diff options
-rw-r--r-- | boot/robot/integration_preload_parameters.py | 16 | ||||
-rw-r--r-- | boot/robot/integration_robot_properties.py | 3 | ||||
-rw-r--r-- | heat/ONAP/cloud-config/aaf_install.sh | 489 | ||||
-rw-r--r-- | heat/ONAP/cloud-config/aaf_vm_init.sh | 117 | ||||
-rw-r--r-- | heat/ONAP/cloud-config/sample_ca/.gitignore | 1 | ||||
-rw-r--r-- | heat/ONAP/cloud-config/sample_ca/aaf.signer.p12 | bin | 0 -> 2850 bytes | |||
-rw-r--r-- | heat/ONAP/cloud-config/vid_vm_init.sh | 2 | ||||
-rw-r--r-- | heat/ONAP/onap_openstack.yaml | 2 |
8 files changed, 146 insertions, 484 deletions
diff --git a/boot/robot/integration_preload_parameters.py b/boot/robot/integration_preload_parameters.py index 5d3e3c86..108d470f 100644 --- a/boot/robot/integration_preload_parameters.py +++ b/boot/robot/integration_preload_parameters.py @@ -9,6 +9,7 @@ GLOBAL_PRELOAD_PARAMETERS = { "onap_private_net_id" : "${GLOBAL_INJECTED_NETWORK}", "onap_private_subnet_id" : "${GLOBAL_INJECTED_NETWORK}", "onap_private_net_cidr" : "10.0.0.0/8", + "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}", "dcae_collector_ip" : "${GLOBAL_INJECTED_DCAE_COLLECTOR_IP}", "dcae_collector_port" : "8080", "public_net_id" : "${GLOBAL_INJECTED_PUBLIC_NET_ID}", @@ -32,6 +33,7 @@ GLOBAL_PRELOAD_PARAMETERS = { "vpg_private_ip_1" : "10.0.${ecompnet}.2", "vsn_private_ip_0" : "192.168.20.250", "vsn_private_ip_1" : "10.0.${ecompnet}.3", + "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}", 'vfw_name_0':'vofwl01fwl${hostid}', 'vpg_name_0':'vofwl01pgn${hostid}', "vfw_image_name" : "${GLOBAL_INJECTED_UBUNTU_1404_IMAGE}", @@ -51,6 +53,7 @@ GLOBAL_PRELOAD_PARAMETERS = { "vpg_private_ip_0" : "192.168.10.200", "vsn_private_ip_0" : "192.168.20.250", "vsn_private_ip_1" : "10.0.${ecompnet}.102", + "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}", 'vfw_name_0':'vofwl01fwl${hostid}', 'vsn_name_0':'vofwl01snk${hostid}', "image_name" : "${GLOBAL_INJECTED_UBUNTU_1404_IMAGE}", @@ -65,6 +68,7 @@ GLOBAL_PRELOAD_PARAMETERS = { "vpg_private_ip_0" : "192.168.10.200", "vpg_private_ip_1" : "10.0.${ecompnet}.103", "vsn_private_ip_0" : "192.168.20.250", + "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}", 'vpg_name_0':'vofwl01pgn${hostid}', "image_name" : "${GLOBAL_INJECTED_UBUNTU_1404_IMAGE}", "flavor_name" : "${GLOBAL_INJECTED_VM_FLAVOR}", @@ -79,6 +83,7 @@ GLOBAL_PRELOAD_PARAMETERS = { "vlb_private_ip_1" : "10.0.${ecompnet}.4", "vdns_private_ip_0" : "192.168.30.110", "vdns_private_ip_1" : "10.0.${ecompnet}.5", + "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}", 'vlb_name_0':'vovlblb${hostid}', 'vdns_name_0':'vovlbdns${hostid}', "pktgen_private_net_cidr" : "192.168.9.0/24", @@ -99,6 +104,7 @@ GLOBAL_PRELOAD_PARAMETERS = { "vlb_private_ip_1" : "10.0.${ecompnet}.4", "vdns_private_ip_0" : "192.168.30.222", "vdns_private_ip_1" : "10.0.${ecompnet}.6", + "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}", 'scaling_vdns_name_0':'vovlbscaling${hostid}', "vlb_private_net_cidr" : "192.168.10.0/24" }, @@ -141,6 +147,7 @@ GLOBAL_PRELOAD_PARAMETERS = { "vpg_private_ip_1" : "10.0.${ecompnet}.12", "vsn_private_ip_0" : "192.168.120.250", "vsn_private_ip_1" : "10.0.${ecompnet}.13", + "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}", 'vfw_name_0':'clfwl01fwl${hostid}', 'vpg_name_0':'clfwl01pgn${hostid}', "vfw_image_name" : "${GLOBAL_INJECTED_UBUNTU_1404_IMAGE}", @@ -160,6 +167,7 @@ GLOBAL_PRELOAD_PARAMETERS = { "vpg_private_ip_0" : "192.168.10.200", "vsn_private_ip_0" : "192.168.20.250", "vsn_private_ip_1" : "10.0.${ecompnet}.112", + "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}", 'vfw_name_0':'clfwl01fwl${hostid}', 'vsn_name_0':'clfwl01snk${hostid}', "image_name" : "${GLOBAL_INJECTED_UBUNTU_1404_IMAGE}", @@ -174,6 +182,7 @@ GLOBAL_PRELOAD_PARAMETERS = { "vpg_private_ip_0" : "192.168.10.200", "vpg_private_ip_1" : "10.0.${ecompnet}.113", "vsn_private_ip_0" : "192.168.20.250", + "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}", 'vpg_name_0':'clfwl01pgn${hostid}', "image_name" : "${GLOBAL_INJECTED_UBUNTU_1404_IMAGE}", "flavor_name" : "${GLOBAL_INJECTED_VM_FLAVOR}", @@ -188,6 +197,7 @@ GLOBAL_PRELOAD_PARAMETERS = { "vlb_private_ip_1" : "10.0.${ecompnet}.14", "vdns_private_ip_0" : "192.168.30.110", "vdns_private_ip_1" : "10.0.${ecompnet}.15", + "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}", 'vlb_name_0':'clvlblb${hostid}', 'vdns_name_0':'clvlbdns${hostid}', "pktgen_private_net_cidr" : "192.168.9.0/24", @@ -207,6 +217,7 @@ GLOBAL_PRELOAD_PARAMETERS = { "vlb_private_ip_1" : "10.0.${ecompnet}.14", "vdns_private_ip_0" : "192.168.130.222", "vdns_private_ip_1" : "10.0.${ecompnet}.16", + "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}", 'scaling_vdns_name_0':'clvlbscaling${hostid}', "vlb_private_net_cidr" : "192.168.10.0/24" }, @@ -248,6 +259,7 @@ GLOBAL_PRELOAD_PARAMETERS = { "vpg_private_ip_1" : "10.0.${ecompnet}.12", "vsn_private_ip_0" : "192.168.120.250", "vsn_private_ip_1" : "10.0.${ecompnet}.13", + "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}", 'vfw_name_0':'demofwl01fwl', 'vpg_name_0':'demofwl01pgn', "vfw_image_name" : "${GLOBAL_INJECTED_UBUNTU_1404_IMAGE}", @@ -267,6 +279,7 @@ GLOBAL_PRELOAD_PARAMETERS = { "vpg_private_ip_0" : "192.168.10.200", "vsn_private_ip_0" : "192.168.20.250", "vsn_private_ip_1" : "10.0.${ecompnet}.122", + "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}", 'vfw_name_0':'demofwl01fwl${hostid}', 'vsn_name_0':'demofwl01snk${hostid}', "image_name" : "${GLOBAL_INJECTED_UBUNTU_1404_IMAGE}", @@ -282,6 +295,7 @@ GLOBAL_PRELOAD_PARAMETERS = { "vpg_private_ip_1" : "10.0.${ecompnet}.123", "vsn_private_ip_0" : "192.168.20.250", 'vpg_name_0':'demofwl01pgn${hostid}', + "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}", "image_name" : "${GLOBAL_INJECTED_UBUNTU_1404_IMAGE}", "flavor_name" : "${GLOBAL_INJECTED_VM_FLAVOR}" }, @@ -295,6 +309,7 @@ GLOBAL_PRELOAD_PARAMETERS = { "vlb_private_ip_1" : "10.0.${ecompnet}.24", "vdns_private_ip_0" : "192.168.30.110", "vdns_private_ip_1" : "10.0.${ecompnet}.25", + "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}", 'vlb_name_0':'demovlblb${hostid}', 'vdns_name_0':'demovlbdns${hostid}', "pktgen_private_net_cidr" : "192.168.9.0/24", @@ -314,6 +329,7 @@ GLOBAL_PRELOAD_PARAMETERS = { "vlb_private_ip_1" : "10.0.${ecompnet}.24", "vdns_private_ip_0" : "192.168.130.222", "vdns_private_ip_1" : "10.0.${ecompnet}.26", + "onap_sec_group" : "${GLOBAL_INJECTED_SEC_GROUP}", 'scaling_vdns_name_0':'demovlbscaling${hostid}', "vlb_private_net_cidr" : "192.168.10.0/24" }, diff --git a/boot/robot/integration_robot_properties.py b/boot/robot/integration_robot_properties.py index 5facd54f..68b18deb 100644 --- a/boot/robot/integration_robot_properties.py +++ b/boot/robot/integration_robot_properties.py @@ -59,10 +59,11 @@ GLOBAL_MSO_BPMN_SERVER_PORT = "8081" GLOBAL_MSO_CATDB_SERVER_PORT = "8082" GLOBAL_MSO_OPENSTACK_SERVER_PORT = "8087" GLOBAL_MSO_REQDB_SERVER_PORT = "8083" -GLOBAL_MSO_SDNC_SERVER_PORT = "8090" +GLOBAL_MSO_SDNC_SERVER_PORT = "8086" GLOBAL_MSO_VFC_SERVER_PORT = "8084" GLOBAL_MSO_USERNAME = "InfraPortalClient" +GLOBAL_MSO_CATDB_USERNAME = "bpel" GLOBAL_MSO_PASSWORD = "password1$" # music info - everything is from the private oam network (also called onap private network) GLOBAL_MUSIC_SERVER_PROTOCOL = "http" diff --git a/heat/ONAP/cloud-config/aaf_install.sh b/heat/ONAP/cloud-config/aaf_install.sh index 61f23daa..c2389d03 100644 --- a/heat/ONAP/cloud-config/aaf_install.sh +++ b/heat/ONAP/cloud-config/aaf_install.sh @@ -1,453 +1,46 @@ #!/bin/bash - -# Read configuration files -GERRIT_BRANCH=$(cat /opt/config/gerrit_branch.txt) -CODE_REPO=$(cat /opt/config/remote_repo.txt) -HTTP_PROXY=$(cat /opt/config/http_proxy.txt) -HTTPS_PROXY=$(cat /opt/config/https_proxy.txt) - -if [ $HTTP_PROXY != "no_proxy" ] -then - export http_proxy=$HTTP_PROXY - export https_proxy=$HTTPS_PROXY + +CURRENT_DIR=$(pwd) +export MTU=$(/sbin/ifconfig | grep MTU | sed 's/.*MTU://' | sed 's/ .*//' | sort -n | head -1) + +NEXUS_USERNAME=$(cat /opt/config/nexus_username.txt) +NEXUS_PASSWD=$(cat /opt/config/nexus_password.txt) +NEXUS_DOCKER_REPO=$(cat /opt/config/nexus_docker_repo.txt) +HOSTNAME=`hostname -f` +FQDN=aaf.api.simpledemo.onap.org +HOST_IP=$(cat /opt/config/local_ip.txt) + +echo "$NEXUS_PASSWD" | docker login -u $NEXUS_USERNAME --password-stdin $NEXUS_DOCKER_REPO + +if [ -e "/opt/authz" ]; then + cd /opt/authz + git pull +else + cd /opt + git clone https://gerrit.onap.org/r/aaf/authz + cd authz fi - -# Download dependencies -echo "deb http://ppa.launchpad.net/openjdk-r/ppa/ubuntu $(lsb_release -c -s) main" >> /etc/apt/sources.list.d/java.list -echo "deb-src http://ppa.launchpad.net/openjdk-r/ppa/ubuntu $(lsb_release -c -s) main" >> /etc/apt/sources.list.d/java.list -apt-get update -apt-get install --allow-unauthenticated -y openjdk-8-jdk maven - -# Clone Gerrit repository and run docker containers -cd /opt -git clone -b $GERRIT_BRANCH --single-branch $CODE_REPO -chmod +x /opt/authz/auth/auth-cass/docker/dinstall.sh -chmod +x /opt/authz/auth/auth-cass/docker/backup/backup.sh -chmod +x /opt/authz/auth/docker/dbuild.sh -chmod +x /opt/authz/auth/docker/drun.sh -chmod +x /opt/authz/auth/docker/dstart.sh -chmod +x /opt/authz/auth/docker/dstop.sh - -#Update maven settings -cat > /usr/share/maven/conf/settings.xml << EOF -<?xml version="1.0" encoding="UTF-8"?> - -<!-- -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. ---> - -<!-- - | This is the configuration file for Maven. It can be specified at two levels: - | - | 1. User Level. This settings.xml file provides configuration for a single user, -| and is normally provided in \${user.home}/.m2/settings.xml. - | - | NOTE: This location can be overridden with the CLI option: - | - | -s /path/to/user/settings.xml - | - | 2. Global Level. This settings.xml file provides configuration for all Maven - | users on a machine (assuming they're all using the same Maven - | installation). It's normally provided in -| \${maven.home}/conf/settings.xml. - | - | NOTE: This location can be overridden with the CLI option: - | - | -gs /path/to/global/settings.xml - | - | The sections in this sample file are intended to give you a running start at - | getting the most out of your Maven installation. Where appropriate, the default - | values (values used when the setting is not specified) are provided. - | - |--> -<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd"> - <!-- localRepository - | The path to the local repository maven will use to store artifacts. - | -| Default: \${user.home}/.m2/repository - <localRepository>/path/to/local/repo</localRepository> - --> - - <!-- interactiveMode - | This will determine whether maven prompts you when it needs input. If set to false, - | maven will use a sensible default value, perhaps based on some other setting, for - | the parameter in question. - | - | Default: true - <interactiveMode>true</interactiveMode> - --> - - <!-- offline - | Determines whether maven should attempt to connect to the network when executing a build. - | This will have an effect on artifact downloads, artifact deployment, and others. - | - | Default: false - <offline>false</offline> - --> - - <!-- pluginGroups - | This is a list of additional group identifiers that will be searched when resolving plugins by their prefix, i.e. - | when invoking a command line like "mvn prefix:goal". Maven will automatically add the group identifiers - | "org.apache.maven.plugins" and "org.codehaus.mojo" if these are not already contained in the list. - |--> - <pluginGroups> - <!-- pluginGroup - | Specifies a further group identifier to use for plugin lookup. - <pluginGroup>com.your.plugins</pluginGroup> - --> - </pluginGroups> - -EOF - -if [[ $(cat /opt/config/https_proxy.txt) != "no_proxy" ]]; then - HTTPS_PROXY_HOST=$(cat /opt/config/https_proxy.txt | cut -d ':' -f1) - HTTPS_PROXY_PORT=$(cat /opt/config/https_proxy.txt | cut -d ':' -f2) - - cat >> settings.xml << EOF - <!-- proxies - | This is a list of proxies which can be used on this machine to connect to the network. - | Unless otherwise specified (by system property or command-line switch), the first proxy - | specification in this list marked as active will be used. - |--> - <proxies> - <proxy> - <id>optional</id> - <active>true</active> - <protocol>http</protocol> - <username>proxyuser</username> - <password>proxypass</password> - <host>$HTTPS_PROXY_HOST</host> - <port>$HTTPS_PROXY_PORT</port> - <nonProxyHosts>local.net|some.host.com</nonProxyHosts> - </proxy> - <proxy> - <id>optional</id> - <active>true</active> - <protocol>https</protocol> - <username>proxyuser</username> - <password>proxypass</password> - <host>$HTTPS_PROXY_HOST</host> - <port>$HTTPS_PROXY_PORT</port> - <nonProxyHosts>local.net|some.host.com</nonProxyHosts> - </proxy> - </proxies> - -EOF +cd /opt/authz/auth/auth-cass/docker +if [ "`docker container ls | grep aaf_cass`" = "" ]; then + # Cassandra Install + echo Phase 1 Cassandra Install + /bin/bash ./dinstall.sh fi + +CASS_IP=`docker inspect aaf_cass | grep '"IPAddress' | head -1 | cut -d '"' -f 4` +CASS_HOST="cass.aaf.osaaf.org:"$CASS_IP + +docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_config:latest +docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_core:latest +docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_cm:latest +docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_fs:latest +docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_gui:latest +docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_hello:latest +docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_locate:latest +docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_oauth:latest +docker pull $NEXUS_DOCKER_REPO/onap/aaf/aaf_service:latest + +cd $CURRENT_DIR +/bin/bash ./aaf_vm_init.sh -cat >> settings.xml << EOF - - <!-- servers - | This is a list of authentication profiles, keyed by the server-id used within the system. - | Authentication profiles can be used whenever maven must make a connection to a remote server. - |--> - <servers> - <!-- server - | Specifies the authentication information to use when connecting to a particular server, identified by - | a unique name within the system (referred to by the 'id' attribute below). - | - | NOTE: You should either specify username/password OR privateKey/passphrase, since these pairings are - | used together. - | - <server> - <id>deploymentRepo</id> - <username>repouser</username> - <password>repopwd</password> - </server> - --> - - <!-- Another sample, using keys to authenticate. - <server> - <id>siteServer</id> - <privateKey>/path/to/private/key</privateKey> - <passphrase>optional; leave empty if not used.</passphrase> - </server> - --> - </servers> - - <!-- mirrors - | This is a list of mirrors to be used in downloading artifacts from remote repositories. - | - | It works like this: a POM may declare a repository to use in resolving certain artifacts. - | However, this repository may have problems with heavy traffic at times, so people have mirrored - | it to several places. - | - | That repository definition will have a unique id, so we can create a mirror reference for that - | repository, to be used as an alternate download site. The mirror site will be the preferred - | server for that repository. - |--> - - <!-- profiles - | This is a list of profiles which can be activated in a variety of ways, and which can modify - | the build process. Profiles provided in the settings.xml are intended to provide local machine- - | specific paths and repository locations which allow the build to work in the local environment. - | - | For example, if you have an integration testing plugin - like cactus - that needs to know where - | your Tomcat instance is installed, you can provide a variable here such that the variable is - | dereferenced during the build process to configure the cactus plugin. - | - | As noted above, profiles can be activated in a variety of ways. One way - the activeProfiles - | section of this document (settings.xml) - will be discussed later. Another way essentially - | relies on the detection of a system property, either matching a particular value for the property, - | or merely testing its existence. Profiles can also be activated by JDK version prefix, where a - | value of '1.4' might activate a profile when the build is executed on a JDK version of '1.4.2_07'. - | Finally, the list of active profiles can be specified directly from the command line. - | - | NOTE: For profiles defined in the settings.xml, you are restricted to specifying only artifact - | repositories, plugin repositories, and free-form properties to be used as configuration - | variables for plugins in the POM. - | - |--> - - - - - - <profiles> - <profile> - - <id>10_nexus</id> - <!--Enable snapshots for the built in central repo to direct --> - <!--all requests to nexus via the mirror --> - <repositories> - <repository> - <id>10_nexus</id> - <url>http://repo.maven.apache.org/maven2/</url> - <releases><enabled>true</enabled></releases> - <snapshots><enabled>true</enabled></snapshots> - </repository> - </repositories> - - <pluginRepositories> - <pluginRepository> - <id>10_nexus</id> - <url>http://repo.maven.apache.org/maven2/</url> - <releases><enabled>true</enabled></releases> - <snapshots><enabled>true</enabled></snapshots> - </pluginRepository> - </pluginRepositories> - - </profile> - <profile> - <id>20_openecomp-public</id> - <repositories> - <repository> - <id>20_openecomp-public</id> - <name>20_openecomp-public</name> - <url>https://nexus.onap.org/content/repositories/public/</url> - <releases> - <enabled>true</enabled> - <updatePolicy>daily</updatePolicy> - </releases> - <snapshots> - <enabled>false</enabled> - </snapshots> - </repository> - </repositories> - <pluginRepositories> - <pluginRepository> - <id>20_openecomp-public</id> - <name>20_openecomp-public</name> - <url>https://nexus.onap.org/content/repositories/public/</url> - <releases> - <enabled>true</enabled> - <updatePolicy>daily</updatePolicy> - </releases> - <snapshots> - <enabled>false</enabled> - </snapshots> - </pluginRepository> - </pluginRepositories> - </profile> - <profile> - <id>30_openecomp-staging</id> - <repositories> - <repository> - <id>30_openecomp-staging</id> - <name>30_openecomp-staging</name> - <url>https://nexus.onap.org/content/repositories/staging/</url> - <releases> - <enabled>true</enabled> - <updatePolicy>daily</updatePolicy> - </releases> - <snapshots> - <enabled>false</enabled> - </snapshots> - </repository> - </repositories> - <pluginRepositories> - <pluginRepository> - <id>30_openecomp-staging</id> - <name>30_openecomp-staging</name> - <url>https://nexus.onap.org/content/repositories/staging/</url> - <releases> - <enabled>true</enabled> - <updatePolicy>daily</updatePolicy> - </releases> - <snapshots> - <enabled>false</enabled> - </snapshots> - </pluginRepository> - </pluginRepositories> - </profile> - <profile> - <id>40_openecomp-release</id> - <repositories> - <repository> - <id>40_openecomp-release</id> - <name>40_openecomp-release</name> - <url>https://nexus.onap.org/content/repositories/releases/</url> - <releases> - <enabled>true</enabled> - <updatePolicy>daily</updatePolicy> - </releases> - <snapshots> - <enabled>false</enabled> - </snapshots> - </repository> - </repositories> - <pluginRepositories> - <pluginRepository> - <id>40_openecomp-release</id> - <name>40_openecomp-release</name> - <url>https://nexus.onap.org/content/repositories/releases/</url> - <releases> - <enabled>true</enabled> - <updatePolicy>daily</updatePolicy> - </releases> - <snapshots> - <enabled>false</enabled> - </snapshots> - </pluginRepository> - </pluginRepositories> - </profile> - - <profile> - <id>50_openecomp-snapshots</id> - <repositories> - <repository> - <id>50_openecomp-snapshot</id> - <name>50_openecomp-snapshot</name> - <url>https://nexus.onap.org/content/repositories/snapshots/</url> - <releases> - <enabled>false</enabled> - </releases> - <snapshots> - <enabled>true</enabled> - </snapshots> - </repository> - </repositories> - <pluginRepositories> - <pluginRepository> - <id>50_openecomp-snapshot</id> - <name>50_openecomp-snapshot</name> - <url>https://nexus.onap.org/content/repositories/snapshots/</url> - <releases> - <enabled>false</enabled> - </releases> - <snapshots> - <enabled>true</enabled> - </snapshots> - </pluginRepository> - </pluginRepositories> - </profile> - <profile> - <id>60_opendaylight-release</id> - <repositories> - <repository> - <id>60_opendaylight-mirror</id> - <name>60_opendaylight-mirror</name> - <url>https://nexus.opendaylight.org/content/repositories/public/</url> - <releases> - <enabled>true</enabled> - <updatePolicy>daily</updatePolicy> - </releases> - <snapshots> - <enabled>false</enabled> - </snapshots> - </repository> - </repositories> - <pluginRepositories> - <pluginRepository> - <id>60_opendaylight-mirror</id> - <name>60_opendaylight-mirror</name> - <url>https://nexus.opendaylight.org/content/repositories/public/</url> - <releases> - <enabled>true</enabled> - <updatePolicy>daily</updatePolicy> - </releases> - <snapshots> - <enabled>false</enabled> - </snapshots> - </pluginRepository> - </pluginRepositories> - </profile> - - <profile> - <id>70_opendaylight-snapshots</id> - <repositories> - <repository> - <id>70_opendaylight-snapshot</id> - <name>70_opendaylight-snapshot</name> - <url>https://nexus.opendaylight.org/content/repositories/opendaylight.snapshot/</url> - <releases> - <enabled>false</enabled> - </releases> - <snapshots> - <enabled>true</enabled> - </snapshots> - </repository> - </repositories> - <pluginRepositories> - <pluginRepository> - <id>70_opendaylight-snapshot</id> - <name>70_opendaylight-snapshot</name> - <url>https://nexus.opendaylight.org/content/repositories/opendaylight.snapshot/</url> - <releases> - <enabled>false</enabled> - </releases> - <snapshots> - <enabled>true</enabled> - </snapshots> - </pluginRepository> - </pluginRepositories> - </profile> - </profiles> - - <activeProfiles> - <activeProfile>10_nexus</activeProfile> - <activeProfile>20_openecomp-public</activeProfile> - <activeProfile>30_openecomp-staging</activeProfile> - <activeProfile>40_openecomp-release</activeProfile> - <activeProfile>50_openecomp-snapshots</activeProfile> - <activeProfile>60_opendaylight-release</activeProfile> - <activeProfile>70_opendaylight-snapshots</activeProfile> - - </activeProfiles> - -</settings> -EOF - -cd /opt/authz -mvn install -Dmaven.test.skip=true - -cd /opt -./aaf_vm_init.sh diff --git a/heat/ONAP/cloud-config/aaf_vm_init.sh b/heat/ONAP/cloud-config/aaf_vm_init.sh index a388bf2f..59486e94 100644 --- a/heat/ONAP/cloud-config/aaf_vm_init.sh +++ b/heat/ONAP/cloud-config/aaf_vm_init.sh @@ -1,55 +1,104 @@ #!/bin/bash +CURRENT_DIR=$(pwd) + NEXUS_USERNAME=$(cat /opt/config/nexus_username.txt) NEXUS_PASSWD=$(cat /opt/config/nexus_password.txt) -NEXUS_DOCKER_REPO=$(cat /opt/config/nexus_docker_repo.txt) -DOCKER_IMAGE_VERSION=$(cat /opt/config/docker_version.txt) -HOSTNAME=`hostname` -FQDN=aaf.api.simpledemo.onap.org -HOST_IP=$(cat /opt/config/local_ip.txt) - -docker login -u $NEXUS_USERNAME -p $NEXUS_PASSWD $NEXUS_DOCKER_REPO +if [ -e /opt/authz/auth/docker/d.props ]; then + NEXUS_DOCKER_REPO=`grep "DOCKER_REPOSITORY=" /opt/authz/auth/docker/d.props` +else + NEXUS_DOCKER_REPO="DOCKER_REPOSITORY=" +fi -cd /opt/authz -git pull +if [ "$NEXUS_DOCKER_REPO" = "DOCKER_REPOSITORY=" ]; then + NEXUS_DOCKER_REPO=$(cat /opt/config/nexus_docker_repo.txt) +else + NEXUS_DOCKER_REPO=${NEXUS_DOCKER_REPO#DOCKER_REPOSITORY=} +fi +echo $NEXUS_DOCKER_REPO +HOSTNAME=`hostname -f` +FQDN=aaf.api.simpledemo.onap.org +HOST_IP=$(cat /opt/config/local_ip.txt) cd /opt/authz/auth/auth-cass/docker if [ "`docker container ls | grep aaf_cass`" = "" ]; then # Cassandra Install echo Phase 1 Cassandra Install - ./dinstall.sh + bash ./dinstall.sh fi +if [ ! -e /opt/authz/auth/docker/d.props ]; then + cp /opt/authz/auth/docker/d.props.init /opt/authz/auth/docker/d.props +fi + +VERSION=$(grep VERSION /opt/authz/auth/docker/d.props) +VERSION=${VERSION#VERSION=} CASS_IP=`docker inspect aaf_cass | grep '"IPAddress' | head -1 | cut -d '"' -f 4` CASS_HOST="cass.aaf.osaaf.org:"$CASS_IP - -sed -i "s/DOCKER_REPOSITORY=.*/DOCKER_REPOSITORY="$NEXUS_DOCKER_REPO"/g" /opt/authz/auth/docker/d.props -#sed -i "s/VERSION=.*/VERSION="$DOCKER_IMAGE_VERSION"/g" /opt/authz/auth/docker/d.props -sed -i "s/HOSTNAME=.*/HOSTNAME="$HOSTNAME"/g" /opt/authz/auth/docker/d.props -sed -i "s/HOST_IP=.*/HOST_IP="$HOST_IP"/g" /opt/authz/auth/docker/d.props -sed -i "s/CASS_HOST=.*/CASS_HOST="$CASS_HOST"/g" /opt/authz/auth/docker/d.props - -if [ ! -e "/opt/app/osaaf/etc" ]; then - # Nothing installed, install sample - mkdir -p /opt/app/osaaf/logs - cd /opt/app/osaaf/logs - mkdir fs cm gui hello locate oauth service - cd /opt - cp -Rf /opt/authz/auth/sample/* /opt/app/osaaf +if [ ! -e /opt/authz/auth/docker/cass.props ]; then + cp /opt/authz/auth/docker/cass.props.init /opt/authz/auth/docker/cass.props fi -# Set Location information -# Need new Deployment system properties + +sed -i "s/CASS_HOST=.*/CASS_HOST="$CASS_HOST"/g" /opt/authz/auth/docker/cass.props +# TODO Pull from Config Dir CADI_LATITUDE=37.781 CADI_LONGITUDE=-122.261 -CADI_TRUST_MASKS="${HOST_IP%\.[0-9]*}\\/24,${CASS_IP%\.[0-9]*}\\/24" -sed -i "s/cadi_latitude=.*/cadi_latitude="$CADI_LATITUDE"/g" /opt/app/osaaf/local/org.osaaf.location.props -sed -i "s/cadi_longitude=.*/cadi_longitude="$CADI_LONGITUDE"/g" /opt/app/osaaf/local/org.osaaf.location.props -sed -i "s/cadi_registration_hostname=.*/cadi_registration_hostname="$FQDN"/g" /opt/app/osaaf/local/org.osaaf.location.props -sed -i "s/cadi_trust_masks=.*/cadi_trust_masks="$CADI_TRUST_MASKS"/g" /opt/app/osaaf/local/org.osaaf.location.props +sed -i "s/DOCKER_REPOSITORY=.*/DOCKER_REPOSITORY=$NEXUS_DOCKER_REPO/g" /opt/authz/auth/docker/d.props +sed -i "s/VERSION=.*/VERSION=$VERSION/g" /opt/authz/auth/docker/d.props +sed -i "s/HOSTNAME=.*/HOSTNAME=$HOSTNAME/g" /opt/authz/auth/docker/d.props +sed -i "s/HOST_IP=.*/HOST_IP=$HOST_IP/g" /opt/authz/auth/docker/d.props +sed -i "s/LATITUDE=.*/LATITUDE=$CADI_LATITUDE/g" /opt/authz/auth/docker/d.props +sed -i "s/LONGITUDE=.*/LONGITUDE=$CADI_LONGITUDE/g" /opt/authz/auth/docker/d.props + +SIGNER_P12="$CURRENT_DIR/sample_ca/aaf.signer.p12" +AAF_P12="$CURRENT_DIR/sample_ca/aaf.bootstrap.p12" +P12_PASSWORD="something easy" + +if [ ! -e "$AAF_P12" ]; then + mkdir -p $CURRENT_DIR/sample_ca + cd /opt/authz/conf/CA + /bin/bash bootstrap.sh $SIGNER_P12 "$P12_PASSWORD" + if [ ! -e "aaf.bootstrap.p12" ]; then + echo "Certificates NOT created. Stopping installation" + exit + else + mv aaf.bootstrap.p12 $AAF_P12 + fi + cd - +fi + +if [ -e "$AAF_P12" ]; then + sed -i "s/AAF_INITIAL_X509_P12=.*/AAF_INITIAL_X509_P12=${AAF_P12//\//\\/}/g" /opt/authz/auth/docker/d.props + sed -i "s/AAF_INITIAL_X509_PASSWORD=.*/AAF_INITIAL_X509_PASSWORD=\"$P12_PASSWORD\"/g" /opt/authz/auth/docker/d.props +fi + +if [ -e "$SIGNER_P12" ]; then + if [ -e "/opt/config/cadi_x509_issuers.txt" ]; then + ISSUERS=$(cat "/opt/config/cadi_x509_issuers.txt")":" + fi + # Pick the REAL subject off the P12 + SUBJECT=$(echo "$P12_PASSWORD" | openssl pkcs12 -info -clcerts -in $SIGNER_P12 -nokeys -passin stdin | grep subject) + SUBJECT=${SUBJECT//\// } + SUBJECT=${SUBJECT/subject= /} + # Needs to be reversed, separated by ", " + for S in $SUBJECT ; do + if [ "$RSUBJECT" = "" ]; then + RSUBJECT=$S + else + RSUBJECT="$S, $RSUBJECT" + fi + done + ISSUERS="$ISSUERS$RSUBJECT" + sed -i "s/CADI_X509_ISSUERS=.*/CADI_X509_ISSUERS=\"$ISSUERS\"/g" /opt/authz/auth/docker/d.props + sed -i "s/AAF_SIGNER_P12=.*/AAF_SIGNER_P12=${SIGNER_P12//\//\\/}/g" /opt/authz/auth/docker/d.props + sed -i "s/AAF_SIGNER_PASSWORD=.*/AAF_SIGNER_PASSWORD=\"$P12_PASSWORD\"/g" /opt/authz/auth/docker/d.props +fi cd /opt/authz/auth/docker -./dbuild.sh -sleep 5 -./drun.sh +# Need new Deployment system properties +bash ./aaf.sh + +# run it +bash ./drun.sh diff --git a/heat/ONAP/cloud-config/sample_ca/.gitignore b/heat/ONAP/cloud-config/sample_ca/.gitignore new file mode 100644 index 00000000..5f8bc015 --- /dev/null +++ b/heat/ONAP/cloud-config/sample_ca/.gitignore @@ -0,0 +1 @@ +aaf.bootstrap.p12 diff --git a/heat/ONAP/cloud-config/sample_ca/aaf.signer.p12 b/heat/ONAP/cloud-config/sample_ca/aaf.signer.p12 Binary files differnew file mode 100644 index 00000000..8de21238 --- /dev/null +++ b/heat/ONAP/cloud-config/sample_ca/aaf.signer.p12 diff --git a/heat/ONAP/cloud-config/vid_vm_init.sh b/heat/ONAP/cloud-config/vid_vm_init.sh index 9c67307f..6896afd3 100644 --- a/heat/ONAP/cloud-config/vid_vm_init.sh +++ b/heat/ONAP/cloud-config/vid_vm_init.sh @@ -16,6 +16,6 @@ docker pull $NEXUS_DOCKER_REPO/onap/vid:$DOCKER_IMAGE_VERSION docker rm -f vid-mariadb docker rm -f vid-server -docker run --name vid-mariadb -e MYSQL_DATABASE=vid_openecomp_epsdk -e MYSQL_USER=vidadmin -e MYSQL_PASSWORD=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U -e MYSQL_ROOT_PASSWORD=LF+tp_1WqgSY -v /opt/vid/lf_config/vid-my.cnf:/etc/mysql/my.cnf -v /opt/vid/lf_config/vid-pre-init.sql:/docker-entrypoint-initdb.d/vid-pre-init.sql -v /var/lib/mysql -d mariadb:10 +docker run --name vid-mariadb -e MYSQL_DATABASE=vid_openecomp_epsdk -e MYSQL_USER=vidadmin -e MYSQL_PASSWORD=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U -e MYSQL_ROOT_PASSWORD=LF+tp_1WqgSY -v /opt/vid/lf_config/vid-my.cnf:/etc/mysql/my.cnf -v /opt/vid/lf_config/vid-schema.sql:/docker-entrypoint-initdb.d/vid-schema.sql -v /var/lib/mysql -d mariadb:10 docker run -e VID_MYSQL_DBNAME=vid_openecomp_epsdk -e VID_MYSQL_PASS=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U --name vid-server -p 8080:8080 --link vid-mariadb:vid-mariadb-docker-instance -d $NEXUS_DOCKER_REPO/onap/vid:$DOCKER_IMAGE_VERSION diff --git a/heat/ONAP/onap_openstack.yaml b/heat/ONAP/onap_openstack.yaml index eaec4f42..76526fcb 100644 --- a/heat/ONAP/onap_openstack.yaml +++ b/heat/ONAP/onap_openstack.yaml @@ -1245,6 +1245,7 @@ resources: __vm_flavor__: { get_param: flavor_medium } __public_net_id__: { get_param: public_net_id } __oam_network_id__: { get_resource: oam_onap } + __sec_group__: { get_resource: onap_sg } __script_version__: { get_param: artifacts_version } __docker_version__: { get_param: robot_docker } __sniro_docker_version__: { get_param: sniro_docker } @@ -1299,6 +1300,7 @@ resources: echo "__public_net_id__" > /opt/config/public_net_id.txt fi echo "__oam_network_id__" > /opt/config/oam_network_id.txt + echo "__sec_group__" > /opt/config/sec_group.txt echo "__use_oam_net_for_robot__" > /opt/config/use_oam_net_for_robot.txt echo "__vnf_pub_key__" > /opt/config/vnf_pub_key.txt echo "localhost" > /opt/config/log_elasticsearch_ip_addr.txt # these tests will be skipped by robot |