diff options
author | Lukasz Rajewski <lukasz.rajewski@orange.com> | 2020-05-14 10:16:37 +0200 |
---|---|---|
committer | Lukasz Rajewski <lukasz.rajewski@orange.com> | 2020-05-14 10:21:36 +0200 |
commit | bbabc30d68b8bf47763d6d8f7b99b95ee6f82900 (patch) | |
tree | 6508bc39118ec528b621409c40de9f321c20b390 | |
parent | 2cd83e31380b296c68de3afe651527cf577b46fd (diff) |
Fixed secrets used for appc
THe patch changes way how secrets are
resolved for appc after latest changes in
ONAP secrets policy.
Issue-ID: INT-1465
Signed-off-by: Lukasz Rajewski <lukasz.rajewski@orange.com>
Change-Id: I7f992477e612cb04eb3c4dd5dce64fa9c83d1258
-rwxr-xr-x | tutorials/vFWDT/get_secret.sh | 30 | ||||
-rwxr-xr-x | tutorials/vFWDT/playbooks/configure_ansible.sh | 12 | ||||
-rwxr-xr-x | tutorials/vFWDT/workflow/workflow.py | 5 |
3 files changed, 42 insertions, 5 deletions
diff --git a/tutorials/vFWDT/get_secret.sh b/tutorials/vFWDT/get_secret.sh new file mode 100755 index 00000000..1b825205 --- /dev/null +++ b/tutorials/vFWDT/get_secret.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +# ============LICENSE_START======================================================= +# Copyright (C) 2020 Orange +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END========================================================= + +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" + +`$DIR/yq > /dev/null 2>&1` + +if [ $? -ne 0 ]; then + echo "Install yq" + wget -qcO $DIR/yq https://github.com/mikefarah/yq/releases/download/2.4.0/yq_linux_amd64 + chmod 755 $DIR/yq +fi + +echo `kubectl get secret $1 -o jsonpath="{.data.password}" | base64 --decode` diff --git a/tutorials/vFWDT/playbooks/configure_ansible.sh b/tutorials/vFWDT/playbooks/configure_ansible.sh index c49153f8..e5a42d04 100755 --- a/tutorials/vFWDT/playbooks/configure_ansible.sh +++ b/tutorials/vFWDT/playbooks/configure_ansible.sh @@ -74,8 +74,12 @@ echo "vPGN Playbooks uploaded" APPCDB=`kubectl get pods -o go-template --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}' | grep appc-db-0` echo $APPCDB -kubectl exec -n onap $APPCDB -- mysql -u sdnctl -pgamma sdnctl -e'SELECT * FROM DEVICE_AUTHENTICATION WHERE PROTOCOL LIKE "ANSIBLE";' -kubectl exec -n onap $APPCDB -- mysql -u sdnctl -pgamma sdnctl -e'UPDATE DEVICE_AUTHENTICATION SET URL = "http://appc-ansible-server:8000/Dispatch" WHERE PROTOCOL LIKE "ANSIBLE" AND PASSWORD IS NULL;' -kubectl exec -n onap $APPCDB -- mysql -u sdnctl -pgamma sdnctl -e'UPDATE DEVICE_AUTHENTICATION SET PASSWORD = "admin" WHERE PROTOCOL LIKE "ANSIBLE" AND PASSWORD IS NULL;' -kubectl exec -n onap $APPCDB -- mysql -u sdnctl -pgamma sdnctl -e'SELECT * FROM DEVICE_AUTHENTICATION WHERE PROTOCOL LIKE "ANSIBLE";' +APPC_SECRET=`kubectl get secrets | grep appc-db-root-pass` +APPC_PWD=`./get_secret.sh $APPC_SECRET` +echo "SECRET: $APPC_PWD" + +kubectl exec -n onap $APPCDB -- mysql -u root -p$APPC_PWD sdnctl -e'SELECT * FROM DEVICE_AUTHENTICATION WHERE PROTOCOL LIKE "ANSIBLE";' +kubectl exec -n onap $APPCDB -- mysql -u root -p$APPC_PWD sdnctl -e'UPDATE DEVICE_AUTHENTICATION SET URL = "http://appc-ansible-server:8000/Dispatch" WHERE PROTOCOL LIKE "ANSIBLE" AND PASSWORD IS NULL;' +kubectl exec -n onap $APPCDB -- mysql -u root -p$APPC_PWD sdnctl -e'UPDATE DEVICE_AUTHENTICATION SET PASSWORD = "admin" WHERE PROTOCOL LIKE "ANSIBLE" AND PASSWORD IS NULL;' +kubectl exec -n onap $APPCDB -- mysql -u root -p$APPC_PWD sdnctl -e'SELECT * FROM DEVICE_AUTHENTICATION WHERE PROTOCOL LIKE "ANSIBLE";' echo "APPC database configured for LCM commands" diff --git a/tutorials/vFWDT/workflow/workflow.py b/tutorials/vFWDT/workflow/workflow.py index dce32b36..6d34eaf1 100755 --- a/tutorials/vFWDT/workflow/workflow.py +++ b/tutorials/vFWDT/workflow/workflow.py @@ -576,6 +576,9 @@ def _extract_osdf_appc_identifiers(has_result, demand, onap_ip): if demand.lower() not in ansible_inventory: ansible_inventory[demand.lower()] = {} ansible_inventory[demand.lower()][config['vserver-name']] = ansible_inventory_entry + + _verify_vnfc_data(api, onap_ip, config['vserver-name'], config['ip']) + return config @@ -790,7 +793,7 @@ def _set_appc_lcm_timestamp(body, timestamp=None): @timing("Load OOF Data and Build APPC REQ") def build_appc_lcms_requests_body(rancher_ip, onap_ip, aai_data, use_oof_cache, if_close_loop_vfw, new_version=None): - if_has = True + if_has = False if if_has: migrate_from = _has_request(onap_ip, aai_data, False, use_oof_cache) |