aboutsummaryrefslogtreecommitdiffstats
path: root/openecomp-be/api/openecomp-sdc-rest-webapp/item-permissions-rest/item-permissions-rest-services
ModeNameSize
-rw-r--r--pom.xml1560logstatsplain
d---------src62logstatsplain
5'>115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 
#!/bin/bash
#SPDX-license-identifier: Apache-2.0
##############################################################################
# Copyright (c) 2018
# All rights reserved. This program and the accompanying materials
# are made available under the terms of the Apache License, Version 2.0
# which accompanies this distribution, and is available at
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################

set -o errexit
set -o nounset
set -o pipefail

INSTALLER_DIR="$(readlink -f "$(dirname "${BASH_SOURCE[0]}")")"

source ${INSTALLER_DIR}/../../tests/_functions.sh

# _install_go() - Install GoLang package
function _install_go {
    version=$(grep "go_version" ${kud_playbooks}/kud-vars.yml | awk -F "'" '{print $2}')
    local tarball=go$version.linux-amd64.tar.gz

    #gcc is required for go apps compilation
    if ! which gcc; then
        sudo apt-get install -y gcc
    fi

    if $(go version &>/dev/null); then
        return
    fi

    wget https://dl.google.com/go/$tarball
    sudo tar -C /usr/local -xzf $tarball
    rm $tarball

    export PATH=$PATH:/usr/local/go/bin
    sudo sed -i "s|^PATH=.*|PATH=\"$PATH\"|" /etc/environment
    #allow golang to work with sudo
    sudo sed -i 's|secure_path="\([^"]\+\)"|secure_path="\1:/usr/local/go/bin"|' /etc/sudoers
}

# _install_pip() - Install Python Package Manager
function _install_pip {
    if $(pip --version &>/dev/null); then
        sudo -E pip install --no-cache-dir --upgrade pip
    else
        sudo apt-get install -y python-dev
        curl -sL https://bootstrap.pypa.io/pip/2.7/get-pip.py | sudo python
    fi
}

# _install_ansible() - Install and Configure Ansible program
function _install_ansible {
    if $(ansible --version &>/dev/null); then
        sudo pip uninstall -y ansible
    fi
    _install_pip
    local version=$(grep "ansible_version" ${kud_playbooks}/kud-vars.yml | awk -F ': ' '{print $2}')
    sudo mkdir -p /etc/ansible/
    sudo -E pip install --no-cache-dir ansible==$version
}

# _install_docker() - Download and install docker-engine
function _install_docker {
    local max_concurrent_downloads=${1:-3}

    if $(docker version &>/dev/null); then
        return
    fi
    sudo apt-get install -y apt-transport-https ca-certificates curl
    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
    sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
    sudo apt-get update
    sudo apt-get install -y docker-ce

    sudo mkdir -p /etc/systemd/system/docker.service.d
    if [ ${http_proxy:-} ]; then
        echo "[Service]" | sudo tee /etc/systemd/system/docker.service.d/http-proxy.conf
        echo "Environment=\"HTTP_PROXY=$http_proxy\"" | sudo tee --append /etc/systemd/system/docker.service.d/http-proxy.conf
    fi
    if [ ${https_proxy:-} ]; then
        echo "[Service]" | sudo tee /etc/systemd/system/docker.service.d/https-proxy.conf
        echo "Environment=\"HTTPS_PROXY=$https_proxy\"" | sudo tee --append /etc/systemd/system/docker.service.d/https-proxy.conf
    fi
    if [ ${no_proxy:-} ]; then
        echo "[Service]" | sudo tee /etc/systemd/system/docker.service.d/no-proxy.conf
        echo "Environment=\"NO_PROXY=$no_proxy\"" | sudo tee --append /etc/systemd/system/docker.service.d/no-proxy.conf
    fi
    sudo systemctl daemon-reload
    echo "DOCKER_OPTS=\"-H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --max-concurrent-downloads $max_concurrent_downloads \"" | sudo tee --append /etc/default/docker
    if [[ -z $(groups | grep docker) ]]; then
        sudo usermod -aG docker $USER
    fi

    sudo systemctl restart docker
    sleep 10
}

function _set_environment_file {
    # By default ovn central interface is the first active network interface on localhost. If other wanted, need to export this variable in aio.sh or Vagrant file.
    OVN_CENTRAL_INTERFACE="${OVN_CENTRAL_INTERFACE:-$(ip addr show | awk '/inet.*brd/{print $NF; exit}')}"
    echo "export OVN_CENTRAL_INTERFACE=${OVN_CENTRAL_INTERFACE}" | sudo tee --append /etc/environment
    echo "export OVN_CENTRAL_ADDRESS=$(get_ovn_central_address)" | sudo tee --append /etc/environment
    echo "export KUBE_CONFIG_DIR=/opt/kubeconfig" | sudo tee --append /etc/environment
    echo "export CSAR_DIR=/opt/csar" | sudo tee --append /etc/environment
    echo "export ANSIBLE_CONFIG=${ANSIBLE_CONFIG}" | sudo tee --append /etc/environment
}

# install_k8s() - Install Kubernetes using kubespray tool
function install_k8s {
    echo "Deploying kubernetes"
    local dest_folder=/opt
    version=$(grep "kubespray_version" ${kud_playbooks}/kud-vars.yml | awk -F ': ' '{print $2}')
    local_release_dir=$(grep "local_release_dir" $kud_inventory_folder/group_vars/k8s-cluster.yml | awk -F "\"" '{print $2}')
    local tarball=v$version.tar.gz
    sudo apt-get install -y sshpass make unzip # install make to run mitogen target and unzip is mitogen playbook dependency
    sudo apt-get install -y gnupg2 software-properties-common
    _install_docker
    _install_ansible
    wget https://github.com/kubernetes-incubator/kubespray/archive/$tarball
    sudo tar -C $dest_folder -xzf $tarball
    sudo chown -R $USER $dest_folder/kubespray-$version
    sudo mkdir -p ${local_release_dir}/containers
    rm $tarball

    pushd $dest_folder/kubespray-$version/
    sudo -E pip install --no-cache-dir -r ./requirements.txt
    make mitogen
    popd
    rm -f $kud_inventory_folder/group_vars/all.yml 2> /dev/null
    if [[ -n "${verbose:-}" ]]; then
        echo "kube_log_level: 5" | tee $kud_inventory_folder/group_vars/all.yml
    else
        echo "kube_log_level: 2" | tee $kud_inventory_folder/group_vars/all.yml
    fi
    echo "kubeadm_enabled: true" | tee --append $kud_inventory_folder/group_vars/all.yml
    if [[ -n "${http_proxy:-}" ]]; then
        echo "http_proxy: \"$http_proxy\"" | tee --append $kud_inventory_folder/group_vars/all.yml
    fi
    if [[ -n "${https_proxy:-}" ]]; then
        echo "https_proxy: \"$https_proxy\"" | tee --append $kud_inventory_folder/group_vars/all.yml
    fi
    export ANSIBLE_CONFIG=$dest_folder/kubespray-$version/ansible.cfg

    ansible-playbook $verbose -i $kud_inventory \
        $kud_playbooks/preconfigure-kubespray.yml --become --become-user=root \
        | sudo tee $log_folder/setup-kubernetes.log
    if [ "$container_runtime" == "docker" ]; then
        /bin/echo -e "\n\e[1;42mDocker will be used as the container runtime interface\e[0m"
        ansible-playbook $verbose -i $kud_inventory \
            $dest_folder/kubespray-$version/cluster.yml --become \
            --become-user=root | sudo tee $log_folder/setup-kubernetes.log
    elif [ "$container_runtime" == "containerd" ]; then
        /bin/echo -e "\n\e[1;42mContainerd will be used as the container runtime interface\e[0m"
        # Because the kud_kata_override_variable has its own quotations in it
        # a eval command is needed to properly execute the ansible script
        ansible_kubespray_cmd="ansible-playbook $verbose -i $kud_inventory \
            $dest_folder/kubespray-$version/cluster.yml \
            -e ${kud_kata_override_variables} --become --become-user=root | \
            sudo tee $log_folder/setup-kubernetes.log"
        eval $ansible_kubespray_cmd
        ansible-playbook $verbose -i $kud_inventory -e "base_dest=$HOME" \
            $kud_playbooks/configure-kata.yml --become --become-user=root | \
            sudo tee $log_folder/setup-kata.log
    else
        echo "Only Docker or Containerd are supported container runtimes"
        exit 1
    fi

    # Configure environment
    mkdir -p $HOME/.kube
    cp $kud_inventory_folder/artifacts/admin.conf $HOME/.kube/config
    # Copy Kubespray kubectl to be usable in host running Ansible. Requires kubectl_localhost: true in inventory/group_vars/k8s-cluster.yml
    sudo cp $kud_inventory_folder/artifacts/kubectl /usr/local/bin/
}

# install_addons() - Install Kubenertes AddOns
function install_addons {
    source /etc/environment
    echo "Installing Kubernetes AddOns"
    _install_ansible
    sudo ansible-galaxy install $verbose -r $kud_infra_folder/galaxy-requirements.yml --ignore-errors
    ansible-playbook $verbose -i $kud_inventory -e "base_dest=$HOME" $kud_playbooks/configure-kud.yml | sudo tee $log_folder/setup-kud.log

    # The order of KUD_ADDONS is important: some plugins (sriov, qat)
    # require nfd to be enabled. Some addons are not currently supported with containerd
    if [ "${container_runtime}" == "docker" ]; then
        kud_addons=${KUD_ADDONS:-topology-manager virtlet ovn4nfv nfd sriov \
            qat optane cmk}
    elif [ "${container_runtime}" == "containerd" ]; then
        kud_addons=${KUD_ADDONS:-ovn4nfv nfd}
    fi

    for addon in ${kud_addons}; do
        echo "Deploying $addon using configure-$addon.yml playbook.."
        ansible-playbook $verbose -i $kud_inventory -e "base_dest=$HOME" \
            $kud_playbooks/configure-${addon}.yml | \
            sudo tee $log_folder/setup-${addon}.log
    done

    echo "Run the test cases if testing_enabled is set to true."
    if [[ "${testing_enabled}" == "true" ]]; then
        failed_kud_tests=""
        # Run Kata test first if Kata was installed
        if [ "${container_runtime}" == "containerd" ]; then
            #Install Kata webhook for test pods
            ansible-playbook $verbose -i $kud_inventory -e "base_dest=$HOME" \
                -e "kata_webhook_runtimeclass=$kata_webhook_runtimeclass" \
                $kud_playbooks/configure-kata-webhook.yml \
                --become --become-user=root | \
                sudo tee $log_folder/setup-kata-webhook.log
            kata_webhook_deployed=true
            pushd $kud_tests
            bash kata.sh || failed_kud_tests="${failed_kud_tests} kata"
            popd
        fi
        # Run other plugin tests
        for addon in ${kud_addons}; do
            pushd $kud_tests
            bash ${addon}.sh || failed_kud_tests="${failed_kud_tests} ${addon}"
            popd
        done
        # Remove Kata webhook if user didn't want it permanently installed
        if ! [ "${enable_kata_webhook}" == "true" ]; then
            ansible-playbook $verbose -i $kud_inventory -e "base_dest=$HOME" \
                -e "kata_webhook_runtimeclass=$kata_webhook_runtimeclass" \
                $kud_playbooks/configure-kata-webhook-reset.yml \
                --become --become-user=root | \
                sudo tee $log_folder/kata-webhook-reset.log
        fi
        if [[ ! -z "$failed_kud_tests" ]]; then
            echo "Test cases failed:${failed_kud_tests}"
            return 1
        fi
    fi
    # Check if Kata webhook should be installed and isn't already installed
    if [ "$enable_kata_webhook" == "true" ] && ! [ "$kata_webhook_deployed" == "true" ]; then
        ansible-playbook $verbose -i $kud_inventory -e "base_dest=$HOME" \
            -e "kata_webhook_runtimeclass=$kata_webhook_runtimeclass" \
            $kud_playbooks/configure-kata-webhook.yml \
            --become --become-user=root | \
            sudo tee $log_folder/setup-kata-webhook.log
    fi
    echo "Add-ons deployment complete..."
}

# install_plugin() - Install ONAP Multicloud Kubernetes plugin
function install_plugin {
    echo "Installing multicloud/k8s plugin"
    _install_docker
    sudo -E pip install --no-cache-dir docker-compose

    sudo mkdir -p /opt/{kubeconfig,consul/config}
    sudo cp $HOME/.kube/config /opt/kubeconfig/kud

    pushd $kud_folder/../../../deployments
    sudo ./build.sh
    if [[ "${testing_enabled}" == "true" ]]; then
        sudo ./start.sh
        pushd $kud_tests
        for functional_test in plugin plugin_edgex plugin_fw plugin_eaa; do
            bash ${functional_test}.sh
        done
        popd
    fi
    popd
}

# _print_kubernetes_info() - Prints the login Kubernetes information
function _print_kubernetes_info {
    if ! $(kubectl version &>/dev/null); then
        return
    fi
    # Expose Dashboard using NodePort
    node_port=30080
    KUBE_EDITOR="sed -i \"s|type\: ClusterIP|type\: NodePort|g\"" kubectl -n kube-system edit service kubernetes-dashboard
    KUBE_EDITOR="sed -i \"s|nodePort\: .*|nodePort\: $node_port|g\"" kubectl -n kube-system edit service kubernetes-dashboard

    master_ip=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}' | awk -F '[:/]' '{print $4}')

    printf "Kubernetes Info\n===============\n" > $k8s_info_file
    echo "Dashboard URL: https://$master_ip:$node_port" >> $k8s_info_file
    echo "Admin user: kube" >> $k8s_info_file
    echo "Admin password: secret" >> $k8s_info_file
}

sudo -k # forgot sudo password
if ! sudo -n "true"; then
    echo ""
    echo "passwordless sudo is needed for '$(id -nu)' user."
    echo "Please fix your /etc/sudoers file. You likely want an"
    echo "entry like the following one..."
    echo ""
    echo "$(id -nu) ALL=(ALL) NOPASSWD: ALL"
    exit 1
fi

verbose=""
if [[ -n "${KUD_DEBUG:-}" ]]; then
    set -o xtrace
    verbose="-vvv"
fi

# Configuration values
log_folder=/var/log/kud
kud_folder=${INSTALLER_DIR}
kud_infra_folder=$kud_folder/../../deployment_infra
export kud_inventory_folder=$kud_folder/inventory
kud_inventory=$kud_inventory_folder/hosts.ini
kud_playbooks=$kud_infra_folder/playbooks
kud_tests=$kud_folder/../../tests
k8s_info_file=$kud_folder/k8s_info.log
testing_enabled=${KUD_ENABLE_TESTS:-false}
container_runtime=${CONTAINER_RUNTIME:-docker}
enable_kata_webhook=${ENABLE_KATA_WEBHOOK:-false}
kata_webhook_runtimeclass=${KATA_WEBHOOK_RUNTIMECLASS:-kata-clh}
kata_webhook_deployed=false
# For containerd the etcd_deployment_type: docker is the default and doesn't work.
# You have to use either etcd_kubeadm_enabled: true or etcd_deployment_type: host
# See https://github.com/kubernetes-sigs/kubespray/issues/5713
kud_kata_override_variables="container_manager=containerd \
    -e etcd_deployment_type=host -e kubelet_cgroup_driver=cgroupfs \
    -e \"{'download_localhost': false}\" -e \"{'download_run_once': false}\""

sudo mkdir -p $log_folder
sudo mkdir -p /opt/csar
sudo chown -R $USER /opt/csar
# Install dependencies
# Setup proxy variables
if [ -f $kud_folder/sources.list ]; then
    sudo mv /etc/apt/sources.list /etc/apt/sources.list.backup
    sudo cp $kud_folder/sources.list /etc/apt/sources.list
fi
echo "Removing ppa for jonathonf/python-3.6"
sudo ls /etc/apt/sources.list.d/ || true
sudo find /etc/apt/sources.list.d -maxdepth 1 -name '*jonathonf*' -delete || true
sudo apt-get update
_install_go
install_k8s
_set_environment_file
install_addons
if ${KUD_PLUGIN_ENABLED:-false}; then
    install_plugin
fi
_print_kubernetes_info