diff options
author | Ravi Pendurty <ravi.pendurty@highstreet-technologies.com> | 2020-09-23 07:13:26 +0200 |
---|---|---|
committer | Ravi Pendurty <ravi.pendurty@highstreet-technologies.com> | 2020-09-23 10:58:49 +0000 |
commit | 9055ad0c6c50b1432102803cc331bfe8d964dc92 (patch) | |
tree | 4b00dfd85cf3bb8f5d6566b0637caa9af8f98d2a | |
parent | 30f66e285566bea2ec5597f917709d54c69ffd6f (diff) |
Merge SDNC startup and certificate install scripts
startODL.oom.sh merged with startODL.sh and installCerts.oom.py merged with installCerts.py
Issue-ID: SDNC-1366
Signed-off-by: Ravi Pendurty <ravi.pendurty@highstreet-technologies.com>
Change-Id: I21f9d140e19c18f57f9dc988bfd7e0d07e96f286
Signed-off-by: Ravi Pendurty <ravi.pendurty@highstreet-technologies.com>
Former-commit-id: d625b03fa2a13a3efec49f9df6ca5c0ba0d15b63
-rw-r--r-- | installation/sdnc/src/main/scripts/installCerts.oom.py | 339 | ||||
-rw-r--r-- | installation/sdnc/src/main/scripts/installCerts.py | 97 | ||||
-rwxr-xr-x | installation/sdnc/src/main/scripts/startODL.oom.sh | 390 | ||||
-rwxr-xr-x | installation/sdnc/src/main/scripts/startODL.sh | 291 |
4 files changed, 312 insertions, 805 deletions
diff --git a/installation/sdnc/src/main/scripts/installCerts.oom.py b/installation/sdnc/src/main/scripts/installCerts.oom.py deleted file mode 100644 index 42af7d2c..00000000 --- a/installation/sdnc/src/main/scripts/installCerts.oom.py +++ /dev/null @@ -1,339 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2019 Nordix Foundation. -# ================================================================================ -# extended by highstreet technologies GmbH (c) 2020 -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -# - - -# coding=utf-8 -import os -import http.client -import base64 -import time -import zipfile -import shutil -import subprocess -import logging - -odl_home = os.environ['ODL_HOME'] -log_directory = odl_home + '/data/log/' -log_file = log_directory + 'installCerts.log' -log_format = "%(asctime)s - %(name)s - %(levelname)s - %(message)s" -if not os.path.exists(log_directory): - os.makedirs(log_directory) -logging.basicConfig(filename=log_file,level=logging.DEBUG,filemode='w',format=log_format) -print ('Start cert provisioning. Log file: ' + log_file); - -Path = os.environ['ODL_CERT_DIR'] - -zipFileList = [] - -username = os.environ['ODL_ADMIN_USERNAME'] -password = os.environ['ODL_ADMIN_PASSWORD'] -newpassword = os.environ.get('ODL_ADMIN_NEWPASSWORD') -TIMEOUT=1000 -INTERVAL=30 -timePassed=0 - -postKeystore= "/rests/operations/netconf-keystore:add-keystore-entry" -postPrivateKey= "/rests/operations/netconf-keystore:add-private-key" -postTrustedCertificate= "/rests/operations/netconf-keystore:add-trusted-certificate" - -envOdlFeaturesBoot='ODL_FEATURES_BOOT' -# Strategy sli-api is default -certreadyCmd="POST" -certreadyUrl="/rests/operations/SLI-API:healthcheck" -odlFeaturesBoot=os.environ.get(envOdlFeaturesBoot) - -if odlFeaturesBoot is not None: - odlFeaturesBoot=odlFeaturesBoot.lower() - if 'odl-netconf-topology' in odlFeaturesBoot or 'odl-netconf-clustered-topology' in odlFeaturesBoot: - certreadyCmd="GET" - certreadyUrl="/rests/data/network-topology:network-topology" -logging.info('ODL ready strategy with command %s and url %s', certreadyCmd, certreadyUrl) - -cadi_file = '.pass' -odl_port = 8181 -cred_string = username + ":" + password -headers = {'Authorization':'Basic %s' % base64.b64encode(cred_string.encode()).decode(), - 'X-FromAppId': 'csit-sdnc', - 'X-TransactionId': 'csit-sdnc', - 'Accept':"application/json", - 'Content-type':"application/yang-data+json"} - -def readFile(folder, file): - key = open(Path + "/" + folder + "/" + file, "r") - fileRead = key.read() - key.close() - fileRead = "\n".join(fileRead.splitlines()[1:-1]) - return fileRead - -def readTrustedCertificate(folder, file): - listCert = list() - caPem = "" - startCa = False - key = open(folder + "/" + file, "r") - lines = key.readlines() - for line in lines: - if not "BEGIN CERTIFICATE" in line and not "END CERTIFICATE" in line and startCa: - caPem += line - elif "BEGIN CERTIFICATE" in line: - startCa = True - elif "END CERTIFICATE" in line: - startCa = False - listCert.append(caPem) - caPem = "" - return listCert - -def makeKeystoreKey(clientKey, count): - odl_private_key="ODL_private_key_%d" %count - - json_keystore_key='{{\"input\": {{ \"key-credential\": {{\"key-id\": \"{odl_private_key}\", \"private-key\" : ' \ - '\"{clientKey}\",\"passphrase\" : \"\"}}}}}}'.format( - odl_private_key=odl_private_key, - clientKey=clientKey) - - return json_keystore_key - -def makePrivateKey(clientKey, clientCrt, certList, count): - caPem = "" - if certList: - for cert in certList: - caPem += '\"%s\",' % cert - caPem = caPem.rsplit(',', 1)[0] - odl_private_key="ODL_private_key_%d" %count - - json_private_key='{{\"input\": {{ \"private-key\":{{\"name\": \"{odl_private_key}\", \"data\" : ' \ - '\"{clientKey}\",\"certificate-chain\":[\"{clientCrt}\",{caPem}]}}}}}}'.format( - odl_private_key=odl_private_key, - clientKey=clientKey, - clientCrt=clientCrt, - caPem=caPem) - - return json_private_key - -def makeTrustedCertificate(certList, count): - number = 0 - json_cert_format = "" - for cert in certList: - cert_name = "xNF_CA_certificate_%d_%d" %(count, number) - json_cert_format += '{{\"name\": \"{trusted_name}\",\"certificate\":\"{cert}\"}},\n'.format( - trusted_name=cert_name, - cert=cert.strip()) - number += 1 - - json_cert_format = json_cert_format.rsplit(',', 1)[0] - json_trusted_cert='{{\"input\": {{ \"trusted-certificate\": [{certificates}]}}}}'.format( - certificates=json_cert_format) - return json_trusted_cert - - -def makeRestconfPost(conn, json_file, apiCall): - req = conn.request("POST", apiCall, json_file, headers=headers) - res = conn.getresponse() - res.read() - if res.status != 200: - logging.error("Error here, response back wasnt 200: Response was : %d , %s" % (res.status, res.reason)) - else: - logging.debug("Response :%s Reason :%s ",res.status, res.reason) - -def extractZipFiles(zipFileList, count): - for zipFolder in zipFileList: - with zipfile.ZipFile(Path + "/" + zipFolder.strip(),"r") as zip_ref: - zip_ref.extractall(Path) - folder = zipFolder.rsplit(".")[0] - processFiles(folder, count) - -def processFiles(folder, count): - logging.info('Process folder: %d %s', count, folder) - for file in os.listdir(Path + "/" + folder): - if os.path.isfile(Path + "/" + folder + "/" + file.strip()): - if ".key" in file: - clientKey = readFile(folder, file.strip()) - elif "trustedCertificate" in file: - certList = readTrustedCertificate(Path + "/" + folder, file.strip()) - elif ".crt" in file: - clientCrt = readFile(folder, file.strip()) - else: - logging.error("Could not find file %s" % file.strip()) - shutil.rmtree(Path + "/" + folder) - post_content(clientKey, clientCrt, certList, count) - -def post_content(clientKey, clientCrt, certList, count): - logging.info('Post content: %d', count) - conn = http.client.HTTPConnection("localhost",odl_port) - if clientKey: - json_keystore_key = makeKeystoreKey(clientKey, count) - logging.debug("Posting private key in to ODL keystore") - makeRestconfPost(conn, json_keystore_key, postKeystore) - - if certList: - json_trusted_cert = makeTrustedCertificate(certList, count) - logging.debug("Posting trusted cert list in to ODL") - makeRestconfPost(conn, json_trusted_cert, postTrustedCertificate) - - if clientKey and clientCrt and certList: - json_private_key = makePrivateKey(clientKey, clientCrt, certList, count) - logging.debug("Posting the cert in to ODL") - makeRestconfPost(conn, json_private_key, postPrivateKey) - - -def makeHealthcheckCall(headers, timePassed): - connected = False - # WAIT 10 minutes maximum and test every 30 seconds if HealthCheck API is returning 200 - while timePassed < TIMEOUT: - try: - conn = http.client.HTTPConnection("localhost",odl_port) - req = conn.request(certreadyCmd, certreadyUrl,headers=headers) - res = conn.getresponse() - res.read() - httpStatus = res.status - if httpStatus == 200: - logging.debug("Healthcheck Passed in %d seconds." %timePassed) - connected = True - break - else: - logging.debug("Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds. Problem code was: %d" %(INTERVAL, timePassed, TIMEOUT, httpStatus)) - except: - logging.error("Cannot execute REST call. Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds." %(INTERVAL, timePassed, TIMEOUT)) - timePassed = timeIncrement(timePassed) - - if timePassed > TIMEOUT: - logging.error("TIME OUT: Healthcheck not passed in %d seconds... Could cause problems for testing activities..." %TIMEOUT) - - return connected - - -def timeIncrement(timePassed): - time.sleep(INTERVAL) - timePassed = timePassed + INTERVAL - return timePassed - -def get_cadi_password(): - try: - with open(Path + '/' + cadi_file , 'r') as file_obj: - cadi_pass = file_obj.read().split('=', 1)[1].strip() - return cadi_pass - except Exception as e: - logging.error("Error occurred while fetching password : %s", e) - exit() - -def cleanup(): - for file in os.listdir(Path): - if os.path.isfile(Path + '/' + file): - logging.debug("Cleaning up the file %s", Path + '/'+ file) - os.remove(Path + '/'+ file) - -def extract_content(file, password, count): - try: - certList = [] - key = None - cert = None - if (file.endswith('.jks')): - p12_file = file.replace('.jks', '.p12') - jks_cmd = 'keytool -importkeystore -srckeystore {src_file} -destkeystore {dest_file} -srcstoretype JKS -srcstorepass {src_pass} -deststoretype PKCS12 -deststorepass {dest_pass}'.format(src_file=file, dest_file=p12_file, src_pass=password, dest_pass=password) - logging.debug("Converting %s into p12 format", file) - os.system(jks_cmd) - file = p12_file - - clcrt_cmd = 'openssl pkcs12 -in {src_file} -clcerts -nokeys -passin pass:{src_pass}'.format(src_file=file, src_pass=password) - clkey_cmd = 'openssl pkcs12 -in {src_file} -nocerts -nodes -passin pass:{src_pass}'.format(src_file=file, src_pass=password) - trust_file = file.split('/')[2] + '.trust' - trustCerts_cmd = 'openssl pkcs12 -in {src_file} -out {out_file} -cacerts -nokeys -passin pass:{src_pass} '.format(src_file=file, out_file=Path + '/' + trust_file, src_pass=password) - - result_key = subprocess.check_output(clkey_cmd , shell=True) - if result_key: - key = result_key.split('-----BEGIN PRIVATE KEY-----', 1)[1].lstrip().split('-----END PRIVATE KEY-----')[0] - - os.system(trustCerts_cmd) - if os.path.exists(Path + '/' + trust_file): - certList = readTrustedCertificate(Path, trust_file) - - result_crt = subprocess.check_output(clcrt_cmd , shell=True) - if result_crt: - cert = result_crt.split('-----BEGIN CERTIFICATE-----', 1)[1].lstrip().split('-----END CERTIFICATE-----')[0] - """ - To-do: Posting the key, cert, certList might need modification - based on how AAF distributes the files. - - """ - post_content(key, cert, certList, count) - except Exception as e: - logging.error("Error occurred while processing the file %s : %s", file,e) - -def lookforfiles(): - count = 0 - for file in os.listdir(Path): - if (file.endswith(('.p12', '.jks'))): - if os.path.exists(Path + '/' + cadi_file): - cert_password = get_cadi_password() - logging.debug("Extracting contents from the file %s", file) - extract_content(Path + '/' + file, cert_password, count) - count += 1 - else: - logging.error("Cadi password file %s not present under cert directory", cadi_file) - exit() - if count > 0: - cleanup() - else: - logging.debug("No jks/p12 files found under cert directory %s", Path) - -def replaceAdminPassword(username, password, newpassword): - if newpassword is None: - logging.info('Not to replace password for user %s', username) - else: - logging.info('Replace password for user %s', username) - try: - jsondata = '{\"password\": \"{newpassword}\"}'.format(newpassword=newpassword) - url = '/auth/v1/users/{username}@sdn'.format(username=username) - loggin.info("Url %s data $s", url, jsondata) - conn = http.client.HTTPConnection("localhost",odl_port) - req = conn.request("PUT", url, jsondata, headers=headers) - res = conn.getresponse() - res.read() - httpStatus = res.status - if httpStatus == 200: - logging.debug("New password provided successfully for user %s", username) - else: - logging.debug("Password change was not possible. Problem code was: %d", httpStatus) - except: - logging.error("Cannot execute REST call to set password.") - -def readCertProperties(): - connected = makeHealthcheckCall(headers, timePassed) - logging.info('Connected status: %s', connected) - if connected: - replaceAdminPassword(username, password, newpassword) - count = 0 - if os.path.isfile(Path + "/certs.properties"): - with open(Path + "/certs.properties", "r") as f: - for line in f: - if not "*****" in line: - zipFileList.append(line) - else: - extractZipFiles(zipFileList, count) - count += 1 - del zipFileList[:] - else: - logging.debug("No zipfiles present under cert directory") - - logging.info("Looking for jks/p12 files under cert directory") - lookforfiles() - -readCertProperties() -logging.info('Cert installation ending') diff --git a/installation/sdnc/src/main/scripts/installCerts.py b/installation/sdnc/src/main/scripts/installCerts.py index d00db393..ecbf0a22 100644 --- a/installation/sdnc/src/main/scripts/installCerts.py +++ b/installation/sdnc/src/main/scripts/installCerts.py @@ -1,6 +1,8 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019 Nordix Foundation. # ================================================================================ +# extended by highstreet technologies GmbH (c) 2020 +# ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -29,20 +31,26 @@ import shutil import subprocess import logging - -log_file = '/opt/opendaylight/data/log/installCerts.log' +odl_home = os.environ['ODL_HOME'] +log_directory = odl_home + '/data/log/' +log_file = log_directory + 'installCerts.log' with open(os.path.join('/opt/opendaylight/data/log', 'installCerts.log'), 'w') as fp: pass - log_format = "%(asctime)s - %(name)s - %(levelname)s - %(message)s" +if not os.path.exists(log_directory): + os.makedirs(log_directory) logging.basicConfig(filename=log_file,level=logging.DEBUG,filemode='w',format=log_format) +print ('Start cert provisioning. Log file: ' + log_file); Path = "/tmp" +if "ODL_CERT_DIR" in os.environ: + Path = os.environ['ODL_CERT_DIR'] zipFileList = [] username = os.environ['ODL_ADMIN_USERNAME'] password = os.environ['ODL_ADMIN_PASSWORD'] +newpassword = os.environ.get('ODL_ADMIN_NEWPASSWORD') TIMEOUT=1000 INTERVAL=30 timePassed=0 @@ -59,6 +67,18 @@ keystore_file = Path + '/keystore.jks' jks_files = [truststore_pass_file, keystore_pass_file, keystore_file, truststore_file] +envOdlFeaturesBoot='ODL_FEATURES_BOOT' +# Strategy sli-api is default +certreadyCmd="POST" +certreadyUrl="/rests/operations/SLI-API:healthcheck" + +if "SDNRWT" in os.environ: + sdnrWt = os.environ['SDNRWT'] + if sdnrWt == "true": + certreadyCmd="GET" + certreadyUrl="/rests/data/network-topology:network-topology" +logging.info('ODL ready strategy with command %s and url %s', certreadyCmd, certreadyUrl) + odl_port = 8181 cred_string = username + ":" + password headers = {'Authorization':'Basic %s' % base64.b64encode(cred_string.encode()).decode(), @@ -67,7 +87,6 @@ headers = {'Authorization':'Basic %s' % base64.b64encode(cred_string.encode()).d 'Accept':"application/json", 'Content-type':"application/yang-data+json"} - def readFile(folder, file): key = open(Path + "/" + folder + "/" + file, "r") fileRead = key.read() @@ -75,7 +94,6 @@ def readFile(folder, file): fileRead = "\n".join(fileRead.splitlines()[1:-1]) return fileRead - def readTrustedCertificate(folder, file): listCert = list() caPem = "" @@ -93,7 +111,6 @@ def readTrustedCertificate(folder, file): caPem = "" return listCert - def makeKeystoreKey(clientKey, count): odl_private_key = "ODL_private_key_%d" %count @@ -104,7 +121,6 @@ def makeKeystoreKey(clientKey, count): return json_keystore_key - def makePrivateKey(clientKey, clientCrt, certList, count): caPem = "" if certList: @@ -122,7 +138,6 @@ def makePrivateKey(clientKey, clientCrt, certList, count): return json_private_key - def makeTrustedCertificate(certList, count): number = 0 json_cert_format = "" @@ -148,7 +163,6 @@ def makeRestconfPost(conn, json_file, apiCall): else: logging.debug("Response :%s Reason :%s ",res.status, res.reason) - def extractZipFiles(zipFileList, count): for zipFolder in zipFileList: with zipfile.ZipFile(Path + "/" + zipFolder.strip(),"r") as zip_ref: @@ -156,8 +170,8 @@ def extractZipFiles(zipFileList, count): folder = zipFolder.rsplit(".")[0] processFiles(folder, count) - def processFiles(folder, count): + logging.info('Process folder: %d %s', count, folder) for file in os.listdir(Path + "/" + folder): if os.path.isfile(Path + "/" + folder + "/" + file.strip()): if ".key" in file: @@ -171,8 +185,8 @@ def processFiles(folder, count): shutil.rmtree(Path + "/" + folder) post_content(clientKey, clientCrt, certList, count) - def post_content(clientKey, clientCrt, certList, count): + logging.info('Post content: %d', count) conn = http.client.HTTPConnection("localhost",odl_port) if clientKey: @@ -197,21 +211,23 @@ def makeHealthcheckCall(headers, timePassed): while timePassed < TIMEOUT: try: conn = http.client.HTTPConnection("localhost",odl_port) - req = conn.request("POST", "/rests/operations/SLI-API:healthcheck",headers=headers) + req = conn.request(certreadyCmd, certreadyUrl,headers=headers) res = conn.getresponse() res.read() - if res.status == 200: + httpStatus = res.status + if httpStatus == 200: logging.debug("Healthcheck Passed in %d seconds." %timePassed) connected = True break else: - logging.debug("Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds" %(INTERVAL, timePassed, TIMEOUT)) + logging.debug("Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds. Problem code was: %d" %(INTERVAL, timePassed, TIMEOUT, httpStatus)) except: - logging.error("Cannot execute REST call. Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds" %(INTERVAL, timePassed, TIMEOUT)) + logging.error("Cannot execute REST call. Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds." %(INTERVAL, timePassed, TIMEOUT)) timePassed = timeIncrement(timePassed) if timePassed > TIMEOUT: logging.error("TIME OUT: Healthcheck not passed in %d seconds... Could cause problems for testing activities..." %TIMEOUT) + return connected @@ -230,23 +246,26 @@ def get_pass(file_name): logging.error("Error occurred while fetching password : %s", e) exit() - def cleanup(): - for file in jks_files: - if os.path.isfile(file): - logging.debug("Cleaning up the file %s", file) - os.remove(file) + for file in os.listdir(Path): + if os.path.isfile(Path + '/' + file): + logging.debug("Cleaning up the file %s", Path + '/'+ file) + os.remove(Path + '/'+ file) def jks_to_p12(file, password): """Converts jks format into p12""" try: - p12_file = file.replace('.jks', '.p12') - jks_cmd = 'keytool -importkeystore -srckeystore {src_file} -destkeystore {dest_file} -srcstoretype JKS -srcstorepass {src_pass} -deststoretype PKCS12 -deststorepass {dest_pass}'.format(src_file=file, dest_file=p12_file, src_pass=password, dest_pass=password) - logging.debug("Converting %s into p12 format", file) - os.system(jks_cmd) - file = p12_file - return file + certList = [] + key = None + cert = None + if (file.endswith('.jks')): + p12_file = file.replace('.jks', '.p12') + jks_cmd = 'keytool -importkeystore -srckeystore {src_file} -destkeystore {dest_file} -srcstoretype JKS -srcstorepass {src_pass} -deststoretype PKCS12 -deststorepass {dest_pass}'.format(src_file=file, dest_file=p12_file, src_pass=password, dest_pass=password) + logging.debug("Converting %s into p12 format", file) + os.system(jks_cmd) + file = p12_file + return file except Exception as e: logging.error("Error occurred while converting jks to p12 format : %s", e) @@ -307,6 +326,27 @@ def process_jks_files(count): except Exception as e: logging.error("UnExpected Error while processing JKS files at {0}, Caused by: {1}".format(Path, e)) +def replaceAdminPassword(username, password, newpassword): + if newpassword is None: + logging.info('Not to replace password for user %s', username) + else: + logging.info('Replace password for user %s', username) + try: + jsondata = '{\"password\": \"{newpassword}\"}'.format(newpassword=newpassword) + url = '/auth/v1/users/{username}@sdn'.format(username=username) + loggin.info("Url %s data $s", url, jsondata) + conn = http.client.HTTPConnection("localhost",odl_port) + req = conn.request("PUT", url, jsondata, headers=headers) + res = conn.getresponse() + res.read() + httpStatus = res.status + if httpStatus == 200: + logging.debug("New password provided successfully for user %s", username) + else: + logging.debug("Password change was not possible. Problem code was: %d", httpStatus) + except: + logging.error("Cannot execute REST call to set password.") + def readCertProperties(): ''' @@ -316,8 +356,9 @@ def readCertProperties(): If not foud, it searches for jks certificates. ''' connected = makeHealthcheckCall(headers, timePassed) - + logging.info('Connected status: %s', connected) if connected: + replaceAdminPassword(username, password, newpassword) count = 0 if os.path.isfile(Path + "/certs.properties"): with open(Path + "/certs.properties", "r") as f: @@ -330,7 +371,9 @@ def readCertProperties(): del zipFileList[:] else: logging.debug("No certs.properties/zip files exist at: " + Path) + logging.info("Processing any available jks/p12 files under cert directory") process_jks_files(count) readCertProperties() +logging.info('Cert installation ending') diff --git a/installation/sdnc/src/main/scripts/startODL.oom.sh b/installation/sdnc/src/main/scripts/startODL.oom.sh deleted file mode 100755 index 1ce4a1b0..00000000 --- a/installation/sdnc/src/main/scripts/startODL.oom.sh +++ /dev/null @@ -1,390 +0,0 @@ -#!/bin/bash - -### -# ============LICENSE_START======================================================= -# SDNC -# ================================================================================ -# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Update by Copyright (C) 2020 highstreet technologies GmbH. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -### - -# Install SDN-C platform components if not already installed and start container - -# List of used constants, that are provided during container initialization - -ODL_HOME=${ODL_HOME:-/opt/opendaylight/current} -ODL_FEATURES_BOOT_FILE=$ODL_HOME/etc/org.apache.karaf.features.cfg -FEATURESBOOTMARKER="^featuresBoot *=" -REPOSITORIESBOOTMARKER="^featuresRepositories *=" - -# -ODL_REMOVEIDMDB=${ODL_REMOVEIDMDB:-false} - -#ODL_CERT_DIR -ODL_ADMIN_USERNAME=${ODL_ADMIN_USERNAME:-admin} -if $ODL_REMOVEIDMDB ; then - echo "Remove odl idmdb" - rm $ODL_HOME/data/idmlight.db.mv.db - ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD:-admin} -else - ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD:-Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U} -fi - -export ODL_ADMIN_PASSWORD ODL_ADMIN_USERNAME - -JDEBUG=${JDEBUG:-false} -SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc} -SDNC_BIN=${SDNC_BIN:-/opt/onap/sdnc/bin} -CCSDK_HOME=${CCSDK_HOME:-/opt/onap/ccsdk} - -#- ODL Cluster -ENABLE_ODL_CLUSTER=${ENABLE_ODL_CLUSTER:-false} -#SDNC_REPLICAS - -#- ODL GEO cluster -GEO_ENABLED=${GEO_ENABLED:-false} -#IS_PRIMARY_CLUSTER -#MY_ODL_CLUSTER -#PEER_ODL_CLUSTER - -#- AAF -SDNC_AAF_ENABLED=${SDNC_AAF_ENABLED:-false} - -#- SDN-R -SDNRWT=${SDNRWT:-false} -SDNRWT_BOOTFEATURES=${SDNRWT_BOOTFEATURES:-sdnr-wt-feature-aggregator} -SDNRDM=${SDNRDM:-false} -# Add devicemanager base and specific repositories -SDNR_BASE_REPO=${SDNRDM_BASE_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-feature-aggregator/$CCSDKFEATUREVERSION/xml/features} -SDNRDM_BASE_REPO=${SDNRDM_BASE_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-feature-aggregator-devicemanager-base/$CCSDKFEATUREVERSION/xml/features} -SDNRDM_ONF_REPO=${SDNRDM_ONF_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-devicemanager-onf-feature/$CCSDKFEATUREVERSION/xml/features} -SDNRDM_ORAN_REPO=${SDNRDM_ORAN_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-devicemanager-oran-feature/$CCSDKFEATUREVERSION/xml/features} -SDNRDM_GRAN_REPO=${SDNRDM_GRAN_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-devicemanager-gran-feature/$CCSDKFEATUREVERSION/xml/features} -# Add devicemanager features -SDNRDM_SDM_LIST=${SDNRDM_SDM_LIST:-sdnr-wt-devicemanager-onf-feature, sdnr-wt-devicemanager-oran-feature, sdnr-wt-devicemanager-gran-feature} -SDNRDM_BOOTFEATURES=${SDNRDM_BOOTFEATURES:-sdnr-wt-feature-aggregator-devicemanager-base, ${SDNRDM_SDM_LIST}} -SDNRINIT=${SDNRINIT:-false} -SDNRONLY=${SDNRONLY:-false} -SDNRDBURL=${SDNRDBURL:-http://sdnrdb:9200} -#SDNRDBUSERNAME -#SDNRDBPASSWORD -#SDNRDBPARAMETER -SDNRDBCOMMAND=${SDNRDBCOMMAND:--c init -db $SDNRDBURL -dbu $SDNRDBUSERNAME -dbp $SDNRDBPASSWORD $SDNRDBPARAMETER} - -SDNR_NORTHBOUND=${SDNR_NORTHBOUND:-false} -SDNR_NORTHBOUND_BOOTFEATURES=${SDNR_NORTHBOUND_BOOTFEATURES:-sdnr-northbound-all} - -#OVERRIDE_FEATURES_BOOT - -# Functions - -# Test if repository exists, like this mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-devicemanager-oran-feature/0.7.2/xml/features -# $1 repository -function isRepoExisting() { - REPO=$(echo $1 | sed -E "s#mvn:(.*)/xml/features\$#\1#") - OIFS="$IFS" - IFS='/' parts=($REPO) - IFS="$OIFS" - path="$ODL_HOME/system/"${parts[0]//./\/}"/"${parts[1]}"/"${parts[2]} - [ -d "$path" ] -} - -# Add features repository to karaf featuresRepositories configuration -# $1 repositories to be added -function addRepository() { - CFG=$ODL_FEATURES_BOOT_FILE - ORIG=$CFG.orig - if isRepoExisting "$1" ; then - echo "Add repository: $1" - sed -i "\|featuresRepositories|s|$|, $1|" $CFG - else - echo "Repo does not exist: $1" - fi -} -# Append features to karaf boot feature configuration -# $1 search pattern .. no leading "," -# $2 replacement .. if "" remove -function replaceRepository() { - CFG=$ODL_FEATURES_BOOT_FILE - if [ -n "$2" ] ; then - echo "Replace feature repo $1 with: $2" - sed -i "/$REPOSITORIESBOOTMARKER/ s/,* *$1/,$2/g" $CFG - else - echo "Remove feature repo $1" - sed -i "/$REPOSITORIESBOOTMARKER/ s/,* *$1//g" $CFG - fi -} - -# Append features to karaf boot feature configuration -# $1 additional feature to be added -# $2 repositories to be added (optional) -function addToFeatureBoot() { - CFG=$ODL_FEATURES_BOOT_FILE - ORIG=$CFG.orig - if [ -n "$2" ] ; then - addRepository $2 - fi - echo "Add boot feature: $1" - sed -i "\|$FEATURESBOOTMARKER|s|$|,$1|" $CFG -} - -# Append features to karaf boot feature configuration -# $1 search pattern .. no leading "," -# $2 replacement .. if "" remove -function replaceFeatureBoot() { - CFG=$ODL_FEATURES_BOOT_FILE - if [ -n "$2" ] ; then - echo "Replace boot feature $1 with: $2" - sed -i "/$FEATURESBOOTMARKER/ s/,* *$1/,$2/g" $CFG - else - echo "Remove boot feature $1" - sed -i "/$FEATURESBOOTMARKER/ s/,* *$1//g" $CFG - fi -} - -# Remove all sdnc specific features -function cleanupFeatureBoot() { - echo "Remove northbound bootfeatures " - sed -i "/$FEATURESBOOTMARKER/ s/,ccsdk-sli-core-all.*$//g" $ODL_FEATURES_BOOT_FILE - sed -i "/$FEATURESBOOTMARKER/ s/odl-restconf-nb-rfc8040,//g" $ODL_FEATURES_BOOT_FILE -} - -function initialize_sdnr() { - echo "SDN-R Database Initialization" - INITCMD="$JAVA_HOME/bin/java -jar " - INITCMD+="$ODL_HOME/system/org/onap/ccsdk/features/sdnr/wt/sdnr-wt-data-provider-setup/$CCSDKFEATUREVERSION/sdnr-dmt.jar " - INITCMD+="$SDNRDBCOMMAND" - echo "Execute: $INITCMD" - n=0 - until [ $n -ge 5 ] ; do - $INITCMD && break - n=$[$n+1] - sleep 15 - done - return $? -} - -function install_sdnrwt_features() { - # Repository setup provided via sdnc dockerfile - if $SDNRWT; then - #Clean up <----------------- - #Uses wrong version - echo "Remove sdnr-northbound-all and add BGP" - replaceFeatureBoot "sdnr-northbound-all" - #Add missing org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.bgp.types.rev180329 - #addRepository "mvn:org.opendaylight.bgpcep/odl-bgpcep-bgp-dependencies/0.11.1/xml/features" - #replaceFeatureBoot "odl-daexim-all" "odl-daexim-all, odl-bgpcep-bgp-dependencies" - - # remove old existing - replaceRepository "mvn:org.onap.ccsdk.features.sdnr.wt\/sdnr-wt-feature-aggregator\/[^\/]*\/xml\/features" - replaceRepository "mvn:org.onap.ccsdk.features.sdnr.wt\/sdnr-wt-feature-aggregator-devicemanager\/[^\/]*\/xml\/features" - # Add devicemanagers - addRepository $SDNR_BASE_REPO - addRepository $SDNRDM_BASE_REPO - addRepository $SDNRDM_ONF_REPO - addRepository $SDNRDM_ORAN_REPO - addRepository $SDNRDM_GRAN_REPO - - if $SDNRONLY; then - cleanupFeatureBoot - addToFeatureBoot ccsdk-aafshiro - fi - if $SDNRDM; then - addToFeatureBoot "$SDNRDM_BOOTFEATURES" - else - addToFeatureBoot "$SDNRWT_BOOTFEATURES" - fi - fi -} - - -function install_sdnr_northbound_features() { - # Repository setup provided via sdnc dockerfile - addToFeatureBoot "$SDNR_NORTHBOUND_BOOTFEATURES" -} - -# Reconfigure ODL from default single node configuration to cluster - -function enable_odl_cluster(){ - if [ -z $SDNC_REPLICAS ]; then - echo "SDNC_REPLICAS is not configured in Env field" - exit - fi - - # ODL NETCONF setup - echo "Installing Opendaylight cluster features for mdsal and netconf" - - #Be sure to remove feature odl-netconf-connector-all from list - replaceFeatureBoot "odl-netconf-connector-all," - #Activate cluster - replaceFeatureBoot odl-netconf-topology odl-netconf-clustered-topology - replaceFeatureBoot odl-mdsal-all odl-mdsal-all,odl-mdsal-clustering - addToFeatureBoot odl-jolokia - - # ODL Cluster or Geo cluster configuration - - echo "Update cluster information statically" - fqdn=$(hostname -f) - echo "Get current fqdn ${fqdn}" - - # Extract node index using first digit after "-" - # Example 2 from "sdnr-2.logo.ost.das.r32.com" - node_index=($(echo ${fqdn} | sed -r 's/.*-([0-9]).*/\1/g')) - - if $GEO_ENABLED; then - echo "This is a Geo cluster" - - if [ -z $IS_PRIMARY_CLUSTER ] || [ -z $MY_ODL_CLUSTER ] || [ -z $PEER_ODL_CLUSTER ]; then - echo "IS_PRIMARY_CLUSTER, MY_ODL_CLUSTER and PEER_ODL_CLUSTER must all be configured in Env field" - return - fi - - member_offset=1 - if $IS_PRIMARY_CLUSTER; then - PRIMARY_NODE=${MY_ODL_CLUSTER} - SECONDARY_NODE=${PEER_ODL_CLUSTER} - else - PRIMARY_NODE=${PEER_ODL_CLUSTER} - SECONDARY_NODE=${MY_ODL_CLUSTER} - member_offset=4 - fi - - node_list="${PRIMARY_NODE} ${SECONDARY_NODE}" - $SDNC_BIN/configure_geo_cluster.sh $((node_index+member_offset)) ${node_list} - else - echo "This is a local cluster" - for ((i=0;i<${SDNC_REPLICAS};i++)); do - #assemble node list by replaceing node-index in hostname with "i" - node_name=$(echo ${fqdn} | sed -r "s/-[0-9]/-$i/g") - node_list="${node_list} $node_name" - done - echo "Node index: $((node_index+1)) list: ${node_list[@]}" - $ODL_HOME/bin/configure_cluster.sh $((node_index+1)) ${node_list} - fi -} - -# ----------------------- -# Main script starts here - -if $JDEBUG ; then - echo "Activate remote debugging" - #JSTADTPOLICYFILE="$ODL_HOME/etc/tools.policy" - #echo -e "grant codebase \"file:${JAVA_HOME}/lib/tools.jar\" {\n permission java.security.AllPermission;\n };" > $JSTADTPOLICYFILE - #sleep 1 - #$JAVA_HOME/bin/jstatd -p 1089 -J-Djava.security.policy=$JSTADTPOLICYFILE & - EXTRA_JAVA_OPTS+=" -Dcom.sun.management.jmxremote.port=1090" - EXTRA_JAVA_OPTS+=" -Dcom.sun.management.jmxremote.rmi.port=1090" - EXTRA_JAVA_OPTS+=" -Djava.rmi.server.hostname=$HOSTNAME" - EXTRA_JAVA_OPTS+=" -Dcom.sun.management.jmxremote.local.only=false" - EXTRA_JAVA_OPTS+=" -Dcom.sun.management.jmxremote.ssl=false" - EXTRA_JAVA_OPTS+=" -Dcom.sun.management.jmxremote.authenticate=false" - export EXTRA_JAVA_OPTS -fi - -echo "Image path=${IMAGEPATH}" -echo "Image names=${IMAGENAMES}" -echo "Hostname=${HOSTNAME}" -echo "Settings:" -echo " USER=$(whoami)" -echo " SDNC_BIN=$SDNC_BIN" -echo " SDNC_HOME=$SDNC_HOME" -echo " ODL_CERT_DIR=$ODL_CERT_DIR" -echo " CCSDKFEATUREVERSION=$CCSDKFEATUREVERSION" -echo " OVERRIDE_FEATURES_BOOT=$OVERRIDE_FEATURES_BOOT" -echo " ENABLE_ODL_CLUSTER=$ENABLE_ODL_CLUSTER" -echo " ODL_REMOVEIDMDB=$ODL_REMOVEIDMDB" -echo " SDNC_REPLICAS=$SDNC_REPLICAS" -echo " SDNRWT=$SDNRWT" -echo " SDNRDM=$SDNRDM" -echo " SDNRONLY=$SDNRONLY" -echo " SDNRINIT=$SDNRINIT" -echo " SDNRDBURL=$SDNRDBURL" -echo " SDNRDBUSERNAME=$SDNRDBUSERNAME" -echo " SDNRDBPASSWORD=$SDNRDBPASSWORD" -echo " GEO_ENABLED=$GEO_ENABLED" -echo " IS_PRIMARY_CLUSTER=$IS_PRIMARY_CLUSTER" -echo " MY_ODL_CLUSTER=$MY_ODL_CLUSTER" -echo " PEER_ODL_CLUSTER=$PEER_ODL_CLUSTER" -echo " AAF_ENABLED=$SDNC_AAF_ENABLED" -echo " JDEBUG=$JDEBUG" -echo " EXTRA_JAVA_OPTS=$EXTRA_JAVA_OPTS" - -if $SDNC_AAF_ENABLED; then - export SDNC_STORE_DIR=/opt/app/osaaf/local - export SDNC_CONFIG_DIR=/opt/app/osaaf/local - export SDNC_KEYPASS=`cat /opt/app/osaaf/local/.pass` - export SDNC_KEYSTORE=org.onap.sdnc.p12 - sed -i '/cadi_prop_files/d' $ODL_HOME/etc/system.properties - echo "cadi_prop_files=$SDNC_CONFIG_DIR/org.onap.sdnc.props" >> $ODL_HOME/etc/system.properties - - sed -i '/org.ops4j.pax.web.ssl.keystore/d' $ODL_HOME/etc/custom.properties - sed -i '/org.ops4j.pax.web.ssl.password/d' $ODL_HOME/etc/custom.properties - sed -i '/org.ops4j.pax.web.ssl.keypassword/d' $ODL_HOME/etc/custom.properties - echo org.ops4j.pax.web.ssl.keystore=$SDNC_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties - echo org.ops4j.pax.web.ssl.password=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties - echo org.ops4j.pax.web.ssl.keypassword=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties -fi - -if $SDNRINIT ; then - #One time intialization action - initialize_sdnr - init_result=$? - echo "Result of init script: $init_result" - if $SDNRWT ; then - echo "Proceed to initialize sdnr" - else - exit $init_result - fi -fi - -if [ ! -f ${SDNC_HOME}/.installed ] -then - echo "Installing SDN-C keyStore" - /bin/bash ${SDNC_HOME}/bin/addSdncKeyStore.sh - echo "Installing A1-adapter trustStore" - /bin/bash ${SDNC_HOME}/bin/addA1TrustStore.sh - - if $ENABLE_ODL_CLUSTER ; then enable_odl_cluster ; fi - - if $SDNRWT ; then install_sdnrwt_features ; fi - - if $SDNR_NORTHBOUND ; then install_sdnr_northbound_features ; fi - - echo "Installed at `date`" > ${SDNC_HOME}/.installed -fi - -if [ -n "$OVERRIDE_FEATURES_BOOT" ] ; then - echo "Override features boot: $OVERRIDE_FEATURES_BOOT" - sed -i "/$FEATURESBOOTMARKER/c\featuresBoot = $OVERRIDE_FEATURES_BOOT" $ODL_FEATURES_BOOT_FILE -fi - -# Odl configuration done -ODL_REPOSITORIES_BOOT=$(sed -n "/$REPOSITORIESBOOTMARKER/p" $ODL_FEATURES_BOOT_FILE) -ODL_FEATURES_BOOT=$(sed -n "/$FEATURESBOOTMARKER/p" $ODL_FEATURES_BOOT_FILE) -export ODL_FEATURES_BOOT - -if [ -z "$ODL_CERT_DIR" ] ; then - echo "No certs provided. Skip installation." -else - echo "Start background cert installer" - nohup python3 ${SDNC_BIN}/installCerts.oom.py & -fi - -echo "Startup opendaylight" -echo $ODL_REPOSITORIES_BOOT -echo $ODL_FEATURES_BOOT -exec ${ODL_HOME}/bin/karaf server diff --git a/installation/sdnc/src/main/scripts/startODL.sh b/installation/sdnc/src/main/scripts/startODL.sh index 86d1e09c..882854a6 100755 --- a/installation/sdnc/src/main/scripts/startODL.sh +++ b/installation/sdnc/src/main/scripts/startODL.sh @@ -2,10 +2,11 @@ ### # ============LICENSE_START======================================================= -# openECOMP : SDN-C +# SDN-C # ================================================================================ -# Copyright (C) 2017 AT&T Intellectual Property. All rights -# reserved. +# Copyright (C) 2020 Samsung Electronics +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2020 Highstreet Technologies # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,11 +22,37 @@ # ============LICENSE_END========================================================= ### +# Functions + +# Test if repository exists, like this mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-devicemanager-oran-feature/0.7.2/xml/features +# $1 repository +function isRepoExisting() { + REPO=$(echo $1 | sed -E "s#mvn:(.*)/xml/features\$#\1#") + OIFS="$IFS" + IFS='/' parts=($REPO) + IFS="$OIFS" + path="$ODL_HOME/system/"${parts[0]//./\/}"/"${parts[1]}"/"${parts[2]} + [ -d "$path" ] +} + +# Add features repository to karaf featuresRepositories configuration +# $1 repositories to be added +function addRepository() { + CFG=$ODL_FEATURES_BOOT_FILE + ORIG=$CFG.orig + if isRepoExisting "$1" ; then + echo "Add repository: $1" + sed -i "\|featuresRepositories|s|$|, $1|" $CFG + else + echo "Repo does not exist: $1" + fi +} + # Append features to karaf boot feature configuration # $1 additional feature to be added # $2 repositories to be added (optional) function addToFeatureBoot() { - CFG=$ODL_HOME/etc/org.apache.karaf.features.cfg + CFG=$ODL_FEATURES_BOOT_FILE ORIG=$CFG.orig if [ -n "$2" ] ; then echo "Add repository: $2" @@ -47,20 +74,62 @@ function replaceFeatureBoot() { sed -i "/featuresBoot/ s/$1/$2/g" $CFG } +# Remove all sdnc specific features +function cleanupFeatureBoot() { + echo "Remove northbound bootfeatures " + sed -i "/featuresBoot/ s/,ccsdk-sli-core-all.*$//g" $ODL_FEATURES_BOOT_FILE +} + +function initialize_sdnr() { + echo "SDN-R Database Initialization" + INITCMD="$JAVA_HOME/bin/java -jar " + INITCMD+="$ODL_HOME/system/org/onap/ccsdk/features/sdnr/wt/sdnr-wt-data-provider-setup/$CCSDKFEATUREVERSION/sdnr-dmt.jar " + INITCMD+="$SDNRDBCOMMAND" + echo "Execute: $INITCMD" + n=0 + until [ $n -ge 5 ] ; do + $INITCMD && break + n=$[$n+1] + sleep 15 + done + return $? +} + function install_sdnrwt_features() { - addToFeatureBoot "$SDNRWT_BOOTFEATURES" $SDNRWT_REPOSITORY + # Repository setup provided via sdnc dockerfile + if $SDNRWT; then + addRepository $SDNRDM_BASE_REPO + addRepository $SDNRDM_ONF_REPO + + if $SDNRONLY; then + cleanupFeatureBoot + fi + if $SDNRDM; then + addToFeatureBoot "$SDNRDM_BOOTFEATURES" + else + addToFeatureBoot "$SDNRWT_BOOTFEATURES" + fi + fi } function install_sdnr_northbound_features() { - addToFeatureBoot "$SDNR_NORTHBOUND_BOOTFEATURES" $SDNR_NORTHBOUND_REPOSITORY + addToFeatureBoot "$SDNR_NORTHBOUND_BOOTFEATURES" } -function enable_odl_cluster(){ +# Reconfigure ODL from default single node configuration to cluster + +function enable_odl_cluster() { if [ -z $SDNC_REPLICAS ]; then echo "SDNC_REPLICAS is not configured in Env field" exit fi + # ODL NETCONF setup + echo "Installing Opendaylight cluster features for mdsal and netconf" + + #Be sure to remove feature odl-netconf-connector-all from list + replaceFeatureBoot "odl-netconf-connector-all," + echo "Installing Opendaylight cluster features" replaceFeatureBoot odl-netconf-topology odl-netconf-clustered-topology replaceFeatureBoot odl-mdsal-all odl-mdsal-all,odl-mdsal-clustering @@ -68,26 +137,24 @@ function enable_odl_cluster(){ #${ODL_HOME}/bin/client feature:install odl-mdsal-clustering #${ODL_HOME}/bin/client feature:install odl-jolokia + # ODL Cluster or Geo cluster configuration + echo "Update cluster information statically" hm=$(hostname) echo "Get current Hostname ${hm}" - node=($(echo ${hm} | tr '-' '\n')) - node_name=${node[0]} - node_index=${node[1]} - - if [ -z $PEER_ODL_CLUSTER ]; then - echo "This is a local cluster" - node_list="${node_name}-0.sdnhost-cluster.onap.svc.cluster.local"; + node=($(echo ${hm} | sed 's/-[0-9]*$//g')) + node_index=($(echo ${hm} | awk -F"-" '{print $NF}')) + member_offset=1 - for ((i=1;i<${SDNC_REPLICAS};i++)); - do - node_list="${node_list} ${node_name}-$i.sdnhost-cluster.onap.svc.cluster.local" - done - /opt/opendaylight/current/bin/configure_cluster.sh $((node_index+1)) ${node_list} - else + if $GEO_ENABLED; then echo "This is a Geo cluster" + if [ -z $IS_PRIMARY_CLUSTER ] || [ -z $MY_ODL_CLUSTER ] || [ -z $PEER_ODL_CLUSTER ]; then + echo "IS_PRIMARY_CLUSTER, MY_ODL_CLUSTER and PEER_ODL_CLUSTER must all be configured in Env field" + return + fi + if $IS_PRIMARY_CLUSTER; then PRIMARY_NODE=${MY_ODL_CLUSTER} SECONDARY_NODE=${PEER_ODL_CLUSTER} @@ -98,86 +165,212 @@ function enable_odl_cluster(){ fi node_list="${PRIMARY_NODE} ${SECONDARY_NODE}" - /opt/onap/sdnc/bin/configure_geo_cluster.sh $((node_index+member_offset)) ${node_list} + + ${SDNC_BIN}/configure_geo_cluster.sh $((node_index+member_offset)) ${node_list} + else + echo "This is a local cluster" + if $OOM_ENABLED; then + node_list="${node}-0.{{.Values.service.name}}-cluster.{{.Release.Namespace}}"; + for ((i=1;i<${SDNC_REPLICAS};i++)); + do + node_list="${node_list} ${node}-$i.{{.Values.service.name}}-cluster.{{.Release.Namespace}}" + done + ${ODL_HOME}/bin/configure_cluster.sh $((node_index+1)) ${node_list} + else + node_list="${node_name}-0.sdnhost-cluster.onap.svc.cluster.local"; + for ((i=1;i<${SDNC_REPLICAS};i++)); + do + node_list="${node_list} ${node_name}-$i.sdnhost-cluster.onap.svc.cluster.local" + done + ${ODL_HOME}/bin/configure_cluster.sh $((node_index+1)) ${node_list} + fi fi } # Install SDN-C platform components if not already installed and start container +# ----------------------- +# Main script starts here + ODL_HOME=${ODL_HOME:-/opt/opendaylight/current} +ODL_FEATURES_BOOT_FILE=$ODL_HOME/etc/org.apache.karaf.features.cfg +# +ODL_REMOVEIDMDB=${ODL_REMOVEIDMDB:-false} + ODL_ADMIN_USERNAME=${ODL_ADMIN_USERNAME:-admin} +if $ODL_REMOVEIDMDB ; then + echo "Remove odl idmdb" + rm $ODL_HOME/data/idmlight.db.mv.db + ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD:-admin} +else + ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD:-Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U} +fi ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD:-Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U} SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc} SDNC_BIN=${SDNC_BIN:-/opt/onap/sdnc/bin} CCSDK_HOME=${CCSDK_HOME:-/opt/onap/ccsdk} -SLEEP_TIME=${SLEEP_TIME:-120} +JDEBUG=${JDEBUG:-false} MYSQL_PASSWD=${MYSQL_PASSWD:-openECOMP1.0} ENABLE_ODL_CLUSTER=${ENABLE_ODL_CLUSTER:-false} +GEO_ENABLED=${GEO_ENABLED:-false} +SDNC_AAF_ENABLED=${SDNC_AAF_ENABLED:-false} +OOM_ENABLED=${OOM_ENABLED:-false} IS_PRIMARY_CLUSTER=${IS_PRIMARY_CLUSTER:-false} MY_ODL_CLUSTER=${MY_ODL_CLUSTER:-127.0.0.1} INSTALLED_DIR=${INSTALLED_FILE:-/opt/opendaylight/current/daexim} SDNRWT=${SDNRWT:-false} SDNRWT_BOOTFEATURES=${SDNRWT_BOOTFEATURES:-sdnr-wt-feature-aggregator} +SDNRDM=${SDNRDM:-false} +# Add devicemanager base and specific repositories +SDNRDM_BASE_REPO=${SDNRDM_BASE_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-feature-aggregator-devicemanager-base/$CCSDKFEATUREVERSION/xml/features} +SDNRDM_ONF_REPO=${SDNRDM_ONF_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-devicemanager-onf-feature/$CCSDKFEATUREVERSION/xml/features} +# Add devicemanager features +SDNRDM_SDM_LIST=${SDNRDM_SDM_LIST:-sdnr-wt-devicemanager-onf-feature} +SDNRDM_BOOTFEATURES=${SDNRDM_BOOTFEATURES:-sdnr-wt-feature-aggregator-devicemanager-base, ${SDNRDM_SDM_LIST}} +SDNRINIT=${SDNRINIT:-false} +SDNRONLY=${SDNRONLY:-false} +SDNRDBURL=${SDNRDBURL:-http://sdnrdb:9200} +SDNRDBCOMMAND=${SDNRDBCOMMAND:--c init -db $SDNRDBURL -dbu $SDNRDBUSERNAME -dbp $SDNRDBPASSWORD $SDNRDBPARAMETER} + SDNR_NORTHBOUND=${SDNR_NORTHBOUND:-false} SDNR_NORTHBOUND_BOOTFEATURES=${SDNR_NORTHBOUND_BOOTFEATURES:-sdnr-northbound-all} export ODL_ADMIN_PASSWORD ODL_ADMIN_USERNAME +if $JDEBUG ; then + echo "Activate remote debugging" + #JSTADTPOLICYFILE="$ODL_HOME/etc/tools.policy" + #echo -e "grant codebase \"file:${JAVA_HOME}/lib/tools.jar\" {\n permission java.security.AllPermission;\n };" > $JSTADTPOLICYFILE + #sleep 1 + #$JAVA_HOME/bin/jstatd -p 1089 -J-Djava.security.policy=$JSTADTPOLICYFILE & + EXTRA_JAVA_OPTS+=" -Dcom.sun.management.jmxremote.port=1090" + EXTRA_JAVA_OPTS+=" -Dcom.sun.management.jmxremote.rmi.port=1090" + EXTRA_JAVA_OPTS+=" -Djava.rmi.server.hostname=$HOSTNAME" + EXTRA_JAVA_OPTS+=" -Dcom.sun.management.jmxremote.local.only=false" + EXTRA_JAVA_OPTS+=" -Dcom.sun.management.jmxremote.ssl=false" + EXTRA_JAVA_OPTS+=" -Dcom.sun.management.jmxremote.authenticate=false" + export EXTRA_JAVA_OPTS +fi + + echo "Settings:" +echo " SDNC_BIN=$SDNC_BIN" +echo " SDNC_HOME=$SDNC_HOME" +echo " ODL_CERT_DIR=$ODL_CERT_DIR" +echo " CCSDKFEATUREVERSION=$CCSDKFEATUREVERSION" echo " ENABLE_ODL_CLUSTER=$ENABLE_ODL_CLUSTER" +echo " ODL_REMOVEIDMDB=$ODL_REMOVEIDMDB" echo " SDNC_REPLICAS=$SDNC_REPLICAS" echo " SDNRWT=$SDNRWT" +echo " SDNRDM=$SDNRDM" +echo " SDNRONLY=$SDNRONLY" +echo " SDNRINIT=$SDNRINIT" +echo " SDNRDBURL=$SDNRDBURL" +echo " SDNRDBUSERNAME=$SDNRDBUSERNAME" +echo " GEO_ENABLED=$GEO_ENABLED" +echo " IS_PRIMARY_CLUSTER=$IS_PRIMARY_CLUSTER" +echo " MY_ODL_CLUSTER=$MY_ODL_CLUSTER" +echo " PEER_ODL_CLUSTER=$PEER_ODL_CLUSTER" echo " SDNR_NORTHBOUND=$SDNR_NORTHBOUND" +echo " AAF_ENABLED=$SDNC_AAF_ENABLED" +if $SDNC_AAF_ENABLED; then + export SDNC_AAF_STORE_DIR=/opt/app/osaaf/local + export SDNC_AAF_CONFIG_DIR=/opt/app/osaaf/local + export SDNC_KEYPASS=`cat /opt/app/osaaf/local/.pass` + export SDNC_KEYSTORE=org.onap.sdnc.p12 + sed -i '/cadi_prop_files/d' $ODL_HOME/etc/system.properties + echo "cadi_prop_files=$SDNC_AAF_CONFIG_DIR/org.onap.sdnc.props" >> $ODL_HOME/etc/system.properties + sed -i '/org.ops4j.pax.web.ssl.keystore/d' $ODL_HOME/etc/custom.properties + sed -i '/org.ops4j.pax.web.ssl.password/d' $ODL_HOME/etc/custom.properties + sed -i '/org.ops4j.pax.web.ssl.keypassword/d' $ODL_HOME/etc/custom.properties + echo org.ops4j.pax.web.ssl.keystore=$SDNC_AAF_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties + echo org.ops4j.pax.web.ssl.password=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties + echo org.ops4j.pax.web.ssl.keypassword=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties +fi + +if $SDNRINIT ; then + #One time intialization action + initialize_sdnr + init_result=$? + echo "Result of init script: $init_result" + if $SDNRWT ; then + echo "Proceed to initialize sdnr" + else + exit $init_result + fi +fi + +if $OOM_ENABLED; then # # Wait for database # -echo "Waiting for mysql" -until mysql -h dbhost -u root -p${MYSQL_PASSWD} mysql &> /dev/null -do - printf "." - sleep 1 -done -echo -e "\nmysql ready" + echo "Waiting for mysql" + until mysql -h dbhost -u root -p${MYSQL_PASSWD} mysql &> /dev/null + do + printf "." + sleep 1 + done + echo -e "\nmysql ready" +fi if [ ! -d ${INSTALLED_DIR} ] then mkdir -p ${INSTALLED_DIR} fi -if [ ! -f ${INSTALLED_DIR}/.installed ] +if [ ! -f ${SDNC_HOME}/.installed ] then - echo "Installing SDN-C database" - ${SDNC_HOME}/bin/installSdncDb.sh - echo "Installing SDN-C keyStore" - ${SDNC_HOME}/bin/addSdncKeyStore.sh - echo "Installing A1-adapter trustStore" - ${SDNC_HOME}/bin/addA1TrustStore.sh + if $OOM_ENABLED; then + echo "Installing SDN-C database" + ${SDNC_HOME}/bin/installSdncDb.sh + echo "Installing SDN-C keyStore" + ${SDNC_HOME}/bin/addSdncKeyStore.sh + echo "Installing A1-adapter trustStore" + ${SDNC_HOME}/bin/addA1TrustStore.sh - #${CCSDK_HOME}/bin/installOdlHostKey.sh + #${CCSDK_HOME}/bin/installOdlHostKey.sh - if [ -x ${SDNC_HOME}/svclogic/bin/install.sh ] - then - echo "Installing directed graphs" - ${SDNC_HOME}/svclogic/bin/install.sh - fi + if [ -x ${SDNC_HOME}/svclogic/bin/install.sh ] + then + echo "Installing directed graphs" + ${SDNC_HOME}/svclogic/bin/install.sh + fi + fi - if $ENABLE_ODL_CLUSTER ; then enable_odl_cluster ; fi + if $ENABLE_ODL_CLUSTER ; then enable_odl_cluster ; fi - if $SDNRWT ; then install_sdnrwt_features ; fi + if $SDNRWT ; then install_sdnrwt_features ; fi if $SDNR_NORTHBOUND ; then install_sdnr_northbound_features ; fi + echo "Installed at `date`" > ${SDNC_HOME}/.installed +fi + +#cp /opt/opendaylight/current/certs/* /tmp +#cp /var/custom-certs/* /tmp - echo "Installed at `date`" > ${INSTALLED_DIR}/.installed +if [ -n "$OVERRIDE_FEATURES_BOOT" ] ; then + echo "Override features boot: $OVERRIDE_FEATURES_BOOT" + sed -i "/$FEATURESBOOTMARKER/c\featuresBoot = $OVERRIDE_FEATURES_BOOT" $ODL_FEATURES_BOOT_FILE fi -cp /opt/opendaylight/current/certs/* /tmp -cp /var/custom-certs/* /tmp +# Odl configuration done +ODL_REPOSITORIES_BOOT=$(sed -n "/$REPOSITORIESBOOTMARKER/p" $ODL_FEATURES_BOOT_FILE) +ODL_FEATURES_BOOT=$(sed -n "/$FEATURESBOOTMARKER/p" $ODL_FEATURES_BOOT_FILE) +export ODL_FEATURES_BOOT # Create ODL data log directory (it nornally is created after karaf # is started, but needs to exist before installCerts.py runs) -mkdir -p /opt/opendaylight/data/log -nohup python3 ${SDNC_BIN}/installCerts.py & +if [ -z "$ODL_CERT_DIR" ] ; then + echo "No certs provided. Skip installation." +else + echo "Start background cert installer" + mkdir -p /opt/opendaylight/data/log + nohup python3 ${SDNC_BIN}/installCerts.py & +fi +echo "Startup opendaylight" +echo $ODL_REPOSITORIES_BOOT +echo $ODL_FEATURES_BOOT exec ${ODL_HOME}/bin/karaf server |