diff options
| author |   jhh <jorge.hernandez-herrero@att.com> | 2020-02-16 19:23:31 -0600 |
|---|---|---|
| committer | jhh <jorge.hernandez-herrero@att.com> | 2020-02-16 19:23:31 -0600 |
| commit | 4cc7ec656d541c9d0c929e64c5e05b2b85da072f (patch) | |
| tree | 8114741d41d0432a75290598975d104691bbb0f4 /packages/docker/src | |
| parent | a5097dca9f0caf3f2098984c62402351845ebd6b (diff) | |
Native policies support in docker
Depends on https://gerrit.onap.org/r/#/c/policy/docker/+/101758/
for package cleanup.
The work is needed to run the PDP-D with no applications, native
policies may exercise this set up. This work provides a functional
image with a precooked installation.
This work will allow fixing and cleaning up of CSITs specific to
this repo which maintenance is problematic.
Issue-ID: POLICY-2181
Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
Change-Id: I62a1b9b556bd2f6c0c243062cb864dfed80e2bea
Diffstat (limited to 'packages/docker/src')
| -rw-r--r-- | packages/docker/src/main/docker/Dockerfile | 43 | ||||
| -rw-r--r-- | packages/docker/src/main/docker/do-start.sh | 99 | ||||
| -rw-r--r-- | packages/docker/src/main/docker/docker-install.sh | 800 | ||||
| -rw-r--r-- | packages/docker/src/main/docker/pdpd-entrypoint.sh | 259 | ||||
| -rw-r--r-- | packages/docker/src/main/docker/wait-for-port.sh | 37 |
5 files changed, 288 insertions, 950 deletions
diff --git a/packages/docker/src/main/docker/Dockerfile b/packages/docker/src/main/docker/Dockerfile index 78c927a8..4c94ead2 100644 --- a/packages/docker/src/main/docker/Dockerfile +++ b/packages/docker/src/main/docker/Dockerfile @@ -22,29 +22,44 @@ ENV http_proxy $http_proxy RUN apt-get update \ && apt-get install -y \ + httpie \ + python3 python3-pip \ mariadb-client \ - file \ - bash-completion \ - vim \ + file bash-completion \ + net-tools sudo \ + && update-alternatives --install /usr/bin/python python /usr/bin/python3 0 \ + && adduser policy sudo \ + && echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers \ && pip install http-prompt RUN mkdir -p $POLICY_CONFIG $POLICY_LOGS $POLICY_INSTALL_INIT && \ - chown -R policy:policy $POLICY_HOME $POLICY_LOGS $POLICY_INSTALL && \ - rmdir $POLICY_HOME/etc/ssl && \ - rmdir $POLICY_HOME/etc + chown -R policy:policy $POLICY_HOME $POLICY_LOGS $POLICY_INSTALL -WORKDIR $POLICY_INSTALL -COPY /maven/install-drools.zip docker-install.sh do-start.sh wait-for-port.sh ./ +COPY --chown=policy:policy /maven/install-drools.zip pdpd-entrypoint.sh $POLICY_INSTALL/ -VOLUME [ "$POLICY_INSTALL_INIT" ] +WORKDIR $POLICY_INSTALL +USER policy:policy +SHELL ["/bin/bash", "-c"] RUN unzip -o install-drools.zip && \ rm install-drools.zip && \ chown -R policy:policy * && \ - chmod +x *.sh + mkdir -p $POLICY_HOME/logs $POLICY_HOME/config $HOME/.m2 && \ + tar -C $POLICY_HOME -xvf base-${BUILD_VERSION_DROOLS}.tar.gz --no-same-owner && \ + unzip policy-management-${BUILD_VERSION_DROOLS}.zip -d $POLICY_HOME && \ + echo "source $POLICY_HOME/etc/profile.d/env.sh" >> "$HOME/.bashrc" && \ + mv pdpd-entrypoint.sh $POLICY_HOME/bin/ && \ + chmod 700 $POLICY_HOME/bin/* && \ + chmod 600 $POLICY_HOME/config/* && \ + rm -f $POLICY_INSTALL/*.conf && \ + . $POLICY_HOME/etc/profile.d/env.sh && \ + $POLICY_HOME/bin/features install healthcheck distributed-locking lifecycle && \ + $POLICY_HOME/bin/features enable lifecycle && \ + find $HOME/.m2/ -name _maven.repositories -exec rm -v {} \; && \ + find $HOME/.m2/ -name _remote.repositories -exec rm -v {} \; && \ + rm $POLICY_INSTALL/policy-management-${BUILD_VERSION_DROOLS}.zip \ + $POLICY_INSTALL/base-${BUILD_VERSION_DROOLS}.tar.gz 2> /dev/null EXPOSE 9696 6969 - -USER policy - -CMD ./do-start.sh +ENTRYPOINT ["/opt/app/policy/bin/pdpd-entrypoint.sh"] +CMD ["boot"] diff --git a/packages/docker/src/main/docker/do-start.sh b/packages/docker/src/main/docker/do-start.sh deleted file mode 100644 index d565965c..00000000 --- a/packages/docker/src/main/docker/do-start.sh +++ /dev/null @@ -1,99 +0,0 @@ -#!/bin/bash -### -# ============LICENSE_START======================================================= -# ONAP -# ================================================================================ -# Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright (C) 2020 Nordix Foundation. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -### - -echo "installing .." - -# replace conf files from installer with environment-specific files -# mounted from the hosting VM - -if [[ -d config ]]; then - cp config/*.conf . -fi - -if [[ -f config/drools-preinstall.sh ]] ; then - echo "found preinstallation script" - bash config/drools-preinstall.sh -fi - -# remove broken symbolic links if any in data directory -if [[ -d ${POLICY_HOME}/config ]]; then - echo "removing dangling symbolic links" - find -L ${POLICY_HOME}/config -type l -exec rm -- {} + -fi - -apps=$(ls config/apps*.zip 2> /dev/null) -for app in $apps -do - echo "Application found: ${app}" - unzip -o ${app} -done - -feats=$(ls config/feature*.zip 2> /dev/null) -for feat in $feats -do - echo "Feature found: ${feat}" - cp ${feat} . -done - -echo "docker install at ${PWD}" - -./docker-install.sh - -source ${POLICY_HOME}/etc/profile.d/env.sh - -# allow user to override the key or/and the trust stores - -if [[ -f config/policy-keystore ]]; then - cp -f config/policy-keystore ${POLICY_HOME}/etc/ssl -fi - -if [[ -f config/policy-truststore ]]; then - cp -f config/policy-truststore ${POLICY_HOME}/etc/ssl -fi - -if [[ -f config/logback.xml ]]; then - echo "overriding logback.xml" - cp -f config/logback.xml "${POLICY_HOME}"/config/ -fi - -# allow user to override all or some aaf configuration - -if [[ -f config/aaf.properties ]]; then - cp -f config/aaf.properties ${POLICY_HOME}/config/aaf.properties -fi - -if [[ -f config/aaf-cadi.keyfile ]]; then - cp -f config/aaf-cadi.keyfile ${POLICY_HOME}/config/aaf-cadi.keyfile -fi - -if [[ -f config/drools-tweaks.sh ]] ; then - echo "Executing tweaks" - # file may not be executable; running it as an - # argument to bash avoids needing execute perms. - bash config/drools-tweaks.sh -fi - -echo "Starting processes" - -policy start - -tail -f /dev/null diff --git a/packages/docker/src/main/docker/docker-install.sh b/packages/docker/src/main/docker/docker-install.sh deleted file mode 100644 index dfef59f3..00000000 --- a/packages/docker/src/main/docker/docker-install.sh +++ /dev/null @@ -1,800 +0,0 @@ -#!/bin/bash - -### -# ============LICENSE_START======================================================= -# Installation Package -# ================================================================================ -# Copyright (C) 2017-2020 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -### - -function JAVA_HOME() { - if [[ $DEBUG == y ]]; then - echo "-- ${FUNCNAME[0]} $@ --" - set -x - fi - - if [[ -z ${JAVA_HOME} ]]; then - echo "error: aborting installation: JAVA_HOME variable must be present in base.conf" - exit 1 - fi - - echo "JAVA_HOME is ${JAVA_HOME}" -} - -function POLICY_HOME() { - if [[ $DEBUG == y ]]; then - echo "-- ${FUNCNAME[0]} $@ --" - set -x - fi - - local POLICY_HOME_ABS - - if [[ -z ${POLICY_HOME} ]]; then - echo "error: aborting installation: the installation directory POLICY_HOME must be set" - exit 1 - fi - - POLICY_HOME_ABS=$(readlink -f "${POLICY_HOME}") - if [[ -n ${POLICY_HOME_ABS} ]]; then - export POLICY_HOME=${POLICY_HOME_ABS} - fi - - echo "POLICY_HOME is ${POLICY_HOME}" - - # Do not allow installations from within POLICY_HOME dir or sub-dirs - if [[ "$(pwd)/" == ${POLICY_HOME}/* ]]; then - echo "error: aborting installation: cannot be executed from '${POLICY_HOME}' or sub-directories. " - exit 1 - fi -} - -function process_configuration() { - if [[ $DEBUG == y ]]; then - echo "-- ${FUNCNAME[0]} $@ --" - set -x - fi - - local CONF_FILE name value - - CONF_FILE=$1 - while read line || [ -n "${line}" ]; do - if [[ -n ${line} ]] && [[ ${line} != *#* ]]; then - name=$(echo "${line%%=*}") - value=$(echo "${line#*=}") - # escape ampersand so that sed does not replace it with the search string - value=${value//&/\\&} - if [[ -z ${name} ]] || [[ -z $value ]]; then - echo "WARNING: ${line} missing name or value" - fi - export ${name}="${value}" - eval "${name}" "${value}" 2>/dev/null - fi - done <"${CONF_FILE}" - return 0 -} - -function component_preinstall() { - if [[ $DEBUG == y ]]; then - echo "-- ${FUNCNAME[0]} $@ --" - set -x - fi - - /bin/sed -i -e 's!${{POLICY_HOME}}!'"${POLICY_HOME}!g" \ - -e 's!${{FQDN}}!'"${FQDN}!g" \ - *.conf >/dev/null 2>&1 -} - -function configure_component() { - if [[ $DEBUG == y ]]; then - echo "-- ${FUNCNAME[0]} $@ --" - set -x - fi - - local CONF_FILE COMPONENT_ROOT_DIR SED_LINE SED_FILES name value - - CONF_FILE=$1 - COMPONENT_ROOT_DIR=$2 - - SED_LINE="sed -i" - SED_LINE+=" -e 's!\${{POLICY_HOME}}!${POLICY_HOME}!g' " - SED_LINE+=" -e 's!\${{POLICY_USER}}!${POLICY_USER}!g' " - SED_LINE+=" -e 's!\${{POLICY_GROUP}}!${POLICY_GROUP}!g' " - SED_LINE+=" -e 's!\${{KEYSTORE_PASSWD}}!${KEYSTORE_PASSWD}!g' " - SED_LINE+=" -e 's!\${{TRUSTSTORE_PASSWD}}!${TRUSTSTORE_PASSWD}!g' " - SED_LINE+=" -e 's!\${{JAVA_HOME}}!${JAVA_HOME}!g' " - - while read line || [ -n "${line}" ]; do - if [[ -n ${line} ]] && [[ ${line:0:1} != \# ]]; then - name=$(echo "${line%%=*}") - value=$(echo "${line#*=}") - # escape ampersand so that sed does not replace it with the search string - value=$(echo "${value}" | sed -e 's/[\/&]/\\&/g') - if [[ -z ${name} ]] || [[ -z ${value} ]]; then - echo "WARNING: ${line} missing name or value" - fi - SED_LINE+=" -e 's/\${{${name}}}/${value}/g' " - fi - done <"$CONF_FILE" - - SED_FILES="" - for sed_file in $(find "${COMPONENT_ROOT_DIR}" -type f -exec grep -Iq . {} \; -print 2>/dev/null); do - if fgrep -l '${{' ${sed_file} >/dev/null 2>&1; then - SED_FILES+="${sed_file} " - fi - done - - if [[ -z ${SED_FILES} ]]; then - echo "WARNING: no files to perform variable expansion" - else - SED_LINE+=${SED_FILES} - eval "${SED_LINE}" - fi -} - -function configure_settings() { - if [[ $DEBUG == y ]]; then - echo "-- ${FUNCNAME[0]} $@ --" - set -x - fi - - # The goal is to have repositories for both 'release' and 'snapshot' - # artifacts. These may either be remote (e.g. Nexus) repositories, or - # a local file-based repository. - local fileRepoID=file-repository - local fileRepoUrl=file:$HOME_M2/file-repository - mkdir -p "${fileRepoUrl#file:}" - - # The following parameters are also used outside of this function. - # if SNAPSHOT_REPOSITORY_URL and/or RELEASE_REPOSITORY_URL is defined, - # the corresponding ID and url will be updated below - releaseRepoID=${fileRepoID} - releaseRepoUrl=${fileRepoUrl} - snapshotRepoID=${fileRepoID} - snapshotRepoUrl=${fileRepoUrl} - - # if both SNAPSHOT_REPOSITORY_URL and RELEASE_REPOSITORY_URL are null, - # use standalone-settings.xml that just defines the file-based repo. - # if only one of them is specified, use file-based repo for the other. - - ${POLICY_HOME}/bin/configure-maven - - if [[ -n "${SNAPSHOT_REPOSITORY_URL}" ]]; then - snapshotRepoID=${SNAPSHOT_REPOSITORY_ID} - snapshotRepoUrl=${SNAPSHOT_REPOSITORY_URL} - fi - - if [[ -n "${RELEASE_REPOSITORY_URL}" ]]; then - releaseRepoID=${RELEASE_REPOSITORY_ID} - releaseRepoUrl=${RELEASE_REPOSITORY_URL} - fi -} - -function configure_keystore() { - if [[ $DEBUG == y ]]; then - echo "-- ${FUNCNAME[0]} $@ --" - set -x - fi - - local DEFAULT_TRUSTSTORE_PASSWORD='Pol1cy_0nap' - local DEFAULT_KEYSTORE_PASSWORD='Pol1cy_0nap' - - if [[ -n ${TRUSTSTORE_PASSWD} ]]; then - keytool -storepasswd -storepass "${DEFAULT_TRUSTSTORE_PASSWORD}" -keystore "${POLICY_HOME}/etc/ssl/policy-truststore" -new "${TRUSTSTORE_PASSWD}" - fi - - if [[ -n ${KEYSTORE_PASSWD} ]]; then - keytool -storepasswd -storepass "${DEFAULT_KEYSTORE_PASSWORD}" -keystore "${POLICY_HOME}/etc/ssl/policy-keystore" -new "${KEYSTORE_PASSWD}" - fi -} - -function check_r_file() { - if [[ $DEBUG == y ]]; then - echo "-- ${FUNCNAME[0]} $@ --" - set -x - fi - - FILE=$1 - if [[ ! -f ${FILE} || ! -r ${FILE} ]]; then - return 1 - fi - - return 0 -} - -function check_x_file() { - if [[ $DEBUG == y ]]; then - echo "-- ${FUNCNAME[0]} $@ --" - set -x - fi - - FILE=$1 - if [[ ! -f ${FILE} || ! -x ${FILE} ]]; then - return 1 - fi - - return 0 -} - -function install_prereqs() { - if [[ $DEBUG == y ]]; then - echo "-- ${FUNCNAME[0]} $@ --" - set -x - fi - - local CONF_FILE HOME_OWNER - - CONF_FILE=$1 - - if ! check_r_file "${CONF_FILE}"; then - echo "error: aborting ${COMPONENT_TYPE} installation: ${CONF_FILE} is not accessible" - exit 1 - fi - - if ! process_configuration "${CONF_FILE}"; then - echo "error: aborting ${COMPONENT_TYPE} installation: cannot process configuration ${CONF_FILE}" - exit 1 - fi - - if [[ -z ${POLICY_HOME} ]]; then - echo "error: aborting ${COMPONENT_TYPE} installation: ${POLICY_HOME} is not set" - exit 1 - fi - - HOME_OWNER=$(ls -ld "${POLICY_HOME}" | awk '{print $3}') - if [[ ${HOME_OWNER} != ${POLICY_USER} ]]; then - echo "error: aborting ${COMPONENT_TYPE} installation: ${POLICY_USER} does not own ${POLICY_HOME} directory" - exit 1 - fi - - echo -n "Starting ${OPERATION} of ${COMPONENT_TYPE} under ${POLICY_USER}:${POLICY_GROUP} " - echo "ownership with umask $(umask)." -} - -function configure_base() { - if [[ $DEBUG == y ]]; then - echo "-- ${FUNCNAME[0]} $@ --" - set -x - fi - - local BASH_PROFILE_LINE PROFILE_LINE - - # check if fqdn is set in base.conf and use that value if set - if [[ -z ${INSTALL_FQDN} ]]; then - echo "FQDN not set in config...using the default FQDN ${FQDN}" - else - echo "Using FQDN ${INSTALL_FQDN} from config" - FQDN=${INSTALL_FQDN} - fi - - configure_component "${BASE_CONF}" "${POLICY_HOME}" - - configure_settings - configure_keystore - - BASH_PROFILE_LINE=". ${POLICY_HOME}/etc/profile.d/env.sh" - PROFILE_LINE="ps -p \$\$ | grep -q bash || . ${POLICY_HOME}/etc/profile.d/env.sh" - - # Note: adding to .bashrc instead of .bash_profile - if ! fgrep -x "${BASH_PROFILE_LINE}" "${HOME}/.bashrc" >/dev/null 2>&1; then - echo "${BASH_PROFILE_LINE}" >>"${HOME}/.bashrc" - fi - - if ! fgrep -x "${PROFILE_LINE}" "${HOME}/.profile" >/dev/null 2>&1; then - echo "${PROFILE_LINE}" >>"${HOME}/.profile" - fi - - source "${POLICY_HOME}/etc/profile.d/env.sh" - - cat "${POLICY_HOME}"/etc/cron.d/* | crontab -} - -function install_base() { - if [[ $DEBUG == y ]]; then - echo "-- ${FUNCNAME[0]} $@ --" - set -x - fi - - local POLICY_HOME_CONTENTS BASE_TGZ BASEX_TGZ BASH_PROFILE_LINE - - install_prereqs "${BASE_CONF}" - - # following properties must be set: - # POLICY_HOME - installation directory, must exist and be writable - - # test that all required properties are set - for var in POLICY_HOME JAVA_HOME; do - if [[ -z $(eval echo \$$var) ]]; then - echo "ERROR: $var must be set in $BASE_CONF" - exit 1 - fi - done - - /bin/mkdir -p "${POLICY_HOME}/logs/" >/dev/null 2>&1 - - if [[ ! (-d "$POLICY_HOME" && -w "$POLICY_HOME") ]]; then - echo "ERROR: Installation directory $POLICY_HOME does not exist or not writable" - exit 1 - fi - - if [[ -z ${POLICY_DOCKER} ]]; then - if ! /bin/rm -fr "${POLICY_HOME}"/* >/dev/null 2>&1; then - echo "error: aborting base installation: cannot delete the underlying ${POLICY_HOME} files" - exit 1 - fi - - POLICY_HOME_CONTENTS=$(ls -A "${POLICY_HOME}" 2>/dev/null) - if [[ -n ${POLICY_HOME_CONTENTS} ]]; then - echo "error: aborting base installation: ${POLICY_HOME} directory is not empty" - exit 1 - fi - - if [[ -n ${POLICY_LOGS} ]]; then - if ! /bin/mkdir -p "${POLICY_LOGS}" >/dev/null 2>&1; then - echo "error: aborting base installation: cannot create ${POLICY_LOGS}" - exit 1 - fi - fi - fi - - BASE_TGZ=$(ls base-*.tar.gz) - if [ ! -r ${BASE_TGZ} ]; then - echo "error: aborting: base package is not accessible" - exit 1 - fi - - tar -tzf ${BASE_TGZ} >/dev/null 2>&1 - if [[ $? != 0 ]]; then - echo >&2 "error: aborting installation: invalid base package file: ${BASE_TGZ}" - exit 1 - fi - - BASEX_TGZ=$(ls basex-*.tar.gz 2>/dev/null) - if [ -z ${BASEX_TGZ} ]; then - echo "warning: no basex application package present" - BASEX_TGZ= - else - tar -tzf ${BASEX_TGZ} >/dev/null 2>&1 - if [[ $? != 0 ]]; then - echo >&2 "warning: invalid basex application package tar file: ${BASEX_TGZ}" - BASEX_TGZ= - fi - fi - - # Undo any changes in the $HOME directory if any - - BASH_PROFILE_LINE=". ${POLICY_HOME}/etc/profile.d/env.sh" - - # Note: using .bashrc instead of .bash_profile - if [[ -f ${HOME}/.bashrc ]]; then - /bin/sed -i "\:${BASH_PROFILE_LINE}:d" "${HOME}/.bashrc" - fi - - tar -C ${POLICY_HOME} -xf ${BASE_TGZ} --no-same-owner - if [[ $? != 0 ]]; then - # this should not happened - echo "error: aborting base installation: base package cannot be unpacked: ${BASE_TGZ}" - exit 1 - fi - - if [ ! -z ${BASEX_TGZ} ]; then - tar -C ${POLICY_HOME} -xf ${BASEX_TGZ} --no-same-owner - if [[ $? != 0 ]]; then - # this should not happened - echo "warning: basex package cannot be unpacked: ${BASEX_TGZ}" - fi - fi - - if [[ -d $HOME_M2 ]]; then - echo "Renaming existing $HOME_M2 to $HOME/m2.$TIMESTAMP" - mv $HOME_M2 $HOME/m2.$TIMESTAMP - if [[ $? != 0 ]]; then - echo "WARNING: Failed to rename $HOME_M2 directory; will use old directory" - fi - fi - - mkdir -p ${HOME_M2} - if [[ $? != 0 ]]; then - echo "ERROR: Cannot create ${HOME_M2} directory" - exit 1 - fi - - # base.conf properties may have characters with special meaning to bash, - # so wrap all the values in quotes in the profile.d version so it can - # be sourced into scripts that need the values. Also remove any blanks - # that may be present around the = sign. - # save ${BASE_CONF} in PDP-D installation - cp "${BASE_CONF}" "${POLICY_HOME}"/etc/profile.d - sed -i -e "s/ *= */=/" -e "s/=\(.*$\)/='\1'/" ${POLICY_HOME}/etc/profile.d/base.conf - - configure_base -} - -function install_controller() { - if [[ $DEBUG == y ]]; then - echo "-- ${FUNCNAME[0]} $@ --" - set -x - fi - - if [[ $DEBUG == y ]]; then - echo "-- ${FUNCNAME[0]} $@ --" - set -x - fi - - if [[ -f "${HOME}/.bashrc" ]]; then - source "${HOME}/.bashrc" - fi - - if [[ -z ${POLICY_HOME} ]]; then - echo "error: aborting installation: POLICY_HOME environment variable is not set." - exit 1 - fi - - if ! check_r_file ${POLICY_HOME}/etc/profile.d/env.sh; then - echo "error: aborting installation: ${POLICY_HOME}/etc/profile.d/env.sh is not accessible" - exit 1 - fi - - local CONTROLLER_CONF CONTROLLER_ZIP RULES_JAR SOURCE_DIR CONTROLLER_DIR AAAA BBBB PORT UTOPIC ARTIFACT_VERSION - - CONTROLLER_CONF=$COMPONENT_TYPE.conf - install_prereqs "${CONTROLLER_CONF}" - - # following properties must be set in conf file: - # CONTROLLER_ARTIFACT_ID - Maven artifactId for controller - # CONTROLLER_NAME - directory name for the controller; controller will be installed to - # $POLICY_HOME/controllers/$CONTROLLER_NAME - # CONTROLLER_PORT - port number for the controller REST interface - # RULES_ARTIFACT - rules artifact specifier: groupId:artifactId:version - - # test that all required properties are set - for var in CONTROLLER_ARTIFACT_ID CONTROLLER_NAME CONTROLLER_PORT RULES_ARTIFACT UEB_TOPIC; do - if [[ -z $(eval echo \$$var) ]]; then - echo "ERROR: $var must be set in $CONTROLLER_CONF" - exit 1 - fi - done - - CONTROLLER_ZIP=$(ls $CONTROLLER_ARTIFACT_ID*.zip 2>&-) - if [[ -z $CONTROLLER_ZIP ]]; then - echo "ERROR: Cannot find controller zip file ($CONTROLLER_ARTIFACT_ID*.zip)" - exit 1 - fi - - if [[ ! "$CONTROLLER_NAME" =~ ^[A-Za-z0-9_-]+$ ]]; then - echo "ERROR: CONTROLLER_NAME may only contain alphanumeric, underscore, and dash characters" - exit 1 - fi - - if [[ ! "$CONTROLLER_PORT" =~ ^[0-9]+$ ]]; then - echo "ERROR: CONTROLLER_PORT is not a valid integer" - exit 1 - fi - - # split artifact string into parts - IFS=: read RULES_GROUPID RULES_ARTIFACTID RULES_VERSION <<<$RULES_ARTIFACT - if [[ -z $RULES_GROUPID || -z $RULES_ARTIFACTID || -z $RULES_VERSION ]]; then - echo "ERROR: Invalid setting for RULES_ARTIFACT property" - exit 1 - fi - - #RULES_JAR=$RULES_ARTIFACTID-$RULES_VERSION.jar - RULES_JAR=$(echo ${RULES_ARTIFACTID}-*.jar) - if ! check_r_file $RULES_JAR; then - echo "WARNING: Rules jar file $RULES_JAR not found in installer package, must be installed manually" - RULES_JAR= - fi - - SOURCE_DIR=$PWD - CONTROLLER_DIR=$POLICY_HOME - - cd $CONTROLLER_DIR - - echo "Unpacking controller zip file" - # use jar command in case unzip not present on system - jar xf $SOURCE_DIR/$CONTROLLER_ZIP - if [[ $? != 0 ]]; then - echo "ERROR: unpack of controller zip file failed, install aborted" - exit 1 - fi - - chmod +x bin/* - - # Perform base variable replacement in controller config file - configure_component "${SOURCE_DIR}/${BASE_CONF}" "${CONTROLLER_DIR}" - - # Perform variable replacements in config files. - # config files may contain the following strings that need to be replaced with - # real values: - # AAAA - artifactId - # BBBB - Substring of AAAA after first dash (stripping initial "ncomp-" or "policy-") - # PORT - Port number for REST server - - echo "Performing variable replacement in config files" - AAAA=$CONTROLLER_ARTIFACT_ID - BBBB=${AAAA#[a-z]*-} - PORT=$CONTROLLER_PORT - UTOPIC=${UEB_TOPIC} - - for file in config/*; do - sed -i -e "s/AAAA/$AAAA/" -e "s/BBBB/$BBBB/" -e "s/PORT/$PORT/" -e "s!\${{UEB_TOPIC}}!${UTOPIC}!" $file - if [[ $? != 0 ]]; then - echo "ERROR: variable replacement failed for file $file, install aborted" - exit 1 - fi - done - - # append properties for rules artifact to server properties - cat >>config/server.properties <<EOF - -rules.groupId=$RULES_GROUPID -rules.artifactId=$RULES_ARTIFACTID -rules.version=$RULES_VERSION -EOF - - # TODO: run pw.sh script to set passwords - - # return to directory where we started - cd $SOURCE_DIR - - # install rules jar into repository if present - if [[ -n $RULES_JAR ]]; then - # can't use RULES_VERSION because may be set to "LATEST", - # so extract version from the jar filename - ARTIFACT_VERSION=$(sed -e "s/${RULES_ARTIFACTID}-//" -e "s/\.jar//" <<<${RULES_JAR}) - if [[ -n $repositoryUrl ]]; then - echo "Deploying rules artifact to Policy Repository" - mvn deploy:deploy-file -Dfile=$RULES_JAR \ - -DgroupId=$RULES_GROUPID -DartifactId=$RULES_ARTIFACTID -Dversion=$ARTIFACT_VERSION \ - -DrepositoryId=${repositoryID} -Durl=${repositoryUrl} \ - -DgeneratePom=true -DupdateReleaseInfo=true - else - echo "Installing rules artifact into local .m2 repository" - mvn --offline org.apache.maven.plugins:maven-install-plugin:2.5.2:install-file \ - -Dfile=$RULES_JAR -DgeneratePom=true -DupdateReleaseInfo=true - fi - fi -} - -# Usage: getPomAttributes <pom-file> <attribute> ... -# -# This function performs simplistic parsing of a 'pom.xml' file, extracting -# the specified attributes (e.g. 'groupId', 'artifactId', 'version'). The -# attributes are returned as environment variables with the associated name. - -function getPomAttributes() { - local tab=$'\t' - local rval=0 - local file="$1" - local attr - local value - shift - for attr in "$@"; do - # Try to fetch the parameter associated with the 'pom.xml' file. - # Initially, the 'parent' element is excluded. If the desired - # parameter is not found, the 'parent' element is included in the - # second attempt. - value=$(sed -n \ - -e '/<parent>/,/<\/parent>/d' \ - -e '/<dependencies>/,/<\/dependencies>/d' \ - -e '/<build>/,/<\/build>/d' \ - -e "/^[ ${tab}]*<${attr}>\([^<]*\)<\/${attr}>.*/{s//\1/p;}" \ - <"${file}") - - if [[ "${value}" == "" ]]; then - # need to check parent for parameter - value=$(sed -n \ - -e '/<dependencies>/,/<\/dependencies>/d' \ - -e '/<build>/,/<\/build>/d' \ - -e "/^[ ${tab}]*<${attr}>\([^<]*\)<\/${attr}>.*/{s//\1/p;}" \ - <"${file}") - if [[ "${value}" == "" ]]; then - echo "${file}: Can't determine ${attr}" >&2 - rval=1 - fi - fi - # the following sets an environment variable with the name referred - # to by ${attr} - read ${attr} <<<"${value}" - done - return ${rval} -} - -# Usage: installPom <pom-file> -# -# This function installs a 'pom.xml' file in the local repository - -function installPom() { - # need to extract attributes from POM file - if getPomAttributes "${1}" artifactId groupId version; then - local repoID repoUrl - if [[ "${version}" =~ SNAPSHOT ]]; then - repoID=${snapshotRepoID} - repoUrl=${snapshotRepoUrl} - else - repoID=${releaseRepoID} - repoUrl=${releaseRepoUrl} - fi - echo "${1}: Deploying POM artifact to remote repository" - mvn deploy:deploy-file -Dfile="$1" \ - -Dpackaging=pom -DgeneratePom=false \ - -DgroupId=${groupId} \ - -DartifactId=${artifactId} \ - -Dversion=${version} \ - -DrepositoryId=${repoID} -Durl=${repoUrl} \ - -DupdateReleaseInfo=true - else - echo "${1}: Can't install pom due to missing attributes" >&2 - return 1 - fi -} - -# Usage: installJar <jar-file> -# -# This function installs a JAR file in the local repository, as well as -# the 'pom.xml' member it contains. - -function installJar() { - local dir=$(mktemp -d) - local jar="${1##*/}" - cp -p "${1}" "${dir}/${jar}" - - ( - local rval=0 - cd "${dir}" - # determine name of 'pom' file within JAR - local pom=$(jar tf ${jar} META-INF | grep '/pom\.xml$' | head -1) - if [[ "${pom}" ]]; then - # extract pom file - jar xf ${jar} "${pom}" - - # determine version from pom file - if getPomAttributes "${pom}" version; then - local repoID repoUrl - if [[ "${version}" =~ SNAPSHOT ]]; then - repoID=${snapshotRepoID} - repoUrl=${snapshotRepoUrl} - else - repoID=${releaseRepoID} - repoUrl=${releaseRepoUrl} - fi - echo "${1}: Deploying JAR artifact to remote repository" - mvn deploy:deploy-file \ - -Dfile=${jar} \ - -Dversion=${version} \ - -Dpackaging=jar -DgeneratePom=false -DpomFile=${pom} \ - -DrepositoryId=${repoID} -Durl=${repoUrl} \ - -DupdateReleaseInfo=true - else - echo "${1}: Can't determine version from 'pom.xml'" >&2 - rval=1 - fi - else - echo "${1}: Can't find 'pom.xml'" >&2 - rval=1 - fi - rm -rf ${dir} - return ${rval} - ) -} - -# Unzip the 'artifacts-*.zip' file, and install all of the associated -# artifacts into the local repository. - -function installArtifacts() { - local file - if [[ -f $(echo artifacts-*.zip) ]]; then - # use jar command in case unzip not present on system - jar xf artifacts-*.zip - for file in artifacts/*; do - case "${file}" in - *pom.xml | *.pom) installPom "${file}" ;; - *.jar) installJar "${file}" ;; - *) echo "${file}: Don't know how to install artifact" >&2 ;; - esac - done - fi -} - -function installFeatures() { - if [[ $DEBUG == y ]]; then - echo "-- ${FUNCNAME[0]} $@ --" - set -x - fi - - local name featureConf - export FEATURES_HOME="${POLICY_HOME}/${FEATURES_DIR}" - echo "FEATURES_HOME is ${FEATURES_HOME}" - - mkdir -p "${FEATURES_HOME}" >/dev/null 2>&1 - if [[ -d "${FEATURES_HOME}" && -x "${FEATURES_HOME}" ]]; then - SOURCE_DIR=$PWD - for feature in feature-*.zip; do - name="${feature#feature-}" - name="${name%%-[0-9]*\.zip}" - mkdir -p "${FEATURES_HOME}/${name}" >/dev/null 2>&1 - ( - cd "${FEATURES_HOME}/${name}" - jar xf ${SOURCE_DIR}/${feature} - ) - featureConf="feature-${name}.conf" - if [[ -r "${featureConf}" ]]; then - configure_component "${featureConf}" "${FEATURES_HOME}" - cp "${featureConf}" "${POLICY_HOME}"/etc/profile.d - sed -i -e "s/ *= */=/" -e "s/=\(.*$\)/='\1'/" "${POLICY_HOME}/etc/profile.d/${featureConf}" - echo "feature ${name} has been installed (configuration present)" - else - echo "feature ${name} has been installed (no configuration present)" - fi - done - - echo "applying base configuration to features" - configure_component "${BASE_CONF}" "${FEATURES_HOME}" - else - echo "error: aborting ${FEATURES_HOME} is not accessible" - exit 1 - fi -} - -function do_install() { - if [[ $DEBUG == y ]]; then - echo "-- ${FUNCNAME[0]} $@ --" - set -x - fi - - echo "Starting installation at $(date) at ${PWD}" - echo - - COMPONENT_TYPE=base - BASE_CONF=base.conf - install_base - component_preinstall - - COMPONENT_TYPE=policy-management - install_controller - - installFeatures - installArtifacts - - appInstallers=$(ls apps*installer 2>/dev/null) - for appInstaller in ${appInstallers}; do - echo "Executing application installer ${appInstaller} .." - source ${appInstaller} - done - - echo - echo "Installation complete" - echo "Please logoff and login again to update shell environment" - -} - -export POLICY_USER=$(/usr/bin/id -un) -export POLICY_GROUP=$POLICY_USER - -FQDN=$(hostname -f 2>/dev/null) -if [[ $? != 0 || -z ${FQDN} ]]; then - echo "error: cannot determine the FQDN for this host $(hostname)." - exit 1 -fi - -TIMESTAMP=$(date "+%Y%m%d-%H%M%S") -LOGFILE=$PWD/install.log.$TIMESTAMP - -OPERATION=install -BASE_CONF=base.conf -HOME_M2=$HOME/.m2 -FEATURES_DIR="features" - -do_install 2>&1 | tee $LOGFILE diff --git a/packages/docker/src/main/docker/pdpd-entrypoint.sh b/packages/docker/src/main/docker/pdpd-entrypoint.sh new file mode 100644 index 00000000..1f7b3109 --- /dev/null +++ b/packages/docker/src/main/docker/pdpd-entrypoint.sh @@ -0,0 +1,259 @@ +#!/bin/bash + +# ######################################################################## +# Copyright 2019-2020 AT&T Intellectual Property. All rights reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ######################################################################## + + +function maven { + if [[ ${DEBUG} == y ]]; then + echo "-- ${FUNCNAME[0]} --" + set -x + fi + + if [[ -f "${POLICY_INSTALL_INIT}"/settings.xml ]]; then + if ! cmp -s "${POLICY_INSTALL_INIT}"/settings.xml "${POLICY_HOME}"/etc/m2/settings.xml; then + echo "overriding settings.xml" + cp -f "${POLICY_INSTALL_INIT}"/settings.xml "${POLICY_HOME}"/etc/m2 + fi + fi + + if [[ -f "${POLICY_INSTALL_INIT}"/standalone-settings.xml ]]; then + if ! cmp -s "${POLICY_INSTALL_INIT}"/standalone-settings.xml "${POLICY_HOME}"/etc/m2/standalone-settings.xml; then + echo "overriding standalone-settings.xml" + cp -f "${POLICY_INSTALL_INIT}"/standalone-settings.xml "${POLICY_HOME}"/etc/m2 + fi + fi +} + +function systemConfs { + if [[ ${DEBUG} == y ]]; then + echo "-- ${FUNCNAME[0]} --" + set -x + fi + + local confName + + if ! ls "${POLICY_INSTALL_INIT}"/*.conf > /dev/null 2>&1; then + return 0 + fi + + for c in $(ls "${POLICY_INSTALL_INIT}"/*.conf 2> /dev/null); do + echo "adding system conf file: ${c}" + cp -f "${c}" "${POLICY_HOME}"/etc/profile.d/ + confName="$(basename "${c}")" + sed -i -e "s/ *= */=/" -e "s/=\([^\"\']*$\)/='\1'/" "${POLICY_HOME}/etc/profile.d/${confName}" + done + + source "${POLICY_HOME}"/etc/profile.d/env.sh +} + +function features { + if [[ ${DEBUG} == y ]]; then + echo "-- ${FUNCNAME[0]} --" + set -x + fi + + if ! ls "${POLICY_INSTALL_INIT}"/features*.zip > /dev/null 2>&1; then + return 0 + fi + + source "${POLICY_HOME}"/etc/profile.d/env.sh + + for f in $(ls "${POLICY_INSTALL_INIT}"/features*.zip 2> /dev/null); do + echo "installing feature: ${f}" + "${POLICY_HOME}"/bin/features install "${f}" + done +} + +function scripts { + if [[ ${DEBUG} == y ]]; then + echo "-- ${FUNCNAME[0]} --" + set -x + fi + + local scriptExtSuffix=${1:-"sh"} + + if ! ls "${POLICY_INSTALL_INIT}"/*."${scriptExtSuffix}" > /dev/null 2>&1; then + return 0 + fi + + source "${POLICY_HOME}"/etc/profile.d/env.sh + + for s in $(ls "${POLICY_INSTALL_INIT}"/*."${scriptExtSuffix}" 2> /dev/null); do + echo "executing script: ${s}" + source "${s}" + done +} + +function security { + if [[ ${DEBUG} == y ]]; then + echo "-- ${FUNCNAME[0]} --" + set -x + fi + + if [[ -f "${POLICY_INSTALL_INIT}"/policy-keystore ]]; then + if ! cmp -s "${POLICY_INSTALL_INIT}"/policy-keystore "${POLICY_HOME}"/etc/ssl/policy-keystore; then + echo "overriding policy-keystore" + cp -f "${POLICY_INSTALL_INIT}"/policy-keystore "${POLICY_HOME}"/etc/ssl + fi + fi + + if [[ -f ${POLICY_INSTALL_INIT}/policy-truststore ]]; then + if ! cmp -s "${POLICY_INSTALL_INIT}"/policy-truststore "${POLICY_HOME}"/etc/ssl/policy-truststore; then + echo "overriding policy-truststore" + cp -f "${POLICY_INSTALL_INIT}"/policy-truststore "${POLICY_HOME}"/etc/ssl + fi + fi + + if [[ -f "${POLICY_INSTALL_INIT}"/aaf-cadi.keyfile ]]; then + if ! cmp -s "${POLICY_INSTALL_INIT}"/aaf-cadi.keyfile "${POLICY_HOME}"/config/aaf-cadi.keyfile; then + echo "overriding aaf-cadi.keyfile" + cp -f "${POLICY_INSTALL_INIT}"/aaf-cadi.keyfile "${POLICY_HOME}"/config/aaf-cadi.keyfile + fi + fi +} + +function serverConfig { + if [[ ${DEBUG} == y ]]; then + echo "-- ${FUNCNAME[0]} --" + set -x + fi + + local configExtSuffix=${1:-"properties"} + + if ! ls "${POLICY_INSTALL_INIT}"/*."${configExtSuffix}" > /dev/null 2>&1; then + return 0 + fi + + for p in $(ls "${POLICY_INSTALL_INIT}"/*."${configExtSuffix}" 2> /dev/null); do + echo "configuration ${configExtSuffix}: ${p}" + cp -f "${p}" "${POLICY_HOME}"/config + done +} + +function db { + if [[ ${DEBUG} == y ]]; then + echo "-- ${FUNCNAME[0]} --" + set -x + fi + + if [[ -z ${SQL_HOST} ]]; then + return 0 + fi + + echo "Wating for ${SQL_HOST} ." + timeout 120 bash -c 'until nc -vz "${SQL_HOST}" 3306; do echo -n "."; sleep 1; done'; echo $? + + "${POLICY_HOME}"/bin/db-migrator -s ALL -o upgrade +} + +function inspect { + if [[ ${DEBUG} == y ]]; then + echo "-- ${FUNCNAME[0]} --" + set -x + fi + + echo "ENV: " + env + echo + echo + + source "${POLICY_HOME}"/etc/profile.d/env.sh + policy status + + echo + echo +} + +function reload { + if [[ ${DEBUG} == y ]]; then + echo "-- ${FUNCNAME[0]} --" + set -x + fi + + systemConfs + maven + features + security + serverConfig "properties" + serverConfig "xml" + serverConfig "json" + scripts "pre.sh" +} + +function start { + if [[ ${DEBUG} == y ]]; then + echo "-- ${FUNCNAME[0]} --" + set -x + fi + + source "${POLICY_HOME}"/etc/profile.d/env.sh + policy start +} + +function configure { + if [[ ${DEBUG} == y ]]; then + echo "-- ${FUNCNAME[0]} --" + set -x + fi + + reload + db +} + +function vmBoot { + if [[ ${DEBUG} == y ]]; then + echo "-- ${FUNCNAME[0]} --" + set -x + fi + + reload + db + start + scripts "post.sh" +} + +function dockerBoot { + if [[ ${DEBUG} == y ]]; then + echo "-- ${FUNCNAME[0]} --" + set -x + fi + + set -e + + vmBoot + + tail -f /dev/null +} + +if [[ ${DEBUG} == y ]]; then + echo "-- $0 $* --" + set -x +fi + +operation="${1}" +case "${operation}" in + inspect) inspect + ;; + boot) dockerBoot + ;; + vmboot) vmBoot + ;; + configure) configure + ;; + *) exec "$@" + ;; +esac diff --git a/packages/docker/src/main/docker/wait-for-port.sh b/packages/docker/src/main/docker/wait-for-port.sh deleted file mode 100644 index 577afa34..00000000 --- a/packages/docker/src/main/docker/wait-for-port.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -### -# ============LICENSE_START======================================================= -# -# ================================================================================ -# Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -### - -if [[ $# -ne 2 ]]; then - echo "Usage: wait-for-port hostname port" >&2 - exit 1 -fi - -host=$1 -port=$2 - -echo "Waiting for $host port $port open" -until nc -vz $host $port 2> /dev/null; do - sleep 1 -done - -echo "$host port $port is open" - -exit 0 |