aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukasz Rajewski <lukasz.rajewski@orange.com>2020-05-14 10:16:37 +0200
committerLukasz Rajewski <lukasz.rajewski@orange.com>2020-05-14 10:21:36 +0200
commitbbabc30d68b8bf47763d6d8f7b99b95ee6f82900 (patch)
tree6508bc39118ec528b621409c40de9f321c20b390
parent2cd83e31380b296c68de3afe651527cf577b46fd (diff)
Fixed secrets used for appc
THe patch changes way how secrets are resolved for appc after latest changes in ONAP secrets policy. Issue-ID: INT-1465 Signed-off-by: Lukasz Rajewski <lukasz.rajewski@orange.com> Change-Id: I7f992477e612cb04eb3c4dd5dce64fa9c83d1258
-rwxr-xr-xtutorials/vFWDT/get_secret.sh30
-rwxr-xr-xtutorials/vFWDT/playbooks/configure_ansible.sh12
-rwxr-xr-xtutorials/vFWDT/workflow/workflow.py5
3 files changed, 42 insertions, 5 deletions
diff --git a/tutorials/vFWDT/get_secret.sh b/tutorials/vFWDT/get_secret.sh
new file mode 100755
index 00000000..1b825205
--- /dev/null
+++ b/tutorials/vFWDT/get_secret.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 Orange
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END=========================================================
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+
+`$DIR/yq > /dev/null 2>&1`
+
+if [ $? -ne 0 ]; then
+ echo "Install yq"
+ wget -qcO $DIR/yq https://github.com/mikefarah/yq/releases/download/2.4.0/yq_linux_amd64
+ chmod 755 $DIR/yq
+fi
+
+echo `kubectl get secret $1 -o jsonpath="{.data.password}" | base64 --decode`
diff --git a/tutorials/vFWDT/playbooks/configure_ansible.sh b/tutorials/vFWDT/playbooks/configure_ansible.sh
index c49153f8..e5a42d04 100755
--- a/tutorials/vFWDT/playbooks/configure_ansible.sh
+++ b/tutorials/vFWDT/playbooks/configure_ansible.sh
@@ -74,8 +74,12 @@ echo "vPGN Playbooks uploaded"
APPCDB=`kubectl get pods -o go-template --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}' | grep appc-db-0`
echo $APPCDB
-kubectl exec -n onap $APPCDB -- mysql -u sdnctl -pgamma sdnctl -e'SELECT * FROM DEVICE_AUTHENTICATION WHERE PROTOCOL LIKE "ANSIBLE";'
-kubectl exec -n onap $APPCDB -- mysql -u sdnctl -pgamma sdnctl -e'UPDATE DEVICE_AUTHENTICATION SET URL = "http://appc-ansible-server:8000/Dispatch" WHERE PROTOCOL LIKE "ANSIBLE" AND PASSWORD IS NULL;'
-kubectl exec -n onap $APPCDB -- mysql -u sdnctl -pgamma sdnctl -e'UPDATE DEVICE_AUTHENTICATION SET PASSWORD = "admin" WHERE PROTOCOL LIKE "ANSIBLE" AND PASSWORD IS NULL;'
-kubectl exec -n onap $APPCDB -- mysql -u sdnctl -pgamma sdnctl -e'SELECT * FROM DEVICE_AUTHENTICATION WHERE PROTOCOL LIKE "ANSIBLE";'
+APPC_SECRET=`kubectl get secrets | grep appc-db-root-pass`
+APPC_PWD=`./get_secret.sh $APPC_SECRET`
+echo "SECRET: $APPC_PWD"
+
+kubectl exec -n onap $APPCDB -- mysql -u root -p$APPC_PWD sdnctl -e'SELECT * FROM DEVICE_AUTHENTICATION WHERE PROTOCOL LIKE "ANSIBLE";'
+kubectl exec -n onap $APPCDB -- mysql -u root -p$APPC_PWD sdnctl -e'UPDATE DEVICE_AUTHENTICATION SET URL = "http://appc-ansible-server:8000/Dispatch" WHERE PROTOCOL LIKE "ANSIBLE" AND PASSWORD IS NULL;'
+kubectl exec -n onap $APPCDB -- mysql -u root -p$APPC_PWD sdnctl -e'UPDATE DEVICE_AUTHENTICATION SET PASSWORD = "admin" WHERE PROTOCOL LIKE "ANSIBLE" AND PASSWORD IS NULL;'
+kubectl exec -n onap $APPCDB -- mysql -u root -p$APPC_PWD sdnctl -e'SELECT * FROM DEVICE_AUTHENTICATION WHERE PROTOCOL LIKE "ANSIBLE";'
echo "APPC database configured for LCM commands"
diff --git a/tutorials/vFWDT/workflow/workflow.py b/tutorials/vFWDT/workflow/workflow.py
index dce32b36..6d34eaf1 100755
--- a/tutorials/vFWDT/workflow/workflow.py
+++ b/tutorials/vFWDT/workflow/workflow.py
@@ -576,6 +576,9 @@ def _extract_osdf_appc_identifiers(has_result, demand, onap_ip):
if demand.lower() not in ansible_inventory:
ansible_inventory[demand.lower()] = {}
ansible_inventory[demand.lower()][config['vserver-name']] = ansible_inventory_entry
+
+ _verify_vnfc_data(api, onap_ip, config['vserver-name'], config['ip'])
+
return config
@@ -790,7 +793,7 @@ def _set_appc_lcm_timestamp(body, timestamp=None):
@timing("Load OOF Data and Build APPC REQ")
def build_appc_lcms_requests_body(rancher_ip, onap_ip, aai_data, use_oof_cache, if_close_loop_vfw, new_version=None):
- if_has = True
+ if_has = False
if if_has:
migrate_from = _has_request(onap_ip, aai_data, False, use_oof_cache)