Core of ONAP offline installer

Seed code for ONAP offline installer. This includes core
of the installer without downloading parts. Those will
come in subsequent commits.

Change-Id: I0d5c8c3c8c911ae11a0e558d5df94b6889af4435
Signed-off-by: Michal Ptacek <m.ptacek@partner.samsung.com>
Signed-off-by: Samuli Silvius <s.silvius@partner.samsung.com>
Issue-ID: INT-691

16 files changed, 1622 insertions, 0 deletions

diff --git a/onap-offline/bash/deploy_onap.sh b/onap-offline/bash/deploy_onap.sh
new file mode 100755
index 0000000..d8ae4f3
--- /dev/null
+++ b/onap-offline/bash/deploy_onap.sh
@@ -0,0 +1,55 @@
+#! /usr/bin/env bash
+
+#   COPYRIGHT NOTICE STARTS HERE
+#
+#   Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+#   COPYRIGHT NOTICE ENDS HERE
+
+
+# fail fast
+set -e
+
+# OS check
+. /etc/os-release
+OS_ID="${ID}"
+
+case "$OS_ID" in
+    centos)
+        ;;
+    rhel)
+        ;;
+    ubuntu)
+        ;;
+    *)
+        echo This OS is not supported: $OS_ID
+        exit 1
+        ;;
+esac
+
+# boilerplate
+RELATIVE_PATH=./tools # relative path from this script to 'common-functions.sh'
+if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then
+    SCRIPT_DIR=$(dirname "${0}")
+    LOCAL_PATH=$(readlink -f "$SCRIPT_DIR")
+    . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh
+fi
+
+get_configuration
+copy_onap_values_file
+patch_npm_oom
+patch_spring_oom
+patch_cfy_manager_depl $OS_ID
+deploy_onap
diff --git a/onap-offline/bash/tools/000cleanup.sh b/onap-offline/bash/tools/000cleanup.sh
new file mode 100755
index 0000000..3349c50
--- /dev/null
+++ b/onap-offline/bash/tools/000cleanup.sh
@@ -0,0 +1,41 @@
+#   COPYRIGHT NOTICE STARTS HERE
+#
+#   Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+#   COPYRIGHT NOTICE ENDS HERE
+
+oldifs=$IFS
+IFS=$'\n'
+
+echo "Deleting containers"
+for x in $(docker ps -a); do
+    cid=$(echo "$x" | awk '{print $1}')
+    docker rm -f $cid
+done
+
+echo "Deleting volumes"
+for x in $(docker volume ls | grep -v 'nexus-data'); do
+    name=$(echo "$x" | awk '{print $2}')
+#    echo "A: $name"
+    docker volume rm $name
+done
+
+echo "Unmounting kubelet pods"
+for x in $(mount | grep 'kubelet/pods\|rancher\|docker' | cut -d ' ' -f 3) ; do umount "$x" ; done
+
+rm -rfd /var/lib/kubelet/*
+rm -rfd /var/lib/rancher/*
+rm -rfd /var/lib/docker/*
+
diff --git a/onap-offline/bash/tools/certificates/2create_cert_for_nginx.sh b/onap-offline/bash/tools/certificates/2create_cert_for_nginx.sh
new file mode 100755
index 0000000..a9adb52
--- /dev/null
+++ b/onap-offline/bash/tools/certificates/2create_cert_for_nginx.sh
@@ -0,0 +1,47 @@
+#! /usr/bin/env bash
+
+#   COPYRIGHT NOTICE STARTS HERE
+#
+#   Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+#   COPYRIGHT NOTICE ENDS HERE
+
+
+# fail fast
+set -e
+
+# boilerplate
+RELATIVE_PATH=../ # relative path from this script to 'common-functions.sh'
+if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then
+    SCRIPT_DIR=$(dirname "${0}")
+    LOCAL_PATH=$(readlink -f "$SCRIPT_DIR")
+    . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh
+fi
+
+message info "Reading configuration"
+get_configuration
+
+update_hosts
+
+message info "Restarting dnsmasq"
+systemctl enable dnsmasq
+systemctl restart dnsmasq
+
+message info "Configure ssl certificates"
+create_cert "nexus"
+
+message info "** Certificates finished **"
+
+docker restart nginx
diff --git a/onap-offline/bash/tools/certificates/self_extract_cacert.sh b/onap-offline/bash/tools/certificates/self_extract_cacert.sh
new file mode 100755
index 0000000..1e7a5ab
--- /dev/null
+++ b/onap-offline/bash/tools/certificates/self_extract_cacert.sh
@@ -0,0 +1,55 @@
+#! /bin/sh
+
+#   COPYRIGHT NOTICE STARTS HERE
+#
+#   Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+#   COPYRIGHT NOTICE ENDS HERE
+
+
+
+extract_ca() {
+    cpath=$1
+    sed '0,/^#EOF#$/d' $0 > $cpath;
+    echo "Certificate installed into: $cpath"
+}
+
+OS_ID=$(awk -F= '/^ID=/{print $2}' /etc/os-release)
+OS_ID="${OS_ID%\"}"
+OS_ID="${OS_ID#\"}"
+
+if [ "$OS_ID" = "rhel" -o "$OS_ID" = "centos" ]; then
+    # for centos/ rhel
+    echo "Detected rhel like distribution"
+
+    update-ca-trust force-enable
+    extract_ca /etc/pki/ca-trust/source/anchors/rootCAcert.crt
+    update-ca-trust extract
+
+elif [ "$OS_ID" = "ubuntu" ]; then
+    echo "Detected ubuntu distribution"
+
+    mkdir -p /usr/local/share/ca-certificates/extra
+    extract_ca /usr/local/share/ca-certificates/extra/rootCAcert.crt
+    update-ca-certificates
+else
+    echo "OS $OS_ID is not supported"
+    exit -2
+fi
+
+echo "** Please restart docker (because of reload new CA) **"
+
+exit 0
+#EOF#
diff --git a/onap-offline/bash/tools/common-functions.sh b/onap-offline/bash/tools/common-functions.sh
new file mode 100755
index 0000000..0a6e26f
--- /dev/null
+++ b/onap-offline/bash/tools/common-functions.sh
@@ -0,0 +1,649 @@
+#   COPYRIGHT NOTICE STARTS HERE
+#
+#   Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+#   COPYRIGHT NOTICE ENDS HERE
+
+#
+# this file contains shared variables and functions for the onap installer
+#
+
+# any script which needs this file can check this variable
+# and it will know immediately if the functions and variables
+# are loaded and usable
+IS_COMMON_FUNCTIONS_SOURCED=YES
+
+# setting of the path variables
+if [ -z "$APROJECT_DIR" ] ; then
+    INCLUDE_PATH="${LOCAL_PATH}"/"${RELATIVE_PATH}"
+    APROJECT_DIR=$(readlink -f "$INCLUDE_PATH"/../..)
+fi
+
+RESOURCES_DIR="$APROJECT_DIR/resources"
+BASH_SCRIPTS_DIR="$APROJECT_DIR/bash"
+NEXUS_DATA="$RESOURCES_DIR/nexus_data"
+CERTS_TARGET_PATH="$APROJECT_DIR/live/certs"
+NGINX_LOG_DIR="$APROJECT_DIR/live/nginx_logs"
+GEN_CFG_PATH="$APROJECT_DIR/live/cfg"
+GIT_REPOS="$RESOURCES_DIR/git-repo"
+NGINX_HTTP_DIR="$RESOURCES_DIR/http"
+RHEL_REPO="$RESOURCES_DIR/pkg/rhel"
+
+PATH="${PATH}:/usr/local/bin:/usr/local/sbin"
+export PATH
+
+# just self-defense against locale
+LANG=C
+export LANG
+
+# dns handling
+SIMUL_HOSTS="gcr.io \
+git.rancher.io \
+gerrit.onap.org \
+registry-1.docker.io \
+docker.io \
+registry.npmjs.org \
+nexus3.onap.org \
+nexus.onap.org \
+docker.elastic.co \
+www.getcloudify.org \
+www.springframework.org \
+registry.hub.docker.com \
+git.onap.org \
+repo1.maven.org \
+repo.maven.apache.org"
+
+# default credentials to the repository
+NEXUS_USERNAME=admin
+NEXUS_PASSWORD=admin123
+NEXUS_EMAIL=admin@onap.org
+
+# this function is intended to unify the installer output
+message() {
+    case "$1" in
+        info)
+            echo 'INFO:' "$@"
+            ;;
+        debug)
+            echo 'DEBUG:' "$@" >&2
+            ;;
+        warning)
+            echo 'WARNING [!]:' "$@" >&2
+            ;;
+        error)
+            echo 'ERROR [!!]:' "$@" >&2
+            return 1
+            ;;
+        *)
+            echo 'UNKNOWN [?!]:' "$@" >&2
+            return 2
+            ;;
+    esac
+    return 0
+}
+export message
+
+# if the environment variable DEBUG is set to DEBUG-ONAP ->
+#  -> this function will print its arguments
+# otherwise nothing is done
+debug() {
+    [ "$DEBUG" = DEBUG-ONAP ] && message debug "$@"
+}
+export debug
+
+fail() {
+    message error "$@"
+    exit 1
+}
+
+retry() {
+    local n=1
+    local max=5
+    while ! "$@"; do
+        if [ $n -lt $max ]; then
+            n=$((n + 1))
+            message warning "Command ${@} failed. Attempt: $n/$max"
+            message info "waiting 10s for another try..."
+            sleep 10s
+        else
+            fail "Command ${@} failed after $n attempts. Better to abort now."
+        fi
+    done
+}
+
+may_self_extract() {
+    # extract and untar to the current directory
+    sed '0,/^# PAYLOAD BELOW #$/d' "$0" | tar -xvpf - ;
+}
+
+update_hosts() {
+    if grep -q "^[^#]\+\s$SIMUL_HOSTS\s*\$" /etc/hosts ; then
+        message info "simulated domains already in /etc/hosts"
+    else
+        echo "$LOCAL_IP $SIMUL_HOSTS" >> /etc/hosts
+        message info "simulated domains added to /etc/hosts (please check it)"
+    fi
+
+    if grep -q "^[^#]\+\s$NEXUS_FQDN\s*\$" /etc/hosts ; then
+        message info "nexus FQDN already in /etc/hosts"
+    else
+        echo "$LOCAL_IP $NEXUS_FQDN" >> /etc/hosts
+        message info "Nexus FQDN added to /etc/hosts (please check it)"
+    fi
+
+    if grep -q "^[^#]\+\srepo.install-server\s*\$" /etc/hosts ; then
+        message info "custom repo FQDN already in /etc/hosts"
+    else
+        echo "$LOCAL_IP repo.install-server" >> /etc/hosts
+        message info "Nexus FQDN added to /etc/hosts (please check it)"
+    fi
+}
+
+get_cfg_val() {
+    name="$1"
+    shift
+    ask="$@"
+
+    value=$(eval "echo \$${name}")
+    if [ -z "$value" ]; then
+        while [ -z "$value" ] ; do
+            printf "${ask}"
+            read -r $name
+
+            value=$(eval "echo \$${name}")
+        done
+        echo "${name}='${value}'" >> ./local_repo.conf
+    fi
+}
+
+get_configuration() {
+    if [ -f ./local_repo.conf ]; then
+        . ./local_repo.conf
+    fi
+
+    if [ -z "${NEXUS_FQDN}" ]; then
+        NEXUS_FQDN="nexus.$HOSTNAME"
+        echo "NEXUS_FQDN='${NEXUS_FQDN}'" >> ./local_repo.conf
+    fi
+
+    if [ -z "${ONAP_SCALE}" ]; then
+        ONAP_SCALE=full
+        echo "ONAP_SCALE='${ONAP_SCALE}'" >> ./local_repo.conf
+    fi
+
+    # nexus should be configured using those default entries
+    # if it was not put the correct inputs instead
+    if [ -z "${NPM_USERNAME}" ]; then
+        NPM_USERNAME="${NEXUS_USERNAME}"
+        echo "NPM_USERNAME='${NPM_USERNAME}'" >> ./local_repo.conf
+    fi
+
+    if [ -z "${NPM_PASSWORD}" ]; then
+        NPM_PASSWORD="${NEXUS_PASSWORD}"
+        echo "NPM_PASSWORD='${NPM_PASSWORD}'" >> ./local_repo.conf
+    fi
+
+    if [ -z "${NPM_EMAIL}" ]; then
+        NPM_EMAIL="$NEXUS_EMAIL"
+        echo "NPM_EMAIL='${NPM_EMAIL}'" >> ./local_repo.conf
+    fi
+
+    export NEXUS_FQDN
+    export ONAP_SCALE
+    export NPM_USERNAME
+    export NPM_PASSWORD
+    export NPM_EMAIL
+
+    NODE_USERNAME="root"
+
+    if [ -z "$LOCAL_IP" ] ; then
+        echo
+        echo "======= Mandatory configuration ======="
+        echo
+        message info "fill in these mandatory configuration values"
+        get_cfg_val "LOCAL_IP" "Enter the public IPv4 used for this '$HOSTNAME' install machine," \
+            "\nDO NOT USE LOOPBACK! (for example: 10.0.0.1): "
+    fi
+}
+
+enable_local_repo() {
+    sed -r "s%PATH%file://$APROJECT_DIR/resources/pkg/rhel%" "$APROJECT_DIR/resources/pkg/rhel/onap.repo" > /etc/yum.repos.d/onap.repo
+}
+
+install_packages() {
+    os_id="$1"
+
+    message info "Installing packages"
+
+    case "$os_id" in
+        centos)
+            yum -y install "$APROJECT_DIR/resources/pkg/centos/*.rpm"
+            ;;
+        rhel)
+            enable_local_repo
+            yum -y install docker-ce dnsmasq icewm firefox tigervnc-server
+            systemctl enable docker
+            systemctl start docker
+            ;;
+        ubuntu)
+            dpkg -i "$APROJECT_DIR/resources/pkg/ubuntu/*.deb"
+            ;;
+        *)
+            message error "OS release is not supported: $os_id"
+            message info "ABORTING INSTALLATION"
+            exit 1
+            ;;
+    esac
+}
+
+install_files() {
+    message info "installation of external binaries"
+    for binary in kubectl helm rancher jq ; do
+        cp "$APROJECT_DIR/resources/downloads/${binary}" /usr/local/bin/
+        chmod 755 "/usr/local/bin/${binary}"
+    done
+    mkdir ~/.kube
+}
+
+setup_vnc_server() {
+    mkdir -p ~/.vnc ~/.icewm
+    echo "onap" | vncpasswd -f > ~/.vnc/passwd
+    chmod 0600 ~/.vnc/passwd
+
+    cat > ~/.vnc/xstartup <<EOF
+#!/bin/sh
+
+unset SESSION_MANAGER
+unset DBUS_SESSION_BUS_ADDRESS
+exec icewm-session
+
+EOF
+
+chmod +x ~/.vnc/xstartup
+
+    cat > ~/.icewm/menu <<EOF
+prog Firefox firefox firefox
+separator
+
+EOF
+vncserver
+}
+
+update_docker_cfg() {
+    if [ -f "/etc/docker/daemon.json" ]; then
+        jq '.dns += ["172.17.0.1"]' /etc/docker/daemon.json > /tmp/daemon.json
+        mv /tmp/daemon.json /etc/docker/daemon.json
+    else
+        echo '{"dns": ["172.17.0.1"]}' > /etc/docker/daemon.json
+    fi
+}
+
+create_root_CA() {
+    echo "** Generate certificates **"
+    openssl genrsa -out $CERTS_TARGET_PATH/rootCA.key 4096
+
+    echo "** Generate self signed ***"
+    openssl req -config $GEN_CFG_PATH/cacert.cnf -key $CERTS_TARGET_PATH/rootCA.key -new -x509 -days 7300 -sha256 -extensions v3_ca \
+                  -out $CERTS_TARGET_PATH/rootCAcert.pem
+
+
+    # convert to crt
+    openssl x509 -in $CERTS_TARGET_PATH/rootCAcert.pem -inform PEM -out $CERTS_TARGET_PATH/rootCAcert.crt
+}
+
+install_root_CA() {
+    os=$1
+    echo "** Publishing root CA **"
+    if [ "$os" == "redhat" ]; then
+        # for centos
+        update-ca-trust force-enable
+        cp $CERTS_TARGET_PATH/rootCAcert.crt /etc/pki/ca-trust/source/anchors/
+        update-ca-trust extract
+    elif [ "$os" == "ubuntu" ]; then
+        mkdir -p /usr/local/share/ca-certificates/extra
+        cp $CERTS_TARGET_PATH/rootCAcert.crt /usr/local/share/ca-certificates/extra
+        update-ca-certificates
+    else
+        echo "OS \"$os\" is not supported"
+        exit -2
+    fi
+
+    echo "** Restart docker (because of reload new CA) **"
+    systemctl restart docker
+
+}
+
+create_cert() {
+    server_name=$1
+
+    openssl genrsa -out $CERTS_TARGET_PATH/${server_name}_server.key 4096
+    echo "** Generate sig request ***"
+    openssl req -new -config $GEN_CFG_PATH/${server_name}_cert.cnf -key $CERTS_TARGET_PATH/${server_name}_server.key -out $CERTS_TARGET_PATH/${server_name}_server.csr
+
+    # v3.ext must be in separate file , because of bug in openssl 1.0
+    echo "** sign **"
+    openssl x509 -req -in $CERTS_TARGET_PATH/${server_name}_server.csr\
+    -extfile $GEN_CFG_PATH/v3.ext\
+    -CA $CERTS_TARGET_PATH/rootCAcert.crt\
+    -CAkey $CERTS_TARGET_PATH/rootCA.key\
+    -CAcreateserial -out $CERTS_TARGET_PATH/${server_name}_server.crt -days 3650 -sha256
+}
+
+create_all_certs() {
+    create_cert "nexus"
+}
+
+update_firewall() {
+# TODO
+#firewall-cmd --permanent --add-port=53/udp
+#firewall-cmd --permanent --add-port=53/tcp
+#firewall-cmd --permanent --add-port=10001/tcp
+#firewall-cmd --permanent --add-port=80/tcp
+#firewall-cmd --permanent --add-port=443/tcp
+return 0
+}
+
+distribute_root_CA() {
+    targetip=$1
+    scp $APROJECT_DIR/install_cacert.sh $targetip:.
+    ssh $targetip ./install_cacert.sh
+    echo "** Add DNS record to remote host **"
+    ssh $targetip "echo nameserver $LOCAL_IP > /etc/resolv.conf"
+}
+
+upload_ansible_pkgs() {
+    os=$1
+    targetip=$2
+    #if [[ $os == "ubuntu" ]]; then
+    # those deb & whl packages are needed for sdnc-ansible-server pod
+    # independently on host OS distros
+    echo "** Copy required packages for sdnc-ansible-pod to kubernetes node $targetip **"
+    scp -r $APROJECT_DIR/resources/pkg/ubuntu/ansible_pkg $targetip:.
+    #fi
+}
+
+remote_setup_nfs_server() {
+    os=$1
+    targetip=$2
+    shift 2
+    scp $APROJECT_DIR/bash/tools/setup_nfs_server_${os}.sh $targetip:setup_nfs_server.sh
+    if [[ $os == "ubuntu" ]]; then
+        scp -r $APROJECT_DIR/resources/pkg/ubuntu/nfs-common-pkg/* $targetip:.
+        ssh $targetip dpkg -i *.deb
+    fi
+
+    ssh $targetip /bin/bash ./setup_nfs_server.sh "$@"
+}
+
+remote_setup_nfs_mount() {
+    os=$1
+    targetip=$2
+    nfsip=$3
+    scp $APROJECT_DIR/bash/tools/setup_nfs_mount.sh $targetip:.
+    if [[ $os == "ubuntu" ]]; then
+        scp -r $APROJECT_DIR/resources/pkg/ubuntu/nfs-common-pkg/* $targetip:.
+        ssh $targetip dpkg -i *.deb
+    fi
+    ssh $targetip /bin/bash ./setup_nfs_mount.sh $nfsip
+}
+
+enable_remote_repo() {
+    targetip=$1
+    sed -r "s%PATH%http://repo.install-server%" $APROJECT_DIR/resources/pkg/rhel/onap.repo | ssh $targetip 'cat > /etc/yum.repos.d/onap.repo'
+}
+
+install_remote_docker() {
+    targetip=$1
+    os=$2
+    if [[ $os == "ubuntu" ]]; then
+        scp -r $APROJECT_DIR/resources/pkg/ubuntu/{docker-ce_17.03.2~ce-0~ubuntu-xenial_amd64.deb,libltdl7_2.4.6-0.1_amd64.deb} $targetip:.
+        ssh $targetip dpkg -i *.deb
+    elif [[ $os == "rhel" ]]; then
+        ssh $targetip yum -y install docker-ce
+    fi
+    ssh $targetip "mkdir -p /etc/docker"
+    scp "$APROJECT_DIR/resources/downloads/jq" $targetip:/usr/local/bin/
+    ssh $targetip "if [[ -f /etc/docker/daemon.json ]]; then
+                       jq '.dns += [\"$LOCAL_IP\"]' /etc/docker/daemon.json > /tmp/daemon.json
+                       mv /tmp/daemon.json /etc/docker/daemon.json
+                   else
+                       echo {'\"'dns'\"': ['\"'$LOCAL_IP'\"']} > /etc/docker/daemon.json
+                   fi"
+
+    ssh $targetip 'systemctl enable docker; systemctl restart docker'
+}
+
+deploy_rancher() {
+    docker run -d --entrypoint "/bin/bash" --restart=unless-stopped -p 8080:8080 \
+    -v $CERTS_TARGET_PATH:/usr/local/share/ca-certificates/extra:ro \
+    --name rancher_server rancher/server:v1.6.14 \
+    -c "/usr/sbin/update-ca-certificates;/usr/bin/entry /usr/bin/s6-svscan /service"
+    echo "** wait until rancher is ready **"
+}
+
+deploy_kubernetes() {
+    os=$1
+    set +e
+    for i in `seq 5 -1 1`; do
+        API_RESPONSE=`curl -s 'http://127.0.0.1:8080/v2-beta/apikey' \
+            -d '{"type":"apikey","accountId":"1a1","name":"autoinstall"\
+                 ,"description":"autoinstall","created":null,"kind":null,\
+                 "removeTime":null,"removed":null,"uuid":null}'`
+        if [[ "$?" -eq 0 ]]; then
+            KEY_PUBLIC=`echo $API_RESPONSE | jq -r .publicValue`
+            KEY_SECRET=`echo $API_RESPONSE | jq -r .secretValue`
+            break
+        fi
+        echo "Waiting for rancher server to start"
+        sleep 60
+    done
+    set -e
+    export RANCHER_URL=http://${LOCAL_IP}:8080
+    export RANCHER_ACCESS_KEY=$KEY_PUBLIC
+    export RANCHER_SECRET_KEY=$KEY_SECRET
+
+    rancher env ls
+    echo "wait 60 sec for rancher environments can settle before we create the onap kubernetes one"
+    sleep 60
+
+    rancher env create -t kubernetes onap > kube_env_id.json
+    PROJECT_ID=$(<kube_env_id.json)
+    echo "env id: $PROJECT_ID"
+    export RANCHER_HOST_URL=http://${LOCAL_IP}:8080/v1/projects/$PROJECT_ID
+
+    for i in `seq 5`; do
+        status=$(rancher env ls | grep $PROJECT_ID | awk '{print $4}')
+        if [[ "$status" == "active" ]]; then
+            echo "Check on environments again before registering the URL response"
+            rancher env ls
+            break
+        fi
+        echo "Wait for environment to become active"
+        sleep 30
+    done
+
+    REG_URL_RESPONSE=`curl -X POST -u $KEY_PUBLIC:$KEY_SECRET -H 'Accept: application/json' -H 'ContentType: application/json' -d '{"name":"$LOCAL_IP"}' "http://$LOCAL_IP:8080/v1/projects/$PROJECT_ID/registrationtokens"`
+    echo "wait for server to finish url configuration - 3 min"
+    sleep 180
+    # see registrationUrl in
+    REGISTRATION_TOKENS=`curl http://127.0.0.1:8080/v2-beta/registrationtokens`
+    REGISTRATION_DOCKER=`echo $REGISTRATION_TOKENS | jq -r .data[0].image`
+    REGISTRATION_TOKEN=`echo $REGISTRATION_TOKENS | jq -r .data[0].token`
+
+    # base64 encode the kubectl token from the auth pair
+    # generate this after the host is registered
+    KUBECTL_TOKEN=$(echo -n 'Basic '$(echo -n "$RANCHER_ACCESS_KEY:$RANCHER_SECRET_KEY" | base64 -w 0) | base64 -w 0)
+    echo "KUBECTL_TOKEN base64 encoded: ${KUBECTL_TOKEN}"
+    cat > ~/.kube/config <<EOF
+apiVersion: v1
+kind: Config
+clusters:
+- cluster:
+    api-version: v1
+    insecure-skip-tls-verify: true
+    server: "https://$LOCAL_IP:8080/r/projects/$PROJECT_ID/kubernetes:6443"
+  name: "onap"
+contexts:
+- context:
+    cluster: "onap"
+    user: "onap"
+  name: "onap"
+current-context: "onap"
+users:
+- name: "onap"
+  user:
+    token: "$KUBECTL_TOKEN"
+
+EOF
+
+    if [[ $os == "rhel" ]]; then
+        echo "Upgrade datavolume for RHEL"
+        KUBELET_ID=`curl http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/ | jq -r '.data[] | select(.name=="kubelet")'.id`
+        OLD_LAUNCH_CONFIG=`curl http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/${KUBELET_ID} | jq  '.launchConfig'`
+        NEW_LAUNCH_CONFIG=`echo $OLD_LAUNCH_CONFIG | jq '.dataVolumes[2]="/sys/fs/cgroup:/sys/fs/cgroup:ro,rprivate"'`
+
+        DATA="{
+                \"inServiceStrategy\": {
+                  \"batchSize\": 1,
+                  \"intervalMillis\": 2000,
+                  \"startFirst\": false,
+                  \"launchConfig\": ${NEW_LAUNCH_CONFIG},
+                  \"secondaryLaunchConfigs\": []
+                }
+        }"
+        curl -s -u $KEY_PUBLIC:$KEY_SECRET -X POST -H 'Content-Type: application/json' -d "${DATA}" "http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/${KUBELET_ID}?action=upgrade" > /dev/null
+
+        echo "Give environment time to update (30 sec)"
+        sleep 30
+
+        curl -s -u $KEY_PUBLIC:$KEY_SECRET -X POST "http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/${KUBELET_ID}?action=finishupgrade" > /dev/null
+    fi
+}
+
+deploy_rancher_agent() {
+    nodeip=$1
+    if [ -z "$REGISTRATION_DOCKER" ]; then
+        echo "ASSERT: Missing REGISTRATION_DOCKER"
+        exit 1
+    fi
+    if [ -z "$RANCHER_URL" ]; then
+        echo "ASSERT: Missing RANCHER_URL"
+        exit 1
+    fi
+    if [ -z "$REGISTRATION_TOKEN" ]; then
+        echo "ASSERT: Missing REGISTRATION_TOKEN"
+        exit 1
+    fi
+
+    ssh $nodeip "docker run --rm --privileged -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/racher:/var/lib/rancher $REGISTRATION_DOCKER $RANCHER_URL/v1/scripts/$REGISTRATION_TOKEN"
+    echo "waiting 2 min for creating kubernetes environment"
+    sleep 120
+}
+
+deploy_node() {
+    nodeip=$1
+    os=$2
+    echo "Deploying node $nodeip"
+    distribute_root_CA $nodeip
+    install_remote_docker $nodeip $os
+    deploy_rancher_agent $nodeip
+}
+
+deploy_onap() {
+    pushd $APROJECT_DIR/resources/oom/kubernetes
+    helm init --upgrade --skip-refresh
+    # this might fail
+    set +e
+    helm repo remove stable
+    set -e
+    helm serve &
+    echo "wait a moment before helm will come up ..."
+    sleep 5
+    helm repo add local http://127.0.0.1:8879
+    make all
+    helm install local/onap -n dev --namespace onap
+    popd
+}
+
+expand_file() {
+    file=$1
+    shift
+
+    for ivar in "$@" ; do
+        ivalue=$(eval 'echo "$'${ivar}'"')
+        sed -i "s#${ivar}#${ivalue}#g" "$file"
+    done
+}
+
+patch_npm_oom() {
+    if [ -z "$LOCAL_IP" ] ; then
+        echo "ERROR: LOCAL_IP unset"
+        return 1
+    fi
+    if [ -z "$NEXUS_FQDN" ] ; then
+        echo "ERROR: NEXUS_FQDN unset"
+        return 1
+    fi
+
+    UPDATE_HOSTS_FILE="$LOCAL_IP $NEXUS_FQDN"
+    UPDATE_NPM_REGISTRY="npm set registry \"http://${NEXUS_FQDN}/repository/npm-private/\""
+
+    expand_file $APROJECT_DIR/resources/oom/kubernetes/common/dgbuilder/templates/deployment.yaml \
+        UPDATE_HOSTS_FILE \
+        UPDATE_NPM_REGISTRY
+    expand_file $APROJECT_DIR/resources/oom/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml \
+        UPDATE_HOSTS_FILE \
+        UPDATE_NPM_REGISTRY
+}
+
+patch_spring_oom() {
+    if [ -z "$LOCAL_IP" ] ; then
+        echo "ERROR: LOCAL_IP unset"
+        return 1
+    fi
+
+    UPDATE_HOSTS_FILE="$LOCAL_IP www.springframework.org"
+    expand_file $APROJECT_DIR/resources/oom/kubernetes/dmaap/charts/message-router/templates/deployment.yaml \
+        UPDATE_HOSTS_FILE
+}
+
+patch_cfy_manager_depl() {
+    os="$1"
+    file="${APROJECT_DIR}/resources/oom/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml"
+
+    case "$os" in
+        centos|rhel)
+            CERT_PATH="/etc/pki/ca-trust/source/anchors"
+            ;;
+        ubuntu)
+            CERT_PATH="/usr/local/share/ca-certificates/extra"
+            ;;
+        '')
+            echo "ERROR: missing argument"
+            return 1
+            ;;
+        *)
+            echo "ERROR: unknown OS: ${os}"
+            return 1
+            ;;
+    esac
+
+    expand_file "$file" CERT_PATH
+}
+
+copy_onap_values_file() {
+    cp "${APROJECT_DIR}/cfg/${ONAP_SCALE}_depl_values.yaml" \
+        "${APROJECT_DIR}/resources/oom/kubernetes/onap/values.yaml"
+}
diff --git a/onap-offline/bash/tools/create_si_cacert_pkg.sh b/onap-offline/bash/tools/create_si_cacert_pkg.sh
new file mode 100755
index 0000000..197f0c0
--- /dev/null
+++ b/onap-offline/bash/tools/create_si_cacert_pkg.sh
@@ -0,0 +1,29 @@
+#! /bin/bash
+
+#   COPYRIGHT NOTICE STARTS HERE
+#
+#   Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+#   COPYRIGHT NOTICE ENDS HERE
+
+
+self="$0"
+tools_dir=$(dirname "$self")
+
+TARGET_FILE="./install_cacert.sh"
+
+cat "$tools_dir/certificates/self_extract_cacert.sh" "$tools_dir/../../live/certs/rootCAcert.crt" > $TARGET_FILE
+chmod a+x $TARGET_FILE
+echo "Created self installation file: $TARGET_FILE"
diff --git a/onap-offline/bash/tools/create_si_onap_pkg.sh b/onap-offline/bash/tools/create_si_onap_pkg.sh
new file mode 100755
index 0000000..12d851b
--- /dev/null
+++ b/onap-offline/bash/tools/create_si_onap_pkg.sh
@@ -0,0 +1,88 @@
+#! /usr/bin/env bash
+
+#   COPYRIGHT NOTICE STARTS HERE
+#
+#   Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+#   COPYRIGHT NOTICE ENDS HERE
+
+
+# fail fast
+set -e
+
+# boilerplate
+RELATIVE_PATH=./ # relative path from this script to 'common-functions.sh'
+if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then
+    SCRIPT_DIR=$(dirname "${0}")
+    LOCAL_PATH=$(readlink -f "$SCRIPT_DIR")
+    . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh
+fi
+
+if [ -z "$1" ]; then
+  VERSION="RC3"
+  message info "no argument supplied, keeping default naming: $VERSION"
+else
+  VERSION="$1"
+fi
+
+# name of the self-extract-installer
+TARGET_FILE="$APROJECT_DIR/selfinstall_onap_beijing_"$VERSION".sh"
+
+# inserting the head of the script
+cat > "$TARGET_FILE" <<EOF
+#! /usr/bin/env bash
+
+#
+# This is self-extract installer for onap
+#
+
+# fail fast
+set -e
+
+# boilerplate
+SCRIPT_DIR=\$(dirname "\${0}")
+APROJECT_DIR=\$(readlink -f "\$SCRIPT_DIR")
+IS_SELF_EXTRACT=YES
+
+EOF
+
+# splicing the scripts together
+cat "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh >> "$TARGET_FILE"
+cat "${LOCAL_PATH}"/"${RELATIVE_PATH}"/deploy_nexus.sh >> "$TARGET_FILE"
+cat "${LOCAL_PATH}"/"${RELATIVE_PATH}"/deploy_kube.sh >> "$TARGET_FILE"
+
+# finishing touches to the script
+cat >> "$TARGET_FILE" <<EOF
+
+exit 0
+
+#
+# Installer script ends here
+# The rest of this file is a binary payload
+# ! DO NOT MODIFY IT !
+#
+
+# PAYLOAD BELOW #
+EOF
+
+# appending the tar to the script
+cd "$APROJECT_DIR"
+tar --exclude='.git' --exclude='*.swp' --exclude='selfinstall_onap_*.sh' --exclude='ansible' --exclude='docker' --exclude='local_repo.conf' --exclude='live' -cvf - * >> "$TARGET_FILE"
+cd -
+
+chmod 755 "$TARGET_FILE"
+message info "Created Nexus self installation file: $TARGET_FILE"
+
+exit 0
diff --git a/onap-offline/bash/tools/delete-local-images.sh b/onap-offline/bash/tools/delete-local-images.sh
new file mode 100755
index 0000000..5e481c3
--- /dev/null
+++ b/onap-offline/bash/tools/delete-local-images.sh
@@ -0,0 +1,19 @@
+#   COPYRIGHT NOTICE STARTS HERE
+#
+#   Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+#   COPYRIGHT NOTICE ENDS HERE
+
+docker rmi -f $(docker images -q)
diff --git a/onap-offline/bash/tools/deploy_kube.sh b/onap-offline/bash/tools/deploy_kube.sh
new file mode 100755
index 0000000..f2a77be
--- /dev/null
+++ b/onap-offline/bash/tools/deploy_kube.sh
@@ -0,0 +1,95 @@
+#! /usr/bin/env bash
+
+#   COPYRIGHT NOTICE STARTS HERE
+#
+#   Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+#   COPYRIGHT NOTICE ENDS HERE
+
+
+# fail fast
+set -e
+
+# OS check
+. /etc/os-release
+OS_ID="${ID}"
+
+case "$OS_ID" in
+    centos)
+        ;;
+    rhel)
+        ;;
+    ubuntu)
+        ;;
+    *)
+        echo This OS is not supported: $OS_ID
+        exit 1
+        ;;
+esac
+
+# boilerplate
+RELATIVE_PATH=./ # relative path from this script to 'common-functions.sh'
+if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then
+    SCRIPT_DIR=$(dirname "${0}")
+    LOCAL_PATH=$(readlink -f "$SCRIPT_DIR")
+    . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh
+fi
+
+message info "Reading configuration"
+get_configuration
+if [ -z "$NODES_IPS" ] ; then
+    get_cfg_val "NODES_IPS" "Enter the public IPv4 addresses of kubernetes nodes separated by space," \
+    "\n(for example: 10.0.0.2 10.0.0.3 ...): "
+fi
+
+echo "Wait for nexus startup (1min)"
+sleep 60
+
+
+# on install server
+deploy_rancher
+deploy_kubernetes "$OS_ID"
+
+echo "Setting up ONAP Local Repo on Kubernetes nodes"
+for node in ${NODES_IPS} ; do
+    enable_remote_repo $node
+done
+
+# setup NFS on nodes
+assort_nodes_ips() {
+    nfs_server="$1"
+    shift
+    nfs_clients="$*"
+}
+assort_nodes_ips ${NODES_IPS}
+if [ -n "${nfs_clients}" ]; then
+    echo "Setting up NFS"
+    remote_setup_nfs_server $OS_ID ${nfs_server} ${nfs_clients}
+    for node in ${nfs_clients} ; do
+        remote_setup_nfs_mount $OS_ID $node ${nfs_server}
+    done
+else
+    echo "Only one node set. Skipping nfs configuration"
+fi
+
+echo "Copy ansible packages for onap ansible-server"
+for node in ${NODES_IPS} ; do
+    upload_ansible_pkgs $OS_ID $node
+done
+
+# to nodes
+for node in ${NODES_IPS} ; do
+    deploy_node $node $OS_ID
+done
diff --git a/onap-offline/bash/tools/deploy_nexus.sh b/onap-offline/bash/tools/deploy_nexus.sh
new file mode 100755
index 0000000..1532c61
--- /dev/null
+++ b/onap-offline/bash/tools/deploy_nexus.sh
@@ -0,0 +1,194 @@
+#! /usr/bin/env bash
+
+#   COPYRIGHT NOTICE STARTS HERE
+#
+#   Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+#   COPYRIGHT NOTICE ENDS HERE
+
+
+# fail fast
+set -e
+
+# OS check
+. /etc/os-release
+OS_ID="${ID}"
+
+case "$OS_ID" in
+    centos)
+        ;;
+    rhel)
+        ;;
+    ubuntu)
+        ;;
+    *)
+        echo This OS is not supported: $OS_ID
+        exit 1
+        ;;
+esac
+
+# boilerplate
+RELATIVE_PATH=./ # relative path from this script to 'common-functions.sh'
+if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then
+    SCRIPT_DIR=$(dirname "${0}")
+    LOCAL_PATH=$(readlink -f "$SCRIPT_DIR")
+    . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh
+fi
+
+#
+# local functions
+#
+
+start_nexus() {
+    echo "** Starting nexus **"
+    if [[ -z "$NEXUS_DATA" ]]; then
+        echo "Nexus data env is not set"
+        exit -3
+    fi
+
+    # valid for case of fresh nexus deployment
+    # data are inserted in later phases
+    mkdir -p $NEXUS_DATA
+    # hardening
+    chmod a+wrX $NEXUS_DATA
+    chown -R 200:200 $NEXUS_DATA
+
+    docker rm -f nexus 1> /dev/null 2>&1 || true
+
+    docker run -d --name nexus\
+        --restart unless-stopped \
+        -v $NEXUS_DATA:/nexus-data:rw \
+        sonatype/nexus3
+
+    echo "** Creating docker network **"
+    docker network create nexus_network
+    docker network connect nexus_network nexus
+}
+
+start_nginx() {
+    echo "** Starting reverse proxy - nginx **"
+
+    docker rm -f nginx 1> /dev/null 2>&1 || true
+    mkdir -p $NGINX_HTTP_DIR/repo.install-server
+
+    mkdir -p "$NGINX_HTTP_DIR/repo.install-server"
+
+    docker run -d -p 80:80 -p 443:443 -p 10001:443 \
+        --name nginx \
+        --network nexus_network \
+        -v $GEN_CFG_PATH/nginx.conf:/etc/nginx/nginx.conf:ro \
+        -v $CERTS_TARGET_PATH:/etc/nginx/certs:ro \
+        -v $GIT_REPOS:/srv/git:rw \
+        -v $NGINX_LOG_DIR:/var/log/nginx:rw \
+        -v $NGINX_HTTP_DIR:/srv/http:ro \
+        -v $RHEL_REPO:/srv/http/repo.install-server:ro \
+        --restart unless-stopped \
+        own_nginx
+}
+
+patch_cert() {
+    file=$1
+    cp "$APROJECT_DIR/cfg/$file" "$GEN_CFG_PATH/$file"
+#    sed "s#countryName =.*#countryName = $CERT_COUNTRY#" "$APROJECT_DIR/cfg/$file" > $GEN_CFG_PATH/$file
+#    sed "s#localityName =.*#localityName = $CERT_LOCALITY#" "$APROJECT_DIR/cfg/$file" > $GEN_CFG_PATH/$file
+#    sed "s#organizationName =.*#organizationName = $CERT_ORGANIZATION#" "$APROJECT_DIR/cfg/$file" > $GEN_CFG_PATH/$file
+}
+
+patch_conf_files() {
+    # patch nexus and root cert
+    patch_cert nexus_cert.cnf
+    patch_cert cacert.cnf
+
+    # patch nexus v3 ext cert
+    sed "s#nexus.student12#$NEXUS_FQDN#" "$APROJECT_DIR/cfg/v3.ext" > $GEN_CFG_PATH/v3.ext
+
+    #patch nginx.conf
+    sed "s#nexus.student12#$NEXUS_FQDN#" "$APROJECT_DIR/cfg/nginx.conf" > $GEN_CFG_PATH/nginx.conf
+}
+
+#
+# body
+#
+
+message info "Nexus will be installed into this directory: $(pwd)"
+
+if ! [ -f ./local_repo.conf ]; then
+    printf "[?] > Do you want continue? (if no, hit CTRL+C): "
+    read x
+fi
+
+message info "Reading configuration"
+get_configuration
+
+mkdir -p "$CERTS_TARGET_PATH"
+mkdir -p "$NGINX_LOG_DIR"
+mkdir -p "$GEN_CFG_PATH"
+if [ "$IS_SELF_EXTRACT" = YES ] ; then
+    message info "Now I will untar the resources"
+    message info "This may take a long time..."
+    sleep 3s
+    may_self_extract
+fi
+
+#
+echo "Cleanup docker (if installed)"
+docker rm -f nginx 1> /dev/null 2>&1 || true
+docker rm -f nexus 1> /dev/null 2>&1 || true
+
+install_files
+install_packages "$OS_ID"
+setup_vnc_server
+
+update_hosts
+
+# TODO
+#check_dependencies
+
+echo "Restarting dnsmasq"
+# TODO dnsmasq config?
+systemctl enable dnsmasq
+systemctl restart dnsmasq
+
+echo "** Generating config files to $GEN_CFG_PATH **"
+echo "Configure ssl certificates"
+
+patch_conf_files
+create_root_CA
+
+# create selfinstall CA cert
+$BASH_SCRIPTS_DIR/tools/create_si_cacert_pkg.sh
+# run generated file
+./install_cacert.sh
+
+create_cert "nexus"
+
+echo "** Certificates finished **"
+
+update_docker_cfg
+
+echo "Restarting docker"
+systemctl enable docker
+systemctl restart docker
+
+update_firewall
+
+set +e
+
+echo "** Loading images **"
+docker load -i $RESOURCES_DIR/offline_data/docker_images_infra/sonatype_nexus3_latest.tar
+docker load -i $RESOURCES_DIR/offline_data/docker_images_infra/own_nginx_latest.tar
+
+start_nexus
+start_nginx
diff --git a/onap-offline/bash/tools/download_offline_data_by_lists.sh b/onap-offline/bash/tools/download_offline_data_by_lists.sh
new file mode 100755
index 0000000..24cd578
--- /dev/null
+++ b/onap-offline/bash/tools/download_offline_data_by_lists.sh
@@ -0,0 +1,80 @@
+#! /usr/bin/env bash
+
+#   COPYRIGHT NOTICE STARTS HERE
+#
+#   Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+#   COPYRIGHT NOTICE ENDS HERE
+
+
+# fail fast
+set -e
+
+# boilerplate
+RELATIVE_PATH=./ # relative path from this script to 'common-functions.sh'
+if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then
+    SCRIPT_DIR=$(dirname "${0}")
+    LOCAL_PATH=$(readlink -f "$SCRIPT_DIR")
+    . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh
+fi
+
+CTOOLS="${LOCAL_PATH}/creating_data"
+LISTS_DIR="${LOCAL_PATH}/data_list"
+DATA_DIR="${LOCAL_PATH}/../../resources"
+TOTAL=12
+CURR=1
+
+message info "Downloading started: $(date)"
+
+echo "[Step $((CURR++))/$TOTAL Download collected docker images]"
+$CTOOLS/download-docker-images.sh "$LISTS_DIR/docker_image_list.txt"
+
+echo "[Step $((CURR++))/$TOTAL Download manually collected docker images]"
+$CTOOLS/download-docker-images.sh "$LISTS_DIR/docker_manual_image_list.txt"
+
+echo "[Step $((CURR++))/$TOTAL Build own nginx image]"
+$CTOOLS/create_nginx_image/01create-image.sh
+
+echo "[Step $((CURR++))/$TOTAL Save docker images from docker cache to tarfiles]"
+$CTOOLS/save-docker-images.sh "$DATA_DIR/offline_data/docker_images_for_nexus"
+
+echo "[Step $((CURR++))/$TOTAL move infra related images to infra folder]"
+mkdir -p "$DATA_DIR/offline_data/docker_images_infra"
+mv "$DATA_DIR/offline_data/docker_images_for_nexus/own_nginx_latest.tar" "$DATA_DIR/offline_data/docker_images_infra"
+mv "$DATA_DIR/offline_data/docker_images_for_nexus/sonatype_nexus3_latest.tar" "$DATA_DIR/offline_data/docker_images_infra"
+
+echo "[Step $((CURR++))/$TOTAL Download git repos]"
+$CTOOLS/download-git-repos.sh "$LISTS_DIR" "$DATA_DIR/git-repo"
+
+echo "[Step $((CURR++))/$TOTAL Download http files]"
+$CTOOLS/download-http-files.sh "$LISTS_DIR/http_manual_list.txt" "$DATA_DIR/http"
+
+echo "[Step $((CURR++))/$TOTAL Download npm pkgs]"
+$CTOOLS/download-npm-pkgs.sh "$LISTS_DIR/npm_list.txt" "$DATA_DIR/offline_data/npm_tar"
+
+echo "[Step $((CURR++))/$TOTAL Download bin tools]"
+$CTOOLS/download-bin-tools.sh "$DATA_DIR/downloads"
+
+echo "[Step $((CURR++))/$TOTAL Download rhel pkgs]"
+$CTOOLS/download-pkg.sh "$DATA_DIR/pkg/rhel"
+
+echo "[Step $((CURR++))/$TOTAL Download oom]"
+$CTOOLS/download-oom.sh "$DATA_DIR" "${LOCAL_PATH}/../../patches/offline-changes.patch"
+
+echo "[Step $((CURR++))/$TOTAL Download sdnc-ansible-server packages]"
+$CTOOLS/download-pip.sh "$LISTS_DIR/pip_list.txt" "$DATA_DIR/pkg/ubuntu/ansible_pkg"
+$CTOOLS/download-files.sh "$LISTS_DIR/pkg_list.txt" "$DATA_DIR/pkg/ubuntu/ansible_pkg"
+
+message info "Downloading finished: $(date)"
diff --git a/onap-offline/bash/tools/gather_data_lists.sh b/onap-offline/bash/tools/gather_data_lists.sh
new file mode 100755
index 0000000..3e046cb
--- /dev/null
+++ b/onap-offline/bash/tools/gather_data_lists.sh
@@ -0,0 +1,34 @@
+#! /usr/bin/env bash
+
+#   COPYRIGHT NOTICE STARTS HERE
+#
+#   Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+#   COPYRIGHT NOTICE ENDS HERE
+
+script_dir="$(dirname ${BASH_SOURCE[0]})"
+tools=$(readlink -f "$script_dir")
+
+echo "WARNING: This script won't be used except rare internal usage, it's just illustrating how we collected lists of artifacts to be downloaded. It's already deprecated"
+
+TOOLS="$tools/creating_data"
+export LISTS_DIR="$tools/data_list"
+export ONAP_SERVERS="oom-beijing-postRC2-master oom-beijing-postRC2-compute1 oom-beijing-postRC2-compute2"
+OOM_PATH="$tools/../../resources/oom"
+
+$TOOLS/remote-list-gathering.sh
+$TOOLS/make-git-http-list.sh "$OOM_PATH"
+
+
diff --git a/onap-offline/bash/tools/load_stored_offline_data.sh b/onap-offline/bash/tools/load_stored_offline_data.sh
new file mode 100755
index 0000000..eb6cba8
--- /dev/null
+++ b/onap-offline/bash/tools/load_stored_offline_data.sh
@@ -0,0 +1,90 @@
+#! /usr/bin/env bash
+
+#   COPYRIGHT NOTICE STARTS HERE
+#
+#   Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+#   COPYRIGHT NOTICE ENDS HERE
+
+
+# boilerplate
+RELATIVE_PATH=./ # relative path from this script to 'common-functions.sh'
+if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then
+    SCRIPT_DIR=$(dirname "${0}")
+    LOCAL_PATH=$(readlink -f "$SCRIPT_DIR")
+    . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh
+fi
+
+tools="${LOCAL_PATH}"
+message info "Reading configuration"
+get_configuration
+
+CTOOLS="$tools/creating_data"
+LISTS_DIR="$tools/data_list"
+DATA_DIR="$tools/../../resources/offline_data"
+export NEXUS_HOST="https://$NEXUS_FQDN"
+NPM_REGISTRY="$NEXUS_HOST/repository/npm-private/"
+
+TOTAL=5
+CURR=1
+
+message info "Loading started: $(date)"
+
+# backup config.json before we change it in docker-login
+# however no use for restoring it found
+mv ~/.docker/config.json ~/.docker/config.json_backup 2>/dev/null
+
+echo "[Step $((CURR++))/$TOTAL Setting-up docker login for inserting docker images]"
+$CTOOLS/docker-login.sh
+
+echo "[Step $((CURR++))/$TOTAL Inserting docker images into local nexus]"
+$CTOOLS/load-docker-images.sh "$DATA_DIR/docker_images_for_nexus"
+
+echo "[Step $((CURR++))/$TOTAL Setting-up npm for inserting npm pkgs into local nexus]"
+
+npm config set registry $NPM_REGISTRY
+
+/usr/bin/expect <<EOF
+spawn npm login
+expect "Username:"
+send "${NPM_USERNAME}\n"
+expect "Password:"
+send "${NPM_PASSWORD}\n"
+expect Email:
+send "${NPM_EMAIL}\n"
+expect eof
+EOF
+
+echo "[WA] for tss package - this package uses already specified repo and dont accept our simulated domain"
+
+cd $DATA_DIR/npm_tar
+tar xvzf tsscmp-1.0.5.tgz
+rm -f tsscmp-1.0.5.tgz
+sed -i "s|https://registry.npmjs.org|${NPM_REGISTRY}|g" package/package.json
+tar -zcvf tsscmp-1.0.5.tgz package
+rm -rf package
+cd -
+
+echo "[Step $((CURR++))/$TOTAL Inserting npm packages into local nexus]"
+$CTOOLS/upload-npm-pkgs.sh "$LISTS_DIR/npm_list.txt" "$DATA_DIR/npm_tar" "$NEXUS_HOST"
+
+echo "[Step $((CURR++))/$TOTAL Inserting maven artifacts into local nexus]"
+$CTOOLS/upload-maven-files.sh "$tools/../../resources/http" "repo.maven.apache.org" "repo1.maven.org"
+
+# onap is using different credentials for docker login which can be conflicted
+# with ours so better to clean this-up
+rm ~/.docker/config.json
+
+message info "Loading finished: $(date)"
diff --git a/onap-offline/bash/tools/setup_nfs_mount.sh b/onap-offline/bash/tools/setup_nfs_mount.sh
new file mode 100755
index 0000000..eee471b
--- /dev/null
+++ b/onap-offline/bash/tools/setup_nfs_mount.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+#   COPYRIGHT NOTICE STARTS HERE
+#
+#   Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+#   COPYRIGHT NOTICE ENDS HERE
+
+
+usage () {
+  echo "Usage:"
+  echo "   ./$(basename $0) nfs_master_ip"
+  exit 1
+}
+
+if [ "$#" -ne 1 ]; then
+  echo "Missing NFS mater node"
+  usage
+fi
+
+MASTER_IP=$1
+
+#Install NFS common
+#sudo apt-get update
+#sudo apt-get install -y nfs-common
+
+#Create NFS directory
+sudo mkdir -p /dockerdata-nfs
+
+#Mount the remote NFS directory to the local one
+sudo mount $MASTER_IP:/dockerdata-nfs /dockerdata-nfs/
+echo "$MASTER_IP:/dockerdata-nfs /dockerdata-nfs  nfs auto,nofail,noatime,nolock,intr,tcp,actimeo=1800 0 0" | sudo tee -a /etc/fstab
diff --git a/onap-offline/bash/tools/setup_nfs_server_rhel.sh b/onap-offline/bash/tools/setup_nfs_server_rhel.sh
new file mode 100755
index 0000000..24fe2b5
--- /dev/null
+++ b/onap-offline/bash/tools/setup_nfs_server_rhel.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+
+#   COPYRIGHT NOTICE STARTS HERE
+#
+#   Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+#   COPYRIGHT NOTICE ENDS HERE
+
+
+usage () {
+  echo "Usage:"
+  echo "   ./$(basename $0) node1_ip node2_ip ... nodeN_ip"
+  exit 1
+}
+
+if [ "$#" -lt 1 ]; then
+  echo "Missing NFS slave nodes"
+  usage
+fi
+
+#Install NFS kernel
+#sudo apt-get update
+#sudo apt-get install -y nfs-kernel-server
+
+#Create /dockerdata-nfs and set permissions
+sudo mkdir -p /dockerdata-nfs
+sudo chmod 777 -R /dockerdata-nfs
+sudo chown nobody:nobody /dockerdata-nfs/
+
+#Update the /etc/exports
+NFS_EXP=""
+for i in $@; do
+  NFS_EXP+="$i(rw,sync,no_root_squash,no_subtree_check) "
+done
+echo "/dockerdata-nfs "$NFS_EXP | sudo tee -a /etc/exports
+
+#Restart the NFS service
+sudo exportfs -a
+sudo systemctl restart nfs-server
diff --git a/onap-offline/bash/tools/setup_nfs_server_ubuntu.sh b/onap-offline/bash/tools/setup_nfs_server_ubuntu.sh
new file mode 100755
index 0000000..fad3abb
--- /dev/null
+++ b/onap-offline/bash/tools/setup_nfs_server_ubuntu.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+
+#   COPYRIGHT NOTICE STARTS HERE
+#
+#   Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+#   COPYRIGHT NOTICE ENDS HERE
+
+
+usage () {
+  echo "Usage:"
+  echo "   ./$(basename $0) node1_ip node2_ip ... nodeN_ip"
+  exit 1
+}
+
+if [ "$#" -lt 1 ]; then
+  echo "Missing NFS slave nodes"
+  usage
+fi
+
+#Install NFS kernel
+#sudo apt-get update
+#sudo apt-get install -y nfs-kernel-server
+
+#Create /dockerdata-nfs and set permissions
+sudo mkdir -p /dockerdata-nfs
+sudo chmod 777 -R /dockerdata-nfs
+sudo chown nobody:nogroup /dockerdata-nfs/
+
+#Update the /etc/exports
+NFS_EXP=""
+for i in $@; do
+  NFS_EXP+="$i(rw,sync,no_root_squash,no_subtree_check) "
+done
+echo "/dockerdata-nfs "$NFS_EXP | sudo tee -a /etc/exports
+
+#Restart the NFS service
+sudo exportfs -a
+sudo systemctl restart nfs-kernel-server