summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.gitreview4
-rw-r--r--LICENSE.txt16
-rw-r--r--README.md16
-rw-r--r--config/drools/base.conf55
-rwxr-xr-xconfig/drools/drools-tweaks.sh30
-rw-r--r--config/drools/policy-keystorebin0 -> 5640 bytes
-rw-r--r--config/drools/policy-management.conf5
-rw-r--r--config/pe/base.conf20
-rwxr-xr-xconfig/pe/brmsgw-tweaks.sh2
-rw-r--r--config/pe/brmsgw.conf43
-rw-r--r--config/pe/console.conf135
-rw-r--r--config/pe/mysql.conf5
-rwxr-xr-xconfig/pe/pap-tweaks.sh15
-rw-r--r--config/pe/pap.conf55
-rw-r--r--config/pe/paplp.conf12
-rwxr-xr-xconfig/pe/pdp-tweaks.sh2
-rw-r--r--config/pe/pdp.conf36
-rw-r--r--config/pe/pdplp.conf12
-rw-r--r--config/pe/push-policies.sh75
-rwxr-xr-xconfig/pe/pypdp-tweaks.sh3
-rw-r--r--config/pe/pypdp.conf25
-rw-r--r--docker-compose.yml80
-rw-r--r--policy-base/Dockerfile12
-rw-r--r--policy-db/Dockerfile17
-rw-r--r--policy-db/dbinit.sh38
-rwxr-xr-xpolicy-db/do-start.sh12
-rw-r--r--policy-drools/Dockerfile11
-rw-r--r--policy-drools/do-start.sh49
-rw-r--r--policy-drools/docker-install.sh851
-rw-r--r--policy-drools/wait-for-port.sh18
-rw-r--r--policy-nexus/Dockerfile19
-rw-r--r--policy-os/Dockerfile12
-rw-r--r--policy-pe/Dockerfile13
-rw-r--r--policy-pe/do-start.sh97
-rw-r--r--policy-pe/docker-install.sh674
-rw-r--r--policy-pe/wait-for-port.sh18
-rw-r--r--pom.xml109
37 files changed, 2596 insertions, 0 deletions
diff --git a/.gitreview b/.gitreview
new file mode 100644
index 00000000..245a0e4a
--- /dev/null
+++ b/.gitreview
@@ -0,0 +1,4 @@
+[gerrit]
+host=gerrit.openecomp.org
+port=29418
+project=policy/docker.git
diff --git a/LICENSE.txt b/LICENSE.txt
new file mode 100644
index 00000000..3ce0584e
--- /dev/null
+++ b/LICENSE.txt
@@ -0,0 +1,16 @@
+Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may
+not use this file except in compliance with the License.
+
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+License for the specific language governing permissions and limitations
+under the License.
+
+ECOMP and OpenECOMP are trademarks and service marks of AT&T Intellectual Property.
diff --git a/README.md b/README.md
new file mode 100644
index 00000000..3a4b4cd2
--- /dev/null
+++ b/README.md
@@ -0,0 +1,16 @@
+This source repository contains the files for building the OpenECOMP Policy Engine Docker images.
+
+To build it using Maven 3, first build 'policy-common-modules', 'policy-engine', 'policy-drools-pdp', and 'policy-drools-applications' repositories, and then run: mvn prepare-package. This will pull the installation zip files needed for building the policy-pe and policy-drools Docker images into the target directory. It will not actually build the docker images; the following additional steps are needed to accomplish this:
+
+- Copy the files under policy-pe to target/policy-pe
+- Copy the files under policy-drools to target/policy-drools
+- Run the 'docker build' command on the following directories, in order:
+ policy-os
+ policy-db
+ policy-nexus
+ policy-base
+ target/policy-pe
+ target/policy-drools
+
+In addition, the 'config' dirctory contains configuration files that are read during the startup of the containers; this directory is referenced by the docker-compose.yml file.
+
diff --git a/config/drools/base.conf b/config/drools/base.conf
new file mode 100644
index 00000000..f6c9519f
--- /dev/null
+++ b/config/drools/base.conf
@@ -0,0 +1,55 @@
+POLICY_HOME=/opt/app/policy
+JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
+KEYSTORE_PASSWD=PolicyR0ck$
+
+ENGINE_MANAGEMENT_PORT=9696
+ENGINE_MANAGEMENT_HOST=localhost
+ENGINE_MANAGEMENT_USER=@1b3rt
+ENGINE_MANAGEMENT_PASSWORD=31nst@1n
+
+JDBC_DRIVER=org.mariadb.jdbc.Driver
+JDBC_URL=jdbc:mysql://mariadb:3306/ecomp_sdk
+JDBC_DROOLS_URL=jdbc:mysql://mariadb:3306/drools
+JDBC_USER=policy_user
+JDBC_PASSWORD=policy_user
+
+# Integrity Monitor properties
+site_name=site_1
+fp_monitor_interval=30
+failed_counter_threshold=3
+test_trans_interval=20
+write_fpc_interval=5
+max_fpc_update_interval=60
+test_via_jmx=false
+jmx_fqdn=
+node_type=pdp_drools
+# Dependency groups are groups of resources upon which a node operational state is dependent upon.
+# Each group is a comma-separated list of resource names and groups are separated by a semicolon.
+dependency_groups=
+resource_name=pdpd_1
+
+# The (optional) period of time in seconds between executions of the integrity audit.
+# Value < 0 : Audit does not run (default value if property is not present = -1)
+# Value = 0 : Audit runs continuously
+# Value > 0 : The period of time in seconds between execution of the audit on a particular node
+integrity_audit_period_seconds=-1
+
+host_port=0.0.0.0:9981
+
+# To use a Nexus repository for rules artifacts,
+# following properties must be uncommented and set:
+snapshotRepositoryID=policy-nexus-snapshots
+snapshotRepositoryUrl=http://nexus:8081/nexus/content/repositories/snapshots/
+releaseRepositoryID=policy-nexus-releases
+releaseRepositoryUrl=http://nexus:8081/nexus/content/repositories/releases/
+repositoryUsername=admin
+repositoryPassword=admin123
+
+PDPD_CONFIGURATION_TOPIC=PDPD-CONFIGURATION
+PDPD_CONFIGURATION_SERVERS=vm1.mr.simpledemo.openecomp.org
+PDPD_CONFIGURATION_API_KEY=
+PDPD_CONFIGURATION_API_SECRET=
+PDPD_CONFIGURATION_CONSUMER_GROUP=
+PDPD_CONFIGURATION_CONSUMER_INSTANCE=
+PDPD_CONFIGURATION_PARTITION_KEY=
+
diff --git a/config/drools/drools-tweaks.sh b/config/drools/drools-tweaks.sh
new file mode 100755
index 00000000..edf5e9d5
--- /dev/null
+++ b/config/drools/drools-tweaks.sh
@@ -0,0 +1,30 @@
+#! /bin/bash
+
+# changes for health check
+options enable policy-healthcheck
+sedArgs=("-i")
+while read var value ; do
+ if [[ "${var}" == "" ]] ; then
+ continue
+ fi
+ sedArgs+=("-e" "s@\${{${var}}}@${value}@g")
+done <<-EOF
+ PAP_HOST pap
+ PAP_USERNAME testpap
+ PAP_PASSWORD alpha123
+ PDP_HOST pdp
+ PDP_USERNAME testpdp
+ PDP_PASSWORD alpha123
+EOF
+
+# convert file
+sed "${sedArgs[@]}" ${POLICY_HOME}/config/*health*
+
+cat >>${POLICY_HOME}/config/*health* <<-'EOF'
+ http.server.services.HEALTHCHECK.userName=healthcheck
+ http.server.services.HEALTHCHECK.password=zb!XztG34
+EOF
+
+sed -i -e 's/DCAE-CL-EVENT/unauthenticated.TCA_EVENT_OUTPUT/' \
+ -e '/TCA_EVENT_OUTPUT\.servers/s/servers=.*$/servers=10.0.4.102/' \
+ $POLICY_HOME/config/v*-controller.properties
diff --git a/config/drools/policy-keystore b/config/drools/policy-keystore
new file mode 100644
index 00000000..ab25c3a3
--- /dev/null
+++ b/config/drools/policy-keystore
Binary files differ
diff --git a/config/drools/policy-management.conf b/config/drools/policy-management.conf
new file mode 100644
index 00000000..843b832e
--- /dev/null
+++ b/config/drools/policy-management.conf
@@ -0,0 +1,5 @@
+CONTROLLER_ARTIFACT_ID=policy-management
+CONTROLLER_NAME=policy-management-controller
+CONTROLLER_PORT=9696
+RULES_ARTIFACT=not-used:not-used:1.0.0-SNAPSHOT
+UEB_TOPIC=policyengine-develop
diff --git a/config/pe/base.conf b/config/pe/base.conf
new file mode 100644
index 00000000..e798a40d
--- /dev/null
+++ b/config/pe/base.conf
@@ -0,0 +1,20 @@
+JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
+POLICY_HOME=/opt/app/policy
+KEYSTORE_PASSWD=PolicyR0ck$
+
+JDBC_DRIVER=org.mariadb.jdbc.Driver
+JDBC_URL=jdbc:mariadb://mariadb:3306/ecomp_sdk
+JDBC_LOG_URL=jdbc:mariadb://mariadb:3306/log
+JDBC_USER=policy_user
+JDBC_PASSWORD=policy_user
+
+site_name=site_1
+fp_monitor_interval=30
+failed_counter_threshold=3
+test_trans_interval=20
+write_fpc_interval=5
+max_fpc_update_interval=60
+test_via_jmx=false
+jmx_fqdn=
+
+ENVIRONMENT=TEST
diff --git a/config/pe/brmsgw-tweaks.sh b/config/pe/brmsgw-tweaks.sh
new file mode 100755
index 00000000..f6825363
--- /dev/null
+++ b/config/pe/brmsgw-tweaks.sh
@@ -0,0 +1,2 @@
+#! /bin/bash
+
diff --git a/config/pe/brmsgw.conf b/config/pe/brmsgw.conf
new file mode 100644
index 00000000..da2cd0a4
--- /dev/null
+++ b/config/pe/brmsgw.conf
@@ -0,0 +1,43 @@
+# BRMSpep component installation configuration parameters
+BRMSGW_JMX_PORT=9989
+
+COMPONENT_X_MX_MB=1024
+COMPONENT_X_MS_MB=1024
+
+REST_PAP_URL=http://pap:9091/pap/
+REST_PDP_ID=http://pdp:8081/pdp/
+
+PDP_HTTP_USER_ID=testpdp
+PDP_HTTP_PASSWORD=alpha123
+PDP_PAP_PDP_HTTP_USER_ID=testpap
+PDP_PAP_PDP_HTTP_PASSWORD=alpha123
+
+M2_HOME=/usr/share/maven
+snapshotRepositoryID=policy-nexus-snapshots
+snapshotRepositoryName=Snapshots
+snapshotRepositoryURL=http://nexus:8081/nexus/content/repositories/snapshots
+releaseRepositoryID=policy-nexus-releases
+releaseRepositoryName=Releases
+releaseRepositoryURL=http://nexus:8081/nexus/content/repositories/releases
+repositoryUsername=admin
+repositoryPassword=admin123
+UEB_URL=vm1.mr.simpledemo.openecomp.org
+UEB_TOPIC=PDPD-CONFIGURATION
+UEB_API_KEY=
+UEB_API_SECRET=
+
+groupID=org.openecomp.policy-engine
+artifactID=drlPDPGroup
+VFW_GROUP_ID=org.openecomp.policy-engine.drools.vFW
+VFW_ARTIFACT_ID=policy-vFW-rules
+VDNS_GROUP_ID=org.openecomp.policy-engine.drools.vDNS
+VDNS_ARTIFACT_ID=policy-vDNS-rules
+
+
+# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase
+resource_name=brmsgw_1
+node_type=brms_gateway
+
+CLIENT_ID=PyPDPServer
+CLIENT_KEY=test
+ENVIRONMENT=TEST
diff --git a/config/pe/console.conf b/config/pe/console.conf
new file mode 100644
index 00000000..6606addb
--- /dev/null
+++ b/config/pe/console.conf
@@ -0,0 +1,135 @@
+# configs component installation configuration parameters
+
+# tomcat specific parameters
+
+TOMCAT_JMX_PORT=9993
+TOMCAT_SHUTDOWN_PORT=8090
+SSL_HTTP_CONNECTOR_PORT=8443
+SSL_HTTP_CONNECTOR_REDIRECT_PORT=8443
+SSL_AJP_CONNECTOR_PORT=8383
+SSL_AJP_CONNECTOR_REDIRECT_PORT=8443
+
+TOMCAT_X_MS_MB=2048
+TOMCAT_X_MX_MB=2048
+
+# ------------------ console properties ---------------------------
+
+#
+# Authorization Policy
+
+ROOT_POLICIES=admin
+ADMIN_FILE=Policy-Admin.xml
+
+
+# Set your domain here:
+
+REST_ADMIN_DOMAIN=com
+
+#
+# Location where the GIT repository is located
+#
+REST_ADMIN_REPOSITORY=repository
+
+#
+# Location where all the user workspaces are located.
+#
+REST_ADMIN_WORKSPACE=${{POLICY_HOME}}/servers/console/bin/workspace
+
+#
+# These can be set so the Admin Console knows who is logged on. Ideally, you can run the console in a J2EE
+# container and setup authentication as you please. Setting HttpSession attribute values will override these
+# values set in the properties files.
+#
+# ((HttpServletRequest) request).getSession().setAttribute("xacml.rest.admin.user.name", "Homer");
+#
+# The default policy: Policy-Admin.xml is extremely simple.
+#
+# You can test authorization within the Admin Console by changing the user id.
+# There are 3 supported user ids:
+# guest - Read only access
+# editor - Read/Write access
+# admin - Read/Write/Admin access
+#
+# An empty or null value for xacml.rest.admin.user.id results in no access to the application at all.
+#
+# This is for development/demonstration purposes only. A production environment should provide authentication which is
+# outside the scope of this application. This application can be used to develop a XACML policy for user authorization
+# within this application.
+#
+
+REST_ADMIN_USER_NAME=Administrator
+REST_ADMIN_USER_ID=super-admin
+
+#
+#
+# Property to declare the max time frame for logs.
+#
+LOG_TIMEFRAME=30
+
+# Property to declare the number of visible rows for users in MicroService Policy
+COLUMN_COUNT=3
+
+# Dashboard refresh rate in miliseconds
+REFRESH_RATE=40000
+
+#
+# URL location for the PAP servlet.
+#
+
+
+REST_PAP_URL=http://pap:9091/pap/
+
+#
+# Config/Action Properties location.
+#
+
+REST_CONFIG_HOME=${{POLICY_HOME}}/servers/pap/webapps/Config/
+REST_ACTION_HOME=${{POLICY_HOME}}/servers/pap/webapps/Action/
+REST_CONFIG_URL=http://pap:9091/
+REST_CONFIG_WEBAPPS=${{POLICY_HOME}}/servers/pap/webapps/
+
+# PAP account information
+CONSOLE_PAP_HTTP_USER_ID=testpap
+CONSOLE_PAP_HTTP_PASSWORD=alpha123
+
+
+node_type=pap_admin
+resource_name=console_1
+
+# The (optional) period of time in seconds between executions of the integrity audit.
+# Value < 0 : Audit does not run (default value if property is not present = -1)
+# Value = 0 : Audit runs continuously
+# Value > 0 : The period of time in seconds between execution of the audit on a particular node
+integrity_audit_period_seconds=-1
+
+#Automatic Policy Distribution
+automatic_push=false
+
+#Diff of policies for Firewall feature
+FW_GETURL=
+FW_AUTHOURL=
+FW_PROXY=
+FW_PORT=
+
+#SMTP Server Details for Java Mail
+ecomp_smtp_host=
+ecomp_smtp_port=25
+ecomp_smtp_userName=
+ecomp_smtp_password=
+ecomp_application_name=
+
+#-----------------------ECOMP-PORTAL-Properties----------------------
+
+ECOMP_REDIRECT_URL=http://portal.api.simpledemo.openecomp.org:8989/ECOMPPORTAL/login.htm
+ECOMP_REST_URL=
+ECOMP_UEB_URL_LIST=
+ECOMP_PORTAL_INBOX_NAME=
+ECOMP_UEB_APP_KEY=
+ECOMP_UEB_APP_SECRET=
+ECOMP_UEB_APP_MAILBOX_NAME=
+APP_DISPLAY_NAME=OpenECOMP Policy
+ECOMP_SHARED_CONTEXT_REST_URL=http://portal.api.simpledemo.openecomp.org:8989/ECOMPPORTAL/context
+
+#Add the Rest PAP url and pap auth password on adding delimiter @Auth@
+
+REST_PAPURL_WITH_AUTH_PASSWORD=http://policy.api.simpledemo.openecomp.org:9091/pap/@Auth@dGVzdHBhcDphbHBoYTEyMw==
diff --git a/config/pe/mysql.conf b/config/pe/mysql.conf
new file mode 100644
index 00000000..28b9e3ca
--- /dev/null
+++ b/config/pe/mysql.conf
@@ -0,0 +1,5 @@
+# mysql scripts component installation configuration parameters
+
+# Path to mysql bin
+MYSQL_BIN=/usr/local/mysql/bin
+
diff --git a/config/pe/pap-tweaks.sh b/config/pe/pap-tweaks.sh
new file mode 100755
index 00000000..be8a905a
--- /dev/null
+++ b/config/pe/pap-tweaks.sh
@@ -0,0 +1,15 @@
+#! /bin/bash
+
+# config directory may contain an ip_addr.txt file that specifies
+# the VM IP address. Substitute this value in the URL in the
+# config.json file, overriding the hostname that came from the
+# REST_PAPURL_WITH_AUTH_PASSWORD property in console.conf. This is
+# to avoid hardcoding an IP address in console.conf that can change
+# from one VM instance to the next.
+
+if [[ -f config/ip_addr.txt ]]; then
+ vm_ip=$(<config/ip_addr.txt)
+ echo "Substituting VM IP address $vm_ip in console config.json file"
+ sed -i -e "s@http:.*:@http://$vm_ip:@" \
+ $POLICY_HOME/servers/console/webapps/ecomp/app/policyApp/Properties/config.json
+fi
diff --git a/config/pe/pap.conf b/config/pe/pap.conf
new file mode 100644
index 00000000..084f127f
--- /dev/null
+++ b/config/pe/pap.conf
@@ -0,0 +1,55 @@
+# pap component installation configuration parameters
+
+# tomcat specific parameters
+
+TOMCAT_JMX_PORT=9990
+TOMCAT_SHUTDOWN_PORT=9405
+SSL_HTTP_CONNECTOR_PORT=9091
+SSL_AJP_CONNECTOR_PORT=8380
+SSL_AJP_CONNECTOR_REDIRECT_PORT=8443
+
+TOMCAT_X_MS_MB=1024
+TOMCAT_X_MX_MB=1024
+
+# pap properties
+
+PAP_PDPS=${{POLICY_HOME}}/servers/pap/bin/pdps
+PAP_URL=http://pap:9091/pap/
+
+PAP_INITIATE_PDP=true
+PAP_HEARTBEAT_INTERVAL=10000
+PAP_HEARTBEAT_TIMEOUT=10000
+
+REST_ADMIN_DOMAIN=com
+REST_ADMIN_REPOSITORY=repository
+REST_ADMIN_WORKSPACE=workspace
+
+# PDP related properties
+
+PAP_PDP_URL=http://pdp:8081/pdp/
+PAP_PDP_HTTP_USER_ID=testpdp
+PAP_PDP_HTTP_PASSWORD=alpha123
+
+PAP_HTTP_USER_ID=testpap
+PAP_HTTP_PASSWORD=alpha123
+
+#new values added 10-21-2015
+PROP_PAP_TRANS_WAIT=500000
+PROP_PAP_TRANS_TIMEOUT=5000
+PROP_PAP_AUDIT_TIMEOUT=300000
+PROP_PAP_RUN_AUDIT_FLAG=true
+PROP_PAP_AUDIT_FLAG=true
+
+PROP_PAP_INCOMINGNOTIFICATION_TRIES=4
+
+
+node_type=pap
+resource_name=pap_1
+dependency_groups=paplp_1
+test_via_jmx=true
+
+# The (optional) period of time in seconds between executions of the integrity audit.
+# Value < 0 : Audit does not run (default value if property is not present = -1)
+# Value = 0 : Audit runs continuously
+# Value > 0 : The period of time in seconds between execution of the audit on a particular node
+integrity_audit_period_seconds=-1
diff --git a/config/pe/paplp.conf b/config/pe/paplp.conf
new file mode 100644
index 00000000..9fdd643b
--- /dev/null
+++ b/config/pe/paplp.conf
@@ -0,0 +1,12 @@
+# JVM specific parameters
+LOGPARSER_JMX_PORT=9996
+LOGPARSER_X_MS_MB=1024
+LOGPARSER_X_MX_MB=1024
+
+SERVER=http://pap:9091/pap/
+LOGPATH=${{POLICY_HOME}}/servers/pap/logs/pap-rest.log
+PARSERLOGPATH=IntegrityMonitor.log
+
+node_type=logparser
+# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase
+resource_name=paplp_1
diff --git a/config/pe/pdp-tweaks.sh b/config/pe/pdp-tweaks.sh
new file mode 100755
index 00000000..f6825363
--- /dev/null
+++ b/config/pe/pdp-tweaks.sh
@@ -0,0 +1,2 @@
+#! /bin/bash
+
diff --git a/config/pe/pdp.conf b/config/pe/pdp.conf
new file mode 100644
index 00000000..363fdcb3
--- /dev/null
+++ b/config/pe/pdp.conf
@@ -0,0 +1,36 @@
+# pdp component installation configuration parameters
+
+# tomcat specific parameters
+
+TOMCAT_JMX_PORT=9991
+TOMCAT_SHUTDOWN_PORT=8087
+SSL_HTTP_CONNECTOR_PORT=8081
+SSL_AJP_CONNECTOR_PORT=8381
+SSL_AJP_CONNECTOR_REDIRECT_PORT=8443
+
+TOMCAT_X_MS_MB=1024
+TOMCAT_X_MX_MB=1024
+
+# pdp properties
+
+UEB_CLUSTER=vm1.mr.simpledemo.openecomp.org
+
+REST_PAP_URL=http://pap:9091/pap/
+REST_PDP_ID=http://pdp:8081/pdp/
+REST_PDP_CONFIG=${{POLICY_HOME}}/servers/pdp/bin/config
+REST_PDP_WEBAPPS=${{POLICY_HOME}}/servers/pdp/webapps
+REST_PDP_REGISTER=true
+REST_PDP_REGISTER_SLEEP=15
+REST_PDP_REGISTER_RETRIES=-1
+REST_PDP_MAXCONTENT=999999999
+
+# PDP related properties
+PDP_HTTP_USER_ID=testpdp
+PDP_HTTP_PASSWORD=alpha123
+PDP_PAP_PDP_HTTP_USER_ID=testpap
+PDP_PAP_PDP_HTTP_PASSWORD=alpha123
+
+node_type=pdp_xacml
+resource_name=pdp_1
+dependency_groups=pdplp_1;pypdp_1;brmsgw_1
+test_via_jmx=true
diff --git a/config/pe/pdplp.conf b/config/pe/pdplp.conf
new file mode 100644
index 00000000..789d2b01
--- /dev/null
+++ b/config/pe/pdplp.conf
@@ -0,0 +1,12 @@
+# JVM specific parameters
+LOGPARSER_JMX_PORT=9997
+LOGPARSER_X_MS_MB=1024
+LOGPARSER_X_MX_MB=1024
+
+SERVER=http://pdp:8081/pdp/
+LOGPATH=${{POLICY_HOME}}/servers/pdp/logs/pdp-rest.log
+PARSERLOGPATH=IntegrityMonitor.log
+
+node_type=logparser
+# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase
+resource_name=pdplp_1
diff --git a/config/pe/push-policies.sh b/config/pe/push-policies.sh
new file mode 100644
index 00000000..957156ed
--- /dev/null
+++ b/config/pe/push-policies.sh
@@ -0,0 +1,75 @@
+#! /bin/bash
+
+
+echo "Pushing default policies"
+
+# Sometimes brmsgw gets an error when trying to retrieve the policies on initial push,
+# so for the BRMS policies we will do a push, then delete from the pdp group, then push again.
+# Second push should be successful.
+
+curl -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHJlc3Q6M2MwbXBVI2gwMUBOMWMz' --header 'Environment: TEST' -d '{
+ "pdpGroup": "default",
+ "policyName": "vFirewall",
+ "policyScope": "com",
+ "policyType": "MicroService"
+}' 'http://pypdp:8480/PyPDPServer/pushPolicy'
+
+sleep 2
+
+curl -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHJlc3Q6M2MwbXBVI2gwMUBOMWMz' --header 'Environment: TEST' -d '{
+ "pdpGroup": "default",
+ "policyName": "vLoadBalancer",
+ "policyScope": "com",
+ "policyType": "MicroService"
+}' 'http://pypdp:8480/PyPDPServer/pushPolicy'
+
+sleep 2
+curl -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHJlc3Q6M2MwbXBVI2gwMUBOMWMz' --header 'Environment: TEST' -d '{
+ "pdpGroup": "default",
+ "policyName": "BRMSParamvLBDemoPolicy",
+ "policyScope": "com",
+ "policyType": "BRMS_Param"
+}' 'http://pypdp:8480/PyPDPServer/pushPolicy'
+
+sleep 2
+
+curl -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHJlc3Q6M2MwbXBVI2gwMUBOMWMz' --header 'Environment: TEST' -d '{
+ "pdpGroup": "default",
+ "policyName": "BRMSParamvFWDemoPolicy",
+ "policyScope": "com",
+ "policyType": "BRMS_Param"
+}' 'http://pypdp:8480/PyPDPServer/pushPolicy'
+
+sleep 2
+
+curl -X DELETE --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHJlc3Q6M2MwbXBVI2gwMUBOMWMz' --header 'Environment: TEST' -d '{
+"pdpGroup": "default",
+"policyComponent": "PDP",
+"policyName": "com.Config_BRMS_Param_BRMSParamvFWDemoPolicy.1.xml"
+}' 'http://pypdp:8480/PyPDPServer/deletePolicy'
+
+
+
+curl -X DELETE --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHJlc3Q6M2MwbXBVI2gwMUBOMWMz' --header 'Environment: TEST' -d '{
+"pdpGroup": "default",
+"policyComponent": "PDP",
+"policyName": "com.Config_BRMS_Param_BRMSParamvLBDemoPolicy.1.xml"
+}' 'http://pypdp:8480/PyPDPServer/deletePolicy'
+
+sleep 2
+curl -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHJlc3Q6M2MwbXBVI2gwMUBOMWMz' --header 'Environment: TEST' -d '{
+ "pdpGroup": "default",
+ "policyName": "BRMSParamvLBDemoPolicy",
+ "policyScope": "com",
+ "policyType": "BRMS_Param"
+}' 'http://pypdp:8480/PyPDPServer/pushPolicy'
+
+sleep 2
+
+curl -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHJlc3Q6M2MwbXBVI2gwMUBOMWMz' --header 'Environment: TEST' -d '{
+ "pdpGroup": "default",
+ "policyName": "BRMSParamvFWDemoPolicy",
+ "policyScope": "com",
+ "policyType": "BRMS_Param"
+}' 'http://pypdp:8480/PyPDPServer/pushPolicy'
+
diff --git a/config/pe/pypdp-tweaks.sh b/config/pe/pypdp-tweaks.sh
new file mode 100755
index 00000000..5d899bd1
--- /dev/null
+++ b/config/pe/pypdp-tweaks.sh
@@ -0,0 +1,3 @@
+#! /bin/bash
+
+
diff --git a/config/pe/pypdp.conf b/config/pe/pypdp.conf
new file mode 100644
index 00000000..4a792b47
--- /dev/null
+++ b/config/pe/pypdp.conf
@@ -0,0 +1,25 @@
+# pypdp component installation configuration parameters
+
+# tomcat specific parameters
+
+TOMCAT_JMX_PORT=9994
+TOMCAT_SHUTDOWN_PORT=8405
+SSL_HTTP_CONNECTOR_PORT=8480
+SSL_AJP_CONNECTOR_PORT=8384
+SSL_AJP_CONNECTOR_REDIRECT_PORT=8443
+
+TOMCAT_X_MS_MB=1024
+TOMCAT_X_MX_MB=1024
+
+# pypdp parameters
+
+PDP_URL=http://pdp:8081/pdp/,testpdp,alpha123
+PAP_URL=http://pap:9091/pap/,testpap,alpha123
+PYPDP_ID=testrest
+PYPDP_PASSWORD=3c0mpU#h01@N1c3
+
+node_type=pypdp
+# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase
+resource_name=pypdp_1
+
+CLIENT_FILE=client.properties
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 00000000..f4e73213
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,80 @@
+version: '2'
+services:
+ mariadb:
+ image: ecomp-nexus:51220/policy/policy-db
+# build:
+# context: ./policy-db
+ container_name: mariadb
+ hostname: mariadb
+ ports:
+ - "3306:3306"
+ nexus:
+ image: ecomp-nexus:51220/policy/policy-nexus
+# build:
+# context: ./policy-nexus
+ container_name: nexus
+ hostname: nexus
+ pap:
+ image: ecomp-nexus:51220/policy/policy-pe
+# build:
+# context: ./policy-pe
+ container_name: pap
+ depends_on:
+ - mariadb
+ hostname: pap
+ ports:
+ - "8443:8443"
+ - "9091:9091"
+ command: pap
+ volumes:
+ - ./config/pe:/tmp/policy-install/config
+ pdp:
+ image: ecomp-nexus:51220/policy/policy-pe
+# build:
+# context: ./policy-pe
+ container_name: pdp
+ depends_on:
+ - pap
+ hostname: pdp
+ ports:
+ - "10.0.6.1:8081:8081"
+ command: pdp
+ volumes:
+ - ./config/pe:/tmp/policy-install/config
+ pypdp:
+ image: ecomp-nexus:51220/policy/policy-pe
+# build:
+# context: ./policy-pe
+ container_name: pypdp
+ depends_on:
+ - pap
+ hostname: pypdp
+ ports:
+ - "8480:8480"
+ command: pypdp
+ volumes:
+ - ./config/pe:/tmp/policy-install/config
+ brmsgw:
+ image: ecomp-nexus:51220/policy/policy-pe
+# build:
+# context: ./policy-pe
+ container_name: brmsgw
+ depends_on:
+ - pap
+ hostname: brmsgw
+ command: brmsgw
+ volumes:
+ - ./config/pe:/tmp/policy-install/config
+ drools:
+ image: ecomp-nexus:51220/policy/policy-drools
+# build:
+# context: ./policy-drools
+ container_name: drools
+ depends_on:
+ - mariadb
+ - nexus
+ hostname: drools
+ ports:
+ - "6969:6969"
+ volumes:
+ - ./config/drools:/tmp/policy-install/config
diff --git a/policy-base/Dockerfile b/policy-base/Dockerfile
new file mode 100644
index 00000000..943d3362
--- /dev/null
+++ b/policy-base/Dockerfile
@@ -0,0 +1,12 @@
+FROM ecomp-nexus:51220/policy/policy-os
+
+
+# install MariaDB client
+RUN \
+ apt-get install -y apt-transport-https && \
+ apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db && \
+ add-apt-repository 'deb [arch=amd64,i386,ppc64el] https://mirrors.evowise.com/mariadb/repo/10.1/ubuntu trusty main' && \
+ apt-get update && \
+ apt-get install -y mariadb-client
+
+
diff --git a/policy-db/Dockerfile b/policy-db/Dockerfile
new file mode 100644
index 00000000..3f8ed0b7
--- /dev/null
+++ b/policy-db/Dockerfile
@@ -0,0 +1,17 @@
+FROM ecomp-nexus:51220/policy/policy-os
+
+RUN \
+ apt-get install -y apt-transport-https && \
+ apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db && \
+ add-apt-repository 'deb [arch=amd64,i386,ppc64el] https://mirrors.evowise.com/mariadb/repo/10.1/ubuntu trusty main' && \
+ apt-get update && \
+ apt-get install -y mariadb-server && \
+ touch /var/lib/mysql/firstrun
+
+COPY dbinit.sh do-start.sh /tmp/
+RUN bash /tmp/dbinit.sh
+
+# mount volumes to persist the data
+VOLUME /etc/mysql /var/lib/mysql
+
+CMD exec bash /tmp/do-start.sh
diff --git a/policy-db/dbinit.sh b/policy-db/dbinit.sh
new file mode 100644
index 00000000..19f4a5bd
--- /dev/null
+++ b/policy-db/dbinit.sh
@@ -0,0 +1,38 @@
+#sed -i '/^bind-address/s/127\.0\.0\.1/0.0.0.0/' /etc/mysql/my.cnf
+cat >/etc/mysql/conf.d/policy.cnf <<-'EOF'
+ [mysqld]
+ lower_case_table_names = 1
+ bind-address = 0.0.0.0
+EOF
+
+echo "Starting mysqld"
+service mysql start
+
+echo "Run mysql_secure_installation"
+/usr/bin/mysql_secure_installation <<-EOF
+
+ y
+ secret
+ secret
+ y
+ y
+ y
+ y
+EOF
+
+echo "Creating db schemas and user"
+mysql -uroot -psecret <<-EOF
+ create database xacml;
+ create database log;
+ create database support;
+ create table support.db_version(the_key varchar(20) not null, version varchar(20), primary key(the_key));
+ insert into support.db_version values('VERSION', '00');
+ insert into support.db_version values('DROOLS_VERSION', '00');
+ create user 'policy_user'@'localhost' identified by 'policy_user';
+ grant all privileges on *.* to 'policy_user'@'localhost' with grant option;
+ flush privileges;
+ select * from support.db_version;
+EOF
+
+echo "Stopping mysqld"
+service mysql stop
diff --git a/policy-db/do-start.sh b/policy-db/do-start.sh
new file mode 100755
index 00000000..49dbe0fe
--- /dev/null
+++ b/policy-db/do-start.sh
@@ -0,0 +1,12 @@
+#! /bin/bash
+
+# determine IP pattern associated with 'eth0' (assume net mask = 255.255.0.0)
+ipPattern=$(ifconfig eth0|sed -n -e 's/^.*inet addr:\([^\.]*.[^\.]*\)\..*$/\1.%.%/p')
+
+# start MySQL, and grant all privileges to the local network
+# (it doesn't hurt to do the 'grant' multiple times)
+service mysql start
+mysql -uroot -psecret \
+ -e "grant all privileges on *.* to 'policy_user'@'${ipPattern}' identified by 'policy_user' with grant option;"
+
+exec sleep 1000d
diff --git a/policy-drools/Dockerfile b/policy-drools/Dockerfile
new file mode 100644
index 00000000..40d8809d
--- /dev/null
+++ b/policy-drools/Dockerfile
@@ -0,0 +1,11 @@
+FROM ecomp-nexus:51220/policy/policy-base
+
+RUN mkdir -p /opt/app/policy /tmp/policy-install && chown policy /opt/app/policy /tmp/policy-install
+WORKDIR /tmp/policy-install
+
+COPY install-drools.zip apps.zip docker-install.sh do-start.sh wait-for-port.sh ./
+
+RUN unzip install-drools.zip && unzip apps.zip && rm install-drools.zip apps.zip && chown -R policy * && chmod +x *.sh
+
+USER policy
+CMD ./do-start.sh
diff --git a/policy-drools/do-start.sh b/policy-drools/do-start.sh
new file mode 100644
index 00000000..0d57d834
--- /dev/null
+++ b/policy-drools/do-start.sh
@@ -0,0 +1,49 @@
+#!/bin/bash
+
+# skip installation if build.info file is present (restarting an existing container)
+if [[ -f /opt/app/policy/etc/build.info ]]; then
+ echo "Found existing installation, will not reinstall"
+ . /opt/app/policy/etc/profile.d/env.sh
+else
+ # replace conf files from installer with environment-specific files
+ # mounted from the hosting VM
+ if [[ -d config ]]; then
+ cp config/*.conf .
+ fi
+
+ # wait for nexus up before installing, since installation
+ # needs to deploy some artifacts to the repo
+ ./wait-for-port.sh nexus 8081
+
+ ./docker-install.sh
+
+ . /opt/app/policy/etc/profile.d/env.sh
+
+ # install policy keystore
+ mkdir -p $POLICY_HOME/etc/ssl
+ cp config/policy-keystore $POLICY_HOME/etc/ssl
+
+ # this should probably be done by install.sh
+ mvn install:install-file archetype:crawl -Dfile="archetype-closedloop-demo-rules-1.0.0-SNAPSHOT.jar" -DgroupId=org.openecomp.policy.archetype -DartifactId=archetype-closedloop-demo-rules -Dversion="1.0.0-SNAPSHOT" -Dpackaging=jar -DgeneratePom=true -DupdateReleaseInfo=true
+
+ if [[ -x config/drools-tweaks.sh ]] ; then
+ echo "Executing tweaks"
+ # file may not be executable; running it as an
+ # argument to bash avoids needing execute perms.
+ bash config/drools-tweaks.sh
+ fi
+
+ # wait for DB up
+ ./wait-for-port.sh mariadb 3306
+ # now that DB is up, invoke database upgrade
+ # (which does nothing if the db is already up-to-date)
+ dbuser=$(echo $(grep '^JDBC_USER=' base.conf | cut -f2 -d=))
+ dbpw=$(echo $(grep '^JDBC_PASSWORD=' base.conf | cut -f2 -d=))
+ db_upgrade_droolspdp_remote.sh $dbuser $dbpw mariadb
+fi
+
+echo "Starting processes"
+
+policy.sh start
+
+sleep 1000d
diff --git a/policy-drools/docker-install.sh b/policy-drools/docker-install.sh
new file mode 100644
index 00000000..fd920648
--- /dev/null
+++ b/policy-drools/docker-install.sh
@@ -0,0 +1,851 @@
+#!/bin/bash
+
+###
+# ============LICENSE_START=======================================================
+# Installation Package
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+
+function JAVA_HOME() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ if [[ -z ${JAVA_HOME} ]]; then
+ echo "error: aborting installation: JAVA_HOME variable must be present in base.conf"
+ exit 1;
+ fi
+
+ echo "JAVA_HOME is ${JAVA_HOME}"
+}
+
+function POLICY_HOME() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ if [[ -z ${POLICY_HOME} ]]; then
+ echo "error: aborting installation: the installation directory POLICY_HOME must be set"
+ exit 1
+ fi
+
+ POLICY_HOME_ABS=$(readlink -f "${POLICY_HOME}")
+ if [[ -n ${POLICY_HOME_ABS} ]]; then
+ export POLICY_HOME=${POLICY_HOME_ABS}
+ fi
+
+ echo "POLICY_HOME is ${POLICY_HOME}"
+
+ # Do not allow installations from within POLICY_HOME dir or sub-dirs
+ if [[ "$(pwd)/" == ${POLICY_HOME}/* ]]; then
+ echo "error: aborting installation: cannot be executed from '${POLICY_HOME}' or sub-directories. "
+ exit 1
+ fi
+}
+
+function check_java() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ TARGET_JAVA_VERSION=$1
+
+ if [[ -z ${JAVA_HOME} ]]; then
+ echo "error: ${JAVA_HOME} is not set"
+ return 1
+ fi
+
+ if ! check_x_file "${JAVA_HOME}/bin/java"; then
+ echo "error: ${JAVA_HOME}/bin/java is not accessible"
+ return 1
+ fi
+
+ INSTALLED_JAVA_VERSION=$("${JAVA_HOME}/bin/java" -version 2>&1 | awk -F '"' '/version/ {print $2}')
+ if [[ -z $INSTALLED_JAVA_VERSION ]]; then
+ echo "error: ${JAVA_HOME}/bin/java is invalid"
+ return 1
+ fi
+
+ if [[ "${INSTALLED_JAVA_VERSION}" != ${TARGET_JAVA_VERSION}* ]]; then
+ echo "error: java version (${INSTALLED_JAVA_VERSION}) does not"\
+ "march desired version ${TARGET_JAVA_VERSION}"
+ return 1
+ fi
+
+ echo "OK: java ${INSTALLED_JAVA_VERSION} installed"
+
+ if ! type -p "${JAVA_HOME}/bin/keytool" > /dev/null 2>&1; then
+ echo "error: {JAVA_HOME}/bin/keytool is not installed"
+ return 1
+ fi
+}
+
+function process_configuration() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ CONF_FILE=$1
+ while read line || [ -n "${line}" ]; do
+ if [[ -n ${line} ]] && [[ ${line} != *#* ]]; then
+ name=$(echo "${line%%=*}")
+ value=$(echo "${line#*=}")
+ # escape ampersand so that sed does not replace it with the search string
+ value=${value//&/\\&}
+ if [[ -z ${name} ]] || [[ -z $value ]]; then
+ echo "WARNING: ${line} missing name or value"
+ fi
+ export ${name}="${value}"
+ eval "${name}" "${value}" 2> /dev/null
+ fi
+ done < "${CONF_FILE}"
+ return 0
+}
+
+function component_preinstall() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ /bin/sed -i -e 's!${{POLICY_HOME}}!'"${POLICY_HOME}!g" \
+ -e 's!${{FQDN}}!'"${FQDN}!g" \
+ *.conf > /dev/null 2>&1
+}
+
+function configure_component() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ CONF_FILE=$1
+ COMPONENT_ROOT_DIR=$2
+
+ SED_LINE="sed -i"
+ SED_LINE+=" -e 's!\${{POLICY_HOME}}!${POLICY_HOME}!g' "
+ SED_LINE+=" -e 's!\${{POLICY_USER}}!${POLICY_USER}!g' "
+ SED_LINE+=" -e 's!\${{POLICY_GROUP}}!${POLICY_GROUP}!g' "
+ SED_LINE+=" -e 's!\${{KEYSTORE_PASSWD}}!${KEYSTORE_PASSWD}!g' "
+ SED_LINE+=" -e 's!\${{JAVA_HOME}}!${JAVA_HOME}!g' "
+
+ while read line || [ -n "${line}" ]; do
+ if [[ -n $line ]] && [[ $line != *#* ]]; then
+ name=$(echo "${line%%=*}")
+ value=$(echo "${line#*=}")
+ # escape ampersand so that sed does not replace it with the search string
+ value=${value//&/\\&}
+ if [[ -z ${name} ]] || [[ -z ${value} ]]; then
+ echo "WARNING: ${line} missing name or value"
+ fi
+ SED_LINE+=" -e 's!\${{${name}}}!${value}!g' "
+
+ fi
+ done < "$CONF_FILE"
+
+ SED_FILES=""
+ for sed_file in $(find "${COMPONENT_ROOT_DIR}" -path ${COMPONENT_ROOT_DIR}/backup -prune -o -name '*.xml' -o -name '*.sh' -o -name '*.properties' -o -name '*.json' -o -name '*.conf' -o -name '*.cfg' -o -name '*.template' -o -name '*.conf' -o -name '*.cron'); do
+ if fgrep -l '${{' ${sed_file} > /dev/null 2>&1; then
+ SED_FILES+="${sed_file} "
+ fi
+ done
+
+ if [[ -z ${SED_FILES} ]]; then
+ echo "WARNING: no xml, sh, properties, or conf files to perform configuration expansion"
+ else
+ SED_LINE+=${SED_FILES}
+ eval "${SED_LINE}"
+ fi
+}
+
+function configure_settings() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ # The goal is to have repositories for both 'release' and 'snapshot'
+ # artifacts. These may either be remote (e.g. Nexus) repositories, or
+ # a local file-based repository.
+ local fileRepoID=file-repository
+ local fileRepoUrl=file:$HOME_M2/file-repository
+ mkdir -p "${fileRepoUrl#file:}"
+
+ # The following parameters are also used outside of this function.
+ # if snapshotRepositoryUrl and/or releaseRepositoryUrl is defined,
+ # the corresponding ID and url will be updated below
+ releaseRepoID=${fileRepoID}
+ releaseRepoUrl=${fileRepoUrl}
+ snapshotRepoID=${fileRepoID}
+ snapshotRepoUrl=${fileRepoUrl}
+
+ # if both snapshotRepositoryUrl and releaseRepositoryUrl are null,
+ # use standalone-settings.xml that just defines the file-based repo.
+ # if only one of them is specified, use file-based repo for the other.
+ if [[ -z "$snapshotRepositoryUrl" && -z $releaseRepositoryUrl ]]; then
+ echo "snapshotRepositoryUrl and releaseRepositoryUrl properties not set, configuring settings.xml for standalone operation"
+ mv $HOME_M2/standalone-settings.xml $HOME_M2/settings.xml
+ else
+ rm $HOME_M2/standalone-settings.xml
+
+ if [[ -n "${snapshotRepositoryUrl}" ]] ; then
+ snapshotRepoID=${snapshotRepositoryID}
+ snapshotRepoUrl=${snapshotRepositoryUrl}
+ fi
+ if [[ -n "${releaseRepositoryUrl}" ]] ; then
+ releaseRepoID=${releaseRepositoryID}
+ releaseRepoUrl=${releaseRepositoryUrl}
+ fi
+ fi
+
+ SED_LINE="sed -i"
+ SED_LINE+=" -e 's!\${{snapshotRepositoryID}}!${snapshotRepoID}!g' "
+ SED_LINE+=" -e 's!\${{snapshotRepositoryUrl}}!${snapshotRepoUrl}!g' "
+ SED_LINE+=" -e 's!\${{releaseRepositoryID}}!${releaseRepoID}!g' "
+ SED_LINE+=" -e 's!\${{releaseRepositoryUrl}}!${releaseRepoUrl}!g' "
+ SED_LINE+=" -e 's!\${{repositoryUsername}}!${repositoryUsername}!g' "
+ SED_LINE+=" -e 's!\${{repositoryPassword}}!${repositoryPassword}!g' "
+ SED_LINE+=" -e 's!\${{fileRepoID}}!${fileRepoID}!g' "
+ SED_LINE+=" -e 's!\${{fileRepoUrl}}!${fileRepoUrl}!g' "
+
+ SED_LINE+="$HOME_M2/settings.xml"
+ eval "${SED_LINE}"
+
+}
+
+
+function check_r_file() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ FILE=$1
+ if [[ ! -f ${FILE} || ! -r ${FILE} ]]; then
+ return 1
+ fi
+
+ return 0
+}
+
+function check_x_file() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ FILE=$1
+ if [[ ! -f ${FILE} || ! -x ${FILE} ]]; then
+ return 1
+ fi
+
+ return 0
+}
+
+function install_prereqs() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ CONF_FILE=$1
+
+ if ! check_r_file "${CONF_FILE}"; then
+ echo "error: aborting ${COMPONENT_TYPE} installation: ${CONF_FILE} is not accessible"
+ exit 1
+ fi
+
+ if ! process_configuration "${CONF_FILE}"; then
+ echo "error: aborting ${COMPONENT_TYPE} installation: cannot process configuration ${CONF_FILE}"
+ exit 1
+ fi
+
+ if ! check_java "1.8"; then
+ echo "error: aborting ${COMPONENT_TYPE} installation: invalid java version"
+ exit 1
+ fi
+
+
+ if [[ -z ${POLICY_HOME} ]]; then
+ echo "error: aborting ${COMPONENT_TYPE} installation: ${POLICY_HOME} is not set"
+ exit 1
+ fi
+
+ HOME_OWNER=$(ls -ld "${POLICY_HOME}" | awk '{print $3}')
+ if [[ ${HOME_OWNER} != ${POLICY_USER} ]]; then
+ echo "error: aborting ${COMPONENT_TYPE} installation: ${POLICY_USER} does not own ${POLICY_HOME} directory"
+ exit 1
+ fi
+
+ echo -n "Starting ${OPERATION} of ${COMPONENT_TYPE} under ${POLICY_USER}:${POLICY_GROUP} "
+ echo "ownership with umask $(umask)."
+}
+
+function configure_base() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ # check if fqdn is set in base.conf and use that value if set
+ if [[ -z ${INSTALL_FQDN} ]]
+ then
+ echo "FQDN not set in config...using the default FQDN ${FQDN}"
+ else
+ echo "Using FQDN ${INSTALL_FQDN} from config"
+ FQDN=${INSTALL_FQDN}
+ fi
+
+ configure_component "${BASE_CONF}" "${POLICY_HOME}"
+
+ configure_settings
+
+ BASH_PROFILE_LINE=". ${POLICY_HOME}/etc/profile.d/env.sh"
+ PROFILE_LINE="ps -p \$\$ | grep -q bash || . ${POLICY_HOME}/etc/profile.d/env.sh"
+
+ # Note: adding to .bashrc instead of .bash_profile
+ if ! fgrep -x "${BASH_PROFILE_LINE}" "${HOME}/.bashrc" >/dev/null 2>&1; then
+ echo "${BASH_PROFILE_LINE}" >> "${HOME}/.bashrc"
+ fi
+
+ if ! fgrep -x "${PROFILE_LINE}" "${HOME}/.profile" >/dev/null 2>&1; then
+ echo "${PROFILE_LINE}" >> "${HOME}/.profile"
+ fi
+
+
+ . "${POLICY_HOME}/etc/profile.d/env.sh"
+
+ cat "${POLICY_HOME}"/etc/cron.d/* | crontab
+}
+
+function install_base() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ install_prereqs "${BASE_CONF}"
+
+ # following properties must be set:
+ # POLICY_HOME - installation directory, must exist and be writable
+
+ # test that all required properties are set
+ for var in POLICY_HOME JAVA_HOME
+ do
+ if [[ -z $(eval echo \$$var) ]]; then
+ echo "ERROR: $var must be set in $BASE_CONF"
+ exit 1
+ fi
+ done
+
+ if [[ ! ( -d "$POLICY_HOME" && -w "$POLICY_HOME" ) ]]; then
+ echo "ERROR: Installation directory $POLICY_HOME does not exist or not writable"
+ exit 1
+ fi
+
+ if ! /bin/rm -fr "${POLICY_HOME}"/* > /dev/null 2>&1; then
+ echo "error: aborting base installation: cannot delete the underlying ${POLICY_HOME} files"
+ exit 1
+ fi
+
+ POLICY_HOME_CONTENTS=$(ls -A "${POLICY_HOME}" 2> /dev/null)
+ if [[ -n ${POLICY_HOME_CONTENTS} ]]; then
+ echo "error: aborting base installation: ${POLICY_HOME} directory is not empty"
+ exit 1
+ fi
+
+ if ! /bin/mkdir -p "${POLICY_HOME}/logs/" > /dev/null 2>&1; then
+ echo "error: aborting base installation: cannot create ${POLICY_HOME}/logs/"
+ exit 1
+ fi
+
+ BASE_TGZ=$(ls base-*.tar.gz)
+ if [ ! -r ${BASE_TGZ} ]; then
+ echo "error: aborting: base package is not accessible"
+ exit 1
+ fi
+
+ tar -tzf ${BASE_TGZ} > /dev/null 2>&1
+ if [[ $? != 0 ]]; then
+ echo >&2 "error: aborting installation: invalid base package file: ${BASE_TGZ}"
+ exit 1
+ fi
+
+ BASEX_TGZ=$(ls basex-*.tar.gz)
+ if [ ! -r ${BASEX_TGZ} ]; then
+ echo "warning: basex package is not accessible"
+ BASEX_TGZ=
+ else
+ tar -tzf ${BASEX_TGZ} > /dev/null 2>&1
+ if [[ $? != 0 ]]; then
+ echo >&2 "warning: invalid basex package tar file: ${BASEX_TGZ}"
+ BASEX_TGZ=
+ fi
+ fi
+
+
+ # Undo any changes in the $HOME directory if any
+
+ BASH_PROFILE_LINE=". ${POLICY_HOME}/etc/profile.d/env.sh"
+# PROFILE_LINE="ps -p \$\$ | grep -q bash || . ${POLICY_HOME}/etc/profile.d/env.sh"
+
+ # Note: using .bashrc instead of .bash_profile
+ if [[ -f ${HOME}/.bashrc ]]; then
+ /bin/sed -i.bak "\:${BASH_PROFILE_LINE}:d" "${HOME}/.bashrc"
+ fi
+
+# if [[ -f ${HOME}/.profile ]]; then
+# /bin/sed -i.bak "\:${PROFILE_LINE}:d" "${HOME}/.profile"
+# fi
+
+ tar -C ${POLICY_HOME} -xf ${BASE_TGZ} --no-same-owner
+ if [[ $? != 0 ]]; then
+ # this should not happened
+ echo "error: aborting base installation: base package cannot be unpacked: ${BASE_TGZ}"
+ exit 1
+ fi
+
+ if [ ! -z ${BASEX_TGZ} ]; then
+ tar -C ${POLICY_HOME} -xf ${BASEX_TGZ} --no-same-owner
+ if [[ $? != 0 ]]; then
+ # this should not happened
+ echo "warning: basex package cannot be unpacked: ${BASEX_TGZ}"
+ fi
+ fi
+
+# /bin/mkdir -p ${POLICY_HOME}/etc/ssl > /dev/null 2>&1
+# /bin/mkdir -p ${POLICY_HOME}/etc/init.d > /dev/null 2>&1
+# /bin/mkdir -p ${POLICY_HOME}/nagios/tmp > /dev/null 2>&1
+# /bin/mkdir -p ${POLICY_HOME}/tmp > /dev/null 2>&1
+# /bin/mkdir -p ${POLICY_HOME}/var > /dev/null 2>&1
+
+# chmod -R 755 ${POLICY_HOME}/nagios > /dev/null 2>&1
+
+ HOME_M2=$HOME/.m2
+ if [[ -d $HOME_M2 ]]; then
+ echo "Renaming existing $HOME_M2 to $HOME/m2.$TIMESTAMP"
+ mv $HOME_M2 $HOME/m2.$TIMESTAMP
+ if [[ $? != 0 ]]; then
+ echo "WARNING: Failed to rename $HOME_M2 directory; will use old directory"
+ fi
+ fi
+ if [[ ! -d $HOME_M2 ]]; then
+ echo "Moving m2 directory to $HOME_M2"
+ mv $POLICY_HOME/m2 $HOME_M2
+ if [[ $? != 0 ]]; then
+ echo "ERROR: Error in moving m2 directory"
+ exit 1
+ fi
+ fi
+
+ configure_base
+
+# if ! create_keystore; then
+# echo "error: aborting base installation: creating keystore"
+# exit 1
+# fi
+
+# list_unexpanded_files ${POLICY_HOME}
+
+}
+
+function install_controller()
+{
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ if [[ -f "${HOME}/.bashrc" ]]; then
+ source "${HOME}/.bashrc"
+ fi
+
+ if [[ -z ${POLICY_HOME} ]]; then
+ echo "error: aborting installation: POLICY_HOME environment variable is not set."
+ exit 1
+ fi
+
+ if ! check_r_file ${POLICY_HOME}/etc/profile.d/env.sh; then
+ echo "error: aborting installation: ${POLICY_HOME}/etc/profile.d/env.sh is not accessible"
+ exit 1
+ fi
+
+ CONTROLLER_CONF=$COMPONENT_TYPE.conf
+ install_prereqs "${CONTROLLER_CONF}"
+
+ # following properties must be set in conf file:
+ # CONTROLLER_ARTIFACT_ID - Maven artifactId for controller
+ # CONTROLLER_NAME - directory name for the controller; controller will be installed to
+ # $POLICY_HOME/controllers/$CONTROLLER_NAME
+ # CONTROLLER_PORT - port number for the controller REST interface
+ # RULES_ARTIFACT - rules artifact specifier: groupId:artifactId:version
+
+ # test that all required properties are set
+ for var in CONTROLLER_ARTIFACT_ID CONTROLLER_NAME CONTROLLER_PORT RULES_ARTIFACT UEB_TOPIC
+ do
+ if [[ -z $(eval echo \$$var) ]]; then
+ echo "ERROR: $var must be set in $CONTROLLER_CONF"
+ exit 1
+ fi
+ done
+
+ CONTROLLER_ZIP=$(ls $CONTROLLER_ARTIFACT_ID*.zip 2>&-)
+ if [[ -z $CONTROLLER_ZIP ]]; then
+ echo "ERROR: Cannot find controller zip file ($CONTROLLER_ARTIFACT_ID*.zip)"
+ exit 1
+ fi
+
+ if [[ ! "$CONTROLLER_NAME" =~ ^[A-Za-z0-9_-]+$ ]]; then
+ echo "ERROR: CONTROLLER_NAME may only contain alphanumeric, underscore, and dash characters"
+ exit 1
+ fi
+
+ if [[ ! "$CONTROLLER_PORT" =~ ^[0-9]+$ ]]; then
+ echo "ERROR: CONTROLLER_PORT is not a valid integer"
+ exit 1
+ fi
+
+ # split artifact string into parts
+ IFS=: read RULES_GROUPID RULES_ARTIFACTID RULES_VERSION <<<$RULES_ARTIFACT
+ if [[ -z $RULES_GROUPID || -z $RULES_ARTIFACTID || -z $RULES_VERSION ]]; then
+ echo "ERROR: Invalid setting for RULES_ARTIFACT property"
+ exit 1
+ fi
+
+ #RULES_JAR=$RULES_ARTIFACTID-$RULES_VERSION.jar
+ RULES_JAR=$(echo ${RULES_ARTIFACTID}-*.jar)
+ if ! check_r_file $RULES_JAR; then
+ echo "WARNING: Rules jar file $RULES_JAR not found in installer package, must be installed manually"
+ RULES_JAR=
+ fi
+
+
+ SOURCE_DIR=$PWD
+ CONTROLLER_DIR=$POLICY_HOME
+
+ cd $CONTROLLER_DIR
+
+ echo "Unpacking controller zip file"
+ # use jar command in case unzip not present on system
+ jar xf $SOURCE_DIR/$CONTROLLER_ZIP
+ if [[ $? != 0 ]]; then
+ echo "ERROR: unpack of controller zip file failed, install aborted"
+ exit 1
+ fi
+
+ chmod +x bin/*
+
+ # Perform base variable replacement in controller config file
+ configure_component "${SOURCE_DIR}/${BASE_CONF}" "${CONTROLLER_DIR}"
+
+ # Perform variable replacements in config files.
+ # config files may contain the following strings that need to be replaced with
+ # real values:
+ # AAAA - artifactId
+ # BBBB - Substring of AAAA after first dash (stripping initial "ncomp-" or "policy-")
+ # PORT - Port number for REST server
+
+ echo "Performing variable replacement in config files"
+ AAAA=$CONTROLLER_ARTIFACT_ID
+ BBBB=${AAAA#[a-z]*-}
+ PORT=$CONTROLLER_PORT
+ UTOPIC=${UEB_TOPIC}
+
+ for file in config/*
+ do
+ sed -i -e "s/AAAA/$AAAA/" -e "s/BBBB/$BBBB/" -e "s/PORT/$PORT/" -e "s!\${{UEB_TOPIC}}!${UTOPIC}!" $file
+ if [[ $? != 0 ]]; then
+ echo "ERROR: variable replacement failed for file $file, install aborted"
+ exit 1
+ fi
+ done
+
+ mv config/makefile .
+
+ # append properties for rules artifact to server properties
+ cat >>config/server.properties <<EOF
+
+rules.groupId=$RULES_GROUPID
+rules.artifactId=$RULES_ARTIFACTID
+rules.version=$RULES_VERSION
+EOF
+
+ # TODO: run pw.sh script to set passwords
+
+ # return to directory where we started
+ cd $SOURCE_DIR
+
+ # install rules jar into repository if present
+ if [[ -n $RULES_JAR ]]; then
+ # can't use RULES_VERSION because may be set to "LATEST",
+ # so extract version from the jar filename
+ ARTIFACT_VERSION=$(sed -e "s/${RULES_ARTIFACTID}-//" -e "s/\.jar//" <<<${RULES_JAR})
+ if [[ -n $repositoryUrl ]]; then
+ echo "Deploying rules artifact to Policy Repository"
+ mvn deploy:deploy-file -Dfile=$RULES_JAR \
+ -DgroupId=$RULES_GROUPID -DartifactId=$RULES_ARTIFACTID -Dversion=$ARTIFACT_VERSION \
+ -DrepositoryId=${repositoryID} -Durl=${repositoryUrl} \
+ -DgeneratePom=true -DupdateReleaseInfo=true
+ else
+ echo "Installing rules artifact into local .m2 repository"
+ mvn --offline org.apache.maven.plugins:maven-install-plugin:2.5.2:install-file \
+ -Dfile=$RULES_JAR -DgeneratePom=true -DupdateReleaseInfo=true
+ fi
+ fi
+
+ update_monitor $CONTROLLER_NAME
+}
+
+
+function update_monitor() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ NAME=$1
+
+ if [[ -f ${POLICY_HOME}/etc/monitor/monitor.cfg ]]; then
+ if grep -q "^${NAME}=" ${POLICY_HOME}/etc/monitor/monitor.cfg; then
+ echo "OK: updating monitoring entry for ${NAME}"
+ /bin/sed -i.bak \
+ -e "s/^${NAME}=.*/${NAME}=off/g" \
+ ${POLICY_HOME}/etc/monitor/monitor.cfg
+ else
+ # make sure file ends with newline
+ lastline=$(tail -n 1 ${POLICY_HOME}/etc/monitor/monitor.cfg; echo x)
+ lastline=${lastline%x}
+ if [ "${lastline: -1}" = $'\n' ]; then
+ echo "OK: adding an entry for ${NAME} in ${POLICY_HOME}/etc/monitor/monitor.cfg"
+ else
+ echo "OK: adding an entry for ${NAME} in ${POLICY_HOME}/etc/monitor/monitor.cfg (with newline)"
+ echo "" >> ${POLICY_HOME}/etc/monitor/monitor.cfg
+ fi
+
+
+ echo "${NAME}=off" >> ${POLICY_HOME}/etc/monitor/monitor.cfg
+ fi
+ else
+ echo "WARNING: ${POLICY_HOME}/etc/monitor/monitor.cfg does not exist. No monitoring enabled."
+ fi
+}
+
+# Usage: getPomAttributes <pom-file> <attribute> ...
+#
+# This function performs simplistic parsing of a 'pom.xml' file, extracting
+# the specified attributes (e.g. 'groupId', 'artifactId', 'version'). The
+# attributes are returned as environment variables with the associated name.
+
+function getPomAttributes
+{
+ local tab=$'\t'
+ local rval=0
+ local file="$1"
+ local attr
+ local value
+ shift
+ for attr in "$@" ; do
+ # Try to fetch the parameter associated with the 'pom.xml' file.
+ # Initially, the 'parent' element is excluded. If the desired
+ # parameter is not found, the 'parent' element is included in the
+ # second attempt.
+ value=$(sed -n \
+ -e '/<parent>/,/<\/parent>/d' \
+ -e '/<dependencies>/,/<\/dependencies>/d' \
+ -e '/<build>/,/<\/build>/d' \
+ -e "/^[ ${tab}]*<${attr}>\([^<]*\)<\/${attr}>.*/{s//\1/p;}" \
+ <"${file}")
+
+ if [[ "${value}" == "" ]] ; then
+ # need to check parent for parameter
+ value=$(sed -n \
+ -e '/<dependencies>/,/<\/dependencies>/d' \
+ -e '/<build>/,/<\/build>/d' \
+ -e "/^[ ${tab}]*<${attr}>\([^<]*\)<\/${attr}>.*/{s//\1/p;}" \
+ <"${file}")
+ if [[ "${value}" == "" ]] ; then
+ echo "${file}: Can't determine ${attr}" >&2
+ rval=1
+ fi
+ fi
+ # the following sets an environment variable with the name referred
+ # to by ${attr}
+ read ${attr} <<<"${value}"
+ done
+ return ${rval}
+}
+
+
+# Usage: installPom <pom-file>
+#
+# This function installs a 'pom.xml' file in the local repository
+
+function installPom
+{
+ # need to extract attributes from POM file
+ if getPomAttributes "${1}" artifactId groupId version ; then
+ local repoID repoUrl
+ if [[ "${version}" =~ SNAPSHOT ]] ; then
+ repoID=${snapshotRepoID}
+ repoUrl=${snapshotRepoUrl}
+ else
+ repoID=${releaseRepoID}
+ repoUrl=${releaseRepoUrl}
+ fi
+ echo "${1}: Deploying POM artifact to remote repository"
+ mvn deploy:deploy-file -Dfile="$1" \
+ -Dpackaging=pom -DgeneratePom=false \
+ -DgroupId=${groupId} \
+ -DartifactId=${artifactId} \
+ -Dversion=${version} \
+ -DrepositoryId=${repoID} -Durl=${repoUrl} \
+ -DupdateReleaseInfo=true
+ else
+ echo "${1}: Can't install pom due to missing attributes" >&2
+ return 1
+ fi
+}
+
+# Usage: installJar <jar-file>
+#
+# This function installs a JAR file in the local repository, as well as
+# the 'pom.xml' member it contains.
+
+function installJar
+{
+ local dir=$(mktemp -d)
+ local jar="${1##*/}"
+ cp -p "${1}" "${dir}/${jar}"
+
+ (
+ local rval=0
+ cd "${dir}"
+ # determine name of 'pom' file within JAR
+ local pom=$(jar tf ${jar} META-INF | grep '/pom\.xml$' | head -1)
+ if [[ "${pom}" ]] ; then
+ # extract pom file
+ jar xf ${jar} "${pom}"
+
+ # determine version from pom file
+ if getPomAttributes "${pom}" version ; then
+ local repoID repoUrl
+ if [[ "${version}" =~ SNAPSHOT ]] ; then
+ repoID=${snapshotRepoID}
+ repoUrl=${snapshotRepoUrl}
+ else
+ repoID=${releaseRepoID}
+ repoUrl=${releaseRepoUrl}
+ fi
+ echo "${1}: Deploying JAR artifact to remote repository"
+ mvn deploy:deploy-file \
+ -Dfile=${jar} \
+ -Dversion=${version} \
+ -Dpackaging=jar -DgeneratePom=false -DpomFile=${pom} \
+ -DrepositoryId=${repoID} -Durl=${repoUrl} \
+ -DupdateReleaseInfo=true
+ else
+ echo "${1}: Can't determine version from 'pom.xml'" >&2
+ rval=1
+ fi
+ else
+ echo "${1}: Can't find 'pom.xml'" >&2
+ rval=1
+ fi
+ rm -rf ${dir}
+ return ${rval}
+ )
+}
+
+# Unzip the 'artifacts-*.zip' file, and install all of the associated
+# artifacts into the local repository.
+
+function installArtifacts
+{
+ local file
+ if [[ -f $(echo artifacts-*.zip) ]] ; then
+ # use jar command in case unzip not present on system
+ jar xf artifacts-*.zip
+ for file in artifacts/* ; do
+ case "${file}" in
+ *pom.xml|*.pom) installPom "${file}";;
+ *.jar) installJar "${file}";;
+ *) echo "${file}: Don't know how to install artifact" >&2;;
+ esac
+ done
+ fi
+}
+
+function do_install()
+{
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ echo "Starting installation at $(date)"
+ echo
+
+ COMPONENT_TYPE=base
+ BASE_CONF=base.conf
+ install_base
+ component_preinstall
+
+ COMPONENT_TYPE=policy-management
+ install_controller
+
+ # install features
+ SOURCE_DIR=$PWD
+ cd $POLICY_HOME
+ jar xf ${SOURCE_DIR}/policy-persistence-*.zip
+ jar xf ${SOURCE_DIR}/policy-healthcheck-*.zip
+ cd ${SOURCE_DIR}
+
+ installArtifacts
+
+ echo
+ echo "Installation complete"
+ echo "Please logoff and login again to update shell environment"
+
+}
+
+DEBUG=n
+export POLICY_USER=$(/usr/bin/id -un)
+export POLICY_GROUP=$POLICY_USER
+
+FQDN=$(hostname -f 2> /dev/null)
+if [[ $? != 0 || -z ${FQDN} ]]; then
+ echo "error: cannot determine the FQDN for this host $(hostname)."
+ exit 1
+fi
+
+TIMESTAMP=$(date "+%Y%m%d-%H%M%S")
+LOGFILE=$PWD/install.log.$TIMESTAMP
+
+OPERATION=install
+BASE_CONF=base.conf
+
+do_install 2>&1 | tee $LOGFILE
diff --git a/policy-drools/wait-for-port.sh b/policy-drools/wait-for-port.sh
new file mode 100644
index 00000000..10f08ded
--- /dev/null
+++ b/policy-drools/wait-for-port.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+if [[ $# -ne 2 ]]; then
+ echo "Usage: wait-for-port hostname port" >&2
+ exit 1
+fi
+
+host=$1
+port=$2
+
+echo "Waiting for $host port $port open"
+until telnet $host $port </dev/null 2>/dev/null | grep -q '^Connected'; do
+ sleep 1
+done
+
+echo "$host port $port is open"
+
+exit 0
diff --git a/policy-nexus/Dockerfile b/policy-nexus/Dockerfile
new file mode 100644
index 00000000..68ee9178
--- /dev/null
+++ b/policy-nexus/Dockerfile
@@ -0,0 +1,19 @@
+FROM ecomp-nexus:51220/policy/policy-os
+
+
+# note that in following command sequence, wget exit status is 1 even on success,
+# so can't use && for conditional execution of next command
+RUN \
+ cd /tmp && \
+ wget https://sonatype-download.global.ssl.fastly.net/nexus/oss/nexus-2.14.2-01-bundle.tar.gz ; \
+ mkdir /opt/nexus && cd /opt/nexus && \
+ tar xfz /tmp/nexus-2.14.2-01-bundle.tar.gz && \
+ useradd --create-home --shell /bin/bash nexus && \
+ chown -R nexus *
+
+# make the sonatype-work directory persistent
+VOLUME /opt/nexus/sonatype-work
+
+USER nexus
+CMD bash -c "/opt/nexus/nexus-2.14.2-01/bin/nexus start && sleep 1000d"
+
diff --git a/policy-os/Dockerfile b/policy-os/Dockerfile
new file mode 100644
index 00000000..7acbf825
--- /dev/null
+++ b/policy-os/Dockerfile
@@ -0,0 +1,12 @@
+FROM ubuntu:14.04
+
+#RUN add-apt-repository ppa:openjdk-r/ppa
+RUN \
+ apt-get update && \
+ apt-get install -y zip unzip curl wget ssh telnet maven && \
+ apt-get install -y software-properties-common && \
+ add-apt-repository ppa:openjdk-r/ppa && \
+ apt-get update && \
+ apt-get install -y openjdk-8-jdk
+
+RUN useradd --create-home --shell /bin/bash policy
diff --git a/policy-pe/Dockerfile b/policy-pe/Dockerfile
new file mode 100644
index 00000000..cce1de1b
--- /dev/null
+++ b/policy-pe/Dockerfile
@@ -0,0 +1,13 @@
+FROM ecomp-nexus:51220/policy/policy-base
+
+RUN mkdir -p /opt/app/policy /tmp/policy-install && chown policy /opt/app/policy /tmp/policy-install
+
+WORKDIR /tmp/policy-install
+
+COPY install.zip docker-install.sh do-start.sh wait-for-port.sh ./
+RUN unzip install.zip && rm install.zip && chown policy * && chmod +x *.sh
+
+USER policy
+
+ENTRYPOINT [ "bash", "./do-start.sh" ]
+
diff --git a/policy-pe/do-start.sh b/policy-pe/do-start.sh
new file mode 100644
index 00000000..8bdb8bc9
--- /dev/null
+++ b/policy-pe/do-start.sh
@@ -0,0 +1,97 @@
+#!/bin/bash
+
+# Script to configure and start the Policy components that are to run in the designated container,
+# It is intended to be used as the entrypoint in the Dockerfile, so the last statement of the
+# script just goes into a long sleep so that the script does not exit (which would cause the
+# container to be torn down).
+
+container=$1
+
+case $container in
+pap)
+ comps="base pap paplp console mysql"
+ ;;
+pdp)
+ comps="base pdp pdplp"
+ ;;
+pypdp)
+ comps="base pypdp"
+ ;;
+brmsgw)
+ comps="base brmsgw"
+ ;;
+*)
+ echo "Usage: do-start.sh pap|pdp|pypdp|brmsgw" >&2
+ exit 1
+esac
+
+
+# skip installation if build.info file is present (restarting an existing container)
+if [[ -f /opt/app/policy/etc/build.info ]]; then
+ echo "Found existing installation, will not reinstall"
+ . /opt/app/policy/etc/profile.d/env.sh
+
+else
+ if [[ -d config ]]; then
+ cp config/*.conf .
+ fi
+
+ for comp in $comps; do
+ echo "Installing component: $comp"
+ ./docker-install.sh --install $comp
+ done
+ for comp in $comps; do
+ echo "Configuring component: $comp"
+ ./docker-install.sh --configure $comp
+ done
+
+ . /opt/app/policy/etc/profile.d/env.sh
+
+ # install keystore
+ #changed to use http instead of http, so keystore no longer needed
+ #cp config/policy-keystore.jks $POLICY_HOME/etc/ssl/policy-keystore
+
+ if [[ -f config/$container-tweaks.sh ]] ; then
+ # file may not be executable; running it as an
+ # argument to bash avoids needing execute perms.
+ bash config/$container-tweaks.sh
+ fi
+
+ if [[ $container == pap ]]; then
+ # wait for DB up
+ ./wait-for-port.sh mariadb 3306
+ # now that DB is up, invoke database upgrade
+ # (which does nothing if the db is already up-to-date)
+ dbuser=$(echo $(grep '^JDBC_USER=' base.conf | cut -f2 -d=))
+ dbpw=$(echo $(grep '^JDBC_PASSWORD=' base.conf | cut -f2 -d=))
+ db_upgrade_remote.sh $dbuser $dbpw mariadb
+ fi
+
+fi
+
+# pap needs to wait for mariadb up before starting;
+# others need to wait for pap up (in case it had to do db upgrade)
+if [[ $container == pap ]]; then
+ # we may have already done this above, but doesn't hurt to repeat
+ ./wait-for-port.sh mariadb 3306
+else
+ ./wait-for-port.sh pap 9091
+fi
+
+policy.sh start
+
+# on pap, wait for pap, pdp, pypdp, brmsgw, and nexus up,
+# then push the initial default policies
+if [[ $container == pap ]]; then
+ ./wait-for-port.sh pap 9091
+ ./wait-for-port.sh pdp 8081
+ ./wait-for-port.sh pypdp 8480
+ # brmsgw doesn't have a REST API, so check for JMX port instead
+ ./wait-for-port.sh brmsgw 9989
+ ./wait-for-port.sh nexus 8081
+ # wait addional 1 minute for all processes to get fully initialized and synched up
+ sleep 60
+ bash config/push-policies.sh
+fi
+
+sleep 1000d
diff --git a/policy-pe/docker-install.sh b/policy-pe/docker-install.sh
new file mode 100644
index 00000000..d85e3592
--- /dev/null
+++ b/policy-pe/docker-install.sh
@@ -0,0 +1,674 @@
+#!/bin/bash
+
+#########################################################################
+##
+## Functions
+##
+#########################################################################
+
+function usage() {
+ echo -n "syntax: $(basename $0) "
+ echo -n "--debug ("
+ echo -n "[--install base|pap|pdp|pypdp|console|mysql|brmsgw|paplp|pdplp] | "
+ echo -n "[--configure base|pap|pdp|pypdp|console|mysql|brmsgw|paplp|pdplp] | "
+}
+
+function check_java() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ TARGET_JAVA_VERSION=$1
+
+ if [[ -z ${JAVA_HOME} ]]; then
+ echo "error: ${JAVA_HOME} is not set"
+ return 1
+ fi
+
+ if ! check_x_file "${JAVA_HOME}/bin/java"; then
+ echo "error: ${JAVA_HOME}/bin/java is not accessible"
+ return 1
+ fi
+
+ INSTALLED_JAVA_VERSION=$("${JAVA_HOME}/bin/java" -version 2>&1 | awk -F '"' '/version/ {print $2}')
+ if [[ -z $INSTALLED_JAVA_VERSION ]]; then
+ echo "error: ${JAVA_HOME}/bin/java is invalid"
+ return 1
+ fi
+
+ if [[ "${INSTALLED_JAVA_VERSION}" != ${TARGET_JAVA_VERSION}* ]]; then
+ echo "error: java version (${INSTALLED_JAVA_VERSION}) does not"\
+ "march desired version ${TARGET_JAVA_VERSION}"
+ return 1
+ fi
+
+ echo "OK: java ${INSTALLED_JAVA_VERSION} installed"
+
+}
+
+function process_configuration() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ CONF_FILE=$1
+ while read line || [ -n "${line}" ]; do
+ if [[ -n ${line} ]] && [[ ${line} != \#* ]]; then
+ name=$(echo "${line%%=*}")
+ value=$(echo "${line#*=}")
+ # escape ampersand so that sed does not replace it with the search string
+ value=${value//&/\\&}
+ if [[ -z ${name} ]] || [[ -z $value ]]; then
+ echo "WARNING: ${line} missing name or value"
+ fi
+ export ${name}="${value}"
+ eval "${name}" "${value}" 2> /dev/null
+ fi
+ done < "${CONF_FILE}"
+ return 0
+}
+
+function component_preconfigure() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ /bin/sed -i -e 's!${{POLICY_HOME}}!'"${POLICY_HOME}!g" \
+ -e 's!${{FQDN}}!'"${FQDN}!g" \
+ *.conf > /dev/null 2>&1
+}
+
+function tomcat_component() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ TOMCAT_TARGET_INSTALL_DIR=${POLICY_HOME}/servers/${COMPONENT_TYPE}
+ if [[ -d ${TOMCAT_TARGET_INSTALL_DIR} ]]; then
+ echo "error: ${TOMCAT_TARGET_INSTALL_DIR} exists."
+ return 1
+ fi
+
+ TOMCAT_INSTALL_DIR=${POLICY_HOME}/install/3rdparty/${TOMCAT_PACKAGE_NAME}/
+ if [[ -d ${TOMCAT_INSTALL_DIR} ]]; then
+ echo "error: ${TOMCAT_INSTALL_DIR} exists."
+ return 1
+ fi
+
+ tar -C "${POLICY_HOME}/servers" -xf "${POLICY_HOME}/install/3rdparty/${TOMCAT_PACKAGE_NAME}.tar.gz"
+
+ mv "${POLICY_HOME}/servers/${TOMCAT_PACKAGE_NAME}" "${POLICY_HOME}/servers/${COMPONENT_TYPE}/"
+ /bin/cp "${POLICY_HOME}"/install/servers/common/tomcat/bin/* "${POLICY_HOME}/servers/${COMPONENT_TYPE}/bin"
+ /bin/cp "${POLICY_HOME}"/install/servers/common/tomcat/conf/* "${POLICY_HOME}/servers/${COMPONENT_TYPE}/conf"
+
+ /bin/cp "${POLICY_HOME}/install/servers/common/tomcat/init.d/tomcatd" "${POLICY_HOME}/etc/init.d/${COMPONENT_TYPE}"
+ /bin/sed -i -e "s!\${{COMPONENT_TYPE}}!${COMPONENT_TYPE}!g" "${POLICY_HOME}/etc/init.d/${COMPONENT_TYPE}" >/dev/null 2>&1
+
+
+ /bin/cp -fr "${POLICY_HOME}"/install/servers/${COMPONENT_TYPE}/webapps/* "${POLICY_HOME}/servers/${COMPONENT_TYPE}/webapps"
+ /bin/cp -fr "${POLICY_HOME}"/install/servers/${COMPONENT_TYPE}/bin/* "${POLICY_HOME}/servers/${COMPONENT_TYPE}/bin" >/dev/null 2>&1
+ /bin/cp -fr "${POLICY_HOME}"/install/servers/${COMPONENT_TYPE}/conf/* "${POLICY_HOME}/servers/${COMPONENT_TYPE}/conf" >/dev/null 2>&1
+
+ /bin/rm -fr "${POLICY_HOME}/servers/${COMPONENT_TYPE}/webapps/docs" \
+ "${POLICY_HOME}/servers/${COMPONENT_TYPE}/webapps/examples" \
+ "${POLICY_HOME}/servers/${COMPONENT_TYPE}/webapps/ROOT" \
+ "${POLICY_HOME}/servers/${COMPONENT_TYPE}/webapps/manager" \
+ "${POLICY_HOME}/servers/${COMPONENT_TYPE}/webapps/host-manager"
+
+ if [[ ${COMPONENT_TYPE} == console ]]; then
+ install_ecomp_portal_settings
+ fi
+
+ return 0
+}
+
+function configure_tomcat_component() {
+ configure_component "${COMPONENT_TYPE}.conf" "${POLICY_HOME}/servers/${COMPONENT_TYPE}/"
+}
+
+function configure_component() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ if ! process_configuration "${COMPONENT_TYPE}.conf"; then
+ echo "error: aborting ${COMPONENT_TYPE} installation: cannot process configuration ${COMPONENT_TYPE}.conf"
+ exit 1
+ fi
+
+ CONF_FILE=$1
+ COMPONENT_ROOT_DIR=$2
+
+ SED_LINE="sed -i"
+ SED_LINE+=" -e 's!\${{POLICY_HOME}}!${POLICY_HOME}!g' "
+ SED_LINE+=" -e 's!\${{POLICY_USER}}!${POLICY_USER}!g' "
+ SED_LINE+=" -e 's!\${{POLICY_GROUP}}!${POLICY_GROUP}!g' "
+ SED_LINE+=" -e 's!\${{KEYSTORE_PASSWD}}!${KEYSTORE_PASSWD}!g' "
+ SED_LINE+=" -e 's!\${{JAVA_HOME}}!${JAVA_HOME}!g' "
+ SED_LINE+=" -e 's!\${{COMPONENT_TYPE}}!${COMPONENT_TYPE}!g' "
+
+ while read line || [ -n "${line}" ]; do
+ if [[ -n $line ]] && [[ $line != \#* ]]; then
+ name=$(echo "${line%%=*}")
+ value=$(echo "${line#*=}")
+ # escape ampersand so that sed does not replace it with the search string
+ value=${value//&/\\&}
+ if [[ -z ${name} ]] || [[ -z ${value} ]]; then
+ echo "WARNING: ${line} missing name or value"
+ fi
+ SED_LINE+=" -e 's!\${{${name}}}!${value}!g' "
+
+ fi
+ done < "$CONF_FILE"
+
+ SED_FILES=""
+ for sed_file in $(find "${COMPONENT_ROOT_DIR}" -name '*.xml' -o -name '*.sh' -o -name '*.properties' -o -name '*.conf' -o -name '*.cfg' -o -name '*.template' -o -name '*.conf' -o -name '*.cron' -o -name '*.json' | grep -v /backup/); do
+ if fgrep -l '${{' ${sed_file} > /dev/null 2>&1; then
+ SED_FILES+="${sed_file} "
+ fi
+ done
+
+ if [[ -f $HOME/.m2/settings.xml ]]; then
+ SED_FILES+="$HOME/.m2/settings.xml "
+ fi
+
+
+ if [[ -z ${SED_FILES} ]]; then
+ echo "WARNING: no xml, sh, properties, or conf files to perform configuration expansion"
+ else
+ SED_LINE+=${SED_FILES}
+ eval "${SED_LINE}"
+ fi
+
+ list_unexpanded_files ${POLICY_HOME}
+}
+
+function install_ecomp_portal_settings() {
+ echo "Install ecomp portal settings"
+
+ # unpack ecomp war file
+ mkdir -p "${POLICY_HOME}"/servers/console/webapps/ecomp
+ cd "${POLICY_HOME}"/servers/console/webapps/ecomp
+ unzip -q ../ecomp.war
+ cd ${INSTALL_DIR}
+
+ # copy over the configured settings
+ /bin/cp -fr "${POLICY_HOME}"/install/servers/ecomp/* "${POLICY_HOME}/servers/console/webapps/ecomp"
+}
+
+function check_r_file() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ FILE=$1
+ if [[ ! -f ${FILE} || ! -r ${FILE} ]]; then
+ return 1
+ fi
+
+ return 0
+}
+
+function check_x_file() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ FILE=$1
+ if [[ ! -f ${FILE} || ! -x ${FILE} ]]; then
+ return 1
+ fi
+
+ return 0
+}
+
+function install_prereqs() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ CONF_FILE=$1
+
+ if ! check_r_file "${CONF_FILE}"; then
+ echo "error: aborting ${COMPONENT_TYPE} installation: ${CONF_FILE} is not accessible"
+ exit 1
+ fi
+
+ if ! process_configuration "${CONF_FILE}"; then
+ echo "error: aborting ${COMPONENT_TYPE} installation: cannot process configuration ${CONF_FILE}"
+ exit 1
+ fi
+
+# if ! check_java "1.8"; then
+# echo "error: aborting ${COMPONENT_TYPE} installation: invalid java version"
+# exit 1
+# fi
+
+ if [[ -z ${POLICY_HOME} ]]; then
+ echo "error: aborting ${COMPONENT_TYPE} installation: ${POLICY_HOME} is not set"
+ exit 1
+ fi
+
+ HOME_OWNER=$(ls -ld "${POLICY_HOME}" | awk '{print $3}')
+ if [[ ${HOME_OWNER} != ${POLICY_USER} ]]; then
+ echo "error: aborting ${COMPONENT_TYPE} installation: ${POLICY_USER} does not own ${POLICY_HOME} directory"
+ exit 1
+ fi
+
+ echo -n "Starting ${OPERATION} of ${COMPONENT_TYPE} under ${POLICY_USER}:${POLICY_GROUP} "
+ echo "ownership with umask $(umask)."
+}
+
+function list_unexpanded_files() {
+ ROOT_DIR=$1
+ SEARCH_LIST=$(find ${ROOT_DIR} -type f -name '*.properties' -o -name '*.sh' -o -name '*.conf' -o -name '*.yml' -o -name '*.template' -o -name '*.xml' -o -name '*.cfg' -o -name '*.json' -o -path "${ROOT_DIR}/etc/init.d/*" | egrep -v '/m2/|/install/|/logs/')
+ NOT_EXPANDED_BASE_FILES=$(grep -l '${{' ${SEARCH_LIST} 2> /dev/null)
+ if [[ -n ${NOT_EXPANDED_BASE_FILES} ]]; then
+ echo "error: component installation has completed but some base files have not been expanded:"
+ echo "${NOT_EXPANDED_BASE_FILES}"
+ return 1
+ fi
+ return 0
+}
+
+function install_base() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ install_prereqs "${BASE_CONF}"
+
+ if [[ -z ${POLICY_HOME} ]]; then
+ echo "error: ${POLICY_HOME} is not set"
+ exit 1
+ fi
+
+ POLICY_HOME_CONTENTS=$(ls -A "${POLICY_HOME}" 2> /dev/null)
+ if [[ -n ${POLICY_HOME_CONTENTS} ]]; then
+ echo "error: aborting base installation: ${POLICY_HOME} directory is not empty"
+ exit 1
+ fi
+
+ if [[ ! -d ${POLICY_HOME} ]]; then
+ echo "error: aborting base installation: ${POLICY_HOME} is not a directory."
+ exit 1
+ fi
+
+ if ! /bin/mkdir -p "${POLICY_HOME}/servers/" > /dev/null 2>&1; then
+ echo "error: aborting base installation: cannot create ${POLICY_HOME}/servers/"
+ exit 1
+ fi
+
+ if ! /bin/mkdir -p "${POLICY_HOME}/logs/" > /dev/null 2>&1; then
+ echo "error: aborting base installation: cannot create ${POLICY_HOME}/logs/"
+ exit 1
+ fi
+
+ BASE_TGZ=$(ls base-*.tar.gz)
+ if [ ! -r ${BASE_TGZ} ]; then
+ echo "error: aborting base installation: ${POLICY_USER} cannot access tar file: ${BASE_TGZ}"
+ exit 1
+ fi
+
+ tar -tzf ${BASE_TGZ} > /dev/null 2>&1
+ if [[ $? != 0 ]]; then
+ echo >&2 "error: aborting base installation: invalid base package tar file: ${BASE_TGZ}"
+ exit 1
+ fi
+
+ BASH_PROFILE_LINE=". ${POLICY_HOME}/etc/profile.d/env.sh"
+ PROFILE_LINE="ps -p \$\$ | grep -q bash || . ${POLICY_HOME}/etc/profile.d/env.sh"
+
+ tar -C ${POLICY_HOME} -xf ${BASE_TGZ} --no-same-owner
+ if [[ $? != 0 ]]; then
+ # this should not happened
+ echo "error: aborting base installation: base package cannot be unpacked: ${BASE_TGZ}"
+ exit 1
+ fi
+
+ /bin/mkdir -p ${POLICY_HOME}/etc/ssl > /dev/null 2>&1
+ /bin/mkdir -p ${POLICY_HOME}/etc/init.d > /dev/null 2>&1
+ /bin/mkdir -p ${POLICY_HOME}/tmp > /dev/null 2>&1
+ /bin/mkdir -p ${POLICY_HOME}/var > /dev/null 2>&1
+
+ #list_unexpanded_files ${POLICY_HOME}
+}
+
+
+function configure_base() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ # check if fqdn is set in base.conf and use that value if set
+ if [[ -z ${INSTALL_FQDN} ]]
+ then
+ echo "FQDN not set in config...using the default FQDN ${FQDN}"
+ else
+ echo "Using FQDN ${INSTALL_FQDN} from config"
+ FQDN=${INSTALL_FQDN}
+ fi
+
+ configure_component "${BASE_CONF}" "${POLICY_HOME}"
+
+ BASH_PROFILE_LINE=". ${POLICY_HOME}/etc/profile.d/env.sh"
+ PROFILE_LINE="ps -p \$\$ | grep -q bash || . ${POLICY_HOME}/etc/profile.d/env.sh"
+
+ if ! fgrep -x "${BASH_PROFILE_LINE}" "${HOME}/.bash_profile" >/dev/null 2>&1; then
+ echo "${BASH_PROFILE_LINE}" >> "${HOME}/.bash_profile"
+ fi
+
+ if ! fgrep -x "${PROFILE_LINE}" "${HOME}/.profile" >/dev/null 2>&1; then
+ echo "${PROFILE_LINE}" >> "${HOME}/.profile"
+ fi
+}
+
+function install_tomcat_component() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ install_prereqs "${BASE_CONF}"
+
+ if ! process_configuration "${COMPONENT_TYPE}.conf"; then
+ echo "error: aborting ${COMPONENT_TYPE} installation: cannot process configuration ${COMPONENT_TYPE}.conf"
+ exit 1
+ fi
+
+ if ! tomcat_component; then
+ echo "error: aborting ${COMPONENT_TYPE} installation: tomcat installation failed."
+ exit 1
+ fi
+
+}
+
+# This function installs mysql related shell scripts and sql files in the proper locations
+# under $POLICY_HOME. It also adds the MySQL client bin to the PATH based on configuration.
+#
+function install_mysql() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ install_prereqs "${BASE_CONF}"
+
+ if ! process_configuration "${COMPONENT_TYPE}.conf"; then
+ echo "error: aborting ${COMPONENT_TYPE} installation: cannot process configuration ${COMPONENT_TYPE}.conf"
+ exit 1
+ fi
+
+ MYSQL_DATA_PATH=${POLICY_HOME}/data/mysql
+ /bin/mkdir -p ${MYSQL_DATA_PATH} > /dev/null 2>&1
+
+ /bin/cp -f "${POLICY_HOME}"/install/mysql/data/* "${MYSQL_DATA_PATH}"
+ /bin/chmod 555 "${MYSQL_DATA_PATH}"/*
+
+ MYSQL_BIN_SOURCE=${POLICY_HOME}/install/mysql/bin
+ /bin/mkdir -p ${POLICY_HOME}/bin > /dev/null 2>&1
+ for script in $(/bin/ls "${MYSQL_BIN_SOURCE}"); do
+ /bin/cp ${MYSQL_BIN_SOURCE}/${script} ${POLICY_HOME}/bin
+ /bin/chmod 555 "${POLICY_HOME}/bin/${script}"
+ done
+}
+
+function configure_mysql() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ # nothing to do
+}
+
+# This function installs brmsgw related shell scripts and config files in the proper
+# locations under $POLICY_HOME.
+#
+
+function install_brmsgw() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ install_prereqs "${BASE_CONF}"
+
+ if ! process_configuration "${COMPONENT_TYPE}.conf"; then
+ echo "error: aborting ${COMPONENT_TYPE} installation: cannot process configuration ${COMPONENT_TYPE}.conf"
+ exit 1
+ fi
+
+ if [ -z "$M2_HOME" ]; then
+ echo "error: aborting ${COMPONENT_TYPE} installation: M2_HOME must be set in brmsgw.conf"
+ exit 1
+ fi
+
+ echo "export M2_HOME=$M2_HOME" >>$POLICY_HOME/etc/profile.d/env.sh
+
+ /bin/cp -f "${POLICY_HOME}/install/servers/brmsgw/init.d/brmsgw" "${POLICY_HOME}/etc/init.d/brmsgw"
+
+ if ! /bin/mkdir -p "${POLICY_HOME}/servers/${COMPONENT_TYPE}" > /dev/null 2>&1; then
+ echo "error: aborting base installation: cannot create ${POLICY_HOME}/servers/${COMPONENT_TYPE}"
+ exit 1
+ fi
+
+ /bin/cp -fr "${POLICY_HOME}"/install/servers/${COMPONENT_TYPE}/BRMSGateway.jar "${POLICY_HOME}/servers/${COMPONENT_TYPE}"
+ /bin/cp -fr "${POLICY_HOME}"/install/servers/${COMPONENT_TYPE}/*.properties "${POLICY_HOME}/servers/${COMPONENT_TYPE}"
+ /bin/cp -fr "${POLICY_HOME}"/install/servers/${COMPONENT_TYPE}/config "${POLICY_HOME}/servers/${COMPONENT_TYPE}"
+
+ /bin/mv $POLICY_HOME/m2 $HOME/.m2
+
+ return 0
+}
+
+
+function install_logparser() {
+ if [[ $DEBUG == y ]]; then
+ echo "-- ${FUNCNAME[0]} $@ --"
+ set -x
+ fi
+
+ install_prereqs "${BASE_CONF}"
+
+ if ! process_configuration "${COMPONENT_TYPE}.conf"; then
+ echo "error: aborting ${COMPONENT_TYPE} installation: cannot process configuration ${COMPONENT_TYPE}.conf"
+ exit 1
+ fi
+
+ LP_TARGET_DIR=${POLICY_HOME}/servers/${COMPONENT_TYPE}
+ /bin/mkdir -p ${LP_TARGET_DIR}/bin > /dev/null 2>&1
+ /bin/mkdir -p ${LP_TARGET_DIR}/logs > /dev/null 2>&1
+
+ # copy binaries, initialization script and configuration
+ /bin/cp "${POLICY_HOME}"/install/servers/common/logparser/bin/*jar "${LP_TARGET_DIR}/bin"
+ /bin/cp "${POLICY_HOME}/install/servers/common/logparser/init.d/logparserd" "${POLICY_HOME}/etc/init.d/${COMPONENT_TYPE}"
+ /bin/cp "${POLICY_HOME}/install/servers/${COMPONENT_TYPE}/bin/parserlog.properties" "${LP_TARGET_DIR}/bin"
+ /bin/cp -fr "${POLICY_HOME}"/install/servers/${COMPONENT_TYPE}/bin/config "${POLICY_HOME}/servers/${COMPONENT_TYPE}/bin"
+
+}
+
+#########################################################################
+##
+## script execution body
+##
+#########################################################################
+
+
+OPERATION=none
+COMPONENT_TYPE=none
+DEBUG=n
+
+BASE_CONF=base.conf
+
+TOMCAT_PACKAGE_NAME=apache-tomcat-8.0.23
+
+INSTALL_DIR="$(pwd)"
+
+export POLICY_USER=$(/usr/bin/id -un)
+
+# command line options parsing
+until [[ -z "$1" ]]; do
+ case $1 in
+ -d|--debug) DEBUG=y
+ set -x
+ ;;
+ -i|--install) OPERATION=install
+ shift
+ COMPONENT_TYPE=$1
+ ;;
+ -c|--configure) OPERATION=configure
+ shift
+ COMPONENT_TYPE=$1
+ ;;
+ *) usage
+ exit 1
+ ;;
+ esac
+ shift
+done
+
+# component-type validation
+case $COMPONENT_TYPE in
+ base) ;;
+ pypdp) ;;
+ pdp) ;;
+ pap) ;;
+ console) ;;
+ mysql) ;;
+ brmsgw) ;;
+ paplp) ;;
+ pdplp) ;;
+ skip) ;;
+ *) echo "invalid component type (${COMPONENT_TYPE}): must be in {base|pypdp|pdp|pap|console|mysql|brmsgw|paplp|pdplp}";
+ usage
+ exit 1
+ ;;
+esac
+
+# operation validation
+case $OPERATION in
+ install|configure) ;;
+ *) echo "invalid operation (${OPERATION}): must be in {install|configure}";
+ usage
+ exit 1
+ ;;
+esac
+
+if [[ -n ${POLICY_GROUP} ]]; then
+ groups=$(groups)
+ if ! echo ${groups} | grep -qP "\b${POLICY_GROUP}"; then
+ echo "error: ${POLICY_GROUP} is not a valid group for account ${POLICY_USER}"
+ exit 1
+ fi
+fi
+
+if [[ -z ${POLICY_GROUP} ]]; then
+ numGroups=$(groups | sed "s/^.*: *//g" | wc -w)
+ if [ ${numGroups} -eq 1 ]; then
+ export POLICY_GROUP=$(groups ${POLICY_USER} | sed "s/^.*: *//g")
+ else
+ echo "error: ${POLICY_USER} belongs to multiple groups, one group \
+ must be provided for the installation"
+ usage
+ exit 1
+ fi
+fi
+
+if [[ -z ${POLICY_GROUP} ]]; then
+ echo "error: installation of root section must not provide the \
+ installation group owner argument."
+ usage
+ exit 1
+fi
+
+FQDN=$(hostname -f 2> /dev/null)
+if [[ $? != 0 || -z ${FQDN} ]]; then
+ echo "error: cannot determine the FQDN for this host $(hostname)."
+ exit 1
+fi
+
+if [[ ${OPERATION} == install ]]; then
+ case $COMPONENT_TYPE in
+ base)
+ install_base
+ ;;
+ pypdp)
+ install_tomcat_component
+ ;;
+ pdp)
+ install_tomcat_component
+ ;;
+ pap)
+ install_tomcat_component
+ ;;
+ console)
+ install_tomcat_component
+ ;;
+ mysql)
+ install_mysql
+ ;;
+ brmsgw)
+ install_brmsgw
+ ;;
+ paplp|pdplp)
+ install_logparser
+ ;;
+ *)
+ echo "invalid component type (${COMPONENT_TYPE}): must be in {base|pypdp|pdp|pap|console|mysql|brmsgw|paplp|pdplp}";
+ usage
+ exit 1
+ ;;
+ esac
+fi
+if [[ ${OPERATION} == configure ]]; then
+
+ install_prereqs "${BASE_CONF}"
+
+ case $COMPONENT_TYPE in
+ base)
+ configure_base
+ component_preconfigure
+ ;;
+ pypdp)
+ configure_component "${COMPONENT_TYPE}.conf" "${POLICY_HOME}/servers/${COMPONENT_TYPE}/"
+ ;;
+ pdp)
+ configure_component "${COMPONENT_TYPE}.conf" "${POLICY_HOME}/servers/${COMPONENT_TYPE}/"
+ ;;
+ pap)
+ configure_component "${COMPONENT_TYPE}.conf" "${POLICY_HOME}/servers/${COMPONENT_TYPE}/"
+ ;;
+ console)
+ configure_component "${COMPONENT_TYPE}.conf" "${POLICY_HOME}/servers/${COMPONENT_TYPE}/"
+ ;;
+ mysql)
+ configure_mysql
+ ;;
+ brmsgw)
+ configure_component "${COMPONENT_TYPE}.conf" "${POLICY_HOME}/servers/${COMPONENT_TYPE}/"
+ ;;
+ paplp|pdplp)
+ configure_component "${COMPONENT_TYPE}.conf" "${POLICY_HOME}/servers/${COMPONENT_TYPE}/"
+ ;;
+ *)
+ echo "invalid component type (${COMPONENT_TYPE}): must be in {base|pypdp|pdp|pap|console|mysql|brmsgw|paplp|pdplp}";
+ usage
+ exit 1
+ ;;
+ esac
+fi
+
+
+echo -n "Successful ${OPERATION} of ${COMPONENT_TYPE} under ${POLICY_USER}:${POLICY_GROUP} "
+echo "ownership with umask $(umask)."
diff --git a/policy-pe/wait-for-port.sh b/policy-pe/wait-for-port.sh
new file mode 100644
index 00000000..10f08ded
--- /dev/null
+++ b/policy-pe/wait-for-port.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+if [[ $# -ne 2 ]]; then
+ echo "Usage: wait-for-port hostname port" >&2
+ exit 1
+fi
+
+host=$1
+port=$2
+
+echo "Waiting for $host port $port open"
+until telnet $host $port </dev/null 2>/dev/null | grep -q '^Connected'; do
+ sleep 1
+done
+
+echo "$host port $port is open"
+
+exit 0
diff --git a/pom.xml b/pom.xml
new file mode 100644
index 00000000..d04d0c64
--- /dev/null
+++ b/pom.xml
@@ -0,0 +1,109 @@
+<!--
+ ============LICENSE_START=======================================================
+ ECOMP Policy Engine - Docker files
+ ================================================================================
+ Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+ -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+ <modelVersion>4.0.0</modelVersion>
+
+
+ <groupId>org.openecomp.policy.docker</groupId>
+ <artifactId>docker</artifactId>
+ <version>1.0.0-SNAPSHOT</version>
+ <packaging>pom</packaging>
+ <name>Docker build</name>
+ <description>OpenECOMP Policy Docker Build</description>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-dependency-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>copy-pe-zip</id>
+ <phase>prepare-package</phase>
+ <goals>
+ <goal>copy</goal>
+ </goals>
+ <configuration>
+ <outputDirectory>${project.build.directory}/policy-pe</outputDirectory>
+ <overWriteReleases>false</overWriteReleases>
+ <overWriteSnapshots>true</overWriteSnapshots>
+ <artifactItems>
+ <artifactItem>
+ <groupId>org.openecomp.policy.engine</groupId>
+ <artifactId>install</artifactId>
+ <version>${project.version}</version>
+ <type>zip</type>
+ <destFileName>install.zip</destFileName>
+ </artifactItem>
+ </artifactItems>
+ </configuration>
+ </execution>
+ <execution>
+ <id>copy-drools-zip</id>
+ <phase>prepare-package</phase>
+ <goals>
+ <goal>copy</goal>
+ </goals>
+ <configuration>
+ <outputDirectory>${project.build.directory}/policy-drools</outputDirectory>
+ <overWriteReleases>false</overWriteReleases>
+ <overWriteSnapshots>true</overWriteSnapshots>
+ <artifactItems>
+ <artifactItem>
+ <groupId>org.openecomp.policy.drools-pdp</groupId>
+ <artifactId>install-drools</artifactId>
+ <version>${project.version}</version>
+ <type>zip</type>
+ <destFileName>install-drools.zip</destFileName>
+ </artifactItem>
+ </artifactItems>
+ </configuration>
+ </execution>
+ <execution>
+ <id>copy-apps-zip</id>
+ <phase>prepare-package</phase>
+ <goals>
+ <goal>copy</goal>
+ </goals>
+ <configuration>
+ <outputDirectory>${project.build.directory}/policy-drools</outputDirectory>
+ <overWriteReleases>false</overWriteReleases>
+ <overWriteSnapshots>true</overWriteSnapshots>
+ <artifactItems>
+ <artifactItem>
+ <groupId>org.openecomp.policy.drools-applications</groupId>
+ <artifactId>apps</artifactId>
+ <version>${project.version}</version>
+ <type>zip</type>
+ <destFileName>apps.zip</destFileName>
+ </artifactItem>
+ </artifactItems>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+
+ </plugins>
+ </build>
+
+</project>