summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRavi Pendurty <ravi.pendurty@highstreet-technologies.com>2020-09-23 07:13:26 +0200
committerRavi Pendurty <ravi.pendurty@highstreet-technologies.com>2020-09-25 12:54:39 +0200
commitd054c3b02383e0d17de1a49f5cef06dafe75e352 (patch)
tree9a7a2c5a41a3a764cff5b422f9e9cdcbec2a0c16
parent88a2783dd51a5857fad1a409b09b39fcdde79cba (diff)
Merge SDNC startup and certificate install scripts
startODL.oom.sh merged with startODL.sh and installCerts.oom.py merged with installCerts.py Issue-ID: SDNC-1366 Signed-off-by: Ravi Pendurty <ravi.pendurty@highstreet-technologies.com> Change-Id: I21f9d140e19c18f57f9dc988bfd7e0d07e96f286 Signed-off-by: Ravi Pendurty <ravi.pendurty@highstreet-technologies.com> Former-commit-id: 923cd3681b7fa54759959ba49dea7b00c837d664
-rw-r--r--installation/sdnc/src/main/scripts/installCerts.oom.py339
-rw-r--r--installation/sdnc/src/main/scripts/installCerts.py99
-rwxr-xr-xinstallation/sdnc/src/main/scripts/startODL.oom.sh390
-rwxr-xr-xinstallation/sdnc/src/main/scripts/startODL.sh307
4 files changed, 327 insertions, 808 deletions
diff --git a/installation/sdnc/src/main/scripts/installCerts.oom.py b/installation/sdnc/src/main/scripts/installCerts.oom.py
deleted file mode 100644
index 42af7d2c..00000000
--- a/installation/sdnc/src/main/scripts/installCerts.oom.py
+++ /dev/null
@@ -1,339 +0,0 @@
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 Nordix Foundation.
-# ================================================================================
-# extended by highstreet technologies GmbH (c) 2020
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-#
-
-
-# coding=utf-8
-import os
-import http.client
-import base64
-import time
-import zipfile
-import shutil
-import subprocess
-import logging
-
-odl_home = os.environ['ODL_HOME']
-log_directory = odl_home + '/data/log/'
-log_file = log_directory + 'installCerts.log'
-log_format = "%(asctime)s - %(name)s - %(levelname)s - %(message)s"
-if not os.path.exists(log_directory):
- os.makedirs(log_directory)
-logging.basicConfig(filename=log_file,level=logging.DEBUG,filemode='w',format=log_format)
-print ('Start cert provisioning. Log file: ' + log_file);
-
-Path = os.environ['ODL_CERT_DIR']
-
-zipFileList = []
-
-username = os.environ['ODL_ADMIN_USERNAME']
-password = os.environ['ODL_ADMIN_PASSWORD']
-newpassword = os.environ.get('ODL_ADMIN_NEWPASSWORD')
-TIMEOUT=1000
-INTERVAL=30
-timePassed=0
-
-postKeystore= "/rests/operations/netconf-keystore:add-keystore-entry"
-postPrivateKey= "/rests/operations/netconf-keystore:add-private-key"
-postTrustedCertificate= "/rests/operations/netconf-keystore:add-trusted-certificate"
-
-envOdlFeaturesBoot='ODL_FEATURES_BOOT'
-# Strategy sli-api is default
-certreadyCmd="POST"
-certreadyUrl="/rests/operations/SLI-API:healthcheck"
-odlFeaturesBoot=os.environ.get(envOdlFeaturesBoot)
-
-if odlFeaturesBoot is not None:
- odlFeaturesBoot=odlFeaturesBoot.lower()
- if 'odl-netconf-topology' in odlFeaturesBoot or 'odl-netconf-clustered-topology' in odlFeaturesBoot:
- certreadyCmd="GET"
- certreadyUrl="/rests/data/network-topology:network-topology"
-logging.info('ODL ready strategy with command %s and url %s', certreadyCmd, certreadyUrl)
-
-cadi_file = '.pass'
-odl_port = 8181
-cred_string = username + ":" + password
-headers = {'Authorization':'Basic %s' % base64.b64encode(cred_string.encode()).decode(),
- 'X-FromAppId': 'csit-sdnc',
- 'X-TransactionId': 'csit-sdnc',
- 'Accept':"application/json",
- 'Content-type':"application/yang-data+json"}
-
-def readFile(folder, file):
- key = open(Path + "/" + folder + "/" + file, "r")
- fileRead = key.read()
- key.close()
- fileRead = "\n".join(fileRead.splitlines()[1:-1])
- return fileRead
-
-def readTrustedCertificate(folder, file):
- listCert = list()
- caPem = ""
- startCa = False
- key = open(folder + "/" + file, "r")
- lines = key.readlines()
- for line in lines:
- if not "BEGIN CERTIFICATE" in line and not "END CERTIFICATE" in line and startCa:
- caPem += line
- elif "BEGIN CERTIFICATE" in line:
- startCa = True
- elif "END CERTIFICATE" in line:
- startCa = False
- listCert.append(caPem)
- caPem = ""
- return listCert
-
-def makeKeystoreKey(clientKey, count):
- odl_private_key="ODL_private_key_%d" %count
-
- json_keystore_key='{{\"input\": {{ \"key-credential\": {{\"key-id\": \"{odl_private_key}\", \"private-key\" : ' \
- '\"{clientKey}\",\"passphrase\" : \"\"}}}}}}'.format(
- odl_private_key=odl_private_key,
- clientKey=clientKey)
-
- return json_keystore_key
-
-def makePrivateKey(clientKey, clientCrt, certList, count):
- caPem = ""
- if certList:
- for cert in certList:
- caPem += '\"%s\",' % cert
- caPem = caPem.rsplit(',', 1)[0]
- odl_private_key="ODL_private_key_%d" %count
-
- json_private_key='{{\"input\": {{ \"private-key\":{{\"name\": \"{odl_private_key}\", \"data\" : ' \
- '\"{clientKey}\",\"certificate-chain\":[\"{clientCrt}\",{caPem}]}}}}}}'.format(
- odl_private_key=odl_private_key,
- clientKey=clientKey,
- clientCrt=clientCrt,
- caPem=caPem)
-
- return json_private_key
-
-def makeTrustedCertificate(certList, count):
- number = 0
- json_cert_format = ""
- for cert in certList:
- cert_name = "xNF_CA_certificate_%d_%d" %(count, number)
- json_cert_format += '{{\"name\": \"{trusted_name}\",\"certificate\":\"{cert}\"}},\n'.format(
- trusted_name=cert_name,
- cert=cert.strip())
- number += 1
-
- json_cert_format = json_cert_format.rsplit(',', 1)[0]
- json_trusted_cert='{{\"input\": {{ \"trusted-certificate\": [{certificates}]}}}}'.format(
- certificates=json_cert_format)
- return json_trusted_cert
-
-
-def makeRestconfPost(conn, json_file, apiCall):
- req = conn.request("POST", apiCall, json_file, headers=headers)
- res = conn.getresponse()
- res.read()
- if res.status != 200:
- logging.error("Error here, response back wasnt 200: Response was : %d , %s" % (res.status, res.reason))
- else:
- logging.debug("Response :%s Reason :%s ",res.status, res.reason)
-
-def extractZipFiles(zipFileList, count):
- for zipFolder in zipFileList:
- with zipfile.ZipFile(Path + "/" + zipFolder.strip(),"r") as zip_ref:
- zip_ref.extractall(Path)
- folder = zipFolder.rsplit(".")[0]
- processFiles(folder, count)
-
-def processFiles(folder, count):
- logging.info('Process folder: %d %s', count, folder)
- for file in os.listdir(Path + "/" + folder):
- if os.path.isfile(Path + "/" + folder + "/" + file.strip()):
- if ".key" in file:
- clientKey = readFile(folder, file.strip())
- elif "trustedCertificate" in file:
- certList = readTrustedCertificate(Path + "/" + folder, file.strip())
- elif ".crt" in file:
- clientCrt = readFile(folder, file.strip())
- else:
- logging.error("Could not find file %s" % file.strip())
- shutil.rmtree(Path + "/" + folder)
- post_content(clientKey, clientCrt, certList, count)
-
-def post_content(clientKey, clientCrt, certList, count):
- logging.info('Post content: %d', count)
- conn = http.client.HTTPConnection("localhost",odl_port)
- if clientKey:
- json_keystore_key = makeKeystoreKey(clientKey, count)
- logging.debug("Posting private key in to ODL keystore")
- makeRestconfPost(conn, json_keystore_key, postKeystore)
-
- if certList:
- json_trusted_cert = makeTrustedCertificate(certList, count)
- logging.debug("Posting trusted cert list in to ODL")
- makeRestconfPost(conn, json_trusted_cert, postTrustedCertificate)
-
- if clientKey and clientCrt and certList:
- json_private_key = makePrivateKey(clientKey, clientCrt, certList, count)
- logging.debug("Posting the cert in to ODL")
- makeRestconfPost(conn, json_private_key, postPrivateKey)
-
-
-def makeHealthcheckCall(headers, timePassed):
- connected = False
- # WAIT 10 minutes maximum and test every 30 seconds if HealthCheck API is returning 200
- while timePassed < TIMEOUT:
- try:
- conn = http.client.HTTPConnection("localhost",odl_port)
- req = conn.request(certreadyCmd, certreadyUrl,headers=headers)
- res = conn.getresponse()
- res.read()
- httpStatus = res.status
- if httpStatus == 200:
- logging.debug("Healthcheck Passed in %d seconds." %timePassed)
- connected = True
- break
- else:
- logging.debug("Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds. Problem code was: %d" %(INTERVAL, timePassed, TIMEOUT, httpStatus))
- except:
- logging.error("Cannot execute REST call. Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds." %(INTERVAL, timePassed, TIMEOUT))
- timePassed = timeIncrement(timePassed)
-
- if timePassed > TIMEOUT:
- logging.error("TIME OUT: Healthcheck not passed in %d seconds... Could cause problems for testing activities..." %TIMEOUT)
-
- return connected
-
-
-def timeIncrement(timePassed):
- time.sleep(INTERVAL)
- timePassed = timePassed + INTERVAL
- return timePassed
-
-def get_cadi_password():
- try:
- with open(Path + '/' + cadi_file , 'r') as file_obj:
- cadi_pass = file_obj.read().split('=', 1)[1].strip()
- return cadi_pass
- except Exception as e:
- logging.error("Error occurred while fetching password : %s", e)
- exit()
-
-def cleanup():
- for file in os.listdir(Path):
- if os.path.isfile(Path + '/' + file):
- logging.debug("Cleaning up the file %s", Path + '/'+ file)
- os.remove(Path + '/'+ file)
-
-def extract_content(file, password, count):
- try:
- certList = []
- key = None
- cert = None
- if (file.endswith('.jks')):
- p12_file = file.replace('.jks', '.p12')
- jks_cmd = 'keytool -importkeystore -srckeystore {src_file} -destkeystore {dest_file} -srcstoretype JKS -srcstorepass {src_pass} -deststoretype PKCS12 -deststorepass {dest_pass}'.format(src_file=file, dest_file=p12_file, src_pass=password, dest_pass=password)
- logging.debug("Converting %s into p12 format", file)
- os.system(jks_cmd)
- file = p12_file
-
- clcrt_cmd = 'openssl pkcs12 -in {src_file} -clcerts -nokeys -passin pass:{src_pass}'.format(src_file=file, src_pass=password)
- clkey_cmd = 'openssl pkcs12 -in {src_file} -nocerts -nodes -passin pass:{src_pass}'.format(src_file=file, src_pass=password)
- trust_file = file.split('/')[2] + '.trust'
- trustCerts_cmd = 'openssl pkcs12 -in {src_file} -out {out_file} -cacerts -nokeys -passin pass:{src_pass} '.format(src_file=file, out_file=Path + '/' + trust_file, src_pass=password)
-
- result_key = subprocess.check_output(clkey_cmd , shell=True)
- if result_key:
- key = result_key.split('-----BEGIN PRIVATE KEY-----', 1)[1].lstrip().split('-----END PRIVATE KEY-----')[0]
-
- os.system(trustCerts_cmd)
- if os.path.exists(Path + '/' + trust_file):
- certList = readTrustedCertificate(Path, trust_file)
-
- result_crt = subprocess.check_output(clcrt_cmd , shell=True)
- if result_crt:
- cert = result_crt.split('-----BEGIN CERTIFICATE-----', 1)[1].lstrip().split('-----END CERTIFICATE-----')[0]
- """
- To-do: Posting the key, cert, certList might need modification
- based on how AAF distributes the files.
-
- """
- post_content(key, cert, certList, count)
- except Exception as e:
- logging.error("Error occurred while processing the file %s : %s", file,e)
-
-def lookforfiles():
- count = 0
- for file in os.listdir(Path):
- if (file.endswith(('.p12', '.jks'))):
- if os.path.exists(Path + '/' + cadi_file):
- cert_password = get_cadi_password()
- logging.debug("Extracting contents from the file %s", file)
- extract_content(Path + '/' + file, cert_password, count)
- count += 1
- else:
- logging.error("Cadi password file %s not present under cert directory", cadi_file)
- exit()
- if count > 0:
- cleanup()
- else:
- logging.debug("No jks/p12 files found under cert directory %s", Path)
-
-def replaceAdminPassword(username, password, newpassword):
- if newpassword is None:
- logging.info('Not to replace password for user %s', username)
- else:
- logging.info('Replace password for user %s', username)
- try:
- jsondata = '{\"password\": \"{newpassword}\"}'.format(newpassword=newpassword)
- url = '/auth/v1/users/{username}@sdn'.format(username=username)
- loggin.info("Url %s data $s", url, jsondata)
- conn = http.client.HTTPConnection("localhost",odl_port)
- req = conn.request("PUT", url, jsondata, headers=headers)
- res = conn.getresponse()
- res.read()
- httpStatus = res.status
- if httpStatus == 200:
- logging.debug("New password provided successfully for user %s", username)
- else:
- logging.debug("Password change was not possible. Problem code was: %d", httpStatus)
- except:
- logging.error("Cannot execute REST call to set password.")
-
-def readCertProperties():
- connected = makeHealthcheckCall(headers, timePassed)
- logging.info('Connected status: %s', connected)
- if connected:
- replaceAdminPassword(username, password, newpassword)
- count = 0
- if os.path.isfile(Path + "/certs.properties"):
- with open(Path + "/certs.properties", "r") as f:
- for line in f:
- if not "*****" in line:
- zipFileList.append(line)
- else:
- extractZipFiles(zipFileList, count)
- count += 1
- del zipFileList[:]
- else:
- logging.debug("No zipfiles present under cert directory")
-
- logging.info("Looking for jks/p12 files under cert directory")
- lookforfiles()
-
-readCertProperties()
-logging.info('Cert installation ending')
diff --git a/installation/sdnc/src/main/scripts/installCerts.py b/installation/sdnc/src/main/scripts/installCerts.py
index d00db393..d3072847 100644
--- a/installation/sdnc/src/main/scripts/installCerts.py
+++ b/installation/sdnc/src/main/scripts/installCerts.py
@@ -1,6 +1,8 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2019 Nordix Foundation.
# ================================================================================
+# extended by highstreet technologies GmbH (c) 2020
+# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
@@ -29,20 +31,26 @@ import shutil
import subprocess
import logging
-
-log_file = '/opt/opendaylight/data/log/installCerts.log'
-with open(os.path.join('/opt/opendaylight/data/log', 'installCerts.log'), 'w') as fp:
+odl_home = os.environ['ODL_HOME']
+log_directory = odl_home + '/data/log/'
+log_file = log_directory + 'installCerts.log'
+with open(os.path.join(log_directory, 'installCerts.log'), 'w') as fp:
pass
-
log_format = "%(asctime)s - %(name)s - %(levelname)s - %(message)s"
+if not os.path.exists(log_directory):
+ os.makedirs(log_directory)
logging.basicConfig(filename=log_file,level=logging.DEBUG,filemode='w',format=log_format)
+print ('Start cert provisioning. Log file: ' + log_file);
Path = "/tmp"
+if "ODL_CERT_DIR" in os.environ:
+ Path = os.environ['ODL_CERT_DIR']
zipFileList = []
username = os.environ['ODL_ADMIN_USERNAME']
password = os.environ['ODL_ADMIN_PASSWORD']
+newpassword = os.environ.get('ODL_ADMIN_NEWPASSWORD')
TIMEOUT=1000
INTERVAL=30
timePassed=0
@@ -59,6 +67,18 @@ keystore_file = Path + '/keystore.jks'
jks_files = [truststore_pass_file, keystore_pass_file, keystore_file, truststore_file]
+envOdlFeaturesBoot='ODL_FEATURES_BOOT'
+# Strategy sli-api is default
+certreadyCmd="POST"
+certreadyUrl="/rests/operations/SLI-API:healthcheck"
+
+if "SDNRWT" in os.environ:
+ sdnrWt = os.environ['SDNRWT']
+ if sdnrWt == "true":
+ certreadyCmd="GET"
+ certreadyUrl="/rests/data/network-topology:network-topology"
+logging.info('ODL ready strategy with command %s and url %s', certreadyCmd, certreadyUrl)
+
odl_port = 8181
cred_string = username + ":" + password
headers = {'Authorization':'Basic %s' % base64.b64encode(cred_string.encode()).decode(),
@@ -67,7 +87,6 @@ headers = {'Authorization':'Basic %s' % base64.b64encode(cred_string.encode()).d
'Accept':"application/json",
'Content-type':"application/yang-data+json"}
-
def readFile(folder, file):
key = open(Path + "/" + folder + "/" + file, "r")
fileRead = key.read()
@@ -75,7 +94,6 @@ def readFile(folder, file):
fileRead = "\n".join(fileRead.splitlines()[1:-1])
return fileRead
-
def readTrustedCertificate(folder, file):
listCert = list()
caPem = ""
@@ -93,7 +111,6 @@ def readTrustedCertificate(folder, file):
caPem = ""
return listCert
-
def makeKeystoreKey(clientKey, count):
odl_private_key = "ODL_private_key_%d" %count
@@ -104,7 +121,6 @@ def makeKeystoreKey(clientKey, count):
return json_keystore_key
-
def makePrivateKey(clientKey, clientCrt, certList, count):
caPem = ""
if certList:
@@ -122,7 +138,6 @@ def makePrivateKey(clientKey, clientCrt, certList, count):
return json_private_key
-
def makeTrustedCertificate(certList, count):
number = 0
json_cert_format = ""
@@ -148,7 +163,6 @@ def makeRestconfPost(conn, json_file, apiCall):
else:
logging.debug("Response :%s Reason :%s ",res.status, res.reason)
-
def extractZipFiles(zipFileList, count):
for zipFolder in zipFileList:
with zipfile.ZipFile(Path + "/" + zipFolder.strip(),"r") as zip_ref:
@@ -156,8 +170,8 @@ def extractZipFiles(zipFileList, count):
folder = zipFolder.rsplit(".")[0]
processFiles(folder, count)
-
def processFiles(folder, count):
+ logging.info('Process folder: %d %s', count, folder)
for file in os.listdir(Path + "/" + folder):
if os.path.isfile(Path + "/" + folder + "/" + file.strip()):
if ".key" in file:
@@ -171,8 +185,8 @@ def processFiles(folder, count):
shutil.rmtree(Path + "/" + folder)
post_content(clientKey, clientCrt, certList, count)
-
def post_content(clientKey, clientCrt, certList, count):
+ logging.info('Post content: %d', count)
conn = http.client.HTTPConnection("localhost",odl_port)
if clientKey:
@@ -197,21 +211,23 @@ def makeHealthcheckCall(headers, timePassed):
while timePassed < TIMEOUT:
try:
conn = http.client.HTTPConnection("localhost",odl_port)
- req = conn.request("POST", "/rests/operations/SLI-API:healthcheck",headers=headers)
+ req = conn.request(certreadyCmd, certreadyUrl,headers=headers)
res = conn.getresponse()
res.read()
- if res.status == 200:
+ httpStatus = res.status
+ if httpStatus == 200:
logging.debug("Healthcheck Passed in %d seconds." %timePassed)
connected = True
break
else:
- logging.debug("Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds" %(INTERVAL, timePassed, TIMEOUT))
+ logging.debug("Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds. Problem code was: %d" %(INTERVAL, timePassed, TIMEOUT, httpStatus))
except:
- logging.error("Cannot execute REST call. Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds" %(INTERVAL, timePassed, TIMEOUT))
+ logging.error("Cannot execute REST call. Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds." %(INTERVAL, timePassed, TIMEOUT))
timePassed = timeIncrement(timePassed)
if timePassed > TIMEOUT:
logging.error("TIME OUT: Healthcheck not passed in %d seconds... Could cause problems for testing activities..." %TIMEOUT)
+
return connected
@@ -230,23 +246,26 @@ def get_pass(file_name):
logging.error("Error occurred while fetching password : %s", e)
exit()
-
def cleanup():
- for file in jks_files:
- if os.path.isfile(file):
- logging.debug("Cleaning up the file %s", file)
- os.remove(file)
+ for file in os.listdir(Path):
+ if os.path.isfile(Path + '/' + file):
+ logging.debug("Cleaning up the file %s", Path + '/'+ file)
+ os.remove(Path + '/'+ file)
def jks_to_p12(file, password):
"""Converts jks format into p12"""
try:
- p12_file = file.replace('.jks', '.p12')
- jks_cmd = 'keytool -importkeystore -srckeystore {src_file} -destkeystore {dest_file} -srcstoretype JKS -srcstorepass {src_pass} -deststoretype PKCS12 -deststorepass {dest_pass}'.format(src_file=file, dest_file=p12_file, src_pass=password, dest_pass=password)
- logging.debug("Converting %s into p12 format", file)
- os.system(jks_cmd)
- file = p12_file
- return file
+ certList = []
+ key = None
+ cert = None
+ if (file.endswith('.jks')):
+ p12_file = file.replace('.jks', '.p12')
+ jks_cmd = 'keytool -importkeystore -srckeystore {src_file} -destkeystore {dest_file} -srcstoretype JKS -srcstorepass {src_pass} -deststoretype PKCS12 -deststorepass {dest_pass}'.format(src_file=file, dest_file=p12_file, src_pass=password, dest_pass=password)
+ logging.debug("Converting %s into p12 format", file)
+ os.system(jks_cmd)
+ file = p12_file
+ return file
except Exception as e:
logging.error("Error occurred while converting jks to p12 format : %s", e)
@@ -307,6 +326,27 @@ def process_jks_files(count):
except Exception as e:
logging.error("UnExpected Error while processing JKS files at {0}, Caused by: {1}".format(Path, e))
+def replaceAdminPassword(username, password, newpassword):
+ if newpassword is None:
+ logging.info('Not to replace password for user %s', username)
+ else:
+ logging.info('Replace password for user %s', username)
+ try:
+ jsondata = '{\"password\": \"{newpassword}\"}'.format(newpassword=newpassword)
+ url = '/auth/v1/users/{username}@sdn'.format(username=username)
+ loggin.info("Url %s data $s", url, jsondata)
+ conn = http.client.HTTPConnection("localhost",odl_port)
+ req = conn.request("PUT", url, jsondata, headers=headers)
+ res = conn.getresponse()
+ res.read()
+ httpStatus = res.status
+ if httpStatus == 200:
+ logging.debug("New password provided successfully for user %s", username)
+ else:
+ logging.debug("Password change was not possible. Problem code was: %d", httpStatus)
+ except:
+ logging.error("Cannot execute REST call to set password.")
+
def readCertProperties():
'''
@@ -316,8 +356,9 @@ def readCertProperties():
If not foud, it searches for jks certificates.
'''
connected = makeHealthcheckCall(headers, timePassed)
-
+ logging.info('Connected status: %s', connected)
if connected:
+ replaceAdminPassword(username, password, newpassword)
count = 0
if os.path.isfile(Path + "/certs.properties"):
with open(Path + "/certs.properties", "r") as f:
@@ -330,7 +371,9 @@ def readCertProperties():
del zipFileList[:]
else:
logging.debug("No certs.properties/zip files exist at: " + Path)
+ logging.info("Processing any available jks/p12 files under cert directory")
process_jks_files(count)
readCertProperties()
+logging.info('Cert installation ending')
diff --git a/installation/sdnc/src/main/scripts/startODL.oom.sh b/installation/sdnc/src/main/scripts/startODL.oom.sh
deleted file mode 100755
index 1ce4a1b0..00000000
--- a/installation/sdnc/src/main/scripts/startODL.oom.sh
+++ /dev/null
@@ -1,390 +0,0 @@
-#!/bin/bash
-
-###
-# ============LICENSE_START=======================================================
-# SDNC
-# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Update by Copyright (C) 2020 highstreet technologies GmbH. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-
-# Install SDN-C platform components if not already installed and start container
-
-# List of used constants, that are provided during container initialization
-
-ODL_HOME=${ODL_HOME:-/opt/opendaylight/current}
-ODL_FEATURES_BOOT_FILE=$ODL_HOME/etc/org.apache.karaf.features.cfg
-FEATURESBOOTMARKER="^featuresBoot *="
-REPOSITORIESBOOTMARKER="^featuresRepositories *="
-
-#
-ODL_REMOVEIDMDB=${ODL_REMOVEIDMDB:-false}
-
-#ODL_CERT_DIR
-ODL_ADMIN_USERNAME=${ODL_ADMIN_USERNAME:-admin}
-if $ODL_REMOVEIDMDB ; then
- echo "Remove odl idmdb"
- rm $ODL_HOME/data/idmlight.db.mv.db
- ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD:-admin}
-else
- ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD:-Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U}
-fi
-
-export ODL_ADMIN_PASSWORD ODL_ADMIN_USERNAME
-
-JDEBUG=${JDEBUG:-false}
-SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc}
-SDNC_BIN=${SDNC_BIN:-/opt/onap/sdnc/bin}
-CCSDK_HOME=${CCSDK_HOME:-/opt/onap/ccsdk}
-
-#- ODL Cluster
-ENABLE_ODL_CLUSTER=${ENABLE_ODL_CLUSTER:-false}
-#SDNC_REPLICAS
-
-#- ODL GEO cluster
-GEO_ENABLED=${GEO_ENABLED:-false}
-#IS_PRIMARY_CLUSTER
-#MY_ODL_CLUSTER
-#PEER_ODL_CLUSTER
-
-#- AAF
-SDNC_AAF_ENABLED=${SDNC_AAF_ENABLED:-false}
-
-#- SDN-R
-SDNRWT=${SDNRWT:-false}
-SDNRWT_BOOTFEATURES=${SDNRWT_BOOTFEATURES:-sdnr-wt-feature-aggregator}
-SDNRDM=${SDNRDM:-false}
-# Add devicemanager base and specific repositories
-SDNR_BASE_REPO=${SDNRDM_BASE_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-feature-aggregator/$CCSDKFEATUREVERSION/xml/features}
-SDNRDM_BASE_REPO=${SDNRDM_BASE_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-feature-aggregator-devicemanager-base/$CCSDKFEATUREVERSION/xml/features}
-SDNRDM_ONF_REPO=${SDNRDM_ONF_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-devicemanager-onf-feature/$CCSDKFEATUREVERSION/xml/features}
-SDNRDM_ORAN_REPO=${SDNRDM_ORAN_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-devicemanager-oran-feature/$CCSDKFEATUREVERSION/xml/features}
-SDNRDM_GRAN_REPO=${SDNRDM_GRAN_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-devicemanager-gran-feature/$CCSDKFEATUREVERSION/xml/features}
-# Add devicemanager features
-SDNRDM_SDM_LIST=${SDNRDM_SDM_LIST:-sdnr-wt-devicemanager-onf-feature, sdnr-wt-devicemanager-oran-feature, sdnr-wt-devicemanager-gran-feature}
-SDNRDM_BOOTFEATURES=${SDNRDM_BOOTFEATURES:-sdnr-wt-feature-aggregator-devicemanager-base, ${SDNRDM_SDM_LIST}}
-SDNRINIT=${SDNRINIT:-false}
-SDNRONLY=${SDNRONLY:-false}
-SDNRDBURL=${SDNRDBURL:-http://sdnrdb:9200}
-#SDNRDBUSERNAME
-#SDNRDBPASSWORD
-#SDNRDBPARAMETER
-SDNRDBCOMMAND=${SDNRDBCOMMAND:--c init -db $SDNRDBURL -dbu $SDNRDBUSERNAME -dbp $SDNRDBPASSWORD $SDNRDBPARAMETER}
-
-SDNR_NORTHBOUND=${SDNR_NORTHBOUND:-false}
-SDNR_NORTHBOUND_BOOTFEATURES=${SDNR_NORTHBOUND_BOOTFEATURES:-sdnr-northbound-all}
-
-#OVERRIDE_FEATURES_BOOT
-
-# Functions
-
-# Test if repository exists, like this mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-devicemanager-oran-feature/0.7.2/xml/features
-# $1 repository
-function isRepoExisting() {
- REPO=$(echo $1 | sed -E "s#mvn:(.*)/xml/features\$#\1#")
- OIFS="$IFS"
- IFS='/' parts=($REPO)
- IFS="$OIFS"
- path="$ODL_HOME/system/"${parts[0]//./\/}"/"${parts[1]}"/"${parts[2]}
- [ -d "$path" ]
-}
-
-# Add features repository to karaf featuresRepositories configuration
-# $1 repositories to be added
-function addRepository() {
- CFG=$ODL_FEATURES_BOOT_FILE
- ORIG=$CFG.orig
- if isRepoExisting "$1" ; then
- echo "Add repository: $1"
- sed -i "\|featuresRepositories|s|$|, $1|" $CFG
- else
- echo "Repo does not exist: $1"
- fi
-}
-# Append features to karaf boot feature configuration
-# $1 search pattern .. no leading ","
-# $2 replacement .. if "" remove
-function replaceRepository() {
- CFG=$ODL_FEATURES_BOOT_FILE
- if [ -n "$2" ] ; then
- echo "Replace feature repo $1 with: $2"
- sed -i "/$REPOSITORIESBOOTMARKER/ s/,* *$1/,$2/g" $CFG
- else
- echo "Remove feature repo $1"
- sed -i "/$REPOSITORIESBOOTMARKER/ s/,* *$1//g" $CFG
- fi
-}
-
-# Append features to karaf boot feature configuration
-# $1 additional feature to be added
-# $2 repositories to be added (optional)
-function addToFeatureBoot() {
- CFG=$ODL_FEATURES_BOOT_FILE
- ORIG=$CFG.orig
- if [ -n "$2" ] ; then
- addRepository $2
- fi
- echo "Add boot feature: $1"
- sed -i "\|$FEATURESBOOTMARKER|s|$|,$1|" $CFG
-}
-
-# Append features to karaf boot feature configuration
-# $1 search pattern .. no leading ","
-# $2 replacement .. if "" remove
-function replaceFeatureBoot() {
- CFG=$ODL_FEATURES_BOOT_FILE
- if [ -n "$2" ] ; then
- echo "Replace boot feature $1 with: $2"
- sed -i "/$FEATURESBOOTMARKER/ s/,* *$1/,$2/g" $CFG
- else
- echo "Remove boot feature $1"
- sed -i "/$FEATURESBOOTMARKER/ s/,* *$1//g" $CFG
- fi
-}
-
-# Remove all sdnc specific features
-function cleanupFeatureBoot() {
- echo "Remove northbound bootfeatures "
- sed -i "/$FEATURESBOOTMARKER/ s/,ccsdk-sli-core-all.*$//g" $ODL_FEATURES_BOOT_FILE
- sed -i "/$FEATURESBOOTMARKER/ s/odl-restconf-nb-rfc8040,//g" $ODL_FEATURES_BOOT_FILE
-}
-
-function initialize_sdnr() {
- echo "SDN-R Database Initialization"
- INITCMD="$JAVA_HOME/bin/java -jar "
- INITCMD+="$ODL_HOME/system/org/onap/ccsdk/features/sdnr/wt/sdnr-wt-data-provider-setup/$CCSDKFEATUREVERSION/sdnr-dmt.jar "
- INITCMD+="$SDNRDBCOMMAND"
- echo "Execute: $INITCMD"
- n=0
- until [ $n -ge 5 ] ; do
- $INITCMD && break
- n=$[$n+1]
- sleep 15
- done
- return $?
-}
-
-function install_sdnrwt_features() {
- # Repository setup provided via sdnc dockerfile
- if $SDNRWT; then
- #Clean up <-----------------
- #Uses wrong version
- echo "Remove sdnr-northbound-all and add BGP"
- replaceFeatureBoot "sdnr-northbound-all"
- #Add missing org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.bgp.types.rev180329
- #addRepository "mvn:org.opendaylight.bgpcep/odl-bgpcep-bgp-dependencies/0.11.1/xml/features"
- #replaceFeatureBoot "odl-daexim-all" "odl-daexim-all, odl-bgpcep-bgp-dependencies"
-
- # remove old existing
- replaceRepository "mvn:org.onap.ccsdk.features.sdnr.wt\/sdnr-wt-feature-aggregator\/[^\/]*\/xml\/features"
- replaceRepository "mvn:org.onap.ccsdk.features.sdnr.wt\/sdnr-wt-feature-aggregator-devicemanager\/[^\/]*\/xml\/features"
- # Add devicemanagers
- addRepository $SDNR_BASE_REPO
- addRepository $SDNRDM_BASE_REPO
- addRepository $SDNRDM_ONF_REPO
- addRepository $SDNRDM_ORAN_REPO
- addRepository $SDNRDM_GRAN_REPO
-
- if $SDNRONLY; then
- cleanupFeatureBoot
- addToFeatureBoot ccsdk-aafshiro
- fi
- if $SDNRDM; then
- addToFeatureBoot "$SDNRDM_BOOTFEATURES"
- else
- addToFeatureBoot "$SDNRWT_BOOTFEATURES"
- fi
- fi
-}
-
-
-function install_sdnr_northbound_features() {
- # Repository setup provided via sdnc dockerfile
- addToFeatureBoot "$SDNR_NORTHBOUND_BOOTFEATURES"
-}
-
-# Reconfigure ODL from default single node configuration to cluster
-
-function enable_odl_cluster(){
- if [ -z $SDNC_REPLICAS ]; then
- echo "SDNC_REPLICAS is not configured in Env field"
- exit
- fi
-
- # ODL NETCONF setup
- echo "Installing Opendaylight cluster features for mdsal and netconf"
-
- #Be sure to remove feature odl-netconf-connector-all from list
- replaceFeatureBoot "odl-netconf-connector-all,"
- #Activate cluster
- replaceFeatureBoot odl-netconf-topology odl-netconf-clustered-topology
- replaceFeatureBoot odl-mdsal-all odl-mdsal-all,odl-mdsal-clustering
- addToFeatureBoot odl-jolokia
-
- # ODL Cluster or Geo cluster configuration
-
- echo "Update cluster information statically"
- fqdn=$(hostname -f)
- echo "Get current fqdn ${fqdn}"
-
- # Extract node index using first digit after "-"
- # Example 2 from "sdnr-2.logo.ost.das.r32.com"
- node_index=($(echo ${fqdn} | sed -r 's/.*-([0-9]).*/\1/g'))
-
- if $GEO_ENABLED; then
- echo "This is a Geo cluster"
-
- if [ -z $IS_PRIMARY_CLUSTER ] || [ -z $MY_ODL_CLUSTER ] || [ -z $PEER_ODL_CLUSTER ]; then
- echo "IS_PRIMARY_CLUSTER, MY_ODL_CLUSTER and PEER_ODL_CLUSTER must all be configured in Env field"
- return
- fi
-
- member_offset=1
- if $IS_PRIMARY_CLUSTER; then
- PRIMARY_NODE=${MY_ODL_CLUSTER}
- SECONDARY_NODE=${PEER_ODL_CLUSTER}
- else
- PRIMARY_NODE=${PEER_ODL_CLUSTER}
- SECONDARY_NODE=${MY_ODL_CLUSTER}
- member_offset=4
- fi
-
- node_list="${PRIMARY_NODE} ${SECONDARY_NODE}"
- $SDNC_BIN/configure_geo_cluster.sh $((node_index+member_offset)) ${node_list}
- else
- echo "This is a local cluster"
- for ((i=0;i<${SDNC_REPLICAS};i++)); do
- #assemble node list by replaceing node-index in hostname with "i"
- node_name=$(echo ${fqdn} | sed -r "s/-[0-9]/-$i/g")
- node_list="${node_list} $node_name"
- done
- echo "Node index: $((node_index+1)) list: ${node_list[@]}"
- $ODL_HOME/bin/configure_cluster.sh $((node_index+1)) ${node_list}
- fi
-}
-
-# -----------------------
-# Main script starts here
-
-if $JDEBUG ; then
- echo "Activate remote debugging"
- #JSTADTPOLICYFILE="$ODL_HOME/etc/tools.policy"
- #echo -e "grant codebase \"file:${JAVA_HOME}/lib/tools.jar\" {\n permission java.security.AllPermission;\n };" > $JSTADTPOLICYFILE
- #sleep 1
- #$JAVA_HOME/bin/jstatd -p 1089 -J-Djava.security.policy=$JSTADTPOLICYFILE &
- EXTRA_JAVA_OPTS+=" -Dcom.sun.management.jmxremote.port=1090"
- EXTRA_JAVA_OPTS+=" -Dcom.sun.management.jmxremote.rmi.port=1090"
- EXTRA_JAVA_OPTS+=" -Djava.rmi.server.hostname=$HOSTNAME"
- EXTRA_JAVA_OPTS+=" -Dcom.sun.management.jmxremote.local.only=false"
- EXTRA_JAVA_OPTS+=" -Dcom.sun.management.jmxremote.ssl=false"
- EXTRA_JAVA_OPTS+=" -Dcom.sun.management.jmxremote.authenticate=false"
- export EXTRA_JAVA_OPTS
-fi
-
-echo "Image path=${IMAGEPATH}"
-echo "Image names=${IMAGENAMES}"
-echo "Hostname=${HOSTNAME}"
-echo "Settings:"
-echo " USER=$(whoami)"
-echo " SDNC_BIN=$SDNC_BIN"
-echo " SDNC_HOME=$SDNC_HOME"
-echo " ODL_CERT_DIR=$ODL_CERT_DIR"
-echo " CCSDKFEATUREVERSION=$CCSDKFEATUREVERSION"
-echo " OVERRIDE_FEATURES_BOOT=$OVERRIDE_FEATURES_BOOT"
-echo " ENABLE_ODL_CLUSTER=$ENABLE_ODL_CLUSTER"
-echo " ODL_REMOVEIDMDB=$ODL_REMOVEIDMDB"
-echo " SDNC_REPLICAS=$SDNC_REPLICAS"
-echo " SDNRWT=$SDNRWT"
-echo " SDNRDM=$SDNRDM"
-echo " SDNRONLY=$SDNRONLY"
-echo " SDNRINIT=$SDNRINIT"
-echo " SDNRDBURL=$SDNRDBURL"
-echo " SDNRDBUSERNAME=$SDNRDBUSERNAME"
-echo " SDNRDBPASSWORD=$SDNRDBPASSWORD"
-echo " GEO_ENABLED=$GEO_ENABLED"
-echo " IS_PRIMARY_CLUSTER=$IS_PRIMARY_CLUSTER"
-echo " MY_ODL_CLUSTER=$MY_ODL_CLUSTER"
-echo " PEER_ODL_CLUSTER=$PEER_ODL_CLUSTER"
-echo " AAF_ENABLED=$SDNC_AAF_ENABLED"
-echo " JDEBUG=$JDEBUG"
-echo " EXTRA_JAVA_OPTS=$EXTRA_JAVA_OPTS"
-
-if $SDNC_AAF_ENABLED; then
- export SDNC_STORE_DIR=/opt/app/osaaf/local
- export SDNC_CONFIG_DIR=/opt/app/osaaf/local
- export SDNC_KEYPASS=`cat /opt/app/osaaf/local/.pass`
- export SDNC_KEYSTORE=org.onap.sdnc.p12
- sed -i '/cadi_prop_files/d' $ODL_HOME/etc/system.properties
- echo "cadi_prop_files=$SDNC_CONFIG_DIR/org.onap.sdnc.props" >> $ODL_HOME/etc/system.properties
-
- sed -i '/org.ops4j.pax.web.ssl.keystore/d' $ODL_HOME/etc/custom.properties
- sed -i '/org.ops4j.pax.web.ssl.password/d' $ODL_HOME/etc/custom.properties
- sed -i '/org.ops4j.pax.web.ssl.keypassword/d' $ODL_HOME/etc/custom.properties
- echo org.ops4j.pax.web.ssl.keystore=$SDNC_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties
- echo org.ops4j.pax.web.ssl.password=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
- echo org.ops4j.pax.web.ssl.keypassword=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
-fi
-
-if $SDNRINIT ; then
- #One time intialization action
- initialize_sdnr
- init_result=$?
- echo "Result of init script: $init_result"
- if $SDNRWT ; then
- echo "Proceed to initialize sdnr"
- else
- exit $init_result
- fi
-fi
-
-if [ ! -f ${SDNC_HOME}/.installed ]
-then
- echo "Installing SDN-C keyStore"
- /bin/bash ${SDNC_HOME}/bin/addSdncKeyStore.sh
- echo "Installing A1-adapter trustStore"
- /bin/bash ${SDNC_HOME}/bin/addA1TrustStore.sh
-
- if $ENABLE_ODL_CLUSTER ; then enable_odl_cluster ; fi
-
- if $SDNRWT ; then install_sdnrwt_features ; fi
-
- if $SDNR_NORTHBOUND ; then install_sdnr_northbound_features ; fi
-
- echo "Installed at `date`" > ${SDNC_HOME}/.installed
-fi
-
-if [ -n "$OVERRIDE_FEATURES_BOOT" ] ; then
- echo "Override features boot: $OVERRIDE_FEATURES_BOOT"
- sed -i "/$FEATURESBOOTMARKER/c\featuresBoot = $OVERRIDE_FEATURES_BOOT" $ODL_FEATURES_BOOT_FILE
-fi
-
-# Odl configuration done
-ODL_REPOSITORIES_BOOT=$(sed -n "/$REPOSITORIESBOOTMARKER/p" $ODL_FEATURES_BOOT_FILE)
-ODL_FEATURES_BOOT=$(sed -n "/$FEATURESBOOTMARKER/p" $ODL_FEATURES_BOOT_FILE)
-export ODL_FEATURES_BOOT
-
-if [ -z "$ODL_CERT_DIR" ] ; then
- echo "No certs provided. Skip installation."
-else
- echo "Start background cert installer"
- nohup python3 ${SDNC_BIN}/installCerts.oom.py &
-fi
-
-echo "Startup opendaylight"
-echo $ODL_REPOSITORIES_BOOT
-echo $ODL_FEATURES_BOOT
-exec ${ODL_HOME}/bin/karaf server
diff --git a/installation/sdnc/src/main/scripts/startODL.sh b/installation/sdnc/src/main/scripts/startODL.sh
index 86d1e09c..7329f4e8 100755
--- a/installation/sdnc/src/main/scripts/startODL.sh
+++ b/installation/sdnc/src/main/scripts/startODL.sh
@@ -2,10 +2,11 @@
###
# ============LICENSE_START=======================================================
-# openECOMP : SDN-C
+# SDN-C
# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights
-# reserved.
+# Copyright (C) 2020 Samsung Electronics
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2020 Highstreet Technologies
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -20,12 +21,40 @@
# limitations under the License.
# ============LICENSE_END=========================================================
###
+# A single entry point script that can be used in Kubernetes based deployments (via OOM) and standalone docker deployments.
+# Please see https://wiki.onap.org/display/DW/startODL.sh+-+Important+Environment+variables+and+their+description for more details
+
+# Functions
+
+# Test if repository exists, like this mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-devicemanager-oran-feature/0.7.2/xml/features
+# $1 repository
+function isRepoExisting() {
+ REPO=$(echo $1 | sed -E "s#mvn:(.*)/xml/features\$#\1#")
+ OIFS="$IFS"
+ IFS='/' parts=($REPO)
+ IFS="$OIFS"
+ path="$ODL_HOME/system/"${parts[0]//./\/}"/"${parts[1]}"/"${parts[2]}
+ [ -d "$path" ]
+}
+
+# Add features repository to karaf featuresRepositories configuration
+# $1 repositories to be added
+function addRepository() {
+ CFG=$ODL_FEATURES_BOOT_FILE
+ ORIG=$CFG.orig
+ if isRepoExisting "$1" ; then
+ echo "Add repository: $1"
+ sed -i "\|featuresRepositories|s|$|, $1|" $CFG
+ else
+ echo "Repo does not exist: $1"
+ fi
+}
# Append features to karaf boot feature configuration
# $1 additional feature to be added
# $2 repositories to be added (optional)
function addToFeatureBoot() {
- CFG=$ODL_HOME/etc/org.apache.karaf.features.cfg
+ CFG=$ODL_FEATURES_BOOT_FILE
ORIG=$CFG.orig
if [ -n "$2" ] ; then
echo "Add repository: $2"
@@ -47,20 +76,62 @@ function replaceFeatureBoot() {
sed -i "/featuresBoot/ s/$1/$2/g" $CFG
}
+# Remove all sdnc specific features
+function cleanupFeatureBoot() {
+ echo "Remove northbound bootfeatures "
+ sed -i "/featuresBoot/ s/,ccsdk-sli-core-all.*$//g" $ODL_FEATURES_BOOT_FILE
+}
+
+function initialize_sdnr() {
+ echo "SDN-R Database Initialization"
+ INITCMD="$JAVA_HOME/bin/java -jar "
+ INITCMD+="$ODL_HOME/system/org/onap/ccsdk/features/sdnr/wt/sdnr-wt-data-provider-setup/$CCSDKFEATUREVERSION/sdnr-dmt.jar "
+ INITCMD+="$SDNRDBCOMMAND"
+ echo "Execute: $INITCMD"
+ n=0
+ until [ $n -ge 5 ] ; do
+ $INITCMD && break
+ n=$[$n+1]
+ sleep 15
+ done
+ return $?
+}
+
function install_sdnrwt_features() {
- addToFeatureBoot "$SDNRWT_BOOTFEATURES" $SDNRWT_REPOSITORY
+ # Repository setup provided via sdnc dockerfile
+ if $SDNRWT; then
+ addRepository $SDNRDM_BASE_REPO
+ addRepository $SDNRDM_ONF_REPO
+
+ if $SDNRONLY; then
+ cleanupFeatureBoot
+ fi
+ if $SDNRDM; then
+ addToFeatureBoot "$SDNRDM_BOOTFEATURES"
+ else
+ addToFeatureBoot "$SDNRWT_BOOTFEATURES"
+ fi
+ fi
}
function install_sdnr_northbound_features() {
- addToFeatureBoot "$SDNR_NORTHBOUND_BOOTFEATURES" $SDNR_NORTHBOUND_REPOSITORY
+ addToFeatureBoot "$SDNR_NORTHBOUND_BOOTFEATURES"
}
-function enable_odl_cluster(){
+# Reconfigure ODL from default single node configuration to cluster
+
+function enable_odl_cluster() {
if [ -z $SDNC_REPLICAS ]; then
echo "SDNC_REPLICAS is not configured in Env field"
exit
fi
+ # ODL NETCONF setup
+ echo "Installing Opendaylight cluster features for mdsal and netconf"
+
+ #Be sure to remove feature odl-netconf-connector-all from list
+ replaceFeatureBoot "odl-netconf-connector-all,"
+
echo "Installing Opendaylight cluster features"
replaceFeatureBoot odl-netconf-topology odl-netconf-clustered-topology
replaceFeatureBoot odl-mdsal-all odl-mdsal-all,odl-mdsal-clustering
@@ -68,26 +139,25 @@ function enable_odl_cluster(){
#${ODL_HOME}/bin/client feature:install odl-mdsal-clustering
#${ODL_HOME}/bin/client feature:install odl-jolokia
+ # ODL Cluster or Geo cluster configuration
+
echo "Update cluster information statically"
- hm=$(hostname)
- echo "Get current Hostname ${hm}"
-
- node=($(echo ${hm} | tr '-' '\n'))
- node_name=${node[0]}
- node_index=${node[1]}
+ fqdn=$(hostname -f)
+ echo "Get current fqdn ${fqdn}"
- if [ -z $PEER_ODL_CLUSTER ]; then
- echo "This is a local cluster"
- node_list="${node_name}-0.sdnhost-cluster.onap.svc.cluster.local";
+ # Extract node index using first digit after "-"
+ # Example 2 from "sdnr-2.logo.ost.das.r32.com"
+ node_index=`(echo ${fqdn} | sed -r 's/.*-([0-9]).*/\1/g')`
+ member_offset=1
- for ((i=1;i<${SDNC_REPLICAS};i++));
- do
- node_list="${node_list} ${node_name}-$i.sdnhost-cluster.onap.svc.cluster.local"
- done
- /opt/opendaylight/current/bin/configure_cluster.sh $((node_index+1)) ${node_list}
- else
+ if $GEO_ENABLED; then
echo "This is a Geo cluster"
+ if [ -z $IS_PRIMARY_CLUSTER ] || [ -z $MY_ODL_CLUSTER ] || [ -z $PEER_ODL_CLUSTER ]; then
+ echo "IS_PRIMARY_CLUSTER, MY_ODL_CLUSTER and PEER_ODL_CLUSTER must all be configured in Env field"
+ return
+ fi
+
if $IS_PRIMARY_CLUSTER; then
PRIMARY_NODE=${MY_ODL_CLUSTER}
SECONDARY_NODE=${PEER_ODL_CLUSTER}
@@ -98,86 +168,221 @@ function enable_odl_cluster(){
fi
node_list="${PRIMARY_NODE} ${SECONDARY_NODE}"
- /opt/onap/sdnc/bin/configure_geo_cluster.sh $((node_index+member_offset)) ${node_list}
+
+ ${SDNC_BIN}/configure_geo_cluster.sh $((node_index+member_offset)) ${node_list}
+ else
+ echo "This is a local cluster"
+ node_list=""
+ if $OOM_ENABLED; then
+ # Extract node name minus the index
+ # Example sdnr from "sdnr-2.logo.ost.das.r32.com"
+ node_name=($(echo ${fqdn} | sed 's/-[0-9].*$//g'))
+ for ((i=0;i<${SDNC_REPLICAS};i++));
+ do
+ node_list="${node_list} ${node_name}-$i.${SERVICE_NAME}-cluster.${NAMESPACE}"
+ done
+ ${ODL_HOME}/bin/configure_cluster.sh $((node_index+1)) ${node_list}
+ else
+ for ((i=0;i<${SDNC_REPLICAS};i++));
+ do
+ #assemble node list by replacing node-index in hostname with "i"
+ node_name=`(echo ${fqdn} | sed -r "s/-[0-9]/-$i/g")`
+ node_list="${node_list} ${node_name}"
+ done
+ ${ODL_HOME}/bin/configure_cluster.sh $((node_index+1)) ${node_list}
+ fi
fi
}
# Install SDN-C platform components if not already installed and start container
+# -----------------------
+# Main script starts here
+
ODL_HOME=${ODL_HOME:-/opt/opendaylight/current}
+ODL_FEATURES_BOOT_FILE=$ODL_HOME/etc/org.apache.karaf.features.cfg
+#
+ODL_REMOVEIDMDB=${ODL_REMOVEIDMDB:-false}
+
ODL_ADMIN_USERNAME=${ODL_ADMIN_USERNAME:-admin}
+if $ODL_REMOVEIDMDB ; then
+ echo "Remove odl idmdb"
+ rm $ODL_HOME/data/idmlight.db.mv.db
+ ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD:-admin}
+else
+ ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD:-Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U}
+fi
ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD:-Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U}
SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc}
SDNC_BIN=${SDNC_BIN:-/opt/onap/sdnc/bin}
+SDNC_DB_INIT=${SDNC_DB_INIT:-false}
CCSDK_HOME=${CCSDK_HOME:-/opt/onap/ccsdk}
-SLEEP_TIME=${SLEEP_TIME:-120}
+JDEBUG=${JDEBUG:-false}
MYSQL_PASSWD=${MYSQL_PASSWD:-openECOMP1.0}
ENABLE_ODL_CLUSTER=${ENABLE_ODL_CLUSTER:-false}
+GEO_ENABLED=${GEO_ENABLED:-false}
+SDNC_AAF_ENABLED=${SDNC_AAF_ENABLED:-false}
+OOM_ENABLED=${OOM_ENABLED:-false}
IS_PRIMARY_CLUSTER=${IS_PRIMARY_CLUSTER:-false}
MY_ODL_CLUSTER=${MY_ODL_CLUSTER:-127.0.0.1}
INSTALLED_DIR=${INSTALLED_FILE:-/opt/opendaylight/current/daexim}
SDNRWT=${SDNRWT:-false}
SDNRWT_BOOTFEATURES=${SDNRWT_BOOTFEATURES:-sdnr-wt-feature-aggregator}
+SDNRDM=${SDNRDM:-false}
+# Add devicemanager base and specific repositories
+SDNRDM_BASE_REPO=${SDNRDM_BASE_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-feature-aggregator-devicemanager-base/$CCSDKFEATUREVERSION/xml/features}
+SDNRDM_ONF_REPO=${SDNRDM_ONF_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-devicemanager-onf-feature/$CCSDKFEATUREVERSION/xml/features}
+# Add devicemanager features
+SDNRDM_SDM_LIST=${SDNRDM_SDM_LIST:-sdnr-wt-devicemanager-onf-feature}
+SDNRDM_BOOTFEATURES=${SDNRDM_BOOTFEATURES:-sdnr-wt-feature-aggregator-devicemanager-base, ${SDNRDM_SDM_LIST}}
+SDNRINIT=${SDNRINIT:-false}
+SDNRONLY=${SDNRONLY:-false}
+SDNRDBURL=${SDNRDBURL:-http://sdnrdb:9200}
+SDNRDBCOMMAND=${SDNRDBCOMMAND:--c init -db $SDNRDBURL -dbu $SDNRDBUSERNAME -dbp $SDNRDBPASSWORD $SDNRDBPARAMETER}
+
SDNR_NORTHBOUND=${SDNR_NORTHBOUND:-false}
SDNR_NORTHBOUND_BOOTFEATURES=${SDNR_NORTHBOUND_BOOTFEATURES:-sdnr-northbound-all}
export ODL_ADMIN_PASSWORD ODL_ADMIN_USERNAME
+if $JDEBUG ; then
+ echo "Activate remote debugging"
+ #JSTADTPOLICYFILE="$ODL_HOME/etc/tools.policy"
+ #echo -e "grant codebase \"file:${JAVA_HOME}/lib/tools.jar\" {\n permission java.security.AllPermission;\n };" > $JSTADTPOLICYFILE
+ #sleep 1
+ #$JAVA_HOME/bin/jstatd -p 1089 -J-Djava.security.policy=$JSTADTPOLICYFILE &
+ EXTRA_JAVA_OPTS+=" -Dcom.sun.management.jmxremote.port=1090"
+ EXTRA_JAVA_OPTS+=" -Dcom.sun.management.jmxremote.rmi.port=1090"
+ EXTRA_JAVA_OPTS+=" -Djava.rmi.server.hostname=$HOSTNAME"
+ EXTRA_JAVA_OPTS+=" -Dcom.sun.management.jmxremote.local.only=false"
+ EXTRA_JAVA_OPTS+=" -Dcom.sun.management.jmxremote.ssl=false"
+ EXTRA_JAVA_OPTS+=" -Dcom.sun.management.jmxremote.authenticate=false"
+ export EXTRA_JAVA_OPTS
+fi
+
+
echo "Settings:"
+echo " SDNC_BIN=$SDNC_BIN"
+echo " SDNC_HOME=$SDNC_HOME"
+echo " SDNC_DB_INIT=$SDNC_DB_INIT"
+echo " ODL_CERT_DIR=$ODL_CERT_DIR"
+echo " CCSDKFEATUREVERSION=$CCSDKFEATUREVERSION"
echo " ENABLE_ODL_CLUSTER=$ENABLE_ODL_CLUSTER"
+echo " ODL_REMOVEIDMDB=$ODL_REMOVEIDMDB"
echo " SDNC_REPLICAS=$SDNC_REPLICAS"
echo " SDNRWT=$SDNRWT"
+echo " SDNRDM=$SDNRDM"
+echo " SDNRONLY=$SDNRONLY"
+echo " SDNRINIT=$SDNRINIT"
+echo " SDNRDBURL=$SDNRDBURL"
+echo " SDNRDBUSERNAME=$SDNRDBUSERNAME"
+echo " GEO_ENABLED=$GEO_ENABLED"
+echo " IS_PRIMARY_CLUSTER=$IS_PRIMARY_CLUSTER"
+echo " MY_ODL_CLUSTER=$MY_ODL_CLUSTER"
+echo " PEER_ODL_CLUSTER=$PEER_ODL_CLUSTER"
echo " SDNR_NORTHBOUND=$SDNR_NORTHBOUND"
+echo " AAF_ENABLED=$SDNC_AAF_ENABLED"
+if $SDNC_AAF_ENABLED; then
+ export SDNC_AAF_STORE_DIR=/opt/app/osaaf/local
+ export SDNC_AAF_CONFIG_DIR=/opt/app/osaaf/local
+ export SDNC_KEYPASS=`cat /opt/app/osaaf/local/.pass`
+ export SDNC_KEYSTORE=org.onap.sdnc.p12
+ sed -i '/cadi_prop_files/d' $ODL_HOME/etc/system.properties
+ echo "cadi_prop_files=$SDNC_AAF_CONFIG_DIR/org.onap.sdnc.props" >> $ODL_HOME/etc/system.properties
+ sed -i '/org.ops4j.pax.web.ssl.keystore/d' $ODL_HOME/etc/custom.properties
+ sed -i '/org.ops4j.pax.web.ssl.password/d' $ODL_HOME/etc/custom.properties
+ sed -i '/org.ops4j.pax.web.ssl.keypassword/d' $ODL_HOME/etc/custom.properties
+ echo org.ops4j.pax.web.ssl.keystore=$SDNC_AAF_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties
+ echo org.ops4j.pax.web.ssl.password=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
+ echo org.ops4j.pax.web.ssl.keypassword=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
+fi
+
+if $SDNRINIT ; then
+ #One time intialization action
+ initialize_sdnr
+ init_result=$?
+ echo "Result of init script: $init_result"
+ if $SDNRWT ; then
+ echo "Proceed to initialize sdnr"
+ else
+ exit $init_result
+ fi
+fi
+
+if $OOM_ENABLED; then
#
# Wait for database
#
-echo "Waiting for mysql"
-until mysql -h dbhost -u root -p${MYSQL_PASSWD} mysql &> /dev/null
-do
- printf "."
- sleep 1
-done
-echo -e "\nmysql ready"
+ echo "Waiting for mysql"
+ until mysql -h dbhost -u root -p${MYSQL_PASSWD} mysql &> /dev/null
+ do
+ printf "."
+ sleep 1
+ done
+ echo -e "\nmysql ready"
+fi
if [ ! -d ${INSTALLED_DIR} ]
then
mkdir -p ${INSTALLED_DIR}
fi
-if [ ! -f ${INSTALLED_DIR}/.installed ]
+if [ ! -f ${SDNC_HOME}/.installed ]
then
- echo "Installing SDN-C database"
- ${SDNC_HOME}/bin/installSdncDb.sh
- echo "Installing SDN-C keyStore"
- ${SDNC_HOME}/bin/addSdncKeyStore.sh
- echo "Installing A1-adapter trustStore"
- ${SDNC_HOME}/bin/addA1TrustStore.sh
+ if $OOM_ENABLED; then
+ # for integration testing. In OOM, a separate job takes care of installing it.
+ if $SDNC_DB_INIT; then
+ echo "Installing SDN-C database"
+ ${SDNC_HOME}/bin/installSdncDb.sh
+ fi
+ echo "Installing SDN-C keyStore"
+ ${SDNC_HOME}/bin/addSdncKeyStore.sh
+ echo "Installing A1-adapter trustStore"
+ ${SDNC_HOME}/bin/addA1TrustStore.sh
- #${CCSDK_HOME}/bin/installOdlHostKey.sh
+ #${CCSDK_HOME}/bin/installOdlHostKey.sh
- if [ -x ${SDNC_HOME}/svclogic/bin/install.sh ]
- then
- echo "Installing directed graphs"
- ${SDNC_HOME}/svclogic/bin/install.sh
- fi
+ if [ -x ${SDNC_HOME}/svclogic/bin/install.sh ]
+ then
+ echo "Installing directed graphs"
+ ${SDNC_HOME}/svclogic/bin/install.sh
+ fi
+ fi
- if $ENABLE_ODL_CLUSTER ; then enable_odl_cluster ; fi
+ if $ENABLE_ODL_CLUSTER ; then enable_odl_cluster ; fi
- if $SDNRWT ; then install_sdnrwt_features ; fi
+ if $SDNRWT ; then install_sdnrwt_features ; fi
if $SDNR_NORTHBOUND ; then install_sdnr_northbound_features ; fi
+ echo "Installed at `date`" > ${SDNC_HOME}/.installed
+fi
+
+#cp /opt/opendaylight/current/certs/* /tmp
+#cp /var/custom-certs/* /tmp
- echo "Installed at `date`" > ${INSTALLED_DIR}/.installed
+if [ -n "$OVERRIDE_FEATURES_BOOT" ] ; then
+ echo "Override features boot: $OVERRIDE_FEATURES_BOOT"
+ sed -i "/$FEATURESBOOTMARKER/c\featuresBoot = $OVERRIDE_FEATURES_BOOT" $ODL_FEATURES_BOOT_FILE
fi
-cp /opt/opendaylight/current/certs/* /tmp
-cp /var/custom-certs/* /tmp
+# Odl configuration done
+ODL_REPOSITORIES_BOOT=$(sed -n "/$REPOSITORIESBOOTMARKER/p" $ODL_FEATURES_BOOT_FILE)
+ODL_FEATURES_BOOT=$(sed -n "/$FEATURESBOOTMARKER/p" $ODL_FEATURES_BOOT_FILE)
+export ODL_FEATURES_BOOT
# Create ODL data log directory (it nornally is created after karaf
# is started, but needs to exist before installCerts.py runs)
-mkdir -p /opt/opendaylight/data/log
-nohup python3 ${SDNC_BIN}/installCerts.py &
+if [ -z "$ODL_CERT_DIR" ] ; then
+ echo "No certs provided. Skip installation."
+else
+ echo "Start background cert installer"
+ mkdir -p /opt/opendaylight/data/log
+ nohup python3 ${SDNC_BIN}/installCerts.py &
+fi
+echo "Startup opendaylight"
+echo $ODL_REPOSITORIES_BOOT
+echo $ODL_FEATURES_BOOT
exec ${ODL_HOME}/bin/karaf server