diff options
author | stark, steven <steven.stark@att.com> | 2019-09-19 15:43:00 -0700 |
---|---|---|
committer | Brian Freeman <bf1936@att.com> | 2019-10-08 19:31:25 +0000 |
commit | 6754bc1b77065026d499a76d203d12257d33a113 (patch) | |
tree | 762cd3b32b7cc9366c663fa7e5f59ce94001019b /deployment | |
parent | 92b3cd11dbd906f9304a2436498c6109f8d9a0f5 (diff) |
[INT] Adding deployments scripts for ONAP on AKS
Patch 2 - updating readme and removing dash character from BUILD parameter
Patch 3 - updating image url to amd instead of arm, fixing NFS os disk parameter
Issue-ID: INT-1270
Signed-off-by: stark, steven <steven.stark@att.com>
Change-Id: I1d8824b3c098855c9094e27fad8c820e4df42677
Diffstat (limited to 'deployment')
33 files changed, 3225 insertions, 0 deletions
diff --git a/deployment/aks/README.md b/deployment/aks/README.md new file mode 100644 index 000000000..4eb37cbc3 --- /dev/null +++ b/deployment/aks/README.md @@ -0,0 +1,324 @@ +# ONAP on AKS + +## License + +Copyright 2019 AT&T Intellectual Property. All rights reserved. + +This file is licensed under the CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE + +Full license text at https://creativecommons.org/licenses/by/4.0/legalcode + + +## About + +ONAP on AKS will orchestrate an Azure Kubernetes Service (AKS) deployment, a DevStack deployment, an ONAP + NFS deployment, as well as configuration to link the Azure resources together. After ONAP is installed, a cloud region will also be added to ONAP with the new DevStack details that can be used to instantiate a VNF. + + +### Pre-Reqs + +The following software is required to be installed: + +- bash +- [helm](https://helm.sh/docs/using_helm/) +- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) +- [azure command line](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view=azure-cli-latest) +- make, openjdk-8-jdk, openjdk-8-jre (``apt-get update && apt-get install make openjdk-8-jre openjdk-8-jdk``) + +Check the [OOM Cloud Setup Guide](https://docs.onap.org/en/latest/submodules/oom.git/docs/oom_cloud_setup_guide.html#cloud-setup-guide-label) for the versions of kubectl and helm to use. + +After installing the above software, run ``az login`` and follow the instructions to finalize the azure command line installation. **You'll need to be either an owner or co-owner of the azure subscription, or some of the deployment steps may not complete successfully**. If you have multiple azure subscriptions, use ``az account set --subscription <subscription name>`` prior to running ``az login`` so that resources are deployed to the correct subscription. See [the azure docs](https://docs.microsoft.com/en-us/cli/azure/get-started-with-azure-cli?view=azure-cli-latest) for more details on using the azure command line. + + +### The following resources will be created in Azure + +- Kubernetes cluster via AKS (Azure Kubernetes Service) +- VM running NFS server application +- VM running latest DevStack version + + +## Usage + + +### cloud.sh + + +``cloud.sh`` is the main driver script, and deploys a Kubernetes Cluster (AKS), DevStack, NFS, and bootstraps ONAP with configuration needed to instantiate a VNF. The script creates ONAP in "about" an hour. + +``` + +$ ./cloud.sh --help +./cloud.sh [options] + + +options: +-f, --no-prompt executes with no prompt for confirmation +-n, --no-install don't install ONAP +-o, --override create integration override for robot configuration +-h, --help provide brief overview of script + +This script deploys a cloud environment in Azure. +It: +- Uses Azure Kubernetes Service (AKS) to bootstrap a kubernetes cluster. +- Creates a VM to be used as NFS storage. +- Creates a VM and installs DevStack, to be used with ONAP. +- Creates an openstack cli pod that can be used for cli access to devstack +- Creates an integration-override.yaml file to configure robot +- Launches ONAP onto the AKS Cluster via OOM. +- Configures Networking, SSH Access, and Security Group Rules + +``` + +#### Example + +``` +$ ./cloud.sh --override +``` + + +### cloud.conf + + +This file contains the parameters that will be used when executing ``cloud.sh``. The parameter ``BUILD`` will be generated at runtime. + +For an example with all of the parameters filled out, check [here](./cloud.conf.example). You can copy this and modify to suit your deployment. The parameters that MUST be modified from ``cloud.conf.example`` are ``USER_PUBLIC_IP_PREFIX`` and ``BUILD_DIR``. + +All other parameters will work out of the box, however you can also customize them to suit your own deployment. See below for a description of the available parameters and how they're used. + + +``` + +# The variable $BUILD will be generated dynamically when this file is sourced + +RANDOM_STRING=`cat /dev/urandom | env LC_CTYPE=C tr -cd 'a-zA-Z0-9' | head -c 4` +BUILD= This is just a helper variable to create a random string to assign to various resources. Look at cloud.conf.example to see how it can be used. + +# GLOBAL PARAMS +LOCATION= Location in Azure to deploy resources +USER_PUBLIC_IP_PREFIX= Space delimited list of ip addresses/CIDR blocks that will be added to azure secuirty groups for access. Add the CIDR blocks to grant access for ssh, ONAP portal, and DevStack horizon access. +BUILD_DIR= /path/to/directory where build files, artifacts, and other files will be created. + +# AKS PARAMS +AKS_RESOURCE_GROUP_NAME= Name of resource group in azure that will be created for the AKS resource. Must not already exist. +AKS_NAME= Name of AKS resource. +AKS_K8_VERSION= Kubernetes version, use az aks get-versions --location <location> to see available versions. +AKS_NODE_COUNT= Number of nodes that will comprise the AKS cluster. +AKS_NODE_SIZE= Flavor to use for AKS nodes. +AKS_VNET_NAME= Name of VNET that AKS nodes will attach to. +AKS_DNS_PREFIX= DNS prefix that will be used by kubernetes dns service. +AKS_POD_CIDR= CIDR used for pod ip allocation. +AKS_NODE_CIDR= CIDR used for node ip allocation. +AKS_SERVICE_CIDR= CIDR used for kubernetes service allocation. +AKS_DNS_IP= IP address to assign to kubernetes dns service. Should be from AKS_SERVICE_CIDR range. +AKS_ADMIN_USER= User name that will be created on AKS nodes. Use this user to ssh into AKS nodes if needed. + +# NFS PARAMS +NFS_NAME= Name of NFS VM created in Azure. +NFS_RG= Name of resource group that will be created in Azure for the NFS VM. Must not already exist. +NFS_VM_SIZE= Flavor to use for NFS VM. +NFS_LOCATION= Azure location to deploy NFS VM. +NFS_CIDR= CIDR for NFS VNET. +NFS_ADMIN_USER= User name that will be created on NFS VM. Use this to ssh to NFS VM if needed. +NFS_VNET_NAME= Name of VNET that NFS VM will attach to. +NFS_SUBNET_NAME= Name of SUBNET attached to NFS_VNET_NAME. +NFS_DISK_SIZE= Size of OS Disk for NFS VM. + +# DEVSTACK PARAMS +DEVSTACK_NAME= Name of DevStack VM created in Azure. +DEVSTACK_RG= Name of resource group that will be created in Azure for the DevStack VM. Must not already exist. +DEVSTACK_VM_SIZE= Flavor to use for DevStack VM. +DEVSTACK_LOCATION= Azure location to deploy DevStack VM. +DEVSTACK_CIDR= CIDR for DevStack VNET. +DEVSTACK_PRIVATE_IP= IP to allocate to DevStack VM. This should be from DEVSTACK_CIDR range, and will be used to communicate with DevStack from ONAP. +DEVSTACK_ADMIN_USER= User name that will be created on DevStack VM. Use this to ssh to DevStack VM if needed. +DEVSTACK_VNET_NAME= Name of VNET that DevStack VM will attach to. +DEVSTACK_SUBNET_NAME= Name of SUBNET attached to DEVSTACK_VNET_NAME. +DEVSTACK_DISK_SIZE= Size of OS Disk for DevStack VM. +OPENSTACK_USER= User name that will be added to OpenStack after devstack has finished installing. This is also the username that will be used to create a cloud site in ONAP SO. +OPENSTACK_PASS= Password to use for OPENSTACK_USER. +OPENSTACK_TENANT= Tenant name that will be added to OpenStack after devstack has finished installing. This is also the username that will be used to create a cloud site in ONAP SO. +OPENSTACK_REGION= Only allows RegionOne for now, future enhancements will be added to allow multi-region. +IMAGE_LIST= Space delimited list of image urls to add to DevStack. Not required. + +# ONAP PARAMS +CLLI= Name of CLLI to be created in AAI. +CLOUD_OWNER= Name of Cloud Owner to be created in AAI. +CLOUD_REGION= Name of Cloud Region to be created in AAI. +CUSTOMER= Name of Customer to be created in AAI. +SUBSCRIBER= Name of Subscriber to be created in AAI. +SERVICE_TYPE= Name of Service Type to be created in AAI. +AZ= Name of Availability Zone to be created in AAI. +OE= Name of Owning Entity to be created in VID. +LOB= Name of Line of Business to be created in VID. +PROJECT= Name of Project to be created in VID. +PLATFORM= Name of Platform to be created in VID. +OS_ID= Primary key to be used when adding cloud site to mariadb pod. +OS_TENANT_ROLE= Only supports admin for now. +OS_KEYSTONE= Use KEYSTONE_V3 for now. +OOM_BRANCH= Branch of OOM to clone and use to install ONAP. +CHART_VERSION= Version of charts to use for ONAP install. This is needed in case multiple versions of the onap helm charts are present on the machine being used for the install. +OOM_OVERRIDES= Command line overrides to use when running helm deploy. --set <override value>, etc... +DOCKER_REPOSITORY= Image repository url to pull ONAP images to use for installation. + +``` + +### Integration Override + +When you execute ``cloud.sh``, you have the option to create an ``integration-override.yaml`` file that will be used during ``helm deploy ...`` to install ONAP. This is done by passing the ``--override`` flag to cloud.sh. + +The template used to create the override file is ``./util/integration-override.template``, and is invoked by ``./util/create_robot_config.sh``. It's very possible this isn't complete or sufficient for how you'd like to customize your deployment. You can update the template file and/or the script to provide additional customization for your ONAP install. + + +### OOM Overrides + +In ``cloud.conf``, there's a parameter ``OOM_OVERRIDES`` available that's used to provide command line overrides to ``helm deploy``. This uses the standard helm syntax, so if you're using it the value should look like ``OOM_OVERRIDES="--set vid.enabled=false,so.image=abc"``. If you don't want to override anything, just set this value to an empty string. + + +## Post Deployment + +After ONAP and DevStack are deployed, there will be a ``deployment.notes`` file with instructions on how to access the various components. The ``BUILD_DIR`` specified in ``cloud.conf`` will contain a new ssh key, kubeconfig, and other deployment artifacts as well. + +All of the access information below will be in ``deployment.notes``. + + +### Kubernetes Access + +To access the Kubernetes dashboard: + +``az aks browse --resource-group $AKS_RESOURCE_GROUP_NAME --name $AKS_NAME`` + +To use kubectl: +``` + +export KUBECONFIG=$BUILD_DIR/kubeconfig +kubectl ... + +``` + +### Devstack Access + +To access Horizon: + +Find the public IP address via the Azure portal, and go to +``http://$DEVSTACK_PUBLIC_IP`` + +SSH access to DevStack node: + +``ssh -i $BUILD_DIR/id_rsa ${DEVSTACK_ADMIN_USER}@${DEVSTACK_PUBLIC_IP}`` + +OpenStack cli access: + +There's an openstack cli pod that's created in the default kubernetes default namespace. To use it, run: + +``kubectl exec $OPENSTACK_CLI_POD -- sh -lc "<openstack command>"`` + + +### NFS Access + +``ssh -i $BUILD_DIR/id_rsa ${NFS_ADMIN_USER}@${NFS_PUBLIC_IP}`` + + +## Deleting the deployment + +After deployment, there will be a script named ``$BUILD_DIR/clean.sh`` that can be used to delete the resource groups that were created during deployment. This script is not required; you can always just navigate to the Azure portal to delete the resource groups manually. + + +## Running the scripts separately + +Below are instructions for how to create DevStack, NFS, or AKS cluster separately if you don't want to create everything all at once. + +**NOTE: The configuration to link components together (network peering, route table modification, NFS setup, etc...) and the onap-bootstrap will not occur if you run the scripts separately** + + +### DevStack creation + +``` + +$ ./create_devstack.sh --help +./create_devstack.sh [options] + + +required: +--public-key public key to add for admin user [required] +--user-public-ip public ip that will be granted access to VM [required] +-l, --location location to deploy VM [required] +-u, --admin-user admin user to create on VM [required] + +additional options: +-f, --no-prompt executes with no prompt for confirmation +-h, --help provide brief overview of script +-n, --name VM name [optional] +-g, --resource-group provide brief overview of script [optional] +-s, --size Azure flavor size for VM [optional] +-c, --cidr cidr for VNET to create for VM [optional]. If provided, must also provide --devstack-private-ip from same range. +-d, --directory directory to store cloud config data [optional] +--vnet-name name of Vnet to create for VM [optional] +--image-list space delimited list of image urls that will be added to devstack [optional] +--devstack-private-ip private ip assigned to VM [optional]. If provided, this value must come from the CIDR range of VNET. +--devstack-subnet-name subnet name created on VNET [optional] +--devstack-disk-size size of OS disk to be allocated [optional] +--openstack-username default user name for openstack [optional] +--openstack-password default password for openstack [optional] +--openstack-tenant default tenant name for openstack [optional] + +``` + + +### NFS Creation + +``` + +$ ./create_nfs.sh --help +./create_nfs.sh [options] + + +required: +--public-key public key to add for admin user [required] +--user-public-ip public ip that will be granted access to VM [required] +-l, --location location to deploy VM [required] +-u, --admin-user admin user to create on VM [required] +--aks-node-cidr CIDR for Kubernetes nodes [required]. This is used during the NFS deploy to grant access to the NFS server from Kubernetes. + +additional options: +-f, --no-prompt executes with no prompt for confirmation +-h, --help provide brief overview of script +-n, --name VM name [optional] +-g, --resource-group resource group that will be created [optional] +-s, --size Azure flavor size for VM [optional] +-c, --cidr cidr for VNET to create for VM [optional]. +-d, --directory directory to store cloud config data [optional] +--vnet-name name of Vnet to create for VM [optional] +--nfs-subnet-name subnet name created on VNET [optional] +--nfs-disk-size size of external disk to be mounted on NFS VM [optional] + +``` + + +### AKS Creation + +``` + +$ ./create_aks.sh --help +./create_aks.sh [options] + + +required: +--user-public-ip public ip that will be granted access to AKS [required] +--admin-user admin user created on AKS nodes [required] +--public-key public key added for admin user [required] +-l, --location location to deploy AKS [required] + +additional options: +-f, --no-prompt executes with no prompt for confirmation +-h, --help provide brief overview of script +-n, --name AKS name [optional] +-g, --resource-group name of resource group that will be created [optional] +-s, --size azure flavor size for Kube nodes [optional] +-v, --kube-version version of Kubernetes for cluster [optional] +-c, --node-count number of nodes for cluster [optional] +--service-cidr cidr for Kuberenetes services [optional]. +--dns-ip IP for Kuberenetes dns service [optional]. This should be from --service-cidr. +--pod-cidr cidr for Kuberenetes pods [optional]. +--node-cidr cidr for Kuberenetes nodes [optional]. +--vnet-name name of Vnet to create for Kubernetes Cluster [optional] + +``` diff --git a/deployment/aks/bootstrap_onap.sh b/deployment/aks/bootstrap_onap.sh new file mode 100755 index 000000000..99661a9b6 --- /dev/null +++ b/deployment/aks/bootstrap_onap.sh @@ -0,0 +1,91 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" + +CONF=$1 + +if [ -z "$CONF" ]; then + echo "Configuration file required, exiting..." + exit 1 +fi + +. $CONF + +kubectl create configmap onap-bootstrap --from-file=$DIR/post-install/ --from-file=kubeconfig=$KUBECONFIG --from-file=onap.conf=$CONF + +cat <<EOF | kubectl apply -f - +apiVersion: v1 +kind: Pod +metadata: + name: onap-bootstrap +spec: + containers: + - name: onap-bootstrap + image: alpine + env: + - name: BUILD_DIR + value: "/tmp/onap-bootstrap-files" + volumeMounts: + - name: onap-bootstrap + mountPath: /onap-bootstrap + command: ["/bin/sh"] + args: + - -c + - apk update && \ + apk add bash && \ + apk add git && \ + apk add jq && \ + apk add curl && \ + apk add openjdk8 && \ + apk add openjdk8-jre && \ + export PATH=$PATH:/usr/lib/jvm/java-1.8-openjdk/bin && \ + curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl && \ + chmod +x ./kubectl && \ + mv ./kubectl /usr/local/bin/kubectl && \ + cd /onap-bootstrap && \ + . onap.conf && \ + export KUBECONFIG=kubeconfig && \ + sh -c "/onap-bootstrap/bootstrap.sh" + restartPolicy: Never + volumes: + - name: onap-bootstrap + configMap: + name: onap-bootstrap + defaultMode: 0777 +EOF + +echo "Creating pod to Bootstrap ONAP with OpenStack details." +echo "This might take a while if OpenStack is still launching..." + +podstatus="" +COUNTER=0 + +while [ "$podstatus" != "Error" ] && [ "$podstatus" != "Completed" ] && [ $COUNTER -lt 60 ]; do + podstatus=`kubectl get pods | grep onap-bootstrap | head -1 | awk '{print $3}'` + echo "onap-bootstrap is $podstatus" + COUNTER=$((COUNTER +1)) + sleep 30 +done + +echo "onap-bootstrap pod logs available at /tmp/onap-bootstrap-log" +kubectl logs onap-bootstrap > /tmp/onap-bootstrap-log + +kubectl delete pod onap-bootstrap +kubectl delete configmap onap-bootstrap + +if [ "$podstatus" = "Error" ]; then + echo "ONAP bootstrap failed!" +fi diff --git a/deployment/aks/cloud.conf b/deployment/aks/cloud.conf new file mode 100644 index 000000000..0865d7ae6 --- /dev/null +++ b/deployment/aks/cloud.conf @@ -0,0 +1,85 @@ +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# The variable $BUILD will be generated dynamically when this file is sourced + +RANDOM_STRING=`cat /dev/urandom | env LC_CTYPE=C tr -cd 'a-zA-Z0-9' | head -c 4` +BUILD="ONAP-$RANDOM_STRING" + +# GLOBAL PARAMS +LOCATION= +USER_PUBLIC_IP_PREFIX= +BUILD_DIR= + +# AKS PARAMS +AKS_RESOURCE_GROUP_NAME= +AKS_NAME= +AKS_K8_VERSION= +AKS_NODE_COUNT= +AKS_NODE_SIZE= +AKS_VNET_NAME= +AKS_DNS_PREFIX= +AKS_POD_CIDR= +AKS_NODE_CIDR= +AKS_SERVICE_CIDR= +AKS_DNS_IP= +AKS_ADMIN_USER= + +# NFS PARAMS +NFS_NAME= +NFS_RG= +NFS_VM_SIZE= +NFS_LOCATION= +NFS_CIDR= +NFS_ADMIN_USER= +NFS_VNET_NAME= +NFS_SUBNET_NAME= +NFS_DISK_SIZE= + +# DEVSTACK PARAMS +DEVSTACK_NAME= +DEVSTACK_RG= +DEVSTACK_VM_SIZE= +DEVSTACK_LOCATION= +DEVSTACK_CIDR= +DEVSTACK_PRIVATE_IP= +DEVSTACK_ADMIN_USER= +DEVSTACK_VNET_NAME= +DEVSTACK_SUBNET_NAME= +DEVSTACK_DISK_SIZE= +OPENSTACK_USER= +OPENSTACK_PASS= +OPENSTACK_TENANT= +OPENSTACK_REGION= +IMAGE_LIST= + +# ONAP PARAMS +CLLI= +CLOUD_OWNER= +CLOUD_REGION= +CUSTOMER= +SUBSCRIBER= +SERVICE_TYPE= +AZ= +OE= +LOB= +PROJECT= +PLATFORM= +OS_ID= +OS_TENANT_ROLE= +OS_KEYSTONE= +OOM_BRANCH= +CHART_VERSION= +OOM_OVERRIDES= +DOCKER_REPOSITORY= diff --git a/deployment/aks/cloud.conf.example b/deployment/aks/cloud.conf.example new file mode 100644 index 000000000..d3f5087ba --- /dev/null +++ b/deployment/aks/cloud.conf.example @@ -0,0 +1,85 @@ +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# The variable $BUILD will be generated dynamically when this file is sourced + +RANDOM_STRING=`cat /dev/urandom | env LC_CTYPE=C tr -cd 'a-zA-Z0-9' | head -c 4` +BUILD="ONAP$RANDOM_STRING" + +# GLOBAL PARAMS +LOCATION="westus2" +USER_PUBLIC_IP_PREFIX="10.0.0.0/8 192.168.100.0/24" +BUILD_DIR=/home/username/$BUILD + +# AKS PARAMS +AKS_RESOURCE_GROUP_NAME=$BUILD"-AKSRG" +AKS_NAME=$BUILD"-AKS" +AKS_K8_VERSION="1.14.6" +AKS_NODE_COUNT="7" +AKS_NODE_SIZE="Standard_DS4_v2" +AKS_VNET_NAME="$BUILD"-AKSVNET"" +AKS_DNS_PREFIX=$BUILD"-dns" +AKS_POD_CIDR="10.244.0.0/16" +AKS_NODE_CIDR="169.1.0.0/16" +AKS_SERVICE_CIDR="170.1.0.0/16" +AKS_DNS_IP="170.1.0.10" +AKS_ADMIN_USER="onap_user" + +# NFS PARAMS +NFS_NAME=$BUILD"-NFS" +NFS_RG=$BUILD"-NFS-RG" +NFS_VM_SIZE=$AKS_NODE_SIZE +NFS_LOCATION=$LOCATION +NFS_CIDR="173.163.0.0/28" +NFS_ADMIN_USER="onap_user" +NFS_VNET_NAME=$BUILD"-NFSVNET" +NFS_SUBNET_NAME=$BUILD"-NFSSUBNET" +NFS_DISK_SIZE=512 + +# DEVSTACK PARAMS +DEVSTACK_NAME=$BUILD"-DEVSTACK" +DEVSTACK_RG=$BUILD"-DEVSTACK-RG" +DEVSTACK_VM_SIZE="Standard_D16s_v3" +DEVSTACK_LOCATION=$LOCATION +DEVSTACK_CIDR="10.0.200.0/24" +DEVSTACK_PRIVATE_IP="10.0.200.4" +DEVSTACK_ADMIN_USER="onap_user" +DEVSTACK_VNET_NAME=$BUILD"-DEVSTACKVNET" +DEVSTACK_SUBNET_NAME=$BUILD"-DEVSTACKSUBNET" +DEVSTACK_DISK_SIZE=512 +OPENSTACK_USER="onap_user" +OPENSTACK_PASS="supersecret" +OPENSTACK_TENANT="onap_project" +OPENSTACK_REGION="RegionOne" +IMAGE_LIST="https://cloud-images.ubuntu.com/xenial/current/xenial-server-cloudimg-amd64-disk1.img https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img" + +# ONAP PARAMS +CLLI="testclli1" +CLOUD_OWNER="ONAPOWNER" +CLOUD_REGION="ONAPREGION" +CUSTOMER="ONAPCUSTOMER" +SUBSCRIBER="ONAPSUBSCRIBER" +SERVICE_TYPE="ONAPSERVICE" +AZ="nova" +OE="testentity" +LOB="testlob" +PROJECT="testproject" +PLATFORM="testplatform" +OS_ID="OnapOpenstack" +OS_TENANT_ROLE="admin" +OS_KEYSTONE="KEYSTONE_V3" +OOM_BRANCH="master" +CHART_VERSION="5.0.0" +OOM_OVERRIDES="" +DOCKER_REPOSITORY="nexus3.onap.org:10001" diff --git a/deployment/aks/cloud.sh b/deployment/aks/cloud.sh new file mode 100755 index 000000000..ac471a91b --- /dev/null +++ b/deployment/aks/cloud.sh @@ -0,0 +1,424 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" + +NO_PROMPT=0 +NO_INSTALL=0 +OVERRIDE=0 + +OPENSTACK_CLI_POD="os-cli-0" + +if [ ! -f $DIR/cloud.conf ]; then + echo "cloud.conf not found, exiting..." + exit 1 +fi + +. $DIR/cloud.conf + +while test $# -gt 0; do + case "$1" in + -h|--help) + echo "./cloud.sh [options]" + echo " " + echo " " + echo "options:" + echo "-f, --no-prompt executes with no prompt for confirmation" + echo "-n, --no-install don't install ONAP" + echo "-o, --override create integration override for robot configuration" + echo "-h, --help provide brief overview of script" + echo " " + echo "This script deploys a cloud environment in Azure." + echo "It: " + echo "- Uses Azure Kubernetes Service (AKS) to bootstrap a kubernetes cluster." + echo "- Creates a VM with an external disk to be used as NFS storage." + echo "- Creates a VM and installs DevStack, to be used with ONAP." + echo "- Launches ONAP onto the AKS Cluster via OOM." + echo "- Configures Networking, SSH Access, and Security Group Rules" + echo "" + exit 0 + ;; + -f|--no-prompt) + shift + NO_PROMPT=1 + ;; + -n|--no-install) + shift + NO_INSTALL=1 + ;; + -o|--override) + shift + OVERRIDE=1 + ;; + *) + echo "Unknown Argument. Try running with --help ." + exit 0 + ;; + esac +done + +cat <<EOF + +Here are the parameters to be used in this build: + +# GLOBAL PARAMS +LOCATION = "$LOCATION" +USER_PUBLIC_IP_PREFIX = "$USER_PUBLIC_IP_PREFIX" +BUILD_DIR = "$BUILD_DIR" + +# AKS PARAMS +AKS_RESOURCE_GROUP_NAME = "$AKS_RESOURCE_GROUP_NAME" +AKS_NAME = "$AKS_NAME" +AKS_K8_VERSION = "$AKS_K8_VERSION" +AKS_NODE_COUNT = "$AKS_NODE_COUNT" +AKS_NODE_SIZE = "$AKS_NODE_SIZE" +AKS_DNS_PREFIX = "$AKS_DNS_PREFIX" +AKS_POD_CIDR = "$AKS_POD_CIDR" +AKS_NODE_CIDR = "$AKS_NODE_CIDR" +AKS_SERVICE_CIDR = "$AKS_SERVICE_CIDR" +AKS_DNS_IP = "$AKS_DNS_IP" +AKS_VNET_NAME = "$AKS_VNET_NAME" +AKS_ADMIN_USER= = "$AKS_ADMIN_USER" + +# NFS PARAMS +NFS_NAME = "$NFS_NAME" +NFS_RG = "$NFS_RG" +NFS_VM_SIZE = "$NFS_VM_SIZE" +NFS_LOCATION = "$NFS_LOCATION" +NFS_CIDR = "$NFS_CIDR" +NFS_ADMIN_USER = "$NFS_ADMIN_USER" +NFS_VNET_NAME = "$NFS_VNET_NAME" +NFS_SUBNET_NAME = "$NFS_SUBNET_NAME" +NFS_DISK_SIZE = "$NFS_DISK_SIZE" + +# DEVSTACK PARAMS +DEVSTACK_NAME = "$DEVSTACK_NAME" +DEVSTACK_RG = "$DEVSTACK_RG" +DEVSTACK_VM_SIZE = "$DEVSTACK_VM_SIZE" +DEVSTACK_LOCATION = "$DEVSTACK_LOCATION" +DEVSTACK_CIDR = "$DEVSTACK_CIDR" +DEVSTACK_PRIVATE_IP = "$DEVSTACK_PRIVATE_IP" +DEVSTACK_ADMIN_USER = "$DEVSTACK_ADMIN_USER" +DEVSTACK_VNET_NAME = "$DEVSTACK_VNET_NAME" +DEVSTACK_SUBNET_NAME = "$DEVSTACK_SUBNET_NAME" +DEVSTACK_DISK_SIZE = "$DEVSTACK_DISK_SIZE" +OPENSTACK_USER = "$OPENSTACK_USER" +OPENSTACK_PASS = "$OPENSTACK_PASS" +OPENSTACK_TENANT = "$OPENSTACK_TENANT" +IMAGE_LIST = "$IMAGE_LIST" + +# ONAP PARAMS +CLLI = "$CLLI" +CLOUD_OWNER = "$CLOUD_OWNER" +CLOUD_REGION = "$CLOUD_REGION" +CUSTOMER = "$CUSTOMER" +SUBSCRIBER = "$SUBSCRIBER" +SERVICE_TYPE = "$SERVICE_TYPE" +AZ = "$AZ" +OE = "$OE" +LOB = "$LOB" +PLATFORM = "$PLATFORM" +OS_ID = "$OS_ID" +OS_TENANT_ROLE = "$OS_TENANT_ROLE" +OS_KEYSTONE = "$OS_KEYSTONE" +OPENSTACK_REGION = "$OPENSTACK_REGION" +PROJECT = "$PROJECT" +OOM_BRANCH = "$OOM_BRANCH" +CHART_VERSION = "$CHART_VERSION" +OOM_OVERRIDES = "$OOM_OVERRIDES" +DOCKER_REPOSITORY = "$DOCKER_REPOSITORY" + +EOF + +if [ $NO_PROMPT = 0 ]; then + read -p "Would you like to proceed? [y/n]" -n 1 -r + echo " " + if [[ ! $REPLY =~ ^[Yy]$ ]] + then + exit 0 + fi +fi + +echo "Starting instantiation. This will take a little while..." +sleep 3 + +set -x +set -e + +mkdir -p $BUILD_DIR + +echo "#!/bin/bash" > $BUILD_DIR/clean.sh +echo "" >> $BUILD_DIR/clean.sh +chmod 755 $BUILD_DIR/clean.sh + +ssh-keygen -t rsa -N "" -f $BUILD_DIR/id_rsa + +PUBLIC_KEY=$BUILD_DIR/id_rsa.pub +PRIVATE_KEY=$BUILD_DIR/id_rsa + + +echo "az group delete --resource-group $DEVSTACK_RG --yes" >> $BUILD_DIR/clean.sh +echo "" >> $BUILD_DIR/clean.sh + +echo "Creating DEVSTACK Server $DEVSTACK_NAME in $LOCATION" +$DIR/create_devstack.sh --name "$DEVSTACK_NAME" \ + --resource-group "$DEVSTACK_RG" \ + --size "$DEVSTACK_VM_SIZE" \ + --location "$DEVSTACK_LOCATION" \ + --cidr "$DEVSTACK_CIDR" \ + --admin-user "$DEVSTACK_ADMIN_USER" \ + --directory "$BUILD_DIR" \ + --vnet-name "$DEVSTACK_VNET_NAME" \ + --public-key "$PUBLIC_KEY" \ + --user-public-ip "$USER_PUBLIC_IP_PREFIX" \ + --devstack-private-ip "$DEVSTACK_PRIVATE_IP" \ + --devstack-subnet-name "$DEVSTACK_SUBNET_NAME" \ + --devstack-disk-size "$DEVSTACK_DISK_SIZE" \ + --openstack-username "$OPENSTACK_USER" \ + --openstack-password "$OPENSTACK_PASS" \ + --openstack-tenant "$OPENSTACK_TENANT" \ + --image-list "$IMAGE_LIST" \ + --no-prompt + + +echo "az group delete --resource-group $NFS_RG --yes" >> $BUILD_DIR/clean.sh +echo "" >> $BUILD_DIR/clean.sh + +echo "Creating NFS Server $NFS_NAME in $LOCATION" +$DIR/create_nfs.sh --name "$NFS_NAME" \ + --resource-group "$NFS_RG" \ + --size "$NFS_VM_SIZE" \ + --location "$NFS_LOCATION" \ + --cidr "$NFS_CIDR" \ + --admin-user "$NFS_ADMIN_USER" \ + --directory "$BUILD_DIR" \ + --vnet-name "$NFS_VNET_NAME" \ + --public-key "$PUBLIC_KEY" \ + --user-public-ip "$USER_PUBLIC_IP_PREFIX" \ + --nfs-subnet-name "$NFS_SUBNET_NAME" \ + --aks-node-cidr "$AKS_NODE_CIDR" \ + --nfs-disk-size "$NFS_DISK_SIZE" \ + --no-prompt + + +echo "az group delete --resource-group $AKS_RESOURCE_GROUP_NAME --yes" >> $BUILD_DIR/clean.sh +echo "" >> $BUILD_DIR/clean.sh + +echo "Creating AKS $AKS_NAME in $LOCATION" +$DIR/create_aks.sh --name "$AKS_NAME" \ + --resource-group "$AKS_RESOURCE_GROUP_NAME" \ + --kube-version "$AKS_K8_VERSION" \ + --location "$LOCATION" \ + --node-count "$AKS_NODE_COUNT" \ + --size "$AKS_NODE_SIZE" \ + --service-cidr "$AKS_SERVICE_CIDR" \ + --pod-cidr "$AKS_POD_CIDR" \ + --dns-ip "$AKS_DNS_IP" \ + --node-cidr "$AKS_NODE_CIDR" \ + --vnet-name "$AKS_VNET_NAME" \ + --user-public-ip "$USER_PUBLIC_IP_PREFIX" \ + --public-key "$PUBLIC_KEY" \ + --admin-user "$AKS_ADMIN_USER" \ + --no-prompt + + +AKS_MANAGEMENT_RESOURCE_GROUP_NAME=`az group list --query "[?starts_with(name, 'MC_${AKS_RESOURCE_GROUP_NAME}')].name | [0]" --output tsv` +AKS_VNET_ID=`az network vnet show --resource-group ${AKS_RESOURCE_GROUP_NAME} --name ${AKS_VNET_NAME} --query 'id' --output tsv` +NFS_VNET_ID=`az network vnet show --name ${NFS_VNET_NAME} --resource-group ${NFS_RG} --query "id" --output tsv` +DEVSTACK_VNET_ID=`az network vnet show --name ${DEVSTACK_VNET_NAME} --resource-group ${DEVSTACK_RG} --query "id" --output tsv` +AKS_ROUTE_TABLE_NAME=`az resource list --resource-group ${AKS_MANAGEMENT_RESOURCE_GROUP_NAME} --resource-type "Microsoft.Network/routeTables" --query "[0] | name" --output tsv` +DEVSTACK_PRIVATE_IP=`az vm show --name ${DEVSTACK_NAME} --resource-group ${DEVSTACK_RG} -d --query "privateIps" --output tsv` +NFS_PRIVATE_IP=`az vm show --name ${NFS_NAME} --resource-group ${NFS_RG} -d --query "privateIps" --output tsv` +NFS_PUBLIC_IP=`az vm show --name ${NFS_NAME} --resource-group ${NFS_RG} -d --query "publicIps" --output tsv` +DEVSTACK_PUBLIC_IP=`az vm show --name ${DEVSTACK_NAME} --resource-group ${DEVSTACK_RG} -d --query "publicIps" --output tsv` + +# adding public ip to aks +NIC_NAME0=`az resource list --resource-group ${AKS_MANAGEMENT_RESOURCE_GROUP_NAME} --resource-type "Microsoft.Network/networkInterfaces" --query "[0] | name" --output tsv` +AKS_NSG_NAME=`az resource list --resource-group ${AKS_MANAGEMENT_RESOURCE_GROUP_NAME} --resource-type "Microsoft.Network/networkSecurityGroups" --query "[0] | name" --output tsv` +$DIR/create_public_ip.sh "AKSPUBLICIP1" "$AKS_MANAGEMENT_RESOURCE_GROUP_NAME" "$NIC_NAME0" +$DIR/create_sg_rule.sh "$AKS_MANAGEMENT_RESOURCE_GROUP_NAME" "$AKS_NSG_NAME" '*' "30000-32000" "$USER_PUBLIC_IP_PREFIX" '*' '*' "ONAP" "120" + +AKS_PUBLIC_IP_ADDRESS=`az network public-ip show --resource-group ${AKS_MANAGEMENT_RESOURCE_GROUP_NAME} -n AKSPUBLICIP1 --query "ipAddress" --output tsv` + +### Peering networks ### +# peering requires source = VNet NAME, destination = VNet ID + +echo "creating peering from AKS Vnet to NFS Vnet..." +$DIR/create_peering.sh "$AKS_VNET_NAME" \ + "$AKS_RESOURCE_GROUP_NAME" \ + "$NFS_VNET_ID" \ + "kube-to-nfs" + +echo "creating peering from AKS Vnet to Devstack Vnet..." +$DIR/create_peering.sh "$AKS_VNET_NAME" \ + "$AKS_RESOURCE_GROUP_NAME" \ + "$DEVSTACK_VNET_ID" \ + "kube-to-devstack" + +echo "creating peering from NFS Vnet to AKS Vnet..." +$DIR/create_peering.sh "$NFS_VNET_NAME" \ + "$NFS_RG" \ + "$AKS_VNET_ID" \ + "nfs-to-kube" + +echo "creating peering from NFS Vnet to AKS Vnet..." +$DIR/create_peering.sh "$DEVSTACK_VNET_NAME" \ + "$DEVSTACK_RG" \ + "$AKS_VNET_ID" \ + "devstack-to-kube" + + +### Adding next hop to kubernetes for devstack ### +echo "creating route from AKS Vnet to Devstack Vnet..." +$DIR/create_route.sh "$DEVSTACK_CIDR" \ + "guestvms" \ + "$AKS_MANAGEMENT_RESOURCE_GROUP_NAME" \ + "$AKS_ROUTE_TABLE_NAME" \ + "$DEVSTACK_PRIVATE_IP" + + + +# TODO +# Lets find a better place for this +az aks get-credentials --resource-group "$AKS_RESOURCE_GROUP_NAME" \ + --name "$AKS_NAME" \ + --file "$BUILD_DIR"/"kubeconfig" + +$DIR/configure_nfs_pod.sh "$PRIVATE_KEY" \ + "$BUILD_DIR"/"kubeconfig" \ + "$NFS_PRIVATE_IP" \ + "$AKS_ADMIN_USER" + +# TODO +# add this to post-install or post-configure phase +# to support adding multiple devstacks to same ONAP +cat > "$BUILD_DIR/openstack_rc" <<EOF +export OS_USERNAME="$OPENSTACK_USER" +export OS_PROJECT_NAME="$OPENSTACK_TENANT" +export OS_AUTH_URL="http://$DEVSTACK_PRIVATE_IP/identity" +export OS_PASSWORD="$OPENSTACK_PASS" +export OS_USER_DOMAIN_NAME=default +export OS_PROJECT_DOMAIN_ID=default +EOF + +$DIR/util/create_openstack_cli.sh "$BUILD_DIR/kubeconfig" \ + "$BUILD_DIR/openstack_rc" \ + "$OPENSTACK_CLI_POD" + +if [ $OVERRIDE = 1 ]; then + +$DIR/util/create_integration_override.sh "$BUILD_DIR" \ + "$OPENSTACK_CLI_POD" \ + "$BUILD_DIR/openstack_rc" \ + "$DOCKER_REPOSITORY" \ + "$NFS_PRIVATE_IP" \ + "$AKS_PUBLIC_IP_ADDRESS" \ + "$BUILD_DIR/kubeconfig" + +fi + +if [ $NO_INSTALL = 0 ]; then + +### Starting OOM install ### +echo "Installing ONAP..." +$DIR/create_onap.sh "$BUILD" \ + "$BUILD_DIR/kubeconfig" \ + "$NFS_PRIVATE_IP" \ + "$OOM_BRANCH" \ + "$BUILD_DIR" \ + "$CHART_VERSION" \ + "$OOM_OVERRIDES" + +### Starting OOM install ### +echo "Configuring ONAP..." + +cat > "$BUILD_DIR/onap.conf" <<EOF +export CLLI=$CLLI +export CLOUD_OWNER=$CLOUD_OWNER +export CLOUD_REGION=$CLOUD_REGION +export OPENSTACK_IP=$DEVSTACK_PRIVATE_IP +export OPENSTACK_USER=$OPENSTACK_USER +export OPENSTACK_PASS=$OPENSTACK_PASS +export OPENSTACK_TENANT=$OPENSTACK_TENANT +export OPENSTACK_REGION=$OPENSTACK_REGION +export CUSTOMER=$CUSTOMER +export SUBSCRIBER=$SUBSCRIBER +export SERVICE_TYPE=$SERVICE_TYPE +export AZ=$AZ +export OE=$OE +export LOB=$LOB +export PLATFORM=$PLATFORM +export PROJECT=$PROJECT +export OS_ID=$OS_ID +export OS_TENANT_ROLE=$OS_TENANT_ROLE +export OS_KEYSTONE=$OS_KEYSTONE +export KUBECONFIG=$BUILD_DIR/kubeconfig +EOF + +$DIR/bootstrap_onap.sh "$BUILD_DIR/onap.conf" + +fi + +set +x + +cat > "$BUILD_DIR/deployment.notes" <<EOF +================================================================== +Phew, all done (yay!). ONAP and DevStack might still be installing +but here are the access details... + +--------DEVSTACK ACCESS-------- +ssh -i ${PRIVATE_KEY} ${DEVSTACK_ADMIN_USER}@${DEVSTACK_PUBLIC_IP} +horizon: http://${DEVSTACK_PUBLIC_IP} +cli: kubectl exec $OPENSTACK_CLI_POD -- sh -lc "<openstack command>" + +--------NFS ACCESS-------- +ssh -i ${PRIVATE_KEY} ${NFS_ADMIN_USER}@${NFS_PUBLIC_IP} + +--------KUBERNETES ACCESS-------- +kubeconfig: export KUBECONFIG=$BUILD_DIR/kubeconfig +dashboard: az aks browse --resource-group ${AKS_RESOURCE_GROUP_NAME} --name ${AKS_NAME} + +--------BUILD DETAILS-------- +Build directory: $BUILD_DIR +Integration repo: $BUILD_DIR/integration +OOM repo: $BUILD_DIR/oom + +--------ADD TO /etc/hosts-------- +$AKS_PUBLIC_IP_ADDRESS portal.api.simpledemo.onap.org +$AKS_PUBLIC_IP_ADDRESS sdc.api.simpledemo.onap.org +$AKS_PUBLIC_IP_ADDRESS sdc.api.fe.simpledemo.onap.org +$AKS_PUBLIC_IP_ADDRESS sdc.api.be.simpledemo.onap.org +$AKS_PUBLIC_IP_ADDRESS vid.api.simpledemo.onap.org +$AKS_PUBLIC_IP_ADDRESS policy.api.simpledemo.onap.org +$AKS_PUBLIC_IP_ADDRESS aai.api.simpledemo.onap.org +$AKS_PUBLIC_IP_ADDRESS cli.api.simpledemo.onap.org +$AKS_PUBLIC_IP_ADDRESS so.api.simpledemo.onap.org +$AKS_PUBLIC_IP_ADDRESS so.monitoring.api.simpledemo.onap.org +$AKS_PUBLIC_IP_ADDRESS so-monitoring +$AKS_PUBLIC_IP_ADDRESS sdnc.api.simpledemo.onap.org +$AKS_PUBLIC_IP_ADDRESS clamp.api.simpledemo.onap.org +$AKS_PUBLIC_IP_ADDRESS dcae.api.simpledemo.onap.org +$AKS_PUBLIC_IP_ADDRESS appc.api.simpledemo.onap.org +$AKS_PUBLIC_IP_ADDRESS aaf.api.simpledemo.onap.org +$AKS_PUBLIC_IP_ADDRESS portal-sdk.simpledemo.onap.org +$AKS_PUBLIC_IP_ADDRESS robot.api.simpledemo.onap.org +$AKS_PUBLIC_IP_ADDRESS msb.api.discovery.simpledemo.onap.org +$AKS_PUBLIC_IP_ADDRESS msb.api.simpledemo.onap.org +$AKS_PUBLIC_IP_ADDRESS aai.ui.simpledemo.onap.org +$AKS_PUBLIC_IP_ADDRESS policy.api.simpledemo.onap.org + +EOF + +cat "$BUILD_DIR/deployment.notes" diff --git a/deployment/aks/configure_nfs_pod.sh b/deployment/aks/configure_nfs_pod.sh new file mode 100755 index 000000000..96f66a6f3 --- /dev/null +++ b/deployment/aks/configure_nfs_pod.sh @@ -0,0 +1,70 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +PRIVATE_KEY=$1 +KUBECONFIG=$2 +NFS_IP=$3 +ADMIN_USER=$4 + +export KUBECONFIG=$KUBECONFIG + +echo "setting up nfs on AKS nodes" +kubectl create configmap aks-key --from-file=$PRIVATE_KEY + +for IPADDRESS in `kubectl get nodes -o jsonpath='{.items[*].status.addresses[?(@.type=="InternalIP")].address}'`; do + +cat <<EOF | kubectl create -f - +apiVersion: v1 +kind: Pod +metadata: + generateName: configure-nfs- +spec: + containers: + - name: configure-nfs + image: alpine + env: + - name: IP_ADDRESS + value: "$IPADDRESS" + - name: NFS_IP + value: "$NFS_IP" + volumeMounts: + - name: aks-key + mountPath: /aks-key + command: ["/bin/sh"] + args: + - -c + - apk update && \ + apk add openssh-client && \ + sh -c "ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i /aks-key/id_rsa $ADMIN_USER@\$IP_ADDRESS \"sudo apt-get update; sudo apt-get install nfs-common; sudo rm -rf /dockerdata-nfs; sudo mkdir /dockerdata-nfs; sudo mount -t nfs \$NFS_IP:/dockerdata-nfs /dockerdata-nfs/\"" + restartPolicy: Never + volumes: + - name: aks-key + configMap: + name: aks-key + defaultMode: 0600 +EOF + +done + +# TODO +# Add actual pod status check here +echo "sleeping 30 seconds" +sleep 30 + +kubectl delete configmap aks-key +kubectl get pods | grep configure-nfs | while read line; do + pod=`echo $line | awk '{print $1}'` + kubectl delete pod $pod +done diff --git a/deployment/aks/create_aks.sh b/deployment/aks/create_aks.sh new file mode 100755 index 000000000..23f6ae341 --- /dev/null +++ b/deployment/aks/create_aks.sh @@ -0,0 +1,238 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +NO_PROMPT=0 +RANDOM_PREFIX="ONAP" +RANDOM_STRING="$RANDOM_PREFIX"-`cat /dev/urandom | env LC_CTYPE=C tr -cd 'a-zA-Z0-9' | head -c 4` + +AKS_NAME= +AKS_RESOURCE_GROUP_NAME= +AKS_K8_VERSION= +LOCATION= +AKS_NODE_COUNT= +AKS_NODE_SIZE= +AKS_SERVICE_CIDR= +AKS_POD_CIDR= +AKS_DNS_IP= +AKS_NODE_CIDR= +AKS_NETWORK_NAME= +USER_PUBLIC_IP_PREFIX= +PUBLIC_KEY= +AKS_ADMIN_USER= + +function check_required_parameter() { + # arg1 = parameter + # arg2 = parameter name + if [ -z "$1" ]; then + echo "$2 was not was provided. This parameter is required." + exit 1 + fi +} + +function check_optional_paramater() { + # arg1 = parameter + # arg2 = default + if [ -z "$1" ]; then + echo "$2" + else + echo "$1" + fi +} + + +while test $# -gt 0; do + case "$1" in + -h|--help) + echo "./create_aks.sh [options]" + echo " " + echo " " + echo "required:" + echo "--user-public-ip public ip that will be granted access to AKS [required]" + echo "--admin-user admin user created on AKS nodes [required]" + echo "--public-key public key added for admin user [required]" + echo "-l, --location location to deploy AKS [required]" + echo " " + echo "additional options:" + echo "-f, --no-prompt executes with no prompt for confirmation" + echo "-h, --help provide brief overview of script" + echo "-n, --name AKS name [optional]" + echo "-g, --resource-group name of resource group that will be created [optional]" + echo "-s, --size azure flavor size for Kube nodes [optional]" + echo "-v, --kube-version version of Kubernetes for cluster [optional]" + echo "-c, --node-count number of nodes for cluster [optional]" + echo "--service-cidr cidr for Kuberenetes services [optional]." + echo "--dns-ip IP for Kuberenetes dns service [optional]. This should be from --service-cidr." + echo "--pod-cidr cidr for Kuberenetes pods [optional]." + echo "--node-cidr cidr for Kuberenetes nodes [optional]." + echo "--vnet-name name of Vnet to create for Kubernetes Cluster [optional]" + echo "" + exit 0 + ;; + -f|--no-prompt) + shift + NO_PROMPT=1 + ;; + -n|--name) + shift + AKS_NAME=$1 + shift + ;; + -g|--resource-group) + shift + AKS_RESOURCE_GROUP_NAME=$1 + shift + ;; + -s|--size) + shift + AKS_NODE_SIZE=$1 + shift + ;; + -l|--location) + shift + LOCATION=$1 + shift + ;; + -v|--kube-version) + shift + AKS_K8_VERSION=$1 + shift + ;; + -c|--node-count) + shift + AKS_NODE_COUNT=$1 + shift + ;; + --service-cidr) + shift + AKS_SERVICE_CIDR=$1 + shift + ;; + --dns-ip) + shift + AKS_DNS_IP=$1 + shift + ;; + --pod-cidr) + shift + AKS_POD_CIDR=$1 + shift + ;; + --node-cidr) + shift + AKS_NODE_CIDR=$1 + shift + ;; + --vnet-name) + shift + AKS_NETWORK_NAME=$1 + shift + ;; + --user-public-ip) + shift + USER_PUBLIC_IP_PREFIX=$1 + shift + ;; + --admin-user) + shift + AKS_ADMIN_USER=$1 + shift + ;; + --public-key) + shift + PUBLIC_KEY=$1 + shift + ;; + *) + echo "Unknown Argument $1. Try running with --help." + exit 0 + ;; + esac +done + +check_required_parameter "$LOCATION" "--location" +check_required_parameter "$USER_PUBLIC_IP_PREFIX" "--user-public-ip" +check_required_parameter "$AKS_ADMIN_USER" "--admin-user" +check_required_parameter "$PUBLIC_KEY" "--public-key" + +AKS_RESOURCE_GROUP_NAME=$(check_optional_paramater "$AKS_RESOURCE_GROUP_NAME" $RANDOM_STRING"-AKSRG") +AKS_NAME=$(check_optional_paramater "$AKS_NAME" $RANDOM_STRING"-AKS") +AKS_NODE_SIZE=$(check_optional_paramater "$AKS_NODE_SIZE" "Standard_DS4_v2") +AKS_POD_CIDR=$(check_optional_paramater "$AKS_POD_CIDR" "168.1.0.0/16") +AKS_NODE_CIDR=$(check_optional_paramater "$AKS_NODE_CIDR" "169.1.0.0/16") +AKS_NETWORK_NAME=$(check_optional_paramater "$AKS_NETWORK_NAME" $RANDOM_STRING"-AKS-VNET") +AKS_SERVICE_CIDR=$(check_optional_paramater "$AKS_SERVICE_CIDR" "170.1.0.0/16") +AKS_DNS_IP=$(check_optional_paramater "$AKS_DNS_IP" "170.1.0.10") +AKS_K8_VERSION=$(check_optional_paramater "$AKS_K8_VERSION" "1.13.5") +AKS_NODE_COUNT=$(check_optional_paramater "$AKS_NODE_COUNT" "7") + +if [ $NO_PROMPT = 0 ]; then + read -p "Would you like to proceed? [y/n]" -n 1 -r + echo " " + if [[ ! $REPLY =~ ^[Yy]$ ]] + then + exit 0 + fi +fi + +set -x +set -e + +AKS_SUBNET_NAME=$AKS_NETWORK_NAME"-SUBNET" + +echo "Creating AKS Resource Group $AKS_RESOURCE_GROUP_NAME in $LOCATION" +$DIR/create_resource_group.sh "$AKS_RESOURCE_GROUP_NAME" "$LOCATION" + +az network vnet create --resource-group "$AKS_RESOURCE_GROUP_NAME" \ + --name "$AKS_NETWORK_NAME" \ + --address-prefix "$AKS_NODE_CIDR" \ + --subnet-name "$AKS_SUBNET_NAME" \ + --subnet-prefix "$AKS_NODE_CIDR" + +AKS_SUBNET_ID=`az network vnet show --resource-group ${AKS_RESOURCE_GROUP_NAME} --name ${AKS_NETWORK_NAME} --query "subnets | [0] | id" --output tsv` + +az aks create --name "$AKS_NAME" \ + --resource-group "$AKS_RESOURCE_GROUP_NAME" \ + --disable-rbac \ + --kubernetes-version "$AKS_K8_VERSION" \ + --location "$LOCATION" \ + --node-count "$AKS_NODE_COUNT" \ + --node-vm-size "$AKS_NODE_SIZE" \ + --service-cidr "$AKS_SERVICE_CIDR" \ + --pod-cidr "$AKS_POD_CIDR" \ + --network-plugin "kubenet" \ + --dns-service-ip "$AKS_DNS_IP" \ + --admin-username "$AKS_ADMIN_USER" \ + --ssh-key-value "$PUBLIC_KEY" \ + --vnet-subnet-id "$AKS_SUBNET_ID" +echo "" + +AKS_MANAGEMENT_RESOURCE_GROUP_NAME=`az group list --query "[?starts_with(name, 'MC_${AKS_RESOURCE_GROUP_NAME}')].name | [0]" --output tsv` +AKS_NSG_NAME=`az resource list --resource-group ${AKS_MANAGEMENT_RESOURCE_GROUP_NAME} --resource-type "Microsoft.Network/networkSecurityGroups" --query "[0] | name" --output tsv` +AKS_NSG_ID=`az resource list --resource-group ${AKS_MANAGEMENT_RESOURCE_GROUP_NAME} --resource-type "Microsoft.Network/networkSecurityGroups" --query "[0] | id" --output tsv` + +echo "Associating Security Group with AKS Subnet ${AKS_SUBNET_NAME}" +az network vnet subnet update --resource-group="$AKS_RESOURCE_GROUP_NAME" \ + --name "$AKS_SUBNET_NAME" \ + --vnet-name "$AKS_NETWORK_NAME" \ + --network-security-group "$AKS_NSG_ID" + +for ((i=0;i<$AKS_NODE_COUNT;i++)); do + NIC_NAME=`az resource list --resource-group ${AKS_MANAGEMENT_RESOURCE_GROUP_NAME} --resource-type "Microsoft.Network/networkInterfaces" --query "[$i] | name" --output tsv` + echo "Associating Security Group ${AKS_NSG_NAME} with AKS Node NIC ${NIC_NAME}" + az network nic update --resource-group "$AKS_MANAGEMENT_RESOURCE_GROUP_NAME" -n "$NIC_NAME" --network-security-group "$AKS_NSG_NAME" + echo "" +done + diff --git a/deployment/aks/create_devstack.sh b/deployment/aks/create_devstack.sh new file mode 100755 index 000000000..fc136f00a --- /dev/null +++ b/deployment/aks/create_devstack.sh @@ -0,0 +1,367 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +NO_PROMPT=0 +RANDOM_PREFIX="ONAP" +RANDOM_STRING="$RANDOM_PREFIX"-`cat /dev/urandom | env LC_CTYPE=C tr -cd 'a-zA-Z0-9' | head -c 4` + +DEVSTACK_RG= +DEVSTACK_LOCATION= +PUBLIC_KEY= +DEVSTACK_NAME= +DEVSTACK_VM_SIZE= +SUBNET_CIDR= +ADMIN_USER= +BUILD_DIR= +DEVSTACK_VNET_NAME= +USER_PUBLIC_IP_PREFIX= +DEVSTACK_PRIVATE_IP= +DEVSTACK_SUBNET_NAME= +DEVSTACK_DISK_SIZE= +OPENSTACK_USER= +OPENSTACK_PASS= +OS_PROJECT_NAME= +IMAGE_LIST= + +function check_required_parameter() { + # arg1 = parameter + # arg2 = parameter name + if [ -z "$1" ]; then + echo "$2 was not was provided. This parameter is required." + exit 1 + fi +} + +function check_optional_paramater() { + # arg1 = parameter + # arg2 = parameter name + if [ -z "$1" ]; then + echo "$2" + else + echo "$1" + fi +} + + +while test $# -gt 0; do + case "$1" in + -h|--help) + echo "./create_devstack.sh [options]" + echo " " + echo " " + echo "required:" + echo "--public-key public key to add for admin user [required]" + echo "--user-public-ip public ip that will be granted access to VM [required]" + echo "-l, --location location to deploy VM [required]" + echo "-u, --admin-user admin user to create on VM [required]" + echo " " + echo "additional options:" + echo "-f, --no-prompt executes with no prompt for confirmation" + echo "-h, --help provide brief overview of script" + echo "-n, --name VM name [optional]" + echo "-g, --resource-group provide brief overview of script [optional]" + echo "-s, --size Azure flavor size for VM [optional]" + echo "-c, --cidr cidr for VNET to create for VM [optional]. If provided, must also provide --devstack-private-ip from same range." + echo "-d, --directory directory to store cloud config data [optional]" + echo "--vnet-name name of Vnet to create for VM [optional]" + echo "--image-list space delimited list of image urls that will be added to devstack [optional]" + echo "--devstack-private-ip private ip assigned to VM [optional]. If provided, this value must come from the CIDR range of VNET." + echo "--devstack-subnet-name subnet name created on VNET [optional]" + echo "--devstack-disk-size size of OS disk to be allocated [optional]" + echo "--openstack-username default user name for openstack [optional]" + echo "--openstack-password default password for openstack [optional]" + echo "--openstack-tenant default tenant name for openstack [optional]" + echo "" + exit 0 + ;; + -f|--no-prompt) + shift + NO_PROMPT=1 + ;; + -n|--name) + shift + DEVSTACK_NAME=$1 + shift + ;; + -g|--resource-group) + shift + DEVSTACK_RG=$1 + shift + ;; + -s|--size) + shift + DEVSTACK_VM_SIZE=$1 + shift + ;; + -l|--location) + shift + DEVSTACK_LOCATION=$1 + shift + ;; + -c|--cidr) + shift + SUBNET_CIDR=$1 + shift + ;; + -u|--admin-user) + shift + ADMIN_USER=$1 + shift + ;; + -d|--directory) + shift + BUILD_DIR=$1 + shift + ;; + --vnet-name) + shift + DEVSTACK_VNET_NAME=$1 + shift + ;; + --image-list) + shift + IMAGE_LIST=$1 + shift + ;; + --public-key) + shift + PUBLIC_KEY=$1 + shift + ;; + --user-public-ip) + shift + USER_PUBLIC_IP_PREFIX=$1 + shift + ;; + --devstack-private-ip) + shift + DEVSTACK_PRIVATE_IP=$1 + shift + ;; + --devstack-subnet-name) + shift + DEVSTACK_SUBNET_NAME=$1 + shift + ;; + --devstack-disk-size) + shift + DEVSTACK_DISK_SIZE=$1 + shift + ;; + --openstack-username) + shift + OPENSTACK_USER=$1 + shift + ;; + --openstack-password) + shift + OPENSTACK_PASS=$1 + shift + ;; + --openstack-tenant) + shift + OS_PROJECT_NAME=$1 + shift + ;; + *) + echo "Unknown Argument $1. Try running with --help." + exit 0 + ;; + esac +done + +check_required_parameter "$ADMIN_USER" "--admin-user" +check_required_parameter "$PUBLIC_KEY" "--public-key" +check_required_parameter "$DEVSTACK_LOCATION" "--location" +check_required_parameter "$USER_PUBLIC_IP_PREFIX" "--user-public-ip" + +DEVSTACK_RG=$(check_optional_paramater "$DEVSTACK_RG" $RANDOM_STRING"-DEVSTACKRG") +DEVSTACK_NAME=$(check_optional_paramater "$DEVSTACK_NAME" $RANDOM_STRING"-DEVSTACK") +DEVSTACK_VM_SIZE=$(check_optional_paramater "$DEVSTACK_VM_SIZE" "Standard_DS4_v2") +SUBNET_CIDR=$(check_optional_paramater "$SUBNET_CIDR" "173.0.0.0/24") +BUILD_DIR=$(check_optional_paramater "$BUILD_DIR" /tmp/devstack-$RANDOM_STRING) +DEVSTACK_VNET_NAME=$(check_optional_paramater "$DEVSTACK_VNET_NAME" $RANDOM_STRING"-DEVSTACK-VNET") +DEVSTACK_PRIVATE_IP=$(check_optional_paramater "$DEVSTACK_PRIVATE_IP" "173.0.0.4") +DEVSTACK_SUBNET_NAME=$(check_optional_paramater "$DEVSTACK_SUBNET_NAME" $RANDOM_STRING"-DEVSTACK-VNET-SUBNET") +DEVSTACK_DISK_SIZE=$(check_optional_paramater "$DEVSTACK_DISK_SIZE" "64") +OPENSTACK_USER=$(check_optional_paramater "$OPENSTACK_USER" "admin") +OPENSTACK_PASS=$(check_optional_paramater "$OPENSTACK_PASS" "secret") +OS_PROJECT_NAME=$(check_optional_paramater "$OS_PROJECT_NAME" "admin") +IMAGE_LIST=$(check_optional_paramater "$IMAGE_LIST" "") + + +if [ $NO_PROMPT = 0 ]; then + read -p "Would you like to proceed? [y/n]" -n 1 -r + echo " " + if [[ ! $REPLY =~ ^[Yy]$ ]] + then + exit 0 + fi +fi + +set -x +set -e + +# TODO +# This needs to be hardened +DEVSTACK_PRIVATE_GATEWAY=`echo $DEVSTACK_PRIVATE_IP | sed 's/.$/1/'` +DEVSTACK_ALLOCATION_START=`echo $DEVSTACK_PRIVATE_IP | sed 's/.$/10/'` +DEVSTACK_ALLOCATION_END=`echo $DEVSTACK_PRIVATE_IP | sed 's/.$/240/'` + +DATA_FILE=$BUILD_DIR/cloud-cfg-os.yaml + +if [ ! -d $BUILD_DIR ]; then + echo "running script standalone..." + mkdir -p "$BUILD_DIR" +fi + +$DIR/create_resource_group.sh "$DEVSTACK_RG" "$DEVSTACK_LOCATION" + +az network public-ip create --resource-group "$DEVSTACK_RG" --name "DEVSTACK_PUBLIC_IP" --allocation-method Static +DEVSTACK_PUBLIC_IP=`az network public-ip show --resource-group "$DEVSTACK_RG" --name "DEVSTACK_PUBLIC_IP" --query 'ipAddress' --output tsv` + +cat > $DATA_FILE <<EOF +#cloud-config +package_upgrade: true +packages: + - resolvconf +users: + - default + - name: stack + lock_passwd: False + sudo: ["ALL=(ALL) NOPASSWD:ALL\nDefaults:stack !requiretty"] + shell: /bin/bash +write_files: + - path: /home/stack/start.sh + permissions: 0755 + content: | + #!/bin/sh + DEBIAN_FRONTEND=noninteractive sudo apt-get -qqy update || sudo yum update -qy + DEBIAN_FRONTEND=noninteractive sudo apt-get install -qqy git || sudo yum install -qy git + sudo chown stack:stack /home/stack + cd /home/stack + git clone https://git.openstack.org/openstack-dev/devstack + cd devstack + cat > local.conf <<EOF + [[local|localrc]] + HOST_IP=$DEVSTACK_PRIVATE_IP + SERVICE_HOST=$DEVSTACK_PRIVATE_IP + MYSQL_HOST=$DEVSTACK_PRIVATE_IP + RABBIT_HOST=$DEVSTACK_PRIVATE_IP + GLANCE_HOSTPORT=$DEVSTACK_PRIVATE_IP:9292 + + ADMIN_PASSWORD="secret" + DATABASE_PASSWORD="secret" + RABBIT_PASSWORD="secret" + SERVICE_PASSWORD="secret" + + enable_service h-eng h-api h-api-cfn h-api-cw + disable_service tempest + + enable_plugin heat https://git.openstack.org/openstack/heat + enable_plugin heat-dashboard https://opendev.org/openstack/heat-dashboard + + ## Neutron options + Q_USE_SECGROUP=True + FLOATING_RANGE="$SUBNET_CIDR" + IPV4_ADDRS_SAFE_TO_USE="192.168.100.0/24" + Q_FLOATING_ALLOCATION_POOL=start=$DEVSTACK_ALLOCATION_START,end=$DEVSTACK_ALLOCATION_END + PUBLIC_NETWORK_GATEWAY="$DEVSTACK_PRIVATE_GATEWAY" + PUBLIC_INTERFACE=eth0 + + # Disable security groups + # Q_USE_SECGROUP=False + # LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver + + # Open vSwitch provider networking configuration + Q_USE_PROVIDERNET_FOR_PUBLIC=True + OVS_PHYSICAL_BRIDGE=br-ex + PUBLIC_BRIDGE=br-ex + OVS_BRIDGE_MAPPINGS=public:br-ex + + [[post-config|\$NOVA_CONF]] + + [libvirt] + cpu_mode = host-passthrough + + EOF + ./stack.sh + + source accrc/admin/admin + openstack project create --domain default --description "New Project" "$OS_PROJECT_NAME" + openstack user create --domain default --project "$OS_PROJECT_NAME" --password "$OPENSTACK_PASS" "$OPENSTACK_USER" + openstack role add --project "$OS_PROJECT_NAME" --user "$OPENSTACK_USER" admin + + openstack network set --disable-port-security public + openstack subnet set --dhcp public-subnet + openstack subnet set --dns-nameserver 8.8.4.4 public-subnet + openstack network set --share public + openstack network set --share private + + for image in `echo "$IMAGE_LIST"`; do + file_name=\`echo "\$image" | rev | cut -d "/" -f 1 | rev\` + image_name=\`echo "\$file_name" | rev | cut -d "." -f 2- | rev\` + wget -O /tmp/"\$file_name" "\$image" + openstack image create --disk-format qcow2 --public --file /tmp/"\$file_name" --property img_config_drive=mandatory "\$image_name" + done + +runcmd: + - echo "nameserver 8.8.4.4" >> /etc/resolvconf/resolv.conf.d/head + - echo "nameserver 8.8.8.8" >> /etc/resolvconf/resolv.conf.d/head + - service resolvconf restart + - su -l stack ./start.sh + - iptables -t nat -F POSTROUTING + - iptables -t nat -A POSTROUTING -o br-ex -j MASQUERADE + - iptables -t nat -A PREROUTING -d "$DEVSTACK_PUBLIC_IP" -j DNAT --to-destination $DEVSTACK_PRIVATE_IP +EOF + +DEVSTACK_IMAGE="UbuntuLTS" +DEVSTACK_SECURITY_GROUP=$DEVSTACK_NAME"-SG" + +az network nsg create --resource-group "$DEVSTACK_RG" \ + --name "$DEVSTACK_SECURITY_GROUP" + +$DIR/create_sg_rule.sh "$DEVSTACK_RG" "$DEVSTACK_SECURITY_GROUP" '*' "22" "$USER_PUBLIC_IP_PREFIX" '*' '*' "SSH" "100" +$DIR/create_sg_rule.sh "$DEVSTACK_RG" "$DEVSTACK_SECURITY_GROUP" '*' "80" "$USER_PUBLIC_IP_PREFIX" '*' '*' "HORIZON" "110" + +az vm create --name "$DEVSTACK_NAME" \ + --resource-group "$DEVSTACK_RG" \ + --size "$DEVSTACK_VM_SIZE" \ + --admin-username "$ADMIN_USER" \ + --ssh-key-value @"$PUBLIC_KEY" \ + --os-disk-size-gb "$DEVSTACK_DISK_SIZE" \ + --image "$DEVSTACK_IMAGE" \ + --location "$DEVSTACK_LOCATION" \ + --subnet-address-prefix "$SUBNET_CIDR" \ + --subnet "$DEVSTACK_SUBNET_NAME" \ + --vnet-address-prefix "$SUBNET_CIDR" \ + --vnet-name "$DEVSTACK_VNET_NAME" \ + --custom-data "$DATA_FILE" \ + --nsg "$DEVSTACK_SECURITY_GROUP" \ + --private-ip-address "$DEVSTACK_PRIVATE_IP" \ + --public-ip-address "DEVSTACK_PUBLIC_IP" +echo "" + +az network vnet subnet update --resource-group="$DEVSTACK_RG" \ + --name "$DEVSTACK_SUBNET_NAME" \ + --vnet-name "$DEVSTACK_VNET_NAME" \ + --network-security-group "$DEVSTACK_SECURITY_GROUP" + +DEVSTACK_NIC_ID=`az vm nic list --resource-group ${DEVSTACK_RG} --vm-name ${DEVSTACK_NAME} --query "[0] | id" --output tsv` + +### Enabling IP Forwarding on DEVSTACK vnic ### +az network nic update --ids "$DEVSTACK_NIC_ID" --ip-forwarding + diff --git a/deployment/aks/create_nfs.sh b/deployment/aks/create_nfs.sh new file mode 100755 index 000000000..8262d1e8c --- /dev/null +++ b/deployment/aks/create_nfs.sh @@ -0,0 +1,237 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +NO_PROMPT=0 +RANDOM_PREFIX="ONAP" +RANDOM_STRING="$RANDOM_PREFIX"-`cat /dev/urandom | env LC_CTYPE=C tr -cd 'a-zA-Z0-9' | head -c 4` + + +NFS_NAME= +NFS_RG= +NFS_VM_SIZE= +NFS_LOCATION= +SUBNET_CIDR= +ADMIN_USER= +BUILD_DIR= +NFS_VNET_NAME= +PUBLIC_KEY= +USER_PUBLIC_IP_PREFIX= +NFS_SUBNET_NAME= +AKS_POD_CIDR= +NFS_DISK_SIZE= + +function check_required_parameter() { + # arg1 = parameter + # arg2 = parameter name + if [ -z "$1" ]; then + echo "$2 was not was provided. This parameter is required." + exit 1 + fi +} + +function check_optional_paramater() { + # arg1 = parameter + # arg2 = parameter name + if [ -z "$1" ]; then + echo "$2" + else + echo "$1" + fi +} + + +while test $# -gt 0; do + case "$1" in + -h|--help) + echo "./create_nfs.sh [options]" + echo " " + echo " " + echo "required:" + echo "--public-key public key to add for admin user [required]" + echo "--user-public-ip public ip that will be granted access to VM [required]" + echo "-l, --location location to deploy VM [required]" + echo "-u, --admin-user admin user to create on VM [required]" + echo "--aks-node-cidr CIDR for Kubernetes nodes [required]. This is used during the NFS deploy to grant access to the NFS server from Kubernetes." + echo " " + echo "additional options:" + echo "-f, --no-prompt executes with no prompt for confirmation" + echo "-h, --help provide brief overview of script" + echo "-n, --name VM name [optional]" + echo "-g, --resource-group resource group that will be created [optional]" + echo "-s, --size Azure flavor size for VM [optional]" + echo "-c, --cidr cidr for VNET to create for VM [optional]." + echo "-d, --directory directory to store cloud config data [optional]" + echo "--vnet-name name of Vnet to create for VM [optional]" + echo "--nfs-subnet-name subnet name created on VNET [optional]" + echo "--nfs-disk-size size of external disk to be mounted on NFS VM [optional]" + echo "" + exit 0 + ;; + -f|--no-prompt) + shift + NO_PROMPT=1 + ;; + -n|--name) + shift + NFS_NAME=$1 + shift + ;; + -g|--resource-group) + shift + NFS_RG=$1 + shift + ;; + -s|--size) + shift + NFS_VM_SIZE=$1 + shift + ;; + -l|--location) + shift + NFS_LOCATION=$1 + shift + ;; + -c|--cidr) + shift + SUBNET_CIDR=$1 + shift + ;; + -u|--admin-user) + shift + ADMIN_USER=$1 + shift + ;; + -d|--directory) + shift + BUILD_DIR=$1 + shift + ;; + --vnet-name) + shift + NFS_VNET_NAME=$1 + shift + ;; + --public-key) + shift + PUBLIC_KEY=$1 + shift + ;; + --user-public-ip) + shift + USER_PUBLIC_IP_PREFIX=$1 + shift + ;; + --aks-node-cidr) + shift + AKS_POD_CIDR=$1 + shift + ;; + --nfs-subnet-name) + shift + NFS_SUBNET_NAME=$1 + shift + ;; + --nfs-disk-size) + shift + NFS_DISK_SIZE=$1 + shift + ;; + *) + echo "Unknown Argument $1. Try running with --help." + exit 0 + ;; + esac +done + +check_required_parameter "$ADMIN_USER" "--admin-user" +check_required_parameter "$PUBLIC_KEY" "--public-key" +check_required_parameter "$NFS_LOCATION" "--location" +check_required_parameter "$USER_PUBLIC_IP_PREFIX" "--user-public-ip" +check_required_parameter "$AKS_POD_CIDR" "--aks-node-cidr" + +NFS_RG=$(check_optional_paramater "$NFS_RG" $RANDOM_STRING"-NFS-RG") +NFS_NAME=$(check_optional_paramater "$NFS_NAME" $RANDOM_STRING"-NFS") +NFS_VM_SIZE=$(check_optional_paramater "$NFS_VM_SIZE" "Standard_DS4_v2") +SUBNET_CIDR=$(check_optional_paramater "$SUBNET_CIDR" "174.0.0.0/24") +BUILD_DIR=$(check_optional_paramater "$BUILD_DIR" /tmp/nfs-$RANDOM_STRING) +NFS_VNET_NAME=$(check_optional_paramater "$NFS_VNET_NAME" $RANDOM_STRING"-NFS-VNET") +NFS_SUBNET_NAME=$(check_optional_paramater "$NFS_SUBNET_NAME" $RANDOM_STRING"-NFS-VNET-SUBNET") +NFS_DISK_SIZE=$(check_optional_paramater "$NFS_DISK_SIZE" "256") + +if [ $NO_PROMPT = 0 ]; then + read -p "Would you like to proceed? [y/n]" -n 1 -r + echo " " + if [[ ! $REPLY =~ ^[Yy]$ ]] + then + exit 0 + fi +fi + +set -x +set -e + +NFS_IMAGE="UbuntuLTS" +NFS_SECURITY_GROUP=$NFS_NAME"-SG" +DATA_FILE=$BUILD_DIR/cloud-cfg.yaml + +if [ ! -d $BUILD_DIR ]; then + echo "running script standalone..." + mkdir -p "$BUILD_DIR" +fi + +$DIR/create_resource_group.sh "$NFS_RG" "$NFS_LOCATION" + +cat > $DATA_FILE <<EOF +#cloud-config +package_upgrade: true +packages: + - nfs-kernel-server + - portmap +runcmd: + - echo "/dockerdata-nfs $AKS_POD_CIDR(rw,async,no_root_squash,no_subtree_check)" >> /etc/exports + - mkdir /dockerdata-nfs + - chmod 777 -R /dockerdata-nfs + - chown nobody:nogroup /dockerdata-nfs + - exportfs -ra + - systemctl restart nfs-kernel-server +EOF + +az network nsg create --resource-group "$NFS_RG" \ + --name "$NFS_SECURITY_GROUP" + +$DIR/create_sg_rule.sh "$NFS_RG" "$NFS_SECURITY_GROUP" '*' "22" "$USER_PUBLIC_IP_PREFIX" '*' '*' "SSH" "100" + +az vm create --name "$NFS_NAME" \ + --resource-group "$NFS_RG" \ + --size "$NFS_VM_SIZE" \ + --os-disk-size-gb "$NFS_DISK_SIZE" \ + --admin-username "$ADMIN_USER" \ + --ssh-key-value @"$PUBLIC_KEY" \ + --image "UbuntuLTS" \ + --location "$NFS_LOCATION" \ + --subnet-address-prefix "$SUBNET_CIDR" \ + --subnet "$NFS_SUBNET_NAME" \ + --vnet-address-prefix "$SUBNET_CIDR" \ + --vnet-name "$NFS_VNET_NAME" \ + --custom-data "$DATA_FILE" \ + --nsg "$NFS_SECURITY_GROUP" +echo "" + +az network vnet subnet update --resource-group "$NFS_RG" \ + --name "$NFS_SUBNET_NAME" \ + --vnet-name "$NFS_VNET_NAME" \ + --network-security-group "$NFS_SECURITY_GROUP" + diff --git a/deployment/aks/create_onap.sh b/deployment/aks/create_onap.sh new file mode 100755 index 000000000..4abddd64f --- /dev/null +++ b/deployment/aks/create_onap.sh @@ -0,0 +1,110 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -x + +BUILD_NAME=$1 +KUBECONFIG=$2 +NFS_SERVER_IP=$3 +OOM_BRANCH=$4 +BUILD_DIR=$5 +CHART_VERSION=$6 +OOM_OVERRIDES=$7 + +pushd . + +cd $BUILD_DIR + +export KUBECONFIG="$KUBECONFIG" +kubectl get nodes + +COUNTER=0 +until [ $COUNTER -ge 10 ]; do + +echo "overriding default storage class for AKS" +kubectl delete sc default +sleep 1 +cat <<EOF | kubectl apply -f - +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + annotations: + storageclass.beta.kubernetes.io/is-default-class: "false" + labels: + kubernetes.io/cluster-service: "true" + name: default +provisioner: kubernetes.io/no-provisioner +reclaimPolicy: Delete +volumeBindingMode: Immediate +EOF + +if [ $? -eq 0 ]; then + COUNTER=10 +else + COUNTER=$((COUNTER +1)) +fi + +sleep 5 +done + +git clone -b "$OOM_BRANCH" http://gerrit.onap.org/r/oom --recurse-submodules + +#mv requirements.yaml oom/kubernetes/onap/ +cd oom/kubernetes + +ls -l + +helmpid=`ps -ef | grep -v grep | grep helm | awk '{print $2}'` +if [ ! -z $helmpid ]; then + kill $helmpid +fi + +helm init +echo "initializing tiller..." +sleep 3 + +helm serve & +echo "started helm..." +sleep 3 + +helm repo add local http://127.0.0.1:8879 +helm repo add stable "https://kubernetes-charts.storage.googleapis.com/" + +cp -R helm/plugins/ ~/.helm + +make all +if [ $? -ne 0 ]; then + echo "Failed building helm charts, exiting..." + exit 1 +fi + +make onap +if [ $? -ne 0 ]; then + echo "Failed building helm charts, exiting..." + exit 1 +fi + +TEMPLATE_OVERRIDES="-f onap/resources/overrides/onap-all.yaml -f onap/resources/overrides/openstack.yaml --timeout 900" +if [ -f "$BUILD_DIR/integration-override.yaml" ]; then + TEMPLATE_OVERRIDES="$TEMPLATE_OVERRIDES -f $BUILD_DIR/integration-override.yaml" +fi + +helm repo remove stable +build_name=`echo "$BUILD_NAME" | tr '[:upper:]' '[:lower:]'` +helm deploy "$build_name" local/onap --version v"$CHART_VERSION" "$OOM_OVERRIDES" --namespace onap "$TEMPLATE_OVERRIDES" + +kubectl get pods --namespace onap + +popd diff --git a/deployment/aks/create_peering.sh b/deployment/aks/create_peering.sh new file mode 100755 index 000000000..10afefe84 --- /dev/null +++ b/deployment/aks/create_peering.sh @@ -0,0 +1,28 @@ +#!/bin/sh +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -x + +SOURCE_VNET=$1 +SOURCE_RESOURCE_GROUP=$2 +REMOTE_VNET=$3 +PEER_NAME=$4 + +az network vnet peering create --resource-group "$SOURCE_RESOURCE_GROUP" \ + --name "$PEER_NAME" \ + --vnet-name "$SOURCE_VNET" \ + --remote-vnet "$REMOTE_VNET" \ + --allow-vnet-access \ + --allow-forwarded-traffic
\ No newline at end of file diff --git a/deployment/aks/create_public_ip.sh b/deployment/aks/create_public_ip.sh new file mode 100755 index 000000000..daac91903 --- /dev/null +++ b/deployment/aks/create_public_ip.sh @@ -0,0 +1,28 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -x + +PUBLIC_IP_NAME=$1 +PUBLIC_IP_RESOURCE_GROUP=$2 +NIC_NAME=$3 + +az network public-ip create --name "$PUBLIC_IP_NAME" \ + --resource-group "$PUBLIC_IP_RESOURCE_GROUP" + +az network nic ip-config update --name "ipconfig1" \ + --resource-group "$PUBLIC_IP_RESOURCE_GROUP" \ + --nic-name "$NIC_NAME" \ + --public-ip-address "$PUBLIC_IP_NAME" diff --git a/deployment/aks/create_resource_group.sh b/deployment/aks/create_resource_group.sh new file mode 100755 index 000000000..058539cc6 --- /dev/null +++ b/deployment/aks/create_resource_group.sh @@ -0,0 +1,21 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -x + +RESOURCE_GROUP_NAME=$1 +LOCATION=$2 + +az group create --name "$RESOURCE_GROUP_NAME" --location "$LOCATION" diff --git a/deployment/aks/create_route.sh b/deployment/aks/create_route.sh new file mode 100755 index 000000000..3090052c5 --- /dev/null +++ b/deployment/aks/create_route.sh @@ -0,0 +1,30 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -x + +ROUTE_PREFIX=$1 +ROUTE_NAME=$2 +RESOURCE_GROUP=$3 +ROUTE_TABLE=$4 +IP_ADDRESS=$5 + +az network route-table route create --address-prefix "$ROUTE_PREFIX" \ + --name "$ROUTE_NAME" \ + --next-hop-type "VirtualAppliance" \ + --resource-group "$RESOURCE_GROUP" \ + --route-table-name "$ROUTE_TABLE" \ + --next-hop-ip-address "$IP_ADDRESS" +echo ""
\ No newline at end of file diff --git a/deployment/aks/create_sg_rule.sh b/deployment/aks/create_sg_rule.sh new file mode 100755 index 000000000..6f16eb889 --- /dev/null +++ b/deployment/aks/create_sg_rule.sh @@ -0,0 +1,36 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -x + +RESOURCE_GROUP=$1 +SECURITY_GROUP=$2 +DESTINATION_ADDRESS=$3 +DESTINATION_PORT=$4 +SOURCE_ADDRESS=$5 +SOURCE_PORT=$6 +PROTOCOL=$7 +RULE_NAME=$8 +PRIORITY=$9 + +az network nsg rule create --resource-group "$RESOURCE_GROUP" \ + --nsg-name "$SECURITY_GROUP" \ + --name "$RULE_NAME" \ + --source-address-prefixes $SOURCE_ADDRESS \ + --source-port-ranges "$SOURCE_PORT" \ + --destination-address-prefixes "$DESTINATION_ADDRESS" \ + --destination-port-ranges "$DESTINATION_PORT" \ + --protocol "$PROTOCOL" \ + --priority "$PRIORITY" diff --git a/deployment/aks/post-install/bootstrap.sh b/deployment/aks/post-install/bootstrap.sh new file mode 100755 index 000000000..646a502e2 --- /dev/null +++ b/deployment/aks/post-install/bootstrap.sh @@ -0,0 +1,176 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" + +set -x + +if [ ! -d $BUILD_DIR ]; then + mkdir -p $BUILD_DIR +fi + +# TODO +# Get these from values.yaml +export AAI_DNS_NAME=aai.onap +export AAI_PORT=8443 +export AAI_USER=AAI +export AAI_PASS=AAI +export AAI_PROTOCOL=https +export VID_DNS_NAME=vid.onap +export VID_PORT=8443 +export VID_PROTOCOL=https +export SDC_DNS_NAME=sdc-fe.onap +export SDC_PORT=9443 +export SDC_PROTOCOL=https + +DATA_FILE=$BUILD_DIR"/get_tenant_id.json" + +cat > $DATA_FILE <<EOF +{ "auth": { + "identity": { + "methods": ["password"], + "password": { + "user": { + "name": "$OPENSTACK_USER", + "domain": { "id": "default" }, + "password": "$OPENSTACK_PASS" + } + } + }, + "scope": { + "project": { + "name": "$OPENSTACK_TENANT", + "domain": { "id": "default" } + } + } + } +} +EOF + +http_code="" +COUNTER=0 + +until [ "$http_code" = "201" ] || [ $COUNTER -gt 360 ]; do +http_code=`curl -sL -w "%{http_code}" -o /dev/null -H "Content-Type: application/json" -d @"$DATA_FILE" "http://$OPENSTACK_IP/identity/v3/auth/tokens"` +echo "" +echo "http_code $http_code" +COUNTER=$((COUNTER +1)) +sleep 10 +done + +TENANT_ID=`curl -s -H "Content-Type: application/json" -d @"$DATA_FILE" "http://$OPENSTACK_IP/identity/v3/auth/tokens" | jq --raw-output '.token.project.id'` + +if [ $? -ne 0 ]; then + echo "Failure getting tenant ID from openstack, exiting..." + exit 1 +fi + +export TENANT_ID=$TENANT_ID + +URI="aai/util/echo?action=long" +http_code="" +COUNTER=0 + +until [ "$http_code" = "200" ] || [ $COUNTER -gt 180 ]; do +echo "performing aai healthcheck..." +http_code=`curl -sL -w "%{http_code}" -o /dev/null -I --insecure -u $AAI_USER:$AAI_PASS -X GET "$AAI_PROTOCOL://$AAI_DNS_NAME:$AAI_PORT/$URI" \ + -H 'X-TransactionId: 9999' \ + -H 'X-FromAppId: jimmy-postman' \ + -H 'Real-Time: true' \ + -H 'Cache-Control: no-cache'` +COUNTER=$((COUNTER +1)) +sleep 10 +done + +if [ "$http_code" != "200" ]; then + echo "AAI Healthcheck unsuccessful :(" + echo "Something went wrong during the ONAP installation." + exit 1 +fi + +echo "Creating CLLI $CLLI..." +$DIR/create_clli.sh + +echo "Creating Cloud Region $CLOUD_REGION..." +$DIR/create_cloud_region.sh + +echo "Creating Cloud Region Relationship..." +$DIR/create_cloud_region_relationship.sh + +echo "Creating Cloud Customer $CUSTOMER..." +$DIR/create_customer.sh + +echo "Creating Cloud Service Type $SERVICE_TYPE..." +$DIR/create_service_type.sh + +echo "Creating Subscription..." +$DIR/create_subscription.sh + +echo "Creating Subscription Relationship..." +$DIR/create_cloud_region_subscriber_relationship.sh + +echo "Creating Availability Zone $AZ..." +$DIR/create_az.sh + + +URI="vid/healthCheck" +http_code="" +COUNTER=0 + +until [ "$http_code" = "200" ] || [ $COUNTER -gt 180 ]; do +echo "performing vid healthcheck..." +http_code=`curl -sL -w "%{http_code}" -o /dev/null --insecure -I -X GET "$VID_PROTOCOL://$VID_DNS_NAME:$VID_PORT/$URI"` +COUNTER=$((COUNTER +1)) +sleep 10 +done + +if [ "$http_code" != "200" ]; then + echo "VID Healthcheck unsuccessful :(" + echo "Something went wrong during the ONAP installation." + exit 1 +fi + +echo "Creating Owning Entity $OE..." +$DIR/create_owning_entity.sh + +echo "Creating Platform $PLATFORM..." +$DIR/create_platform.sh + +echo "Creating Project $PROJECT..." +$DIR/create_project.sh + +echo "Creating LOB $LOB..." +$DIR/create_lob.sh + +echo "Creating Cloud Site..." +$DIR/create_cloud_site.sh + +URI="sdc1/rest/healthCheck" +http_code="" +COUNTER=0 + +until [ "$http_code" = "200" ] || [ $COUNTER -gt 180 ]; do +echo "performing sdc healthcheck..." +http_code=`curl -k -sL -w "%{http_code}" -o /dev/null -I -X GET "$SDC_PROTOCOL://$SDC_DNS_NAME:$SDC_PORT/$URI"` +COUNTER=$((COUNTER +1)) +sleep 10 +done + +if [ "$http_code" != "200" ]; then + echo "SDC Healthcheck unsuccessful :(" + echo "Something went wrong during the ONAP installation." + exit 1 +fi + diff --git a/deployment/aks/post-install/create_az.sh b/deployment/aks/post-install/create_az.sh new file mode 100755 index 000000000..1e0407c12 --- /dev/null +++ b/deployment/aks/post-install/create_az.sh @@ -0,0 +1,42 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -x + +if [ -z $AAI_DNS_NAME ] || [ -z $AAI_PORT ]; then + echo "AAI_DNS_NAME or AAI_PORT not found. These should be environment variables." + exit 1 +fi + +DATA_FILE=$BUILD_DIR"/aai_az.json" + +URI="aai/v15/cloud-infrastructure/cloud-regions/cloud-region/$CLOUD_OWNER/$CLOUD_REGION/availability-zones/availability-zone/$AZ" + +cat > $DATA_FILE <<EOF +{ + "availability-zone-name": "$AZ", + "hypervisor-type": "hypervisor" +} +EOF + +curl -i --insecure -u $AAI_USER:$AAI_PASS -X PUT "$AAI_PROTOCOL://$AAI_DNS_NAME:$AAI_PORT/$URI" \ + -H 'X-TransactionId: 9999' \ + -H 'X-FromAppId: jimmy-postman' \ + -H 'Real-Time: true' \ + -H 'Content-Type: application/json' \ + -H 'Accept: application/json' \ + -H 'Cache-Control: no-cache' \ + -d @"$DATA_FILE" +echo "" diff --git a/deployment/aks/post-install/create_clli.sh b/deployment/aks/post-install/create_clli.sh new file mode 100755 index 000000000..dec8b8b06 --- /dev/null +++ b/deployment/aks/post-install/create_clli.sh @@ -0,0 +1,59 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -x + +if [ -z $AAI_DNS_NAME ] || [ -z $AAI_PORT ]; then + echo "AAI_DNS_NAME or AAI_PORT not found. These should be environment variables." + exit 1 +fi + +DATA_FILE=$BUILD_DIR"/aai_ccli.json" + +URI="aai/v11/cloud-infrastructure/complexes/complex/$CLLI" + +# TODO +# Parameterize the rest of the values in data, like physical location + +cat > $DATA_FILE <<EOF +{ + "physical-location-id": "$CLLI", + "data-center-code": "example-data-center-code-val-6667", + "complex-name": "$CLLI", + "identity-url": "example-identity-url-val-28399", + "physical-location-type": "example-physical-location-type-val-28399", + "street1": "example-street1-val-28399", + "street2": "example-street2-val-28399", + "city": "example-city-val-28399", + "state": "example-state-val-28399", + "postal-code": "example-postal-code-val-28399", + "country": "example-country-val-28399", + "region": "example-region-val-28399", + "latitude": "1111", + "longitude": "2222", + "elevation": "example-elevation-val-28399", + "lata": "example-lata-val-28399" +} +EOF + +curl -i --insecure -u $AAI_USER:$AAI_PASS -X PUT "$AAI_PROTOCOL://$AAI_DNS_NAME:$AAI_PORT/$URI" \ + -H 'X-TransactionId: 9999' \ + -H 'X-FromAppId: jimmy-postman' \ + -H 'Real-Time: true' \ + -H 'Content-Type: application/json' \ + -H 'Accept: application/json' \ + -H 'Cache-Control: no-cache' \ + -d @"$DATA_FILE" +echo ""
\ No newline at end of file diff --git a/deployment/aks/post-install/create_cloud_region.sh b/deployment/aks/post-install/create_cloud_region.sh new file mode 100755 index 000000000..dd83cb387 --- /dev/null +++ b/deployment/aks/post-install/create_cloud_region.sh @@ -0,0 +1,75 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -x + +if [ -z $AAI_DNS_NAME ] || [ -z $AAI_PORT ]; then + echo "AAI_DNS_NAME or AAI_PORT not found. These should be environment variables." + exit 1 +fi + +DATA_FILE=$BUILD_DIR"/aai_cloudregion.json" + +URI="aai/v11/cloud-infrastructure/cloud-regions/cloud-region/$CLOUD_OWNER/$CLOUD_REGION" + +cat > $DATA_FILE <<EOF +{ + "cloud-owner": "$CLOUD_OWNER", + "cloud-region-id": "$CLOUD_REGION", + "cloud-type": "openstack", + "owner-defined-type": "t1", + "cloud-region-version": "ocata", + "cloud-zone": "z1", + "complex-name": "$CLLI", + "identity-url": "http://$OPENSTACK_IP/identity", + "sriov-automation": false, + "cloud-extra-info": "", + "tenants": { + "tenant": [ + { + "tenant-id": "$TENANT_ID", + "tenant-name": "$OPENSTACK_TENANT" + } + ] + }, + "esr-system-info-list": + { + "esr-system-info": + [ + { + "esr-system-info-id": "example-system-name-val-92940", + "service-url": "http://$OPENSTACK_IP/identity", + "user-name": "$OPENSTACK_USER", + "password": "$OPENSTACK_PASS", + "system-type": "VIM", + "ssl-cacert": "", + "ssl-insecure": true, + "cloud-domain": "Default", + "default-tenant": "$OPENSTACK_TENANT" + } + ] + } +} +EOF + +curl -i --insecure -u $AAI_USER:$AAI_PASS -X PUT "$AAI_PROTOCOL://$AAI_DNS_NAME:$AAI_PORT/$URI" \ + -H 'X-TransactionId: 9999' \ + -H 'X-FromAppId: jimmy-postman' \ + -H 'Real-Time: true' \ + -H 'Content-Type: application/json' \ + -H 'Accept: application/json' \ + -H 'Cache-Control: no-cache' \ + -d @"$DATA_FILE" +echo "" diff --git a/deployment/aks/post-install/create_cloud_region_relationship.sh b/deployment/aks/post-install/create_cloud_region_relationship.sh new file mode 100755 index 000000000..7acdea9d2 --- /dev/null +++ b/deployment/aks/post-install/create_cloud_region_relationship.sh @@ -0,0 +1,46 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -x + +if [ -z $AAI_DNS_NAME ] || [ -z $AAI_PORT ]; then + echo "AAI_DNS_NAME or AAI_PORT not found. These should be environment variables." + exit 1 +fi + +DATA_FILE=$BUILD_DIR"/aai_cloudregionrelationship.json" + +URI="aai/v11/cloud-infrastructure/cloud-regions/cloud-region/$CLOUD_OWNER/$CLOUD_REGION/relationship-list/relationship" + +cat > $DATA_FILE <<EOF +{ + "related-to": "complex", + "related-link": "/aai/v11/cloud-infrastructure/complexes/complex/$CLLI", + "relationship-data": [{ + "relationship-key": "complex.physical-location-id", + "relationship-value": "$CLLI" + }] +} +EOF + +curl -i --insecure -u $AAI_USER:$AAI_PASS -X PUT "$AAI_PROTOCOL://$AAI_DNS_NAME:$AAI_PORT/$URI" \ + -H 'X-TransactionId: 9999' \ + -H 'X-FromAppId: jimmy-postman' \ + -H 'Real-Time: true' \ + -H 'Content-Type: application/json' \ + -H 'Accept: application/json' \ + -H 'Cache-Control: no-cache' \ + -d @"$DATA_FILE" +echo "" diff --git a/deployment/aks/post-install/create_cloud_region_subscriber_relationship.sh b/deployment/aks/post-install/create_cloud_region_subscriber_relationship.sh new file mode 100755 index 000000000..d37b5653f --- /dev/null +++ b/deployment/aks/post-install/create_cloud_region_subscriber_relationship.sh @@ -0,0 +1,62 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -x + +if [ -z $AAI_DNS_NAME ] || [ -z $AAI_PORT ]; then + echo "AAI_DNS_NAME or AAI_PORT not found. These should be environment variables." + exit 1 +fi + +DATA_FILE=$BUILD_DIR"/aai_cloudregionsubscriberrelationship.json" + +URI="aai/v11/business/customers/customer/$CUSTOMER/service-subscriptions/service-subscription/$SERVICE_TYPE/relationship-list/relationship" + +cat > $DATA_FILE <<EOF +{ + "related-to": "tenant", + "related-link": "/aai/v11/cloud-infrastructure/cloud-regions/cloud-region/$CLOUD_OWNER/$CLOUD_REGION/tenants/tenant/$TENANT_ID", + "relationship-data": [ + { + "relationship-key": "cloud-region.cloud-owner", + "relationship-value": "$CLOUD_OWNER" + }, + { + "relationship-key": "cloud-region.cloud-region-id", + "relationship-value": "$CLOUD_REGION" + }, + { + "relationship-key": "tenant.tenant-id", + "relationship-value": "$TENANT_ID" + } + ], + "related-to-property": [ + { + "property-key": "tenant.tenant-name", + "property-value": "$TENANT_NAME" + } + ] +} +EOF + +curl -i --insecure -u $AAI_USER:$AAI_PASS -X PUT "$AAI_PROTOCOL://$AAI_DNS_NAME:$AAI_PORT/$URI" \ + -H 'X-TransactionId: 9999' \ + -H 'X-FromAppId: jimmy-postman' \ + -H 'Real-Time: true' \ + -H 'Content-Type: application/json' \ + -H 'Accept: application/json' \ + -H 'Cache-Control: no-cache' \ + -d @"$DATA_FILE" +echo "" diff --git a/deployment/aks/post-install/create_cloud_site.sh b/deployment/aks/post-install/create_cloud_site.sh new file mode 100755 index 000000000..0253b0e16 --- /dev/null +++ b/deployment/aks/post-install/create_cloud_site.sh @@ -0,0 +1,50 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -x + +pushd . + +cd /tmp + +git clone http://gerrit.onap.org/r/integration /tmp/integration-repo +git clone https://github.com/onap/oom.git /tmp/oom-repo + +cd /tmp/integration-repo/deployment/heat/onap-rke/scripts +SO_ENCRYPTION_KEY=`cat /tmp/oom-repo/kubernetes/so/resources/config/mso/encryption.key` +javac Crypto.java +SO_ENCRYPTED_KEY=`java Crypto "$OPENSTACK_PASS" "$SO_ENCRYPTION_KEY"` + +popd + +echo $SO_ENCRYPTED_KEY + +MARIADBPOD_STATUS=`kubectl -n onap get pods | grep mariadb-galera-mariadb-galera | head -1 | awk '{print $3}'` +COUNTER=0 + +until [ "$MARIADBPOD_STATUS" = "Running" ] || [ $COUNTER -gt 120 ]; do +echo "mariadb pod not ready..." +COUNTER=$((COUNTER +1)) +sleep 10 +done + +MARIADBPOD=`kubectl -n onap get pods | grep mariadb-galera-mariadb-galera | head -1 | awk '{print $1}'` + +COMMAND="INSERT INTO identity_services (id, identity_url, mso_id, mso_pass, admin_tenant, member_role, tenant_metadata, identity_server_type, identity_authentication_type, project_domain_name, user_domain_name) VALUES (\"$OS_ID\", \"http://$OPENSTACK_IP/identity/v3\", \"$OPENSTACK_USER\", \"$SO_ENCRYPTED_KEY\", \"$OPENSTACK_TENANT\", \"$OS_TENANT_ROLE\", 0, \"$OS_KEYSTONE\", \"USERNAME_PASSWORD\", \"default\", \"default\");" +kubectl -n onap exec -it $MARIADBPOD -- bash -c "mysql -u root --password=secretpassword --database=catalogdb --execute='$COMMAND'" + +COMMAND="INSERT INTO cloud_sites (id, region_id, identity_service_id, cloud_version, clli) VALUES (\"$CLOUD_REGION\", \"$OPENSTACK_REGION\", \"$OS_ID\", \"2.5\", \"$CLOUD_REGION\");" +kubectl -n onap exec -it $MARIADBPOD -- bash -c "mysql -u root --password=secretpassword --database=catalogdb --execute='$COMMAND'" + diff --git a/deployment/aks/post-install/create_customer.sh b/deployment/aks/post-install/create_customer.sh new file mode 100755 index 000000000..0beebe97a --- /dev/null +++ b/deployment/aks/post-install/create_customer.sh @@ -0,0 +1,43 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -x + +if [ -z $AAI_DNS_NAME ] || [ -z $AAI_PORT ]; then + echo "AAI_DNS_NAME or AAI_PORT not found. These should be environment variables." + exit 1 +fi + +DATA_FILE=$BUILD_DIR"/aai_customer.json" + +URI="aai/v11/business/customers/customer/$CUSTOMER" + +cat > $DATA_FILE <<EOF +{ + "global-customer-id": "$CUSTOMER", + "subscriber-name": "$SUBSCRIBER", + "subscriber-type": "INFRA" +} +EOF + +curl -i --insecure -u $AAI_USER:$AAI_PASS -X PUT "$AAI_PROTOCOL://$AAI_DNS_NAME:$AAI_PORT/$URI" \ + -H 'X-TransactionId: 9999' \ + -H 'X-FromAppId: jimmy-postman' \ + -H 'Real-Time: true' \ + -H 'Content-Type: application/json' \ + -H 'Accept: application/json' \ + -H 'Cache-Control: no-cache' \ + -d @"$DATA_FILE" +echo "" diff --git a/deployment/aks/post-install/create_lob.sh b/deployment/aks/post-install/create_lob.sh new file mode 100755 index 000000000..a14367ddf --- /dev/null +++ b/deployment/aks/post-install/create_lob.sh @@ -0,0 +1,34 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -x + +if [ -z $VID_DNS_NAME ] || [ -z $VID_PORT ]; then + echo "VID_DNS_NAME or VID_PORT not found. These should be environment variables." + exit 1 +fi + +DATA_FILE=$BUILD_DIR"/vid_project.json" + +URI="vid/maintenance/category_parameter/lineOfBusiness" + +cat > $DATA_FILE <<EOF +{"options":["$LOB"]} +EOF + +curl -i --insecure -X POST "$VID_PROTOCOL://$VID_DNS_NAME:$VID_PORT/$URI" \ + -H 'Content-Type: application/json' \ + -d @"$DATA_FILE" +echo "" diff --git a/deployment/aks/post-install/create_owning_entity.sh b/deployment/aks/post-install/create_owning_entity.sh new file mode 100755 index 000000000..eba395591 --- /dev/null +++ b/deployment/aks/post-install/create_owning_entity.sh @@ -0,0 +1,34 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -x + +if [ -z $VID_DNS_NAME ] || [ -z $VID_PORT ]; then + echo "VID_DNS_NAME or VID_PORT not found. These should be environment variables." + exit 1 +fi + +DATA_FILE=$BUILD_DIR"/vid_owning_entity.json" + +URI="vid/maintenance/category_parameter/owningEntity" + +cat > $DATA_FILE <<EOF +{"options":["$OE"]} +EOF + +curl -i --insecure -X POST "$VID_PROTOCOL://$VID_DNS_NAME:$VID_PORT/$URI" \ + -H 'Content-Type: application/json' \ + -d @"$DATA_FILE" +echo "" diff --git a/deployment/aks/post-install/create_platform.sh b/deployment/aks/post-install/create_platform.sh new file mode 100755 index 000000000..46dc1b4e6 --- /dev/null +++ b/deployment/aks/post-install/create_platform.sh @@ -0,0 +1,34 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -x + +if [ -z $VID_DNS_NAME ] || [ -z $VID_PORT ]; then + echo "VID_DNS_NAME or VID_PORT not found. These should be environment variables." + exit 1 +fi + +DATA_FILE=$BUILD_DIR"/vid_platform.json" + +URI="vid/maintenance/category_parameter/platform" + +cat > $DATA_FILE <<EOF +{"options":["$PLATFORM"]} +EOF + +curl -i --insecure -X POST "$VID_PROTOCOL://$VID_DNS_NAME:$VID_PORT/$URI" \ + -H 'Content-Type: application/json' \ + -d @"$DATA_FILE" +echo "" diff --git a/deployment/aks/post-install/create_project.sh b/deployment/aks/post-install/create_project.sh new file mode 100755 index 000000000..7b455e3b0 --- /dev/null +++ b/deployment/aks/post-install/create_project.sh @@ -0,0 +1,34 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -x + +if [ -z $VID_DNS_NAME ] || [ -z $VID_PORT ]; then + echo "VID_DNS_NAME or VID_PORT not found. These should be environment variables." + exit 1 +fi + +DATA_FILE=$BUILD_DIR"/vid_project.json" + +URI="vid/maintenance/category_parameter/project" + +cat > $DATA_FILE <<EOF +{"options":["$PROJECT"]} +EOF + +curl -i --insecure -X POST "$VID_PROTOCOL://$VID_DNS_NAME:$VID_PORT/$URI" \ + -H 'Content-Type: application/json' \ + -d @"$DATA_FILE" +echo "" diff --git a/deployment/aks/post-install/create_service_type.sh b/deployment/aks/post-install/create_service_type.sh new file mode 100755 index 000000000..c712c53f6 --- /dev/null +++ b/deployment/aks/post-install/create_service_type.sh @@ -0,0 +1,42 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -x + +if [ -z $AAI_DNS_NAME ] || [ -z $AAI_PORT ]; then + echo "AAI_DNS_NAME or AAI_PORT not found. These should be environment variables." + exit 1 +fi + +DATA_FILE=$BUILD_DIR"/aai_service_type.json" + +URI="aai/v11/service-design-and-creation/services/service/$SERVICE_TYPE" + +cat > $DATA_FILE <<EOF +{ + "service-description": "$SERVICE_TYPE", + "service-id": "$SERVICE_TYPE" +} +EOF + +curl -i --insecure -u $AAI_USER:$AAI_PASS -X PUT "$AAI_PROTOCOL://$AAI_DNS_NAME:$AAI_PORT/$URI" \ + -H 'X-TransactionId: 9999' \ + -H 'X-FromAppId: jimmy-postman' \ + -H 'Real-Time: true' \ + -H 'Content-Type: application/json' \ + -H 'Accept: application/json' \ + -H 'Cache-Control: no-cache' \ + -d @"$DATA_FILE" +echo "" diff --git a/deployment/aks/post-install/create_subscription.sh b/deployment/aks/post-install/create_subscription.sh new file mode 100755 index 000000000..4bb2e6412 --- /dev/null +++ b/deployment/aks/post-install/create_subscription.sh @@ -0,0 +1,65 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -x + +if [ -z $AAI_DNS_NAME ] || [ -z $AAI_PORT ]; then + echo "AAI_DNS_NAME or AAI_PORT not found. These should be environment variables." + exit 1 +fi + +DATA_FILE=$BUILD_DIR"/aai_subscription.json" + +URI="aai/v11/business/customers/customer/$CUSTOMER/service-subscriptions/service-subscription/$SERVICE_TYPE" + +cat > $DATA_FILE <<EOF +{ + "relationship-list": + { + "relationship": + [ + { + "related-to":"tenant", + "relationship-data": + [ + { + "relationship-key":"cloud-region.cloud-owner", + "relationship-value":"$CLOUD_OWNER" + }, + { + "relationship-key":"cloud-region.cloud-region-id", + "relationship-value":"$CLOUD_REGION" + }, + { + "relationship-key":"tenant.tenant-id", + "relationship-value":"$TENANT_ID" + } + ] + } + ] + }, + "service-type":"$SERVICE_TYPE" +} +EOF + +curl -i --insecure -u $AAI_USER:$AAI_PASS -X PUT "$AAI_PROTOCOL://$AAI_DNS_NAME:$AAI_PORT/$URI" \ + -H 'X-TransactionId: 9999' \ + -H 'X-FromAppId: jimmy-postman' \ + -H 'Real-Time: true' \ + -H 'Content-Type: application/json' \ + -H 'Accept: application/json' \ + -H 'Cache-Control: no-cache' \ + -d @"$DATA_FILE" +echo "" diff --git a/deployment/aks/util/create_integration_override.sh b/deployment/aks/util/create_integration_override.sh new file mode 100755 index 000000000..15d853918 --- /dev/null +++ b/deployment/aks/util/create_integration_override.sh @@ -0,0 +1,75 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" + +BUILD_DIR=$1 +OPENSTACK_CLI_POD=$2 +OPENSTACK_RC=$3 +DOCKER_REPOSITORY=$4 +NFS_IP_ADDR=$5 +K8S_01_VM_IP=$6 +KUBECONFIG=$7 + +. $OPENSTACK_RC + +export KUBECONFIG=$KUBECONFIG + +git clone https://gerrit.onap.org/r/integration "$BUILD_DIR/integration" + +echo "" +echo "Looping until openstack is ready." +echo "This can take a bit of time, and you might see errors initially if openstack is still launching." +echo "" +echo "" +# Need to wait until openstack is up and running +COUNTER=0 +kubectl exec $OPENSTACK_CLI_POD -- sh -lc "openstack token issue" +until [ $? -eq 0 ] || [ $COUNTER -gt 60 ]; do +COUNTER=$((COUNTER +1)) +sleep 60 +echo "issuing auth token to openstack to verify openstack cli is up and running." +kubectl exec $OPENSTACK_CLI_POD -- sh -lc "openstack token issue" +done + +if [ $? -ne 0 ]; then + echo "Unable to communicate with openstack to create the integration-override.yaml file" + exit 1 +fi + +OS_PUBLIC_NETWORK_ID=`kubectl exec $OPENSTACK_CLI_POD -- sh -lc "openstack network show public -c id -f value"` +OS_OAM_NETWORK_ID=`kubectl exec $OPENSTACK_CLI_POD -- sh -lc "openstack network show private -c id -f value"` +OS_OAM_NETWORK_SUBNET_ID=`kubectl exec $OPENSTACK_CLI_POD -- sh -lc "openstack subnet show private-subnet -c id -f value"` +OS_SEC_GROUP=`kubectl exec $OPENSTACK_CLI_POD -- sh -lc "openstack security group list --project $OS_PROJECT_NAME -c ID -f value"` +OS_OAM_NETWORK_CIDR=`kubectl exec $OPENSTACK_CLI_POD -- sh -lc "openstack subnet show public-subnet -c cidr -f value"` +OS_OAM_NETWORK_PREFIX=`echo $OS_OAM_NETWORK_CIDR | cut -d '.' -f1-2` + +echo "export OS_PUBLIC_NETWORK_ID=$OS_PUBLIC_NETWORK_ID" > "$BUILD_DIR/openstack_params.conf" +echo "export DOCKER_REPOSITORY=$DOCKER_REPOSITORY" >> "$BUILD_DIR/openstack_params.conf" +echo "export OS_OAM_NETWORK_ID=$OS_OAM_NETWORK_ID" >> "$BUILD_DIR/openstack_params.conf" +echo "export OS_OAM_NETWORK_SUBNET_ID=$OS_OAM_NETWORK_SUBNET_ID" >> "$BUILD_DIR/openstack_params.conf" +echo "export OS_OAM_NETWORK_PREFIX=$OS_OAM_NETWORK_PREFIX" >> "$BUILD_DIR/openstack_params.conf" +echo "export OS_SEC_GROUP=$OS_SEC_GROUP" >> "$BUILD_DIR/openstack_params.conf" +echo "export OS_UBUNTU_14_IMAGE=trusty-server-cloudimg-amd64-disk1" >> "$BUILD_DIR/openstack_params.conf" +echo "export OS_UBUNTU_16_IMAGE=xenial-server-cloudimg-amd64-disk1" >> "$BUILD_DIR/openstack_params.conf" +echo "export OS_OAM_NETWORK_CIDR=$OS_OAM_NETWORK_CIDR" >> "$BUILD_DIR/openstack_params.conf" +echo "export NFS_IP_ADDR=$NFS_IP_ADDR" >> "$BUILD_DIR/openstack_params.conf" +echo "export K8S_01_VM_IP=$K8S_01_VM_IP" >> "$BUILD_DIR/openstack_params.conf" + +OS_PROJECT_ID=`kubectl exec $OPENSTACK_CLI_POD -- sh -lc "openstack project show $OS_PROJECT_NAME -c id -f value"` + +echo "export OS_PROJECT_ID=$OS_PROJECT_ID" >> "$OPENSTACK_RC" + +$DIR/create_robot_config.sh "$OPENSTACK_RC" "$BUILD_DIR/openstack_params.conf" "$BUILD_DIR" "$DIR/integration_override.template" diff --git a/deployment/aks/util/create_openstack_cli.sh b/deployment/aks/util/create_openstack_cli.sh new file mode 100755 index 000000000..01ae88673 --- /dev/null +++ b/deployment/aks/util/create_openstack_cli.sh @@ -0,0 +1,61 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set +e + +KUBECONFIG=$1 +OPENSTACK_RC=$2 +CLI_NAME=$3 + +export KUBECONFIG=$KUBECONFIG + +kubectl create configmap openstack-rc-$CLI_NAME --from-file=$OPENSTACK_RC + +cat <<EOF | kubectl create -f - +apiVersion: v1 +kind: Pod +metadata: + name: $CLI_NAME +spec: + containers: + - name: openstack-cli + image: alpine + volumeMounts: + - name: openstack-rc-$CLI_NAME + mountPath: /openstack + command: ["/bin/sh"] + args: + - -c + - apk update && \ + apk add python && \ + apk add py-pip && \ + apk add python-dev && \ + apk add gcc && \ + apk add musl-dev && \ + apk add libffi-dev && \ + apk add openssl-dev && \ + pip install python-openstackclient && \ + sh -c 'echo ". /openstack/openstack_rc" >> /root/.profile; while true; do sleep 60; done;' + restartPolicy: Never + volumes: + - name: openstack-rc-$CLI_NAME + configMap: + name: openstack-rc-$CLI_NAME + defaultMode: 0755 +EOF + +# TODO +# Add better check for pod readiness +sleep 120 diff --git a/deployment/aks/util/create_robot_config.sh b/deployment/aks/util/create_robot_config.sh new file mode 100755 index 000000000..dea67b858 --- /dev/null +++ b/deployment/aks/util/create_robot_config.sh @@ -0,0 +1,80 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +OPENSTACK_RC=$1 +OPENSTACK_PARAM=$2 +BUILD_DIR=$3 +INTEGRATION_TEMPLATE=$4 + +if [ "$OPENSTACK_RC" == "" ] + then + echo "No OPENSTACK_RC file" + echo "Usage: create-robot-config.sh <openstack.rc> <openstack_env_param>" + exit +fi +if [ "$OPENSTACK_PARAM" == "" ] + then + echo "No OPENSTACK_PARAM" + echo "Usage: create-robot-config.sh <openstack.rc> <openstack_env_param>" + exit +fi + +source $OPENSTACK_RC +source $OPENSTACK_PARAM + +env + +SO_ENCRYPTION_KEY=aa3871669d893c7fb8abbcda31b88b4f +export OS_PASSWORD_ENCRYPTED_FOR_ROBOT=$(echo -n "$OS_PASSWORD" | openssl aes-128-ecb -e -K "$SO_ENCRYPTION_KEY" -nosalt | xxd -c 256 -p) + +#Use new encryption method +pushd . + +cd $BUILD_DIR/integration/deployment/heat/onap-rke/scripts +javac Crypto.java +SO_ENCRYPTION_KEY=aa3871669d893c7fb8abbcda31b88b4f +export OS_PASSWORD_ENCRYPTED=$(java Crypto "$OS_PASSWORD" "$SO_ENCRYPTION_KEY") + +cp $INTEGRATION_TEMPLATE ./integration-override.yaml +template="integration-override.yaml" +sed -ir -e "s/\${OS_PASSWORD_ENCRYPTED_FOR_ROBOT}/$OS_PASSWORD_ENCRYPTED_FOR_ROBOT/" $template +sed -ir -e "s/\${OS_PASSWORD_ENCRYPTED}/$OS_PASSWORD_ENCRYPTED/" $template + +sed -ir -e "s/\${OS_PROJECT_ID}/$OS_PROJECT_ID/" $template +sed -ir -e "s/\${OS_USERNAME}/$OS_USERNAME/" $template +sed -ir -e "s/\${OS_USER_DOMAIN_NAME}/$OS_USER_DOMAIN_NAME/" $template +sed -ir -e "s/\${OS_PROJECT_NAME}/$OS_PROJECT_NAME/" $template +sed -ir -e "s/\${OS_USERNAME}/$OS_USERNAME/" $template +sed -ir -e "s~\${OS_AUTH_URL}~$OS_AUTH_URL~" $template + + +sed -ir -e "s/__docker_proxy__/$DOCKER_REPOSITORY/" $template +sed -ir -e "s/__public_net_id__/$OS_PUBLIC_NETWORK_ID/" $template +sed -ir -e "s~__oam_network_cidr__~$OS_OAM_NETWORK_CIDR~" $template +sed -ir -e "s/__oam_network_prefix__/$OS_OAM_NETWORK_PREFIX/" $template +sed -ir -e "s/__oam_network_id__/$OS_OAM_NETWORK_ID/" $template +sed -ir -e "s/__oam_subnet_id__/$OS_OAM_NETWORK_SUBNET_ID/" $template +sed -ir -e "s/__sec_group__/$OS_SEC_GROUP/" $template + +sed -ir -e "s/\${OS_UBUNTU_14_IMAGE}/$OS_UBUNTU_14_IMAGE/" $template +sed -ir -e "s/\${OS_UBUNTU_16_IMAGE}/$OS_UBUNTU_16_IMAGE/" $template + +sed -ir -e "s/__nfs_ip_addr__/$NFS_IP_ADDR/" $template +sed -ir -e "s/__k8s_01_vm_ip__/$K8S_01_VM_IP/" $template + +cat $template +cp $template $BUILD_DIR/$template + +popd diff --git a/deployment/aks/util/integration_override.template b/deployment/aks/util/integration_override.template new file mode 100644 index 000000000..5f24824a3 --- /dev/null +++ b/deployment/aks/util/integration_override.template @@ -0,0 +1,39 @@ +global: + repository: __docker_proxy__ + pullPolicy: IfNotPresent +robot: + enabled: true + flavor: large + appcUsername: "appc@appc.onap.org" + appcPassword: "demo123456!" + openStackKeyStoneUrl: "${OS_AUTH_URL}" + openStackKeystoneAPIVersion: "v3" + openStackPublicNetId: "__public_net_id__" + openStackTenantId: "${OS_PROJECT_ID}" + openStackUserName: "${OS_USERNAME}" + openStackUserDomain: "${OS_USER_DOMAIN_NAME}" + openStackProjectName: "${OS_PROJECT_NAME}" + ubuntu14Image: "${OS_UBUNTU_14_IMAGE}" + ubuntu16Image: "${OS_UBUNTU_16_IMAGE}" + openStackPrivateNetCidr: "__oam_network_cidr__" + openStackPrivateNetId: "__oam_network_id__" + openStackPrivateSubnetId: "__oam_subnet_id__" + openStackSecurityGroup: "__sec_group__" + openStackOamNetworkCidrPrefix: "__oam_network_prefix__" + dcaeCollectorIp: "__k8s_01_vm_ip__" + vnfPubKey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKXDgoo3+WOqcUG8/5uUbk81+yczgwC4Y8ywTmuQqbNxlY1oQ0YxdMUqUnhitSXs5S/yRuAVOYHwGg2mCs20oAINrP+mxBI544AMIb9itPjCtgqtE2EWo6MmnFGbHB4Sx3XioE7F4VPsh7japsIwzOjbrQe+Mua1TGQ5d4nfEOQaaglXLLPFfuc7WbhbJbK6Q7rHqZfRcOwAMXgDoBqlyqKeiKwnumddo2RyNT8ljYmvB6buz7KnMinzo7qB0uktVT05FH9Rg0CTWH5norlG5qXgP2aukL0gk1ph8iAt7uYLf1ktp+LJI2gaF6L0/qli9EmVCSLr1uJ38Q8CBflhkh" + demoArtifactsVersion: "1.4.0" + demoArtifactsRepoUrl: "https://nexus.onap.org/content/repositories/releases" + scriptVersion: "1.4.0" + nfsIpAddress: "__nfs_ip_addr__" + config: + openStackEncryptedPasswordHere: "${OS_PASSWORD_ENCRYPTED_FOR_ROBOT}" + openStackSoEncryptedPassword: "${OS_PASSWORD_ENCRYPTED}" +so: + enabled: true + so-catalog-db-adapter: + config: + openStackUserName: "${OS_USERNAME}" + openStackKeyStoneUrl: "${OS_AUTH_URL}/v3" + openStackEncryptedPasswordHere: "${OS_PASSWORD_ENCRYPTED}" + openStackTenantId: "${OS_PROJECT_ID}" |