Some service(s) not running"
+   fi
+else
+  echo "Did not get a status response"
+fi
+echo "${STAT}"
+exit 1
diff --git a/cm-container/scripts/dcae-cleanup.sh b/cm-container/scripts/dcae-cleanup.sh
new file mode 100755
index 0000000..a9779be
--- /dev/null
+++ b/cm-container/scripts/dcae-cleanup.sh
@@ -0,0 +1,62 @@
+#!/bin/bash
+# ================================================================================
+# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+# Clean up DCAE during ONAP uninstall
+#
+# When helm delete is being used to uninstall all of ONAP, helm does
+# not know about k8s entities that were created by Cloudify Manager.
+# This script--intended to run as a preUninstall hook when Cloudify Manager itself
+# is undeleted--uses Cloudify to clean up the k8s entities deployed by Cloudify.
+#
+# Rather than using the 'cfy uninstall' command to run a full 'uninstall' workflow
+# against the deployments, this script uses 'cfy executions' to run a 'stop'
+# stop operation against the nodes in each deployment.  The reason for this is that,
+# at the time this script runs, we have no guarantees about what other components are
+# still running.  In particular, a full 'uninstall' will cause API requests to Consul
+# and will raise RecoverableErrors if it cannot connect.  RecoverableErrors send Cloudify
+# into a long retry loop.  Instead, we invoke only the 'stop'
+# operation on each node, and the 'stop' operation uses the k8s API (guaranteed to be
+# present) but not the Consul API.
+#
+# Note that the script finds all of the deployments known to Cloudify and runs the
+# 'stop' operation on every k8s node.
+# The result of the script is that all of the k8s entities deployed by Cloudify
+# should be destroyed.  Cloudify Manager itself isn't fully cleaned up (the deployments and
+# blueprints are left), but that doesn't matter because Cloudify Manager will be
+# destroyed by Helm.
+
+
+set -x
+set +e
+
+# Get the CM admin password from the config file
+# Brittle, but the container is built with an unchanging version of CM,
+# so no real risk of a breaking change
+CMPASS=$(grep 'admin_password:' /etc/cloudify/config.yaml | cut -d ':' -f2 | tr -d ' ')
+TYPENAMES=[\\\"dcae.nodes.ContainerizedServiceComponent\\\",\\\"dcae.nodes.ContainerizedServiceComponentUsingDmaap\\\",\\\"dcae.nodes.ContainerizedPlatformComponent\\\",\\\"dcae.nodes.ContainerizedApplication\\\"]
+
+# Uninstall components managed by Cloudify
+# Get the list of deployment ids known to Cloudify via curl to Cloudify API.
+# The output of the curl is JSON that looks like {"items" :[{"id": "config_binding_service"}, ...], "metadata" :{...}}
+#
+# jq gives us the just the deployment ids (e.g., "config_binding_service"), one per line
+#
+# xargs -I lets us run the cfy executions command once for each deployment id extracted by jq
+
+curl -Ss --user admin:$CMPASS -H "Tenant: default_tenant" "localhost/api/v3.1/deployments?_include=id" \
+| /bin/jq .items[].id \
+| xargs -I % sh -c "cfy executions start -d %  -p '{'\\\"type_names\\\":${TYPENAMES},\\\"operation\\\":\\\"cloudify.interfaces.lifecycle.stop\\\"'}' execute_operation"
diff --git a/cm-container/scripts/get-type-files.sh b/cm-container/scripts/get-type-files.sh
new file mode 100755
index 0000000..e6a346f
--- /dev/null
+++ b/cm-container/scripts/get-type-files.sh
@@ -0,0 +1,77 @@
+#!/bin/bash
+# ============LICENSE_START=======================================================
+# org.onap.dcae
+# ================================================================================
+# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+
+# Pull type files from repos
+# Set up the CM import resolver
+# $1 is the DCAE repo URL
+# $2 is the CCSDK repo URL
+#
+set -x
+DEST=/opt/manager/resources/onapspec
+EXTRA_RULES=/opt/manager/extra-resolver-rules
+
+DCAETYPEFILES=\
+"\
+/dcaepolicyplugin/2.3.0/dcaepolicyplugin_types.yaml \
+/relationshipplugin/1.0.0/relationshipplugin_types.yaml \
+/k8splugin/1.4.5/k8splugin_types.yaml \
+/dockerplugin/3.2.1/dockerplugin_types.yaml \
+
+"
+
+CCSDKTYPEFILES=\
+"\
+/type_files/pgaas/1.1.0/pgaas_types.yaml \
+/type_files/sshkeyshare/sshkey_types.yaml \
+/type_files/helm/4.0.0/helm-type.yaml \
+"
+
+mkdir ${DEST}
+
+for typefile in ${DCAETYPEFILES}
+do
+	mkdir -p ${DEST}/$(dirname ${typefile})
+	curl -Ss $1/${typefile} >> ${DEST}/${typefile}
+done
+
+for typefile in ${CCSDKTYPEFILES}
+do
+	mkdir -p ${DEST}/$(dirname ${typefile})
+	curl -Ss $2/${typefile} >> ${DEST}/${typefile}
+done
+
+chown cfyuser:cfyuser ${DEST}
+
+# Add our local type file store to CM import resolver configuration
+TYPE_RULE0="{\"$1\": \"file://${DEST}\"}"
+TYPE_RULE1="{\"$2\": \"file://${DEST}\"}"
+# This sed re is 'brittle' but we can be sure the config.yaml file
+# won't change as long as we do not change the source Docker image for CM
+sed -i -e "s#      rules:#      rules:\n      - ${TYPE_RULE0}#" /etc/cloudify/config.yaml
+sed -i -e "s#      rules:#      rules:\n      - ${TYPE_RULE1}#" /etc/cloudify/config.yaml
+
+chown cfyuser:cfyuser /etc/cloudify/config.yaml
+
+# Changing /etc/cloudify/config.yaml is no longer sufficient
+# Need to provide the additional rules in a file that can be
+# used at deployment time to update the resolver rules
+echo "- ${TYPE_RULE0}" > ${EXTRA_RULES}
+echo "- ${TYPE_RULE1}" >> ${EXTRA_RULES}
+\ No newline at end of file
diff --git a/cm-container/scripts/readiness-check.sh b/cm-container/scripts/readiness-check.sh
new file mode 100644
index 0000000..a7e92ab
--- /dev/null
+++ b/cm-container/scripts/readiness-check.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+# ============LICENSE_START=======================================================
+# org.onap.dcae
+# ================================================================================
+# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+# Check whether Cloudify Manager is ready to take traffic
+# Two conditions must be met:
+#    -- The import resolver rules must have been updated.
+#       This is indicated by the presence of the file named
+#       /opt/manager/extra-resolver-rules-loaded.
+#    -- All Cloudify Manager services must be running, as
+#       indicated by the output of the cfy status command.
+
+RULES_LOADED=/opt/manager/extra-resolver-rules-loaded
+
+set -x
+
+if [[ -f  $RULES_LOADED ]]
+then
+  # Check for all services running
+  if /scripts/cloudify-ready.sh
+  then
+    exit 0
+  fi
+fi
+exit 1
+\ No newline at end of file
diff --git a/cm-container/scripts/set-resolver-rules.sh b/cm-container/scripts/set-resolver-rules.sh
new file mode 100755
index 0000000..e695231
--- /dev/null
+++ b/cm-container/scripts/set-resolver-rules.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+# ============LICENSE_START=======================================================
+# org.onap.dcae
+# ================================================================================
+# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+set -ex
+EXTRA_RULES=/opt/manager/extra-resolver-rules
+PY=/opt/manager/env/bin/python
+# Wait for Cloudify Manager to come up
+while ! /scripts/cloudify-ready.sh
+do
+    echo "Waiting for CM to come up"
+    sleep 15
+done
+
+if [[ -s ${EXTRA_RULES} && -r ${EXTRA_RULES} ]]
+then
+    # Capture current resolver rules and append to new rules
+    ${PY} /scripts/update_resolver.py --dry-run | egrep "^-" >> ${EXTRA_RULES}
+
+    # Update the resolver rules
+    ${PY} /scripts/update_resolver.py ${EXTRA_RULES}
+    systemctl restart cloudify-restservice.service
+    mv ${EXTRA_RULES} ${EXTRA_RULES}-loaded
+fi
+\ No newline at end of file
diff --git a/cm-container/scripts/setup-secret.sh b/cm-container/scripts/setup-secret.sh
new file mode 100755
index 0000000..848ed28
--- /dev/null
+++ b/cm-container/scripts/setup-secret.sh
@@ -0,0 +1,27 @@
+
+#!/bin/bash
+# ================================================================================
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+# Set up credentials for CM to access k8s
+# (formerly done in a postStart hook, which now seems to have timing issues)
+
+set -ex
+
+if [ ! -d /var/run/secrets/kubernetes.io/serviceaccount ]
+then
+  mkdir -p /var/run/secrets/kubernetes.io/
+  ln -s /secret/ /var/run/secrets/kubernetes.io/serviceaccount
+fi
diff --git a/cm-container/scripts/start-persistent.sh b/cm-container/scripts/start-persistent.sh
new file mode 100755
index 0000000..bf55da0
--- /dev/null
+++ b/cm-container/scripts/start-persistent.sh
@@ -0,0 +1,53 @@
+#!/bin/bash
+# ================================================================================
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+# Set up persistent storage for Cloudify Manager's state data
+
+PDIRS="/var/lib/pgsql/9.5/data /opt/manager/resources /opt/mgmtworker/env/plugins /opt/mgmtworker/work/deployments"
+PSTORE="/cfy-persist"
+
+set -ex
+
+if [ -d "$PSTORE" ] 
+then
+  # the persistent mount point exists
+  if [ -z "$(ls -A $PSTORE)" ]
+  then
+    # there's nothing in the persistent store yet
+    # copy in the data from the container file system
+    for d in $PDIRS
+    do
+      p="$(dirname $d)"
+      mkdir -p "${PSTORE}$p"
+      cp -rp "$d" "${PSTORE}$p"
+    done
+  fi
+  # at this point, there is persistent storage possibly from a previous startup
+  # set up links from internal file system to persistent storage
+  for d in $PDIRS
+  do
+    if [ -d "$d" ]
+    then
+        mv $d $d-initial        # move directory so we can create symlink
+    fi
+    ln -sf "$PSTORE/$d" "$(dirname $d)"
+  done
+else
+  echo "No persistent storage available"
+fi
+# start up init, which brings up CM and supporting software
+exec /sbin/init --log-target=journal 3>&1
+
diff --git a/cm-container/scripts/update_resolver.py b/cm-container/scripts/update_resolver.py
new file mode 100644
index 0000000..e5c9d46
--- /dev/null
+++ b/cm-container/scripts/update_resolver.py
@@ -0,0 +1,56 @@
+#!/usr/bin/env python
+#============LICENSE_START==========================================================
+# org.onap.dcae
+# ==================================================================================
+# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# ==================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END===========================================================
+#
+import sys
+import yaml
+from sqlalchemy.orm.attributes import flag_modified
+from manager_rest.flask_utils import setup_flask_app
+from manager_rest.constants import PROVIDER_CONTEXT_ID
+from manager_rest.storage import get_storage_manager, models
+
+
+def main(dry_run, rules_file):
+
+    with setup_flask_app().app_context():
+        sm = get_storage_manager()
+        ctx = sm.get(models.ProviderContext, PROVIDER_CONTEXT_ID)
+        print 'Resolver rules before update:'
+        print yaml.safe_dump(ctx.context['cloudify']['import_resolver']['parameters']['rules'])
+
+        if dry_run:
+            return
+
+        with open(rules_file, 'r') as rules:
+            new_rules = yaml.load(rules)
+        ctx.context['cloudify']['import_resolver']['parameters']['rules'] = new_rules
+        print '\nResolver rules to update:'
+        print yaml.safe_dump(new_rules)
+        flag_modified(ctx, 'context')
+        sm.update(ctx)
+        print '\nProvide Context Saved'
+        print '\nResolver rules after update:'
+        print yaml.safe_dump(ctx.context['cloudify']['import_resolver']['parameters']['rules'])
+
+
+if __name__ == '__main__':
+    if len(sys.argv) < 2:
+        print 'Must provide path to yaml file containing new rules or --dry-run'
+        exit(1)
+
+    main(sys.argv[1]=='--dry-run', sys.argv[1])
+\ No newline at end of file