aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--boot/robot/integration_preload_parameters.py16
-rw-r--r--boot/robot/integration_robot_properties.py3
-rw-r--r--heat/ONAP/cloud-config/aaf_install.sh489
-rw-r--r--heat/ONAP/cloud-config/aaf_vm_init.sh117
-rw-r--r--heat/ONAP/cloud-config/sample_ca/.gitignore1
-rw-r--r--heat/ONAP/cloud-config/sample_ca/aaf.signer.p12bin0 -> 2850 bytes
-rw-r--r--heat/ONAP/cloud-config/vid_vm_init.sh2
-rw-r--r--heat/ONAP/onap_openstack.yaml2
8 files changed, 146 insertions, 484 deletions
diff --git a/boot/robot/integration_preload_parameters.py b/boot/robot/integration_preload_parameters.py
index 5d3e3c86..108d470f 100644
--- a/boot/robot/integration_preload_parameters.py
+++ b/boot/robot/integration_preload_parameters.py
@@ -9,6 +9,7 @@ GLOBAL_PRELOAD_PARAMETERS = {
"onap_private_net_id" : "${GLOBAL_INJECTED_NETWORK}",
"onap_private_subnet_id" : "${GLOBAL_INJECTED_NETWORK}",
"onap_private_net_cidr" : "10.0.0.0/8",
+ "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}",
"dcae_collector_ip" : "${GLOBAL_INJECTED_DCAE_COLLECTOR_IP}",
"dcae_collector_port" : "8080",
"public_net_id" : "${GLOBAL_INJECTED_PUBLIC_NET_ID}",
@@ -32,6 +33,7 @@ GLOBAL_PRELOAD_PARAMETERS = {
"vpg_private_ip_1" : "10.0.${ecompnet}.2",
"vsn_private_ip_0" : "192.168.20.250",
"vsn_private_ip_1" : "10.0.${ecompnet}.3",
+ "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}",
'vfw_name_0':'vofwl01fwl${hostid}',
'vpg_name_0':'vofwl01pgn${hostid}',
"vfw_image_name" : "${GLOBAL_INJECTED_UBUNTU_1404_IMAGE}",
@@ -51,6 +53,7 @@ GLOBAL_PRELOAD_PARAMETERS = {
"vpg_private_ip_0" : "192.168.10.200",
"vsn_private_ip_0" : "192.168.20.250",
"vsn_private_ip_1" : "10.0.${ecompnet}.102",
+ "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}",
'vfw_name_0':'vofwl01fwl${hostid}',
'vsn_name_0':'vofwl01snk${hostid}',
"image_name" : "${GLOBAL_INJECTED_UBUNTU_1404_IMAGE}",
@@ -65,6 +68,7 @@ GLOBAL_PRELOAD_PARAMETERS = {
"vpg_private_ip_0" : "192.168.10.200",
"vpg_private_ip_1" : "10.0.${ecompnet}.103",
"vsn_private_ip_0" : "192.168.20.250",
+ "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}",
'vpg_name_0':'vofwl01pgn${hostid}',
"image_name" : "${GLOBAL_INJECTED_UBUNTU_1404_IMAGE}",
"flavor_name" : "${GLOBAL_INJECTED_VM_FLAVOR}",
@@ -79,6 +83,7 @@ GLOBAL_PRELOAD_PARAMETERS = {
"vlb_private_ip_1" : "10.0.${ecompnet}.4",
"vdns_private_ip_0" : "192.168.30.110",
"vdns_private_ip_1" : "10.0.${ecompnet}.5",
+ "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}",
'vlb_name_0':'vovlblb${hostid}',
'vdns_name_0':'vovlbdns${hostid}',
"pktgen_private_net_cidr" : "192.168.9.0/24",
@@ -99,6 +104,7 @@ GLOBAL_PRELOAD_PARAMETERS = {
"vlb_private_ip_1" : "10.0.${ecompnet}.4",
"vdns_private_ip_0" : "192.168.30.222",
"vdns_private_ip_1" : "10.0.${ecompnet}.6",
+ "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}",
'scaling_vdns_name_0':'vovlbscaling${hostid}',
"vlb_private_net_cidr" : "192.168.10.0/24"
},
@@ -141,6 +147,7 @@ GLOBAL_PRELOAD_PARAMETERS = {
"vpg_private_ip_1" : "10.0.${ecompnet}.12",
"vsn_private_ip_0" : "192.168.120.250",
"vsn_private_ip_1" : "10.0.${ecompnet}.13",
+ "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}",
'vfw_name_0':'clfwl01fwl${hostid}',
'vpg_name_0':'clfwl01pgn${hostid}',
"vfw_image_name" : "${GLOBAL_INJECTED_UBUNTU_1404_IMAGE}",
@@ -160,6 +167,7 @@ GLOBAL_PRELOAD_PARAMETERS = {
"vpg_private_ip_0" : "192.168.10.200",
"vsn_private_ip_0" : "192.168.20.250",
"vsn_private_ip_1" : "10.0.${ecompnet}.112",
+ "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}",
'vfw_name_0':'clfwl01fwl${hostid}',
'vsn_name_0':'clfwl01snk${hostid}',
"image_name" : "${GLOBAL_INJECTED_UBUNTU_1404_IMAGE}",
@@ -174,6 +182,7 @@ GLOBAL_PRELOAD_PARAMETERS = {
"vpg_private_ip_0" : "192.168.10.200",
"vpg_private_ip_1" : "10.0.${ecompnet}.113",
"vsn_private_ip_0" : "192.168.20.250",
+ "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}",
'vpg_name_0':'clfwl01pgn${hostid}',
"image_name" : "${GLOBAL_INJECTED_UBUNTU_1404_IMAGE}",
"flavor_name" : "${GLOBAL_INJECTED_VM_FLAVOR}",
@@ -188,6 +197,7 @@ GLOBAL_PRELOAD_PARAMETERS = {
"vlb_private_ip_1" : "10.0.${ecompnet}.14",
"vdns_private_ip_0" : "192.168.30.110",
"vdns_private_ip_1" : "10.0.${ecompnet}.15",
+ "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}",
'vlb_name_0':'clvlblb${hostid}',
'vdns_name_0':'clvlbdns${hostid}',
"pktgen_private_net_cidr" : "192.168.9.0/24",
@@ -207,6 +217,7 @@ GLOBAL_PRELOAD_PARAMETERS = {
"vlb_private_ip_1" : "10.0.${ecompnet}.14",
"vdns_private_ip_0" : "192.168.130.222",
"vdns_private_ip_1" : "10.0.${ecompnet}.16",
+ "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}",
'scaling_vdns_name_0':'clvlbscaling${hostid}',
"vlb_private_net_cidr" : "192.168.10.0/24"
},
@@ -248,6 +259,7 @@ GLOBAL_PRELOAD_PARAMETERS = {
"vpg_private_ip_1" : "10.0.${ecompnet}.12",
"vsn_private_ip_0" : "192.168.120.250",
"vsn_private_ip_1" : "10.0.${ecompnet}.13",
+ "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}",
'vfw_name_0':'demofwl01fwl',
'vpg_name_0':'demofwl01pgn',
"vfw_image_name" : "${GLOBAL_INJECTED_UBUNTU_1404_IMAGE}",
@@ -267,6 +279,7 @@ GLOBAL_PRELOAD_PARAMETERS = {
"vpg_private_ip_0" : "192.168.10.200",
"vsn_private_ip_0" : "192.168.20.250",
"vsn_private_ip_1" : "10.0.${ecompnet}.122",
+ "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}",
'vfw_name_0':'demofwl01fwl${hostid}',
'vsn_name_0':'demofwl01snk${hostid}',
"image_name" : "${GLOBAL_INJECTED_UBUNTU_1404_IMAGE}",
@@ -282,6 +295,7 @@ GLOBAL_PRELOAD_PARAMETERS = {
"vpg_private_ip_1" : "10.0.${ecompnet}.123",
"vsn_private_ip_0" : "192.168.20.250",
'vpg_name_0':'demofwl01pgn${hostid}',
+ "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}",
"image_name" : "${GLOBAL_INJECTED_UBUNTU_1404_IMAGE}",
"flavor_name" : "${GLOBAL_INJECTED_VM_FLAVOR}"
},
@@ -295,6 +309,7 @@ GLOBAL_PRELOAD_PARAMETERS = {
"vlb_private_ip_1" : "10.0.${ecompnet}.24",
"vdns_private_ip_0" : "192.168.30.110",
"vdns_private_ip_1" : "10.0.${ecompnet}.25",
+ "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}",
'vlb_name_0':'demovlblb${hostid}',
'vdns_name_0':'demovlbdns${hostid}',
"pktgen_private_net_cidr" : "192.168.9.0/24",
@@ -314,6 +329,7 @@ GLOBAL_PRELOAD_PARAMETERS = {
"vlb_private_ip_1" : "10.0.${ecompnet}.24",
"vdns_private_ip_0" : "192.168.130.222",
"vdns_private_ip_1" : "10.0.${ecompnet}.26",
+ "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}",
'scaling_vdns_name_0':'demovlbscaling${hostid}',
"vlb_private_net_cidr" : "192.168.10.0/24"
},
diff --git a/boot/robot/integration_robot_properties.py b/boot/robot/integration_robot_properties.py
index 5facd54f..68b18deb 100644
--- a/boot/robot/integration_robot_properties.py
+++ b/boot/robot/integration_robot_properties.py
@@ -59,10 +59,11 @@ GLOBAL_MSO_BPMN_SERVER_PORT = "8081"
GLOBAL_MSO_CATDB_SERVER_PORT = "8082"
GLOBAL_MSO_OPENSTACK_SERVER_PORT = "8087"
GLOBAL_MSO_REQDB_SERVER_PORT = "8083"
-GLOBAL_MSO_SDNC_SERVER_PORT = "8090"
+GLOBAL_MSO_SDNC_SERVER_PORT = "8086"
GLOBAL_MSO_VFC_SERVER_PORT = "8084"
GLOBAL_MSO_USERNAME = "InfraPortalClient"
+GLOBAL_MSO_CATDB_USERNAME = "bpel"
GLOBAL_MSO_PASSWORD = "password1$"
# music info - everything is from the private oam network (also called onap private network)
GLOBAL_MUSIC_SERVER_PROTOCOL = "http"
diff --git a/heat/ONAP/cloud-config/aaf_install.sh b/heat/ONAP/cloud-config/aaf_install.sh
index 61f23daa..c2389d03 100644
--- a/heat/ONAP/cloud-config/aaf_install.sh
+++ b/heat/ONAP/cloud-config/aaf_install.sh
@@ -1,453 +1,46 @@
#!/bin/bash
-
-# Read configuration files
-GERRIT_BRANCH=$(cat /opt/config/gerrit_branch.txt)
-CODE_REPO=$(cat /opt/config/remote_repo.txt)
-HTTP_PROXY=$(cat /opt/config/http_proxy.txt)
-HTTPS_PROXY=$(cat /opt/config/https_proxy.txt)
-
-if [ $HTTP_PROXY != "no_proxy" ]
-then
- export http_proxy=$HTTP_PROXY
- export https_proxy=$HTTPS_PROXY
+
+CURRENT_DIR=$(pwd)
+export MTU=$(/sbin/ifconfig | grep MTU | sed 's/.*MTU://' | sed 's/ .*//' | sort -n | head -1)
+
+NEXUS_USERNAME=$(cat /opt/config/nexus_username.txt)
+NEXUS_PASSWD=$(cat /opt/config/nexus_password.txt)
+NEXUS_DOCKER_REPO=$(cat /opt/config/nexus_docker_repo.txt)
+HOSTNAME=`hostname -f`
+FQDN=aaf.api.simpledemo.onap.org
+HOST_IP=$(cat /opt/config/local_ip.txt)
+
+echo "$NEXUS_PASSWD" | docker login -u $NEXUS_USERNAME --password-stdin $NEXUS_DOCKER_REPO
+
+if [ -e "/opt/authz" ]; then
+ cd /opt/authz
+ git pull
+else
+ cd /opt
+ git clone https://gerrit.onap.org/r/aaf/authz
+ cd authz
fi
-
-# Download dependencies
-echo "deb http://ppa.launchpad.net/openjdk-r/ppa/ubuntu $(lsb_release -c -s) main" >> /etc/apt/sources.list.d/java.list
-echo "deb-src http://ppa.launchpad.net/openjdk-r/ppa/ubuntu $(lsb_release -c -s) main" >> /etc/apt/sources.list.d/java.list
-apt-get update
-apt-get install --allow-unauthenticated -y openjdk-8-jdk maven
-
-# Clone Gerrit repository and run docker containers
-cd /opt
-git clone -b $GERRIT_BRANCH --single-branch $CODE_REPO
-chmod +x /opt/authz/auth/auth-cass/docker/dinstall.sh
-chmod +x /opt/authz/auth/auth-cass/docker/backup/backup.sh
-chmod +x /opt/authz/auth/docker/dbuild.sh
-chmod +x /opt/authz/auth/docker/drun.sh
-chmod +x /opt/authz/auth/docker/dstart.sh
-chmod +x /opt/authz/auth/docker/dstop.sh
-
-#Update maven settings
-cat > /usr/share/maven/conf/settings.xml << EOF
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-
-<!--
- | This is the configuration file for Maven. It can be specified at two levels:
- |
- | 1. User Level. This settings.xml file provides configuration for a single user,
-| and is normally provided in \${user.home}/.m2/settings.xml.
- |
- | NOTE: This location can be overridden with the CLI option:
- |
- | -s /path/to/user/settings.xml
- |
- | 2. Global Level. This settings.xml file provides configuration for all Maven
- | users on a machine (assuming they're all using the same Maven
- | installation). It's normally provided in
-| \${maven.home}/conf/settings.xml.
- |
- | NOTE: This location can be overridden with the CLI option:
- |
- | -gs /path/to/global/settings.xml
- |
- | The sections in this sample file are intended to give you a running start at
- | getting the most out of your Maven installation. Where appropriate, the default
- | values (values used when the setting is not specified) are provided.
- |
- |-->
-<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
- <!-- localRepository
- | The path to the local repository maven will use to store artifacts.
- |
-| Default: \${user.home}/.m2/repository
- <localRepository>/path/to/local/repo</localRepository>
- -->
-
- <!-- interactiveMode
- | This will determine whether maven prompts you when it needs input. If set to false,
- | maven will use a sensible default value, perhaps based on some other setting, for
- | the parameter in question.
- |
- | Default: true
- <interactiveMode>true</interactiveMode>
- -->
-
- <!-- offline
- | Determines whether maven should attempt to connect to the network when executing a build.
- | This will have an effect on artifact downloads, artifact deployment, and others.
- |
- | Default: false
- <offline>false</offline>
- -->
-
- <!-- pluginGroups
- | This is a list of additional group identifiers that will be searched when resolving plugins by their prefix, i.e.
- | when invoking a command line like "mvn prefix:goal". Maven will automatically add the group identifiers
- | "org.apache.maven.plugins" and "org.codehaus.mojo" if these are not already contained in the list.
- |-->
- <pluginGroups>
- <!-- pluginGroup
- | Specifies a further group identifier to use for plugin lookup.
- <pluginGroup>com.your.plugins</pluginGroup>
- -->
- </pluginGroups>
-
-EOF
-
-if [[ $(cat /opt/config/https_proxy.txt) != "no_proxy" ]]; then
- HTTPS_PROXY_HOST=$(cat /opt/config/https_proxy.txt | cut -d ':' -f1)
- HTTPS_PROXY_PORT=$(cat /opt/config/https_proxy.txt | cut -d ':' -f2)
-
- cat >> settings.xml << EOF
- <!-- proxies
- | This is a list of proxies which can be used on this machine to connect to the network.
- | Unless otherwise specified (by system property or command-line switch), the first proxy
- | specification in this list marked as active will be used.
- |-->
- <proxies>
- <proxy>
- <id>optional</id>
- <active>true</active>
- <protocol>http</protocol>
- <username>proxyuser</username>
- <password>proxypass</password>
- <host>$HTTPS_PROXY_HOST</host>
- <port>$HTTPS_PROXY_PORT</port>
- <nonProxyHosts>local.net|some.host.com</nonProxyHosts>
- </proxy>
- <proxy>
- <id>optional</id>
- <active>true</active>
- <protocol>https</protocol>
- <username>proxyuser</username>
- <password>proxypass</password>
- <host>$HTTPS_PROXY_HOST</host>
- <port>$HTTPS_PROXY_PORT</port>
- <nonProxyHosts>local.net|some.host.com</nonProxyHosts>
- </proxy>
- </proxies>
-
-EOF
+cd /opt/authz/auth/auth-cass/docker
+if [ "`docker container ls | grep aaf_cass`" = "" ]; then
+ # Cassandra Install
+ echo Phase 1 Cassandra Install
+ /bin/bash ./dinstall.sh
fi
+
+CASS_IP=`docker inspect aaf_cass | grep '"IPAddress' | head -1 | cut -d '"' -f 4`
+CASS_HOST="cass.aaf.osaaf.org:"$CASS_IP
+
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_config:latest
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_core:latest
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_cm:latest
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_fs:latest
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_gui:latest
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_hello:latest
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_locate:latest
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_oauth:latest
+docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_service:latest
+
+cd $CURRENT_DIR
+/bin/bash ./aaf_vm_init.sh
-cat >> settings.xml << EOF
-
- <!-- servers
- | This is a list of authentication profiles, keyed by the server-id used within the system.
- | Authentication profiles can be used whenever maven must make a connection to a remote server.
- |-->
- <servers>
- <!-- server
- | Specifies the authentication information to use when connecting to a particular server, identified by
- | a unique name within the system (referred to by the 'id' attribute below).
- |
- | NOTE: You should either specify username/password OR privateKey/passphrase, since these pairings are
- | used together.
- |
- <server>
- <id>deploymentRepo</id>
- <username>repouser</username>
- <password>repopwd</password>
- </server>
- -->
-
- <!-- Another sample, using keys to authenticate.
- <server>
- <id>siteServer</id>
- <privateKey>/path/to/private/key</privateKey>
- <passphrase>optional; leave empty if not used.</passphrase>
- </server>
- -->
- </servers>
-
- <!-- mirrors
- | This is a list of mirrors to be used in downloading artifacts from remote repositories.
- |
- | It works like this: a POM may declare a repository to use in resolving certain artifacts.
- | However, this repository may have problems with heavy traffic at times, so people have mirrored
- | it to several places.
- |
- | That repository definition will have a unique id, so we can create a mirror reference for that
- | repository, to be used as an alternate download site. The mirror site will be the preferred
- | server for that repository.
- |-->
-
- <!-- profiles
- | This is a list of profiles which can be activated in a variety of ways, and which can modify
- | the build process. Profiles provided in the settings.xml are intended to provide local machine-
- | specific paths and repository locations which allow the build to work in the local environment.
- |
- | For example, if you have an integration testing plugin - like cactus - that needs to know where
- | your Tomcat instance is installed, you can provide a variable here such that the variable is
- | dereferenced during the build process to configure the cactus plugin.
- |
- | As noted above, profiles can be activated in a variety of ways. One way - the activeProfiles
- | section of this document (settings.xml) - will be discussed later. Another way essentially
- | relies on the detection of a system property, either matching a particular value for the property,
- | or merely testing its existence. Profiles can also be activated by JDK version prefix, where a
- | value of '1.4' might activate a profile when the build is executed on a JDK version of '1.4.2_07'.
- | Finally, the list of active profiles can be specified directly from the command line.
- |
- | NOTE: For profiles defined in the settings.xml, you are restricted to specifying only artifact
- | repositories, plugin repositories, and free-form properties to be used as configuration
- | variables for plugins in the POM.
- |
- |-->
-
-
-
-
-
- <profiles>
- <profile>
-
- <id>10_nexus</id>
- <!--Enable snapshots for the built in central repo to direct -->
- <!--all requests to nexus via the mirror -->
- <repositories>
- <repository>
- <id>10_nexus</id>
- <url>http://repo.maven.apache.org/maven2/</url>
- <releases><enabled>true</enabled></releases>
- <snapshots><enabled>true</enabled></snapshots>
- </repository>
- </repositories>
-
- <pluginRepositories>
- <pluginRepository>
- <id>10_nexus</id>
- <url>http://repo.maven.apache.org/maven2/</url>
- <releases><enabled>true</enabled></releases>
- <snapshots><enabled>true</enabled></snapshots>
- </pluginRepository>
- </pluginRepositories>
-
- </profile>
- <profile>
- <id>20_openecomp-public</id>
- <repositories>
- <repository>
- <id>20_openecomp-public</id>
- <name>20_openecomp-public</name>
- <url>https://nexus.onap.org/content/repositories/public/</url>
- <releases>
- <enabled>true</enabled>
- <updatePolicy>daily</updatePolicy>
- </releases>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- </repository>
- </repositories>
- <pluginRepositories>
- <pluginRepository>
- <id>20_openecomp-public</id>
- <name>20_openecomp-public</name>
- <url>https://nexus.onap.org/content/repositories/public/</url>
- <releases>
- <enabled>true</enabled>
- <updatePolicy>daily</updatePolicy>
- </releases>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- </pluginRepository>
- </pluginRepositories>
- </profile>
- <profile>
- <id>30_openecomp-staging</id>
- <repositories>
- <repository>
- <id>30_openecomp-staging</id>
- <name>30_openecomp-staging</name>
- <url>https://nexus.onap.org/content/repositories/staging/</url>
- <releases>
- <enabled>true</enabled>
- <updatePolicy>daily</updatePolicy>
- </releases>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- </repository>
- </repositories>
- <pluginRepositories>
- <pluginRepository>
- <id>30_openecomp-staging</id>
- <name>30_openecomp-staging</name>
- <url>https://nexus.onap.org/content/repositories/staging/</url>
- <releases>
- <enabled>true</enabled>
- <updatePolicy>daily</updatePolicy>
- </releases>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- </pluginRepository>
- </pluginRepositories>
- </profile>
- <profile>
- <id>40_openecomp-release</id>
- <repositories>
- <repository>
- <id>40_openecomp-release</id>
- <name>40_openecomp-release</name>
- <url>https://nexus.onap.org/content/repositories/releases/</url>
- <releases>
- <enabled>true</enabled>
- <updatePolicy>daily</updatePolicy>
- </releases>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- </repository>
- </repositories>
- <pluginRepositories>
- <pluginRepository>
- <id>40_openecomp-release</id>
- <name>40_openecomp-release</name>
- <url>https://nexus.onap.org/content/repositories/releases/</url>
- <releases>
- <enabled>true</enabled>
- <updatePolicy>daily</updatePolicy>
- </releases>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- </pluginRepository>
- </pluginRepositories>
- </profile>
-
- <profile>
- <id>50_openecomp-snapshots</id>
- <repositories>
- <repository>
- <id>50_openecomp-snapshot</id>
- <name>50_openecomp-snapshot</name>
- <url>https://nexus.onap.org/content/repositories/snapshots/</url>
- <releases>
- <enabled>false</enabled>
- </releases>
- <snapshots>
- <enabled>true</enabled>
- </snapshots>
- </repository>
- </repositories>
- <pluginRepositories>
- <pluginRepository>
- <id>50_openecomp-snapshot</id>
- <name>50_openecomp-snapshot</name>
- <url>https://nexus.onap.org/content/repositories/snapshots/</url>
- <releases>
- <enabled>false</enabled>
- </releases>
- <snapshots>
- <enabled>true</enabled>
- </snapshots>
- </pluginRepository>
- </pluginRepositories>
- </profile>
- <profile>
- <id>60_opendaylight-release</id>
- <repositories>
- <repository>
- <id>60_opendaylight-mirror</id>
- <name>60_opendaylight-mirror</name>
- <url>https://nexus.opendaylight.org/content/repositories/public/</url>
- <releases>
- <enabled>true</enabled>
- <updatePolicy>daily</updatePolicy>
- </releases>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- </repository>
- </repositories>
- <pluginRepositories>
- <pluginRepository>
- <id>60_opendaylight-mirror</id>
- <name>60_opendaylight-mirror</name>
- <url>https://nexus.opendaylight.org/content/repositories/public/</url>
- <releases>
- <enabled>true</enabled>
- <updatePolicy>daily</updatePolicy>
- </releases>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- </pluginRepository>
- </pluginRepositories>
- </profile>
-
- <profile>
- <id>70_opendaylight-snapshots</id>
- <repositories>
- <repository>
- <id>70_opendaylight-snapshot</id>
- <name>70_opendaylight-snapshot</name>
- <url>https://nexus.opendaylight.org/content/repositories/opendaylight.snapshot/</url>
- <releases>
- <enabled>false</enabled>
- </releases>
- <snapshots>
- <enabled>true</enabled>
- </snapshots>
- </repository>
- </repositories>
- <pluginRepositories>
- <pluginRepository>
- <id>70_opendaylight-snapshot</id>
- <name>70_opendaylight-snapshot</name>
- <url>https://nexus.opendaylight.org/content/repositories/opendaylight.snapshot/</url>
- <releases>
- <enabled>false</enabled>
- </releases>
- <snapshots>
- <enabled>true</enabled>
- </snapshots>
- </pluginRepository>
- </pluginRepositories>
- </profile>
- </profiles>
-
- <activeProfiles>
- <activeProfile>10_nexus</activeProfile>
- <activeProfile>20_openecomp-public</activeProfile>
- <activeProfile>30_openecomp-staging</activeProfile>
- <activeProfile>40_openecomp-release</activeProfile>
- <activeProfile>50_openecomp-snapshots</activeProfile>
- <activeProfile>60_opendaylight-release</activeProfile>
- <activeProfile>70_opendaylight-snapshots</activeProfile>
-
- </activeProfiles>
-
-</settings>
-EOF
-
-cd /opt/authz
-mvn install -Dmaven.test.skip=true
-
-cd /opt
-./aaf_vm_init.sh
diff --git a/heat/ONAP/cloud-config/aaf_vm_init.sh b/heat/ONAP/cloud-config/aaf_vm_init.sh
index a388bf2f..59486e94 100644
--- a/heat/ONAP/cloud-config/aaf_vm_init.sh
+++ b/heat/ONAP/cloud-config/aaf_vm_init.sh
@@ -1,55 +1,104 @@
#!/bin/bash
+CURRENT_DIR=$(pwd)
+
NEXUS_USERNAME=$(cat /opt/config/nexus_username.txt)
NEXUS_PASSWD=$(cat /opt/config/nexus_password.txt)
-NEXUS_DOCKER_REPO=$(cat /opt/config/nexus_docker_repo.txt)
-DOCKER_IMAGE_VERSION=$(cat /opt/config/docker_version.txt)
-HOSTNAME=`hostname`
-FQDN=aaf.api.simpledemo.onap.org
-HOST_IP=$(cat /opt/config/local_ip.txt)
-
-docker login -u $NEXUS_USERNAME -p $NEXUS_PASSWD $NEXUS_DOCKER_REPO
+if [ -e /opt/authz/auth/docker/d.props ]; then
+ NEXUS_DOCKER_REPO=`grep "DOCKER_REPOSITORY=" /opt/authz/auth/docker/d.props`
+else
+ NEXUS_DOCKER_REPO="DOCKER_REPOSITORY="
+fi
-cd /opt/authz
-git pull
+if [ "$NEXUS_DOCKER_REPO" = "DOCKER_REPOSITORY=" ]; then
+ NEXUS_DOCKER_REPO=$(cat /opt/config/nexus_docker_repo.txt)
+else
+ NEXUS_DOCKER_REPO=${NEXUS_DOCKER_REPO#DOCKER_REPOSITORY=}
+fi
+echo $NEXUS_DOCKER_REPO
+HOSTNAME=`hostname -f`
+FQDN=aaf.api.simpledemo.onap.org
+HOST_IP=$(cat /opt/config/local_ip.txt)
cd /opt/authz/auth/auth-cass/docker
if [ "`docker container ls | grep aaf_cass`" = "" ]; then
# Cassandra Install
echo Phase 1 Cassandra Install
- ./dinstall.sh
+ bash ./dinstall.sh
fi
+if [ ! -e /opt/authz/auth/docker/d.props ]; then
+ cp /opt/authz/auth/docker/d.props.init /opt/authz/auth/docker/d.props
+fi
+
+VERSION=$(grep VERSION /opt/authz/auth/docker/d.props)
+VERSION=${VERSION#VERSION=}
CASS_IP=`docker inspect aaf_cass | grep '"IPAddress' | head -1 | cut -d '"' -f 4`
CASS_HOST="cass.aaf.osaaf.org:"$CASS_IP
-
-sed -i "s/DOCKER_REPOSITORY=.*/DOCKER_REPOSITORY="$NEXUS_DOCKER_REPO"/g" /opt/authz/auth/docker/d.props
-#sed -i "s/VERSION=.*/VERSION="$DOCKER_IMAGE_VERSION"/g" /opt/authz/auth/docker/d.props
-sed -i "s/HOSTNAME=.*/HOSTNAME="$HOSTNAME"/g" /opt/authz/auth/docker/d.props
-sed -i "s/HOST_IP=.*/HOST_IP="$HOST_IP"/g" /opt/authz/auth/docker/d.props
-sed -i "s/CASS_HOST=.*/CASS_HOST="$CASS_HOST"/g" /opt/authz/auth/docker/d.props
-
-if [ ! -e "/opt/app/osaaf/etc" ]; then
- # Nothing installed, install sample
- mkdir -p /opt/app/osaaf/logs
- cd /opt/app/osaaf/logs
- mkdir fs cm gui hello locate oauth service
- cd /opt
- cp -Rf /opt/authz/auth/sample/* /opt/app/osaaf
+if [ ! -e /opt/authz/auth/docker/cass.props ]; then
+ cp /opt/authz/auth/docker/cass.props.init /opt/authz/auth/docker/cass.props
fi
-# Set Location information
-# Need new Deployment system properties
+
+sed -i "s/CASS_HOST=.*/CASS_HOST="$CASS_HOST"/g" /opt/authz/auth/docker/cass.props
+# TODO Pull from Config Dir
CADI_LATITUDE=37.781
CADI_LONGITUDE=-122.261
-CADI_TRUST_MASKS="${HOST_IP%\.[0-9]*}\\/24,${CASS_IP%\.[0-9]*}\\/24"
-sed -i "s/cadi_latitude=.*/cadi_latitude="$CADI_LATITUDE"/g" /opt/app/osaaf/local/org.osaaf.location.props
-sed -i "s/cadi_longitude=.*/cadi_longitude="$CADI_LONGITUDE"/g" /opt/app/osaaf/local/org.osaaf.location.props
-sed -i "s/cadi_registration_hostname=.*/cadi_registration_hostname="$FQDN"/g" /opt/app/osaaf/local/org.osaaf.location.props
-sed -i "s/cadi_trust_masks=.*/cadi_trust_masks="$CADI_TRUST_MASKS"/g" /opt/app/osaaf/local/org.osaaf.location.props
+sed -i "s/DOCKER_REPOSITORY=.*/DOCKER_REPOSITORY=$NEXUS_DOCKER_REPO/g" /opt/authz/auth/docker/d.props
+sed -i "s/VERSION=.*/VERSION=$VERSION/g" /opt/authz/auth/docker/d.props
+sed -i "s/HOSTNAME=.*/HOSTNAME=$HOSTNAME/g" /opt/authz/auth/docker/d.props
+sed -i "s/HOST_IP=.*/HOST_IP=$HOST_IP/g" /opt/authz/auth/docker/d.props
+sed -i "s/LATITUDE=.*/LATITUDE=$CADI_LATITUDE/g" /opt/authz/auth/docker/d.props
+sed -i "s/LONGITUDE=.*/LONGITUDE=$CADI_LONGITUDE/g" /opt/authz/auth/docker/d.props
+
+SIGNER_P12="$CURRENT_DIR/sample_ca/aaf.signer.p12"
+AAF_P12="$CURRENT_DIR/sample_ca/aaf.bootstrap.p12"
+P12_PASSWORD="something easy"
+
+if [ ! -e "$AAF_P12" ]; then
+ mkdir -p $CURRENT_DIR/sample_ca
+ cd /opt/authz/conf/CA
+ /bin/bash bootstrap.sh $SIGNER_P12 "$P12_PASSWORD"
+ if [ ! -e "aaf.bootstrap.p12" ]; then
+ echo "Certificates NOT created. Stopping installation"
+ exit
+ else
+ mv aaf.bootstrap.p12 $AAF_P12
+ fi
+ cd -
+fi
+
+if [ -e "$AAF_P12" ]; then
+ sed -i "s/AAF_INITIAL_X509_P12=.*/AAF_INITIAL_X509_P12=${AAF_P12//\//\\/}/g" /opt/authz/auth/docker/d.props
+ sed -i "s/AAF_INITIAL_X509_PASSWORD=.*/AAF_INITIAL_X509_PASSWORD=\"$P12_PASSWORD\"/g" /opt/authz/auth/docker/d.props
+fi
+
+if [ -e "$SIGNER_P12" ]; then
+ if [ -e "/opt/config/cadi_x509_issuers.txt" ]; then
+ ISSUERS=$(cat "/opt/config/cadi_x509_issuers.txt")":"
+ fi
+ # Pick the REAL subject off the P12
+ SUBJECT=$(echo "$P12_PASSWORD" | openssl pkcs12 -info -clcerts -in $SIGNER_P12 -nokeys -passin stdin | grep subject)
+ SUBJECT=${SUBJECT//\// }
+ SUBJECT=${SUBJECT/subject= /}
+ # Needs to be reversed, separated by ", "
+ for S in $SUBJECT ; do
+ if [ "$RSUBJECT" = "" ]; then
+ RSUBJECT=$S
+ else
+ RSUBJECT="$S, $RSUBJECT"
+ fi
+ done
+ ISSUERS="$ISSUERS$RSUBJECT"
+ sed -i "s/CADI_X509_ISSUERS=.*/CADI_X509_ISSUERS=\"$ISSUERS\"/g" /opt/authz/auth/docker/d.props
+ sed -i "s/AAF_SIGNER_P12=.*/AAF_SIGNER_P12=${SIGNER_P12//\//\\/}/g" /opt/authz/auth/docker/d.props
+ sed -i "s/AAF_SIGNER_PASSWORD=.*/AAF_SIGNER_PASSWORD=\"$P12_PASSWORD\"/g" /opt/authz/auth/docker/d.props
+fi
cd /opt/authz/auth/docker
-./dbuild.sh
-sleep 5
-./drun.sh
+# Need new Deployment system properties
+bash ./aaf.sh
+
+# run it
+bash ./drun.sh
diff --git a/heat/ONAP/cloud-config/sample_ca/.gitignore b/heat/ONAP/cloud-config/sample_ca/.gitignore
new file mode 100644
index 00000000..5f8bc015
--- /dev/null
+++ b/heat/ONAP/cloud-config/sample_ca/.gitignore
@@ -0,0 +1 @@
+aaf.bootstrap.p12
diff --git a/heat/ONAP/cloud-config/sample_ca/aaf.signer.p12 b/heat/ONAP/cloud-config/sample_ca/aaf.signer.p12
new file mode 100644
index 00000000..8de21238
--- /dev/null
+++ b/heat/ONAP/cloud-config/sample_ca/aaf.signer.p12
Binary files differ
diff --git a/heat/ONAP/cloud-config/vid_vm_init.sh b/heat/ONAP/cloud-config/vid_vm_init.sh
index 9c67307f..6896afd3 100644
--- a/heat/ONAP/cloud-config/vid_vm_init.sh
+++ b/heat/ONAP/cloud-config/vid_vm_init.sh
@@ -16,6 +16,6 @@ docker pull $NEXUS_DOCKER_REPO/onap/vid:$DOCKER_IMAGE_VERSION
docker rm -f vid-mariadb
docker rm -f vid-server
-docker run --name vid-mariadb -e MYSQL_DATABASE=vid_openecomp_epsdk -e MYSQL_USER=vidadmin -e MYSQL_PASSWORD=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U -e MYSQL_ROOT_PASSWORD=LF+tp_1WqgSY -v /opt/vid/lf_config/vid-my.cnf:/etc/mysql/my.cnf -v /opt/vid/lf_config/vid-pre-init.sql:/docker-entrypoint-initdb.d/vid-pre-init.sql -v /var/lib/mysql -d mariadb:10
+docker run --name vid-mariadb -e MYSQL_DATABASE=vid_openecomp_epsdk -e MYSQL_USER=vidadmin -e MYSQL_PASSWORD=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U -e MYSQL_ROOT_PASSWORD=LF+tp_1WqgSY -v /opt/vid/lf_config/vid-my.cnf:/etc/mysql/my.cnf -v /opt/vid/lf_config/vid-schema.sql:/docker-entrypoint-initdb.d/vid-schema.sql -v /var/lib/mysql -d mariadb:10
docker run -e VID_MYSQL_DBNAME=vid_openecomp_epsdk -e VID_MYSQL_PASS=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U --name vid-server -p 8080:8080 --link vid-mariadb:vid-mariadb-docker-instance -d $NEXUS_DOCKER_REPO/onap/vid:$DOCKER_IMAGE_VERSION
diff --git a/heat/ONAP/onap_openstack.yaml b/heat/ONAP/onap_openstack.yaml
index eaec4f42..76526fcb 100644
--- a/heat/ONAP/onap_openstack.yaml
+++ b/heat/ONAP/onap_openstack.yaml
@@ -1245,6 +1245,7 @@ resources:
__vm_flavor__: { get_param: flavor_medium }
__public_net_id__: { get_param: public_net_id }
__oam_network_id__: { get_resource: oam_onap }
+ __sec_group__: { get_resource: onap_sg }
__script_version__: { get_param: artifacts_version }
__docker_version__: { get_param: robot_docker }
__sniro_docker_version__: { get_param: sniro_docker }
@@ -1299,6 +1300,7 @@ resources:
echo "__public_net_id__" > /opt/config/public_net_id.txt
fi
echo "__oam_network_id__" > /opt/config/oam_network_id.txt
+ echo "__sec_group__" > /opt/config/sec_group.txt
echo "__use_oam_net_for_robot__" > /opt/config/use_oam_net_for_robot.txt
echo "__vnf_pub_key__" > /opt/config/vnf_pub_key.txt
echo "localhost" > /opt/config/log_elasticsearch_ip_addr.txt # these tests will be skipped by robot