summaryrefslogtreecommitdiffstats
path: root/onap-offline
diff options
context:
space:
mode:
Diffstat (limited to 'onap-offline')
-rwxr-xr-xonap-offline/bash/deploy_onap.sh55
-rwxr-xr-xonap-offline/bash/tools/000cleanup.sh41
-rwxr-xr-xonap-offline/bash/tools/certificates/2create_cert_for_nginx.sh47
-rwxr-xr-xonap-offline/bash/tools/certificates/self_extract_cacert.sh55
-rwxr-xr-xonap-offline/bash/tools/common-functions.sh649
-rwxr-xr-xonap-offline/bash/tools/create_si_cacert_pkg.sh29
-rwxr-xr-xonap-offline/bash/tools/create_si_onap_pkg.sh88
-rwxr-xr-xonap-offline/bash/tools/delete-local-images.sh19
-rwxr-xr-xonap-offline/bash/tools/deploy_kube.sh95
-rwxr-xr-xonap-offline/bash/tools/deploy_nexus.sh194
-rwxr-xr-xonap-offline/bash/tools/download_offline_data_by_lists.sh80
-rwxr-xr-xonap-offline/bash/tools/gather_data_lists.sh34
-rwxr-xr-xonap-offline/bash/tools/load_stored_offline_data.sh90
-rwxr-xr-xonap-offline/bash/tools/setup_nfs_mount.sh44
-rwxr-xr-xonap-offline/bash/tools/setup_nfs_server_rhel.sh51
-rwxr-xr-xonap-offline/bash/tools/setup_nfs_server_ubuntu.sh51
-rw-r--r--onap-offline/cfg/cacert.cnf113
-rw-r--r--onap-offline/cfg/full_depl_values.yaml160
-rw-r--r--onap-offline/cfg/nexus_cert.cnf33
-rw-r--r--onap-offline/cfg/nginx.conf110
-rw-r--r--onap-offline/cfg/reduced_depl_values.yaml159
-rw-r--r--onap-offline/cfg/v3.ext24
22 files changed, 2221 insertions, 0 deletions
diff --git a/onap-offline/bash/deploy_onap.sh b/onap-offline/bash/deploy_onap.sh
new file mode 100755
index 0000000..d8ae4f3
--- /dev/null
+++ b/onap-offline/bash/deploy_onap.sh
@@ -0,0 +1,55 @@
+#! /usr/bin/env bash
+
+# COPYRIGHT NOTICE STARTS HERE
+#
+# Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# COPYRIGHT NOTICE ENDS HERE
+
+
+# fail fast
+set -e
+
+# OS check
+. /etc/os-release
+OS_ID="${ID}"
+
+case "$OS_ID" in
+ centos)
+ ;;
+ rhel)
+ ;;
+ ubuntu)
+ ;;
+ *)
+ echo This OS is not supported: $OS_ID
+ exit 1
+ ;;
+esac
+
+# boilerplate
+RELATIVE_PATH=./tools # relative path from this script to 'common-functions.sh'
+if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then
+ SCRIPT_DIR=$(dirname "${0}")
+ LOCAL_PATH=$(readlink -f "$SCRIPT_DIR")
+ . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh
+fi
+
+get_configuration
+copy_onap_values_file
+patch_npm_oom
+patch_spring_oom
+patch_cfy_manager_depl $OS_ID
+deploy_onap
diff --git a/onap-offline/bash/tools/000cleanup.sh b/onap-offline/bash/tools/000cleanup.sh
new file mode 100755
index 0000000..3349c50
--- /dev/null
+++ b/onap-offline/bash/tools/000cleanup.sh
@@ -0,0 +1,41 @@
+# COPYRIGHT NOTICE STARTS HERE
+#
+# Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# COPYRIGHT NOTICE ENDS HERE
+
+oldifs=$IFS
+IFS=$'\n'
+
+echo "Deleting containers"
+for x in $(docker ps -a); do
+ cid=$(echo "$x" | awk '{print $1}')
+ docker rm -f $cid
+done
+
+echo "Deleting volumes"
+for x in $(docker volume ls | grep -v 'nexus-data'); do
+ name=$(echo "$x" | awk '{print $2}')
+# echo "A: $name"
+ docker volume rm $name
+done
+
+echo "Unmounting kubelet pods"
+for x in $(mount | grep 'kubelet/pods\|rancher\|docker' | cut -d ' ' -f 3) ; do umount "$x" ; done
+
+rm -rfd /var/lib/kubelet/*
+rm -rfd /var/lib/rancher/*
+rm -rfd /var/lib/docker/*
+
diff --git a/onap-offline/bash/tools/certificates/2create_cert_for_nginx.sh b/onap-offline/bash/tools/certificates/2create_cert_for_nginx.sh
new file mode 100755
index 0000000..a9adb52
--- /dev/null
+++ b/onap-offline/bash/tools/certificates/2create_cert_for_nginx.sh
@@ -0,0 +1,47 @@
+#! /usr/bin/env bash
+
+# COPYRIGHT NOTICE STARTS HERE
+#
+# Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# COPYRIGHT NOTICE ENDS HERE
+
+
+# fail fast
+set -e
+
+# boilerplate
+RELATIVE_PATH=../ # relative path from this script to 'common-functions.sh'
+if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then
+ SCRIPT_DIR=$(dirname "${0}")
+ LOCAL_PATH=$(readlink -f "$SCRIPT_DIR")
+ . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh
+fi
+
+message info "Reading configuration"
+get_configuration
+
+update_hosts
+
+message info "Restarting dnsmasq"
+systemctl enable dnsmasq
+systemctl restart dnsmasq
+
+message info "Configure ssl certificates"
+create_cert "nexus"
+
+message info "** Certificates finished **"
+
+docker restart nginx
diff --git a/onap-offline/bash/tools/certificates/self_extract_cacert.sh b/onap-offline/bash/tools/certificates/self_extract_cacert.sh
new file mode 100755
index 0000000..1e7a5ab
--- /dev/null
+++ b/onap-offline/bash/tools/certificates/self_extract_cacert.sh
@@ -0,0 +1,55 @@
+#! /bin/sh
+
+# COPYRIGHT NOTICE STARTS HERE
+#
+# Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# COPYRIGHT NOTICE ENDS HERE
+
+
+
+extract_ca() {
+ cpath=$1
+ sed '0,/^#EOF#$/d' $0 > $cpath;
+ echo "Certificate installed into: $cpath"
+}
+
+OS_ID=$(awk -F= '/^ID=/{print $2}' /etc/os-release)
+OS_ID="${OS_ID%\"}"
+OS_ID="${OS_ID#\"}"
+
+if [ "$OS_ID" = "rhel" -o "$OS_ID" = "centos" ]; then
+ # for centos/ rhel
+ echo "Detected rhel like distribution"
+
+ update-ca-trust force-enable
+ extract_ca /etc/pki/ca-trust/source/anchors/rootCAcert.crt
+ update-ca-trust extract
+
+elif [ "$OS_ID" = "ubuntu" ]; then
+ echo "Detected ubuntu distribution"
+
+ mkdir -p /usr/local/share/ca-certificates/extra
+ extract_ca /usr/local/share/ca-certificates/extra/rootCAcert.crt
+ update-ca-certificates
+else
+ echo "OS $OS_ID is not supported"
+ exit -2
+fi
+
+echo "** Please restart docker (because of reload new CA) **"
+
+exit 0
+#EOF#
diff --git a/onap-offline/bash/tools/common-functions.sh b/onap-offline/bash/tools/common-functions.sh
new file mode 100755
index 0000000..0a6e26f
--- /dev/null
+++ b/onap-offline/bash/tools/common-functions.sh
@@ -0,0 +1,649 @@
+# COPYRIGHT NOTICE STARTS HERE
+#
+# Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# COPYRIGHT NOTICE ENDS HERE
+
+#
+# this file contains shared variables and functions for the onap installer
+#
+
+# any script which needs this file can check this variable
+# and it will know immediately if the functions and variables
+# are loaded and usable
+IS_COMMON_FUNCTIONS_SOURCED=YES
+
+# setting of the path variables
+if [ -z "$APROJECT_DIR" ] ; then
+ INCLUDE_PATH="${LOCAL_PATH}"/"${RELATIVE_PATH}"
+ APROJECT_DIR=$(readlink -f "$INCLUDE_PATH"/../..)
+fi
+
+RESOURCES_DIR="$APROJECT_DIR/resources"
+BASH_SCRIPTS_DIR="$APROJECT_DIR/bash"
+NEXUS_DATA="$RESOURCES_DIR/nexus_data"
+CERTS_TARGET_PATH="$APROJECT_DIR/live/certs"
+NGINX_LOG_DIR="$APROJECT_DIR/live/nginx_logs"
+GEN_CFG_PATH="$APROJECT_DIR/live/cfg"
+GIT_REPOS="$RESOURCES_DIR/git-repo"
+NGINX_HTTP_DIR="$RESOURCES_DIR/http"
+RHEL_REPO="$RESOURCES_DIR/pkg/rhel"
+
+PATH="${PATH}:/usr/local/bin:/usr/local/sbin"
+export PATH
+
+# just self-defense against locale
+LANG=C
+export LANG
+
+# dns handling
+SIMUL_HOSTS="gcr.io \
+git.rancher.io \
+gerrit.onap.org \
+registry-1.docker.io \
+docker.io \
+registry.npmjs.org \
+nexus3.onap.org \
+nexus.onap.org \
+docker.elastic.co \
+www.getcloudify.org \
+www.springframework.org \
+registry.hub.docker.com \
+git.onap.org \
+repo1.maven.org \
+repo.maven.apache.org"
+
+# default credentials to the repository
+NEXUS_USERNAME=admin
+NEXUS_PASSWORD=admin123
+NEXUS_EMAIL=admin@onap.org
+
+# this function is intended to unify the installer output
+message() {
+ case "$1" in
+ info)
+ echo 'INFO:' "$@"
+ ;;
+ debug)
+ echo 'DEBUG:' "$@" >&2
+ ;;
+ warning)
+ echo 'WARNING [!]:' "$@" >&2
+ ;;
+ error)
+ echo 'ERROR [!!]:' "$@" >&2
+ return 1
+ ;;
+ *)
+ echo 'UNKNOWN [?!]:' "$@" >&2
+ return 2
+ ;;
+ esac
+ return 0
+}
+export message
+
+# if the environment variable DEBUG is set to DEBUG-ONAP ->
+# -> this function will print its arguments
+# otherwise nothing is done
+debug() {
+ [ "$DEBUG" = DEBUG-ONAP ] && message debug "$@"
+}
+export debug
+
+fail() {
+ message error "$@"
+ exit 1
+}
+
+retry() {
+ local n=1
+ local max=5
+ while ! "$@"; do
+ if [ $n -lt $max ]; then
+ n=$((n + 1))
+ message warning "Command ${@} failed. Attempt: $n/$max"
+ message info "waiting 10s for another try..."
+ sleep 10s
+ else
+ fail "Command ${@} failed after $n attempts. Better to abort now."
+ fi
+ done
+}
+
+may_self_extract() {
+ # extract and untar to the current directory
+ sed '0,/^# PAYLOAD BELOW #$/d' "$0" | tar -xvpf - ;
+}
+
+update_hosts() {
+ if grep -q "^[^#]\+\s$SIMUL_HOSTS\s*\$" /etc/hosts ; then
+ message info "simulated domains already in /etc/hosts"
+ else
+ echo "$LOCAL_IP $SIMUL_HOSTS" >> /etc/hosts
+ message info "simulated domains added to /etc/hosts (please check it)"
+ fi
+
+ if grep -q "^[^#]\+\s$NEXUS_FQDN\s*\$" /etc/hosts ; then
+ message info "nexus FQDN already in /etc/hosts"
+ else
+ echo "$LOCAL_IP $NEXUS_FQDN" >> /etc/hosts
+ message info "Nexus FQDN added to /etc/hosts (please check it)"
+ fi
+
+ if grep -q "^[^#]\+\srepo.install-server\s*\$" /etc/hosts ; then
+ message info "custom repo FQDN already in /etc/hosts"
+ else
+ echo "$LOCAL_IP repo.install-server" >> /etc/hosts
+ message info "Nexus FQDN added to /etc/hosts (please check it)"
+ fi
+}
+
+get_cfg_val() {
+ name="$1"
+ shift
+ ask="$@"
+
+ value=$(eval "echo \$${name}")
+ if [ -z "$value" ]; then
+ while [ -z "$value" ] ; do
+ printf "${ask}"
+ read -r $name
+
+ value=$(eval "echo \$${name}")
+ done
+ echo "${name}='${value}'" >> ./local_repo.conf
+ fi
+}
+
+get_configuration() {
+ if [ -f ./local_repo.conf ]; then
+ . ./local_repo.conf
+ fi
+
+ if [ -z "${NEXUS_FQDN}" ]; then
+ NEXUS_FQDN="nexus.$HOSTNAME"
+ echo "NEXUS_FQDN='${NEXUS_FQDN}'" >> ./local_repo.conf
+ fi
+
+ if [ -z "${ONAP_SCALE}" ]; then
+ ONAP_SCALE=full
+ echo "ONAP_SCALE='${ONAP_SCALE}'" >> ./local_repo.conf
+ fi
+
+ # nexus should be configured using those default entries
+ # if it was not put the correct inputs instead
+ if [ -z "${NPM_USERNAME}" ]; then
+ NPM_USERNAME="${NEXUS_USERNAME}"
+ echo "NPM_USERNAME='${NPM_USERNAME}'" >> ./local_repo.conf
+ fi
+
+ if [ -z "${NPM_PASSWORD}" ]; then
+ NPM_PASSWORD="${NEXUS_PASSWORD}"
+ echo "NPM_PASSWORD='${NPM_PASSWORD}'" >> ./local_repo.conf
+ fi
+
+ if [ -z "${NPM_EMAIL}" ]; then
+ NPM_EMAIL="$NEXUS_EMAIL"
+ echo "NPM_EMAIL='${NPM_EMAIL}'" >> ./local_repo.conf
+ fi
+
+ export NEXUS_FQDN
+ export ONAP_SCALE
+ export NPM_USERNAME
+ export NPM_PASSWORD
+ export NPM_EMAIL
+
+ NODE_USERNAME="root"
+
+ if [ -z "$LOCAL_IP" ] ; then
+ echo
+ echo "======= Mandatory configuration ======="
+ echo
+ message info "fill in these mandatory configuration values"
+ get_cfg_val "LOCAL_IP" "Enter the public IPv4 used for this '$HOSTNAME' install machine," \
+ "\nDO NOT USE LOOPBACK! (for example: 10.0.0.1): "
+ fi
+}
+
+enable_local_repo() {
+ sed -r "s%PATH%file://$APROJECT_DIR/resources/pkg/rhel%" "$APROJECT_DIR/resources/pkg/rhel/onap.repo" > /etc/yum.repos.d/onap.repo
+}
+
+install_packages() {
+ os_id="$1"
+
+ message info "Installing packages"
+
+ case "$os_id" in
+ centos)
+ yum -y install "$APROJECT_DIR/resources/pkg/centos/*.rpm"
+ ;;
+ rhel)
+ enable_local_repo
+ yum -y install docker-ce dnsmasq icewm firefox tigervnc-server
+ systemctl enable docker
+ systemctl start docker
+ ;;
+ ubuntu)
+ dpkg -i "$APROJECT_DIR/resources/pkg/ubuntu/*.deb"
+ ;;
+ *)
+ message error "OS release is not supported: $os_id"
+ message info "ABORTING INSTALLATION"
+ exit 1
+ ;;
+ esac
+}
+
+install_files() {
+ message info "installation of external binaries"
+ for binary in kubectl helm rancher jq ; do
+ cp "$APROJECT_DIR/resources/downloads/${binary}" /usr/local/bin/
+ chmod 755 "/usr/local/bin/${binary}"
+ done
+ mkdir ~/.kube
+}
+
+setup_vnc_server() {
+ mkdir -p ~/.vnc ~/.icewm
+ echo "onap" | vncpasswd -f > ~/.vnc/passwd
+ chmod 0600 ~/.vnc/passwd
+
+ cat > ~/.vnc/xstartup <<EOF
+#!/bin/sh
+
+unset SESSION_MANAGER
+unset DBUS_SESSION_BUS_ADDRESS
+exec icewm-session
+
+EOF
+
+chmod +x ~/.vnc/xstartup
+
+ cat > ~/.icewm/menu <<EOF
+prog Firefox firefox firefox
+separator
+
+EOF
+vncserver
+}
+
+update_docker_cfg() {
+ if [ -f "/etc/docker/daemon.json" ]; then
+ jq '.dns += ["172.17.0.1"]' /etc/docker/daemon.json > /tmp/daemon.json
+ mv /tmp/daemon.json /etc/docker/daemon.json
+ else
+ echo '{"dns": ["172.17.0.1"]}' > /etc/docker/daemon.json
+ fi
+}
+
+create_root_CA() {
+ echo "** Generate certificates **"
+ openssl genrsa -out $CERTS_TARGET_PATH/rootCA.key 4096
+
+ echo "** Generate self signed ***"
+ openssl req -config $GEN_CFG_PATH/cacert.cnf -key $CERTS_TARGET_PATH/rootCA.key -new -x509 -days 7300 -sha256 -extensions v3_ca \
+ -out $CERTS_TARGET_PATH/rootCAcert.pem
+
+
+ # convert to crt
+ openssl x509 -in $CERTS_TARGET_PATH/rootCAcert.pem -inform PEM -out $CERTS_TARGET_PATH/rootCAcert.crt
+}
+
+install_root_CA() {
+ os=$1
+ echo "** Publishing root CA **"
+ if [ "$os" == "redhat" ]; then
+ # for centos
+ update-ca-trust force-enable
+ cp $CERTS_TARGET_PATH/rootCAcert.crt /etc/pki/ca-trust/source/anchors/
+ update-ca-trust extract
+ elif [ "$os" == "ubuntu" ]; then
+ mkdir -p /usr/local/share/ca-certificates/extra
+ cp $CERTS_TARGET_PATH/rootCAcert.crt /usr/local/share/ca-certificates/extra
+ update-ca-certificates
+ else
+ echo "OS \"$os\" is not supported"
+ exit -2
+ fi
+
+ echo "** Restart docker (because of reload new CA) **"
+ systemctl restart docker
+
+}
+
+create_cert() {
+ server_name=$1
+
+ openssl genrsa -out $CERTS_TARGET_PATH/${server_name}_server.key 4096
+ echo "** Generate sig request ***"
+ openssl req -new -config $GEN_CFG_PATH/${server_name}_cert.cnf -key $CERTS_TARGET_PATH/${server_name}_server.key -out $CERTS_TARGET_PATH/${server_name}_server.csr
+
+ # v3.ext must be in separate file , because of bug in openssl 1.0
+ echo "** sign **"
+ openssl x509 -req -in $CERTS_TARGET_PATH/${server_name}_server.csr\
+ -extfile $GEN_CFG_PATH/v3.ext\
+ -CA $CERTS_TARGET_PATH/rootCAcert.crt\
+ -CAkey $CERTS_TARGET_PATH/rootCA.key\
+ -CAcreateserial -out $CERTS_TARGET_PATH/${server_name}_server.crt -days 3650 -sha256
+}
+
+create_all_certs() {
+ create_cert "nexus"
+}
+
+update_firewall() {
+# TODO
+#firewall-cmd --permanent --add-port=53/udp
+#firewall-cmd --permanent --add-port=53/tcp
+#firewall-cmd --permanent --add-port=10001/tcp
+#firewall-cmd --permanent --add-port=80/tcp
+#firewall-cmd --permanent --add-port=443/tcp
+return 0
+}
+
+distribute_root_CA() {
+ targetip=$1
+ scp $APROJECT_DIR/install_cacert.sh $targetip:.
+ ssh $targetip ./install_cacert.sh
+ echo "** Add DNS record to remote host **"
+ ssh $targetip "echo nameserver $LOCAL_IP > /etc/resolv.conf"
+}
+
+upload_ansible_pkgs() {
+ os=$1
+ targetip=$2
+ #if [[ $os == "ubuntu" ]]; then
+ # those deb & whl packages are needed for sdnc-ansible-server pod
+ # independently on host OS distros
+ echo "** Copy required packages for sdnc-ansible-pod to kubernetes node $targetip **"
+ scp -r $APROJECT_DIR/resources/pkg/ubuntu/ansible_pkg $targetip:.
+ #fi
+}
+
+remote_setup_nfs_server() {
+ os=$1
+ targetip=$2
+ shift 2
+ scp $APROJECT_DIR/bash/tools/setup_nfs_server_${os}.sh $targetip:setup_nfs_server.sh
+ if [[ $os == "ubuntu" ]]; then
+ scp -r $APROJECT_DIR/resources/pkg/ubuntu/nfs-common-pkg/* $targetip:.
+ ssh $targetip dpkg -i *.deb
+ fi
+
+ ssh $targetip /bin/bash ./setup_nfs_server.sh "$@"
+}
+
+remote_setup_nfs_mount() {
+ os=$1
+ targetip=$2
+ nfsip=$3
+ scp $APROJECT_DIR/bash/tools/setup_nfs_mount.sh $targetip:.
+ if [[ $os == "ubuntu" ]]; then
+ scp -r $APROJECT_DIR/resources/pkg/ubuntu/nfs-common-pkg/* $targetip:.
+ ssh $targetip dpkg -i *.deb
+ fi
+ ssh $targetip /bin/bash ./setup_nfs_mount.sh $nfsip
+}
+
+enable_remote_repo() {
+ targetip=$1
+ sed -r "s%PATH%http://repo.install-server%" $APROJECT_DIR/resources/pkg/rhel/onap.repo | ssh $targetip 'cat > /etc/yum.repos.d/onap.repo'
+}
+
+install_remote_docker() {
+ targetip=$1
+ os=$2
+ if [[ $os == "ubuntu" ]]; then
+ scp -r $APROJECT_DIR/resources/pkg/ubuntu/{docker-ce_17.03.2~ce-0~ubuntu-xenial_amd64.deb,libltdl7_2.4.6-0.1_amd64.deb} $targetip:.
+ ssh $targetip dpkg -i *.deb
+ elif [[ $os == "rhel" ]]; then
+ ssh $targetip yum -y install docker-ce
+ fi
+ ssh $targetip "mkdir -p /etc/docker"
+ scp "$APROJECT_DIR/resources/downloads/jq" $targetip:/usr/local/bin/
+ ssh $targetip "if [[ -f /etc/docker/daemon.json ]]; then
+ jq '.dns += [\"$LOCAL_IP\"]' /etc/docker/daemon.json > /tmp/daemon.json
+ mv /tmp/daemon.json /etc/docker/daemon.json
+ else
+ echo {'\"'dns'\"': ['\"'$LOCAL_IP'\"']} > /etc/docker/daemon.json
+ fi"
+
+ ssh $targetip 'systemctl enable docker; systemctl restart docker'
+}
+
+deploy_rancher() {
+ docker run -d --entrypoint "/bin/bash" --restart=unless-stopped -p 8080:8080 \
+ -v $CERTS_TARGET_PATH:/usr/local/share/ca-certificates/extra:ro \
+ --name rancher_server rancher/server:v1.6.14 \
+ -c "/usr/sbin/update-ca-certificates;/usr/bin/entry /usr/bin/s6-svscan /service"
+ echo "** wait until rancher is ready **"
+}
+
+deploy_kubernetes() {
+ os=$1
+ set +e
+ for i in `seq 5 -1 1`; do
+ API_RESPONSE=`curl -s 'http://127.0.0.1:8080/v2-beta/apikey' \
+ -d '{"type":"apikey","accountId":"1a1","name":"autoinstall"\
+ ,"description":"autoinstall","created":null,"kind":null,\
+ "removeTime":null,"removed":null,"uuid":null}'`
+ if [[ "$?" -eq 0 ]]; then
+ KEY_PUBLIC=`echo $API_RESPONSE | jq -r .publicValue`
+ KEY_SECRET=`echo $API_RESPONSE | jq -r .secretValue`
+ break
+ fi
+ echo "Waiting for rancher server to start"
+ sleep 60
+ done
+ set -e
+ export RANCHER_URL=http://${LOCAL_IP}:8080
+ export RANCHER_ACCESS_KEY=$KEY_PUBLIC
+ export RANCHER_SECRET_KEY=$KEY_SECRET
+
+ rancher env ls
+ echo "wait 60 sec for rancher environments can settle before we create the onap kubernetes one"
+ sleep 60
+
+ rancher env create -t kubernetes onap > kube_env_id.json
+ PROJECT_ID=$(<kube_env_id.json)
+ echo "env id: $PROJECT_ID"
+ export RANCHER_HOST_URL=http://${LOCAL_IP}:8080/v1/projects/$PROJECT_ID
+
+ for i in `seq 5`; do
+ status=$(rancher env ls | grep $PROJECT_ID | awk '{print $4}')
+ if [[ "$status" == "active" ]]; then
+ echo "Check on environments again before registering the URL response"
+ rancher env ls
+ break
+ fi
+ echo "Wait for environment to become active"
+ sleep 30
+ done
+
+ REG_URL_RESPONSE=`curl -X POST -u $KEY_PUBLIC:$KEY_SECRET -H 'Accept: application/json' -H 'ContentType: application/json' -d '{"name":"$LOCAL_IP"}' "http://$LOCAL_IP:8080/v1/projects/$PROJECT_ID/registrationtokens"`
+ echo "wait for server to finish url configuration - 3 min"
+ sleep 180
+ # see registrationUrl in
+ REGISTRATION_TOKENS=`curl http://127.0.0.1:8080/v2-beta/registrationtokens`
+ REGISTRATION_DOCKER=`echo $REGISTRATION_TOKENS | jq -r .data[0].image`
+ REGISTRATION_TOKEN=`echo $REGISTRATION_TOKENS | jq -r .data[0].token`
+
+ # base64 encode the kubectl token from the auth pair
+ # generate this after the host is registered
+ KUBECTL_TOKEN=$(echo -n 'Basic '$(echo -n "$RANCHER_ACCESS_KEY:$RANCHER_SECRET_KEY" | base64 -w 0) | base64 -w 0)
+ echo "KUBECTL_TOKEN base64 encoded: ${KUBECTL_TOKEN}"
+ cat > ~/.kube/config <<EOF
+apiVersion: v1
+kind: Config
+clusters:
+- cluster:
+ api-version: v1
+ insecure-skip-tls-verify: true
+ server: "https://$LOCAL_IP:8080/r/projects/$PROJECT_ID/kubernetes:6443"
+ name: "onap"
+contexts:
+- context:
+ cluster: "onap"
+ user: "onap"
+ name: "onap"
+current-context: "onap"
+users:
+- name: "onap"
+ user:
+ token: "$KUBECTL_TOKEN"
+
+EOF
+
+ if [[ $os == "rhel" ]]; then
+ echo "Upgrade datavolume for RHEL"
+ KUBELET_ID=`curl http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/ | jq -r '.data[] | select(.name=="kubelet")'.id`
+ OLD_LAUNCH_CONFIG=`curl http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/${KUBELET_ID} | jq '.launchConfig'`
+ NEW_LAUNCH_CONFIG=`echo $OLD_LAUNCH_CONFIG | jq '.dataVolumes[2]="/sys/fs/cgroup:/sys/fs/cgroup:ro,rprivate"'`
+
+ DATA="{
+ \"inServiceStrategy\": {
+ \"batchSize\": 1,
+ \"intervalMillis\": 2000,
+ \"startFirst\": false,
+ \"launchConfig\": ${NEW_LAUNCH_CONFIG},
+ \"secondaryLaunchConfigs\": []
+ }
+ }"
+ curl -s -u $KEY_PUBLIC:$KEY_SECRET -X POST -H 'Content-Type: application/json' -d "${DATA}" "http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/${KUBELET_ID}?action=upgrade" > /dev/null
+
+ echo "Give environment time to update (30 sec)"
+ sleep 30
+
+ curl -s -u $KEY_PUBLIC:$KEY_SECRET -X POST "http://${LOCAL_IP}:8080/v2-beta/projects/${PROJECT_ID}/services/${KUBELET_ID}?action=finishupgrade" > /dev/null
+ fi
+}
+
+deploy_rancher_agent() {
+ nodeip=$1
+ if [ -z "$REGISTRATION_DOCKER" ]; then
+ echo "ASSERT: Missing REGISTRATION_DOCKER"
+ exit 1
+ fi
+ if [ -z "$RANCHER_URL" ]; then
+ echo "ASSERT: Missing RANCHER_URL"
+ exit 1
+ fi
+ if [ -z "$REGISTRATION_TOKEN" ]; then
+ echo "ASSERT: Missing REGISTRATION_TOKEN"
+ exit 1
+ fi
+
+ ssh $nodeip "docker run --rm --privileged -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/racher:/var/lib/rancher $REGISTRATION_DOCKER $RANCHER_URL/v1/scripts/$REGISTRATION_TOKEN"
+ echo "waiting 2 min for creating kubernetes environment"
+ sleep 120
+}
+
+deploy_node() {
+ nodeip=$1
+ os=$2
+ echo "Deploying node $nodeip"
+ distribute_root_CA $nodeip
+ install_remote_docker $nodeip $os
+ deploy_rancher_agent $nodeip
+}
+
+deploy_onap() {
+ pushd $APROJECT_DIR/resources/oom/kubernetes
+ helm init --upgrade --skip-refresh
+ # this might fail
+ set +e
+ helm repo remove stable
+ set -e
+ helm serve &
+ echo "wait a moment before helm will come up ..."
+ sleep 5
+ helm repo add local http://127.0.0.1:8879
+ make all
+ helm install local/onap -n dev --namespace onap
+ popd
+}
+
+expand_file() {
+ file=$1
+ shift
+
+ for ivar in "$@" ; do
+ ivalue=$(eval 'echo "$'${ivar}'"')
+ sed -i "s#${ivar}#${ivalue}#g" "$file"
+ done
+}
+
+patch_npm_oom() {
+ if [ -z "$LOCAL_IP" ] ; then
+ echo "ERROR: LOCAL_IP unset"
+ return 1
+ fi
+ if [ -z "$NEXUS_FQDN" ] ; then
+ echo "ERROR: NEXUS_FQDN unset"
+ return 1
+ fi
+
+ UPDATE_HOSTS_FILE="$LOCAL_IP $NEXUS_FQDN"
+ UPDATE_NPM_REGISTRY="npm set registry \"http://${NEXUS_FQDN}/repository/npm-private/\""
+
+ expand_file $APROJECT_DIR/resources/oom/kubernetes/common/dgbuilder/templates/deployment.yaml \
+ UPDATE_HOSTS_FILE \
+ UPDATE_NPM_REGISTRY
+ expand_file $APROJECT_DIR/resources/oom/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml \
+ UPDATE_HOSTS_FILE \
+ UPDATE_NPM_REGISTRY
+}
+
+patch_spring_oom() {
+ if [ -z "$LOCAL_IP" ] ; then
+ echo "ERROR: LOCAL_IP unset"
+ return 1
+ fi
+
+ UPDATE_HOSTS_FILE="$LOCAL_IP www.springframework.org"
+ expand_file $APROJECT_DIR/resources/oom/kubernetes/dmaap/charts/message-router/templates/deployment.yaml \
+ UPDATE_HOSTS_FILE
+}
+
+patch_cfy_manager_depl() {
+ os="$1"
+ file="${APROJECT_DIR}/resources/oom/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml"
+
+ case "$os" in
+ centos|rhel)
+ CERT_PATH="/etc/pki/ca-trust/source/anchors"
+ ;;
+ ubuntu)
+ CERT_PATH="/usr/local/share/ca-certificates/extra"
+ ;;
+ '')
+ echo "ERROR: missing argument"
+ return 1
+ ;;
+ *)
+ echo "ERROR: unknown OS: ${os}"
+ return 1
+ ;;
+ esac
+
+ expand_file "$file" CERT_PATH
+}
+
+copy_onap_values_file() {
+ cp "${APROJECT_DIR}/cfg/${ONAP_SCALE}_depl_values.yaml" \
+ "${APROJECT_DIR}/resources/oom/kubernetes/onap/values.yaml"
+}
diff --git a/onap-offline/bash/tools/create_si_cacert_pkg.sh b/onap-offline/bash/tools/create_si_cacert_pkg.sh
new file mode 100755
index 0000000..197f0c0
--- /dev/null
+++ b/onap-offline/bash/tools/create_si_cacert_pkg.sh
@@ -0,0 +1,29 @@
+#! /bin/bash
+
+# COPYRIGHT NOTICE STARTS HERE
+#
+# Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# COPYRIGHT NOTICE ENDS HERE
+
+
+self="$0"
+tools_dir=$(dirname "$self")
+
+TARGET_FILE="./install_cacert.sh"
+
+cat "$tools_dir/certificates/self_extract_cacert.sh" "$tools_dir/../../live/certs/rootCAcert.crt" > $TARGET_FILE
+chmod a+x $TARGET_FILE
+echo "Created self installation file: $TARGET_FILE"
diff --git a/onap-offline/bash/tools/create_si_onap_pkg.sh b/onap-offline/bash/tools/create_si_onap_pkg.sh
new file mode 100755
index 0000000..12d851b
--- /dev/null
+++ b/onap-offline/bash/tools/create_si_onap_pkg.sh
@@ -0,0 +1,88 @@
+#! /usr/bin/env bash
+
+# COPYRIGHT NOTICE STARTS HERE
+#
+# Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# COPYRIGHT NOTICE ENDS HERE
+
+
+# fail fast
+set -e
+
+# boilerplate
+RELATIVE_PATH=./ # relative path from this script to 'common-functions.sh'
+if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then
+ SCRIPT_DIR=$(dirname "${0}")
+ LOCAL_PATH=$(readlink -f "$SCRIPT_DIR")
+ . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh
+fi
+
+if [ -z "$1" ]; then
+ VERSION="RC3"
+ message info "no argument supplied, keeping default naming: $VERSION"
+else
+ VERSION="$1"
+fi
+
+# name of the self-extract-installer
+TARGET_FILE="$APROJECT_DIR/selfinstall_onap_beijing_"$VERSION".sh"
+
+# inserting the head of the script
+cat > "$TARGET_FILE" <<EOF
+#! /usr/bin/env bash
+
+#
+# This is self-extract installer for onap
+#
+
+# fail fast
+set -e
+
+# boilerplate
+SCRIPT_DIR=\$(dirname "\${0}")
+APROJECT_DIR=\$(readlink -f "\$SCRIPT_DIR")
+IS_SELF_EXTRACT=YES
+
+EOF
+
+# splicing the scripts together
+cat "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh >> "$TARGET_FILE"
+cat "${LOCAL_PATH}"/"${RELATIVE_PATH}"/deploy_nexus.sh >> "$TARGET_FILE"
+cat "${LOCAL_PATH}"/"${RELATIVE_PATH}"/deploy_kube.sh >> "$TARGET_FILE"
+
+# finishing touches to the script
+cat >> "$TARGET_FILE" <<EOF
+
+exit 0
+
+#
+# Installer script ends here
+# The rest of this file is a binary payload
+# ! DO NOT MODIFY IT !
+#
+
+# PAYLOAD BELOW #
+EOF
+
+# appending the tar to the script
+cd "$APROJECT_DIR"
+tar --exclude='.git' --exclude='*.swp' --exclude='selfinstall_onap_*.sh' --exclude='ansible' --exclude='docker' --exclude='local_repo.conf' --exclude='live' -cvf - * >> "$TARGET_FILE"
+cd -
+
+chmod 755 "$TARGET_FILE"
+message info "Created Nexus self installation file: $TARGET_FILE"
+
+exit 0
diff --git a/onap-offline/bash/tools/delete-local-images.sh b/onap-offline/bash/tools/delete-local-images.sh
new file mode 100755
index 0000000..5e481c3
--- /dev/null
+++ b/onap-offline/bash/tools/delete-local-images.sh
@@ -0,0 +1,19 @@
+# COPYRIGHT NOTICE STARTS HERE
+#
+# Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# COPYRIGHT NOTICE ENDS HERE
+
+docker rmi -f $(docker images -q)
diff --git a/onap-offline/bash/tools/deploy_kube.sh b/onap-offline/bash/tools/deploy_kube.sh
new file mode 100755
index 0000000..f2a77be
--- /dev/null
+++ b/onap-offline/bash/tools/deploy_kube.sh
@@ -0,0 +1,95 @@
+#! /usr/bin/env bash
+
+# COPYRIGHT NOTICE STARTS HERE
+#
+# Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# COPYRIGHT NOTICE ENDS HERE
+
+
+# fail fast
+set -e
+
+# OS check
+. /etc/os-release
+OS_ID="${ID}"
+
+case "$OS_ID" in
+ centos)
+ ;;
+ rhel)
+ ;;
+ ubuntu)
+ ;;
+ *)
+ echo This OS is not supported: $OS_ID
+ exit 1
+ ;;
+esac
+
+# boilerplate
+RELATIVE_PATH=./ # relative path from this script to 'common-functions.sh'
+if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then
+ SCRIPT_DIR=$(dirname "${0}")
+ LOCAL_PATH=$(readlink -f "$SCRIPT_DIR")
+ . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh
+fi
+
+message info "Reading configuration"
+get_configuration
+if [ -z "$NODES_IPS" ] ; then
+ get_cfg_val "NODES_IPS" "Enter the public IPv4 addresses of kubernetes nodes separated by space," \
+ "\n(for example: 10.0.0.2 10.0.0.3 ...): "
+fi
+
+echo "Wait for nexus startup (1min)"
+sleep 60
+
+
+# on install server
+deploy_rancher
+deploy_kubernetes "$OS_ID"
+
+echo "Setting up ONAP Local Repo on Kubernetes nodes"
+for node in ${NODES_IPS} ; do
+ enable_remote_repo $node
+done
+
+# setup NFS on nodes
+assort_nodes_ips() {
+ nfs_server="$1"
+ shift
+ nfs_clients="$*"
+}
+assort_nodes_ips ${NODES_IPS}
+if [ -n "${nfs_clients}" ]; then
+ echo "Setting up NFS"
+ remote_setup_nfs_server $OS_ID ${nfs_server} ${nfs_clients}
+ for node in ${nfs_clients} ; do
+ remote_setup_nfs_mount $OS_ID $node ${nfs_server}
+ done
+else
+ echo "Only one node set. Skipping nfs configuration"
+fi
+
+echo "Copy ansible packages for onap ansible-server"
+for node in ${NODES_IPS} ; do
+ upload_ansible_pkgs $OS_ID $node
+done
+
+# to nodes
+for node in ${NODES_IPS} ; do
+ deploy_node $node $OS_ID
+done
diff --git a/onap-offline/bash/tools/deploy_nexus.sh b/onap-offline/bash/tools/deploy_nexus.sh
new file mode 100755
index 0000000..1532c61
--- /dev/null
+++ b/onap-offline/bash/tools/deploy_nexus.sh
@@ -0,0 +1,194 @@
+#! /usr/bin/env bash
+
+# COPYRIGHT NOTICE STARTS HERE
+#
+# Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# COPYRIGHT NOTICE ENDS HERE
+
+
+# fail fast
+set -e
+
+# OS check
+. /etc/os-release
+OS_ID="${ID}"
+
+case "$OS_ID" in
+ centos)
+ ;;
+ rhel)
+ ;;
+ ubuntu)
+ ;;
+ *)
+ echo This OS is not supported: $OS_ID
+ exit 1
+ ;;
+esac
+
+# boilerplate
+RELATIVE_PATH=./ # relative path from this script to 'common-functions.sh'
+if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then
+ SCRIPT_DIR=$(dirname "${0}")
+ LOCAL_PATH=$(readlink -f "$SCRIPT_DIR")
+ . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh
+fi
+
+#
+# local functions
+#
+
+start_nexus() {
+ echo "** Starting nexus **"
+ if [[ -z "$NEXUS_DATA" ]]; then
+ echo "Nexus data env is not set"
+ exit -3
+ fi
+
+ # valid for case of fresh nexus deployment
+ # data are inserted in later phases
+ mkdir -p $NEXUS_DATA
+ # hardening
+ chmod a+wrX $NEXUS_DATA
+ chown -R 200:200 $NEXUS_DATA
+
+ docker rm -f nexus 1> /dev/null 2>&1 || true
+
+ docker run -d --name nexus\
+ --restart unless-stopped \
+ -v $NEXUS_DATA:/nexus-data:rw \
+ sonatype/nexus3
+
+ echo "** Creating docker network **"
+ docker network create nexus_network
+ docker network connect nexus_network nexus
+}
+
+start_nginx() {
+ echo "** Starting reverse proxy - nginx **"
+
+ docker rm -f nginx 1> /dev/null 2>&1 || true
+ mkdir -p $NGINX_HTTP_DIR/repo.install-server
+
+ mkdir -p "$NGINX_HTTP_DIR/repo.install-server"
+
+ docker run -d -p 80:80 -p 443:443 -p 10001:443 \
+ --name nginx \
+ --network nexus_network \
+ -v $GEN_CFG_PATH/nginx.conf:/etc/nginx/nginx.conf:ro \
+ -v $CERTS_TARGET_PATH:/etc/nginx/certs:ro \
+ -v $GIT_REPOS:/srv/git:rw \
+ -v $NGINX_LOG_DIR:/var/log/nginx:rw \
+ -v $NGINX_HTTP_DIR:/srv/http:ro \
+ -v $RHEL_REPO:/srv/http/repo.install-server:ro \
+ --restart unless-stopped \
+ own_nginx
+}
+
+patch_cert() {
+ file=$1
+ cp "$APROJECT_DIR/cfg/$file" "$GEN_CFG_PATH/$file"
+# sed "s#countryName =.*#countryName = $CERT_COUNTRY#" "$APROJECT_DIR/cfg/$file" > $GEN_CFG_PATH/$file
+# sed "s#localityName =.*#localityName = $CERT_LOCALITY#" "$APROJECT_DIR/cfg/$file" > $GEN_CFG_PATH/$file
+# sed "s#organizationName =.*#organizationName = $CERT_ORGANIZATION#" "$APROJECT_DIR/cfg/$file" > $GEN_CFG_PATH/$file
+}
+
+patch_conf_files() {
+ # patch nexus and root cert
+ patch_cert nexus_cert.cnf
+ patch_cert cacert.cnf
+
+ # patch nexus v3 ext cert
+ sed "s#nexus.student12#$NEXUS_FQDN#" "$APROJECT_DIR/cfg/v3.ext" > $GEN_CFG_PATH/v3.ext
+
+ #patch nginx.conf
+ sed "s#nexus.student12#$NEXUS_FQDN#" "$APROJECT_DIR/cfg/nginx.conf" > $GEN_CFG_PATH/nginx.conf
+}
+
+#
+# body
+#
+
+message info "Nexus will be installed into this directory: $(pwd)"
+
+if ! [ -f ./local_repo.conf ]; then
+ printf "[?] > Do you want continue? (if no, hit CTRL+C): "
+ read x
+fi
+
+message info "Reading configuration"
+get_configuration
+
+mkdir -p "$CERTS_TARGET_PATH"
+mkdir -p "$NGINX_LOG_DIR"
+mkdir -p "$GEN_CFG_PATH"
+if [ "$IS_SELF_EXTRACT" = YES ] ; then
+ message info "Now I will untar the resources"
+ message info "This may take a long time..."
+ sleep 3s
+ may_self_extract
+fi
+
+#
+echo "Cleanup docker (if installed)"
+docker rm -f nginx 1> /dev/null 2>&1 || true
+docker rm -f nexus 1> /dev/null 2>&1 || true
+
+install_files
+install_packages "$OS_ID"
+setup_vnc_server
+
+update_hosts
+
+# TODO
+#check_dependencies
+
+echo "Restarting dnsmasq"
+# TODO dnsmasq config?
+systemctl enable dnsmasq
+systemctl restart dnsmasq
+
+echo "** Generating config files to $GEN_CFG_PATH **"
+echo "Configure ssl certificates"
+
+patch_conf_files
+create_root_CA
+
+# create selfinstall CA cert
+$BASH_SCRIPTS_DIR/tools/create_si_cacert_pkg.sh
+# run generated file
+./install_cacert.sh
+
+create_cert "nexus"
+
+echo "** Certificates finished **"
+
+update_docker_cfg
+
+echo "Restarting docker"
+systemctl enable docker
+systemctl restart docker
+
+update_firewall
+
+set +e
+
+echo "** Loading images **"
+docker load -i $RESOURCES_DIR/offline_data/docker_images_infra/sonatype_nexus3_latest.tar
+docker load -i $RESOURCES_DIR/offline_data/docker_images_infra/own_nginx_latest.tar
+
+start_nexus
+start_nginx
diff --git a/onap-offline/bash/tools/download_offline_data_by_lists.sh b/onap-offline/bash/tools/download_offline_data_by_lists.sh
new file mode 100755
index 0000000..24cd578
--- /dev/null
+++ b/onap-offline/bash/tools/download_offline_data_by_lists.sh
@@ -0,0 +1,80 @@
+#! /usr/bin/env bash
+
+# COPYRIGHT NOTICE STARTS HERE
+#
+# Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# COPYRIGHT NOTICE ENDS HERE
+
+
+# fail fast
+set -e
+
+# boilerplate
+RELATIVE_PATH=./ # relative path from this script to 'common-functions.sh'
+if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then
+ SCRIPT_DIR=$(dirname "${0}")
+ LOCAL_PATH=$(readlink -f "$SCRIPT_DIR")
+ . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh
+fi
+
+CTOOLS="${LOCAL_PATH}/creating_data"
+LISTS_DIR="${LOCAL_PATH}/data_list"
+DATA_DIR="${LOCAL_PATH}/../../resources"
+TOTAL=12
+CURR=1
+
+message info "Downloading started: $(date)"
+
+echo "[Step $((CURR++))/$TOTAL Download collected docker images]"
+$CTOOLS/download-docker-images.sh "$LISTS_DIR/docker_image_list.txt"
+
+echo "[Step $((CURR++))/$TOTAL Download manually collected docker images]"
+$CTOOLS/download-docker-images.sh "$LISTS_DIR/docker_manual_image_list.txt"
+
+echo "[Step $((CURR++))/$TOTAL Build own nginx image]"
+$CTOOLS/create_nginx_image/01create-image.sh
+
+echo "[Step $((CURR++))/$TOTAL Save docker images from docker cache to tarfiles]"
+$CTOOLS/save-docker-images.sh "$DATA_DIR/offline_data/docker_images_for_nexus"
+
+echo "[Step $((CURR++))/$TOTAL move infra related images to infra folder]"
+mkdir -p "$DATA_DIR/offline_data/docker_images_infra"
+mv "$DATA_DIR/offline_data/docker_images_for_nexus/own_nginx_latest.tar" "$DATA_DIR/offline_data/docker_images_infra"
+mv "$DATA_DIR/offline_data/docker_images_for_nexus/sonatype_nexus3_latest.tar" "$DATA_DIR/offline_data/docker_images_infra"
+
+echo "[Step $((CURR++))/$TOTAL Download git repos]"
+$CTOOLS/download-git-repos.sh "$LISTS_DIR" "$DATA_DIR/git-repo"
+
+echo "[Step $((CURR++))/$TOTAL Download http files]"
+$CTOOLS/download-http-files.sh "$LISTS_DIR/http_manual_list.txt" "$DATA_DIR/http"
+
+echo "[Step $((CURR++))/$TOTAL Download npm pkgs]"
+$CTOOLS/download-npm-pkgs.sh "$LISTS_DIR/npm_list.txt" "$DATA_DIR/offline_data/npm_tar"
+
+echo "[Step $((CURR++))/$TOTAL Download bin tools]"
+$CTOOLS/download-bin-tools.sh "$DATA_DIR/downloads"
+
+echo "[Step $((CURR++))/$TOTAL Download rhel pkgs]"
+$CTOOLS/download-pkg.sh "$DATA_DIR/pkg/rhel"
+
+echo "[Step $((CURR++))/$TOTAL Download oom]"
+$CTOOLS/download-oom.sh "$DATA_DIR" "${LOCAL_PATH}/../../patches/offline-changes.patch"
+
+echo "[Step $((CURR++))/$TOTAL Download sdnc-ansible-server packages]"
+$CTOOLS/download-pip.sh "$LISTS_DIR/pip_list.txt" "$DATA_DIR/pkg/ubuntu/ansible_pkg"
+$CTOOLS/download-files.sh "$LISTS_DIR/pkg_list.txt" "$DATA_DIR/pkg/ubuntu/ansible_pkg"
+
+message info "Downloading finished: $(date)"
diff --git a/onap-offline/bash/tools/gather_data_lists.sh b/onap-offline/bash/tools/gather_data_lists.sh
new file mode 100755
index 0000000..3e046cb
--- /dev/null
+++ b/onap-offline/bash/tools/gather_data_lists.sh
@@ -0,0 +1,34 @@
+#! /usr/bin/env bash
+
+# COPYRIGHT NOTICE STARTS HERE
+#
+# Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# COPYRIGHT NOTICE ENDS HERE
+
+script_dir="$(dirname ${BASH_SOURCE[0]})"
+tools=$(readlink -f "$script_dir")
+
+echo "WARNING: This script won't be used except rare internal usage, it's just illustrating how we collected lists of artifacts to be downloaded. It's already deprecated"
+
+TOOLS="$tools/creating_data"
+export LISTS_DIR="$tools/data_list"
+export ONAP_SERVERS="oom-beijing-postRC2-master oom-beijing-postRC2-compute1 oom-beijing-postRC2-compute2"
+OOM_PATH="$tools/../../resources/oom"
+
+$TOOLS/remote-list-gathering.sh
+$TOOLS/make-git-http-list.sh "$OOM_PATH"
+
+
diff --git a/onap-offline/bash/tools/load_stored_offline_data.sh b/onap-offline/bash/tools/load_stored_offline_data.sh
new file mode 100755
index 0000000..eb6cba8
--- /dev/null
+++ b/onap-offline/bash/tools/load_stored_offline_data.sh
@@ -0,0 +1,90 @@
+#! /usr/bin/env bash
+
+# COPYRIGHT NOTICE STARTS HERE
+#
+# Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# COPYRIGHT NOTICE ENDS HERE
+
+
+# boilerplate
+RELATIVE_PATH=./ # relative path from this script to 'common-functions.sh'
+if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then
+ SCRIPT_DIR=$(dirname "${0}")
+ LOCAL_PATH=$(readlink -f "$SCRIPT_DIR")
+ . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh
+fi
+
+tools="${LOCAL_PATH}"
+message info "Reading configuration"
+get_configuration
+
+CTOOLS="$tools/creating_data"
+LISTS_DIR="$tools/data_list"
+DATA_DIR="$tools/../../resources/offline_data"
+export NEXUS_HOST="https://$NEXUS_FQDN"
+NPM_REGISTRY="$NEXUS_HOST/repository/npm-private/"
+
+TOTAL=5
+CURR=1
+
+message info "Loading started: $(date)"
+
+# backup config.json before we change it in docker-login
+# however no use for restoring it found
+mv ~/.docker/config.json ~/.docker/config.json_backup 2>/dev/null
+
+echo "[Step $((CURR++))/$TOTAL Setting-up docker login for inserting docker images]"
+$CTOOLS/docker-login.sh
+
+echo "[Step $((CURR++))/$TOTAL Inserting docker images into local nexus]"
+$CTOOLS/load-docker-images.sh "$DATA_DIR/docker_images_for_nexus"
+
+echo "[Step $((CURR++))/$TOTAL Setting-up npm for inserting npm pkgs into local nexus]"
+
+npm config set registry $NPM_REGISTRY
+
+/usr/bin/expect <<EOF
+spawn npm login
+expect "Username:"
+send "${NPM_USERNAME}\n"
+expect "Password:"
+send "${NPM_PASSWORD}\n"
+expect Email:
+send "${NPM_EMAIL}\n"
+expect eof
+EOF
+
+echo "[WA] for tss package - this package uses already specified repo and dont accept our simulated domain"
+
+cd $DATA_DIR/npm_tar
+tar xvzf tsscmp-1.0.5.tgz
+rm -f tsscmp-1.0.5.tgz
+sed -i "s|https://registry.npmjs.org|${NPM_REGISTRY}|g" package/package.json
+tar -zcvf tsscmp-1.0.5.tgz package
+rm -rf package
+cd -
+
+echo "[Step $((CURR++))/$TOTAL Inserting npm packages into local nexus]"
+$CTOOLS/upload-npm-pkgs.sh "$LISTS_DIR/npm_list.txt" "$DATA_DIR/npm_tar" "$NEXUS_HOST"
+
+echo "[Step $((CURR++))/$TOTAL Inserting maven artifacts into local nexus]"
+$CTOOLS/upload-maven-files.sh "$tools/../../resources/http" "repo.maven.apache.org" "repo1.maven.org"
+
+# onap is using different credentials for docker login which can be conflicted
+# with ours so better to clean this-up
+rm ~/.docker/config.json
+
+message info "Loading finished: $(date)"
diff --git a/onap-offline/bash/tools/setup_nfs_mount.sh b/onap-offline/bash/tools/setup_nfs_mount.sh
new file mode 100755
index 0000000..eee471b
--- /dev/null
+++ b/onap-offline/bash/tools/setup_nfs_mount.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# COPYRIGHT NOTICE STARTS HERE
+#
+# Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# COPYRIGHT NOTICE ENDS HERE
+
+
+usage () {
+ echo "Usage:"
+ echo " ./$(basename $0) nfs_master_ip"
+ exit 1
+}
+
+if [ "$#" -ne 1 ]; then
+ echo "Missing NFS mater node"
+ usage
+fi
+
+MASTER_IP=$1
+
+#Install NFS common
+#sudo apt-get update
+#sudo apt-get install -y nfs-common
+
+#Create NFS directory
+sudo mkdir -p /dockerdata-nfs
+
+#Mount the remote NFS directory to the local one
+sudo mount $MASTER_IP:/dockerdata-nfs /dockerdata-nfs/
+echo "$MASTER_IP:/dockerdata-nfs /dockerdata-nfs nfs auto,nofail,noatime,nolock,intr,tcp,actimeo=1800 0 0" | sudo tee -a /etc/fstab
diff --git a/onap-offline/bash/tools/setup_nfs_server_rhel.sh b/onap-offline/bash/tools/setup_nfs_server_rhel.sh
new file mode 100755
index 0000000..24fe2b5
--- /dev/null
+++ b/onap-offline/bash/tools/setup_nfs_server_rhel.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+
+# COPYRIGHT NOTICE STARTS HERE
+#
+# Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# COPYRIGHT NOTICE ENDS HERE
+
+
+usage () {
+ echo "Usage:"
+ echo " ./$(basename $0) node1_ip node2_ip ... nodeN_ip"
+ exit 1
+}
+
+if [ "$#" -lt 1 ]; then
+ echo "Missing NFS slave nodes"
+ usage
+fi
+
+#Install NFS kernel
+#sudo apt-get update
+#sudo apt-get install -y nfs-kernel-server
+
+#Create /dockerdata-nfs and set permissions
+sudo mkdir -p /dockerdata-nfs
+sudo chmod 777 -R /dockerdata-nfs
+sudo chown nobody:nobody /dockerdata-nfs/
+
+#Update the /etc/exports
+NFS_EXP=""
+for i in $@; do
+ NFS_EXP+="$i(rw,sync,no_root_squash,no_subtree_check) "
+done
+echo "/dockerdata-nfs "$NFS_EXP | sudo tee -a /etc/exports
+
+#Restart the NFS service
+sudo exportfs -a
+sudo systemctl restart nfs-server
diff --git a/onap-offline/bash/tools/setup_nfs_server_ubuntu.sh b/onap-offline/bash/tools/setup_nfs_server_ubuntu.sh
new file mode 100755
index 0000000..fad3abb
--- /dev/null
+++ b/onap-offline/bash/tools/setup_nfs_server_ubuntu.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+
+# COPYRIGHT NOTICE STARTS HERE
+#
+# Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# COPYRIGHT NOTICE ENDS HERE
+
+
+usage () {
+ echo "Usage:"
+ echo " ./$(basename $0) node1_ip node2_ip ... nodeN_ip"
+ exit 1
+}
+
+if [ "$#" -lt 1 ]; then
+ echo "Missing NFS slave nodes"
+ usage
+fi
+
+#Install NFS kernel
+#sudo apt-get update
+#sudo apt-get install -y nfs-kernel-server
+
+#Create /dockerdata-nfs and set permissions
+sudo mkdir -p /dockerdata-nfs
+sudo chmod 777 -R /dockerdata-nfs
+sudo chown nobody:nogroup /dockerdata-nfs/
+
+#Update the /etc/exports
+NFS_EXP=""
+for i in $@; do
+ NFS_EXP+="$i(rw,sync,no_root_squash,no_subtree_check) "
+done
+echo "/dockerdata-nfs "$NFS_EXP | sudo tee -a /etc/exports
+
+#Restart the NFS service
+sudo exportfs -a
+sudo systemctl restart nfs-kernel-server
diff --git a/onap-offline/cfg/cacert.cnf b/onap-offline/cfg/cacert.cnf
new file mode 100644
index 0000000..a6917ca
--- /dev/null
+++ b/onap-offline/cfg/cacert.cnf
@@ -0,0 +1,113 @@
+[ ca ]
+# `man ca`
+default_ca = CA_default
+
+[ CA_default ]
+# Directory and file locations.
+dir = ./
+certs = $dir/certs
+crl_dir = $dir/crl
+new_certs_dir = $dir/newcerts
+database = $dir/index.txt
+serial = $dir/serial
+RANDFILE = $dir/private/.rand
+
+# The root key and root certificate.
+private_key = $dir/private/ca.key.pem
+certificate = $dir/certs/ca.cert.pem
+
+# For certificate revocation lists.
+crlnumber = $dir/crlnumber
+crl = $dir/crl/ca.crl.pem
+crl_extensions = crl_ext
+default_crl_days = 30
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md = sha256
+
+name_opt = ca_default
+cert_opt = ca_default
+default_days = 3750
+preserve = no
+policy = policy_strict
+
+[ policy_strict ]
+# The root CA should only sign intermediate certificates that match.
+# See the POLICY FORMAT section of `man ca`.
+countryName = match
+organizationName = match
+commonName = supplied
+
+[ policy_loose ]
+# Allow the intermediate CA to sign a more diverse range of certificates.
+# See the POLICY FORMAT section of the `ca` man page.
+countryName = optional
+localityName = optional
+organizationName = optional
+commonName = supplied
+
+[ req ]
+# Options for the `req` tool (`man req`).
+default_bits = 4096
+distinguished_name = req_distinguished_name
+string_mask = utf8only
+prompt = no
+
+# SHA-1 is deprecated, so use SHA-2 instead.
+default_md = sha256
+
+# Extension to add when the -x509 option is used.
+x509_extensions = v3_ca
+
+[ req_distinguished_name ]
+# Optionally, specify some defaults.
+countryName = PL
+localityName = Krakow
+organizationName = Samsung
+commonName = onap
+
+[ v3_ca ]
+# Extensions for a typical CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ v3_intermediate_ca ]
+# Extensions for a typical intermediate CA (`man x509v3_config`).
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ usr_cert ]
+# Extensions for client certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = client, email
+nsComment = "OpenSSL Generated Client Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = clientAuth, emailProtection
+
+[ server_cert ]
+# Extensions for server certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = server
+nsComment = "OpenSSL Generated Server Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+
+[ crl_ext ]
+# Extension for CRLs (`man x509v3_config`).
+authorityKeyIdentifier=keyid:always
+
+[ ocsp ]
+# Extension for OCSP signing certificates (`man ocsp`).
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, digitalSignature
+extendedKeyUsage = critical, OCSPSigning
diff --git a/onap-offline/cfg/full_depl_values.yaml b/onap-offline/cfg/full_depl_values.yaml
new file mode 100644
index 0000000..e50820a
--- /dev/null
+++ b/onap-offline/cfg/full_depl_values.yaml
@@ -0,0 +1,160 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration overrides.
+#
+# These overrides will affect all helm charts (ie. applications)
+# that are listed below and are 'enabled'.
+#################################################################
+global:
+ # Change to an unused port prefix range to prevent port conflicts
+ # with other instances running within the same k8s cluster
+ nodePortPrefix: 302
+
+ # ONAP Repository
+ # Uncomment the following to enable the use of a single docker
+ # repository but ONLY if your repository mirrors all ONAP
+ # docker images. This includes all images from dockerhub and
+ # any other repository that hosts images for ONAP components.
+ #repository: nexus3.onap.org:10001
+ repositoryCred:
+ user: docker
+ password: docker
+
+ # readiness check - temporary repo until images migrated to nexus3
+ readinessRepository: oomk8s
+ # logging agent - temporary repo until images migrated to nexus3
+ loggingRepository: docker.elastic.co
+
+ # image pull policy
+ #pullPolicy: Always
+ pullPolicy: IfNotPresent
+
+ # default mount path root directory referenced
+ # by persistent volumes and log files
+ persistence:
+ mountPath: /dockerdata-nfs
+
+ # flag to enable debugging - application support required
+ debugEnabled: false
+
+# Repository for creation of nexus3.onap.org secret
+repository: nexus3.onap.org:10001
+
+
+#################################################################
+# Enable/disable and configure helm charts (ie. applications)
+# to customize the ONAP deployment.
+#################################################################
+aaf:
+ enabled: true
+aai:
+ enabled: true
+aaiadapter:
+ enabled: false
+appc:
+ enabled: true
+ config:
+ openStackType: OpenStackProvider
+ openStackName: OpenStack
+ openStackKeyStoneUrl: FILL-ME
+ openStackServiceTenantName: FILL-ME
+ openStackDomain: FILL-ME
+ openStackUserName: FILL-ME
+ openStackEncryptedPassword: FILL-ME
+clamp:
+ enabled: true
+cli:
+ enabled: true
+consul:
+ enabled: true
+dcaegen2:
+ enabled: true
+dmaap:
+ enabled: true
+esr:
+ enabled: true
+log:
+ enabled: true
+sniro-emulator:
+ enabled: true
+oof:
+ enabled: true
+msb:
+ enabled: true
+multicloud:
+ enabled: true
+nbi:
+ enabled: true
+ config:
+ # openstack configuration
+ openStackUserName: "FILL-ME"
+ openStackRegion: "FILL-ME"
+ openStackKeyStoneUrl: "FILL-ME"
+ openStackServiceTenantName: "FILL-ME"
+ openStackEncryptedPasswordHere: "FILL-ME"
+policy:
+ enabled: true
+portal:
+ enabled: true
+robot:
+ enabled: true
+sdc:
+ enabled: true
+sdnc:
+ enabled: true
+
+ replicaCount: 1
+
+ config:
+ enableClustering: false
+
+ mysql:
+ disableNfsProvisioner: true
+ replicaCount: 1
+so:
+ enabled: true
+
+ replicaCount: 1
+
+ liveness:
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+ # so server configuration
+ config:
+ # message router configuration
+ dmaapTopic: "AUTO"
+ # openstack configuration
+ openStackUserName: "FILL-ME"
+ openStackRegion: "FILL-ME"
+ openStackKeyStoneUrl: "FILL-ME"
+ openStackServiceTenantName: "FILL-ME"
+ openStackEncryptedPasswordHere: "FILL-ME"
+
+ # configure embedded mariadb
+ mariadb:
+ config:
+ mariadbRootPassword: password
+uui:
+ enabled: true
+vfc:
+ enabled: true
+vid:
+ enabled: true
+vnfsdk:
+ enabled: true
+
diff --git a/onap-offline/cfg/nexus_cert.cnf b/onap-offline/cfg/nexus_cert.cnf
new file mode 100644
index 0000000..ab8d547
--- /dev/null
+++ b/onap-offline/cfg/nexus_cert.cnf
@@ -0,0 +1,33 @@
+[ req ]
+default_bits = 4096
+default_keyfile = server-key.pem
+distinguished_name = dn
+#req_extensions = v3_req
+x509_extensions = v3_req
+string_mask = utf8only
+prompt = no
+default_md = sha256
+
+[ dn ]
+
+countryName = PL
+localityName = Krakow
+organizationName = Samsung
+commonName = registry-1.docker.io
+#emailAddress
+
+[ v3_req ]
+
+#subjectKeyIdentifier = hash
+#authorityKeyIdentifier = keyid,issuer
+
+basicConstraints = CA:FALSE
+keyUsage = critical, keyAgreement, nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+# does not work here because of bug in openssl
+#subjectAltName = @alternate_names
+nsComment = "OpenSSL Generated Certificate"
+
+#[ alternate_names ]
+
+#DNS.4 = ftp.example.com
diff --git a/onap-offline/cfg/nginx.conf b/onap-offline/cfg/nginx.conf
new file mode 100644
index 0000000..6656855
--- /dev/null
+++ b/onap-offline/cfg/nginx.conf
@@ -0,0 +1,110 @@
+worker_processes 2;
+
+events {
+ worker_connections 1024;
+}
+
+http {
+ error_log /var/log/nginx/error.log debug;
+ access_log /var/log/nginx/access.log;
+
+ proxy_intercept_errors on;
+ proxy_send_timeout 120;
+ proxy_read_timeout 300;
+
+ upstream nexus {
+ server nexus:8081;
+ }
+
+ upstream registry {
+ server nexus:8082;
+ }
+
+# http simulations
+ server {
+ listen 80;
+ listen 443 ssl;
+ server_name _;
+ ssl_certificate /etc/nginx/certs/nexus_server.crt;
+ ssl_certificate_key /etc/nginx/certs/nexus_server.key;
+
+ keepalive_timeout 5 5;
+
+ location / {
+ root /srv/http/$host;
+ index index.html;
+ }
+ }
+
+# nexus simulations
+ server {
+ listen 80;
+ listen 443 ssl;
+ server_name nexus.student12 gcr.io registry-1.docker.io docker.io registry.npmjs.org nexus3.onap.org docker.elastic.co registry.hub.docker.com repo.maven.apache.org repo1.maven.org;
+ ssl_certificate /etc/nginx/certs/nexus_server.crt;
+ ssl_certificate_key /etc/nginx/certs/nexus_server.key;
+
+ keepalive_timeout 5 5;
+ proxy_buffering off;
+
+ # allow large uploads
+ client_max_body_size 3G;
+
+ location /maven2 {
+ rewrite /maven2/(.*) /repository/maven2/$1 break;
+ # redirect to docker registry
+ proxy_pass http://nexus;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+
+ location / {
+ # redirect to docker registry
+ if ($http_user_agent ~ docker ) {
+ proxy_pass http://registry;
+ }
+ proxy_pass http://nexus;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+ }
+
+# git simulations
+ server {
+ listen 80;
+ listen 443 ssl;
+ server_name gerrit.onap.org git.rancher.io github.com;
+ ssl_certificate /etc/nginx/certs/nexus_server.crt;
+ ssl_certificate_key /etc/nginx/certs/nexus_server.key;
+
+ keepalive_timeout 5 5;
+ proxy_buffering off;
+
+ location / {
+ try_files $uri $uri/ @git;
+ }
+
+ location @git {
+
+ # Set chunks to unlimited, as the body's can be huge
+ client_max_body_size 0;
+
+ fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
+ fastcgi_param QUERY_STRING $args;
+ fastcgi_param HTTP_HOST $server_name;
+ fastcgi_param PATH_INFO $uri;
+
+ include fastcgi_params;
+
+ fastcgi_param GIT_HTTP_EXPORT_ALL "";
+ fastcgi_param GIT_PROJECT_ROOT /srv/git/$host/;
+
+ # Forward REMOTE_USER as we want to know when we are authenticated
+ fastcgi_param REMOTE_USER $remote_user;
+
+ fastcgi_pass unix:/var/run/fcgiwrap.socket;
+ }
+ }
+}
diff --git a/onap-offline/cfg/reduced_depl_values.yaml b/onap-offline/cfg/reduced_depl_values.yaml
new file mode 100644
index 0000000..bfa5fd6
--- /dev/null
+++ b/onap-offline/cfg/reduced_depl_values.yaml
@@ -0,0 +1,159 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration overrides.
+#
+# These overrides will affect all helm charts (ie. applications)
+# that are listed below and are 'enabled'.
+#################################################################
+global:
+ # Change to an unused port prefix range to prevent port conflicts
+ # with other instances running within the same k8s cluster
+ nodePortPrefix: 302
+
+ # ONAP Repository
+ # Uncomment the following to enable the use of a single docker
+ # repository but ONLY if your repository mirrors all ONAP
+ # docker images. This includes all images from dockerhub and
+ # any other repository that hosts images for ONAP components.
+ #repository: nexus3.onap.org:10001
+ repositoryCred:
+ user: docker
+ password: docker
+
+ # readiness check - temporary repo until images migrated to nexus3
+ readinessRepository: oomk8s
+ # logging agent - temporary repo until images migrated to nexus3
+ loggingRepository: docker.elastic.co
+
+ # image pull policy
+ #pullPolicy: Always
+ pullPolicy: IfNotPresent
+
+ # default mount path root directory referenced
+ # by persistent volumes and log files
+ persistence:
+ mountPath: /dockerdata-nfs
+
+ # flag to enable debugging - application support required
+ debugEnabled: false
+
+# Repository for creation of nexus3.onap.org secret
+repository: nexus3.onap.org:10001
+
+
+#################################################################
+# Enable/disable and configure helm charts (ie. applications)
+# to customize the ONAP deployment.
+#################################################################
+aaf:
+ enabled: false
+aai:
+ enabled: false
+aaiadapter:
+ enabled: true
+appc:
+ enabled: true
+ config:
+ openStackType: OpenStackProvider
+ openStackName: OpenStack
+ openStackKeyStoneUrl: FILL-ME
+ openStackServiceTenantName: FILL-ME
+ openStackDomain: FILL-ME
+ openStackUserName: FILL-ME
+ openStackEncryptedPassword: FILL-ME
+clamp:
+ enabled: false
+cli:
+ enabled: false
+consul:
+ enabled: true
+dcaegen2:
+ enabled: true
+dmaap:
+ enabled: true
+esr:
+ enabled: false
+log:
+ enabled: true
+sniro-emulator:
+ enabled: false
+oof:
+ enabled: false
+msb:
+ enabled: true
+multicloud:
+ enabled: false
+nbi:
+ enabled: false
+ config:
+ # openstack configuration
+ openStackUserName: "FILL-ME"
+ openStackRegion: "FILL-ME"
+ openStackKeyStoneUrl: "FILL-ME"
+ openStackServiceTenantName: "FILL-ME"
+ openStackEncryptedPasswordHere: "FILL-ME"
+policy:
+ enabled: true
+portal:
+ enabled: false
+robot:
+ enabled: true
+sdc:
+ enabled: true
+sdnc:
+ enabled: false
+
+ replicaCount: 1
+
+ config:
+ enableClustering: false
+
+ mysql:
+ disableNfsProvisioner: true
+ replicaCount: 1
+so:
+ enabled: false
+
+ replicaCount: 1
+
+ liveness:
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+ # so server configuration
+ config:
+ # message router configuration
+ dmaapTopic: "AUTO"
+ # openstack configuration
+ openStackUserName: "FILL-ME"
+ openStackRegion: "FILL-ME"
+ openStackKeyStoneUrl: "FILL-ME"
+ openStackServiceTenantName: "FILL-ME"
+ openStackEncryptedPasswordHere: "FILL-ME"
+
+ # configure embedded mariadb
+ mariadb:
+ config:
+ mariadbRootPassword: password
+uui:
+ enabled: false
+vfc:
+ enabled: false
+vid:
+ enabled: false
+vnfsdk:
+ enabled: false
diff --git a/onap-offline/cfg/v3.ext b/onap-offline/cfg/v3.ext
new file mode 100644
index 0000000..b4a6e43
--- /dev/null
+++ b/onap-offline/cfg/v3.ext
@@ -0,0 +1,24 @@
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = nexus.student12
+DNS.2 = gcr.io
+DNS.3 = git.rancher.io
+DNS.4 = gerrit.onap.org
+DNS.5 = registry-1.docker.io
+DNS.6 = docker.io
+DNS.7 = registry.npmjs.org
+DNS.8 = nexus3.onap.org
+DNS.9 = nexus.onap.org
+DNS.10 = docker.elastic.co
+DNS.11 = www.getcloudify.org
+DNS.12 = registry.hub.docker.com
+DNS.13 = github.com
+DNS.14 = repo.maven.apache.org
+DNS.15 = www.springframework.org
+DNS.16 = repo1.maven.org
+DNS.17 = git.onap.org
+