vFW DT tutorial improvements

- use of TLS for APPC
- vFW Upgrade workflow
- Help information for workflow
- script for configuration of workflow
- script for upgrade of vFW VMs to Upgrade demo

Change-Id: I26136ec20569c9c02abb1644c6e40b4733d8f5ea
Signed-off-by: Lukasz Rajewski <lukasz.rajewski@orange.com>
Issue-ID: INT-751

3 files changed, 135 insertions, 0 deletions

diff --git a/tutorials/vFWDT/playbooks/configure_ansible.sh b/tutorials/vFWDT/playbooks/configure_ansible.sh
new file mode 100755
index 00000000..5c197963
--- /dev/null
+++ b/tutorials/vFWDT/playbooks/configure_ansible.sh
@@ -0,0 +1,55 @@
+#!/bin/bash
+
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 Orange
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END=========================================================
+
+
+ANSIBLE=`kubectl get pods -o go-template --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}' | grep appc-ansible`
+echo $ANSIBLE
+
+kubectl cp playbooks/onap.pem onap/$ANSIBLE:/opt/ansible-server/Playbooks/
+echo "Key file uploaded"
+
+cp workflow/Ansible_inventory playbooks/
+kubectl cp playbooks/Ansible_inventory onap/$ANSIBLE:/opt/ansible-server/Playbooks/
+echo "Ansible_inventory file uploaded"
+
+kubectl exec -n onap $ANSIBLE -- chmod 400 /opt/ansible-server/Playbooks/onap.pem 
+echo "Key file configured"
+
+#kubectl exec -n onap $ANSIBLE -- sed -i 's#\(private_key_file *= *\).*#\1/opt/ansible-server/Playbooks/onap.pem#'  /etc/ansible/ansible.cfg
+printf '[defaults]\nhost_key_checking = False\nprivate_key_file = /opt/ansible-server/Playbooks/onap.pem\n' > playbooks/ansible.cfg
+kubectl cp playbooks/ansible.cfg onap/$ANSIBLE:/etc/ansible/
+echo "Ansible conf modified"
+
+kubectl exec -n onap $ANSIBLE -- ansible -i /opt/ansible-server/Playbooks/Ansible_inventory vpgn,vfw-sink -m ping
+echo "Hosts PING test completed"
+
+sudo kubectl cp playbooks/vfw-sink onap/$ANSIBLE:/opt/ansible-server/Playbooks/
+echo "vFW-SINK Playbooks uploaded"
+
+sudo kubectl cp playbooks/vpgn onap/$ANSIBLE:/opt/ansible-server/Playbooks/
+echo "vPGN Playbooks uploaded"
+
+APPCDB=`kubectl get pods -o go-template --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}' | grep appc-db-0`
+echo $APPCDB
+
+kubectl exec -n onap $APPCDB -- mysql -u sdnctl -pgamma sdnctl -e'SELECT * FROM DEVICE_AUTHENTICATION WHERE PROTOCOL LIKE "ANSIBLE";'
+kubectl exec -n onap $APPCDB -- mysql -u sdnctl -pgamma sdnctl -e'UPDATE DEVICE_AUTHENTICATION SET URL = "http://appc-ansible-server:8000/Dispatch" WHERE PROTOCOL LIKE "ANSIBLE" AND PASSWORD IS NULL;'
+kubectl exec -n onap $APPCDB -- mysql -u sdnctl -pgamma sdnctl -e'UPDATE DEVICE_AUTHENTICATION SET PASSWORD = "admin" WHERE PROTOCOL LIKE "ANSIBLE" AND PASSWORD IS NULL;'
+kubectl exec -n onap $APPCDB -- mysql -u sdnctl -pgamma sdnctl -e'SELECT * FROM DEVICE_AUTHENTICATION WHERE PROTOCOL LIKE "ANSIBLE";'
+echo "APPC database configured for LCM commands"
diff --git a/tutorials/vFWDT/playbooks/server.py b/tutorials/vFWDT/playbooks/server.py
new file mode 100755
index 00000000..7caa1610
--- /dev/null
+++ b/tutorials/vFWDT/playbooks/server.py
@@ -0,0 +1,32 @@
+'''
+/*-
+* ============LICENSE_START=======================================================
+* Copyright (C) 2019 Orange
+* ================================================================================
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*      http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*
+* ============LICENSE_END=========================================================
+*/
+'''
+
+from http.server import HTTPServer, SimpleHTTPRequestHandler, test
+import sys
+
+class CORSRequestHandler (SimpleHTTPRequestHandler):
+    def end_headers (self):
+        self.send_header('Access-Control-Allow-Origin', '*')
+        SimpleHTTPRequestHandler.end_headers(self)
+
+if __name__ == '__main__':
+    test(CORSRequestHandler, HTTPServer, port=int(sys.argv[1]) if len(sys.argv) > 1 else 8000)
+
diff --git a/tutorials/vFWDT/playbooks/upgrade.sh b/tutorials/vFWDT/playbooks/upgrade.sh
new file mode 100755
index 00000000..0dd27d08
--- /dev/null
+++ b/tutorials/vFWDT/playbooks/upgrade.sh
@@ -0,0 +1,48 @@
+#!/bin/bash
+
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 Orange
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END=========================================================
+
+#change IP addresses and upload to playbooks folder darkstat and server.py before
+
+SINK1=10.254.184.217
+SINK2=10.254.184.210
+VFW1=10.254.184.208
+VFW2=10.254.184.216
+
+echo $VFW1 > vfw_mgt_ip.txt
+scp -oStrictHostKeyChecking=no -i onap.pem vfw_mgt_ip.txt root@$SINK1:/opt/config/
+ssh -oStrictHostKeyChecking=no -i onap.pem root@$SINK1 /etc/init.d/darkstat stop
+scp -oStrictHostKeyChecking=no -i onap.pem darkstat root@$SINK1:/usr/sbin/
+ssh -oStrictHostKeyChecking=no -i onap.pem root@$SINK1 /etc/init.d/darkstat start
+
+ssh -oStrictHostKeyChecking=no -i onap.pem root@$VFW1 "hostname > /opt/config/hostname.txt"
+ssh -oStrictHostKeyChecking=no -i onap.pem root@$VFW1 "echo '1.0' > /opt/config/version.txt"
+scp -oStrictHostKeyChecking=no -i onap.pem server.py root@$VFW1:/opt/config/
+ssh -oStrictHostKeyChecking=no -i onap.pem root@$VFW1 "screen -d -m bash -c 'cd /opt/config && python3 /opt/config/server.py 80 > /dev/null 2>&1'"
+
+echo $VFW2 > vfw_mgt_ip.txt
+scp -oStrictHostKeyChecking=no -i onap.pem vfw_mgt_ip.txt root@$SINK2:/opt/config/
+ssh -oStrictHostKeyChecking=no -i onap.pem root@$SINK2 /etc/init.d/darkstat stop
+scp -oStrictHostKeyChecking=no -i onap.pem darkstat root@$SINK2:/usr/sbin/
+ssh -oStrictHostKeyChecking=no -i onap.pem root@$SINK2 /etc/init.d/darkstat start
+
+ssh -oStrictHostKeyChecking=no -i onap.pem root@$VFW2 "hostname > /opt/config/hostname.txt"
+ssh -oStrictHostKeyChecking=no -i onap.pem root@$VFW2 "echo '1.0' > /opt/config/version.txt"
+scp -oStrictHostKeyChecking=no -i onap.pem server.py root@$VFW2:/opt/config/
+ssh -oStrictHostKeyChecking=no -i onap.pem root@$VFW2 "screen -d -m bash -c 'cd /opt/config && python3 /opt/config/server.py 80 > /dev/null 2>&1'"
+