diff options
| author |   Michal Ptacek <m.ptacek@partner.samsung.com> | 2018-10-15 15:27:29 +0200 |
|---|---|---|
| committer | Michal Ptacek <m.ptacek@partner.samsung.com> | 2018-10-15 15:34:24 +0200 |
| commit | 39d73bc539d9f3e72e167a51a6fecf58e04265ac (patch) | |
| tree | 0fa9b9b499fb960524c9dee46174b73925a3c082 | |
| parent | 0d41bc49d18ebf126faa9a709dbe59b2bccc8ee1 (diff) | |
Core of ONAP offline installer
Seed code for ONAP offline installer. This includes core
of the installer without downloading parts. Those will
come in subsequent commits.
Change-Id: I0d5c8c3c8c911ae11a0e558d5df94b6889af4435
Signed-off-by: Michal Ptacek <m.ptacek@partner.samsung.com>
Signed-off-by: Samuli Silvius <s.silvius@partner.samsung.com>
Issue-ID: INT-691
22 files changed, 2221 insertions, 0 deletions
diff --git a/onap-offline/bash/deploy_onap.sh b/onap-offline/bash/deploy_onap.sh new file mode 100755 index 0000000..d8ae4f3 --- /dev/null +++ b/onap-offline/bash/deploy_onap.sh @@ -0,0 +1,55 @@ +#! /usr/bin/env bash + +# COPYRIGHT NOTICE STARTS HERE +# +# Copyright 2018 © Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# COPYRIGHT NOTICE ENDS HERE + + +# fail fast +set -e + +# OS check +. /etc/os-release +OS_ID="${ID}" + +case "$OS_ID" in + centos) + ;; + rhel) + ;; + ubuntu) + ;; + *) + echo This OS is not supported: $OS_ID + exit 1 + ;; +esac + +# boilerplate +RELATIVE_PATH=./tools # relative path from this script to 'common-functions.sh' +if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then + SCRIPT_DIR=$(dirname "${0}") + LOCAL_PATH=$(readlink -f "$SCRIPT_DIR") + . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh +fi + +get_configuration +copy_onap_values_file +patch_npm_oom +patch_spring_oom +patch_cfy_manager_depl $OS_ID +deploy_onap diff --git a/onap-offline/bash/tools/000cleanup.sh b/onap-offline/bash/tools/000cleanup.sh new file mode 100755 index 0000000..3349c50 --- /dev/null +++ b/onap-offline/bash/tools/000cleanup.sh @@ -0,0 +1,41 @@ +# COPYRIGHT NOTICE STARTS HERE +# +# Copyright 2018 © Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# COPYRIGHT NOTICE ENDS HERE + +oldifs=$IFS +IFS=$'\n' + +echo "Deleting containers" +for x in $(docker ps -a); do + cid=$(echo "$x" | awk '{print $1}') + docker rm -f $cid +done + +echo "Deleting volumes" +for x in $(docker volume ls | grep -v 'nexus-data'); do + name=$(echo "$x" | awk '{print $2}') +# echo "A: $name" + docker volume rm $name +done + +echo "Unmounting kubelet pods" +for x in $(mount | grep 'kubelet/pods\|rancher\|docker' | cut -d ' ' -f 3) ; do umount "$x" ; done + +rm -rfd /var/lib/kubelet/* +rm -rfd /var/lib/rancher/* +rm -rfd /var/lib/docker/* + diff --git a/onap-offline/bash/tools/certificates/2create_cert_for_nginx.sh b/onap-offline/bash/tools/certificates/2create_cert_for_nginx.sh new file mode 100755 index 0000000..a9adb52 --- /dev/null +++ b/onap-offline/bash/tools/certificates/2create_cert_for_nginx.sh @@ -0,0 +1,47 @@ +#! /usr/bin/env bash + +# COPYRIGHT NOTICE STARTS HERE +# +# Copyright 2018 © Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# COPYRIGHT NOTICE ENDS HERE + + +# fail fast +set -e + +# boilerplate +RELATIVE_PATH=../ # relative path from this script to 'common-functions.sh' +if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then + SCRIPT_DIR=$(dirname "${0}") + LOCAL_PATH=$(readlink -f "$SCRIPT_DIR") + . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh +fi + +message info "Reading configuration" +get_configuration + +update_hosts + +message info "Restarting dnsmasq" +systemctl enable dnsmasq +systemctl restart dnsmasq + +message info "Configure ssl certificates" +create_cert "nexus" + +message info "** Certificates finished **" + +docker restart nginx diff --git a/onap-offline/bash/tools/certificates/self_extract_cacert.sh b/onap-offline/bash/tools/certificates/self_extract_cacert.sh new file mode 100755 index 0000000..1e7a5ab --- /dev/null +++ b/onap-offline/bash/tools/certificates/self_extract_cacert.sh @@ -0,0 +1,55 @@ +#! /bin/sh + +# COPYRIGHT NOTICE STARTS HERE +# +# Copyright 2018 © Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# COPYRIGHT NOTICE ENDS HERE + + + +extract_ca() { + cpath=$1 + sed '0,/^#EOF#$/d' $0 > $cpath; + echo "Certificate installed into: $cpath" +} + +OS_ID=$(awk -F= '/^ID=/{print $2}' /etc/os-release) +OS_ID="${OS_ID%\"}" +OS_ID="${OS_ID#\"}" + +if [ "$OS_ID" = "rhel" -o "$OS_ID" = "centos" ]; then + # for centos/ rhel + echo "Detected rhel like distribution" + + update-ca-trust force-enable + extract_ca /etc/pki/ca-trust/source/anchors/rootCAcert.crt + update-ca-trust extract + +elif [ "$OS_ID" = "ubuntu" ]; then + echo "Detected ubuntu distribution" + + mkdir -p /usr/local/share/ca-certificates/extra + extract_ca /usr/local/share/ca-certificates/extra/rootCAcert.crt + update-ca-certificates +else + echo "OS $OS_ID is not supported" + exit -2 +fi + +echo "** Please restart docker (because of reload new CA) **" + +exit 0 +#EOF# diff --git a/onap-offline/bash/tools/common-functions.sh b/onap-offline/bash/tools/common-functions.sh new file mode 100755 index 0000000..0a6e26f --- /dev/null +++ b/onap-offline/bash/tools/common-functions.sh @@ -0,0 +1,649 @@ +# COPYRIGHT NOTICE STARTS HERE +# +# Copyright 2018 © Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# COPYRIGHT NOTICE ENDS HERE + +# +# this file contains shared variables and functions for the onap installer +# + +# any script which needs this file can check this variable +# and it will know immediately if the functions and variables +# are loaded and usable +IS_COMMON_FUNCTIONS_SOURCED=YES + +# setting of the path variables +if [ -z "$APROJECT_DIR" ] ; then + INCLUDE_PATH="${LOCAL_PATH}"/"${RELATIVE_PATH}" + APROJECT_DIR=$(readlink -f "$INCLUDE_PATH"/../..) +fi + +RESOURCES_DIR="$APROJECT_DIR/resources" +BASH_SCRIPTS_DIR="$APROJECT_DIR/bash" +NEXUS_DATA="$RESOURCES_DIR/nexus_data" +CERTS_TARGET_PATH="$APROJECT_DIR/live/certs" +NGINX_LOG_DIR="$APROJECT_DIR/live/nginx_logs" +GEN_CFG_PATH="$APROJECT_DIR/live/cfg" +GIT_REPOS="$RESOURCES_DIR/git-repo" +NGINX_HTTP_DIR="$RESOURCES_DIR/http" +RHEL_REPO="$RESOURCES_DIR/pkg/rhel" + +PATH="${PATH}:/usr/local/bin:/usr/local/sbin" +export PATH + +# just self-defense against locale +LANG=C +export LANG + +# dns handling +SIMUL_HOSTS="gcr.io \ +git.rancher.io \ +gerrit.onap.org \ +registry-1.docker.io \ +docker.io \ +registry.npmjs.org \ +nexus3.onap.org \ +nexus.onap.org \ +docker.elastic.co \ +www.getcloudify.org \ +www.springframework.org \ +registry.hub.docker.com \ +git.onap.org \ +repo1.maven.org \ +repo.maven.apache.org" + +# default credentials to the repository +NEXUS_USERNAME=admin +NEXUS_PASSWORD=admin123 +NEXUS_EMAIL=admin@onap.org + +# this function is intended to unify the installer output +message() { + case "$1" in + info) + echo 'INFO:' "$@" + ;; + debug) + echo 'DEBUG:' "$@" >&2 + ;; + warning) + echo 'WARNING [!]:' "$@" >&2 + ;; + error) + echo 'ERROR [!!]:' "$@" >&2 + return 1 + ;; + *) + echo 'UNKNOWN [?!]:' "$@" >&2 + return 2 + ;; + esac + return 0 +} +export message + +# if the environment variable DEBUG is set to DEBUG-ONAP -> +# -> this function will print its arguments +# otherwise nothing is done +debug() { + [ "$DEBUG" = DEBUG-ONAP ] && message debug "$@" +} +export debug + +fail() { + message error "$@" + exit 1 +} + +retry() { + local n=1 + local max=5 + while ! "$@"; do + if [ $n -lt $max ]; then + n=$((n + 1)) + message warning "Command ${@} failed. Attempt: $n/$max" + message info "waiting 10s for another try..." + sleep 10s + else + fail "Command ${@} failed after $n attempts. Better to abort now." + fi + done +} + +may_self_extract() { + # extract and untar to the current directory + sed '0,/^# PAYLOAD BELOW #$/d' "$0" | tar -xvpf - ; +} + +update_hosts() { + if grep -q "^[^#]\+\s$SIMUL_HOSTS\s*\$" /etc/hosts ; then + message info "simulated domains already in /etc/hosts" + else + echo "$LOCAL_IP $SIMUL_HOSTS" >> /etc/hosts + message info "simulated domains added to /etc/hosts (please check it)" + fi + + if grep -q "^[^#]\+\s$NEXUS_FQDN\s*\$" /etc/hosts ; then + message info "nexus FQDN already in /etc/hosts" + else + echo "$LOCAL_IP $NEXUS_FQDN" >> /etc/hosts + message info "Nexus FQDN added to /etc/hosts (please check it)" + fi + + if grep -q "^[^#]\+\srepo.install-server\s*\$" /etc/hosts ; then + message info "custom repo FQDN already in /etc/hosts" + else + echo "$LOCAL_IP repo.install-server" >> /etc/hosts + message info "Nexus FQDN added to /etc/hosts (please check it)" + fi +} + +get_cfg_val() { + name="$1" + shift + ask="$@" + + value=$(eval "echo \$${name}") + if [ -z "$value" ]; then + while [ -z "$value" ] ; do + printf "${ask}" + read -r $name + + value=$(eval "echo \$${name}") + done + echo "${name}='${value}'" >> ./local_repo.conf + fi +} + +get_configuration() { + if [ -f ./local_repo.conf ]; then + . ./local_repo.conf + fi + + if [ -z "${NEXUS_FQDN}" ]; then + NEXUS_FQDN="nexus.$HOSTNAME" + echo "NEXUS_FQDN='${NEXUS_FQDN}'" >> ./local_repo.conf + fi + + if [ -z "${ONAP_SCALE}" ]; then + ONAP_SCALE=full + echo "ONAP_SCALE='${ONAP_SCALE}'" >> ./local_repo.conf + fi + + # nexus should be configured using those default entries + # if it was not put the correct inputs instead + if [ -z "${NPM_USERNAME}" ]; then + NPM_USERNAME="${NEXUS_USERNAME}" + echo "NPM_USERNAME='${NPM_USERNAME}'" >> ./local_repo.conf + fi + + if [ -z "${NPM_PASSWORD}" ]; then + NPM_PASSWORD="${NEXUS_PASSWORD}" + echo "NPM_PASSWORD='${NPM_PASSWORD}'" >> ./local_repo.conf + fi + + if [ -z "${NPM_EMAIL}" ]; then + NPM_EMAIL="$NEXUS_EMAIL" + echo "NPM_EMAIL='${NPM_EMAIL}'" >> ./local_repo.conf + fi + + export NEXUS_FQDN + export ONAP_SCALE + export NPM_USERNAME + export NPM_PASSWORD + export NPM_EMAIL + + NODE_USERNAME="root" + + if [ -z "$LOCAL_IP" ] ; then + echo + echo "======= Mandatory configuration =======" + echo + message info "fill in these mandatory configuration values" + get_cfg_val "LOCAL_IP" "Enter the public IPv4 used for this '$HOSTNAME' install machine," \ + "\nDO NOT USE LOOPBACK! (for example: 10.0.0.1): " + fi +} + +enable_local_repo() { + sed -r "s%PATH%file://$APROJECT_DIR/resources/pkg/rhel%" "$APROJECT_DIR/resources/pkg/rhel/onap.repo" > /etc/yum.repos.d/onap.repo +} + +install_packages() { + os_id="$1" + + message info "Installing packages" + + case "$os_id" in + centos) + yum -y install "$APROJECT_DIR/resources/pkg/centos/*.rpm" + ;; + rhel) + enable_local_repo + yum -y install docker-ce dnsmasq icewm firefox tigervnc-server + systemctl enable docker + systemctl start docker + ;; + ubuntu) + dpkg -i "$APROJECT_DIR/resources/pkg/ubuntu/*.deb" + ;; + *) + message error "OS release is not supported: $os_id" + message info "ABORTING INSTALLATION" + exit 1 + ;; + esac +} + +install_files() { + message info "installation of external binaries" + for binary in kubectl helm rancher jq ; do + cp "$APROJECT_DIR/resources/downloads/${binary}" /usr/local/bin/ + chmod 755 "/usr/local/bin/${binary}" + done + mkdir ~/.kube +} + +setup_vnc_server() { + mkdir -p ~/.vnc ~/.icewm + echo "onap" | vncpasswd -f > ~/.vnc/passwd + chmod 0600 ~/.vnc/passwd + + cat > ~/.vnc/xstartup <<EOF +#!/bin/sh + +unset SESSION_MANAGER +unset DBUS_SESSION_BUS_ADDRESS +exec icewm-session + +EOF + +chmod +x ~/.vnc/xstartup + + cat > ~/.icewm/menu <<EOF +prog Firefox firefox firefox +separator + +EOF +vncserver +} + +update_docker_cfg() { + if [ -f "/etc/docker/daemon.json" ]; then + jq '.dns += ["172.17.0.1"]' /etc/docker/daemon.json > /tmp/daemon.json + mv /tmp/daemon.json /etc/docker/daemon.json + else + echo '{"dns": ["172.17.0.1"]}' > /etc/docker/daemon.json + fi +} + +create_root_CA() { + echo "** Generate certificates **" + openssl genrsa -out $CERTS_TARGET_PATH/rootCA.key 4096 + + echo "** Generate self signed ***" + openssl req -config $GEN_CFG_PATH/cacert.cnf -key $CERTS_TARGET_PATH/rootCA.key -new -x509 -days 7300 -sha256 -extensions v3_ca \ + -out $CERTS_TARGET_PATH/rootCAcert.pem + + + # convert to crt + openssl x509 -in $CERTS_TARGET_PATH/rootCAcert.pem -inform PEM -out $CERTS_TARGET_PATH/rootCAcert.crt +} + +install_root_CA() { + os=$1 + echo "** Publishing root CA **" + if [ "$os" == "redhat" ]; then + # for centos + update-ca-trust force-enable + cp $CERTS_TARGET_PATH/rootCAcert.crt /etc/pki/ca-trust/source/anchors/ + update-ca-trust extract + elif [ "$os" == "ubuntu" ]; then + mkdir -p /usr/local/share/ca-certificates/extra + cp $CERTS_TARGET_PATH/rootCAcert.crt /usr/local/share/ca-certificates/extra + update-ca-certificates + else + echo "OS \"$os\" is not supported" + exit -2 + fi + + echo "** Restart docker (because of reload new CA) **" + systemctl restart docker + +} + +create_cert() { + server_name=$1 + + openssl genrsa -out $CERTS_TARGET_PATH/${server_name}_server.key 4096 + echo "** Generate sig request ***" + openssl req -new -config $GEN_CFG_PATH/${server_name}_cert.cnf -key $CERTS_TARGET_PATH/${server_name}_server.key -out $CERTS_TARGET_PATH/${server_name}_server.csr + + # v3.ext must be in separate file , because of bug in openssl 1.0 + echo "** sign **" + openssl x509 -req -in $CERTS_TARGET_PATH/${server_name}_server.csr\ + -extfile $GEN_CFG_PATH/v3.ext\ + -CA $CERTS_TARGET_PATH/rootCAcert.crt\ + -CAkey $CERTS_TARGET_PATH/rootCA.key\ + -CAcreateserial -out $CERTS_TARGET_PATH/${server_name}_server.crt -days 3650 -sha256 +} + +create_all_certs() { + create_cert "nexus" +} + +update_firewall() { +# TODO +#firewall-cmd --permanent --add-port=53/udp +#firewall-cmd --permanent --add-port=53/tcp +#firewall-cmd --permanent --add-port=10001/tcp +#firewall-cmd --permanent --add-port=80/tcp +#firewall-cmd --permanent --add-port=443/tcp +return 0 +} + +distribute_root_CA() { + targetip=$1 + scp $APROJECT_DIR/install_cacert.sh $targetip:. + ssh $targetip ./install_cacert.sh + echo "** Add DNS record to remote host **" + ssh $targetip "echo nameserver $LOCAL_IP > /etc/resolv.conf" +} + +upload_ansible_pkgs() { + os=$1 + targetip=$2 + #if [[ $os == "ubuntu" ]]; then + # those deb & whl packages are needed for sdnc-ansible-server pod + # independently on host OS distros + echo "** Copy required packages for sdnc-ansible-pod to kubernetes node $targetip **" + scp -r $APROJECT_DIR/resources/pkg/ubuntu/ansible_pkg $targetip:. + #fi +} + +remote_setup_nfs_server() { + os=$1 + targetip=$2 + shift 2 + scp $APROJECT_DIR/bash/tools/setup_nfs_server_${os}.sh $targetip:setup_nfs_server.sh + if [[ $os == "ubuntu" ]]; then + scp -r $APROJECT_DIR/resources/pkg/ubuntu/nfs-common-pkg/* $targetip:. + ssh $targetip dpkg -i *.deb + fi + + ssh $targetip /bin/bash ./setup_nfs_server.sh "$@" +} + +remote_setup_nfs_mount() { + os=$1 + targetip=$2 + nfsip=$3 + scp $APROJECT_DIR/bash/tools/setup_nfs_mount.sh $targetip:. + if [[ $os == "ubuntu" ]]; then + scp -r $APROJECT_DIR/resources/pkg/ubuntu/nfs-common-pkg/* $targetip:. + ssh $targetip dpkg -i *.deb + fi + ssh $targetip /bin/bash ./setup_nfs_mount.sh $nfsip +} + +enable_remote_repo() { + targetip=$1 + sed -r "s%PATH%http://repo.install-server%" $APROJECT_DIR/resources/pkg/rhel/onap.repo | ssh $targetip 'cat > /etc/yum.repos.d/onap.repo' +} + +install_remote_docker() { + targetip=$1 + os=$2 + if [[ $os == "ubuntu" ]]; then + scp -r $APROJECT_DIR/resources/pkg/ubuntu/{docker-ce_17.03.2~ce-0~ubuntu-xenial_amd64.deb,libltdl7_2.4.6-0.1_amd64.deb} $targetip:. + ssh $targetip dpkg -i *.deb + elif [[ $os == "rhel" ]]; then + ssh $targetip yum -y install docker-ce + fi + ssh $targetip "mkdir -p /etc/docker" + scp "$APROJECT_DIR/resources/downloads/jq" $targetip:/usr/local/bin/ + ssh $targetip "if [[ -f /etc/docker/daemon.json ]]; then + jq '.dns += [\"$LOCAL_IP\"]' /etc/docker/daemon.json > /tmp/daemon.json + mv /tmp/daemon.json /etc/docker/daemon.json + else + echo {'\"'dns'\"': ['\"'$LOCAL_IP'\"']} > /etc/docker/daemon.json + fi" + + ssh $targetip 'systemctl enable docker; systemctl restart docker' +} + +deploy_rancher() { + docker run -d --entrypoint "/bin/bash" --restart=unless-stopped -p 8080:8080 \ + -v $CERTS_TARGET_PATH:/usr/local/share/ca-certificates/extra:ro \ + --name rancher_server rancher/server:v1.6.14 \ + -c "/usr/sbin/update-ca-certificates;/usr/bin/entry /usr/bin/s6-svscan /service" + echo "** wait until rancher is ready **" +} + +deploy_kubernetes() { + os=$1 + set +e + for i in `seq 5 -1 1`; do + API_RESPONSE=`curl -s 'http://127.0.0.1:8080/v2-beta/apikey' \ + -d '{"type":"apikey","accountId":"1a1","name":"autoinstall"\ + ,"description":"autoinstall","created":null,"kind":null,\ + "removeTime":null,"removed":null,"uuid":null}'` + if [[ "$?" -eq 0 ]]; then + KEY_PUBLIC=`echo $API_RESPONSE | jq -r .publicValue` + KEY_SECRET=`echo $API_RESPONSE | jq -r .secretValue` + break + fi + echo "Waiting for rancher server to start" + sleep 60 + done + set -e + export RANCHER_URL=http://${LOCAL_IP}:8080 + export RANCHER_ACCESS_KEY=$KEY_PUBLIC + export RANCHER_SECRET_KEY=$KEY_SECRET + + rancher env ls + echo "wait 60 sec for rancher environments can settle before we create the onap kubernetes one" + sleep 60 + + rancher env create -t kubernetes onap > kube_env_id.json + PROJECT_ID=$(<kube_env_id.json) + echo "env id: $PROJECT_ID" + export RANCHER_HOST_URL=http://${LOCAL_IP}:8080/v1/projects/$PROJECT_ID + + for i in `seq 5`; do + status=$(rancher env ls | grep $PROJECT_ID | awk '{print $4}') + if [[ "$status" == "active" ]]; then + echo "Check on environments again before registering the URL response" + rancher env ls + break + fi + echo "Wait for environment to become active" + sleep 30 + done + + REG_URL_RESPONSE=`curl -X POST -u $KEY_PUBLIC:$KEY_SECRET -H 'Accept: application/json' -H 'ContentType: application/json' -d '{"name":"$LOCAL_IP"}' "http://$LOCAL_IP:8080/v1/projects/$PROJECT_ID/registrationtokens"` + echo "wait for server to finish url configuration - 3 min" + sleep 180 + # see registrationUrl in + REGISTRATION_TOKENS=`curl http://127.0.0.1:8080/v2-beta/registrationtokens` + REGISTRATION_DOCKER=`echo $REGISTRATION_TOKENS | jq -r .data[0].image` + REGISTRATION_TOKEN=`echo $REGISTRATION_TOKENS | jq -r .data[0].token` + + # base64 encode the kubectl token from the auth pair + # generate this after the host is registered + KUBECTL_TOKEN=$(echo -n 'Basic '$(echo -n "$RANCHER_ACCESS_KEY:$RANCHER_SECRET_KEY" | base64 -w 0) | base64 -w 0) + echo "KUBECTL_TOKEN base64 encoded: ${KUBECTL_TOKEN}" + cat > ~/.kube/config <<EOF +apiVersion: v1 +kind: Config +clusters: +- cluster: + api-version: v1 + insecure-skip-tls-verify: true + server: "https://$LOCAL_IP:8080/r/projects/$PROJECT_ID/kubernetes:6443" + name: "onap" +contexts: +- context: + cluster: "onap" + user: "onap" + name: "onap" +current-context: "onap" +users: +- name: "onap" + user: + token: "$KUBECTL_TOKEN" + +EOF + + if [[ $os == "rhel" ]]; then + echo "Upgrade datavolume for RHEL" + KUBELET_ID=`curl http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/ | jq -r '.data[] | select(.name=="kubelet")'.id` + OLD_LAUNCH_CONFIG=`curl http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/${KUBELET_ID} | jq '.launchConfig'` + NEW_LAUNCH_CONFIG=`echo $OLD_LAUNCH_CONFIG | jq '.dataVolumes[2]="/sys/fs/cgroup:/sys/fs/cgroup:ro,rprivate"'` + + DATA="{ + \"inServiceStrategy\": { + \"batchSize\": 1, + \"intervalMillis\": 2000, + \"startFirst\": false, + \"launchConfig\": ${NEW_LAUNCH_CONFIG}, + \"secondaryLaunchConfigs\": [] + } + }" + curl -s -u $KEY_PUBLIC:$KEY_SECRET -X POST -H 'Content-Type: application/json' -d "${DATA}" "http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/${KUBELET_ID}?action=upgrade" > /dev/null + + echo "Give environment time to update (30 sec)" + sleep 30 + + curl -s -u $KEY_PUBLIC:$KEY_SECRET -X POST "http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/${KUBELET_ID}?action=finishupgrade" > /dev/null + fi +} + +deploy_rancher_agent() { + nodeip=$1 + if [ -z "$REGISTRATION_DOCKER" ]; then + echo "ASSERT: Missing REGISTRATION_DOCKER" + exit 1 + fi + if [ -z "$RANCHER_URL" ]; then + echo "ASSERT: Missing RANCHER_URL" + exit 1 + fi + if [ -z "$REGISTRATION_TOKEN" ]; then + echo "ASSERT: Missing REGISTRATION_TOKEN" + exit 1 + fi + + ssh $nodeip "docker run --rm --privileged -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/racher:/var/lib/rancher $REGISTRATION_DOCKER $RANCHER_URL/v1/scripts/$REGISTRATION_TOKEN" + echo "waiting 2 min for creating kubernetes environment" + sleep 120 +} + +deploy_node() { + nodeip=$1 + os=$2 + echo "Deploying node $nodeip" + distribute_root_CA $nodeip + install_remote_docker $nodeip $os + deploy_rancher_agent $nodeip +} + +deploy_onap() { + pushd $APROJECT_DIR/resources/oom/kubernetes + helm init --upgrade --skip-refresh + # this might fail + set +e + helm repo remove stable + set -e + helm serve & + echo "wait a moment before helm will come up ..." + sleep 5 + helm repo add local http://127.0.0.1:8879 + make all + helm install local/onap -n dev --namespace onap + popd +} + +expand_file() { + file=$1 + shift + + for ivar in "$@" ; do + ivalue=$(eval 'echo "$'${ivar}'"') + sed -i "s#${ivar}#${ivalue}#g" "$file" + done +} + +patch_npm_oom() { + if [ -z "$LOCAL_IP" ] ; then + echo "ERROR: LOCAL_IP unset" + return 1 + fi + if [ -z "$NEXUS_FQDN" ] ; then + echo "ERROR: NEXUS_FQDN unset" + return 1 + fi + + UPDATE_HOSTS_FILE="$LOCAL_IP $NEXUS_FQDN" + UPDATE_NPM_REGISTRY="npm set registry \"http://${NEXUS_FQDN}/repository/npm-private/\"" + + expand_file $APROJECT_DIR/resources/oom/kubernetes/common/dgbuilder/templates/deployment.yaml \ + UPDATE_HOSTS_FILE \ + UPDATE_NPM_REGISTRY + expand_file $APROJECT_DIR/resources/oom/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml \ + UPDATE_HOSTS_FILE \ + UPDATE_NPM_REGISTRY +} + +patch_spring_oom() { + if [ -z "$LOCAL_IP" ] ; then + echo "ERROR: LOCAL_IP unset" + return 1 + fi + + UPDATE_HOSTS_FILE="$LOCAL_IP www.springframework.org" + expand_file $APROJECT_DIR/resources/oom/kubernetes/dmaap/charts/message-router/templates/deployment.yaml \ + UPDATE_HOSTS_FILE +} + +patch_cfy_manager_depl() { + os="$1" + file="${APROJECT_DIR}/resources/oom/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml" + + case "$os" in + centos|rhel) + CERT_PATH="/etc/pki/ca-trust/source/anchors" + ;; + ubuntu) + CERT_PATH="/usr/local/share/ca-certificates/extra" + ;; + '') + echo "ERROR: missing argument" + return 1 + ;; + *) + echo "ERROR: unknown OS: ${os}" + return 1 + ;; + esac + + expand_file "$file" CERT_PATH +} + +copy_onap_values_file() { + cp "${APROJECT_DIR}/cfg/${ONAP_SCALE}_depl_values.yaml" \ + "${APROJECT_DIR}/resources/oom/kubernetes/onap/values.yaml" +} diff --git a/onap-offline/bash/tools/create_si_cacert_pkg.sh b/onap-offline/bash/tools/create_si_cacert_pkg.sh new file mode 100755 index 0000000..197f0c0 --- /dev/null +++ b/onap-offline/bash/tools/create_si_cacert_pkg.sh @@ -0,0 +1,29 @@ +#! /bin/bash + +# COPYRIGHT NOTICE STARTS HERE +# +# Copyright 2018 © Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# COPYRIGHT NOTICE ENDS HERE + + +self="$0" +tools_dir=$(dirname "$self") + +TARGET_FILE="./install_cacert.sh" + +cat "$tools_dir/certificates/self_extract_cacert.sh" "$tools_dir/../../live/certs/rootCAcert.crt" > $TARGET_FILE +chmod a+x $TARGET_FILE +echo "Created self installation file: $TARGET_FILE" diff --git a/onap-offline/bash/tools/create_si_onap_pkg.sh b/onap-offline/bash/tools/create_si_onap_pkg.sh new file mode 100755 index 0000000..12d851b --- /dev/null +++ b/onap-offline/bash/tools/create_si_onap_pkg.sh @@ -0,0 +1,88 @@ +#! /usr/bin/env bash + +# COPYRIGHT NOTICE STARTS HERE +# +# Copyright 2018 © Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# COPYRIGHT NOTICE ENDS HERE + + +# fail fast +set -e + +# boilerplate +RELATIVE_PATH=./ # relative path from this script to 'common-functions.sh' +if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then + SCRIPT_DIR=$(dirname "${0}") + LOCAL_PATH=$(readlink -f "$SCRIPT_DIR") + . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh +fi + +if [ -z "$1" ]; then + VERSION="RC3" + message info "no argument supplied, keeping default naming: $VERSION" +else + VERSION="$1" +fi + +# name of the self-extract-installer +TARGET_FILE="$APROJECT_DIR/selfinstall_onap_beijing_"$VERSION".sh" + +# inserting the head of the script +cat > "$TARGET_FILE" <<EOF +#! /usr/bin/env bash + +# +# This is self-extract installer for onap +# + +# fail fast +set -e + +# boilerplate +SCRIPT_DIR=\$(dirname "\${0}") +APROJECT_DIR=\$(readlink -f "\$SCRIPT_DIR") +IS_SELF_EXTRACT=YES + +EOF + +# splicing the scripts together +cat "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh >> "$TARGET_FILE" +cat "${LOCAL_PATH}"/"${RELATIVE_PATH}"/deploy_nexus.sh >> "$TARGET_FILE" +cat "${LOCAL_PATH}"/"${RELATIVE_PATH}"/deploy_kube.sh >> "$TARGET_FILE" + +# finishing touches to the script +cat >> "$TARGET_FILE" <<EOF + +exit 0 + +# +# Installer script ends here +# The rest of this file is a binary payload +# ! DO NOT MODIFY IT ! +# + +# PAYLOAD BELOW # +EOF + +# appending the tar to the script +cd "$APROJECT_DIR" +tar --exclude='.git' --exclude='*.swp' --exclude='selfinstall_onap_*.sh' --exclude='ansible' --exclude='docker' --exclude='local_repo.conf' --exclude='live' -cvf - * >> "$TARGET_FILE" +cd - + +chmod 755 "$TARGET_FILE" +message info "Created Nexus self installation file: $TARGET_FILE" + +exit 0 diff --git a/onap-offline/bash/tools/delete-local-images.sh b/onap-offline/bash/tools/delete-local-images.sh new file mode 100755 index 0000000..5e481c3 --- /dev/null +++ b/onap-offline/bash/tools/delete-local-images.sh @@ -0,0 +1,19 @@ +# COPYRIGHT NOTICE STARTS HERE +# +# Copyright 2018 © Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# COPYRIGHT NOTICE ENDS HERE + +docker rmi -f $(docker images -q) diff --git a/onap-offline/bash/tools/deploy_kube.sh b/onap-offline/bash/tools/deploy_kube.sh new file mode 100755 index 0000000..f2a77be --- /dev/null +++ b/onap-offline/bash/tools/deploy_kube.sh @@ -0,0 +1,95 @@ +#! /usr/bin/env bash + +# COPYRIGHT NOTICE STARTS HERE +# +# Copyright 2018 © Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# COPYRIGHT NOTICE ENDS HERE + + +# fail fast +set -e + +# OS check +. /etc/os-release +OS_ID="${ID}" + +case "$OS_ID" in + centos) + ;; + rhel) + ;; + ubuntu) + ;; + *) + echo This OS is not supported: $OS_ID + exit 1 + ;; +esac + +# boilerplate +RELATIVE_PATH=./ # relative path from this script to 'common-functions.sh' +if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then + SCRIPT_DIR=$(dirname "${0}") + LOCAL_PATH=$(readlink -f "$SCRIPT_DIR") + . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh +fi + +message info "Reading configuration" +get_configuration +if [ -z "$NODES_IPS" ] ; then + get_cfg_val "NODES_IPS" "Enter the public IPv4 addresses of kubernetes nodes separated by space," \ + "\n(for example: 10.0.0.2 10.0.0.3 ...): " +fi + +echo "Wait for nexus startup (1min)" +sleep 60 + + +# on install server +deploy_rancher +deploy_kubernetes "$OS_ID" + +echo "Setting up ONAP Local Repo on Kubernetes nodes" +for node in ${NODES_IPS} ; do + enable_remote_repo $node +done + +# setup NFS on nodes +assort_nodes_ips() { + nfs_server="$1" + shift + nfs_clients="$*" +} +assort_nodes_ips ${NODES_IPS} +if [ -n "${nfs_clients}" ]; then + echo "Setting up NFS" + remote_setup_nfs_server $OS_ID ${nfs_server} ${nfs_clients} + for node in ${nfs_clients} ; do + remote_setup_nfs_mount $OS_ID $node ${nfs_server} + done +else + echo "Only one node set. Skipping nfs configuration" +fi + +echo "Copy ansible packages for onap ansible-server" +for node in ${NODES_IPS} ; do + upload_ansible_pkgs $OS_ID $node +done + +# to nodes +for node in ${NODES_IPS} ; do + deploy_node $node $OS_ID +done diff --git a/onap-offline/bash/tools/deploy_nexus.sh b/onap-offline/bash/tools/deploy_nexus.sh new file mode 100755 index 0000000..1532c61 --- /dev/null +++ b/onap-offline/bash/tools/deploy_nexus.sh @@ -0,0 +1,194 @@ +#! /usr/bin/env bash + +# COPYRIGHT NOTICE STARTS HERE +# +# Copyright 2018 © Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# COPYRIGHT NOTICE ENDS HERE + + +# fail fast +set -e + +# OS check +. /etc/os-release +OS_ID="${ID}" + +case "$OS_ID" in + centos) + ;; + rhel) + ;; + ubuntu) + ;; + *) + echo This OS is not supported: $OS_ID + exit 1 + ;; +esac + +# boilerplate +RELATIVE_PATH=./ # relative path from this script to 'common-functions.sh' +if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then + SCRIPT_DIR=$(dirname "${0}") + LOCAL_PATH=$(readlink -f "$SCRIPT_DIR") + . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh +fi + +# +# local functions +# + +start_nexus() { + echo "** Starting nexus **" + if [[ -z "$NEXUS_DATA" ]]; then + echo "Nexus data env is not set" + exit -3 + fi + + # valid for case of fresh nexus deployment + # data are inserted in later phases + mkdir -p $NEXUS_DATA + # hardening + chmod a+wrX $NEXUS_DATA + chown -R 200:200 $NEXUS_DATA + + docker rm -f nexus 1> /dev/null 2>&1 || true + + docker run -d --name nexus\ + --restart unless-stopped \ + -v $NEXUS_DATA:/nexus-data:rw \ + sonatype/nexus3 + + echo "** Creating docker network **" + docker network create nexus_network + docker network connect nexus_network nexus +} + +start_nginx() { + echo "** Starting reverse proxy - nginx **" + + docker rm -f nginx 1> /dev/null 2>&1 || true + mkdir -p $NGINX_HTTP_DIR/repo.install-server + + mkdir -p "$NGINX_HTTP_DIR/repo.install-server" + + docker run -d -p 80:80 -p 443:443 -p 10001:443 \ + --name nginx \ + --network nexus_network \ + -v $GEN_CFG_PATH/nginx.conf:/etc/nginx/nginx.conf:ro \ + -v $CERTS_TARGET_PATH:/etc/nginx/certs:ro \ + -v $GIT_REPOS:/srv/git:rw \ + -v $NGINX_LOG_DIR:/var/log/nginx:rw \ + -v $NGINX_HTTP_DIR:/srv/http:ro \ + -v $RHEL_REPO:/srv/http/repo.install-server:ro \ + --restart unless-stopped \ + own_nginx +} + +patch_cert() { + file=$1 + cp "$APROJECT_DIR/cfg/$file" "$GEN_CFG_PATH/$file" +# sed "s#countryName =.*#countryName = $CERT_COUNTRY#" "$APROJECT_DIR/cfg/$file" > $GEN_CFG_PATH/$file +# sed "s#localityName =.*#localityName = $CERT_LOCALITY#" "$APROJECT_DIR/cfg/$file" > $GEN_CFG_PATH/$file +# sed "s#organizationName =.*#organizationName = $CERT_ORGANIZATION#" "$APROJECT_DIR/cfg/$file" > $GEN_CFG_PATH/$file +} + +patch_conf_files() { + # patch nexus and root cert + patch_cert nexus_cert.cnf + patch_cert cacert.cnf + + # patch nexus v3 ext cert + sed "s#nexus.student12#$NEXUS_FQDN#" "$APROJECT_DIR/cfg/v3.ext" > $GEN_CFG_PATH/v3.ext + + #patch nginx.conf + sed "s#nexus.student12#$NEXUS_FQDN#" "$APROJECT_DIR/cfg/nginx.conf" > $GEN_CFG_PATH/nginx.conf +} + +# +# body +# + +message info "Nexus will be installed into this directory: $(pwd)" + +if ! [ -f ./local_repo.conf ]; then + printf "[?] > Do you want continue? (if no, hit CTRL+C): " + read x +fi + +message info "Reading configuration" +get_configuration + +mkdir -p "$CERTS_TARGET_PATH" +mkdir -p "$NGINX_LOG_DIR" +mkdir -p "$GEN_CFG_PATH" +if [ "$IS_SELF_EXTRACT" = YES ] ; then + message info "Now I will untar the resources" + message info "This may take a long time..." + sleep 3s + may_self_extract +fi + +# +echo "Cleanup docker (if installed)" +docker rm -f nginx 1> /dev/null 2>&1 || true +docker rm -f nexus 1> /dev/null 2>&1 || true + +install_files +install_packages "$OS_ID" +setup_vnc_server + +update_hosts + +# TODO +#check_dependencies + +echo "Restarting dnsmasq" +# TODO dnsmasq config? +systemctl enable dnsmasq +systemctl restart dnsmasq + +echo "** Generating config files to $GEN_CFG_PATH **" +echo "Configure ssl certificates" + +patch_conf_files +create_root_CA + +# create selfinstall CA cert +$BASH_SCRIPTS_DIR/tools/create_si_cacert_pkg.sh +# run generated file +./install_cacert.sh + +create_cert "nexus" + +echo "** Certificates finished **" + +update_docker_cfg + +echo "Restarting docker" +systemctl enable docker +systemctl restart docker + +update_firewall + +set +e + +echo "** Loading images **" +docker load -i $RESOURCES_DIR/offline_data/docker_images_infra/sonatype_nexus3_latest.tar +docker load -i $RESOURCES_DIR/offline_data/docker_images_infra/own_nginx_latest.tar + +start_nexus +start_nginx diff --git a/onap-offline/bash/tools/download_offline_data_by_lists.sh b/onap-offline/bash/tools/download_offline_data_by_lists.sh new file mode 100755 index 0000000..24cd578 --- /dev/null +++ b/onap-offline/bash/tools/download_offline_data_by_lists.sh @@ -0,0 +1,80 @@ +#! /usr/bin/env bash + +# COPYRIGHT NOTICE STARTS HERE +# +# Copyright 2018 © Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# COPYRIGHT NOTICE ENDS HERE + + +# fail fast +set -e + +# boilerplate +RELATIVE_PATH=./ # relative path from this script to 'common-functions.sh' +if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then + SCRIPT_DIR=$(dirname "${0}") + LOCAL_PATH=$(readlink -f "$SCRIPT_DIR") + . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh +fi + +CTOOLS="${LOCAL_PATH}/creating_data" +LISTS_DIR="${LOCAL_PATH}/data_list" +DATA_DIR="${LOCAL_PATH}/../../resources" +TOTAL=12 +CURR=1 + +message info "Downloading started: $(date)" + +echo "[Step $((CURR++))/$TOTAL Download collected docker images]" +$CTOOLS/download-docker-images.sh "$LISTS_DIR/docker_image_list.txt" + +echo "[Step $((CURR++))/$TOTAL Download manually collected docker images]" +$CTOOLS/download-docker-images.sh "$LISTS_DIR/docker_manual_image_list.txt" + +echo "[Step $((CURR++))/$TOTAL Build own nginx image]" +$CTOOLS/create_nginx_image/01create-image.sh + +echo "[Step $((CURR++))/$TOTAL Save docker images from docker cache to tarfiles]" +$CTOOLS/save-docker-images.sh "$DATA_DIR/offline_data/docker_images_for_nexus" + +echo "[Step $((CURR++))/$TOTAL move infra related images to infra folder]" +mkdir -p "$DATA_DIR/offline_data/docker_images_infra" +mv "$DATA_DIR/offline_data/docker_images_for_nexus/own_nginx_latest.tar" "$DATA_DIR/offline_data/docker_images_infra" +mv "$DATA_DIR/offline_data/docker_images_for_nexus/sonatype_nexus3_latest.tar" "$DATA_DIR/offline_data/docker_images_infra" + +echo "[Step $((CURR++))/$TOTAL Download git repos]" +$CTOOLS/download-git-repos.sh "$LISTS_DIR" "$DATA_DIR/git-repo" + +echo "[Step $((CURR++))/$TOTAL Download http files]" +$CTOOLS/download-http-files.sh "$LISTS_DIR/http_manual_list.txt" "$DATA_DIR/http" + +echo "[Step $((CURR++))/$TOTAL Download npm pkgs]" +$CTOOLS/download-npm-pkgs.sh "$LISTS_DIR/npm_list.txt" "$DATA_DIR/offline_data/npm_tar" + +echo "[Step $((CURR++))/$TOTAL Download bin tools]" +$CTOOLS/download-bin-tools.sh "$DATA_DIR/downloads" + +echo "[Step $((CURR++))/$TOTAL Download rhel pkgs]" +$CTOOLS/download-pkg.sh "$DATA_DIR/pkg/rhel" + +echo "[Step $((CURR++))/$TOTAL Download oom]" +$CTOOLS/download-oom.sh "$DATA_DIR" "${LOCAL_PATH}/../../patches/offline-changes.patch" + +echo "[Step $((CURR++))/$TOTAL Download sdnc-ansible-server packages]" +$CTOOLS/download-pip.sh "$LISTS_DIR/pip_list.txt" "$DATA_DIR/pkg/ubuntu/ansible_pkg" +$CTOOLS/download-files.sh "$LISTS_DIR/pkg_list.txt" "$DATA_DIR/pkg/ubuntu/ansible_pkg" + +message info "Downloading finished: $(date)" diff --git a/onap-offline/bash/tools/gather_data_lists.sh b/onap-offline/bash/tools/gather_data_lists.sh new file mode 100755 index 0000000..3e046cb --- /dev/null +++ b/onap-offline/bash/tools/gather_data_lists.sh @@ -0,0 +1,34 @@ +#! /usr/bin/env bash + +# COPYRIGHT NOTICE STARTS HERE +# +# Copyright 2018 © Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# COPYRIGHT NOTICE ENDS HERE + +script_dir="$(dirname ${BASH_SOURCE[0]})" +tools=$(readlink -f "$script_dir") + +echo "WARNING: This script won't be used except rare internal usage, it's just illustrating how we collected lists of artifacts to be downloaded. It's already deprecated" + +TOOLS="$tools/creating_data" +export LISTS_DIR="$tools/data_list" +export ONAP_SERVERS="oom-beijing-postRC2-master oom-beijing-postRC2-compute1 oom-beijing-postRC2-compute2" +OOM_PATH="$tools/../../resources/oom" + +$TOOLS/remote-list-gathering.sh +$TOOLS/make-git-http-list.sh "$OOM_PATH" + + diff --git a/onap-offline/bash/tools/load_stored_offline_data.sh b/onap-offline/bash/tools/load_stored_offline_data.sh new file mode 100755 index 0000000..eb6cba8 --- /dev/null +++ b/onap-offline/bash/tools/load_stored_offline_data.sh @@ -0,0 +1,90 @@ +#! /usr/bin/env bash + +# COPYRIGHT NOTICE STARTS HERE +# +# Copyright 2018 © Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# COPYRIGHT NOTICE ENDS HERE + + +# boilerplate +RELATIVE_PATH=./ # relative path from this script to 'common-functions.sh' +if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then + SCRIPT_DIR=$(dirname "${0}") + LOCAL_PATH=$(readlink -f "$SCRIPT_DIR") + . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh +fi + +tools="${LOCAL_PATH}" +message info "Reading configuration" +get_configuration + +CTOOLS="$tools/creating_data" +LISTS_DIR="$tools/data_list" +DATA_DIR="$tools/../../resources/offline_data" +export NEXUS_HOST="https://$NEXUS_FQDN" +NPM_REGISTRY="$NEXUS_HOST/repository/npm-private/" + +TOTAL=5 +CURR=1 + +message info "Loading started: $(date)" + +# backup config.json before we change it in docker-login +# however no use for restoring it found +mv ~/.docker/config.json ~/.docker/config.json_backup 2>/dev/null + +echo "[Step $((CURR++))/$TOTAL Setting-up docker login for inserting docker images]" +$CTOOLS/docker-login.sh + +echo "[Step $((CURR++))/$TOTAL Inserting docker images into local nexus]" +$CTOOLS/load-docker-images.sh "$DATA_DIR/docker_images_for_nexus" + +echo "[Step $((CURR++))/$TOTAL Setting-up npm for inserting npm pkgs into local nexus]" + +npm config set registry $NPM_REGISTRY + +/usr/bin/expect <<EOF +spawn npm login +expect "Username:" +send "${NPM_USERNAME}\n" +expect "Password:" +send "${NPM_PASSWORD}\n" +expect Email: +send "${NPM_EMAIL}\n" +expect eof +EOF + +echo "[WA] for tss package - this package uses already specified repo and dont accept our simulated domain" + +cd $DATA_DIR/npm_tar +tar xvzf tsscmp-1.0.5.tgz +rm -f tsscmp-1.0.5.tgz +sed -i "s|https://registry.npmjs.org|${NPM_REGISTRY}|g" package/package.json +tar -zcvf tsscmp-1.0.5.tgz package +rm -rf package +cd - + +echo "[Step $((CURR++))/$TOTAL Inserting npm packages into local nexus]" +$CTOOLS/upload-npm-pkgs.sh "$LISTS_DIR/npm_list.txt" "$DATA_DIR/npm_tar" "$NEXUS_HOST" + +echo "[Step $((CURR++))/$TOTAL Inserting maven artifacts into local nexus]" +$CTOOLS/upload-maven-files.sh "$tools/../../resources/http" "repo.maven.apache.org" "repo1.maven.org" + +# onap is using different credentials for docker login which can be conflicted +# with ours so better to clean this-up +rm ~/.docker/config.json + +message info "Loading finished: $(date)" diff --git a/onap-offline/bash/tools/setup_nfs_mount.sh b/onap-offline/bash/tools/setup_nfs_mount.sh new file mode 100755 index 0000000..eee471b --- /dev/null +++ b/onap-offline/bash/tools/setup_nfs_mount.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +# COPYRIGHT NOTICE STARTS HERE +# +# Copyright 2018 © Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# COPYRIGHT NOTICE ENDS HERE + + +usage () { + echo "Usage:" + echo " ./$(basename $0) nfs_master_ip" + exit 1 +} + +if [ "$#" -ne 1 ]; then + echo "Missing NFS mater node" + usage +fi + +MASTER_IP=$1 + +#Install NFS common +#sudo apt-get update +#sudo apt-get install -y nfs-common + +#Create NFS directory +sudo mkdir -p /dockerdata-nfs + +#Mount the remote NFS directory to the local one +sudo mount $MASTER_IP:/dockerdata-nfs /dockerdata-nfs/ +echo "$MASTER_IP:/dockerdata-nfs /dockerdata-nfs nfs auto,nofail,noatime,nolock,intr,tcp,actimeo=1800 0 0" | sudo tee -a /etc/fstab diff --git a/onap-offline/bash/tools/setup_nfs_server_rhel.sh b/onap-offline/bash/tools/setup_nfs_server_rhel.sh new file mode 100755 index 0000000..24fe2b5 --- /dev/null +++ b/onap-offline/bash/tools/setup_nfs_server_rhel.sh @@ -0,0 +1,51 @@ +#!/bin/bash + +# COPYRIGHT NOTICE STARTS HERE +# +# Copyright 2018 © Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# COPYRIGHT NOTICE ENDS HERE + + +usage () { + echo "Usage:" + echo " ./$(basename $0) node1_ip node2_ip ... nodeN_ip" + exit 1 +} + +if [ "$#" -lt 1 ]; then + echo "Missing NFS slave nodes" + usage +fi + +#Install NFS kernel +#sudo apt-get update +#sudo apt-get install -y nfs-kernel-server + +#Create /dockerdata-nfs and set permissions +sudo mkdir -p /dockerdata-nfs +sudo chmod 777 -R /dockerdata-nfs +sudo chown nobody:nobody /dockerdata-nfs/ + +#Update the /etc/exports +NFS_EXP="" +for i in $@; do + NFS_EXP+="$i(rw,sync,no_root_squash,no_subtree_check) " +done +echo "/dockerdata-nfs "$NFS_EXP | sudo tee -a /etc/exports + +#Restart the NFS service +sudo exportfs -a +sudo systemctl restart nfs-server diff --git a/onap-offline/bash/tools/setup_nfs_server_ubuntu.sh b/onap-offline/bash/tools/setup_nfs_server_ubuntu.sh new file mode 100755 index 0000000..fad3abb --- /dev/null +++ b/onap-offline/bash/tools/setup_nfs_server_ubuntu.sh @@ -0,0 +1,51 @@ +#!/bin/bash + +# COPYRIGHT NOTICE STARTS HERE +# +# Copyright 2018 © Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# COPYRIGHT NOTICE ENDS HERE + + +usage () { + echo "Usage:" + echo " ./$(basename $0) node1_ip node2_ip ... nodeN_ip" + exit 1 +} + +if [ "$#" -lt 1 ]; then + echo "Missing NFS slave nodes" + usage +fi + +#Install NFS kernel +#sudo apt-get update +#sudo apt-get install -y nfs-kernel-server + +#Create /dockerdata-nfs and set permissions +sudo mkdir -p /dockerdata-nfs +sudo chmod 777 -R /dockerdata-nfs +sudo chown nobody:nogroup /dockerdata-nfs/ + +#Update the /etc/exports +NFS_EXP="" +for i in $@; do + NFS_EXP+="$i(rw,sync,no_root_squash,no_subtree_check) " +done +echo "/dockerdata-nfs "$NFS_EXP | sudo tee -a /etc/exports + +#Restart the NFS service +sudo exportfs -a +sudo systemctl restart nfs-kernel-server diff --git a/onap-offline/cfg/cacert.cnf b/onap-offline/cfg/cacert.cnf new file mode 100644 index 0000000..a6917ca --- /dev/null +++ b/onap-offline/cfg/cacert.cnf @@ -0,0 +1,113 @@ +[ ca ] +# `man ca` +default_ca = CA_default + +[ CA_default ] +# Directory and file locations. +dir = ./ +certs = $dir/certs +crl_dir = $dir/crl +new_certs_dir = $dir/newcerts +database = $dir/index.txt +serial = $dir/serial +RANDFILE = $dir/private/.rand + +# The root key and root certificate. +private_key = $dir/private/ca.key.pem +certificate = $dir/certs/ca.cert.pem + +# For certificate revocation lists. +crlnumber = $dir/crlnumber +crl = $dir/crl/ca.crl.pem +crl_extensions = crl_ext +default_crl_days = 30 + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +name_opt = ca_default +cert_opt = ca_default +default_days = 3750 +preserve = no +policy = policy_strict + +[ policy_strict ] +# The root CA should only sign intermediate certificates that match. +# See the POLICY FORMAT section of `man ca`. +countryName = match +organizationName = match +commonName = supplied + +[ policy_loose ] +# Allow the intermediate CA to sign a more diverse range of certificates. +# See the POLICY FORMAT section of the `ca` man page. +countryName = optional +localityName = optional +organizationName = optional +commonName = supplied + +[ req ] +# Options for the `req` tool (`man req`). +default_bits = 4096 +distinguished_name = req_distinguished_name +string_mask = utf8only +prompt = no + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +# Extension to add when the -x509 option is used. +x509_extensions = v3_ca + +[ req_distinguished_name ] +# Optionally, specify some defaults. +countryName = PL +localityName = Krakow +organizationName = Samsung +commonName = onap + +[ v3_ca ] +# Extensions for a typical CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ v3_intermediate_ca ] +# Extensions for a typical intermediate CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true, pathlen:0 +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ usr_cert ] +# Extensions for client certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = client, email +nsComment = "OpenSSL Generated Client Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth, emailProtection + +[ server_cert ] +# Extensions for server certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +keyUsage = critical, digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth + +[ crl_ext ] +# Extension for CRLs (`man x509v3_config`). +authorityKeyIdentifier=keyid:always + +[ ocsp ] +# Extension for OCSP signing certificates (`man ocsp`). +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, digitalSignature +extendedKeyUsage = critical, OCSPSigning diff --git a/onap-offline/cfg/full_depl_values.yaml b/onap-offline/cfg/full_depl_values.yaml new file mode 100644 index 0000000..e50820a --- /dev/null +++ b/onap-offline/cfg/full_depl_values.yaml @@ -0,0 +1,160 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration overrides. +# +# These overrides will affect all helm charts (ie. applications) +# that are listed below and are 'enabled'. +################################################################# +global: + # Change to an unused port prefix range to prevent port conflicts + # with other instances running within the same k8s cluster + nodePortPrefix: 302 + + # ONAP Repository + # Uncomment the following to enable the use of a single docker + # repository but ONLY if your repository mirrors all ONAP + # docker images. This includes all images from dockerhub and + # any other repository that hosts images for ONAP components. + #repository: nexus3.onap.org:10001 + repositoryCred: + user: docker + password: docker + + # readiness check - temporary repo until images migrated to nexus3 + readinessRepository: oomk8s + # logging agent - temporary repo until images migrated to nexus3 + loggingRepository: docker.elastic.co + + # image pull policy + #pullPolicy: Always + pullPolicy: IfNotPresent + + # default mount path root directory referenced + # by persistent volumes and log files + persistence: + mountPath: /dockerdata-nfs + + # flag to enable debugging - application support required + debugEnabled: false + +# Repository for creation of nexus3.onap.org secret +repository: nexus3.onap.org:10001 + + +################################################################# +# Enable/disable and configure helm charts (ie. applications) +# to customize the ONAP deployment. +################################################################# +aaf: + enabled: true +aai: + enabled: true +aaiadapter: + enabled: false +appc: + enabled: true + config: + openStackType: OpenStackProvider + openStackName: OpenStack + openStackKeyStoneUrl: FILL-ME + openStackServiceTenantName: FILL-ME + openStackDomain: FILL-ME + openStackUserName: FILL-ME + openStackEncryptedPassword: FILL-ME +clamp: + enabled: true +cli: + enabled: true +consul: + enabled: true +dcaegen2: + enabled: true +dmaap: + enabled: true +esr: + enabled: true +log: + enabled: true +sniro-emulator: + enabled: true +oof: + enabled: true +msb: + enabled: true +multicloud: + enabled: true +nbi: + enabled: true + config: + # openstack configuration + openStackUserName: "FILL-ME" + openStackRegion: "FILL-ME" + openStackKeyStoneUrl: "FILL-ME" + openStackServiceTenantName: "FILL-ME" + openStackEncryptedPasswordHere: "FILL-ME" +policy: + enabled: true +portal: + enabled: true +robot: + enabled: true +sdc: + enabled: true +sdnc: + enabled: true + + replicaCount: 1 + + config: + enableClustering: false + + mysql: + disableNfsProvisioner: true + replicaCount: 1 +so: + enabled: true + + replicaCount: 1 + + liveness: + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + + # so server configuration + config: + # message router configuration + dmaapTopic: "AUTO" + # openstack configuration + openStackUserName: "FILL-ME" + openStackRegion: "FILL-ME" + openStackKeyStoneUrl: "FILL-ME" + openStackServiceTenantName: "FILL-ME" + openStackEncryptedPasswordHere: "FILL-ME" + + # configure embedded mariadb + mariadb: + config: + mariadbRootPassword: password +uui: + enabled: true +vfc: + enabled: true +vid: + enabled: true +vnfsdk: + enabled: true + diff --git a/onap-offline/cfg/nexus_cert.cnf b/onap-offline/cfg/nexus_cert.cnf new file mode 100644 index 0000000..ab8d547 --- /dev/null +++ b/onap-offline/cfg/nexus_cert.cnf @@ -0,0 +1,33 @@ +[ req ] +default_bits = 4096 +default_keyfile = server-key.pem +distinguished_name = dn +#req_extensions = v3_req +x509_extensions = v3_req +string_mask = utf8only +prompt = no +default_md = sha256 + +[ dn ] + +countryName = PL +localityName = Krakow +organizationName = Samsung +commonName = registry-1.docker.io +#emailAddress + +[ v3_req ] + +#subjectKeyIdentifier = hash +#authorityKeyIdentifier = keyid,issuer + +basicConstraints = CA:FALSE +keyUsage = critical, keyAgreement, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth +# does not work here because of bug in openssl +#subjectAltName = @alternate_names +nsComment = "OpenSSL Generated Certificate" + +#[ alternate_names ] + +#DNS.4 = ftp.example.com diff --git a/onap-offline/cfg/nginx.conf b/onap-offline/cfg/nginx.conf new file mode 100644 index 0000000..6656855 --- /dev/null +++ b/onap-offline/cfg/nginx.conf @@ -0,0 +1,110 @@ +worker_processes 2; + +events { + worker_connections 1024; +} + +http { + error_log /var/log/nginx/error.log debug; + access_log /var/log/nginx/access.log; + + proxy_intercept_errors on; + proxy_send_timeout 120; + proxy_read_timeout 300; + + upstream nexus { + server nexus:8081; + } + + upstream registry { + server nexus:8082; + } + +# http simulations + server { + listen 80; + listen 443 ssl; + server_name _; + ssl_certificate /etc/nginx/certs/nexus_server.crt; + ssl_certificate_key /etc/nginx/certs/nexus_server.key; + + keepalive_timeout 5 5; + + location / { + root /srv/http/$host; + index index.html; + } + } + +# nexus simulations + server { + listen 80; + listen 443 ssl; + server_name nexus.student12 gcr.io registry-1.docker.io docker.io registry.npmjs.org nexus3.onap.org docker.elastic.co registry.hub.docker.com repo.maven.apache.org repo1.maven.org; + ssl_certificate /etc/nginx/certs/nexus_server.crt; + ssl_certificate_key /etc/nginx/certs/nexus_server.key; + + keepalive_timeout 5 5; + proxy_buffering off; + + # allow large uploads + client_max_body_size 3G; + + location /maven2 { + rewrite /maven2/(.*) /repository/maven2/$1 break; + # redirect to docker registry + proxy_pass http://nexus; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + location / { + # redirect to docker registry + if ($http_user_agent ~ docker ) { + proxy_pass http://registry; + } + proxy_pass http://nexus; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + } + +# git simulations + server { + listen 80; + listen 443 ssl; + server_name gerrit.onap.org git.rancher.io github.com; + ssl_certificate /etc/nginx/certs/nexus_server.crt; + ssl_certificate_key /etc/nginx/certs/nexus_server.key; + + keepalive_timeout 5 5; + proxy_buffering off; + + location / { + try_files $uri $uri/ @git; + } + + location @git { + + # Set chunks to unlimited, as the body's can be huge + client_max_body_size 0; + + fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + fastcgi_param PATH_INFO $uri; + + include fastcgi_params; + + fastcgi_param GIT_HTTP_EXPORT_ALL ""; + fastcgi_param GIT_PROJECT_ROOT /srv/git/$host/; + + # Forward REMOTE_USER as we want to know when we are authenticated + fastcgi_param REMOTE_USER $remote_user; + + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + } +} diff --git a/onap-offline/cfg/reduced_depl_values.yaml b/onap-offline/cfg/reduced_depl_values.yaml new file mode 100644 index 0000000..bfa5fd6 --- /dev/null +++ b/onap-offline/cfg/reduced_depl_values.yaml @@ -0,0 +1,159 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration overrides. +# +# These overrides will affect all helm charts (ie. applications) +# that are listed below and are 'enabled'. +################################################################# +global: + # Change to an unused port prefix range to prevent port conflicts + # with other instances running within the same k8s cluster + nodePortPrefix: 302 + + # ONAP Repository + # Uncomment the following to enable the use of a single docker + # repository but ONLY if your repository mirrors all ONAP + # docker images. This includes all images from dockerhub and + # any other repository that hosts images for ONAP components. + #repository: nexus3.onap.org:10001 + repositoryCred: + user: docker + password: docker + + # readiness check - temporary repo until images migrated to nexus3 + readinessRepository: oomk8s + # logging agent - temporary repo until images migrated to nexus3 + loggingRepository: docker.elastic.co + + # image pull policy + #pullPolicy: Always + pullPolicy: IfNotPresent + + # default mount path root directory referenced + # by persistent volumes and log files + persistence: + mountPath: /dockerdata-nfs + + # flag to enable debugging - application support required + debugEnabled: false + +# Repository for creation of nexus3.onap.org secret +repository: nexus3.onap.org:10001 + + +################################################################# +# Enable/disable and configure helm charts (ie. applications) +# to customize the ONAP deployment. +################################################################# +aaf: + enabled: false +aai: + enabled: false +aaiadapter: + enabled: true +appc: + enabled: true + config: + openStackType: OpenStackProvider + openStackName: OpenStack + openStackKeyStoneUrl: FILL-ME + openStackServiceTenantName: FILL-ME + openStackDomain: FILL-ME + openStackUserName: FILL-ME + openStackEncryptedPassword: FILL-ME +clamp: + enabled: false +cli: + enabled: false +consul: + enabled: true +dcaegen2: + enabled: true +dmaap: + enabled: true +esr: + enabled: false +log: + enabled: true +sniro-emulator: + enabled: false +oof: + enabled: false +msb: + enabled: true +multicloud: + enabled: false +nbi: + enabled: false + config: + # openstack configuration + openStackUserName: "FILL-ME" + openStackRegion: "FILL-ME" + openStackKeyStoneUrl: "FILL-ME" + openStackServiceTenantName: "FILL-ME" + openStackEncryptedPasswordHere: "FILL-ME" +policy: + enabled: true +portal: + enabled: false +robot: + enabled: true +sdc: + enabled: true +sdnc: + enabled: false + + replicaCount: 1 + + config: + enableClustering: false + + mysql: + disableNfsProvisioner: true + replicaCount: 1 +so: + enabled: false + + replicaCount: 1 + + liveness: + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + + # so server configuration + config: + # message router configuration + dmaapTopic: "AUTO" + # openstack configuration + openStackUserName: "FILL-ME" + openStackRegion: "FILL-ME" + openStackKeyStoneUrl: "FILL-ME" + openStackServiceTenantName: "FILL-ME" + openStackEncryptedPasswordHere: "FILL-ME" + + # configure embedded mariadb + mariadb: + config: + mariadbRootPassword: password +uui: + enabled: false +vfc: + enabled: false +vid: + enabled: false +vnfsdk: + enabled: false diff --git a/onap-offline/cfg/v3.ext b/onap-offline/cfg/v3.ext new file mode 100644 index 0000000..b4a6e43 --- /dev/null +++ b/onap-offline/cfg/v3.ext @@ -0,0 +1,24 @@ +authorityKeyIdentifier=keyid,issuer +basicConstraints=CA:FALSE +keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment +subjectAltName = @alt_names + +[alt_names] +DNS.1 = nexus.student12 +DNS.2 = gcr.io +DNS.3 = git.rancher.io +DNS.4 = gerrit.onap.org +DNS.5 = registry-1.docker.io +DNS.6 = docker.io +DNS.7 = registry.npmjs.org +DNS.8 = nexus3.onap.org +DNS.9 = nexus.onap.org +DNS.10 = docker.elastic.co +DNS.11 = www.getcloudify.org +DNS.12 = registry.hub.docker.com +DNS.13 = github.com +DNS.14 = repo.maven.apache.org +DNS.15 = www.springframework.org +DNS.16 = repo1.maven.org +DNS.17 = git.onap.org + |